lighty的官方文檔對SSL配置寫的已經比較詳細了,搞懂SSL簽名流程就可以了
http://redmine.lighttpd.net/wiki/lighttpd/Docs:SSL
SSL簽名流程如下
http://blog.csdn.net/lijiecong/archive/2010/12/24/6096289.aspx
下載
apt-get install openssl*
配置原始碼時加上 ./configure --with-openssl --with-openssl-libs=/usr/lib
用 lighttpd -v ,可以看到(ssl)
lighttpd/1.4.28 (ssl) - a light and fast webserver
Build-Date: Dec 24 2010 17:19:54
產生包含私密金鑰和ca的檔案,自我認證。可以通過第三方鏈條驗證
openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
在conf檔案中至少進行如下配置,SSL的預設連接埠為443
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/home/jli/network/lighttpd-1.4.28/conf/server.pem"
}
在conf檔案中至少進行如下配置,SSL的預設連接埠為443
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/home/jli/network/lighttpd-1.4.28/conf/server.pem"
}
ssl.engine enable/disable ssl engine
ssl.pemfile path to the PEM file for SSL support 包含私密金鑰和ca認證檔案
ssl.ca-file path to the CA file for support of chained certificates。
ssl.use-sslv2 enable/disable use of SSL version 2 (lighttpd < 1.4.21 only, newer version don't support SSLv2)
ssl.cipher-list Configure the allowed SSL ciphers
ssl.verifyclient.activate enable/disable client verification
ssl.verifyclient.enforce enable/disable enforcing client verification
ssl.verifyclient.depth certificate depth for client verification
ssl.verifyclient.exportcert enable/disable client certificate export to env:SSL_CLIENT_CERT
ssl.verifyclient.username client certificate entity to export as env:REMOTE_USER (eg. SSL_CLIENT_S_DN_emailAddress, SSL_CLIENT_S_DN_UID, etc.)
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
