在CentOS系统上配置PHP以使用SSL证书,通常涉及以下几个步骤:
获取SSL证书:
安装Certbot(如果使用Let’s Encrypt):
sudo yum install epel-release
sudo yum install certbot python2-certbot-apache
获取并安装SSL证书:
sudo certbot --apache -d yourdomain.com -d www.yourdomain.com
配置Apache以使用SSL证书:
/etc/httpd/conf.d/ssl.conf
或/etc/httpd/conf.d/yourdomain.com.conf
。<VirtualHost *:443>
ServerName yourdomain.com
ServerAlias www.yourdomain.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
<Directory /var/www/html>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/yourdomain.com_error.log
CustomLog ${APACHE_LOG_DIR}/yourdomain.com_access.log combined
</VirtualHost>
重启Apache服务:
sudo systemctl restart httpd
配置PHP以使用SSL:
if ($_SERVER['HTTPS'] != "on") {
$redirect = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
header("Location: $redirect");
exit;
}
php.ini
)中设置:session.cookie_secure = 1
session.cookie_httponly = 1
session.cookie_samesite = "Lax"
验证配置:
通过以上步骤,你应该能够在CentOS系统上成功配置PHP以使用SSL证书。