iptables配置443端口
vi /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --sport 443 -j ACCEPT
service iptables restart
配置https
1.向证书机构申请https证书,会得到证书和私钥
2.安装apache的mod_ssl.so模块
yum -y install mod_ssl
3.修改 ssl.conf
vim /etc/httpd/conf.d/ssl.conf
DocumentRoot "/var/www/html"
ServerName wwww.heanny.cn:443
SSLCertificateFile /etc/pki/tls/certs/test.crt
SSLCertificateKeyFile /etc/pki/tls/private/test.key
如果是腾讯的免费证书,需要添加中间控制件
SSLCertificateFile /usr/local/apache/conf/2_www.domain.com_cert.crt
SSLCertificateKeyFile /usr/local/apache/conf/3_www.domain.com.key
SSLCertificateChainFile /usr/local/apache/conf/1_root_bundle.crt
4.重启httpd
sudo service httpd restart
强制443端口跳转
<Directory "/var/www/html/">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn"t give it to you.
#
# The Options directive is both complicated and important. Please see
#
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
#改为All
AllowOverride All
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
#添加三行代码
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)?$ https://%{SERVER_NAME}/$1 [L,R]