在 Raspberry Pi 上使用 lighttpd 激活 SSL

Activate SSL with lighttpd on a Raspberry Pi

我一直在寻找一段时间,不幸的是没有解决方案:如何在 Raspberry Pi?

重要提示:这个网站连接到我的路由器,由于域下的动态 DNS,它可以访问:name.ddns.net(此路由器上的端口 80 和 443 也已打开)。

这是我的过程:

openssl req -new -newkey rsa:2048 -nodes -keyout domain.tld.key -out domain.tld.csr

openssl x509 -req -days 365 -in domain.tld.csr -signkey domain.tld.key -out domain.tld.crt
cat domain.tld.key domain.tld.crt > domain.tld.pem

这里是lighttpd.conf中的配置:

server.modules = (
        "mod_access",
        "mod_accesslog",
        "mod_alias",
        "mod_compress",
        "mod_redirect",
        "mod_rewrite",
)

server.document-root        = "/var/www/html"
server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
server.errorlog             = "/var/log/lighttpd/error.log"
server.pid-file             = "/var/run/lighttpd.pid"
server.username             = "www-data"
server.groupname            = "www-data"
server.port                 = 80 #443 with @gstrauss answer

index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny             = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

compress.cache-dir          = "/var/cache/lighttpd/compress/"
compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )

# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.assign.pl"
include_shell "/usr/share/lighttpd/include-conf-enabled.pl"

# Log access
accesslog.filename         = "/var/log/lighttpd/access.log"

# SSL Server settings
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/domain.tld.pem"
ssl.ca-file = "/etc/lighttpd/ssl/domain.tld.crt"
server.name = "domain.tld"
server.document-root = "/var/www/html"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
ssl.use-compression = "disable"
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA"
}

并且:什么都没有!(当然是在 /etc/init.d/lighttpd restart 之后),我的网站仍然是 HTTP。

您有解决方案或想法要测试吗?

提前致谢!

lighttpd 默认监听 80 端口。如果想停止监听 80 端口,那么告诉 lighttpd 默认监听 443 端口:

server.port = 443

成功! 不幸的是,出于某种原因,我不知道将 SSL 部分转换为:

# SSL Server settings
server.port = 443
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/domain.tld.pem"
ssl.ca-file = "/etc/lighttpd/ssl/domain.tld.crt"
server.name = "domain.tld"
server.document-root = "/var/www/html"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
#ssl.use-compression = "disable"
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA"

必须因此:

  1. 删除条件
  2. (可选)对 ssl 压缩的评论因为无用