iptables配置443端口
vi /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --sport 443 -j ACCEPT
service iptables restart
配置https
1.向证书机构申请https证书,会得到证书和私钥
2.安装apache的mod_ssl.so模块
yum -y install mod_ssl
3.修改 ssl.conf
vim /etc/httpd/conf.d/ssl.conf
DocumentRoot "/var/www/html" ServerName wwww.heanny.cn:443 SSLCertificateFile /etc/pki/tls/certs/test.crt SSLCertificateKeyFile /etc/pki/tls/private/test.key
如果是腾讯的免费证书,需要添加中间控制件 SSLCertificateFile /usr/local/apache/conf/2_www.domain.com_cert.crt SSLCertificateKeyFile /usr/local/apache/conf/3_www.domain.com.key SSLCertificateChainFile /usr/local/apache/conf/1_root_bundle.crt
4.重启httpd
sudo service httpd restart
强制443端口跳转
<Directory "/var/www/html/"> # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn"t give it to you. # # The Options directive is both complicated and important. Please see # # for more information. # Options Indexes FollowSymLinks # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # #改为All AllowOverride All # # Controls who can get stuff from this server. # Order allow,deny Allow from all #添加三行代码 RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^(.*)?$ https://%{SERVER_NAME}/$1 [L,R]
暂无评论,还不快来坐沙发...