如何申请并配置SSL证书?以阿里云免费证书为例,一共有8个步骤,详情见以下说明。
- 在阿里云控制台点击“证书服务”--->“购买证书” ;
2. 选择“免费型DV SSL”并购买;
3.补全证书相关的信息, 选择文件验证;
4.选择系统生成SCR 并点击创建;
5.创建完成后点“进度”,将文件下载到 edusoho/web/.well-known/pki-validation目录下,等待证书验证完成,一般需要5-10分钟;
6.将证书下载到/var/www/ssl目录中;
7.配置nginx 或apache其中一种;
配置nginx方式:
- server {
- # [改] 将端口号改为443
- listen 443;
- server_name xxx.edusoho.cn;
- root /var/www/edusoho/web;
- access_log /var/log/nginx/edusoho.cn.access.log;
- error_log /var/log/nginx/edusoho.cn.error.log;
- # [改] 增加下面配置
- ssl on;
- ssl_certificate /var/www/ssl/chain.pem;
- ssl_certificate_key /var/www/ssl/domain.key;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
- ssl_session_cache shared:SSL:50m;
- ssl_prefer_server_ciphers on;
- location / {
- index app.php;
- try_files $uri @rewriteapp;
- }
- location @rewriteapp {
- rewrite ^(.*)$ /app.php/$1 last;
- }
- location ~ ^/udisk {
- internal;
- root /var/www/edusoho/app/data/;
- }
- location ~ ^/(app|app_dev)\.php(/|$) {
- fastcgi_pass unix:/var/run/php5-fpm.sock;
- fastcgi_split_path_info ^(.+\.php)(/.*)$;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- # [改] https 改为 on
- fastcgi_param HTTPS on;
- fastcgi_param HTTP_X-Sendfile-Type X-Accel-Redirect;
- fastcgi_param HTTP_X-Accel-Mapping /udisk=/var/www/edusoho/app/data/udisk;
- fastcgi_buffer_size 128k;
- fastcgi_buffers 8 128k;
- }
- location ~* \.(jpg|jpeg|gif|png|ico|swf)$ {
- expires 3y;
- access_log off;
- gzip off;
- }
- location ~* \.(css|js)$ {
- access_log off;
- expires 3y;
- }
- location ~ ^/files/.*\.(php|php5)$ {
- deny all;
- }
- location ~ \.php$ {
- fastcgi_pass unix:/var/run/php5-fpm.sock;
- fastcgi_split_path_info ^(.+\.php)(/.*)$;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- # [改] https 改为 on
- fastcgi_param HTTPS on;
- }
- }
重启nginx
service nginx restart
配置apache:
vi /etc/httpd/conf/httpd.conf
在配置文件中播入以下配置语句:
·添加 SSL 协议支持语句,关闭不安全的协议和加密套件
SSLProtocol all -SSLv2 -SSLv3
·修改加密套件如下
SSLCipherSuite AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
·将服务器证书公钥配置到该路径下(在 conf 目录下创建 ssl 目录,将 for Apache 里面的三 个证书文件拷贝到 ssl 目录下)
SSLCertificateFile /var/www/ssl/public.pem (证书公钥)
·将服务器证书私钥配置到该路径下
SSLCertificateKeyFile /var/www/ssl/订单号.key (证书私钥)
·将服务器证书链配置到该路径下
SSLCertificateChainFile /var/www/ssl/chain.pem (证书链)删除行首的“#”号注释符
重启 Apache
8.完成,通过 https 方式访问您的站点,测试站点证书的安装配置。
注意:
如果开启了防火墙请开放443端口!
-
nginx 服务器 复制上面的内容并做了相应修改,防火墙也修改了。重启后页面出现: Welcome to nginx.(0) 回复 (0)
