安装:
复制代码
yum install -y openssl #使用openssl可手动创建证书 yum install -y httpd yum install -y mod_ssl防火墙打开80、443端口,然后重启
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent firewall-cmd --reloadApache开启
systemctl enable httpd
systemctl start httpd 复制代码 强制HTTP-->HTTPS:vim /etc/httpd/conf/httpd.conf 添加如下内容
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$ #另一种写法:RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ [R=301,L] #301表示永久移走 【Tomcat开启SSL】复制代码
vi /etc/httpd/conf.d/ssl.conf 添加如下内容 application1,application2代表tomcat应用,请替换
ProxyPass /application1 ajp://127.0.0.1/application1
ProxyPass /application2 ajp://127.0.0.1/application2 ProxyPassReverse /application1 ajp://127.0.0.1/application1 ProxyPassReverse /application2 ajp://127.0.0.1/application2<Proxy *>
AddDefaultCharset off Order deny,allow Allow from all 复制代码vim /usr/share/tomcat/conf/server.xml
|| / [work][解决[Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed]
原因:requests模块验证证书,自签名证书验证失败。
方案一:
requests.get(url,verify=False)
方案二:
复制pem文件内容至/usr/lib/python2.7/site-packages/requests/cacert.pem