Apache+Nginx配置ssl

1 Apache配置

1.1 mod_ssl.so

取消 #LoadModule ssl_module modules/mod_ssl.so前面的#号

1.2 查看是否有以下模块 ssl_module

<IfModule ssl_module>
#Include conf/extra/httpd-ssl.conf
Include conf/extra/httpd-ahssl.conf
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

1.3 打开配置文件httpd_ssl.conf，修改以下代码：

# https的端口
Listen 10443
# 修改加密套件如下
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLProxyCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLHonorCipherOrder on
# 添加 SSL 协议支持协议，去掉不安全的协议
SSLProtocol all all -SSLv2 -SSLv3
SSLProxyProtocol all -SSLv2 -SSLv3
<VirtualHost *:10443> # 配置virtualhost
SSLEngine on
ServerName www.abc.com # 改成自己域名
# 证书公钥配置
SSLCertificateFile "E:/Server/Apache24/cert/public.pem" //改成自己的路径
# 证书私钥配置
SSLCertificateKeyFile "E:/Server/Apache24/cert/******.key" //改成自己的路径
# 证书链配置，如果该属性开头有 '#'字符，请删除掉
SSLCertificateChainFile "E:/Server/Apache24/cert/chain.pem" //改成自己的路径
DocumentRoot "E:/Website/www.abc.com" //改成自己的路径
# DocumentRoot access handled globally in httpd.conf
CustomLog "${SRVROOT}/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<Directory "E:/Website/www.abc.com"> //改成自己的路径
Options Includes FollowSymLinks
AllowOverride AuthConfig Limit FileInfo
Require all granted
</Directory>
</virtualhost>

这样就配置好了，可以去试试：https://www.abc.com:10443接下来设置跳转：

2、 Nginx配置，Server中添加ssl配置，配置如下：

server {
listen       8055;
listen       10430 ssl; # 注意这是nginx高版本的配置方法
server_name  moyu.nxycsw.cn;
ssl_certificate      F:/development/nginx-1.16.1/cert/ssl.pem;
ssl_certificate_key  F:/development/nginx-1.16.1/cert/ssl.key;

ssl_session_cache    shared:SSL:1m;
ssl_session_timeout  5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
server_name  moyu.nxycsw.cn;
}