wordpress开启https支持(nginx和apache)

  • A+
所属分类:wordpress

wordpress开启https支持(nginx和apache)

nginx配置ssl

新增配置文件ssl.conf

  • 对80和443端口进行监听,并将80端口收到的所有http请求转为https请求
server {
        listen       80;
        root /www/webroot;
        server_name clz-001.com www.clz-001.com;
        rewrite ^ https://$server_name\$request_uri permanent;
        index  index.html index.php index.htm;
        error_page  400 /errpage/400.html;
        error_page  403 /errpage/403.html;
        error_page  404 /errpage/404.html;
        error_page  503 /errpage/503.html;
        location ~ \.php$ {
                proxy_pass http://127.0.0.1:88;
                include naproxy.conf;
        }
        location ~ /\.ht {
                deny  all;
        }
        location / {
                try_files $uri @apache;
        }
        location @apache {
                internal;
                proxy_pass http://127.0.0.1:88;
                include naproxy.conf;
        }
    }

server {
        listen       443;
        root /www/webroot;
        ssl                  on;
        ssl_certificate      cert/clz-001.com.pem;
        ssl_certificate_key  cert/clz-001.com.key;
        ssl_prefer_server_ciphers on;
        ssl_session_timeout 10m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
        server_name clz-001.com www.clz-001.com;
        index  index.html index.php index.htm;
        error_page  400 /errpage/400.html;
        error_page  403 /errpage/403.html;
        error_page  404 /errpage/404.html;
        error_page  503 /errpage/503.html;
        location ~ \.php$ {
                proxy_pass https://127.0.0.1:8443;
                include naproxy.conf;
        }
        location ~ /\.ht {
                    deny  all;
            }
        location / {
                try_files $uri @apache;
        }
        location @apache {
                internal;
                proxy_pass https://127.0.0.1:8443;
                include naproxy.conf;
        }
    }

apache配置ssl

安装ssl模块,并且将ssl功能开启

  • 安装ssl模块
yum install -y mod_ssl

安放证书

  • 将证书文件214196329860162.pem、证书私钥文件214196329860162.key、证书公钥文件public.pem、证书链文件chain.pem一并放到apache安装目录下conf目录中的cert目录下

修改httpd.conf 文件

  • 由于nginx监听了80和443端口,所以apache监听88和8443端口

  • 如果不知道该文件具体位置可以通过以下命令查找

find / -name httpd.conf
  • 取消#LoadModule ssl_module modules/mod_ssl.so(如果找不到请确认是否编译过 openssl 插件)的注释, 开启ssl功能
LoadModule ssl_module modules/mod_ssl.so
  • 取消#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so的注释
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
  • 修改Listen 80为88
Listen 88
  • 取消#Include conf/extra/httpd-ssl.conf的注释
Include conf/extra/httpd-ssl.conf

修改httpd-ssl.conf文件

  • 修改Listen 443为8443
Listen 8443
  • 找到以下代码段
<VirtualHost _default_:443>
#   General setup for the virtual host
DocumentRoot "/www/webroot"
ServerName www.example.com:443
ServerAdmin you@example.com
ErrorLog "/www/webroot/logs/error_log"
TransferLog "/www/webroot/logs/access_log"
  • 修改如下
<VirtualHost *:8443>
DocumentRoot /www/webroot
ServerName clz-001.com:8443
ServerAlias www.clz-001.com
ErrorDocument 400 /errpage/400.html
ErrorDocument 403 /errpage/403.html
ErrorDocument 404 /errpage/404.html
ErrorDocument 503 /errpage/503.html
php_admin_value open_basedir /www/web/clz-001_com:/tmp
<IfModule mod_deflate.c>
    DeflateCompressionLevel 7
    AddOutputFilterByType DEFLATE text/html text/plain text/xml application/x-httpd-php
    AddOutputFilter DEFLATE css js html htm gif jpg png bmp php
</IfModule>
  • 添加 SSL 协议支持协议,去掉不安全的协议
SSLProtocol all -SSLv2 -SSLv3
  • 修改加密套件如下
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLHonorCipherOrder on
  • 证书公钥配置
SSLCertificateFile cert/public.pem
  • 证书私钥配置
SSLCertificateKeyFile cert/214196329860162.key
  • 证书链配置,如果该属性开头有 '#'字符,请删除掉
SSLCertificateChainFile cert/chain.pem

重启 Apache

  • 关闭Apache后重新启动Apache
/usr/sbin/httpd -k start
百分购

发表评论

您必须才能发表评论!