https部署简易文档

安装zlib

cd /opt/sudytech/httpd-2.2.34/srclib/zlib-1.2.8

./configure --prefix=/usr/local/zlib --libdir=/lib64 --includedir=/usr/include

make

make install

echo “/usr/local/zlib” >> /etc/ld.so.conf（仅运行一次）

ldconfig

安装openssl

tar -xzvf openssl-1.0.2h.tar.gz

cd openssl-1.0.2h

./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl --libdir=/lib64 shared zlib

make

make install

（如--libdir=/lib64 --includedir=/usr/include未生效，可备份后使用ln软连接）

mv /usr/bin/openssl /usr/bin/openssl.bak

mv /usr/include/openssl /usr/include/openssl.bak

ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl

ln -s /usr/local/openssl/include/openssl /usr/include/openssl

echo “/usr/local/openssl/lib” >> /etc/ld.so.conf（仅运行一次）

ldconfig

安装pcre

tar –xzvf pcre-8.37.tar.gz
cd pcre-8.37
./configure --prefix=/usr/local/pcre
make
make install

安装apr-1.5.2

tar -xzvf apr-1.5.2.tar.gz
cd apr-1.5.2
./configure --prefix=/usr/local/apr

（如果出现 libtool的command not found，则编辑libtool将 $echo 替换为$ECHO或更新libtool，出现cannot remove libtoolT则编辑 configure文件，查找 $RM "$cfgfile"，并用#注释掉，更新autoconf、automake、libxml2）
make
make install

安装apr-util-1.5.4

tar –xzvf apr-util-1.5.4.tar.gz
cd apr-util-1.5.4
./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
make
make install

安装httpd-2.4.18（httpd-2.2.31）

tar –xzvf httpd-2.4.18-sudy-modified.tgz
（tar -xzvf httpd-2.2.31-modified.tgz）
cd httpd-2.4.18
（cd httpd-2.2.31）
./configure --prefix=/opt/sudytech/apache2 --enable-so --enable-mods-shared=most --with-mpm=event --enable-mpms-shared=all --enable-modules=most --with-apr=/usr/local/apr/ --enable-cgi --with-apr-util=/usr/local/apr-util --with-pcre=/usr/local/pcre --with-z=/usr/local/zlib --with-included-apr --enable-expires --enable-deflate --enable-ssl --with-ssl=/usr/local/openssl

（--enable-proxy=shared --enable-proxy-ajp=shared --enable-proxy-balancer=shared --enable-speling=sharedproxy转发）
（--with-included-apr 捆绑拷贝apr/apr-util信息如果编译报错，则去掉此项目，或将apr-1.5.2、apr-util-1.5.4源码放入；若出现checking for void pointer length... yes configure: error: Size of "void *" is less than size of "long"，编辑configure文件，查找“if test "$ap_cv_void_ptr_lt_long" = "yes"; then”并修改为“if test "$ap_cv_void_ptr_lt_long" != "yes"; then”）
make
make install

安装tomcat-connectors-1.2.37（1.2.23）

tar –xzvf tomcat-connectors-1.2.37-src.tgz
（tar –xzvf tomcat-connectors-1.2.23-src.tgz）
cd tomcat-connectors-1.2.37-src/native
（cd tomcat-connectors-1.2.23-src/native）
./configure --with-apxs=/opt/sudytech/apache2/bin/apxs --with-pcre=/usr/local/pcre/bin/pcre-config --with-apr=/usr/local/apr/bin/apr-1-config --with-apr-util=/usr/local/apr-util/bin/apu-1-config
make
export LANG=c
cp ./apache-2.0/mod_jk.so /opt/sudytech/apache2/modules/

配置文件修改

8.1 httpd.conf修改

httpd.conf基础修改参见基础环境部署文档

httpd.conf中需开启ssl功能
（标红字体请检查是否解除注释）

LoadModule ssl_module modules/mod_ssl.so

# Secure (SSL/TLS) connections

Include conf/extra/httpd-ssl.conf

启用https功能后，httpd.conf中将不使用 * 主机名，否则将与https主机名冲突
将ServerName、VirtualHost改为真实IP或真实主机名

8.2 httpd-ssl.conf修改

默认监控端口为443，可依据实际更换为所需端口号

修改主目录、主机名日志信息等

# General setup for the virtual host

DocumentRoot "/opt/sudytech/apache-tomcat-6.0.53/webapps/ROOT"

ServerName www.sudytech.com:443

ServerAdmin you@example.com

ErrorLog "/opt/sudytech/apache2/logs/error_https_log"

TransferLog "/opt/sudytech/apache2/logs/access_https_log"

修改默认证书信息

# Server Certificate:

# Point SSLCertificateFile at a PEM encoded certificate. If

# the certificate is encrypted, then you will be prompted for a

# pass phrase. Note that a kill -HUP will prompt again. Keep

# in mind that if you have both an RSA and a DSA certificate you

# can configure both in parallel (to also allow the use of DSA

# ciphers, etc.)

# Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)

# require an ECC certificate which can also be configured in

# parallel.

SSLCertificateFile "/opt/sudytech/apache2/conf/certificate/server.crt"

#SSLCertificateFile "/opt/sudytech/apache2/conf/server-dsa.crt"

#SSLCertificateFile "/opt/sudytech/apache2/conf/server-ecc.crt"

# Server Private Key:

# If the key is not combined with the certificate, use this

# directive to point at the key file. Keep in mind that if

# you've both a RSA and a DSA private key you can configure

# both in parallel (to also allow the use of DSA ciphers, etc.)

# ECC keys, when in use, can also be configured in parallel

SSLCertificateKeyFile "/opt/sudytech/apache2/conf/certificate/server.key"

#SSLCertificateKeyFile "/opt/sudytech/apache2/conf/server-dsa.key"

#SSLCertificateKeyFile "/opt/sudytech/apache2/conf/server-ecc.key"

# Server Certificate Chain:

# Point SSLCertificateChainFile at a file containing the

# concatenation of PEM encoded CA certificates which form the

# certificate chain for the server certificate. Alternatively

# the referenced file can be the same as SSLCertificateFile

# when the CA certificates are directly appended to the server

# certificate for convenience.

SSLCertificateChainFile "/opt/sudytech/apache2/conf/certificate/chain.crt"

注：常见的如沃通证书需要使用证书链，也有只需主机证书和个签的版本，对应将证书加载至对应位置即可（证书路径可自由定义，但apache启动用户需有文件读写权限）

当有特定页面使用或用于发布服务器时，需要在httpd-ssl.conf中添加虚拟主机并指定使用ssl功能和各个证书位置

NameVirtualHost www.sudytech.com:443

DocumentRoot/opt/sudytech/apache-tomcat-6.0.45/webapps/ROOT

ServerAdminadmin@www.abc.com

ServerNamewww.sudytech.com

DirectoryIndexindex.htm main.htm

Includeconf/JK/m.conf

SSLEngine on

SSLCertificateFile"/opt/sudytech/apache2/conf/certificate/server.crt"

SSLCertificateKeyFile"/opt/sudytech/apache2/conf/certificate/server.key"

SSLCertificateChainFile"/opt/sudytech/apache2/conf/certificate/chain.crt"

</VirtualHost>

8.3 开放服务器防火墙443端口

8.4 配置https自动跳转

修改httpd.conf（或在静态页面站点文件目录中添加.htacess文件）

#RewriteEngine on

#RewriteCond %{SERVER_PORT} !^443$

#RewriteRule ^(.*)?$ https://%{SERVER_NAME}$1 [L,R]

#RewriteRule ^.*$ https://www.domain.com:443

可使用^(.*)?$发布重写所有域名
亦可使用^www.sudytech.com/(.*)$重写部分域名
具体apache重写方法详参
http://jingyan.baidu.com/article/359911f5104c3757fe0306ba.html
http://jingyan.baidu.com/article/90bc8fc804f4faf652640c6c.html

https部署简易文档

相关文章

相关教程

相关文档