apache 配置https
本文介绍的是iMac上的配置
-
自定义apache+http的配置
关于在imac上开启基础的http服务可查看该文.
相关配置文件地址有- /private/etc/apache2/httpd.conf
- /private/etc/apache2/extra/httpd-ssl.conf
-
生成一个自签名证书
$ openssl genrsa -out server.key 1024
$ openssl req -new -x509 -key server.key -out server.crt [-days 3650]
第二个语句会询问一些配置信息, 在有权限的文件夹操作的时候,会报错(server2.crt: Permission denied),可以在桌面上生成好了两个文件之后,拖拽到apache2文件夹中.
填写样例如下
➜ apache2 openssl req -new -x509 -key server.key -out server.crt -days 3650
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:CN
State or Province Name (full name) []:zhejiang
Locality Name (eg, city) []:hangzhou
Organization Name (eg, company) []:lexandera2
Organizational Unit Name (eg, section) []:lex
Common Name (eg, fully qualified host name) []:local.lexandera.com
Email Address []:256@qq.com
将生成的证书迁移到/private/etc/apache2的文件夹下面,或者将配置指向你的放置自签名证书的地址
- https配置
- httpd.conf
-
查找mod_ssl.so,删除前面的#注释
-
查找httpd-ssl.conf,删除前面的#注释
-
LoadModule ssl_module libexec/apache2/mod_ssl.so
...
...
Include /private/etc/apache2/extra/httpd-ssl.conf
- httpd-ssl.conf
查找,修改里面的一些配置项
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "/Users/edz/Network"
ServerName local.lexandera.com:443
ServerAdmin 256@qq.com
...
...
...
SSLCertificateFile "/private/etc/apache2/server.crt"
...
...
SSLCertificateKeyFile "/private/etc/apache2/server.key"
DocumentRoot 配置网站跟目录
ServerName 配置网站域名
SSLCertificateFile 自签名证书的地址,我这是拖拽到它指定的位置,所以没有变.如果你的文件放置在别的地方,将地址指向那里即可.
SSLCertificateKeyFile 自签名证书密钥
注:
-
如果使用访问页面 出现You don't have permission to access this resource., 那请求被拒了.
需要配置下apache的访问控制,在文件httpd.conf中查找require all, 将相应后面的denied改为granted -
由于是自签名证书弄的,所以首次在浏览器里面访问的时候,会提示‘有风险‘,你选择继续即可.后续访问的时候将不再询问,因为已被信任,且记录到钥匙扣中.