特殊:Badtitle/NS100:Forum/server/apache2/SSL
文章出处: |
{{#if: | {{{2}}} | https://help.ubuntu.com/community/forum/server/apache2/SSL }} |
点击翻译: |
English {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/af | • {{#if: UbuntuHelp:forum/server/apache2/SSL|Afrikaans| [[::Forum/server/apache2/SSL/af|Afrikaans]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/ar | • {{#if: UbuntuHelp:forum/server/apache2/SSL|العربية| [[::Forum/server/apache2/SSL/ar|العربية]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/az | • {{#if: UbuntuHelp:forum/server/apache2/SSL|azərbaycanca| [[::Forum/server/apache2/SSL/az|azərbaycanca]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/bcc | • {{#if: UbuntuHelp:forum/server/apache2/SSL|جهلسری بلوچی| [[::Forum/server/apache2/SSL/bcc|جهلسری بلوچی]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/bg | • {{#if: UbuntuHelp:forum/server/apache2/SSL|български| [[::Forum/server/apache2/SSL/bg|български]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/br | • {{#if: UbuntuHelp:forum/server/apache2/SSL|brezhoneg| [[::Forum/server/apache2/SSL/br|brezhoneg]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/ca | • {{#if: UbuntuHelp:forum/server/apache2/SSL|català| [[::Forum/server/apache2/SSL/ca|català]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/cs | • {{#if: UbuntuHelp:forum/server/apache2/SSL|čeština| [[::Forum/server/apache2/SSL/cs|čeština]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/de | • {{#if: UbuntuHelp:forum/server/apache2/SSL|Deutsch| [[::Forum/server/apache2/SSL/de|Deutsch]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/el | • {{#if: UbuntuHelp:forum/server/apache2/SSL|Ελληνικά| [[::Forum/server/apache2/SSL/el|Ελληνικά]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/es | • {{#if: UbuntuHelp:forum/server/apache2/SSL|español| [[::Forum/server/apache2/SSL/es|español]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/fa | • {{#if: UbuntuHelp:forum/server/apache2/SSL|فارسی| [[::Forum/server/apache2/SSL/fa|فارسی]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/fi | • {{#if: UbuntuHelp:forum/server/apache2/SSL|suomi| [[::Forum/server/apache2/SSL/fi|suomi]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/fr | • {{#if: UbuntuHelp:forum/server/apache2/SSL|français| [[::Forum/server/apache2/SSL/fr|français]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/gu | • {{#if: UbuntuHelp:forum/server/apache2/SSL|ગુજરાતી| [[::Forum/server/apache2/SSL/gu|ગુજરાતી]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/he | • {{#if: UbuntuHelp:forum/server/apache2/SSL|עברית| [[::Forum/server/apache2/SSL/he|עברית]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/hu | • {{#if: UbuntuHelp:forum/server/apache2/SSL|magyar| [[::Forum/server/apache2/SSL/hu|magyar]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/id | • {{#if: UbuntuHelp:forum/server/apache2/SSL|Bahasa Indonesia| [[::Forum/server/apache2/SSL/id|Bahasa Indonesia]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/it | • {{#if: UbuntuHelp:forum/server/apache2/SSL|italiano| [[::Forum/server/apache2/SSL/it|italiano]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/ja | • {{#if: UbuntuHelp:forum/server/apache2/SSL|日本語| [[::Forum/server/apache2/SSL/ja|日本語]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/ko | • {{#if: UbuntuHelp:forum/server/apache2/SSL|한국어| [[::Forum/server/apache2/SSL/ko|한국어]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/ksh | • {{#if: UbuntuHelp:forum/server/apache2/SSL|Ripoarisch| [[::Forum/server/apache2/SSL/ksh|Ripoarisch]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/mr | • {{#if: UbuntuHelp:forum/server/apache2/SSL|मराठी| [[::Forum/server/apache2/SSL/mr|मराठी]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/ms | • {{#if: UbuntuHelp:forum/server/apache2/SSL|Bahasa Melayu| [[::Forum/server/apache2/SSL/ms|Bahasa Melayu]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/nl | • {{#if: UbuntuHelp:forum/server/apache2/SSL|Nederlands| [[::Forum/server/apache2/SSL/nl|Nederlands]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/no | • {{#if: UbuntuHelp:forum/server/apache2/SSL|norsk| [[::Forum/server/apache2/SSL/no|norsk]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/oc | • {{#if: UbuntuHelp:forum/server/apache2/SSL|occitan| [[::Forum/server/apache2/SSL/oc|occitan]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/pl | • {{#if: UbuntuHelp:forum/server/apache2/SSL|polski| [[::Forum/server/apache2/SSL/pl|polski]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/pt | • {{#if: UbuntuHelp:forum/server/apache2/SSL|português| [[::Forum/server/apache2/SSL/pt|português]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/ro | • {{#if: UbuntuHelp:forum/server/apache2/SSL|română| [[::Forum/server/apache2/SSL/ro|română]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/ru | • {{#if: UbuntuHelp:forum/server/apache2/SSL|русский| [[::Forum/server/apache2/SSL/ru|русский]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/si | • {{#if: UbuntuHelp:forum/server/apache2/SSL|සිංහල| [[::Forum/server/apache2/SSL/si|සිංහල]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/sq | • {{#if: UbuntuHelp:forum/server/apache2/SSL|shqip| [[::Forum/server/apache2/SSL/sq|shqip]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/sr | • {{#if: UbuntuHelp:forum/server/apache2/SSL|српски / srpski| [[::Forum/server/apache2/SSL/sr|српски / srpski]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/sv | • {{#if: UbuntuHelp:forum/server/apache2/SSL|svenska| [[::Forum/server/apache2/SSL/sv|svenska]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/th | • {{#if: UbuntuHelp:forum/server/apache2/SSL|ไทย| [[::Forum/server/apache2/SSL/th|ไทย]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/tr | • {{#if: UbuntuHelp:forum/server/apache2/SSL|Türkçe| [[::Forum/server/apache2/SSL/tr|Türkçe]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/vi | • {{#if: UbuntuHelp:forum/server/apache2/SSL|Tiếng Việt| [[::Forum/server/apache2/SSL/vi|Tiếng Việt]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/yue | • {{#if: UbuntuHelp:forum/server/apache2/SSL|粵語| [[::Forum/server/apache2/SSL/yue|粵語]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/zh | • {{#if: UbuntuHelp:forum/server/apache2/SSL|中文| [[::Forum/server/apache2/SSL/zh|中文]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/zh-hans | • {{#if: UbuntuHelp:forum/server/apache2/SSL|中文(简体)| [[::Forum/server/apache2/SSL/zh-hans|中文(简体)]]}}|}} {{#ifexist: {{#if: UbuntuHelp:forum/server/apache2/SSL | UbuntuHelp:forum/server/apache2/SSL | {{#if: | :}}Forum/server/apache2/SSL}}/zh-hant | • {{#if: UbuntuHelp:forum/server/apache2/SSL|中文(繁體)| [[::Forum/server/apache2/SSL/zh-hant|中文(繁體)]]}}|}} |
{{#ifeq:UbuntuHelp:forum/server/apache2/SSL|:Forum/server/apache2/SSL|请不要直接编辑翻译本页,本页将定期与来源同步。}} |
{{#ifexist: :Forum/server/apache2/SSL/zh | | {{#ifexist: Forum/server/apache2/SSL/zh | | {{#ifeq: {{#titleparts:Forum/server/apache2/SSL|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:Forum/server/apache2/SSL|1|-1|}} | zh | | }}
SSL Install Method
The instructions/software in this HOWTO is being repalaced with a more advanced software/instructions found at official [Guide] Note: The server 7.10 guide for SSL has bugs/errors in the documentations and needs to be fixed.e.g. +CompatEnvVars
Apache2 SSL
This guide will help you setup SSL with apache2. For an introduction to OpenSSL see: https://help.ubuntu.com/community/OpenSSL The following bugs are related to this documentation:
ubuntu |
https://launchpad.net/ubuntu/+source/apache2/+bug/77675 |
debian |
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=398520 |
Note:The bugs listed above refer to the depreciation of the package apache2-ssl-certificate. This package creates SSL certificates but has been dropped as of feisty and above. Most documentions related to Apache and SSL has required apache2-ssl-certificate package and has caused lots of problems getting apache and SSL to work.
Setup up Apache and SSL
Ubuntu 7.10
Select LAMP
tasksel
or
sudo apt-get install apache2
Create a Certificate
sudo apt-get install ssl-cert
sudo mkdir /etc/apache2/ssl
Hardcoding cert lifetime based on this patch: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=293821#22
sudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
(Answer questions)
Install Module
The mod_ssl module adds an important feature to the Apache2 server - the ability to encrypt communications. Thus, when your browser is communicating using SSL encryption, the https:// prefix is used at the beginning of the Uniform Resource Locator (URL) in the browser navigation bar.
sudo a2enmod ssl
/etc/init.d/apache2 force-reload
Create virtualhost
Make a copy of the default virtualhost
sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl
Modify it so it looks something like this
sudo nano -w /etc/apache2/sites-available/ssl
NameVirtualHost *:443 <virtualhost *:443> ServerAdmin webmaster@localhost SSLEngine On SSLCertificateFile /etc/apache2/ssl/apache.pem DocumentRoot /var/www/ <directory /> Options FollowSymLinks AllowOverride None </directory> <directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all # This directive allows us to have apache2's default start page # in /apache2-default/, but still have / go to the right place # Commented out for Ubuntu #RedirectMatch ^/$ /apache2-default/ </directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <directory "/usr/lib/cgi-bin"> AllowOverride None Options ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined ServerSignature On Alias /doc/ "/usr/share/doc/" <directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </directory> </virtualhost>
Enable SSL virtualhost
sudo a2ensite ssl
/etc/init.d/apache2 reload
don't forget to modify
sudo nano -w /etc/apache2/sites-available/default
NameVirtualHost *:80 <virtualhost *:80>
Restart Apache server
sudo /etc/init.d/apache2 restart
Ubuntu 7.04
Since Ubuntu 7.04, certificate creation has been changed: https://bugs.launchpad.net/debian/+source/apache2/+bug/77675/comments/25
Old fashioned way:
Create a certificate which are valid for a year.
sudo apache2-ssl-certificate -days 365
Enable the SSL module
sudo a2enmod ssl
Listen to port 443
echo "Listen 443" | sudo tee -a /etc/apache2/ports.conf
Create and enable the SSL site
sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl
Modify it so it looks something like this
NameVirtualHost *:443 <virtualhost *:443> ServerAdmin webmaster@localhost SSLEngine On SSLCertificateFile /etc/apache2/ssl/apache.pem DocumentRoot /var/www/ <directory /> Options FollowSymLinks AllowOverride None </directory> <directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all # This directive allows us to have apache2's default start page # in /apache2-default/, but still have / go to the right place # Commented out for Ubuntu #RedirectMatch ^/$ /apache2-default/ </directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <directory "/usr/lib/cgi-bin"> AllowOverride None Options ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined ServerSignature On Alias /doc/ "/usr/share/doc/" <directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </directory> </virtualhost>
...and enable it
sudo a2ensite ssl
don't forget to modify /etc/apache2/sites-available/default
NameVirtualHost *:80 <virtualhost *:80>
Mod rewrite
It's often desirable to force users to access things like webmail via https. This can be accomplished with mod_rewrite. First you'll have to enable the module
sudo a2enmod rewrite
Then add the following to /etc/apache2/sites-available/default
RewriteEngine on RewriteCond %{SERVER_PORT} ^80$ RewriteRule ^/webmail(.*)$ https://%{SERVER_NAME}/webmail$1 [L,R] RewriteLog "/var/log/apache2/rewrite.log" RewriteLogLevel 2
Create directory for pidfile; it may be missing
sudo mkdir -p /var/run/apache2 sudo chown -R www-data /var/run/apache2
Don't forget to restart apache
sudo /etc/init.d/apache2 force-reload