安装Apache2

这一篇介绍了怎样安装带有SSL模块的Apache2.

(然后作者说了一大段apache2的优点, 其实我个人还是比较倾向于nginx的, 轻量级, 配置简单, 而且高并发.)

下载 Apache

apache官网 下载apache的安装包, 目前的版本是2.4.18(2015-12-14发行)

  1.  wget "http://mirrors.hust.edu.cn/apache//httpd/httpd-2.4.18.tar.bz2"
  2. --2016-01-13 14:42:33--  http://mirrors.hust.edu.cn/apache//httpd/httpd-2.4.18.tar.bz2
  3. Resolving mirrors.hust.edu.cn (mirrors.hust.edu.cn)... 202.114.18.160
  4. Connecting to mirrors.hust.edu.cn (mirrors.hust.edu.cn)|202.114.18.160|:80... connected.
  5. HTTP request sent, awaiting response... 200 OK
  6. Length: 5181291 (4.9M) [application/octet-stream]
  7. Saving to: httpd-2.4.18.tar.bz2
  9. httpd-2.4.18.tar.bz 100%[=====================>]   4.94M  3.97MB/s   in 1.2s   
  11. 2016-01-13 14:42:34 (3.97 MB/s) - httpd-2.4.18.tar.bz2 saved [5181291/5181291]
  13.  tar -jxf httpd-2.4.18.tar.bz2

安装SSL模块

  1.  cd httpd-2.4.18/
  2.  ./configure --help
  3. `configure' configures this package to adapt to many kinds of systems.
  5. Usage: ./configure [OPTION]... [VAR=VALUE]...
  7. To assign environment variables (e.g., CC, CFLAGS...), specify them as
  8. VAR=VALUE.  See below for descriptions of some of the useful variables.
  10. Defaults for the options are specified in brackets.
  12. Configuration:
  13.   -h, --help              display this help and exit
  14.       --help=short        display options specific to this package
  15.       --help=recursive    display the short help of all the included packages
  16.   -V, --version           display version information and exit
  17. ...
  18. ...
  19. ...

配置的时候有好多选项, 这里我们要安装SSL支持, 所以:

  1. ./configure --enable-ssl --enable-so
  2. make
  3. make install

这样就安装好了.

在httpd.conf中开启SSL

Apache的配置文件保存在/usr/local/apache2/conf目录中,(如果是apt-get安装的话, 目录则在/etc/apache2/conf).

把配置文件中的#Include conf/extra/httpd-ssl.conf前面的注释符去掉保存即可.

/usr/local/apache2/conf/extra/httpd-ssl.conf这个文件里面保存的就是ssl的配置, 包括公钥私钥的存放位置:

  1. # egrep 'server.crt|server.key' httpd-ssl.conf
  2. SSLCertificateFile "/usr/local/apache2/conf/server.crt"
  3. SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"

我们还需要创建一对公钥私钥才能让apache2正常运行, 所以:

创建公私钥

  1. openssl genrsa -des3 -out server.key 2048

上面的命令创建了一个2048位的密钥, 其中有一步是需要你输入一个4-1023位长的密码, 记住这个密码, 以后要用到(以后也可以去掉密码的).

下一步就是创建一个 certificate request file (创建证书所用到的文件), 用到上面创建的密钥:

  1. openssl req -new -key server.key -out server.csr

最后就是创建一个自己签发的证书了:

  1. openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

证书的时长是365天.

把证书复制过去

接着上面的步骤, 把创建的证书和密钥都放到apache的配置目录中:

  1. cp server.key /usr/local/apache2/conf/
  2. cp server.crt /usr/local/apache2/conf/

开启 Apache

  1. /usr/local/apache2/bin/apachectl start

过程中需要输入刚才记录的密码:

  1. Apache/2.2.17 mod_ssl/2.2.17 (Pass Phrase Dialog)
  2. Server www.example.com:443 (RSA)
  3. Enter pass phrase:
  5. OK: Pass Phrase Dialog successful.

上面说过这个密码可以去除, 这样就不需要每次开启apache2的时候都输入密码了, 具体怎样做呢? 谷歌会告诉你.

扩展阅读

How To Generate SSL Key, CSR and Self Signed Certificate For Apache