学习本教程须掌握：

1、Linux下指定版本编译安装LAMP

https://www.31idc.com/helpcontent/576.html

2、Linux下Apache虚拟主机配置

https://www.31idc.com/helpcontent/577.html

安装约定：

Apache版本：2.2 #注意2.4和2.2版本某些参数的写法不一样

Apache安装路径：/usr/local/apache

Apache虚拟主机配置文件：/usr/local/apache/conf/vhost

https证书存放路径：/usr/local/apache/cert/

开始配置：

1、确保Apache安装有OpenSSL模块

编译安装需要有参数：--enable-ssl

2、修改apache配置文件

vi /usr/local/apache/conf/httpd.conf #编辑，找到如下参数并去掉前面的注释，启用参数

LoadModule ssl_module modules/mod_ssl.so

Include conf/extra/httpd-ssl.conf

:wq! #保存退出

3、修改httpd-ssl.conf配置

cp /usr/local/apache/conf/extra/httpd-ssl.conf /usr/local/apache/conf/extra/httpd-ssl.conf-bak #备份

vi /usr/local/apache/conf/extra/httpd-ssl.conf #编辑添加以下内容

Listen 443

NameVirtualHost *:443 #必须加上这一句，否则只能识别到第一个虚拟主机的证书。

#SSLStrictSNIVHostCheck off

AddType application/x-x509-ca-cert .crt

AddType application/x-pkcs7-crl .crl

SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL #修改加密套件

SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4

SSLHonorCipherOrder on

SSLProtocol TLSv1 TLSv1.1 TLSv1.2 #添加 SSL 协议支持协议，去掉不安全的协议

SSLProxyProtocol all -SSLv2 -SSLv3

SSLPassPhraseDialog builtin

SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_scache(512000)"

SSLSessionCacheTimeout 300

SSLMutex "file:/usr/local/apache/logs/ssl_mutex"

<VirtualHost *:443>

DocumentRoot "/data/root/31idc.com/www.31idc.com.com/wwwroot/"

ServerName www.31idc.com.com:443

ServerAdmin you@example.com

ErrorLog "/usr/local/apache/logs/error_log"

TransferLog "/usr/local/apache/logs/access_log"

SSLEngine on #启用SSL功能

SSLCertificateFile "/usr/local/apache/cert/www.31idc.com.com.crt" #证书文件

SSLCertificateKeyFile "/usr/local/apache/cert/www.31idc.com.com.key" #私钥文件

SSLCertificateChainFile "/usr/local/apache/cert/www.31idc.com.com_bundle.crt" #证书链文件

#<FilesMatch "\.(cgi|shtml|phtml|php)$">

# SSLOptions +StdEnvVars

#</FilesMatch>

BrowserMatch "MSIE [2-5]" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

CustomLog "/usr/local/apache/logs/ssl_request_log" \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

<Directory "/data/root/31idc.com/www.31idc.com.com/wwwroot/">

php_admin_value open_basedir "/data/root/31idc.com/www.31idc.com.com/wwwroot/:/tmp/"

Options Includes ExecCGI FollowSymLinks

https://www.xidc.xyz ，了解更多关于我们服务器的信息。无论您是寻找稳定高速的网络连接，还是需要专业的技术支持，XIDC都将是您的最佳选择。让我们携手共创美好未来！

申请测试TG： @AmmKiss