经检验,是因为系统的apache和openssl版本太高导致的。
禁用系统默认的apache2.4,自己重新源码编译安装一套openssl-1.0.1f+apache2.2.23+php7.1.2即可。
跟update-crypto-policies没有关系,可保持默认的DEFAULT状态。
关于centos8自带的apache2.4开启https后,XP系统的IE8无法显示网页的问题_CentOS吧_Purasbarhttps://zh.purasbar.com/post.php?t=26190centos7自带的apache就没问题,xp ie8可以正常访问https。建议使用centos7系统。
如果系统没法换,只能用centos8的话,那就禁用系统自带的apache,自己单独编译一套低版本的openssl、apache和php。不需要调整其他任何设置。
【具体操作步骤】
禁用系统自带的apache2.4,并禁止开机自启动:
sudo systemctl stop httpd
sudo systemctl disable httpd
安装低版本openssl:
cd ~
mkdir temp
cd temp
wget https://www.openssl.org/source/old/1.0.1/openssl-1.0.1f.tar.gz
tar xf openssl-1.0.1f.tar.gz
cd openssl-1.0.1f/
./config --prefix=/opt/openssl-1.0.1f shared
make
sudo make install_sw
在/etc/ld.so.conf.d文件夹中新建一个mynewssl.conf文件,内容为/opt/openssl-1.0.1f/lib。
然后执行sudo ldconfig。
安装低版本apache2.2:
wget https://archive.apache.org/dist/httpd/httpd-2.2.23.tar.gz
tar xf httpd-2.2.23.tar.gz
cd httpd-2.2.23
./configure --prefix=/opt/httpd-2.2.23 --enable-deflate --enable-expires --enable-heads --with-mpm-worker --enable-rewrite --enable-so --with-included-apr --enable-ssl --with-ssl=/opt/openssl-1.0.1f --enable-mods-shared=all
make
sudo make install
打开/opt/httpd-2.2.23/conf/httpd.conf,将
Include conf/extra/httpd-ssl.conf
取消注释。
打开/opt/httpd-2.2.23/conf/extra/httpd-ssl.conf,正确配置证书文件路径,如:
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
启动新安装的apache2:
sudo /opt/httpd-2.2.23/bin/apachectl start
经检验,XP系统下的IE6、IE8和win11下的edge、firefox均能正常访问https。
新安装一个php7:
(sudo yum install libxml2-devel libpng-devel)
wget https://www.php.net/distributions/php-7.1.2.tar.gz
tar xf php-7.1.2.tar.gz
cd php-7.1.2
./configure --prefix=/opt/php-7.1.2 --with-apxs2=/opt/httpd-2.2.23/bin/apxs --enable-mbstring --with-gd --with-mysqli --with-pdo-mysql --with-gettext --with-openssl=/opt/openssl-1.0.1f
make
sudo make install
在/opt/httpd-2.2.23/conf/httpd.conf末尾加入
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
重启新安装的apache2:
sudo /opt/httpd-2.2.23/bin/apachectl restart
建立/opt/httpd-2.2.23/htdocs/info.php文件:
<?php
phpinfo();
【配置虚拟主机:/home/xxx/xxx/config/xxx.conf】
NameVirtualHost *:80
NameVirtualHost *:443
<VirtualHost *:80>
DocumentRoot "/opt/httpd-2.2.23/htdocs"
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile "/home/xxx/xxx/certificate/xxx.com.crt"
SSLCertificateKeyFile "/home/xxx/xxx/certificate/xxx.com.key"
SSLCertificateChainFile "/home/xxx/xxx/certificate/xxx.com.ca-bundle"
DocumentRoot "/opt/httpd-2.2.23/htdocs"
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/home/xxx/xxx"
ServerName xxx.com
Redirect 301 / https://xxx.com/
<Directory "/home/xxx/xxx">
Options -Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile "/home/xxx/xxx/certificate/xxx.com.crt"
SSLCertificateKeyFile "/home/xxx/xxx/certificate/xxx.com.key"
SSLCertificateChainFile "/home/xxx/xxx/certificate/xxx.com.ca-bundle"
DocumentRoot "/home/xxx/xxx"
ServerName xxx.com
<Directory "/home/xxx/xxx">
Options -Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
写好之后在/opt/httpd-2.2.23/conf/httpd.conf的最后一行包含一下:
Include /home/xxx/xxx/config/xxx.conf
请注意,Include的所有conf配置文件中,NameVirtualHost *:80和NameVirtualHost *:443只允许出现一次。最好是在第一个conf里面出现。
【测试】
访问 http://服务器IP地址 或 https://服务器IP地址 ,出来的是It works!
访问 http://xxx.com 自动跳转到 https://xxx.com ,出来的是/home/xxx/xxx下的网站。