# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
#Listen 80
Listen 443
第三步驟,修改django.conf
cd /etc/httpd/conf.d/
vi django.conf
新增以下程式碼,並更改<IP>:443
WSGIPassAuthorization On
WSGIDaemonProcess omflow python-path=/opt/omflow/server:/opt/omflow/python/lib/python3.6/site-packages
WSGIProcessGroup omflow
WSGIScriptAlias / /opt/omflow/server/omflow/wsgi.py
<IfModule mod_ssl.c>
<VirtualHost <IP>:443>
Alias /static /opt/omflow/server/staticfiles
<Directory /opt/omflow/server/staticfiles>
Require all granted
</Directory>
<Directory /opt/omflow/server/omflow>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
SSLEngine on
SSLCertificateFile /etc/ssl/localcerts/apache.pem
SSLCertificateKeyFile /etc/ssl/localcerts/apache.key
</VirtualHost>
</IfModule>
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen <IP>:80
在上方第9行的最前方加上#
#Listen <IP>:80
啟用ssl的設定檔
# Secure (SSL/TLS) connections
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
#Include conf/extra/httpd-ssl.conf
#Include conf/extra/httpd-ahssl.conf
#SSLRandomSeed startup builtin
#SSLRandomSeed connect builtin
</IfModule>
將上方第7行的#拿掉
Include conf/extra/httpd-ssl.conf
# When we also provide SSL we have to listen to the
# standard HTTP port (see above) and to the HTTPS port
#
# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
#
Listen <IP>:443
新增監聽IP-2:
##
## SSL Virtual Host Context
##
<VirtualHost <IP>:443>
# General setup for the virtual host
DocumentRoot "${SRVROOT}/htdocs"
ServerName <IP>:443
ServerAdmin admin@example.com
ErrorLog "${SRVROOT}/logs/error.log"
TransferLog "${SRVROOT}/logs/access.log"
新增憑證路徑:
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. Keep
# in mind that if you have both an RSA and a DSA certificate you
# can configure both in parallel (to also allow the use of DSA
# ciphers, etc.)
# Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
# require an ECC certificate which can also be configured in
# parallel.
SSLCertificateFile "C:\Program Files\OMFLOW Server\cert\cer\server.cer"
#SSLCertificateFile "${SRVROOT}/conf/server-dsa.crt"
#SSLCertificateFile "${SRVROOT}/conf/server-ecc.crt"
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
# ECC keys, when in use, can also be configured in parallel
SSLCertificateKeyFile "C:\Program Files\OMFLOW Server\cert\pfx\server.key"
#SSLCertificateKeyFile "${SRVROOT}/conf/server-dsa.key"
#SSLCertificateKeyFile "${SRVROOT}/conf/server-ecc.key"
SSLCertificateChainFile "C:\Program Files\OMFLOW Server\cert\cer\uca.cer"
