Apache

以下内容基于CentOS7.3/Apache2.4

1. Apache支持SSL证书的话需要mod_ssl模块，可以使用yum安装：

yum install -y mod_ssl

Apache配置文件加载模块指令：

LoadModule ssl_module modules/mod_ssl.so

比如加载php5 

LoadModule php5_module modules/libphp5.so

2. Apache加载证书配置

###cat /etc/apache2/ports.conf 

# If you just change the port or add more ports here, you will likely also

# have to change the VirtualHost statement in

# /etc/apache2/sites-enabled/000-default.conf



Listen 80



<IfModule ssl_module>

   Listen 443

   <VirtualHost *:443>

        DocumentRoot /var/www/html

        DirectoryIndex index.php

        ServerName openp.com

        SSLEngine on

        SSLProtocol TLSv1 TLSv1.1 TLSv1.2

        SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4

        SSLCertificateFile /etc/ssl/certs/i.crt

        SSLCertificateChainFile /etc/ssl/certs/_bundle.crt

        SSLCertificateKeyFile /etc/ssl/certs/server.key

   </VirtualHost>

</IfModule>



<IfModule mod_gnutls.c> 

    Listen 443

</IfModule>

3. http强制跳转https

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]

4. 重启apache前检测配置文件是否有语法错误

apachectl -t

5. 开启debug

LogLevel debug



[Mon Oct 28 10:30:39.187178 2019] [ssl:info] [pid 17193] AH01876: mod_ssl/2.4.18 compiled against Server: Apache/2.4.18, Library: OpenSSL/1.0.2g

[Mon Oct 28 10:30:39.193499 2019] [mpm_prefork:notice] [pid 17193] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations

[Mon Oct 28 10:30:39.193539 2019] [mpm_prefork:info] [pid 17193] AH00164: Server built: 2016-07-14T12:32:26

[Mon Oct 28 10:30:39.193550 2019] [core:notice] [pid 17193] AH00094: Command line: '/usr/sbin/apache2'

[Mon Oct 28 10:30:39.193555 2019] [core:debug] [pid 17193] log.c(1546): AH02639: Using SO_REUSEPORT: yes (1)

[Mon Oct 28 10:30:39.193559 2019] [mpm_prefork:debug] [pid 17193] prefork.c(1032): AH00165: Accept mutex: none (default: sysvsem)

[Mon Oct 28 10:31:06.387958 2019] [core:info] [pid 17193] AH00096: removed PID file /var/run/apache2/apache2.pid (pid=17193)

[Mon Oct 28 10:31:06.388032 2019] [mpm_prefork:notice] [pid 17193] AH00169: caught SIGTERM, shutting down

[Mon Oct 28 10:31:07.464718 2019] [ssl:info] [pid 17274] AH01887: Init: Initializing (virtual) servers for SSL

[Mon Oct 28 10:31:07.464755 2019] [ssl:info] [pid 17274] AH01914: Configuring server openplatform.benlai.com:443 for SSL protocol

[Mon Oct 28 10:31:07.465084 2019] [ssl:debug] [pid 17274] ssl_engine_init.c(925): AH01904: Configuring server certificate chain (1 CA certificate)

[Mon Oct 28 10:31:07.465114 2019] [ssl:debug] [pid 17274] ssl_engine_init.c(392): AH01893: Configuring TLS extension handling

[Mon Oct 28 10:31:07.465370 2019] [ssl:debug] [pid 17274] ssl_util_ssl.c(443): AH02412: [o.com:443] Cert does not match for name 'i.com' [subject: CN=*.benlaiguofang.com,O=\\E4\\B8\\8A\\E6\\B5\\B7\\E6\\9C\\AC\\E6\\9D\\A5\\E6\\9E\\9C\\E5\\9D\\8A\\E7\\A7\\91\\E6\\8A\\80\\E6\\9C\\89\\E9\\99\\90\\E5\\85\\AC\\E5\\8F\\B8,OU=\\E8\\BF\\90\\E7\\BB\\B4\\E9\\83\\A8,L=\\E4\\B8\\8A\\E6\\B5\\B7,ST=\\E4\\B8\\8A\\E6\\B5\\B7,C=CN / issuer: CN=GlobalSign Organization Validation CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE / serial: 0B41D8E98BA927C34F34ED07 / notbefore: Jan  7 07:16:19 2019 GMT / notafter: Mar  2 10:16:01 2021 GMT]

[Mon Oct 28 10:31:07.465401 2019] [ssl:warn] [pid 17274] AH01909: openplatform.benlai.com:443:0 server certificate does NOT include an ID which matches the server name

[Mon Oct 28 10:31:07.465407 2019] [ssl:info] [pid 17274] AH02568: Certificate and private key openplatform..com:443:0 configured from /etc/ssl/certs/benlai.crt and /etc/ssl/certs/server.key

6.

LoadModule ssl_module mods-enabled/mod_ssl.so

LoadModule rewrite_module mods-enabled/mod_rewrite.so

LoadModule socache_shmcb_module /usr/lib/apache2/modules/mod_socache_shmcb.so



SSLSessionCache "shmcb:logs/ssl_scache(512000)"