启用压缩模块和实验https与https的重定向

原创

浪在天上飞 2019-05-13 15:31:17 ©著作权

文章标签 周总结 文章分类 运维

©著作权归作者所有：来自51CTO博客作者浪在天上飞的原创作品，请联系作者获取转载授权，否则将追究法律责任

实验：启用压缩

1.查看是否加载使用该模块功能

httpd -M | grep deflate

2.修改配置文件

vim /etc/httpd/conf.d/vhosts.conf

<virtualhost *:80>  
documentroot /data/site1  
servername www.a.com  
<directory /data/site1>   
require all granted  
</directory>  
CustomLog "logs/a_access_log" combined  
AddOutputFilterByType DEFLATE text/plain  
AddOutputFilterByType DEFLATE text/html  
DeflateCompressionLevel 9

实验：实现HTTPS

1.CA和证书颁发

mkdir /data/ssl/
cd /data/ssl/
( umask 066;openssl genrsa 2048 > cakey.pem )
openssl req -new -x509 -key cakey.pem -out cacert.pem -days 3650
openssl req -newkey rsa:1024 -nodes -keyout httpd.key > httpd.csr
openssl x509 -req -in httpd.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 > httpd.crt scp -r /data/ssl 192.168.36.7:/etc/httpd/conf.d
将证书拷贝至申请证书的机器

2.httpd服务器配置

yum install mod_ssl

vim /etc/httpd/conf.d/ssl.conf

DocumentRoot "/data/site1/"  
ServerName www.a.com:443  
<directory /data/site1>  
require all granted  
</directory>  

SSLCertificateFile /etc/httpd/conf.d/ssl/httpd.crt  
SSLCertificateKeyFile /etc/httpd/conf.d/ssl/httpd.key  
SSLCACertificateFile /etc/httpd/conf.d/ssl/cacert.pem

实验：Http到https重定向

vim /etc/httpd/conf.d/test2.conf

#redirect temp / https://www.a.com/  
Header always set Strict-Transport-Security "max-age=31536000"  
RewriteEngine on  
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=302]