我正在运行一个网站,来自在AWS EC2上运行的Ubuntu 16(LTS)服务器。我在AWS上为我的安全组设置了以下输入规则
Type Protocol Port Range Source
HTTP TCP 80 0.0.0.0/0
SSH TCP 22 72.81.131.89/32
HTTPS TCP 443 0.0.0.0/0
在我的Ubuntu服务器上,我按照here所述设置了SSL。我还编辑了/etc/apache2/ports.conf以下内容。
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80
Listen 8080
<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
NameVirtualHost *:443
Listen 443
</IfModule>
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
我没有文件/etc/apache2/sites-enabled/000-default.conf。
我创建了一个文件/etc/apache2/httpd.conf,其中包含以下内容
<VirtualHost _default_:443>
ServerName example.com:443
SSLEngine on
SSLCertificateKeyFile /etc/apache2/ssl/example.com.key
SSLCertificateFile /etc/apache2/ssl/example.com.cert
ServerAdmin MYWEBGUY@localhost
DocumentRoot /var/www/html
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/errorSSL.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/accessSSL.log combined
</VirtualHost>
我已经去了/ etc / apache2 / ssl并输入了
sudo openssl req -new -x509 -nodes -out example.com.crt -keyout example.com.key
该程序没有错误。
当我进入
sudo a2enmod ssl
我得到了
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Module socache_shmcb already enabled
Module ssl already enabled
当我打开浏览器并输入
时https://example.com
我的网页打开时带有绿色锁,表示该网站是安全的。但是,当我刚进入
example.com
我得到一个常规的http连接和一条消息,说明与网站的连接不安全。
如何在用户输入
时将https设为默认值example.com
答案 0 :(得分:1)
当用户访问非SSL站点时,您需要强制重定向到SSL站点。 我将添加一个这样的部分:
<VirtualHost *:80>
ServerName www.example.com
Redirect / https://www.example.com/
</VirtualHost>
或更好地使用重写规则将所有请求重定向到SSL站点:
RewriteEngine On
# This will enable the Rewrite capabilities
RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
查看apache wiki了解更多信息
答案 1 :(得分:1)
只需redirect您的http版本到https网站- 重定向所有网络流量
RewriteEngine on RewriteCond%{HTTPS}!on RewriteCond%{REQUEST_URI}!^ / [0-9] + .. +。cpaneldcv $ RewriteCond%{REQUEST_URI}!^ /。众所周知/ pki-validation / [ A-F0-9] {32} .txt(?:\ Comodo \ DCV)?$ RewriteRule(。*)https://% {HTTP_HOST}%{REQUEST_URI} [L,R = 301]
仅重定向指定的域
RewriteCond%{REQUEST_URI}!^ / [0-9] + .. +。cpaneldcv $ RewriteCond%{REQUEST_URI}!^ /。众所周知/ pki-validation / [A-F0-9] {32} .txt(?:\ Comodo \ DCV)?$ RewriteEngine On RewriteCond%{HTTP_HOST} ^ example.com [NC] RewriteCond%{SERVER_PORT} 80 RewriteRule ^(。*)$ https://www.example.com/ $ 1 [R = 301, L]
重定向指定的文件夹
RewriteCond%{REQUEST_URI}!^ / [0-9] + .. +。cpaneldcv $ RewriteCond%{REQUEST_URI}!^ /。众所周知/ pki-validation / [A-F0-9] {32} .txt(?:\ Comodo \ DCV)?$ RewriteEngine On RewriteCond%{SERVER_PORT} 80 RewriteCond%{REQUEST_URI}文件夹RewriteRule ^(。*)$ https://www.example.com/folder/ $ 1 [R = 301,L]