{"id":409,"date":"2020-03-12T12:15:36","date_gmt":"2020-03-12T04:15:36","guid":{"rendered":"http:\/\/blog.worren.net\/?p=409"},"modified":"2022-08-20T23:05:47","modified_gmt":"2022-08-20T15:05:47","slug":"%e7%82%ba-apache-%e5%8a%a0%e5%85%a5-ssl-in-freebsd","status":"publish","type":"post","link":"https:\/\/blog.worren.net\/?p=409","title":{"rendered":"\u70ba Apache \u52a0\u5165 SSL in FreeBSD"},"content":{"rendered":"<div class='drop-case'> <p> www.baldur.com.tw\u00a0 \u5f9e2017\u5e74\u5efa\u597d\u4ee5\u4f86, \u5c0d\u61c9\u7684 Key Word search \u5728 Google \u4e2d\u90fd\u6709\u8457\u4e0d\u932f\u7684\u6392\u540d\u3002 <!--more--> \u7576\u6642\u591a\u8667\u4e86 Henry\u00a0 study \u4e86\u8a31\u591a SEO \u76f8\u95dc\u6587\u4ef6, \u8b93\u6211\u8ddf\u8457\u4f86 fine tune Apache httpd . \u4f46\u5f9e\u4eca\u5e74\u521d\u958b\u59cb , \u9019\u500b\u6392\u540d\u8d8a\u4f86\u8d8a\u5f8c\u9762\u4e86\uff0c\u751a\u81f3\u6389\u5230\u7b2c\u4e09\u9801\u4ee5\u5916\u3002\u78ba\u8a8d\u4e0b\u4f86\uff0c\u539f\u4f86\u662f\u56e0\u70baGoogle\u5f9e2018 \u5e74\u958b\u59cb , \u82e5\u6c92\u6709 SSL \u7684\u7db2\u7ad9, \u5c31\u6703\u5c07 SEO \u7684\u6392\u540d\u843d\u5230\u975e\u5e38\u5f8c\u9762\u4e86 . \u65bc\u662f\u4e4e , SSL \u52a0\u5165 Apache \u770b\u4f86\u662f\u52e2\u5728\u5fc5\u884c\u4e86 .<\/div>\n <p> Apache \u52a0\u5165 SSL \u7684\u6e96\u5099\u5de5\u4f5c <br \/> \n1. \u5b89\u88dd\u597d openssl\u00a0 &#8212; \u9019\u500b\u6c92\u751a\u9ebc , \u5b89\u88dd\u5c31\u662f\u4e86 . <br \/> \n2. \u6191\u8b49\u4f86\u6e90 &#8212; \u4f7f\u7528<strong><a href=\"https:\/\/letsencrypt.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">Let&#8217;s Encrypt<\/a>\u00a0\u00a0 <\/strong>&amp;\u00a0 dehydrated\n <p> Apache \u555f\u7528 SSL \u7684\u65b9\u5f0f\u5f88\u7c21\u55ae,\u00a0 httpd.conf \u628a \u4ee5\u4e0b mark \u79fb\u9664\u4e5f\u5c31\u662f\u4e86 <br \/> \nInclude conf\/extra\/httpd-ssl.conf <br \/> \n&lt;IfModule ssl_module&gt; <br \/> \nSSLRandomSeed startup builtin <br \/> \nSSLRandomSeed connect builtin <br \/> \n&lt;\/IfModule&gt;\n <p> \u73fe\u5728\u554f\u984c\u5c31\u662f , \u6191\u8b49\u600e\u9ebc\u4f86 ? \u81ea\u5df1\u7528 OpenSSL \u505a\u7684\u6191\u8b49 , \u7528\u700f\u89bd\u5668\u53bb\u770b\u90fd\u8aaa\u662f\u4e0d\u5b89\u5168.. \u9019\u53ef\u4e0d\u884c . Study \u4e0b\u4f86, \u9664\u4e86\u82b1\u9322\u4f86\u89e3\u6c7a\u9019\u500b\u554f\u984c, \u9084\u662f\u6709\u514d\u8cbb\u7684\u6191\u8b49\u53ef\u4ee5\u7528&#8211; Let&#8217;s Encrypt .\u00a0 dehydrated \u53ef\u4ee5\u5e6b\u5fd9\u53bb\u66f4\u65b0 Let&#8217;s Encrypt\n <p> \u5b89\u88dd <strong>dehydrated<\/strong> : <br \/> \n$ <strong>git clone\u00a0https:\/\/github.com\/lukas2511\/dehydrated.git<\/strong> <br \/> \n$ <strong>mkdir <\/strong><strong>\/etc\/dehydrated <br \/> \n\u7dad\u8b77\u00a0 \/etc\/dehydrated\/config , \u6211\u53ea\u6539\u4e86\u4ee5\u4e0b: <br \/> \nWELLKNOWN=&#8221;\/var\/www\/ba\/dehydrated&#8221;\u00a0 &#8211;&gt; \/var\/www\/ba \u662f\u7db2\u9801\u6a94\u6848\u8def\u5f91\u6240\u5728 <br \/> \nOPENSSL_CNF=&#8221;\/usr\/local\/openssl\/openssl.cnf&#8221; &#8211;&gt; \u5c31\u770b\u4f60\u628a openssl \u653e\u5728\u90a3\u5152 . <br \/> \nCURL_OPTS=&#8221; -k &#8221;\u00a0 &#8212;&gt; \u9019\u500b\u641e\u6b7b\u6211\u4e86, CURL \u82e5\u6709\u52a0\u5bc6, \u5c31\u6703\u6709\u554f\u984c. \u52a0\u4e0a\u9019\u500b\u53c3\u6578\u5c31\u53ef\u4ee5\u5f37\u5236<\/strong>\n <p> \u70ba\u6b64 , httpd-ssl.conf \u91dd\u5c0d\u6bcf\u4e00\u500b domain (ex : worren.net \u8981\u65b0\u589e\u5982\u4e0b :\n <p> NameVirtualHost\u00a0 worren.net:443 <br \/> \n&lt;VirtualHost worren.net:443&gt; <br \/> \nServerName worren.net:443 <br \/> \nDocumentRoot &#8220;\/var\/www\/worren.net&#8221; <br \/> \nSSLCertificateFile &#8220;\/etc\/dehydrated\/certs\/worren.net\/cert.pem&#8221; <br \/> \nSSLCertificateKeyFile &#8220;\/etc\/dehydrated\/certs\/worren.net\/privkey.pem&#8221; <br \/> \nSSLCertificateChainFile &#8220;\/etc\/dehydrated\/certs\/worren.net\/chain.pem&#8221; <br \/> \nSSLEngine on <br \/> \nSSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL <br \/> \n<strong><span style=\"color: #ff0000;\">#\u8a18\u5f97\u8b93\u9019\u500bfolder \u8b93 httpd \u662f\u53ef\u4ee5\u5beb\u5165\u7684 . ex : chmod www:www dehydrated.<\/span><\/strong> <br \/> \nAlias \/.well-known\/acme-challenge \/var\/www\/worren.net\/dehydrated <br \/> \nCustomLog \/var\/log\/httpd\/worren.net_log combined <br \/> \n&lt;\/VirtualHost&gt;\n <p> <strong>\u518d\u4f86, cp \/etc\/dehydrated\/config\u00a0 \/etc\/dehydrated\/config_worren.net <br \/> \n\u5efa\u7acb dehydrated_renew.sh\u00a0 \u5982\u4e0b: <br \/> \n<\/strong>\n <p> #!\/bin\/sh <br \/> \n\/usr\/local\/dehydrated\/dehydrated &#8211;config \/etc\/dehydrated\/config_worren.net -c -d worren.net\n <p> <strong>\u57f7\u884c\u9019\u500b sh \u6a94 , \u5c31\u80fd\u5920\u65b0\u5efa\u3001 renew SSL \u4e86 ! \u56e0\u70ba\u9019\u514d\u8cbb\u6191\u8b49\u7684\u6709\u6548\u671f\u70ba 3\u500b\u6708 . \u7576\u900f\u904edehydrated\u00a0 \u53bb renew \u6642, \u82e5Let&#8217;s Encrypt \u7db2\u7ad9\u767c\u73fe\u9019\u6191\u8b49\u9084\u6709 30\u5929\u4ee5\u4e0a\u7684\u6548\u671f , \u90a3\u5c31\u4e0d\u7d66\u4e88\u66f4\u65b0 . \u8a00\u4e0b\u4e4b\u610f , \u9019\u500b\u6a94\u6848\u5927\u7d04 2 \u500b\u6708\u8dd1\u4e00\u6b21\u5c31\u597d . Crontab \u61c9\u8a72\u6c92\u8fa6\u6cd5\u8a2d\u5b9a 2 \u500b\u6708 , \u5f97\u5728 sh \u6a94\u88e1\u505a\u5224\u65b7 , \u4e5f\u6c92\u90a3\u9ebc\u9ebb\u7169 , \u6211\u5c31\u8a2d\u5b9a\u6bcf\u500b\u6708\u8dd1\u4e00\u6b21\u5c31\u662f\u4e86 .<\/strong>\n <p> update 2021\/11\/4 <br \/> \n\u82e5\u8981\u518d\u65b0\u589e\u4e00\u500b virtual host \u6642 , \u8a2d\u5b9a\u597d httpd-ssl.conf \u88e1\u7684 vhost \u6642 , \u6703\u6709\u500b\u554f\u984c, \u5c31\u662f SSLCertificateFile \/SSLCertificateKeyFile \/SSLCertificateChainFile\u00a0 \u9019\u4e09\u500b\u6307\u5b9a\u7684\u6a94 , \u9019\u6a23\u5b50 apache\u5c31\u7121\u6cd5\u555f\u52d5, \u90a3\u9ebcdehydrated \u4e5f\u7121\u6cd5 renew \/ create .\u00a0 \u9019\u6642\u5019\u8a72\u600e\u534a\u5462 ? \u5c31\u662f\u76f4\u63a5\u5c07\u9019\u4e09\u500b key file \u6307\u5b9a\u5230\u81ea\u88fd\u7684\u5982\u4e0b(\u5047\u8a2d\u81ea\u884c\u7522\u751f\u7684 key file \u90fd\u653e\u5728 \/usr\/local\/apache2\/ssl\/) :\n <p> SSLCertificateFile &#8220;\/usr\/local\/apache2\/ssl\/server.crt&#8221; <br \/> \nSSLCertificateKeyFile &#8220;\/usr\/local\/apache2\/ssl\/server.key\/&#8221; <br \/> \nSSLCertificateChainFile &#8220;\/usr\/local\/apache2\/ssl\/ca.crt&#8221;\n <p> \u9019\u6a23\u5b50 , Apache \u5c31\u80fd\u9806\u5229\u555f\u52d5, \u53ea\u662f\u65b0\u589e\u7684 VHost \u7121\u6cd5\u88ab\u4fe1\u4efb . \u9019\u6642\u5019\u518d\u4f86\u57f7\u884c dehydrated\u00a0 renew . \u518d\u5c07\u4e0a\u8ff03 \u500b\u00a0 key file \u6307\u5230 <strong><a href=\"https:\/\/letsencrypt.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">Let&#8217;s Encrypt<\/a>\u00a0 \u63d0\u4f9b\u7684 key \u5373\u53ef !<\/strong>\n","protected":false},"excerpt":{"rendered":" <p> www.baldur.com.tw\u00a0 \u5f9e2017\u5e74\u5efa\u597d\u4ee5\u4f86, \u5c0d\u61c9\u7684 Key Word search \u5728 Google \u4e2d\u90fd\u6709\u8457\u4e0d\u932f\u7684\u6392\u540d\u3002 <\/p> \n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[2],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.worren.net\/index.php?rest_route=\/wp\/v2\/posts\/409"}],"collection":[{"href":"https:\/\/blog.worren.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.worren.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.worren.net\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.worren.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=409"}],"version-history":[{"count":4,"href":"https:\/\/blog.worren.net\/index.php?rest_route=\/wp\/v2\/posts\/409\/revisions"}],"predecessor-version":[{"id":468,"href":"https:\/\/blog.worren.net\/index.php?rest_route=\/wp\/v2\/posts\/409\/revisions\/468"}],"wp:attachment":[{"href":"https:\/\/blog.worren.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=409"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.worren.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=409"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.worren.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=409"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}