本文主要是介绍Ubuntu 18.04配置 apache https 访问,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
刚配置完一个 apache https,接下来 Ubuntu 18.04 服务器上也配置一个
Centos 7 配置 apache https访问以及Chrome 忽略证书错误继续
Ubuntu 18.04 缺省是安装了 apache2 ,并且安装了 ssl 模块!
$ apache2 -V
[Tue Aug 10 15:55:56.463588 2021] [core:warn] [pid 44253] AH00111: Config variable ${APACHE_RUN_DIR} is not defined
apache2: Syntax error on line 80 of /etc/apache2/apache2.conf: DefaultRuntimeDir must be a valid directory, absolute or relative to ServerRoot
Server version: Apache/2.4.29 (Ubuntu)
Server built: 2021-06-18T11:06:22
-
直接打开 apache 首页,可以看到他的结构是这样子的
/etc/apache2/|-- apache2.conf| `-- ports.conf|-- mods-enabled| |-- *.load| `-- *.conf|-- conf-enabled| `-- *.conf|-- sites-enabled| `-- *.conf
从字面就可以很清晰的看到各自的作用,注意端口的 Listen 单独放在了 ports.conf 文件中
-
sites-enabled 站点缺省不带 https 的,但是 sites-available 中是存在的
直接 ln 过来就好!
$ cd /etc/apache2/sites-enabled
$ sudo ln …/sites-available/default-ssl.conf .
以为和刚才 centos 下一样,什么都不用改了!直接测试一下
-
直接测试一下
$ curl -k https://127.0.0.1
不通! -
ubuntu 还要 enable 这个 ssl 模块!
$ sudo a2enmod ssl
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
systemctl restart apache2 -
再来测试
$ systemctl restart apache2
$ curl -k https://127.0.0.1
假设映射的外网地址是 12.34.56.78,端口是 4433
因为 443 一般会被nginx 占用了$ curl -k https://12.34.56.78:4433/
也会有证书错误警告!
curl: (60) SSL certificate problem: self signed certificateMore details here: https://curl.haxx.se/docs/sslcerts.htmlcurl failed to verify the legitimacy of the server and therefore could notestablish a secure connection to it. To learn more about this situation andhow to fix it, please visit the web page mentioned above.
都可以访问了!
-
Chrome 还会出现证书错误,记住 thisisunsafe 就好!
限制 ip 访问
$ cd /etc/apache2
$ sudo vim apache2.conf
找到需要限制访问的网站目录
假设 允许 2 个外网地址 12.34.56.78 和 1.2.3.4
...
<Directory /var/www/>Options Indexes FollowSymLinksAllowOverride NoneRequire all granted# wzh 20210810Order Deny,AllowDeny From allAllow From 127.0.0.1Allow From 192.168.0.0/24Allow From 1.2.2.3Allow From 12.34.56.78
</Directory>
...
如果想加黑名单,就直接去 hosts.deny 吧!
重启生效
$ sudo systemctl restart apache2
测试
- 不在允许名单内
$ curl XXX.XXX.XXX.XXX
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
<hr>
<address>Apache/2.4.29 (Ubuntu) Server at XXX.XXX.XXX.XXX Port 80</address>
</body></html>
-
本机测试
$ curl 127.0.0.1
-
内网测试
$ curl 192.168.0.123
这篇关于Ubuntu 18.04配置 apache https 访问的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!