作为生产环境,经常需要使用SSL来支持https协议,这部分主要为Apache增加SSL支持。 六、配置apache支持ssl: 1、修改Apache配置文件: 再配置一个虚拟主机(可配置成xxx.dingl.com,根据购买的SSL证书设置): ResinConfigServer localhost 6800 AddHandler caucho-request jsp 2、修改ssl配置文件: Listen 443 AddType application/x-x509-ca-cert .crt SSLPassPhraseDialog builtin SSLSessionCache “shmcb:/usr/local/apache/logs/ssl_scache(512000)” SSLMutex “file:/usr/local/apache/logs/ssl_mutex” ## # General setup for the virtual host # SSL Engine Switch: SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile “/usr/local/apache/conf/dingl.com.crt” SSLCertificateKeyFile “/usr/local/apache/conf/dingl.com.key” #SSLCertificateChainFile “/usr/local/apache/conf/server-ca.crt” #SSLCACertificatePath “/usr/local/apache/conf/ssl.crt” #SSLCARevocationPath “/usr/local/apache/conf/ssl.crl” #SSLVerifyClient require AddHandler caucho-request jsp <FilesMatch “\.(cgi|shtml|phtml|php)$”> BrowserMatch “.*MSIE.*” \ CustomLog “/usr/local/apache/logs/ssl_request_log” \ </VirtualHost> 这时即可通过http://www.dingl.com/访问了。
vi /usr/local/apache/conf/httpd.conf
确保两面这行没有被注释:
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
<VirtualHost *:80>
ServerName www.dingl.com
DocumentRoot /home/dingl/jsp-web
AddHandler caucho-request xtp
AddHandler caucho-request vm
</VirtualHost>
vi /usr/local/apache/conf/extra/httpd-ssl.conf
dingl.com修改成如下形式:
AddType application/x-pkcs7-crl .crl
SSLSessionCacheTimeout 300
## SSL Virtual Host Context
##
<VirtualHost _default_:443>
DocumentRoot “/home/dingl/jsp-web”
ServerName www.dingl.com:443
ServerAdmin you@example.com
ErrorLog “/usr/local/apache/logs/error_log”
TransferLog “/usr/local/apache/logs/access_log”
# Enable/Disable SSL for this virtual host.
SSLEngine on
#SSLCertificateFile “/usr/local/apache/conf/server-dsa.crt”
#SSLCertificateKeyFile “/usr/local/apache/conf/server-dsa.key”
#SSLCACertificateFile “/usr/local/apache/conf/ssl.crt/ca-bundle.crt”
#SSLCARevocationFile “/usr/local/apache/conf/ssl.crl/ca-bundle.crl”
#SSLVerifyDepth 10
ResinConfigServer 127.0.0.1 6800
AddHandler caucho-request xtp
AddHandler caucho-request vm
SSLOptions +StdEnvVars
</FilesMatch>
<Directory “/usr/local/apache/cgi-bin”>
SSLOptions +StdEnvVars
</Directory>
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”
集思博客
集思博客,(www.gisblogs.net)用心记录我的成长历程,留下技术的沉淀……
2008-6-8 13:1:33
Ubuntu 7.1 server从无到有搭建全能WEB生产环境(六)
Tags: Ubuntu server WEB 生产环境
发布:ming | 分类:Linux技术 | 评论:0 | 引用:0 | 浏览:
- 相关文章:
Ubuntu 7.1 server从无到有搭建全能WEB生产环境(五) (2008-6-8 13:0:48)
Ubuntu 7.1 server从无到有搭建全能WEB生产环境(四) (2008-6-8 12:57:55)
Ubuntu 7.1 server从无到有搭建jsp/php/rails全能WEB生产环境(三) (2008-6-8 12:57:2)
Ubuntu 7.1 server从无到有搭建jsp/php/rails全能WEB生产环境(二) (2008-6-8 12:56:8)
Ubuntu 7.1 server从无到有搭建jsp/php/rails全能WEB生产环境(一) (2008-6-8 12:55:28)
ubuntu7.10上安装ruby on rails方法和技巧 (2008-6-8 12:54:36)
ubuntu7.10中tgz文件的介绍和使用方法 (2008-6-8 12:53:56)
ubuntu7.10使用root无法登录mysql的解决办法 (2008-6-8 12:39:26)
Ubuntu7.10安装和配置LAMP简单教程 (2008-6-8 12:37:3)
Ubuntu7.10系统下安装和配置PostgreSQL 8.25 (2008-6-8 12:27:44)
◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。
