可道云kodexplorer开启https(Let’s Encrypt证书)

一、证书申请
安装和生成letsencrypt
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./certbot-auto certonly –standalone –email haha@abc.com -d cloud.abc.com
具体过程可参考:http://www.dearda.com/index.php/archives/2155

执行完成后生成如下2个文件:
/etc/letsencrypt/live/www.mysite.com/fullchain.pem;
/etc/letsencrypt/live/www.mysite.com/privkey.pem;

二、Apache配置可道云的https
1、增加httpd的mod_ssl模块
yum install -y mod_ssl

2、增加httpd的配置,使用非443端口,kod.conf:
#######################################################
Listen 12345 https
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout 300
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

<VirtualHost _default_:12345>
DocumentRoot /var/www/html/kod/
ServerName cloud.abc.com
ErrorLog logs/kod_error_log
TransferLog logs/kod_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA
SSLCertificateFile /etc/letsencrypt/live/www.mysite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.mysite.com/privkey.pem

<Files ~ “\.(cgi|shtml|phtml|php3?)$”>
SSLOptions +StdEnvVars
</Files>
<Directory “/var/www/cgi-bin”>
SSLOptions +StdEnvVars
</Directory>

BrowserMatch “MSIE [2-5]” \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog logs/kod_request_log \
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”
</VirtualHost>
#######################################################

3、重启apache,访问https://cloud.abc.com:12345/