ApacheNginx设置HTTPS(SSL)

Apache设置

一、配置httpd.conf

1
2
Include conf/extra/httpd-ssl.conf
LoadModule ssl_module modules/mod_ssl.so

二、配置 httpd-ssl.conf

1
2
3
4
5
6
7
8
<VirtualHost _default_:443>
SSLEngine On
SSLCertificateFile ../bin/server.crt
SSLCertificateKeyFile ../bin/server.key
#SSLCertificateChainFile ../bin//ca.crt // 暂未启用 #......
DocumentRoot "c:/apache/htdocs"
ServerName www.xxxx.com:443
</VirtualHost>

三、htaccess来实现http强制跳转到https访问网站

1
2
3
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.domain.com/$1 [R,L]

四、重启Apache

Nginx设置

一、设置Nginx.conf,如果是虚拟主机则设置 vhost/xxxx.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
server
{
listen 443;
ssl on;
ssl_certificate /usr/local/nginx/conf/vhost/ssl/xxx.crt;
ssl_certificate_key /usr/local/nginx/conf/vhost/ssl/xxx.key;
server_name xxxxxx # 域名
index index.html index.htm index.php default.html default.htm default.php;
root /data/wwwroot/xxxxxx; # 网站存放目录

include xxxxxx.conf; # 其他设置如伪静态
#error_page 404 /404.html;
location ~ [^/]\.php(/|$) # php的相关设置
{
# comment try_files $uri =404; to enable pathinfo
# try_files $uri =404;
fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_index index.php;
include fastcgi.conf;
include pathinfo.conf;
}

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}

location ~ .*\.(js|css)?$
{
expires 12h;
}

access_log /data/wwwlogs/wxxxxx.log access; # 日志
}

二、设置访问 http 自动转到 https

1
2
3
4
5
6
server
{
listen 80;
server_name xxx.com www.xxx.com
rewrite ^/(.*) https://xxx.com/$1 permanent;
}

三、重启Nginx

自签证书

  1. 生成秘钥
    • 命令:openssl genrsa 1024 > server.key
    • 说明:这是用128位rsa算法生成密钥,得到server.key文件
  2. 生成证书请求文件
    • 命令:openssl req -new -key server.key > server.csr
    • 说明:这是用步骤1的密钥生成证书请求文件server.csr, 这一步提很多问题,一一输入
  3. 生成证书
    • 命令:openssl req -x509 -days 365 -key server.key -in server.csr > server.crt
    • 说明:这是用步骤1,2的的密钥和证书请求生成证书server.crt,-days参数指明证书有效期,单位为天