- A+
所属分类:wordpress
wordpress开启https支持(nginx和apache)
Contents
nginx配置ssl
新增配置文件ssl.conf
- 对80和443端口进行监听,并将80端口收到的所有http请求转为https请求
server {
listen 80;
root /www/webroot;
server_name clz-001.com www.clz-001.com;
rewrite ^ https://$server_name\$request_uri permanent;
index index.html index.php index.htm;
error_page 400 /errpage/400.html;
error_page 403 /errpage/403.html;
error_page 404 /errpage/404.html;
error_page 503 /errpage/503.html;
location ~ \.php$ {
proxy_pass http://127.0.0.1:88;
include naproxy.conf;
}
location ~ /\.ht {
deny all;
}
location / {
try_files $uri @apache;
}
location @apache {
internal;
proxy_pass http://127.0.0.1:88;
include naproxy.conf;
}
}
server {
listen 443;
root /www/webroot;
ssl on;
ssl_certificate cert/clz-001.com.pem;
ssl_certificate_key cert/clz-001.com.key;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
server_name clz-001.com www.clz-001.com;
index index.html index.php index.htm;
error_page 400 /errpage/400.html;
error_page 403 /errpage/403.html;
error_page 404 /errpage/404.html;
error_page 503 /errpage/503.html;
location ~ \.php$ {
proxy_pass https://127.0.0.1:8443;
include naproxy.conf;
}
location ~ /\.ht {
deny all;
}
location / {
try_files $uri @apache;
}
location @apache {
internal;
proxy_pass https://127.0.0.1:8443;
include naproxy.conf;
}
}
apache配置ssl
安装ssl模块,并且将ssl功能开启
- 安装ssl模块
yum install -y mod_ssl
安放证书
- 将证书文件214196329860162.pem、证书私钥文件214196329860162.key、证书公钥文件public.pem、证书链文件chain.pem一并放到apache安装目录下conf目录中的cert目录下
修改httpd.conf 文件
-
由于nginx监听了80和443端口,所以apache监听88和8443端口
-
如果不知道该文件具体位置可以通过以下命令查找
find / -name httpd.conf
- 取消#LoadModule ssl_module modules/mod_ssl.so(如果找不到请确认是否编译过 openssl 插件)的注释, 开启ssl功能
LoadModule ssl_module modules/mod_ssl.so
- 取消#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so的注释
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
- 修改Listen 80为88
Listen 88
- 取消#Include conf/extra/httpd-ssl.conf的注释
Include conf/extra/httpd-ssl.conf
修改httpd-ssl.conf文件
- 修改Listen 443为8443
Listen 8443
- 找到以下代码段
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "/www/webroot"
ServerName www.example.com:443
ServerAdmin you@example.com
ErrorLog "/www/webroot/logs/error_log"
TransferLog "/www/webroot/logs/access_log"
- 修改如下
<VirtualHost *:8443>
DocumentRoot /www/webroot
ServerName clz-001.com:8443
ServerAlias www.clz-001.com
ErrorDocument 400 /errpage/400.html
ErrorDocument 403 /errpage/403.html
ErrorDocument 404 /errpage/404.html
ErrorDocument 503 /errpage/503.html
php_admin_value open_basedir /www/web/clz-001_com:/tmp
<IfModule mod_deflate.c>
DeflateCompressionLevel 7
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/x-httpd-php
AddOutputFilter DEFLATE css js html htm gif jpg png bmp php
</IfModule>
- 添加 SSL 协议支持协议,去掉不安全的协议
SSLProtocol all -SSLv2 -SSLv3
- 修改加密套件如下
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLHonorCipherOrder on
- 证书公钥配置
SSLCertificateFile cert/public.pem
- 证书私钥配置
SSLCertificateKeyFile cert/214196329860162.key
- 证书链配置,如果该属性开头有 '#'字符,请删除掉
SSLCertificateChainFile cert/chain.pem
重启 Apache
- 关闭Apache后重新启动Apache
/usr/sbin/httpd -k start