特殊:Badtitle/NS100:Forum/server/apache2/SSL

来自Ubuntu中文
Wikibot留言 | 贡献2007年11月30日 (五) 17:20的版本
跳到导航跳到搜索

{{#ifexist: :Forum/server/apache2/SSL/zh | | {{#ifexist: Forum/server/apache2/SSL/zh | | {{#ifeq: {{#titleparts:Forum/server/apache2/SSL|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:Forum/server/apache2/SSL|1|-1|}} | zh | | }}

Apache2 SSL

This guide will help you setup SSL with apache2. For an introduction to OpenSSL see: https://help.ubuntu.com/community/OpenSSL The following bugs are related to this documentation:

ubuntu https://launchpad.net/ubuntu/+source/apache2/+bug/77675
debian http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=398520

Generate the certificate

Since Ubuntu 7.04, certificate creation has been changed: https://bugs.launchpad.net/debian/+source/apache2/+bug/77675/comments/25 Old fashioned way: Create a certificate which are valid for a year.

sudo apache2-ssl-certificate -days 365

Enable the SSL module

sudo a2enmod ssl

Listen to port 443

echo "Listen 443" | sudo tee -a /etc/apache2/ports.conf

Create and enable the SSL site

sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl

Modify it so it looks something like this

NameVirtualHost *:443
<virtualhost *:443>
ServerAdmin webmaster@localhost
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
DocumentRoot /var/www/
<directory />
Options FollowSymLinks
AllowOverride None
</directory>
<directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
# Commented out for Ubuntu
#RedirectMatch ^/$ /apache2-default/
</directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<directory "/usr/lib/cgi-bin">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
Alias /doc/ "/usr/share/doc/"
<directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</directory>
</virtualhost>

...and enable it

sudo a2ensite ssl

don't forget to modify /etc/apache2/sites-available/default

NameVirtualHost *:80
<virtualhost *:80>

Mod rewrite

It's often desirable to force users to access things like webmail via https. This can be accomplished with mod_rewrite. First you'll have to enable the module

sudo a2enmod rewrite

Then add the following to /etc/apache2/sites-available/default

RewriteEngine   on
RewriteCond     %{SERVER_PORT} ^80$
RewriteRule     ^/webmail(.*)$ https://%{SERVER_NAME}/webmail$1 [L,R]
RewriteLog      "/var/log/apache2/rewrite.log"
RewriteLogLevel 2

Create directory for pidfile; it may be missing

sudo mkdir -p /var/run/apache2
sudo chown -R www-data /var/run/apache2

Don't forget to restart apache

sudo /etc/init.d/apache2 force-reload