[{"data":1,"prerenderedAt":60},["ShallowReactive",2],{"article-49":3},{"code":4,"msg":5,"data":6,"count":14},200,"查询成功",{"id":7,"title":8,"keywords":9,"description":10,"category_id":11,"content":12,"body_html":13,"thumb_up":14,"clicks":15,"sort":14,"remark":16,"status":11,"is_open":11,"is_deleted":14,"is_top":14,"is_recommend":14,"create_time":17,"update_time":18,"image_id":19,"url":13,"member_id":14,"cate_name":20,"prev":21,"next":24,"tags":27,"words":31,"read_time":32,"comments":14,"cover":33,"relevant":34},49,"了解域名SSL证书申请安装","证书,http,https","如何将自己的网站的访问协议http转成https协议，就得要求我们必须对域名进行SSl证书申请并应用。",1,"了解域名SSL证书申请安装\n\n如何将自己的网站的访问协议http转成https协议，就得要求我们必须对域名进行SSl证书申请并应用。\n\n##### 申请域名\n\n可以在阿里云，腾讯云等平台购买，在此文章不做详细的介绍（因为主角不是它）\n\n##### 证书购买\n\n在阿里云官网搜索SSL相关产品\n\n![1](https:\u002F\u002Ftp.myong.top\u002Fstorage\u002Fckeditor\u002F20190322\u002F5897b6af8b7a43ca0ddbed1db15f63ae.jpg)\n\n\n\n选择免费证书类型\n\n![2](https:\u002F\u002Ftp.myong.top\u002Fstorage\u002Fckeditor\u002F20190322\u002F30804dea9072bde6525f69baf6122ea1.jpg)\n\n\n\n免费的不用花钱一直确认就行，\n\n最后在 SSL证书控制台看到 如下图 未签发的证书。\n\n![3](https:\u002F\u002Ftp.myong.top\u002Fstorage\u002Fckeditor\u002F20190322\u002F71ac7703ad818013bdaec6ea23ce66df.jpg)\n\n\n\n购买完成后，就给已申请的域名申请SSL证书。\n\n点击 申请 按钮 写证书申请相关信息\n\n![4](https:\u002F\u002Ftp.myong.top\u002Fstorage\u002Fckeditor\u002F20190322\u002Fdc5de3262b68f4224fea5494cb79a88c.jpg)\n\n\n\n提交验证，等待审核成功，证书通过审核如图\n\n![5](https:\u002F\u002Ftp.myong.top\u002Fstorage\u002Fckeditor\u002F20190322\u002F65f081ab798a9413402f76f05d02f59a.jpg)\n\n\n\n网站实现http转https需要下载对应应用的证书及密钥，如图\n\n![6](https:\u002F\u002Ftp.myong.top\u002Fstorage\u002Fckeditor\u002F20190322\u002F7db8da558ac18b86a02bd54408762a47.jpg)\n\n\n\n下载后包含的文件有如图所示\n\n![7](https:\u002F\u002Ftp.myong.top\u002Fstorage\u002Fckeditor\u002F20190322\u002F36ecc4d289488d4066ad2f38a4caecd6.jpg)\n\n\n\n文件介绍\n\n在证书控制台下载Apache版本证书，下载到本地的是一个压缩文件，解压后里面包含_public.crt文件是证书文件，_chain.crt是证书链(中间证书)文件，.key文件是证书的私钥文件（申请证书时如果没有选择系统创建CSR，则没有该文件）。\n\n **友情提示**： **.crt**扩展名的证书文件采用Base64-encoded的PEM格式**文本文件**，可根据需要，修改成**.pem**等扩展名。\n\n以Apache标准配置为例，假如证书文件名是a_public.crt，证书链文件是a_chain.crt,私钥文件是a.key。\n\n##### Apache服务器安装SSL证书\n\n1、将下载的全部文件拷贝到Apahce的安装目录下\n\n```bash\n\u002Fetc\u002Fhttpd\u002Fcert\n```\n\n2、修改apache配置\n\n```bash\nvim \u002Fetc\u002Fhttpd\u002Fconf\u002Fhttpd.conf\n```\n\n找到如下内容去掉 # 号\n\n```bash\n#LoadModule ssl_module modules\u002Fmod_ssl.so (如果找不到请确认是否编译过 openssl 插件)\n#Include conf\u002Fextra\u002Fhttpd-ssl.conf（删除行首的配置语句注释符号“#”，保存后退出）\n```\n\n注意 用yum安装的apache是没有启用ssl的，所有我们需要安装mod_ssl模块提供TLS\u002FSSL功能\n\n3、检查并安装mod_ssl\n\n```bash\nls \u002Fetc\u002Fhttpd\u002Fmodules\u002F | grep \"mod_ssl\" #默认没有安装mod_ssl\nyum list all mod_ssl  #查看mod_ssl的安装包信息\nyum install -y mod_ssl  #安装mod_ssl\n```\n\n4、检查安装mod_ssl安装结果\n\n```bash\nrpm -qc mod_ssl\n#结果显示\n\u002Fetc\u002Fhttpd\u002Fconf.d\u002Fssl.conf     #mod_ssl的配置文件存放位置\n\u002Fetc\u002Fhttpd\u002Fconf.modules.d\u002F00-ssl.conf    \n```\n\n5、修改ssl.conf\n\n```bash\nvim \u002Fetc\u002Fhttpd\u002Fconf.d\u002Fssl.conf\n```\n\n配置文件中如下内容修改\n\n```bash\n# 添加 SSL 协议支持协议，去掉不安全的协议\nSSLProtocol all -SSLv2 -SSLv3\n# 修改加密套件如下\nSSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM\nSSLHonorCipherOrder on\n# 证书公钥配置\nSSLCertificateFile cert\u002Fa_public.crt\n# 证书私钥配置\nSSLCertificateKeyFile cert\u002Fa.key\n# 证书链配置，如果该属性开头有 '#'字符，请删除掉\nSSLCertificateChainFile cert\u002Fa_chain.crt\n```\n\n6、重启apache\n\n```bash\nsystemctl restart httpd\n```\n\n结果提示如下\n\n```bash\nRedirecting to \u002Fbin\u002Fsystemctl restart httpd.service \nJob for httpd.service failed. See ‘systemctl status httpd.service’ and ‘journalctl -xn’ for details. \n\n```\n\n使用如下代码检测httpd配置文件\n\n```bash\nhttpd -t\n#结果\n[Thu Mar 21 22:46:40.320592 2019] [so:warn] [pid 2255] AH01574: module php7_module is already loaded, skipping\nSyntax OK\n\n```\n\n格式没有错\n\n查看ssl日志\n\n```bash\ncat \u002Fetc\u002Fhttpd\u002Flogs\u002Fssl_error_log\n#结果如下\n[Thu Mar 21 21:49:26.894751 2019] [ssl:warn] [pid 1344] AH01909: RSA certificate configured for localhost:443 does NOT include an ID which matches the server name\n[Thu Mar 21 21:49:26.943935 2019] [ssl:warn] [pid 1344] AH01909: RSA certificate configured for localhost:443 does NOT include an ID which matches the server name\n[Thu Mar 21 21:53:36.304483 2019] [ssl:warn] [pid 1433] AH01909: RSA certificate configured for localhost:443 does NOT include an ID which matches the server name\n[Thu Mar 21 21:53:36.337643 2019] [ssl:warn] [pid 1433] AH01909: RSA certificate configured for localhost:443 does NOT include an ID which matches the server name\n\n```\n\n端口443未设置，\n\n修改 httpd.conf\n\n```bash\nServerName localhost 改为 ServerName localhost:443\n\n```\n\n重启apahce正常\n\n在网站根目录下创建.htaccess文件，在最下面添加写入如下语句：\n\n```bash\nRewriteEngine on\nRewriteBase \u002F \nRewriteCond %{SERVER_PORT} !^443$\nRewriteRule ^.*$ https:\u002F\u002F%{SERVER_NAME}%{REQUEST_URI} [L,R]\n\n```\n\n",null,0,534,"","2019-03-22 17:17:43","2026-04-19 14:40:34",128,"技术杂谈",{"id":22,"title":23},48,"Python基础整理元组基本操作",{"id":25,"title":26},50,"虚拟机安装Centos7后配置网络",[28],{"id":29,"name":30},35,"服务器",2809,7,"https:\u002F\u002Ftp.myong.top\u002Fstorage\u002Farticle\u002F87\u002F675ea24d1392f61fb3cd682702835d.jpg",[35,40,45,50,55],{"id":36,"title":37,"create_time":38,"description":39},89,"获取腾讯“邮我”的链接","2020-06-16 10:47:34","腾讯QQ邮箱提供了“邮我”组件，可以放在自己的网站上，让别人点击提供的图片或者链接就可以发Email过来，该文章分享的是如何获取到其中的链接。",{"id":41,"title":42,"create_time":43,"description":44},98,"本站点JavaScript相关特效使用方法整理","2021-04-22 18:38:53","本站的页面用的特效有，粒子线canvas-nest，动态彩带canvas-ribbon，鼠标点击特效以及音乐播放器，本文整理了特效的使用方法",{"id":46,"title":47,"create_time":48,"description":49},106,"阿里开源数据同步组件Canal","2023-10-26 22:43:32","最开始听说canal是从mysql与redis双写一致性解决方案，当时并没有太在意，最近由于需要实时同步数据，如果在代码对insert\u002Fupdate\u002Fdelete做拦截也可以实现，但对代码侵入性太大了，并且后期更改时容易有遗漏，风险太高，这时就又想到了canal，canal的好处在于对业务代码没有侵入，因为是基于监听binlog日志去进行同步数据，这个真的是太爽爽爽了。并且实时性也能做到准实时，这也是canal为什么这么流行，因为确实很多企业会用来做数据同步的方案。",{"id":51,"title":52,"create_time":53,"description":54},62,"内网使用Composer","2019-10-08 23:29:23","最近本地部署Laravel开发环境时，遇到公司的内网无法正常使用Composer下载Laravel，后来发现是要设置公司内网代理",{"id":56,"title":57,"create_time":58,"description":59},75,"Hexo-SEO优化开启静态文件压缩功能","2019-12-30 21:34:32","个人对HEXO搭建博客的SEO优化方案进行总结，从本地的文章结构到定期推送，再到SEO关键词优化做一个全面体系的汇总，如果有更好的方法可以私聊我。\n\n",1783431665338]