lighttpd 配置 ssl证书

单一域名配置

lighttpd -v 
lighttpd/1.4.45 (ssl) - a light and fast webserver 
Build-Date: Jan 17 2017 17:38:01 


cd /etc/lighttpd/ 
mkdir cert/ 
cd cert/ 
openssl pkcs12 -in 214185271960860.pfx -nodes -out server.pem #回车后要输入密码,密码在txt文件中 


openssl rsa -in server.pem -out server.key 

chown -R lighttpd:lighttpd cert 

service iptables stop 



$SERVER["socket"] == ":443" { 

ssl.engine = "enable" 
ssl.pemfile = "/etc/lighttpd/cert/server.pem" 
ssl.ca-file = "/etc/lighttpd/cert/chain.pem" 
$HTTP["host"] == "xxx.com.cn" { 
server.document-root = "xxx/public/" 
accesslog.format = "%T %h %v %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{Cookie}i\"" 
server.error-handler-404 = "/404.htm" 
url.rewrite-once = (  
			"^/[^\?]*(\?.*)?$" => "index.php/$1" 
		) 
	} 

} 

service lighttpd stop
service lighttpd start

妈蛋,不知道什么原因, restart 后没有卵用。

适配于通配符域名(eg *.xxx.com)流程


1、解压Nginx证书。文件夹中有2个文件:证书文件(以.pem为后缀或文件类型)秘钥文件(以.key为后缀或文件类型)
2、输入lighttpd -v命令,查看lighttpd是否支持ssl,版本信息中含有(ssl)字样就说明支持ssl。如果没有ssl,自行查询相关资料
3、mkdir -p /etc/lighttpd/cert,将证书文件和秘钥文件放到该目录下
4、chown -R lighttpd:lighttpd /etc/lighttpd/cert
5、cd /etc/lighttpd/cert 
6、cat 1732645__data-stone.com.key 1732645__data-stone.com.pem > server.pem
7、复制1732645__data-stone.com.pem文件下第二个以---BEGIN CERTIFICATE--开始,到---END CERTIFICATE--结束里的内容到新文件chain.crt(可参考附件chain.crt的格式)
8、vim /etc/lighttpd/lighttpd.conf 如下,把443放在最外面,里面就放正常的$HTTP["host"] 配置即可。示例如下
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/cert/server.pem"
ssl.cipher-list = "AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA254"
ssl.honor-cipher-order = "enable"
ssl.disable-client-renegotiation = "enable"

		$HTTP["host"] == "testwww.xxxx.com" {
				server.document-root = "/www/xxx/public/"
				accesslog.format = "%h %v %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{Cookie}i\""
				server.error-handler-404 = "/404.htm"
				url.rewrite-once = (
				"^/css(.*)$" => "$0",
				"^/js(.*)$" => "$0",
				"^/files(.*)$" => "$0",
				"^/stone_admin(.*)$" => "$0",
				"^/stone_www(.*)$" => "$0",
				"^/lib(.*)$" => "$0",
				"^/storage(.*)$"=>"$0",
				"^/[^\?]*(\?.*)?$" => "index.php/$1"
				)
		}
}
9、http跳转到https按以下重定向规则加入到lighttpd.conf配置文件

		$HTTP["scheme"] == "http" {
		    $HTTP["host"] =~ "^(.*)\.xxx\.com$" {
		          url.redirect = (".*" => "https://%0$0")
		    }
		 }

10、重启lighttpd

 service lighttpd stop

 service lighttpd start

你可能感兴趣的:(记录)