Configure Apache+https under Windows

Source: Internet
Author: User
Tags openssl
By using HTTPS reverse proxy to map to an HTTP address, you can access the normal HTTP Web site in an https manner. Mainly related to the following three configuration file modifications: httpd.conf httpd-ssl.conf httpd-vhosts.conf Specific implementation steps: 1. Modify Conf/httpd.confCanceling SSL and proxy-related comments #LoadModule Ssl_module modules/mod_ssl.so (remove the front #) #Include conf/extra/httpd-ssl.conf (remove the front #) # LoadModule proxy_module modules/mod_proxy.so (remove the front number) #LoadModule Proxy_http_module modules/mod_proxy_http.so (remove the front #号) 2. Generate CertificatesCMD enters the command line and enters the bin directory of the Apache installation directory. 2.1 Setting Openssl_config configurationExecute command: Set openssl_conf=. \conf\openssl.cnf 2.2 Generating service-side key filesExecute command: OpenSSL genrsa-out server.key 1024 is completed, Server.key files are generated in the bin directory 2.3 Generating signed applicationsExecute command: OpenSSL req-new-out server.csr-key Server.key completed, the SERVER.CSR file is generated in the bin directory, where Common Name <eg,your name>[] requires The servername in the configuration file is consistent, otherwise Apache will start with an error. 2.4 Generating the CA's key fileExecute command: OpenSSL genrsa-out ca.key 1024 is completed, Ca.key files are generated under directory Bin 2.5 Build CA self-signed certificateExecute command: OpenSSL req-new-x509-days 365-key ca.key-out CA.CRT is completed, the Ca.crt file is generated in the directory bin, and the information here is similar to the 2.3 steps. 2.6 The server that generated the CA signed the certificateExecute command: OpenSSL ca-in server.csr-out server.crt-cert ca.crt-keyfile ca.key here if you do not create a related directory, you will report the following error: Follow the prompts to create the related directories manually: New D under Bin Emoca folder Bin/democa under Democa new Index.txt bin/democa/index.txt new Democa under Serial.txt, with content 01, rename delete. txt suffix bin/democa/ Serial creates a SERVER.CRT file in the bin directory after the new Newcert folder Bin/democa/newcerts is completed under Democa. The final structure of the Democa directory is as follows:
3. Modify the conf/extra/httpd-ssl.conf file 3.1 Modify HTTPS port numberModify the default port number "443" for the httpd-ssl.conf as needed, modifying all 443 to "6443" and modifying the ServerName. Specifically as follows: Listen 6443 <virtualhost _default_:6443> ServerName localhost tip: If you keep HTTPS's default 443 port here, you do not need to add a port number when you access it. 3.2 Modify the relevant certificate pathIn the Apache directory of the directory, a new key directory, the name of the random, and then the bin directory to copy the relevant certificates to the key directory. The final file structure of the key directory is as follows: then modify the following in the conf/extra/httpd-ssl.conf file: Sslcertificatefile "XXX/CONF/KEY/SERVER.CRT" Sslcertificatekeyfile "Xxx/conf/key/server.key" Sslcacertificatefile "XXX/CONF/KEY/CA.CRT" #SSLVerifyClient require (Remove the front #, the client verification required) #SSLVerifyDepth 1 (Remove the front #, change 10 to 1, required for client verification) 4. Restart Apache

In the browser, enter https://localhost:6443 if the page appears to prompt It works! , the HTTPS configuration is successful. As shown in figure:

5. The project deploys the way modifies conf/extra/httpd-vhosts.conf, the new content is as follows: Namevirtualhost *:6443 Note: httpd-vhosts.conf configuration file Namevirtualhost *:80 do not modify, the following new line can be added. namevirtualhost *:6443 5.1 Deploying the project in HTTPS in the conf/extra/httpd-vhosts.conf configuration file, add the following:

<virtualhost *:6443>
	ServerName localhost
	documentroot
	D:/javapro/bms sslengine on Sslproxyengine on
	sslcertificatefile "D:/MYPLATFORM/APACHE2.2/CONF/KEY/SERVER.CRT"
	SSLCertificateKeyFile "D:/myplatform/apache2.2/conf/key/server.key"
	<directory "/" >
		Options None
		allowoverride All Order
		Allow,deny
		Allow from all
	</Directory>
</VirtualHost>
The above configuration means that you can access items in the documentroot corresponding directory by entering https://localhost:6443 in the browser. 5.2 Deploying the project in Reverse agent mode 5.2.1 Deployment of reverse proxies in level two catalogs at this point, the agent of the virtual machine, you must set the alias, otherwise, the first page other than the URL, will not be able to implement the agent. In the conf/extra/httpd-vhosts.conf configuration file, add the following: #部署被代理的虚拟机local. BMS
<virtualhost *:80>
	ServerName Local.bms
	documentroot "D:/javapro/bms" Alias/bms "D:/javapro/bms"
	<directory "/" >
		Options None
		allowoverride all
		allow,deny allow to all
	</Directory>
</ Virtualhost>
Here, the alias alias configuration is added so that the Http://local.bms can be accessed via HTTP://LOCAL.BMS/BMS to prepare for the reverse proxy behind. #部署反向代理虚拟机
<virtualhost *:6443>
	ServerName localhost
	sslengine on
	sslproxyengine
	on Sslcertificatefile "D:/MYPLATFORM/APACHE2.2/CONF/KEY/SERVER.CRT"
	sslcertificatekeyfile "D:/myplatform/ Apache2.2/conf/key/server.key "
	proxyrequests off
	<proxy *> order
		Allow,deny
		allow from All
	</Proxy>
	Proxypass/bms Http://local.bms/bms
	Proxypassreverse/bms Http://local.bms/bms
</VirtualHost>
The above configuration means that the HTTPS://LOCALHOST:6443/BMS request is mapped to the Http://local.bms/bms, where the BMS at the end of the URL is equivalent to a virtual level two directory. Note: At the end of the proxy URL, do not add a slash "/". 5.2.2 Deploy a reverse proxy as a level of directoryAt this point, the virtual machine being proxied does not need to set an alias. In the conf/extra/httpd-vhosts.conf configuration file, add the following: #部署被代理的虚拟机local. BMS
<virtualhost *:80>
	ServerName Local.bms
	documentroot "D:/javapro/bms"
	<directory "/" >
		Options None
		allowoverride all
		allow,deny allow to all
	</Directory>
</ Virtualhost>
#部署反向代理虚拟机
<virtualhost *:6443>
	ServerName localhost
	sslengine on
	sslproxyengine
	on Sslcertificatefile "D:/MYPLATFORM/APACHE2.2/CONF/KEY/SERVER.CRT"
	sslcertificatekeyfile "D:/myplatform/ Apache2.2/conf/key/server.key "
	proxyrequests off
	<proxy *> order
		Allow,deny
		allow from All
	</Proxy>
	proxypass/http://local.bms/
	proxypassreverse/http://local.bms/
</ Virtualhost>
The above configuration means that the https://localhost:6443 request is mapped to the Http://local.bms Note: At the end of the proxy URL, you must add a slash "/".

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.