关于centos8自带的apache2.4开启https后,XP系统的IE8无法显示网页的问题

经检验,是因为系统的apache和openssl版本太高导致的。

禁用系统默认的apache2.4,自己重新源码编译安装一套openssl-1.0.1f+apache2.2.23+php7.1.2即可。
跟update-crypto-policies没有关系,可保持默认的DEFAULT状态。

关于centos8自带的apache2.4开启https后,XP系统的IE8无法显示网页的问题_CentOS吧_Purasbarhttps://zh.purasbar.com/post.php?t=26190centos7自带的apache就没问题,xp ie8可以正常访问https。建议使用centos7系统。

如果系统没法换,只能用centos8的话,那就禁用系统自带的apache,自己单独编译一套低版本的openssl、apache和php。不需要调整其他任何设置。

【具体操作步骤】

禁用系统自带的apache2.4,并禁止开机自启动:

sudo systemctl stop httpd

sudo systemctl disable httpd

安装低版本openssl:

cd ~

mkdir temp

cd temp

wget https://www.openssl.org/source/old/1.0.1/openssl-1.0.1f.tar.gz

tar xf openssl-1.0.1f.tar.gz

cd openssl-1.0.1f/

./config --prefix=/opt/openssl-1.0.1f shared

make

sudo make install_sw

在/etc/ld.so.conf.d文件夹中新建一个mynewssl.conf文件,内容为/opt/openssl-1.0.1f/lib。

然后执行sudo ldconfig。

安装低版本apache2.2:

wget https://archive.apache.org/dist/httpd/httpd-2.2.23.tar.gz

tar xf httpd-2.2.23.tar.gz

cd httpd-2.2.23

./configure --prefix=/opt/httpd-2.2.23 --enable-deflate --enable-expires --enable-heads --with-mpm-worker --enable-rewrite --enable-so --with-included-apr --enable-ssl --with-ssl=/opt/openssl-1.0.1f --enable-mods-shared=all

make

sudo make install

打开/opt/httpd-2.2.23/conf/httpd.conf,将

Include conf/extra/httpd-ssl.conf

取消注释。

打开/opt/httpd-2.2.23/conf/extra/httpd-ssl.conf,正确配置证书文件路径,如:

SSLCertificateFile /etc/pki/tls/certs/localhost.crt

SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

启动新安装的apache2:

sudo /opt/httpd-2.2.23/bin/apachectl start

经检验,XP系统下的IE6、IE8和win11下的edge、firefox均能正常访问https。

新安装一个php7:

(sudo yum install libxml2-devel libpng-devel)

wget https://www.php.net/distributions/php-7.1.2.tar.gz

tar xf php-7.1.2.tar.gz

cd php-7.1.2

./configure --prefix=/opt/php-7.1.2 --with-apxs2=/opt/httpd-2.2.23/bin/apxs --enable-mbstring --with-gd --with-mysqli --with-pdo-mysql --with-gettext --with-openssl=/opt/openssl-1.0.1f

make

sudo make install

在/opt/httpd-2.2.23/conf/httpd.conf末尾加入

<FilesMatch \.php$>

SetHandler application/x-httpd-php

</FilesMatch>

重启新安装的apache2:

sudo /opt/httpd-2.2.23/bin/apachectl restart

建立/opt/httpd-2.2.23/htdocs/info.php文件:

<?php

phpinfo();

【配置虚拟主机:/home/xxx/xxx/config/xxx.conf】

NameVirtualHost *:80

NameVirtualHost *:443

<VirtualHost *:80>

DocumentRoot "/opt/httpd-2.2.23/htdocs"

</VirtualHost>

<VirtualHost *:443>

SSLEngine on

SSLCertificateFile "/home/xxx/xxx/certificate/xxx.com.crt"

SSLCertificateKeyFile "/home/xxx/xxx/certificate/xxx.com.key"

SSLCertificateChainFile "/home/xxx/xxx/certificate/xxx.com.ca-bundle"

DocumentRoot "/opt/httpd-2.2.23/htdocs"

</VirtualHost>

<VirtualHost *:80>

DocumentRoot "/home/xxx/xxx"

ServerName xxx.com

Redirect 301 / https://xxx.com/

<Directory "/home/xxx/xxx">

Options -Indexes FollowSymLinks

AllowOverride All

Order allow,deny

Allow from all

</Directory>

</VirtualHost>

<VirtualHost *:443>

SSLEngine on

SSLCertificateFile "/home/xxx/xxx/certificate/xxx.com.crt"

SSLCertificateKeyFile "/home/xxx/xxx/certificate/xxx.com.key"

SSLCertificateChainFile "/home/xxx/xxx/certificate/xxx.com.ca-bundle"

DocumentRoot "/home/xxx/xxx"

ServerName xxx.com

<Directory "/home/xxx/xxx">

Options -Indexes FollowSymLinks

AllowOverride All

Order allow,deny

Allow from all

</Directory>

</VirtualHost>

写好之后在/opt/httpd-2.2.23/conf/httpd.conf的最后一行包含一下:

Include /home/xxx/xxx/config/xxx.conf

请注意,Include的所有conf配置文件中,NameVirtualHost *:80和NameVirtualHost *:443只允许出现一次。最好是在第一个conf里面出现。

【测试】

访问 http://服务器IP地址https://服务器IP地址 ,出来的是It works!

访问 http://xxx.com 自动跳转到 https://xxx.com ,出来的是/home/xxx/xxx下的网站。

相关推荐
远游客07138 小时前
centos stream 8下载安装遇到的坑
linux·服务器·centos
jingyu飞鸟8 小时前
centos-stream9系统安装docker
linux·docker·centos
ZachOn1y11 小时前
计算机网络:应用层 —— 应用层概述
计算机网络·http·https·应用层·dns
cominglately11 小时前
centos单机部署seata
linux·运维·centos
魏 无羡11 小时前
linux CentOS系统上卸载docker
linux·kubernetes·centos
CircleMouse11 小时前
Centos7, 使用yum工具,出现 Could not resolve host: mirrorlist.centos.org
linux·运维·服务器·centos
木子Linux12 小时前
【Linux打怪升级记 | 问题01】安装Linux系统忘记设置时区怎么办?3个方法教你回到东八区
linux·运维·服务器·centos·云计算
s甜甜的学习之旅15 小时前
Apache POI练习代码
apache
是小崔啊15 小时前
开源轮子 - Apache Common
java·开源·apache
网安墨雨17 小时前
iOS应用网络安全之HTTPS
web安全·ios·https