码迷,mamicode.com
首页 > Web开发 > 详细

配置https

时间:2018-02-08 15:38:20      阅读:190      评论:0      收藏:0      [点我收藏+]

标签:mod_wsgi   efault   doc   emc   read   rsa   node   out   sudo   

配置httpd

mkdir /etc/ssl/private
chmod 700 /etc/ssl/private
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt
openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
cat /etc/ssl/certs/dhparam.pem | sudo tee -a /etc/ssl/certs/apache-selfsigned.crt

vi /etc/httpd/conf.d/ssl.conf
<VirtualHost _default_:443>
. . .
DocumentRoot "/var/www/your_dir"
ServerName www.example.com:443

#然后是配置flask,当然flask是必须用wsgi来搞apache了,官网有http的例子http://flask.pocoo.org/docs/0.12/deploying/mod_wsgi/
#这里其实只需要在/etc/httpd/conf.d/ssl.conf做这些工作就行啦 在上一步的后面中加入

WSGIDaemonProcess your_web_group user=apache group=apache threads=2
WSGIScriptAlias / /var/www/your_dir/your_web.wsgi

<Directory /var/www/your_dir>
    WSGIProcessGroup your_web_group
    WSGIApplicationGroup %{GLOBAL}
    Order deny,allow
    Allow from all
</Directory>

注释两行:
# SSLProtocol all -SSLv2
. . .
# SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA

改两个地方:
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key


设置http强制proxy到https

vi /etc/httpd/conf.d/non-ssl.conf
<VirtualHost *:80>
        ServerName www.example.com
        Redirect "/" "https://www.example.com/"
</VirtualHost>

检查配置,重启服务,设置防火墙

apachectl configtest

systemctl restart httpd.service

iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT

访问ip,如果没有问题就ok了,注意防火墙和selinux的问题

关闭selinux
vim /etc/selinux/config
设置为disable

reboot

配置https

标签:mod_wsgi   efault   doc   emc   read   rsa   node   out   sudo   

原文地址:https://www.cnblogs.com/juandx/p/8431375.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!