Alibaba linux 3 服务器可安装nginx或apache,兼容 RHEL/CentOS 8 ,使用 dnf 或 yum 包管理器均可。
1. 更新系统并安装apache
sudo dnf update -y
sudo dnf install -y httpd
2. 设置开机自启
sudo systemctl start httpd
sudo systemctl enable httpd
sudo systemctl status httpd
sudo systemctl restart httpd
3. 防火墙
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --reload
sudo firewall-cmd --list-services
4. 申请ssl
sudo dnf install -y epel-release # 启用 EPEL 仓库(Certbot 所在)
sudo dnf install -y certbot python3-certbot-apache # 安装 certbot 及 Apache 插件
sudo certbot --apache -d www.**********.com
5. 手动配置 SSL
sudo dnf install -y mod_ssl
创建或编辑 /etc/httpd/conf.d/ssl.conf
Listen 443
<VirtualHost *:443>
ServerName www.**********.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.**********.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.**********.com/privkey.pem
推荐安全配置
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256 SSLHonorCipherOrder off
SSLSessionTickets off
</VirtualHost>
可选:HTTP 强制跳转 HTTPS
<VirtualHost *:80>
ServerName www.**********.com
Redirect permanent / https://www.**********.com/
</VirtualHost>
检查证书是否存在
ls /etc/letsencrypt/live/www.**********.com/ # 应包含 fullchain.pem 和 privkey.pem
注意
1. 检查是否监听 443
sudo ss -tuln | grep ':443'
2. 本地测试 HTTPS
curl -I https://localhost
3. 检查模块是否加载
httpd -M 2>/dev/null | grep ssl