gpt4 book ai didi

apache - 在 Windows Apache 上安装 SSL

转载 作者:太空宇宙 更新时间:2023-11-03 12:44:49 26 4
gpt4 key购买 nike

1.我想做什么:

我有一个域 example.me 和一个托管在我的 Windows Server 上的子域 text.example.me。它使用 php 5.6 运行 Apache

我想使用 Let's Encrypt 和这个工具安装 SSL 证书 https://github.com/PKISharp/win-acme

2。问题:

它似乎不起作用,我在尝试访问 https://test.example.me 时遇到以下错误

This site can’t provide a secure connection

3.到目前为止我做了什么

我遵循了以下每一步: https://commaster.net/content/how-setup-lets-encrypt-apache-windows

这是我的httpd-ssl.conf

的内容
<VirtualHost *:443>
ServerAdmin me@examole.com
ServerName text.example.me
DocumentRoot "D:/xampp/htdocs"

RewriteEngine On
# Redirect to the correct domain name
RewriteCond %{HTTP_HOST} !^test.example.me$ [NC]
RewriteRule ^/?(.*)$ https://test.example.me/$1 [NE,L,R=301]

Alias /.well-known D:/xampp/htdocs/.well-known

SSLEngine on
SSLCertificateFile "conf/ssl.crt/text.example.me-crt.pem"
SSLCertificateKeyFile "conf/ssl.key/test.example.me-key.pem"
SSLCertificateChainFile "conf/ssl.csr/ca-test.example.me-crt.pem"
</VirtualHost>

My 80,443 ports are avaiable, and not being used by Skype, so that's not the issue.

这是我的httpd-vhosts.conf

的内容
<VirtualHost *:80>
ServerAdmin me@example.me
ServerName test.example.me

RewriteEngine On
# Redirect to the HTTPS site
RewriteCond %{HTTPS} off
RewriteRule ^/?(.*)$ https://test.example.me/$1 [NE,L,R=301]
ErrorLog logs/slog.log
</VirtualHost>

最佳答案

我正在使用 Let's Encrypt几年以来 - 但没有(!)RewriteEngine。

这是从我的 http-vhosts.conf

中截取的片段
<VirtualHost *:80>
DocumentRoot "C:/webserver/html/example_html"
ServerName www.example.com
Redirect permanent / https://www.example.com/
# For the case that you are using ModProxy to forward to a Tomcat, please also add:
# ProxyPass "/.well-known/" "!"
</VirtualHost>

从我的 httpd-ssl.conf 中截取:

<VirtualHost *:443>
DocumentRoot "C:/webserver/html/example_html"
ServerName www.example.com
Protocols h2 http/1.1

SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:CAMELLIA128-SHA:DHE-RSA-CAMELLIA128-SHA:CAMELLIA256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-CAMELLIA256-SHA:SEED-SHA:DHE-RSA-SEED-SHA:!DSS
SSLHonorCipherOrder on
SSLCompression off
SSLCertificateFile "C:/ProgramData/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/www.example.com-crt.pem"
SSLCertificateKeyFile "C:/ProgramData/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/www.example.com-key.pem"
SSLCACertificateFile "C:/ProgramData/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/ca-www.example.com-crt.pem"

<IfModule headers_module>
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
Header always set x-frame-options "SAMEORIGIN"
Header always set X-Content-Type-Options "nosniff"
Header always set X-XSS-Protection "1; mode=block"
#Header always set Content-Security-Policy "script-src 'self'"
</IfModule>

BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

#For the case that you use ModProxy to forward to a Tomcat or so
#ProxyPass "/.well-known/" "!"

EnableSendfile off
EnableMMAP off
</VirtualHost>

另请记住,当您想使用多个主机名时,您需要一个通配符证书 - 否则使用 Let's Encrypt 为每个主机/域名称拥有一个证书很简单 - 但你需要一个虚拟主机部分您正在使用的主机/域名。

最后但同样重要的是,我个人的意见是,在没有必要的时候不应该使用 ModRewrite,因为它很复杂并且大多数人并不真正理解。

关于apache - 在 Windows Apache 上安装 SSL,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49816711/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com