tar -xzvf zlib-1.2.8.tar.gz cd zlib-1.2.8 ./configure --prefix=/usr/local/zlib make make install echo “/usr/local/zlib” >> /etc/ld.so.conf.d/zlib.conf (仅运行一次) ldconfig -v |
tar -xzvf openssl-1.0.2d.tar.gz cd openssl-1.0.2d ./config --prefix=/usr/local/openssl shared zlib make make install mv /usr/bin/openssl /usr/bin/openssl.bak mv /usr/include/openssl /usr/include/openssl.bak ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl ln -s /usr/local/openssl/include/openssl /usr/include/openssl echo “/usr/local/openssl/lib” >> /etc/ld.so.conf (仅运行一次) ldconfig -v cd /usr/local/openssl/lib cp lib* /usr/lib (操作前请开启telnet等第二种连接服务器方式) |
tar –xzvf pcre-8.37.tar.gz cd pcre-8.37 ./configure --prefix=/usr/local/pcre make make install |
tar -xzvf apr-1.5.2.tar.gz cd apr-1.5.2 ./configure --prefix=/usr/local/apr (如果出现 libtool的command not found,则编辑libtool将 $echo 替换为$ECHO或更新libtool,出现cannot remove libtoolT则编辑 configure文件,查找 $RM $cfgfile,并用#注释掉,更新autoconf、automake、libxml2) make make install |
tar –xzvf apr-util-1.5.4.tar.gz cd apr-util-1.5.4 ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr make make install |
tar –xzvf httpd-2.4.18-sudy-modified.tgz (tar -xzvf httpd-2.2.31-modified.tgz) cd httpd-2.4.18 (cd httpd-2.2.31) ./configure --prefix=/opt/sudytech/apache2 --enable-so --enable-mods-shared=most --with-mpm=worker --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --with-pcre=/usr/local/pcre/bin/pcre-config --enable-ssl --with-ssl=/usr/local/openssl --with-included-apr (--enable-proxy=shared --enable-proxy-ajp=shared --enable-proxy-balancer=shared --enable-speling=shared proxy转发) (--with-included-apr 捆绑拷贝apr/apr-util信息 如果编译报错,则去掉此项目,或将apr-1.5.2、apr-util-1.5.4源码放入;若出现checking for void pointer length... yes configure: error: Size of void * is less than size of long,编辑configure文件,查找“if test $ap_cv_void_ptr_lt_long = yes; then”并修改为“if test $ap_cv_void_ptr_lt_long != yes; then”) make make install |
tar –xzvf tomcat-connectors-1.2.37-src.tgz (tar –xzvf tomcat-connectors-1.2.23-src.tgz) cd tomcat-connectors-1.2.37-src/native (cd tomcat-connectors-1.2.23-src/native) ./configure --with-apxs=/opt/sudytech/apache2/bin/apxs --with-pcre=/usr/local/pcre/bin/pcre-config --with-apr=/usr/local/apr/bin/apr-1-config --with-apr-util=/usr/local/apr-util/bin/apu-1-config make export LANG=c cp ./apache-2.0/mod_jk.so /opt/sudytech/apache2/modules/ |
8.1 httpd.conf修改
httpd.conf基础修改参见基础环境部署文档
httpd.conf中需开启ssl功能
(标红字体请检查是否 解除 注释)
LoadModule ssl_module modules/mod_ssl.so # Secure (SSL/TLS) connections Include conf/extra/httpd-ssl.conf |
启用https功能后,httpd.conf中将不使用* 主机名,否则将与https主机名冲突
将ServerName、VirtualHost改为真实IP或真实主机名
8.2 httpd-ssl.conf修改
默认监控端口为443,可依据实际更换为所需端口号
修改主目录、主机名日志信息等
# General setup for the virtual host DocumentRoot /opt/sudytech/apache-tomcat-6.0.45/webapps/ROOT ServerName m.gench.edu.cn:443 ServerAdmin you@example.com ErrorLog /opt/sudytech/apache2/logs/error_https_log TransferLog /opt/sudytech/apache2/logs/access_https_log |
修改默认证书信息
# Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, then you will be prompted for a # pass phrase. Note that a kill -HUP will prompt again. Keep # in mind that if you have both an RSA and a DSA certificate you # can configure both in parallel (to also allow the use of DSA # ciphers, etc.) # Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt) # require an ECC certificate which can also be configured in # parallel. SSLCertificateFile /opt/sudytech/apache2/conf/certificate/server.crt #SSLCertificateFile /opt/sudytech/apache2/conf/server-dsa.crt #SSLCertificateFile /opt/sudytech/apache2/conf/server-ecc.crt # Server Private Key: # If the key is not combined with the certificate, use this # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) # ECC keys, when in use, can also be configured in parallel SSLCertificateKeyFile /opt/sudytech/apache2/conf/certificate/server.key #SSLCertificateKeyFile /opt/sudytech/apache2/conf/server-dsa.key #SSLCertificateKeyFile /opt/sudytech/apache2/conf/server-ecc.key # Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the # concatenation of PEM encoded CA certificates which form the # certificate chain for the server certificate. Alternatively # the referenced file can be the same as SSLCertificateFile # when the CA certificates are directly appended to the server # certificate for convenience. SSLCertificateChainFile /opt/sudytech/apache2/conf/certificate/chain.crt |
注:常见的沃通证书需要使用链式证书,也有只需主机证书和个签的版本,对应将证书加载至对应位置即可(证书路径可自由定义,但apache启动用户需有文件读写权限)
当有特定页面使用或用于发布服务器时,需要在httpd-ssl.conf中添加虚拟主机并指定使用ssl功能和各个证书位置
NameVirtualHost m.gench.edu.cn:443 <VirtualHost m.gench.edu.cn:443> DocumentRoot /opt/sudytech/apache-tomcat-6.0.45/webapps/ROOT ServerAdmin admin@www.abc.com ServerName m.gench.edu.cn DirectoryIndex index.htm main.htm Include conf/JK/m.conf SSLEngine on SSLCertificateFile /opt/sudytech/apache2/conf/certificate/server.crt SSLCertificateKeyFile /opt/sudytech/apache2/conf/certificate/server.key SSLCertificateChainFile /opt/sudytech/apache2/conf/certificate/chain.crt </VirtualHost> |
8.3 开放服务器防火墙443端口
8.4 配置https自动跳转
修改httpd.conf(或在静态页面站点文件目录中添加.htacess文件)
#RewriteEngine on #RewriteCond %{SERVER_PORT} !^443$ #RewriteRule ^(.*)?$ https://%{SERVER_NAME}$1 [L,R] #RewriteRule ^.*$ https://www.domain.com:443 |
可使用^(.*)?$发布重写所有域名
亦可使用^www.sudytech.com/(.*)$重写部分域名
具体apache重写方法详参
http://jingyan.baidu.com/article/359911f5104c3757fe0306ba.html
http://jingyan.baidu.com/article/90bc8fc804f4faf652640c6c.html