“UbuntuHelp:Forum/server/apache2/SSL”的版本间的差异
来自Ubuntu中文
小 (新页面: {{From|https://help.ubuntu.com/community/forum/server/apache2/SSL}} {{Languages|UbuntuHelp:forum/server/apache2/SSL}} === Apache2 SSL === This guide will help you setup SSL with apache2. ...) |
小 |
||
| 第3行: | 第3行: | ||
=== Apache2 SSL === | === Apache2 SSL === | ||
This guide will help you setup SSL with apache2. | This guide will help you setup SSL with apache2. | ||
| − | |||
For an introduction to OpenSSL see: https://help.ubuntu.com/community/OpenSSL | For an introduction to OpenSSL see: https://help.ubuntu.com/community/OpenSSL | ||
| − | |||
The following bugs are related to this documentation: | The following bugs are related to this documentation: | ||
| − | |||
{|border="1" cellspacing="0" | {|border="1" cellspacing="0" | ||
|<code><nowiki>ubuntu</nowiki></code>|| https://launchpad.net/ubuntu/+source/apache2/+bug/77675 | |<code><nowiki>ubuntu</nowiki></code>|| https://launchpad.net/ubuntu/+source/apache2/+bug/77675 | ||
| 第13行: | 第10行: | ||
|<code><nowiki>debian</nowiki></code>|| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=398520 | |<code><nowiki>debian</nowiki></code>|| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=398520 | ||
|} | |} | ||
| − | |||
==== Generate the certificate ==== | ==== Generate the certificate ==== | ||
| − | |||
'''Since Ubuntu 7.04, certificate creation has been changed:''' | '''Since Ubuntu 7.04, certificate creation has been changed:''' | ||
| − | |||
https://bugs.launchpad.net/debian/+source/apache2/+bug/77675/comments/25 | https://bugs.launchpad.net/debian/+source/apache2/+bug/77675/comments/25 | ||
| − | |||
Old fashioned way: | Old fashioned way: | ||
| − | |||
Create a certificate which are valid for a year. | Create a certificate which are valid for a year. | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo apache2-ssl-certificate -days 365 | sudo apache2-ssl-certificate -days 365 | ||
</nowiki></pre> | </nowiki></pre> | ||
| − | |||
| − | |||
| − | |||
==== Enable the SSL module ==== | ==== Enable the SSL module ==== | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo a2enmod ssl | sudo a2enmod ssl | ||
</nowiki></pre> | </nowiki></pre> | ||
| − | |||
==== Listen to port 443 ==== | ==== Listen to port 443 ==== | ||
<pre><nowiki> | <pre><nowiki> | ||
echo "Listen 443" | sudo tee -a /etc/apache2/ports.conf | echo "Listen 443" | sudo tee -a /etc/apache2/ports.conf | ||
</nowiki></pre> | </nowiki></pre> | ||
| − | |||
==== Create and enable the SSL site ==== | ==== Create and enable the SSL site ==== | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl | sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl | ||
</nowiki></pre> | </nowiki></pre> | ||
| − | |||
Modify it so it looks something like this | Modify it so it looks something like this | ||
<pre><nowiki> | <pre><nowiki> | ||
| 第49行: | 第35行: | ||
<virtualhost *:443> | <virtualhost *:443> | ||
ServerAdmin webmaster@localhost | ServerAdmin webmaster@localhost | ||
| − | |||
SSLEngine On | SSLEngine On | ||
SSLCertificateFile /etc/apache2/ssl/apache.pem | SSLCertificateFile /etc/apache2/ssl/apache.pem | ||
| − | |||
DocumentRoot /var/www/ | DocumentRoot /var/www/ | ||
<directory /> | <directory /> | ||
| 第58行: | 第42行: | ||
AllowOverride None | AllowOverride None | ||
</directory> | </directory> | ||
| − | |||
<directory /var/www/> | <directory /var/www/> | ||
Options Indexes FollowSymLinks MultiViews | Options Indexes FollowSymLinks MultiViews | ||
| 第69行: | 第52行: | ||
#RedirectMatch ^/$ /apache2-default/ | #RedirectMatch ^/$ /apache2-default/ | ||
</directory> | </directory> | ||
| − | |||
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ | ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ | ||
<directory "/usr/lib/cgi-bin"> | <directory "/usr/lib/cgi-bin"> | ||
| 第77行: | 第59行: | ||
Allow from all | Allow from all | ||
</directory> | </directory> | ||
| − | |||
ErrorLog /var/log/apache2/error.log | ErrorLog /var/log/apache2/error.log | ||
| − | |||
# Possible values include: debug, info, notice, warn, error, crit, | # Possible values include: debug, info, notice, warn, error, crit, | ||
# alert, emerg. | # alert, emerg. | ||
LogLevel warn | LogLevel warn | ||
| − | |||
CustomLog /var/log/apache2/access.log combined | CustomLog /var/log/apache2/access.log combined | ||
ServerSignature On | ServerSignature On | ||
| − | |||
Alias /doc/ "/usr/share/doc/" | Alias /doc/ "/usr/share/doc/" | ||
<directory "/usr/share/doc/"> | <directory "/usr/share/doc/"> | ||
| 第95行: | 第73行: | ||
Allow from 127.0.0.0/255.0.0.0 ::1/128 | Allow from 127.0.0.0/255.0.0.0 ::1/128 | ||
</directory> | </directory> | ||
| − | |||
</virtualhost> | </virtualhost> | ||
</nowiki></pre> | </nowiki></pre> | ||
| − | |||
...and enable it | ...and enable it | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo a2ensite ssl | sudo a2ensite ssl | ||
</nowiki></pre> | </nowiki></pre> | ||
| − | |||
don't forget to modify /etc/apache2/sites-available/default | don't forget to modify /etc/apache2/sites-available/default | ||
<pre><nowiki> | <pre><nowiki> | ||
| − | |||
NameVirtualHost *:80 | NameVirtualHost *:80 | ||
<virtualhost *:80> | <virtualhost *:80> | ||
| − | |||
</nowiki></pre> | </nowiki></pre> | ||
| − | |||
==== Mod rewrite ==== | ==== Mod rewrite ==== | ||
It's often desirable to force users to access things like webmail via https. This can be accomplished with mod_rewrite. | It's often desirable to force users to access things like webmail via https. This can be accomplished with mod_rewrite. | ||
| − | |||
First you'll have to enable the module | First you'll have to enable the module | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo a2enmod rewrite | sudo a2enmod rewrite | ||
</nowiki></pre> | </nowiki></pre> | ||
| − | |||
Then add the following to /etc/apache2/sites-available/default | Then add the following to /etc/apache2/sites-available/default | ||
<pre><nowiki> | <pre><nowiki> | ||
| 第128行: | 第98行: | ||
RewriteLogLevel 2 | RewriteLogLevel 2 | ||
</nowiki></pre> | </nowiki></pre> | ||
| − | |||
Create directory for pidfile; it may be missing | Create directory for pidfile; it may be missing | ||
<pre><nowiki> | <pre><nowiki> | ||
| 第134行: | 第103行: | ||
sudo chown -R www-data /var/run/apache2 | sudo chown -R www-data /var/run/apache2 | ||
</nowiki></pre> | </nowiki></pre> | ||
| − | |||
Don't forget to restart apache | Don't forget to restart apache | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo /etc/init.d/apache2 force-reload | sudo /etc/init.d/apache2 force-reload | ||
</nowiki></pre> | </nowiki></pre> | ||
| − | |||
----- | ----- | ||
[[category:CategoryDocumentation]] [[category:CategoryForum]] | [[category:CategoryDocumentation]] [[category:CategoryForum]] | ||
[[category:UbuntuHelp]] | [[category:UbuntuHelp]] | ||
2007年11月30日 (五) 17:20的版本
 |
点击翻译: |
English |
目录
Apache2 SSL
This guide will help you setup SSL with apache2. For an introduction to OpenSSL see: https://help.ubuntu.com/community/OpenSSL The following bugs are related to this documentation:
ubuntu |
https://launchpad.net/ubuntu/+source/apache2/+bug/77675 |
debian |
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=398520 |
Generate the certificate
Since Ubuntu 7.04, certificate creation has been changed: https://bugs.launchpad.net/debian/+source/apache2/+bug/77675/comments/25 Old fashioned way: Create a certificate which are valid for a year.
sudo apache2-ssl-certificate -days 365
Enable the SSL module
sudo a2enmod ssl
Listen to port 443
echo "Listen 443" | sudo tee -a /etc/apache2/ports.conf
Create and enable the SSL site
sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl
Modify it so it looks something like this
NameVirtualHost *:443 <virtualhost *:443> ServerAdmin webmaster@localhost SSLEngine On SSLCertificateFile /etc/apache2/ssl/apache.pem DocumentRoot /var/www/ <directory /> Options FollowSymLinks AllowOverride None </directory> <directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all # This directive allows us to have apache2's default start page # in /apache2-default/, but still have / go to the right place # Commented out for Ubuntu #RedirectMatch ^/$ /apache2-default/ </directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <directory "/usr/lib/cgi-bin"> AllowOverride None Options ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined ServerSignature On Alias /doc/ "/usr/share/doc/" <directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </directory> </virtualhost>
...and enable it
sudo a2ensite ssl
don't forget to modify /etc/apache2/sites-available/default
NameVirtualHost *:80 <virtualhost *:80>
Mod rewrite
It's often desirable to force users to access things like webmail via https. This can be accomplished with mod_rewrite. First you'll have to enable the module
sudo a2enmod rewrite
Then add the following to /etc/apache2/sites-available/default
RewriteEngine on
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^/webmail(.*)$ https://%{SERVER_NAME}/webmail$1 [L,R]
RewriteLog "/var/log/apache2/rewrite.log"
RewriteLogLevel 2
Create directory for pidfile; it may be missing
sudo mkdir -p /var/run/apache2 sudo chown -R www-data /var/run/apache2
Don't forget to restart apache
sudo /etc/init.d/apache2 force-reload
