服务器:阿里云
其他:Centos6.8、Apache2.2、Tomcat7
域名:
mc.com
hhs.com
xx.com
证书可以在阿里云,腾讯云申请免费的。
安装:
yum install mod_ssl openssl
httpd.conf配置,里面内容较多,贴出主要的:
NameVirtualHost *:80 #ProxyPreserveHost On ServerName localhost:80 #www.mc.com <Virtualhost *:80> ServerName mc.com RewriteEngine on RewriteRule ^/(.*)$ https://mc.com/$1 [R=301,L] </VirtualHost> #这里都是我的强迫症 <VirtualHost *:80> ServerName www.mc.com RewriteEngine On RewriteRule ^/(.*)$ https://mc.com/$1 [R=301,L] </VirtualHost> #www.hhs.com <Virtualhost *:80> ServerName hhs.com RewriteEngine on RewriteRule ^/(.*)$ https://hhs.com/$1 [R=301,L] </VirtualHost> #这里都是我的强迫症 <VirtualHost *:80> ServerName www.hhs.com RewriteEngine On RewriteRule ^/(.*)$ https://hhs.com/$1 [R=301,L] </VirtualHost> #www.xx.com <Virtualhost *:80> ServerName xx.com ProxyPass / http://localhost:8888/xx/ ProxyPassReverse / http://localhost:8888/xx/ ProxyPassReverseCookieDomain localhost www.xx.com ProxyPassReverseCookiePath /xx / </VirtualHost> #这里都是我的强迫症 <VirtualHost *:80> ServerName www.xx.com RewriteEngine On RewriteRule ^/(.*)$ http://xx.com/$1 [R=301,L] </VirtualHost>
ssl.conf配置:
LoadModule ssl_module modules/mod_ssl.so Listen 443 SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 SSLMutex default SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin SSLCryptoDevice builtin NameVirtualHost *:443 // 暂时没发现这个的作用,可能在不支持SNI的客户端会体现出来吧 SSLStrictSNIVHostCheck off <VirtualHost *:443> ServerName mc.com ServerAlias www.mc.com ProxyPass / http://localhost:8080/mc/ // 代理 ProxyPassReverse / http://localhost:8080/mc/ // 代理 ProxyPassReverseCookieDomain localhost mc.com // session不丢失 ProxyPassReverseCookiePath /mc / // session不丢失 SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM SSLCertificateFile /你的目录/mc_public.crt SSLCertificateKeyFile /你的目录/mc.key SSLCertificateChainFile /你的目录/mc_chain.crt </VirtualHost> <VirtualHost *:443> ServerName hhs.com ServerAlias www.hhs.com // 不设置这个 可能会出现第二个站访问时提示不安全 ProxyPass / http://localhost:8080/hhs/ ProxyPassReverse / http://localhost:8080/hhs/ ProxyPassReverseCookieDomain localhost hhs.com ProxyPassReverseCookiePath /hhs / SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM SSLCertificateFile /你的目录/hhs_public.crt SSLCertificateKeyFile /你的目录/hhs.key SSLCertificateChainFile /你的目录/hhs_chain.crt </VirtualHost>
以下是我踩过的坑,记录一下:
1、启动apache提示
[warn] _default_ VirtualHost overlap on port 443, the first has precedenc
同时你配置的第二个站,也不能正常,提示不安全链接
解决办法:
NameVirtualHost *:443
2、apache日志
tail -f error_log
[notice] caught SIGTERM, shutting down
[Sat Feb 22 02:01:41 2020] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sat Feb 22 02:01:41 2020] [notice] Digest: generating secret for digest authentication ...
[Sat Feb 22 02:01:41 2020] [notice] Digest: done
[Sat Feb 22 02:01:41 2020] [notice] Apache/2.2.15 (Unix) DAV/2 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips configured -- resuming normal operations
tail -f ssl_error_log
[warn] RSA server certificate CommonName (CN) `hanhaisha.com' does NOT match server name!?
以上两种提示 都是没问题的
[error] Hostname 112.74.98.106:443 provided via SNI and hostname 112.74.98.106 provided via HTTP are different
出现这种有error信息的才要注意,这个应该是你访问的https站中有http的请求,应该跟你的站的内容有关系,需要修改
3、还有最重要的一点,就是如果你是使用的阿里云的服务器,记得在安全组配置中打开网站入443端口,我就被这个足足折腾了两晚,欲哭无泪
以上配置后的结果就是:
xx.com/www.xx.com 都只是http://xx.com
mc.com/www.mc.com、hhs.com/www.hhs.com都跳转到https://mc.com和https://hhs.com
标签: java apache tomcat http https
分享:
崇尚极简,热爱技术,喜欢唱歌,热衷旅行,爱好电子产品的一介码农。
联系QQ:58742094
联系电话:
工作邮箱:
当你的才华还撑不起你的野心的时候,你就应该静下心来学习,永不止步!
人生之旅历途甚长,所争决不在一年半月,万不可因此着急失望,招精神之萎葸。
Copyright 2015- 芒果酷(mangocool.com) All rights reserved. 湘ICP备14019394号
免责声明:本网站部分文章转载其他媒体,意在为公众提供免费服务。如有信息侵犯了您的权益,可与本网站联系,本网站将尽快予以撤除。