Apache-2.2

如何在沒有虛擬主機的情況下將 SSL/443 添加到 Apache 伺服器?

  • August 10, 2021

我在 CentOS 上設置了 apache 伺服器。我正在嘗試添加 SSL。我能夠創建證書和密鑰,然後更新/etc/httpd/conf.d/ssl.conf為具有以下配置:

/etc/httpd/conf.d/ssl.conf

#Where I put my cert
SSLCertificateFile /etc/pki/tls/certs/ca.crt

#where I put my key
SSLCertificateKeyFile /etc/pki/tls/private/ca.key

然後我更新了/etc/httpd/conf/httpd.conf

/etc/httpd/conf/httpd.conf

Listen 443
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key

然後我跑了service httpd restart,我得到了錯誤:

Stopping httpd:          [OK]
Starting httpd:          (98)Address already in use: make_sock: could not bind to address [::]:443
                        [OK]

我需要做什麼才能啟用 SSL?

預設情況下,在 CentOS 中,Apache/httpd 使用的文件位於/etc/httpd/conf.d/ssl.conf. 該文件作為 Apache 的配置與“httpd.conf”文件一起讀入,其中的任何內容都優先於httpd.conf.

該文件(同樣預設情況下)包含一個Listen 443指令。您不能兩次呼叫該指令(因為它會說它已經綁定到該埠),因此導致了衝突。刪除後,它可以工作。

如果有人在 2017 年偶然發現這個問題……

無需編輯httpd.conf,因為ssl.conf包含我們需要的所有指令:

# When we also provide SSL we have to listen to the 
# the HTTPS port in addition.
#
Listen 443 https

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

當然還有證書的路徑:

SSLCertificateFile /etc/pki/tls/certs/<mycert>.crt

SSLCertificateKeyFile /etc/pki/tls/private/<mykey>.key

換句話說,添加資訊ssl.conf並重新啟動httpd服務就足夠了。當然,這僅在此(最後)行時才有效:

# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf

…按照上面的文件取消註釋httpd.conf,它是預設安裝。

系統資訊:

cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.3 (Maipo)

引用自:https://serverfault.com/questions/588535