1、使用yum源安裝一些基礎包
# yum install gcc gcc-c++ openssl-devel
2、安裝apr-1.5.1
# tar zxvf apr-1.5.1.tar.gz
# cd apr-1.5.1
# ./configure --prefix=/usr/local/etc/apr
# make
# make install
3、安裝apr-util-1.5.3
# tar zxvf apr-util-1.5.3.tar.gz
# cd apr-util-1.5.3
# ./configure --prefix=/usr/local/etc/apr-util --with-apr=/usr/local/etc/apr/bin/apr-1-config
# make
# make install
4、安裝pcre-8.35
# unzip pcre-8.35.zip
# cd pcre-8.35
# ./configure --prefix=/usr/local/etc/pcre
# make
# make install
5、安裝apache
# tar zxvf httpd-2.4.10.tar.gz
# cd httpd-2.4.10
# ./configure --prefix=/usr/local/apache --enable-ssl --with-ssl=/usr/local/ssl \
--enable-mods-shared=all --with-pcre=/usr/local/etc/pcre \
--with-apr=/usr/local/etc/apr --with-apr-util=/usr/local/etc/apr-util/
# make
# make install
6、配置ssl證書
1)生成私鑰文件
執行命令:openssl genrsa 1024>server.key
說明:這是用128位rsa算法生成密鑰,得到server.key文件。 > 是輸出文件的標識符
2)生成證書請求文件
執行命令:openssl req -new -key server.key > server.csr
說明:這是用步驟3的密鑰生成證書請求文件server.csr, 這一步會有很多參數,需要一一輸入。
按提示輸入一系列的參數:
Country Name (2 letter code) [AU]: #ISO國家代碼(只支持兩位字符)
State or Province Name (full name) [Some-State]: # 所在省份
Locality Name (eg, city) []: # 所在城市
Organization Name (eg, company): # 公司名稱
Organizational Unit Name (eg, section) []: # 組織名稱
Common Name (eg, YOUR name) []: # 申請證書的域名
Email Address []: #管理員郵箱
Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: #交換密鑰
3)簽署服務器證書文件
執行命令:openssl req -x509 -days 365 -key server.key -in server.csr > server.crt
說明:這是用步驟3,4的的密鑰和證書請求生成證書server.crt,-days參數指明證書有效期,單位爲天,x509表示生成的爲X.509證書。
7、配置httpd.conf
打開httpd.conf文件,移除註釋的行:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
8、配置http-ssl.conf
Listen 1443
<VirtualHost *:1443>
ServerName 192.168.0.10:1443
ErrorLog "/usr/local/apache/logs/error_log"
TransferLog "/usr/local/apache/logs/access_log"
SSLEngine on
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLCertificateFile "/usr/local/apache/key/server.crt"
SSLCertificateKeyFile "/usr/local/apache/key/server.key"
ProxyPass / https://192.168.0.13:2443/
ProxyPa***everse / https://192.168.0.13:2443/
<Proxy *>
AllowOverride None
Order Deny,Allow
Allow from all
</Proxy>
</VirtualHost>
9、啓動apache服務
/usr/local/apache/bin/apachestl start
10、訪問測試