- 首先得到证书,收费也好,免费也好。
- 防火墙
123firewall-cmd --list-allfirewall-cmd --permanent --zone=public --add-port=443/tcpfirewall-cmd --reload
- yum -y install mod_ssl 安装ssl模块
- vim /etc/httpd/conf/httpd.conf 修改
123456789101112131415LoadModule ssl_module modules/mod_ssl.so......<Directory />AllowOverride noneRequire all denied</Directory>------------->改成<Directory />AllowOverride ALLRequire all grantedOrder Deny,AllowAllow from all</Directory>.......Include conf/httpd-ssl.conf
- 产生https的配置文件: vim /etc/httpd/conf/httpd-ssl.conf
12345678910111213141516171819202122232425262728293031323334普通:<VirtualHost 0.0.0.0:443>DocumentRoot "/var/www/html"ServerName www.xxxxxx.comSSLEngine onSSLCertificateFile /etc/httpd/conf/xxxxxx.crtSSLCertificateKeyFile /etc/httpd/conf/xxxxxx.keySSLCertificateChainFile /etc/httpd/conf/xxxxx.crt</VirtualHost>负载:<VirtualHost *:443>ServerName www.xxxxxx.comSSLEngine onSSLCertificateFile /etc/httpd/conf/xxx.crtSSLCertificateKeyFile /etc/httpd/conf/xxx.keySSLCertificateChainFile /etc/httpd/conf/xxx.crtErrorLog "logs/acooly2.org-error_log"LogFormat "%{Host}i %h %l %u %t \"%r\" %s %b" vcommonCustomLog logs/access_log vcommonProxyRequests OffProxyPreserveHost on# apache+tomcat clusterProxyPass / balancer://tomcat-cluster/ stickysession=JSESSIONID|jsessionid nofailover=OffProxyPassMatch ^/(ws(/.*)?)$ balancer://tomcat-cluster/ stickysession=JSESSIONID|jsessionid nofailover=Off#ProxyPass / balancer://tomcat-cluster/ nofailover=OffProxyPassReverse / balancer://tomcat-cluster/<Proxy balancer://tomcat-cluster/>BalancerMember ajp://IP1:8009 loadfactor=1 route=APP1BalancerMember ajp://IP2:8009 loadfactor=1 route=APP2ProxySet lbmethod=bybusyness</Proxy></VirtualHost>
- 开启访问80 端口自动跳转443: vim /etc/httpd/conf/httpd.conf
1234567vim /etc/httpd/conf/httpd.confLoadModule rewrite_module modules/mod_rewrite.so#在末尾追加RewriteEngine on#301表示永久移走RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]#同时注释掉非https的配置: Include conf/httpd-vhosts.conf
- 重启: systemctl restart httpd.service
这样,访问http的时候,也会自动跳转到https方式
