“UbuntuHelp:Forum/server/apache2/SSL”的版本间的差异
来自Ubuntu中文
小 |
小 |
||
| 第34行: | 第34行: | ||
NameVirtualHost *:443 | NameVirtualHost *:443 | ||
<virtualhost *:443> | <virtualhost *:443> | ||
| − | ServerAdmin webmaster@localhost | + | ServerAdmin webmaster@localhost |
| − | SSLEngine On | + | |
| − | SSLCertificateFile /etc/apache2/ssl/apache.pem | + | SSLEngine On |
| − | DocumentRoot /var/www/ | + | SSLCertificateFile /etc/apache2/ssl/apache.pem |
| − | <directory /> | + | |
| − | Options FollowSymLinks | + | DocumentRoot /var/www/ |
| − | AllowOverride None | + | <directory /> |
| − | </directory> | + | Options FollowSymLinks |
| − | <directory /var/www/> | + | AllowOverride None |
| − | Options Indexes FollowSymLinks MultiViews | + | </directory> |
| − | AllowOverride None | + | |
| − | Order allow,deny | + | <directory /var/www/> |
| − | allow from all | + | Options Indexes FollowSymLinks MultiViews |
| − | # This directive allows us to have apache2's default start page | + | AllowOverride None |
| − | # in /apache2-default/, but still have / go to the right place | + | Order allow,deny |
| − | # Commented out for Ubuntu | + | allow from all |
| − | #RedirectMatch ^/$ /apache2-default/ | + | # This directive allows us to have apache2's default start page |
| − | </directory> | + | # in /apache2-default/, but still have / go to the right place |
| − | ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ | + | # Commented out for Ubuntu |
| − | <directory "/usr/lib/cgi-bin"> | + | #RedirectMatch ^/$ /apache2-default/ |
| − | AllowOverride None | + | </directory> |
| − | Options ExecCGI -MultiViews +SymLinksIfOwnerMatch | + | |
| − | Order allow,deny | + | ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ |
| − | Allow from all | + | <directory "/usr/lib/cgi-bin"> |
| − | </directory> | + | AllowOverride None |
| − | ErrorLog /var/log/apache2/error.log | + | Options ExecCGI -MultiViews +SymLinksIfOwnerMatch |
| − | # Possible values include: debug, info, notice, warn, error, crit, | + | Order allow,deny |
| − | # alert, emerg. | + | Allow from all |
| − | LogLevel warn | + | </directory> |
| − | CustomLog /var/log/apache2/access.log combined | + | |
| − | ServerSignature On | + | ErrorLog /var/log/apache2/error.log |
| − | Alias /doc/ "/usr/share/doc/" | + | |
| − | <directory "/usr/share/doc/"> | + | # Possible values include: debug, info, notice, warn, error, crit, |
| − | Options Indexes MultiViews FollowSymLinks | + | # alert, emerg. |
| − | AllowOverride None | + | LogLevel warn |
| − | Order deny,allow | + | |
| − | Deny from all | + | CustomLog /var/log/apache2/access.log combined |
| − | Allow from 127.0.0.0/255.0.0.0 ::1/128 | + | ServerSignature On |
| − | </directory> | + | |
| + | Alias /doc/ "/usr/share/doc/" | ||
| + | <directory "/usr/share/doc/"> | ||
| + | Options Indexes MultiViews FollowSymLinks | ||
| + | AllowOverride None | ||
| + | Order deny,allow | ||
| + | Deny from all | ||
| + | Allow from 127.0.0.0/255.0.0.0 ::1/128 | ||
| + | </directory> | ||
| + | |||
</virtualhost> | </virtualhost> | ||
</nowiki></pre> | </nowiki></pre> | ||
| 第81行: | 第90行: | ||
don't forget to modify /etc/apache2/sites-available/default | don't forget to modify /etc/apache2/sites-available/default | ||
<pre><nowiki> | <pre><nowiki> | ||
| + | |||
NameVirtualHost *:80 | NameVirtualHost *:80 | ||
<virtualhost *:80> | <virtualhost *:80> | ||
| + | |||
</nowiki></pre> | </nowiki></pre> | ||
==== Mod rewrite ==== | ==== Mod rewrite ==== | ||
2007年12月6日 (四) 10:32的版本
 |
点击翻译: |
English |
目录
Apache2 SSL
This guide will help you setup SSL with apache2. For an introduction to OpenSSL see: https://help.ubuntu.com/community/OpenSSL The following bugs are related to this documentation:
ubuntu |
https://launchpad.net/ubuntu/+source/apache2/+bug/77675 |
debian |
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=398520 |
Generate the certificate
Since Ubuntu 7.04, certificate creation has been changed: https://bugs.launchpad.net/debian/+source/apache2/+bug/77675/comments/25 Old fashioned way: Create a certificate which are valid for a year.
sudo apache2-ssl-certificate -days 365
Enable the SSL module
sudo a2enmod ssl
Listen to port 443
echo "Listen 443" | sudo tee -a /etc/apache2/ports.conf
Create and enable the SSL site
sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl
Modify it so it looks something like this
NameVirtualHost *:443
<virtualhost *:443>
ServerAdmin webmaster@localhost
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
DocumentRoot /var/www/
<directory />
Options FollowSymLinks
AllowOverride None
</directory>
<directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
# Commented out for Ubuntu
#RedirectMatch ^/$ /apache2-default/
</directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<directory "/usr/lib/cgi-bin">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
Alias /doc/ "/usr/share/doc/"
<directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</directory>
</virtualhost>
...and enable it
sudo a2ensite ssl
don't forget to modify /etc/apache2/sites-available/default
NameVirtualHost *:80 <virtualhost *:80>
Mod rewrite
It's often desirable to force users to access things like webmail via https. This can be accomplished with mod_rewrite. First you'll have to enable the module
sudo a2enmod rewrite
Then add the following to /etc/apache2/sites-available/default
RewriteEngine on
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^/webmail(.*)$ https://%{SERVER_NAME}/webmail$1 [L,R]
RewriteLog "/var/log/apache2/rewrite.log"
RewriteLogLevel 2
Create directory for pidfile; it may be missing
sudo mkdir -p /var/run/apache2 sudo chown -R www-data /var/run/apache2
Don't forget to restart apache
sudo /etc/init.d/apache2 force-reload
