跳到主要內容

OS X 10.11 El Capitan Apache Setup: SSL

cover getting your site setup with SSL support

SSL

It is often important to be able to test your local site setup under SSL (e.g. https://yoursite.com). There are a few steps that are needed to accomplish this with your 'OS X 10.11 El Capitan'-based Apache setup. The first step is to make some modifications to your httpd.conf. Because it's a system file, you will need to use sudo again:
$ sudo nano /etc/apache2/httpd.conf
In this file you should uncomment both the socache_shmcb_modulessl_module, and also the include for the httpd-ssl.conf by removing the leading # symbol on those lines:
LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so
...
LoadModule ssl_module libexec/apache2/mod_ssl.so
...
Include /private/etc/apache2/extra/httpd-ssl.conf
After saving this file, you should then open up your/etc/apache2/extra/httpd-vhosts.conf.
$ sudo nano /etc/apache2/extra/httpd-vhosts.conf
Here you can create a VirtualHost entry for each virtual host that you wish to provide SSL support for.
<VirtualHost *:443>
    DocumentRoot "/Users/your_user/Sites"
    ServerName localhost
    SSLEngine on
    SSLCertificateFile "/private/etc/apache2/server.crt"
    SSLCertificateKeyFile "/private/etc/apache2/server.key"
</VirtualHost>
In this example we have created the VirtualHost for localhost, but it could be any of your existing or even a new VirtualHost.

Certificates

To get this all to work with Apache, we need to create a self-signed certificate that we have already referenced in the VirtualHost definition.
The following commands will often prompt you for information regarding the certificates. For local development you can just hit return to accept the default values.
First generate a key:
$ cd /etc/apache2
$ sudo ssh-keygen -f server.key
Then generate a certificate signing request:
$ sudo openssl req -new -key server.key -out server.csr
Using this CSR, generate the certificate:
$ sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
The convert the key to a no-phrase key:
$ sudo openssl rsa -in server.key -out server.key
Then all you need to do now is double check your Apache configuration syntax:
$ sudo apachectl configtest
If all goes well, restart Apache:
$ sudo apachectl -k restart
Now simply point your browser at https://localhost. If you are prompted about aself-signed certificate, in Chrome you can hit the Advanced option on that page and proceed while in Firefox you need to expand the I Understand the Risks and add as exception. This is due to the fact that the self-signed certificates are not signed by any authority and for this reasons the browsers add warnings about it. Although, since you are the one who created the certificate, you understand it's safe to accept it.

http://getgrav.org/blog/mac-os-x-apache-setup-ssl
標籤:

這個網誌中的熱門文章

正確設置404頁面及其他.505,500....

正確設置404頁面 404頁面的設置是否正確直接關係到網站粘性,而現在很多網站的錯誤頁面返回碼都是200和302,只要蜘蛛爬行錯誤頁面不是404,那麼你的404頁 面設置就是錯誤的了,這裡跟大家介紹如何正確設置404頁面。 怎麼正確設置404頁面?很多人看到這個話題可能覺得下文不屑一顧,其實你是否知道自己的404頁面有沒有設置正確呢?很多開源的cms系統和博客 系統都會帶有404頁面,你是不是覺得這樣已經ok了?不用設置了?這些想法是錯誤的,我們做優化的時候,應該測試404頁面時候生效,設置是否正 確等。下面我們詳細說明怎麼設置404頁面。 這先說一下怎麼樣的404頁面才是有效的404頁面。大家應該都知道搜索引擎是通過http狀態碼來識別網頁狀態的,那麼當蜘蛛檢索到一個錯誤鏈 接時,就需要返回404狀態碼來告訴搜索引擎,這個頁面是錯誤頁面,以後不用索取了。而如果返回200,則告訴搜索引擎這個頁面是正常頁面。 所以我們要查看網站錯誤頁面的返回碼是200還是404,而現在很多網站的404頁面返回碼是200而不是404.    那怎麼正確設置404頁面?
繼續閱讀 Read More »-->-->-->

Mac OS X Server 架設兩個網站、兩個郵件伺服器

from:http://www.bnw.com.tw/conference/viewtopic.php?t=208 我的需求要更簡單。  朋友的工作室就兩三人而已,另外一個工作室也是兩三人。  希望有屬於自己的網站及網域名稱郵件  www.123.com   abc@123.com  
繼續閱讀 Read More »-->-->-->

Mac mini server(2012 年末和 2011 年中):如何將 OS X Server 安裝到軟體 RAID

重要事項 這些步驟會清除 Mac mini Server 中兩個磁碟機上的所有資料。雖然您可以重新安裝 OS X Server,但是請務必確認這些磁碟機上的任何其他資料都已完成備份,然後再繼續。 您無法在 RAID 卷宗上建立恢復分割區。如果沒有恢復分割區, 將無法支援 OS X 的某些功能 ,因此您應該考慮使用 恢復磁碟輔助程式 建立外接恢復磁碟,然後才建立 RAID 卷宗。 本文所提供的步驟需要使用透過 WiFi 或乙太網路的寬頻 Internet 連線。您的網路連線必須符合 這篇連結文章 的「重新安裝 OS X 的需求」一節中,針對 Internet 回復功能所述的需求。 安裝步驟 按住 Command、Option 和 R 鍵的同時啟動 Mac mini Server,以便啟動進入 Internet 回復模式。這可能要花數分鐘的時間。看到旋轉地球和“正在從網路啟動回復程序”訊息時,放開這些按鍵。
繼續閱讀 Read More »-->-->-->