3 minutes from applying for SSL certificate to configuring domain name server

Time:2019-8-5

Basic concepts of HTTP and HTTPS
HTTP: It is the most widely used network protocol on the Internet. It is a client and server request and response standard (TCP), which is used to transfer hypertext from WWW server to local browser. It can make browser more efficient and reduce network transmission.
HTTPS: HTTP channel is aimed at security. Simply speaking, it is the Security version of HTTP. That is to say, adding the SSL layer under HTTP. The security foundation of HTTPS is SSL, so the details of encryption need SSL.
The main functions of HTTPS protocol can be divided into two kinds: one is to establish an information security channel to ensure the security of data transmission; the other is to confirm the authenticity of the website.

Why is it used?https

Shortcomings of HTTP protocol

  1. Communications use plaintext and content may be eavesdropped (important password leaks)
  2. Without verifying the identity of the communicator, it may encounter camouflage (cross-site request forgery)
  3. Failure to prove the integrity of the message may have been tampered with (operator hijacking)

Advantages of HTTPS

  1. Users and servers can be authenticated using HTTPS protocol to ensure that data is sent to the correct client and server
  2. HTTPS protocol is a network protocol constructed by SSL+HTTP protocol, which can be used for encrypted transmission and identity authentication. It is more secure than http protocol. It can prevent data from being stolen and changed during transmission and ensure data integrity.
  3. HTTPS is the safest solution under the current architecture. Although it is not absolutely secure, it greatly increases the cost of man-in-the-middle attacks.

Application for SSL certificate

Freessl to apply for a certificate free of charge

1. Enter Domain Name Click Create

3 minutes from applying for SSL certificate to configuring domain name server

2. Enter your usual mailbox, CSR select the browser to generate, and then click Create

3 minutes from applying for SSL certificate to configuring domain name server

3. A DNS configuration is generated, and then we go to the corresponding domain name service provider to add a parsing rule.

3 minutes from applying for SSL certificate to configuring domain name server

4. I bought the domain name in Aliyun, so I went to the Aliyun console to find the domain name I bought and fill in the corresponding rules above.

3 minutes from applying for SSL certificate to configuring domain name server

5. When the configuration is complete, go back to the website that just issued the SSL certificate.Click ValidationButton, if the configuration parsing succeeds, the following interface will appear. Otherwise, if it fails, please fill it in carefully, or wait 5 to 10 minutes for the parsing rules to take effect.

3 minutes from applying for SSL certificate to configuring domain name server

6. Copy the contents and save them into corresponding files

3 minutes from applying for SSL certificate to configuring domain name server

Apache configures HTTPS-enabled SSL certificates

  1. Edit the conf/httpd.conf file in the Apache root directory to find #LoadModule ssl_module/mod_ssl.so and #Include conf/extra/httpd-ssl.conf, and remove the previous # comment.
  2. openhttpd-ssl.confFile, add a record, usually inxmapp\apache\conf\extraBelow

    <VirtualHost *:443>
    
        Document Root "Path to Your Website" (# e.g. C: php wwww itnavs blogs blogs - itnavs)
        ServerName www.blogs.itnavs.com
        ServerAlias blogs.itnavs.com
        ServerAdmin [email protected]
        ServerName itnavs.com
        SSLEngine on
        
        SSLCertificateFile "ssl path. CRT just generated" (# such as https/itnavs/blogs/blogs_itnavs.crt)
        SSLCertificateKeyFile "just generated SSL path. key" # such as https/itnavs/blogs/blogs_itnavs.key.
        SSL Certificate ChainFile "ssl Path Just Generated. crt" # such as https/itnavs/blogs/blogs_itnavschain.crt
    
        Directory, "Path to Your Web Site"> (# e.g. C: php wwww itnavs blogs blogs - itnavs)
           Options FollowSymLinks
           AllowOverride All
           Require all granted
        </Directory>
        
    </VirtualHost>

    Restart Apache and enter https://blogs.itnavs.com/browser. If a green lock appears, the configuration is successful.

3 minutes from applying for SSL certificate to configuring domain name server

Domain name configuration HTTPS completed


Expansion of httpd-ssl.conf grammar

ServerAdmin directive:

Syntax: Server Admin email-address | URL

Used to set the administrator email address contained in the error message returned by the server to the client. It is convenient for users to get in touch with administrators in time after receiving error information.

ServerName directive:

Syntax: ServerName [scheme://] FQDN [: port]

Used to set up the server to identify its own host name and port number. Mainly used to create redirected URLs.

DocumentRoot directive:

Syntax: Document Root directory-path

The directory used to set up httpd services. That is, the folder at the entrance of your project.

ErrorLog directive:

Syntax: ErrorLog file-path

To set up a file that logs errors when the server encounters errors. If file-path is not an absolute path starting with / it will be considered a relative path to ServerRoot.

CustomLog directive:

Syntax: ErrorLog file-path common

Set up the log file and specify the format used for the log file (usually by the name of the format).

Directory directory path > </Directory >

Set permissions for home or virtual directories

DirectoryIndex index.html index.htm index.php

Set the default file entered after accessing the directory

AllowOverride all

Define the type of instruction in the. htaccess (access control) file under each directory. None prohibits the use of. htaccess files

Characteristic:
Indexes MultiViews All ExecCGI FollowSymLinks Includes IncludesNoExec

command Explain
Indexes Allow directory browsing. When a customer specifies only the directory to be accessed, but does not specify which file to be accessed under the directory, and there is no default document in the directory, Apache returns the list of files and subdirectories in the directory in hypertext form (virtual directory will not appear in the directory list).
MultiViews MultiViews is actually an intelligent feature of Apache, which allows content negotiation to focus more on graphs. When a customer accesses an object that does not exist in a directory, such as http://192.168.66.6/data/a, Apache looks up all a. * files in that directory. Because A. GIF file exists in the data directory, Apache will return A. GIF file to the customer instead of returning error information.
All All contains all features except MultiViews. If there is no Options statement, the default is All.
ExecCGI Allow execution of CGI scripts in this directory
FollowSymLinks Symbolic links can be used in this directory
Includes Allow the server side to include functionality
IncludesNoExec Allow the server side to include functionality, but disable execution of CGI scripts

Once the definition allows directory browsing, the folder and file name structure of the Web site is exposed to hackers. Directory browsing also allows hackers to browse files and master server configuration information, so specifying this permission often brings security risks. It should be disabled unless there are good reasons to use directory browsing

Expansion of. htaccess grammar

RewriteCond grammar parameter:

# At the beginning of a line is a comment.

- D Tests whether the string is an existing directory

- F Tests whether the string is an existing file

- s tests whether the file referred to by the string has a "non-zero" value (non-empty regular file)

- L Think of it as a path name and test whether it is an existing symbolic connection (symbolic connection)

- x (executable) is treated as a path name and tested to see if it is an existing file with executable privileges. This permission is detected by the operating system

RewriteRule grammar parameter:

[F] Forbidden: Command server to return 403 Forbidden error to user browser

[L] Last rule: Tell the server to stop rewriting the URL after this rule is executed

[N] Next: Tell the server to continue rewriting and instruct all rewriting instructions to be executed

[G] Gone (lost): Command server returns 410 GONE (no longer exists) error message

[P] Proxy (proxy): Tell the server to process user requests through mod_proxy module

[C] Chain (bundling): Tell the server to bundle the current rules with the previous ones

[R] Redirect: Command the server to send a redirect message so that the user's browser can issue a rewritten/modified URL request

[NC] No Case (case-insensitive): Case-insensitive to the URL requested by the client

[PT] Pass Through (release): Let the mod_rewrite module return the rewritten URL to Apache for further processing

[OR] Or (Logic or): Connect two expressions with logical "or" and apply subsequent rules if the result is "true"

[NE] No Escape (Disable Escape): Command Server Disables Escape Characters at Output

[NS] No Subrequest: If there are internal subrequests, skip the current command

[QSA] Append Query String: The command server appends the query string at the end of the URL

[S = x] Skip (skip): If a specified condition is satisfied, skip the subsequent x-tone rule

[E = variable: value] Environmental Variable: The command server assigns the value value to the variable variable variable

[T = MIME-type] Mime Type (MIME type): declares the MIME type to which the target resource belongs

For example, ThinkPHP hides index. PHP
<IfModule mod_rewrite.c>

    RewriteEngine on 
    
    RewriteCond %{REQUEST_FILENAME} !-d 
    
    RewriteCond %{REQUEST_FILENAME} !-f 
    
    RewriteRule ^(.*)$ index.php/$1 [QSA,PT,L]
    
</IfModule>

Special Thanks

Freessl – Provide us with free SSL certificates

Other references to SSL

More set of SSL application paths