作為生產環境,經常需要使用SSL來支援https協議,這部分主要為Apache增加SSL支援。
六、配置apache支援ssl:
1、修改Apache設定檔:
vi /usr/local/apache/conf/httpd.conf
確保兩面這行沒有被注釋:
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
再配置一個虛擬機器主機(可配置成xxx.dingl.com,根據購買的SSL認證設定):
<VirtualHost *:80>
ServerName www.dingl.com
DocumentRoot /home/dingl/jsp-web
ResinConfigServer localhost 6800
AddHandler caucho-request jsp
AddHandler caucho-request xtp
AddHandler caucho-request vm
</VirtualHost>
2、修改ssl設定檔:
vi /usr/local/apache/conf/extra/httpd-ssl.conf
dingl.com修改成如下形式:
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache “shmcb:/usr/local/apache/logs/ssl_scache(512000)”
SSLSessionCacheTimeout 300
SSLMutex “file:/usr/local/apache/logs/ssl_mutex”
##
## SSL Virtual Host Context
##
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot “/home/dingl/jsp-web”
ServerName www.dingl.com:443
ServerAdmin you@example.com
ErrorLog “/usr/local/apache/logs/error_log”
TransferLog “/usr/local/apache/logs/access_log”
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile “/usr/local/apache/conf/dingl.com.crt”
#SSLCertificateFile “/usr/local/apache/conf/server-dsa.crt”
SSLCertificateKeyFile “/usr/local/apache/conf/dingl.com.key”