[root@iZwz976helegzn6jf0w7plZ oneinstack]# ./vhost.sh

#######################################################################
#       OneinStack for CentOS/RadHat 5+ Debian 6+ and ubuntu 12+      #
#       For more information please visit https://oneinstack.com      #
#######################################################################

Do you want to setup SSL under Nginx? [y/n]: y

Please input domain(example: www.example.com): www.liqingbo.cn

Please input the directory for the domain:www.liqingbo.cn :
(Default directory: /data/wwwroot/www.liqingbo.cn): /data/wwwroot/www.liqingbo.cn

Create Virtul Host directory......
set permissions of Virtual Host directory......
domain=www.liqingbo.cn

Do you want to add more domain name? [y/n]: n

Do you want to redirect all HTTP requests to HTTPS? [y/n]: n （如果想设置http自动跳转到https的话就选y，这里我选择的是n）

Do you want to use a Let's Encrypt certificate? [y/n]: n （如果没有可跳过）

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.

Country Name (2 letter code) [CN]: CN

State or Province Name (full name) [Shanghai]: Hainan

Locality Name (eg, city) [Shanghai]: Haikou

Organization Name (eg, company) [Example Inc.]: Liqingbo

Organizational unit Name (eg, section) [IT Dept.]: IT

Do you want to add hotlink protection? [y/n]: n

Allow Nginx/Tengine/OpenResty access_log? [y/n]: y
You access log file=/data/wwwlogs/www.liqingbo.cn_nginx.log

Allow Apache access_log? [y/n]: y
You access log file=/data/wwwlogs/www.liqingbo.cn_apache.log

nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate "/usr/local/nginx/conf/ssl/www.liqingbo.cn.crt"
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
Reload Nginx......
nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate "/usr/local/nginx/conf/ssl/www.liqingbo.cn.crt"

Syntax OK
Restart Apache......

#######################################################################
#       OneinStack for CentOS/RadHat 5+ Debian 6+ and ubuntu 12+      #
#       For more information please visit https://oneinstack.com      #
#######################################################################
Your domain:           www.liqingbo.cn
Nginx Virtualhost conf:      /usr/local/nginx/conf/vhost/www.liqingbo.cn.conf
Apache Virtualhost conf:     /usr/local/apache/conf/vhost/www.liqingbo.cn.conf
Directory of:           /data/wwwroot/www.liqingbo.cn
Self-signed SSL Certificate:   /usr/local/nginx/conf/ssl/www.liqingbo.cn.crt
SSL Private Key:         /usr/local/nginx/conf/ssl/www.liqingbo.cn.key
SSL CSR File:          /usr/local/nginx/conf/ssl/www.liqingbo.cn.csr

到这步的时候算是已经配置好环境该域名的已经了

如果没什么问题，此时通过https已经能正常访问，只不过会被浏览器提示该网站不安全，因为证书没有对应上。

这里已阿里云的免费证书作为示例

将已经申请好的证书下载，里面一般包含几个文件

apache的一般包含4个文件，如下

如果是nginx，那么就只有两个

我们这里是已nginx来说明，我们把这两个文件上传到服务器，因为用OneinStack镜像，所以我们把这两个文件放到对应目录下，如

/usr/local/nginx/conf/ssl/214216134950893.pem

/usr/local/nginx/conf/ssl/214216134950893.key

这个时候我们来看一下系统生成的配置文件

Nginx Virtualhost conf:      /usr/local/nginx/conf/vhost/www.liqingbo.cn.conf
Apache Virtualhost conf:     /usr/local/apache/conf/vhost/www.liqingbo.cn.conf

我们首先来打开第一个配置文件/usr/local/nginx/conf/vhost/www.liqingbo.cn.conf

注意这两个文件

www.liqingbo.cn.crt

www.liqingbo.cn.key

我们会发现在阿里云下载的证书并没有crt这个文件，其实pem对应的就是crt

ssl_certificate /usr/local/nginx/conf/ssl/www.liqingbo.cn.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/www.liqingbo.cn.key;

改成

ssl_certificate /usr/local/nginx/conf/ssl/214216134950893.pem

ssl_certificate/usr/local/nginx/conf/ssl/214216134950893.key

我们来看一下第二个配置文件/usr/local/apache/conf/vhost/www.liqingbo.cn.conf

跟第一个配置文件一样

SSLCertificateFile "/usr/local/nginx/conf/ssl/www.liqingbo.cn.crt"
SSLCertificateKeyFile "/usr/local/nginx/conf/ssl/www.liqingbo.cn.key"
改成

SSLCertificateFile "/usr/local/nginx/conf/ssl/214216134950893.pem"
SSLCertificateKeyFile "/usr/local/nginx/conf/ssl/214216134950893.key"

到这里的时候基本已经修改完成

此时我们重新启动一下httpd

重启命令（好像都可以，不过你都可以试一下，区别我也不太懂）

systemctl restart httpd

service httpd restart

/etc/init.d/httpd restart

如果没什么问题就已经设置成功了！

总结：

通过OneinStact镜像配置https，配置好之后默认是能访问的，不过会提示证书不安全

此时我们再通过已经购买好的证书替换掉原来的证书即可。

===========出现错误汇集==========

1,、"Syntax error on line 80 of c:/apache/conf/extra/httpd-ssl.conf:ErrorLog takes one argument,The filename of the error log"或者"Syntax error on line 99 of c:/apache/conf/extra/httpd-ssl.conf:SSLCertificateFile takes one argument,SSL Server Certificate file ('/path/to/file' -PEM or DER encoded)"

解决方法：文件路径加双引号

2、"Syntax error on line 76 of C:/apache/conf/extra/httpd-ssl.conf:SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?)."

解决办法：

打开httpd.conf，找到 LoadModule socache_shmcb_module modules/mod_socache_shmcb.so，把前面的注释去掉。