Ubuntu Apache 服務器 + HTTPS/SSL 配置

, , ,

簡單總結了下在一個空 Linux 主機去砌 Apache Web Server 帶 SSL

安裝 Apache Web 服務器

  • 升級系統
    1
    sudo apt update && sudo apt upgrade
  • 安裝 Apache
    1
    sudo apt install apache2
  • 防火牆允許
    1
    2
    sudo ufw allow 'Apache'
    sudo ufw status
  • 檢查防火牆狀態
    1
    sudo ufw status
  • 改變網頁文件存放目錄權限
    1
    sudo chmod -R 755 /var/www/your_domain
  • 給當前用戶改變網頁文件存放目錄權限
    1
    sudo chown -R $USER:$USER /var/www/your_domain
  • 添加域名配置 vi /etc/apache2/sites-available/your_domain.conf
    1
    2
    3
    4
    5
    6
    7
    8
    9
    <VirtualHost *:80>
        ServerAdmin webmaster@localhost
        ServerName your_domain
        ServerAlias www.your_domain
        Redirect permanent / https://www.yourdomain.com/
        DocumentRoot /var/www/your_domain
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
    </VirtualHost>
  • 啓動配置(啓動a2ensit,關閉a2dissit
    1
    2
    3
    4
    sudo a2ensite your_domain.conf
    sudo a2dissite 000-default.conf
    sudo apache2ctl configtest
    sudo systemctl restart apache2

配置 HTTPS/SSL

  • https://www.sslforfree.com/ 獲取 Let's Encrypt 證書,有 ca_bundle.crtprivate.keycertificate.crt
  • 創建/修改 vi /etc/apache2/sites-available/default-ssl.conf,加上下面的內容
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    <IfModule mod_ssl.c>
            <VirtualHost _default_:443>
                    ServerAdmin webmaster@localhost

                    DocumentRoot /var/www/html

                    ErrorLog ${APACHE_LOG_DIR}/error.log
                    CustomLog ${APACHE_LOG_DIR}/access.log combined

                    SSLEngine on

                    SSLCertificateFile      path/certificate.crt
                    SSLCertificateKeyFile   path/private.key
    				SSLCertificateChainFile path/intermediate-ca_bundle.crt

                    <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                    SSLOptions +StdEnvVars
                    </FilesMatch>
                    <Directory /usr/lib/cgi-bin>
                                    SSLOptions +StdEnvVars
                    </Directory>

                    # BrowserMatch "MSIE [2-6]" \
                    #               nokeepalive ssl-unclean-shutdown \
                    #               downgrade-1.0 force-response-1.0

            </VirtualHost>
    </IfModule>
  • 防火牆配置
    1
    2
    sudo ufw allow 'Apache Full'
    sudo ufw delete allow 'Apache'
  • 啓動
    1
    2
    3
    4
    5
    6
    sudo a2enmod ssl
    sudo a2enmod headers
    sudo a2ensite default-ssl
    sudo a2enconf ssl-params
    sudo apache2ctl configtest
    sudo systemctl restart apache2

其他相關信息

Apache 相關命令

1
2
3
4
5
6
sudo systemctl stop apache2
sudo systemctl start apache2
sudo systemctl restart apache2
sudo systemctl reload apache2
sudo systemctl disable apache2
sudo systemctl enable apache2

Apache 相關路徑

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
/etc/apache2: The Apache configuration directory. All of the Apache configuration files reside here.

/etc/apache2/apache2.conf: The main Apache configuration file. This can be modified to make changes to the Apache global configuration. This file is responsible for loading many of the other files in the configuration directory.

/etc/apache2/ports.conf: This file specifies the ports that Apache will listen on. By default, Apache listens on port 80 and additionally listens on port 443 when a module providing SSL capabilities is enabled.

/etc/apache2/sites-available/: The directory where per-site virtual hosts can be stored. Apache will not use the configuration files found in this directory unless they are linked to the sites-enabled directory. Typically, all server block configuration is done in this directory, and then enabled by linking to the other directory with the a2ensite command.

/etc/apache2/sites-enabled/: The directory where enabled per-site virtual hosts are stored. Typically, these are created by linking to configuration files found in the sites-available directory with the a2ensite. Apache reads the configuration files and links found in this directory when it starts or reloads to compile a complete configuration.

/etc/apache2/conf-available/, /etc/apache2/conf-enabled/: These directories have the same relationship as the sites-available and sites-enabled directories, but are used to store configuration fragments that do not belong in a virtual host. Files in the conf-available directory can be enabled with the a2enconf command and disabled with the a2disconf command.

/var/log/apache2/access.log: By default, every request to your web server is recorded in this log file unless Apache is configured to do otherwise.

/var/log/apache2/error.log: By default, all errors are recorded in this file. The LogLevel directive in the Apache configuration specifies how much detail the error logs will contain.