-
Notifications
You must be signed in to change notification settings - Fork 1
/
http openssl.txt
174 lines (126 loc) · 5.18 KB
/
http openssl.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
yum -y install openssl mod_ssl
创建私钥
openssl genrsa -out server.key 1024
用私钥生成证书请求
openssl req -new -key server.key -out server.csr
需要输入一些基本信息,challenge password之前一定要输入,否则会启动错误
Common Name 最好填主机名
生成证书CRT文件
openssl x509 -days 3650 -req -in server.csr -signkey server.key -out server.crt
证书有效期 -days 3650
vi /etc/httpd/conf/httpd.conf 添加
LoadModule ssl_module modules/mod_ssl.so //静态编进apache内核的则不需要此段,yum安装就不用了
mkdir /etc/pki/tls/mycert
rm -fr /etc/pki/tls/mycert/*
mv server.* /etc/pki/tls/mycert
vi /etc/httpd/conf.d/ssl.conf
修改SSLCertificateFile /etc/pki/tls/mycert/server.crt
修改SSLCertificateKeyFile /etc/pki/tls/mycert/server.key
配置使用的SSL协议
# SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect. Disable SSLv2 access by default:
#SSLProtocol all -SSLv2
SSLProtocol SSLv2 -TLSv1
httpd重启生效(记得关闭selinux和iptables)
全网站跳转到https(也可在单独目录下配置可以参见最后的虚拟机配置)
在
<Directory />
Options FollowSymLinks
#AllowOverride None
AllowOverride All 修改None为All
RewriteEngine on 增加++
RewriteCond %{SERVER_PORT} !^443$ 增加++
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R] 增加++
</Directory>
%{SERVER_PORT} —— 访问端口
%{REQUEST_URI} —— 比如如果url是 http://localhost/tz.php,则是指 /tz.php
RewriteCond %{REQUEST_URI} !^/tz.php
%{SERVER_NAME} —— 比如如果url是 http://localhost/tz.php,则是指 localhost
虚拟主机配置
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot /var/www/lj/
ServerName dummy-host.example.com
ErrorLog logs/lj_error_log
CustomLog logs/lj_access_log common
<Directory "/var/www/lj/">
Options FollowSymLinks
AllowOverride None
Order deny,allow
allow from all
</Directory>
</VirtualHost>
NameVirtualHost *:8080
Listen 8080 ----------------------------------非80端口要加这一句
<VirtualHost *:8080>
ServerAdmin [email protected]
DocumentRoot /var/www/lj1/
ServerName lj.example.com
ErrorLog logs/lj1_error_log
CustomLog logs/lj1_access_log common
<Directory "/var/www/lj1/">
Options FollowSymLinks
#AllowOverride None
Order deny,allow
allow from all
AllowOverride All
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
</Directory>
</VirtualHost>
apache 代理其他服务器
vi /etc/httpd/conf/httpd.conf 添加
ProxyPass /images http://10.10.1.3:8088/images
ProxyPassReverse /images http://10.10.1.3:8088/images
apache 开启http basic auth
vi /etc/httpd/conf/httpd.conf
在<Directory "/var/www/html">下添加
AuthName "Private source Access"
AuthType Basic
AuthUserFile /etc/httpd/conf/pass_file
Require valid-user
使用htpasswd添加帐号
htpasswd -bc /etc/httpd/conf/pass_file lj 123
htpasswd -b /etc/httpd/conf/pass_file lj2 123 添加第二个帐号
htpasswd -D /etc/httpd/conf/pass_file lj2 删除帐号
重启httpd生效
apache主页跳转子目录
RewriteEngine On
RewriteCond %{HTTP_HOST} ^192.168.100.10:8090$
RewriteCond %{REQUEST_URI} !^/zabbix/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /zabbix/$1
RewriteCond %{HTTP_HOST} ^192.168.100.10:8090$
RewriteRule ^(/)?$ zabbix/$1 [L]
Apache Rewrite规则重写的标志
1) R[=code](force redirect) 强制外部重定向
强制在替代字符串加上http://thishost[:thisport]/前缀重定向到外部的URL.如果code不指定,将用缺省的302 HTTP状态码。
2) F(force URL to be forbidden)禁用URL,返回403HTTP状态码。
3) G(force URL to be gone) 强制URL为GONE,返回410HTTP状态码。
4) P(force proxy) 强制使用代理转发。
5) L(last rule) 表明当前规则是最后一条规则,停止分析以后规则的重写。
6) N(next round) 重新从第一条规则开始运行重写过程。
7) C(chained with next rule) 与下一条规则关联
如果规则匹配则正常处理,该标志无效,如果不匹配,那么下面所有关联的规则都跳过。
8 ) T=MIME-type(force MIME type) 强制MIME类型
9) NS (used only if no internal sub-request) 只用于不是内部子请求
10) NC(no case) 不区分大小写
11) QSA(query string append) 追加请求字符串
12) NE(no URI escaping of output) 不在输出转义特殊字符
例如:RewriteRule /foo/(.*) /bar?arg=P1%3d$1 [R,NE] 将能正确的将/foo/zoo转换成/bar?arg=P1=zoo
13) PT(pass through to next handler) 传递给下一个处理
例如:
代码示例:
RewriteRule ^/abc(.*) /def$1 [PT] # 将会交给/def规则处理
Alias /def /ghi
14) S=num(skip next rule(s)) 跳过num条规则
15) E=VAR:VAL(set environment variable) 设置环境变量
以下是例子:有空研究
http://smilejay.com/2012/10/apache-rewrite/
RewriteLog "/usr/local/var/apache/logs/rewrite.log"
RewriteLogLevel 3
不能写在<Directory>或<options>中