Ubuntu PHP配置中SSL证书如何安装_产品动态_资讯中心

发布时间:2026-04-26 19:58:50

阅读量:1

Installing SSL Certificates for PHP in Ubuntu

To configure SSL certificates for PHP in Ubuntu, you need to install a web server (Nginx or Apache), obtain an SSL certificate (e.g., via Let’s Encrypt), configure the web server to use HTTPS, and ensure PHP is set up to handle secure connections. Below are step-by-step guides for both Nginx and Apache.

1. Install a Web Server

You need a web server to handle HTTPS requests. The most common choices are Nginx and Apache.

For Nginx

Update your package list and install Nginx:

sudo apt update
sudo apt install nginx

For Apache

Update your package list and install Apache:

sudo apt update
sudo apt install apache2

Enable the SSL module (required for HTTPS):

sudo a2enmod ssl
sudo systemctl restart apache2

2. Obtain an SSL Certificate

Use Certbot (a free tool) to obtain an SSL certificate from Let’s Encrypt. Certbot automates the process of obtaining and installing certificates.

Install Certbot

For Nginx:

sudo apt install certbot python3-certbot-nginx

For Apache:

sudo apt install certbot python3-certbot-apache

Get and Install the Certificate

For Nginx, run:

sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

For Apache, run:

sudo certbot --apache -d yourdomain.com -d www.yourdomain.com

Replace yourdomain.com with your actual domain. Certbot will automatically configure your web server to use the SSL certificate and redirect HTTP traffic to HTTPS.

3. Configure the Web Server for HTTPS

Ensure your web server is set up to use the SSL certificate files provided by Certbot.

Nginx Configuration

Edit your Nginx site configuration file (located in /etc/nginx/sites-available/yourdomain.com). Update the HTTPS server block to include the certificate paths:

server {
    listen 443 ssl;
    server_name yourdomain.com www.yourdomain.com;
    ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    root /var/www/html;
    index index.php index.html index.htm;

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; # Adjust for your PHP version
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

    location / {
        try_files $uri $uri/ =404;
    }
}

# Redirect HTTP to HTTPS
server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;
    return 301 https://$host$request_uri;
}

Test the Nginx configuration for syntax errors:

sudo nginx -t

Restart Nginx to apply changes:

sudo systemctl restart nginx

Apache Configuration

Edit your Apache site configuration file (located in /etc/apache2/sites-available/yourdomain.com.conf). Ensure the block includes the SSL directives:

:443>
    ServerName yourdomain.com
    DocumentRoot /var/www/html

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/yourdomain.com/chain.pem # Optional but recommended

    
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

Enable the site and restart Apache:

sudo a2ensite yourdomain.com.conf
sudo systemctl restart apache2

4. Configure PHP (Optional but Recommended)

PHP does not require direct SSL configuration for basic HTTPS functionality, but you should ensure it allows URL operations and uses the correct CA bundle for secure connections.

Edit PHP Configuration

For PHP running as an Apache module (libapache2-mod-php), edit:

sudo nano /etc/php/7.4/apache2/php.ini

For PHP-FPM (common with Nginx), edit:

sudo nano /etc/php/7.4/fpm/php.ini

Adjust the following settings (replace 7.4 with your PHP version):

allow_url_fopen = On
allow_url_include = On
openssl.cafile = /etc/ssl/certs/ca-certificates.crt # Path to your system's CA bundle

Save the file and restart the PHP service:

# For PHP-FPM
sudo systemctl restart php7.4-fpm

# For Apache + PHP module
sudo systemctl restart apache2

5. Verify SSL Configuration

Check that your site loads over HTTPS with a valid certificate:

Open a browser and visit https://yourdomain.com. You should see a lock icon in the address bar.
Use an online tool like SSL Labs to analyze your SSL configuration and ensure it meets security best practices.

Test Certificate Renewal

Certbot automatically sets up a cron job to renew certificates. To test the renewal process manually:

sudo certbot renew --dry-run

If no errors occur, your certificates will renew automatically before expiration.

By following these steps, you can successfully install and configure an SSL certificate for PHP in Ubuntu, ensuring your PHP applications are served securely over HTTPS.

以上就是关于“Ubuntu PHP配置中SSL证书如何安装”的相关介绍，筋斗云是国内较早的云主机应用的服务商，拥有10余年行业经验，提供丰富的云服务器、租用服务器等相关产品服务。云服务器资源弹性伸缩，主机vCPU、内存性能强悍、超高I/O速度、故障秒级恢复；电子化备案，提交快速，专业团队7×24小时服务支持！

简单好用、高性价比云服务器租用链接：https://www.jindouyun.cn/product/cvm