sudo apt update
安装apache:
apt-get install apache2
安装PHP和Apache PHP模块:
sudo apt install php libapache2-mod-php
安装完软件包后,请重新启动Apache以加载PHP模块:
sudo systemctl restart apache2
测试配置文件语法:
sudo apachectl configtest
重新加载apache2
systemctl reload apache2
a2enconf/a2disconf 命令启用或关闭一个配置文件:
示例:
启用已创建站点配置文件:
a2ensite default-ssl.conf
关闭已创建的站点配置文件:
a2disconf default-ssl.conf
查看apache2已开启的模块:
apachectl -M
启用模块(开启为a2enmod指令,关闭为 a2dismod 指令)
a2enmod proxy proxy_balancer proxy_http
a2enmod rewritea ssl rewrite headers env dir mime
基本SSL参数:
通用性
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
开启 OCSP Stapling(建议)
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
虚拟主机开启SSL:
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /path/fullchain.crt
SSLCertificateKeyFile /path/private.pem
</VirtualHost>
配置HTTP自动跳转HTTPS
编辑虚拟主机配置文件(我的是在conf.d/vhost.conf)
增加一个80端口的虚拟主机
主机名ServerName 匹配主域名 domain.com
别名 ServerAlias 匹配 所有二级域名 *.domain.com<VirtualHost *:80>
<VirtualHost *:80>
ServerName domain.com
ServerAlias *.domain.com
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/ [NC]
RewriteRule ^(.*) https://%{HTTP_HOST}$1 [L]
</VirtualHost>禁止IP直接访问80端口:
/etc/apache2/ports.conf
注释以下内容
# Listen 80
代理访问指定端口:
<VirtualHost *:443>
ServerName example.com
AllowEncodedSlashes NoDecode
ProxyPass / http://localhost:8080/ nocanon
ProxyPassReverse / http://localhost:8080/ nocanon
RewriteEngine On
SSLEngine on
SSLCertificateFile /etc/ssl/zs/fullchain.crt
SSLCertificateKeyFile /etc/ssl/zs/private.pem
<Directory />
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order deny,allow
Allow from all
</Directory>
</VirtualHost>
如Apache2与Nginx要共用80端口,则:
/etc/apache2/ports.conf 文件,注释80端口 (#Listen 80)
301跳转到指定链接
<VirtualHost *:86>
ServerName example.com
RedirectMatch Permanent ^/(.*) http://example.com:5212/tool
</VirtualHost>安装nginx
apt-get install nginx
安装安装PHP支持,与Apache不同,Nginx不具有处理PHP文件的内置支持。将使用PHP-FPM(“ fastCGI进程管理器”)来处理PHP文件。
sudo apt-get install php-fpm
安装完成后,FPM服务将自动启动。启动或检查服务状态,请运行
systemctl start php7.4-fpm
systemctl status php7.4-fpm
systemctl start php8.1-fpm
systemctl status php8.1-fpm
systemctl restart php8.1-fpm
重新加载配置并重启
nginx -s reload #重新加载配置
sudo systemctl restart nginx #重启Nginx
nginx.pid” failed 修复:
/usr/sbin/nginx -c /etc/nginx/nginx.conf
默认配置文件路径:
/etc/nginx/sites-available/default
额外设置:
Nginx安装PHP-FPM后,编辑Nginx默认配置,以便Nginx可以处理PHP文件:
示例配置:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
if ( $host != "example.com" ) {
return 403;
}
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
ssl_protocols TLSv1.3;
ssl_certificate /etc/ssl/zs/fullchain.crt; #证书路径
ssl_certificate_key /etc/ssl/zs/private.pem; #私钥路径
root /var/www/html;
location / {
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
#fastcgi_pass unix:/run/php/php8.1-fpm.sock; #fastcgi_pass unix:/run/php/php-fpm.sock; fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
include fastcgi_params;
}
# 将404错误页面重定向到静态页面页面 /404.html
error_page 404 /404.html;
location = /404.html {
root /var/www/html;
}
# 将500 502 503 504错误页面重定向到静态页面 /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/html;
}
location ~ /\.ht {
deny all;
}
}
其他Nginx配置示例:Nginx配置示例
安装PHP扩展
PHP扩展是已编译的库,用于扩展PHP的核心功能。扩展是作为软件包提供的,可以通过以下方式轻松安装apt:
sudo apt install php-[extname]
例如,要安装MySQL和GD扩展,您将运行以下命令:
sudo apt install php-mysql php-gd
在安装新的PHP扩展之后,根据您的设置,不要忘记重新启动Apache或PHP FPM服务。
相关链接:
SSL证书申请: ssl加密证书申请
自定义SSL证书更新:
cd /etc/ssl/zs && ./ssl_update.sh
SSL 配置生成器在线版: https://ssl-config.mozilla.org
Apache2开启WebDAV服务:Apache2开启WebDAV服务