我一直在寻找一段时间,不幸的是没有解决方案:如何切换到HTTPS在树莓派上的HTTP功能的lighttpd服务器?
重要信息:这个网站连接到我的路由器,它是可以访问的,这要归功于一个动态DNS域名:name.ddns.net(端口80和443在这个路由器上是开放的)。
这是我的过程:
- 生成密钥:
openssl req -new -newkey rsa:2048 -nodes -keyout domain.tld.key -out domain.tld.csr
openssl x509 -req -days 365 -in domain.tld.csr -signkey domain.tld.key -out domain.tld.crt
- 将证书与密钥合并:
cat domain.tld.key domain.tld.crt > domain.tld.pem
以下是lighttpd.conf中的配置:
server.modules = (
"mod_access",
"mod_accesslog",
"mod_alias",
"mod_compress",
"mod_redirect",
"mod_rewrite",
)
server.document-root = "/var/www/html"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80 #443 with @gstrauss answer
index-file.names = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.assign.pl"
include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
# Log access
accesslog.filename = "/var/log/lighttpd/access.log"
# SSL Server settings
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/domain.tld.pem"
ssl.ca-file = "/etc/lighttpd/ssl/domain.tld.crt"
server.name = "domain.tld"
server.document-root = "/var/www/html"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
ssl.use-compression = "disable"
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA"
}
和:没有!(当然在/etc/init.d/lighttpd restart之后),我的网站仍然在HTTP。
你有解决方案或想法要测试吗?
提前感谢!
lighttpd默认监听80端口。如果想停止监听端口80,那么告诉lighttpd默认监听端口443:
server.port = 443
成功!由于某些原因,不幸的是,我不知道将SSL部分转换为:
是否足够# SSL Server settings
server.port = 443
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/domain.tld.pem"
ssl.ca-file = "/etc/lighttpd/ssl/domain.tld.crt"
server.name = "domain.tld"
server.document-root = "/var/www/html"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
#ssl.use-compression = "disable"
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA"
因此必须:
<- 删除条件/gh>
- (可选)注释ssl压缩,因为没用