安装Apache2

这一篇介绍了怎样安装带有SSL模块的Apache2.

(然后作者说了一大段apache2的优点, 其实我个人还是比较倾向于nginx的, 轻量级, 配置简单, 而且高并发.)

下载 Apache

apache官网 下载apache的安装包, 目前的版本是2.4.18(2015-12-14发行)

➤ wget "http://mirrors.hust.edu.cn/apache//httpd/httpd-2.4.18.tar.bz2"
--2016-01-13 14:42:33--  http://mirrors.hust.edu.cn/apache//httpd/httpd-2.4.18.tar.bz2
Resolving mirrors.hust.edu.cn (mirrors.hust.edu.cn)... 202.114.18.160
Connecting to mirrors.hust.edu.cn (mirrors.hust.edu.cn)|202.114.18.160|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 5181291 (4.9M) [application/octet-stream]
Saving to: ‘httpd-2.4.18.tar.bz2’

httpd-2.4.18.tar.bz 100%[=====================>]   4.94M  3.97MB/s   in 1.2s   

2016-01-13 14:42:34 (3.97 MB/s) - ‘httpd-2.4.18.tar.bz2’ saved [5181291/5181291]

➤ tar -jxf httpd-2.4.18.tar.bz2

安装SSL模块

cd httpd-2.4.18/
➤ ./configure --help
`configure' configures this package to adapt to many kinds of systems.

Usage: ./configure [OPTION]... [VAR=VALUE]...

To assign environment variables (e.g., CC, CFLAGS...), specify them as
VAR=VALUE.  See below for descriptions of some of the useful variables.

Defaults for the options are specified in brackets.

Configuration:
  -h, --help              display this help and exit
      --help=short        display options specific to this package
      --help=recursive    display the short help of all the included packages
  -V, --version           display version information and exit
...
...
...

配置的时候有好多选项, 这里我们要安装SSL支持, 所以:

./configure --enable-ssl --enable-so
make
make install

这样就安装好了.

httpd.conf中开启SSL

Apache的配置文件保存在/usr/local/apache2/conf目录中,(如果是apt-get安装的话, 目录则在/etc/apache2/conf).

把配置文件中的#Include conf/extra/httpd-ssl.conf前面的注释符去掉保存即可.

/usr/local/apache2/conf/extra/httpd-ssl.conf这个文件里面保存的就是ssl的配置, 包括公钥私钥的存放位置:

# egrep 'server.crt|server.key' httpd-ssl.conf
SSLCertificateFile "/usr/local/apache2/conf/server.crt"
SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"

我们还需要创建一对公钥私钥才能让apache2正常运行, 所以:

创建公私钥

openssl genrsa -des3 -out server.key 2048

上面的命令创建了一个2048位的密钥, 其中有一步是需要你输入一个4-1023位长的密码, 记住这个密码, 以后要用到(以后也可以去掉密码的).

下一步就是创建一个 certificate request file (创建证书所用到的文件), 用到上面创建的密钥:

openssl req -new -key server.key -out server.csr

最后就是创建一个自己签发的证书了:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

证书的时长是365天.

把证书复制过去

接着上面的步骤, 把创建的证书和密钥都放到apache的配置目录中:

cp server.key /usr/local/apache2/conf/
cp server.crt /usr/local/apache2/conf/

开启 Apache

/usr/local/apache2/bin/apachectl start

过程中需要输入刚才记录的密码:

Apache/2.2.17 mod_ssl/2.2.17 (Pass Phrase Dialog)
Server www.example.com:443 (RSA)
Enter pass phrase:

OK: Pass Phrase Dialog successful.

上面说过这个密码可以去除, 这样就不需要每次开启apache2的时候都输入密码了, 具体怎样做呢? 谷歌会告诉你.

扩展阅读

How To Generate SSL Key, CSR and Self Signed Certificate For Apache

results matching ""

    No results matching ""