apache绑定ssl证书,开启80转443端口
因为是用容器启动的,所有要安装docker和docker-compose,这里就不多说了。
下面附上docker-compose.yml文件
version: '2'
services:
db:
image: mysql:5.7
volumes:
- /services/db:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: wordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
wordpress:
depends_on:
- db
image: wordpress:latest
volumes:
- /services/wp:/var/www/html
- /opt/ssl:/opt/ssl
ports:
- "80:80"
- "443:443"
restart: always
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
WORDPRESS_DB_NAME: wordpress
启动之后,由于容器内部是没法对文件进行修改的,所以这里选择使用docker cp把文件导出来
进入容器
[root@localhost]# docker exec -it a04fd669fd12 /bin/bash
开启ssl
root@a04fd669fd12:/var/www/html# a2enmod ssl
配置/etc/apache2/sites-enabled/default-ssl.conf
#如果没有,从/etc/apache2/sites-available cp一份过去
[root@localhost]# docker cp a04fd669fd12:/etc/apache2/sites-enabled/default-ssl.conf .
[root@localhost]# vim default-ssl.conf
1 <IfModule mod_ssl.c>
2 <VirtualHost _default_:443>
3 ServerAdmin webmaster@localhost
4 ServerName www.nideyuming.com #这里放上你的域名
5 DocumentRoot /var/www/html
6
7 # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
8 # error, crit, alert, emerg.
9 # It is also possible to configure the loglevel for particular
10 # modules, e.g.
11 #LogLevel info ssl:warn
12
13 ErrorLog ${APACHE_LOG_DIR}/error.log
14 CustomLog ${APACHE_LOG_DIR}/access.log combined
15
16 # For most configuration files from conf-available/, which are
17 # enabled or disabled at a global level, it is possible to
18 # include a line for only one particular virtual host. For example the
19 # following line enables the CGI configuration for this host only
20 # after it has been globally disabled with "a2disconf".
21 #Include conf-available/serve-cgi-bin.conf
22
23 # SSL Engine Switch:
24 # Enable/Disable SSL for this virtual host.
25 SSLEngine on
26
27 # A self-signed (snakeoil) certificate can be created by installing
28 # the ssl-cert package. See
29 # /usr/share/doc/apache2/README.Debian.gz for more info.
30 # If both key and certificate are stored in the same file, only the
31 # SSLCertificateFile directive is needed.
32 SSLCertificateFile /opt/ssl/Apache/www.nideyuming.crt #你的证书公钥
33 SSLCertificateKeyFile /opt/ssl/Apache/www.nideyuming.key #你的证书私钥
34
35 # Server Certificate Chain:
36 # Point SSLCertificateChainFile at a file containing the
37 # concatenation of PEM encoded CA certificates which form the
38 # certificate chain for the server certificate. Alternatively
39 # the referenced file can be the same as SSLCertificateFile
40 # when the CA certificates are directly appended to the server
41 # certificate for convinience.
42 SSLCertificateChainFile /opt/ssl/Apache/root_bundle.crt #你的证书链
完成修改之后在使用docker cp放回原来路径就可以了
检查配置
查看apache2/sites-enabled目录下是否存在default-ssl.conf
查看apache2/mods-enabled目录下是否存在ssl.conf、ssl.load
如果不存在,就从sites-available目录复制过去
开启http强制跳转https
[root@localhost]# docker cp a04fd669fd12:/etc/apache2/sites-available/ .
[root@localhost]# cd sites-available && vim 000-default.conf
<VirtualHost *:80>
ServerName www.nideyuming.com
RewriteEngine on
RewriteCond %{
SERVER_PORT} !^443$
RewriteRule ^/?(.*)$ https://%{
SERVER_NAME}/$1 [L,R]
</VirtualHost>
把docker重启一下就可以了