Lighttpd ssl証明書の構成
3132 ワード
単一ドメイン名の構成
ワイルドカードドメイン名(eg*.xxx.com)プロセスに適しています
lighttpd -v
lighttpd/1.4.45 (ssl) - a light and fast webserver
Build-Date: Jan 17 2017 17:38:01
cd /etc/lighttpd/
mkdir cert/
cd cert/
openssl pkcs12 -in 214185271960860.pfx -nodes -out server.pem # , txt
openssl rsa -in server.pem -out server.key
chown -R lighttpd:lighttpd cert
service iptables stop
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/cert/server.pem"
ssl.ca-file = "/etc/lighttpd/cert/chain.pem"
$HTTP["host"] == "xxx.com.cn" {
server.document-root = "xxx/public/"
accesslog.format = "%T %h %v %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{Cookie}i\""
server.error-handler-404 = "/404.htm"
url.rewrite-once = (
"^/[^\?]*(\?.*)?$" => "index.php/$1"
)
}
}
service lighttpd stop
service lighttpd start
, , restart 。
ワイルドカードドメイン名(eg*.xxx.com)プロセスに適しています
1、 Nginx 。 2 : ( .pem ) ( .key )
2、 lighttpd -v , lighttpd ssl, (ssl) ssl。 ssl,
3、mkdir -p /etc/lighttpd/cert,
4、chown -R lighttpd:lighttpd /etc/lighttpd/cert
5、cd /etc/lighttpd/cert
6、cat 1732645__data-stone.com.key 1732645__data-stone.com.pem > server.pem
7、 1732645__data-stone.com.pem ---BEGIN CERTIFICATE-- , ---END CERTIFICATE-- chain.crt( chain.crt )
8、vim /etc/lighttpd/lighttpd.conf , 443 , $HTTP["host"] 。
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/cert/server.pem"
ssl.cipher-list = "AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA254"
ssl.honor-cipher-order = "enable"
ssl.disable-client-renegotiation = "enable"
$HTTP["host"] == "testwww.xxxx.com" {
server.document-root = "/www/xxx/public/"
accesslog.format = "%h %v %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{Cookie}i\""
server.error-handler-404 = "/404.htm"
url.rewrite-once = (
"^/css(.*)$" => "$0",
"^/js(.*)$" => "$0",
"^/files(.*)$" => "$0",
"^/stone_admin(.*)$" => "$0",
"^/stone_www(.*)$" => "$0",
"^/lib(.*)$" => "$0",
"^/storage(.*)$"=>"$0",
"^/[^\?]*(\?.*)?$" => "index.php/$1"
)
}
}
9、http https lighttpd.conf
$HTTP["scheme"] == "http" {
$HTTP["host"] =~ "^(.*)\.xxx\.com$" {
url.redirect = (".*" => "https://%0$0")
}
}
10、 lighttpd
service lighttpd stop
service lighttpd start