[英]Lets Encrypt SSL setup in bitnami.conf in AWS Lightsail
I created a new Instance in AWS Lightsail and Configured a domain example.com
which has 2 subdomains as well. 我在AWS Lightsail中创建了一个新实例,并配置了一个域
example.com
,它也有2个子域。 test.example.com
and app.example.com
. test.example.com
和app.example.com
。
I removed the default bitnami.conf
and created a new one. 我删除了默认的
bitnami.conf
并创建了一个新的。 This removed the predefined SSL setup code. 这删除了预定义的SSL设置代码。 I installed Lets encrypt by following this tutorial .
我按照本教程安装了Lets加密。
Here is my bitnami.conf
file before adding SSL. 在添加SSL之前,这是我的
bitnami.conf
文件。 I could access all the websites as desired. 我可以根据需要访问所有网站。
ServerName example.com
<VirtualHost *:80>
ServerName example.com
<Directory /opt/bitnami/apache2/htdocs/default_website>
DirectoryIndex index.html
AllowOverride All
Require all granted
</Directory>
DocumentRoot /opt/bitnami/apache2/htdocs/default_website
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /opt/bitnami/apache2/htdocs/app_website
<Directory /opt/bitnami/apache2/htdocs/app_website>
DirectoryIndex index.html
AllowOverride All
Require all granted
</Directory>
ServerName app.example.com
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /opt/bitnami/apache2/htdocs/test_website
<Directory /opt/bitnami/apache2/htdocs/test_website>
DirectoryIndex index.html
AllowOverride All
Require all granted
</Directory>
ServerName test.example.com
</VirtualHost>
Here is my bitnami.conf
file after adding SSL code. 添加SSL代码后,这是我的
bitnami.conf
文件。 Redirection from example.com
to https://example.com
works fine, but the page doesn't load in https
. 从
example.com
重定向到https://example.com
工作正常,但该页面未加载到https
。 I'm getting ERR_CONNECTION_REFUSED
error. 我收到
ERR_CONNECTION_REFUSED
错误。
New bitnami.conf
file 新的
bitnami.conf
文件
ServerName example.com
<VirtualHost *:80>
ServerName example.com
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
<Directory /opt/bitnami/apache2/htdocs/default_website>
DirectoryIndex index.html
AllowOverride All
Require all granted
</Directory>
DocumentRoot /opt/bitnami/apache2/htdocs/default_website
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "/opt/bitnami/apache2/htdocs/default_website"
SSLEngine on
SSLCertificateFile "/opt/bitnami/apache2/conf/server.crt"
SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key"
<Directory "/opt/bitnami/apache2/htdocs/default_website">
Options Indexes FollowSymLinks
AllowOverride All
<IfVersion < 2.3 >
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.3 >
Require all granted
</IfVersion>
</Directory>
# Error Documents
ErrorDocument 503 /503.html
# Bitnami applications installed with a prefix URL (default)
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /opt/bitnami/apache2/htdocs/app_website
<Directory /opt/bitnami/apache2/htdocs/app_website>
DirectoryIndex index.html
AllowOverride All
Require all granted
</Directory>
ServerName app.example.com
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /opt/bitnami/apache2/htdocs/test_website
<Directory /opt/bitnami/apache2/htdocs/test_website>
DirectoryIndex index.html
AllowOverride All
Require all granted
</Directory>
ServerName test.example.com
</VirtualHost>
Bitnami Engineer here. Bitnami工程师在这里。 You also need to define the new port in which Apache will start to listen and the different cyphers and protocols it will accept.
您还需要定义Apache将开始监听的新端口以及它将接受的不同密码和协议。 These lines are included in the bitnami.conf file we include in our stacks by default
这些行包含在我们默认包含在堆栈中的bitnami.conf文件中
Listen 443
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !RC4"
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/opt/bitnami/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
You will need to include them before defining the VirtualHost for the port 443
在为端口443定义VirtualHost之前,您需要包含它们
I hope this helps 我希望这有帮助
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.