在CentOS上为PHP配置SSL,通常涉及以下几个步骤:
获取SSL证书:
安装和配置Web服务器:
mod_ssl
模块并配置SSL。配置PHP:
以下是具体步骤:
安装mod_ssl
模块:
sudo yum install mod_ssl
启用SSL模块:
sudo systemctl enable httpd
sudo systemctl start httpd
sudo systemctl restart httpd
获取SSL证书:
sudo yum install certbot python2-certbot-apache
sudo certbot --apache -d yourdomain.com -d www.yourdomain.com
配置Apache虚拟主机:
编辑/etc/httpd/conf.d/yourdomain.conf
文件,添加以下内容:
<VirtualHost *:443>
ServerName yourdomain.com
ServerAlias www.yourdomain.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
<Directory /var/www/html>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
PHPIniDir "/etc/php.ini"
</VirtualHost>
安装Nginx:
sudo yum install nginx
启动Nginx:
sudo systemctl enable nginx
sudo systemctl start nginx
获取SSL证书:
sudo yum install certbot python2-certbot-nginx
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
配置Nginx服务器块:
编辑/etc/nginx/conf.d/yourdomain.conf
文件,添加以下内容:
server {
listen 443 ssl;
server_name yourdomain.com www.yourdomain.com;
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
root /var/www/html;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
location {
return 301 https://$host$request_uri;
}
}
确保PHP-FPM或PHP进程能够处理HTTPS请求。通常情况下,Nginx和Apache会自动处理这些配置。
使用浏览器访问你的域名,确保SSL证书正确安装并且页面能够正常显示。
通过以上步骤,你应该能够在CentOS上成功为PHP配置SSL。