Apache+Nginx配置ssl

1 Apache配置

1.1 mod_ssl.so

取消 #LoadModule ssl_module modules/mod_ssl.so前面的#号

1.2 查看是否有以下模块 ssl_module

<IfModule ssl_module> #Include conf/extra/httpd-ssl.conf Include conf/extra/httpd-ahssl.conf SSLRandomSeed startup builtin SSLRandomSeed connect builtin </IfModule>

1.3 打开配置文件httpd_ssl.conf，修改以下代码：

# https的端口 Listen 10443 # 修改加密套件如下 SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM SSLProxyCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM SSLHonorCipherOrder on # 添加 SSL 协议支持协议，去掉不安全的协议 SSLProtocol all all -SSLv2 -SSLv3 SSLProxyProtocol all -SSLv2 -SSLv3 <VirtualHost *:10443> # 配置virtualhost SSLEngine on ServerName www.abc.com # 改成自己域名 # 证书公钥配置 SSLCertificateFile "E:/Server/Apache24/cert/public.pem" //改成自己的路径 # 证书私钥配置 SSLCertificateKeyFile "E:/Server/Apache24/cert/******.key" //改成自己的路径 # 证书链配置，如果该属性开头有 '#'字符，请删除掉 SSLCertificateChainFile "E:/Server/Apache24/cert/chain.pem" //改成自己的路径 DocumentRoot "E:/Website/www.abc.com" //改成自己的路径 # DocumentRoot access handled globally in httpd.conf CustomLog "${SRVROOT}/logs/ssl_request.log" \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" <Directory "E:/Website/www.abc.com"> //改成自己的路径 Options Includes FollowSymLinks AllowOverride AuthConfig Limit FileInfo Require all granted </Directory> </virtualhost>

这样就配置好了，可以去试试：https://www.abc.com:10443接下来设置跳转：

2、 Nginx配置，Server中添加ssl配置，配置如下：

server { listen 8055; listen 10430 ssl; # 注意这是nginx高版本的配置方法 server_name moyu.nxycsw.cn; ssl_certificate F:/development/nginx-1.16.1/cert/ssl.pem; ssl_certificate_key F:/development/nginx-1.16.1/cert/ssl.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; server_name moyu.nxycsw.cn; }