雁山老司机

雁山萝莉保护协会

xampp +wordpress 配置https笔记

xampp +wordpress 配置https笔记


由于要更换新的SSL证书,相当于要把配置的步骤重做一遍,于是在这里做个记录。

1. 把你获得的两个crt和一个key 放在apache/conf 里。

(下面部分引用一下参考文献)
2. xampp\apache\conf\httpd.conf文件

#LoadModule ssl_module modules/mod_ssl.so(去掉前面的#)
#Include conf/extra/httpd-ssl.conf(去掉前面的#)

3. 配置D:\xampp\apache\conf\extra\httpd-ssl.conf文件

SSLCertificateFile “conf/ssl.crt/server.crt

修改为:SSLCertificateFile “conf/ssl/public.pem”

4.

SSLCertificateKeyFile “conf/ssl.key/server.key

修改为:SSLCertificateKeyFile “conf/ssl/214193550790174.key”

5.

SSLCertificateChainFile “c:/Apache24/conf/server-ca.crt

修改为:SSLCertificateChainFile “conf/ssl/chain.pem”

6.

SSLProxyProtocol all -SSLv3

在下行添加

SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;

7.

DocumentRoot “D:/xampp/htdocs”

修改为:DocumentRoot “D:/xampp/htdocs/www”(www为网站根目录)

8.

ServerName www.example.cn:443

修改为:ServerName www.domainname.cn:443

9. 最后一步重启 apache 服务

可以看出最主要的配置过程是配置 httpd-ssl.conf  文件,我在下面贴一下我的配置文件。

  1. # This is the Apache server configuration file providing SSL support.
  2. # It contains the configuration directives to instruct the server how to
  3. # serve pages over an https connection. For detailed information about these 
  4. # directives see <URL:http://httpd.apache.org/docs/2.4/mod/mod_ssl.html>
  5. # 
  6. # Do NOT simply read the instructions in here without understanding
  7. # what they do.  They're here only as hints or reminders.  If you are unsure
  8. # consult the online docs. You have been warned.  
  9. #
  10. # Required modules: mod_log_config, mod_setenvif, mod_ssl,
  11. #          socache_shmcb_module (for default value of SSLSessionCache)
  12.  
  13. #
  14. # Pseudo Random Number Generator (PRNG):
  15. # Configure one or more sources to seed the PRNG of the SSL library.
  16. # The seed data should be of good random quality.
  17. # WARNING! On some platforms /dev/random blocks if not enough entropy
  18. # is available. This means you then cannot use the /dev/random device
  19. # because it would lead to very long connection times (as long as
  20. # it requires to make more entropy available). But usually those
  21. # platforms additionally provide a /dev/urandom device which doesn't
  22. # block. So, if available, use this one instead. Read the mod_ssl User
  23. # Manual for more details.
  24. #
  25. #SSLRandomSeed startup file:/dev/random  512
  26. #SSLRandomSeed startup file:/dev/urandom 512
  27. #SSLRandomSeed connect file:/dev/random  512
  28. #SSLRandomSeed connect file:/dev/urandom 512
  29.  
  30.  
  31. #
  32. # When we also provide SSL we have to listen to the 
  33. # standard HTTP port (see above) and to the HTTPS port
  34. #
  35. Listen 443
  36.  
  37. ##
  38. ##  SSL Global Context
  39. ##
  40. ##  All SSL configuration in this context applies both to
  41. ##  the main server and all SSL-enabled virtual hosts.
  42. ##
  43.  
  44. #   SSL Cipher Suite:
  45. #   List the ciphers that the client is permitted to negotiate.
  46. #   See the mod_ssl documentation for a complete list.
  47. SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
  48.  
  49. #   Speed-optimized SSL Cipher configuration:
  50. #   If speed is your main concern (on busy HTTPS servers e.g.),
  51. #   you might want to force clients to specific, performance
  52. #   optimized ciphers. In this case, prepend those ciphers
  53. #   to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
  54. #   Caveat: by giving precedence to RC4-SHA and AES128-SHA
  55. #   (as in the example below), most connections will no longer
  56. #   have perfect forward secrecy - if the server's key is
  57. #   compromised, captures of past or future traffic must be
  58. #   considered compromised, too.
  59. #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
  60. #SSLHonorCipherOrder on 
  61.  
  62. #   Pass Phrase Dialog:
  63. #   Configure the pass phrase gathering process.
  64. #   The filtering dialog program (`builtin' is an internal
  65. #   terminal dialog) has to provide the pass phrase on stdout.
  66. SSLPassPhraseDialog  builtin
  67.  
  68. #   Inter-Process Session Cache:
  69. #   Configure the SSL Session Cache: First the mechanism 
  70. #   to use and second the expiring timeout (in seconds).
  71. #SSLSessionCache "shmcb:/xampp/apache/logs/ssl_scache(512000)"
  72. SSLSessionCache "shmcb:/xampp/apache/logs/ssl_scache(512000)"
  73. SSLSessionCacheTimeout  300
  74.  
  75. ##
  76. ## SSL Virtual Host Context
  77. ##
  78.  
  79.  
  80. DocumentRoot "C:/xampp/htdocs"
  81. ServerName www.yanshanlaosiji.top:443
  82. ServerAdmin hu_bo_cheng@qq.com
  83. ErrorLog "C:/xampp/apache/logs/error.log"
  84. TransferLog "C:/xampp/apache/logs/access.log"
  85. SSLEngine on
  86. SSLProtocol all -SSLv2 -SSLv3
  87. SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
  88. SSLHonorCipherOrder on
  89.  
  90. SSLCertificateFile "conf/2_www.yanshanlaosiji.top.crt"
  91. SSLCertificateKeyFile "conf/3_www.yanshanlaosiji.top.key"
  92. SSLCertificateChainFile "conf/1_root_bundle.crt"

 

 

参考文献:
https://lirongyao.com/xampp-configure-ssl.html
(步骤详细,看完就做完了)
https://www.cnblogs.com/hylsay/p/8884034.html
(一个让你全站强制SSl的教程)

 

点赞

发表评论