在 Raspberry Pi 上使用 lighttpd 激活 SSL
Activate SSL with lighttpd on a Raspberry Pi
我一直在寻找一段时间,不幸的是没有解决方案:如何在 Raspberry Pi?
重要提示:这个网站连接到我的路由器,由于域下的动态 DNS,它可以访问:name.ddns.net(此路由器上的端口 80 和 443 也已打开)。
这是我的过程:
- 生成密钥:
openssl req -new -newkey rsa:2048 -nodes -keyout domain.tld.key -out domain.tld.csr
openssl x509 -req -days 365 -in domain.tld.csr -signkey domain.tld.key -out domain.tld.crt
- 将证书与密钥组合:
cat domain.tld.key domain.tld.crt > domain.tld.pem
这里是lighttpd.conf中的配置:
server.modules = (
"mod_access",
"mod_accesslog",
"mod_alias",
"mod_compress",
"mod_redirect",
"mod_rewrite",
)
server.document-root = "/var/www/html"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80 #443 with @gstrauss answer
index-file.names = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.assign.pl"
include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
# Log access
accesslog.filename = "/var/log/lighttpd/access.log"
# SSL Server settings
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/domain.tld.pem"
ssl.ca-file = "/etc/lighttpd/ssl/domain.tld.crt"
server.name = "domain.tld"
server.document-root = "/var/www/html"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
ssl.use-compression = "disable"
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA"
}
并且:什么都没有!(当然是在 /etc/init.d/lighttpd restart 之后),我的网站仍然是 HTTP。
您有解决方案或想法要测试吗?
提前致谢!
lighttpd 默认监听 80 端口。如果想停止监听 80 端口,那么告诉 lighttpd 默认监听 443 端口:
server.port = 443
成功! 不幸的是,出于某种原因,我不知道将 SSL 部分转换为:
# SSL Server settings
server.port = 443
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/domain.tld.pem"
ssl.ca-file = "/etc/lighttpd/ssl/domain.tld.crt"
server.name = "domain.tld"
server.document-root = "/var/www/html"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
#ssl.use-compression = "disable"
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA"
必须因此:
- 删除条件
- (可选)对 ssl 压缩的评论因为无用
我一直在寻找一段时间,不幸的是没有解决方案:如何在 Raspberry Pi?
重要提示:这个网站连接到我的路由器,由于域下的动态 DNS,它可以访问:name.ddns.net(此路由器上的端口 80 和 443 也已打开)。
这是我的过程:
- 生成密钥:
openssl req -new -newkey rsa:2048 -nodes -keyout domain.tld.key -out domain.tld.csr
openssl x509 -req -days 365 -in domain.tld.csr -signkey domain.tld.key -out domain.tld.crt
- 将证书与密钥组合:
cat domain.tld.key domain.tld.crt > domain.tld.pem
这里是lighttpd.conf中的配置:
server.modules = (
"mod_access",
"mod_accesslog",
"mod_alias",
"mod_compress",
"mod_redirect",
"mod_rewrite",
)
server.document-root = "/var/www/html"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80 #443 with @gstrauss answer
index-file.names = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.assign.pl"
include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
# Log access
accesslog.filename = "/var/log/lighttpd/access.log"
# SSL Server settings
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/domain.tld.pem"
ssl.ca-file = "/etc/lighttpd/ssl/domain.tld.crt"
server.name = "domain.tld"
server.document-root = "/var/www/html"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
ssl.use-compression = "disable"
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA"
}
并且:什么都没有!(当然是在 /etc/init.d/lighttpd restart 之后),我的网站仍然是 HTTP。
您有解决方案或想法要测试吗?
提前致谢!
lighttpd 默认监听 80 端口。如果想停止监听 80 端口,那么告诉 lighttpd 默认监听 443 端口:
server.port = 443
成功! 不幸的是,出于某种原因,我不知道将 SSL 部分转换为:
# SSL Server settings
server.port = 443
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/domain.tld.pem"
ssl.ca-file = "/etc/lighttpd/ssl/domain.tld.crt"
server.name = "domain.tld"
server.document-root = "/var/www/html"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
#ssl.use-compression = "disable"
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA"
必须因此:
- 删除条件
- (可选)对 ssl 压缩的评论因为无用