阿里云服务器python+apache二级域名安装SSL证书

假设顶级域名已经配置了SSL证书，需要给二级域名配置新的SSL证书。

做法：打开/etc/httpd/conf.d/ssl.conf，在文件末尾追加一下内容：

DocumentRoot "/projectPath"
ServerName XXXX.com:443

ErrorLog logs/ssl_error_erji_log
TransferLog logs/ssl_access_erji_log
LogLevel warn

SSLEngine on

SSLProtocol all -SSLv2 -SSLv3 

SSLCipherSuite AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;

SSLHonorCipherOrder on 

SSLCertificateFile /etc/httpd/ssl_erji/point.pem

SSLCertificateKeyFile /etc/httpd/ssl_erji/server.key

SSLCertificateChainFile /etc/httpd/ssl_erji/chain.pem


    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars


    AllowOverride All
    SSLOptions +StdEnvVars


 
     Options FollowSymLinks 
     AllowOverride All 
     Require all granted 

WSGIScriptAlias / /projectPath/projectName/projectName/wsgi.py



Require all granted



Alias /static/ /projectPath/projectName/static/


Require all granted


BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog logs/fbms/ssl_request_erji_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

二：修改配置，所有http的配置都只想https

打开/etc/httpd/conf/httpd.conf

在二级域名关联的虚拟机块里修改如下：

 
DocumentRoot "/projectPath" 

ServerName xxxxx.com:80

    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^(\d{1,3}\.){3}\d{1,3}$
    RewriteRule ^(.*)$ - [F,L]
    RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]