文章目录
- httpd
- 1.httpd安装
- 。使用yum安装:
- 。httpd命令
- 。curl命令
- 。编译安装httpd-2.4
- 2.httpd常用配置
- 。访问控制法则:
- 3.虚拟主机:
- 。相同ip不同端口的配置:
- 。不同IP相同端口配置:
- 。相同IP相同端口不同域名配置
- 。ssl
- 。https配置:
httpd
1.httpd安装
。使用yum安装:
1.安装命令 : yum -y install httpd
httpd服务的主配置文件通常为httpd根目录下的conf/httpd.conf文件,通过yum安装的httpd服务的主配置路径通常如下:/etc/httpd/conf/httpd.conf
2.vim /etc/httpd/conf/httpd.conf 配置虚拟主机
NameVirtualHost(虚拟主机的名称) 192.......
<VirtualHost(虚拟主机) 192............>
DocumentRoot(文件根) "/var/www/html/"
ServerName(服务器名称) 192.........
</VirtualHost>3.进入网站目录站点 cd /var/www/html
echo "123 123 123 china " > index.html //生成index文件输入内容
// 启动httpd服务
[root@scl ~]# systemctl start httpd
[root@scl ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
// 关闭防火墙和selinux
[root@scl ~]# systemctl stop firewalld
直接修改vim /etc/selinux/config找到SELINUX=enforcing修改为SELINUX=disable
[root@scl ~]# setenforce 04.在浏览器输入ip验证
//配置文件说明
文件/目录 | 对应的功能 |
/var/log/httpd/access.log | 访问日志 |
/var/log/httpd/error_log | 错误日志 |
/var/www/html/ | 站点文档目录 |
/usr/lib64/httpd/modules/ | 模块文件路径 |
/etc/httpd/conf/httpd.conf | 主配置文件 |
/etc/httpd/conf.modules.d/*.conf | 模块配置文件 |
/etc/httpd/conf.d/*.conf | 辅助配置文件 |
。httpd命令
//语法:httpd [options]
//常用的options:
-l //查看静态编译的模块,列出核心中编译了哪些模块。 \
//它不会列出使用LoadModule指令动态加载的模块
-M //输出一个已经启用的模块列表,包括静态编译在服务 \
//器中的模块和作为DSO动态加载的模块
-v //显示httpd的版本,然后退出
-V //显示httpd和apr/apr-util的版本和编译参数,然后退出
-X //以调试模式运行httpd。仅启动一个工作进程,并且 \
//服务器不与控制台脱离
-t //检查配置文件是否有语法错误。curl命令
curl是基于URL语法在命令行方式下工作的文件传输工具,它支持FTP,FTPS,HTTP,HTTPS,GOPHER,TELNET,DICT,FILE及LDAP等协议。
curl支持以下功能:
- https认证
- http的POST/PUT等方法
- ftp上传
- kerberos认证
- http上传
- 代理服务器
- cookies
- 用户名/密码认证
- 下载文件断点续传
- socks5代理服务器
- 通过http代理服务器上传文件到ftp服务器
//语法:curl [options] [URL ...]
//常用的options:
-A/--user-agent <string> //设置用户代理发送给服务器
-basic //使用Http基本认证
--tcp-nodelay //使用TCP_NODELAY选项
-e/--referer <URL> //来源网址
--cacert <file> //CA证书(SSL)
--compressed //要求返回时压缩的格式
-H/--header <line> //自定义请求首部信息传递给服务器
-I/--head //只显示响应报文首部信息
--limit-rate <rate> //设置传输速度
-u/--user <user[:password]> //设置服务器的用户和密码
-0/--http1 //使用http 1.0版本,默认使用1.1版本。这个选项是数字0而不是字母o
-o/--output //把输出写到文件中
-#/--progress-bar //进度条显示当前的传送状态//通过curl下载文件
[root@scl ~]# curl -o myblog.html
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 15137 0 15137 0 0 47412 0 --:--:-- --:--:-- --:--:-- 47750
[root@scl ~]# ls
myblog.html。编译安装httpd-2.4
httpd依赖于apr-1.4以上版本,apr-util-1.4以上版本
1.安装开发环境[root@scl ~]# yum groupinstall "Development Tools" 安装过程省略…
2.安装相关依赖包[root@scl ~]# yum -y install openssl-devel pcre-devel expat-devel libtool 安装过程省略…
3.下载apr-1.6.3和apr-util-1.6.1和httpd-2.4
[root@localhost ~]# cd /usr/src/
[root@localhost src]# wget http://mirrors.shu.edu.cn/apache//apr/apr-1.6.3.tar.bz2
[root@localhost src]# wget http://mirrors.shu.edu.cn/apache//apr/apr-util-1.6.1.tar.bz2
[root@localhost src]# wget http://mirror.bit.edu.cn/apache//httpd/httpd-2.4.37.tar.bz2
[root@scl src]# ls
apr-1.6.3.tar.bz2 apr-util-1.6.1.tar.bz2 debug httpd-2.4.34.tar.bz2 kernels4.解压下好的tar包
[root@scl src]# tar xf apr-1.6.3.tar.bz2
[root@scl src]# tar xf apr-util-1.6.1.tar.bz2
[root@scl src]# tar xf httpd-2.4.34.tar.bz2
[root@scl src]# ls
apr-1.6.3 apr-1.6.3.tar.bz2 apr-util-1.6.1 apr-util-1.6.1.tar.bz2 debug httpd-2.4.34 httpd-2.4.34.tar.bz25.安装
// 编译安装apr-1.6.3
[root@scl src]# cd apr-1.6.3
[root@scl apr-1.6.3]# vim configure
# $RM "$cfgfile" //将此行加上注释,或者删除此行
[root@scl ~]# ./configure --prefix=/usr/local/apr
配置过程略。。。
[root@scl apr-1.6.3]# make && make install
编译过程略。。。
// 编译安装apr-util-1.6.1
[root@scl apr-1.6.3]# cd /usr/src/apr-util-1.6.1
[root@scl apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr/
配置过程略。。。
[root@scl apr-1.6.3]# make && make install
编译过程略。。。
// 编译安装httpd-1.4
[root@scl src]# cd httpd-2.4.34
[root@scl httpd-2.4.34]# ./configure --prefix=/usr/local/apache \
> --sysconfdir=/etc/httpd24 \
> --enable-so \
> --enable-ssl \
> --enable-cgi \
> --enable-rewrite \
> --with-zlib \
> --with-pcre \
> --with-apr=/usr/local/apr \
> --with-apr-util=/usr/local/apr-util/ \
> --enable-modules=most \
> --enable-mpms-shared=all \
> --with-mpm=prefork
配置过程略。。。
[root@scl httpd-2.4.34]# make && make install
编译过程略。。。添加环境变量:
[root@scl ~]# echo "export PATH=/usr/local/apache/bin:$PATH" >/etc/profile.d/httpd.sh
[root@scl ~]# . /etc/profile.d/httpd.sh
[root@scl ~]# which httpd
/usr/local/apache/bin/httpd在浏览器输入ip验证
[root@scl ~]# /usr/local/apache/bin/apachectl start // 启动服务
[root@scl ~]# vim /etc/httpd24/httpd.conf
ServerName www.example.com:80 // 将这一行前面的注释去掉
[root@scl ~]# systemctl stop firewalld // 关闭防火墙
2.httpd常用配置
切换使用MPM
yum安装的情况下(编辑[root@scl ~]# /etc/httpd/conf.modules.d/00-mpm.conf文件)
//NAME有三种,分别是:
prefork
event
worker编译安装的情况下:(编辑[root@scl ~]# vim /etc/httpd24/httpd.conf)
#LoadModule mpm_event_module modules/mod_mpm_event.so
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so //目前使用的
#LoadModule mpm_worker_module modules/mod_mpm_worker.so
// 如果要用其他的请把前面的注释去掉,但是同时只能使用一个网页目录站点位置
yum安装的默认网页目录站点(/var/www/html/)
[root@100 ~]# cd /var/www/html/
[root@100 html]# ls
index.html源码安装的默认网站目录站点(/usr/local/apache/htdocs/)
[root@scl ~]# cd /usr/local/apache/htdocs/
[root@scl htdocs]# ls
index.html日志的存放位置
yum安装默认日志存放位置(cd /var/log/httpd/)
[root@100 ~]# cd /var/log/httpd/
[root@100 httpd]# ls
access_log error_log源码安装默认日志存放位置(/usr/local/apache/logs/)
[root@100 httpd]# cd /usr/local/apache/logs/
[root@100 logs]# ls
access_log error_log httpd.pid。访问控制法则:
法则 | 功能 |
Require all granted | 允许所有主机访问 |
Require all deny | 拒绝所有主机访问 |
Require ip IPADDR | 授权指定来源地址的主机访问 |
Require not ip IPADDR | 拒绝指定来源地址的主机访问 |
Require host HOSTNAME | 授权指定来源主机名的主机访问 |
Require not host HOSTNAME | 拒绝指定来源主机名的主机访问 |
IPADDR的类型 | HOSTNAME的类型 |
IP:192.168.1.1 | DOMAIN:指定域内的所有主机 |
Network/mask:192.168.1.0/255.255.255.0 | Net:192.168 FQDN:特定主机的全名 |
Network/Length:192.168.1.0/24 |
示例:
// 设置仅192.168.100.96这台主机能访问:
// 现在是任意主机都能访问
[root@100 ~]# curl http://192.168.100.100/index.html
<html><body><h1>It works!</h1></body></html>
[root@96 ~]# curl http://192.168.100.100/index.html
<html><body><h1>It works!</h1></body></html>
// 进入配置文件修改
<Directory /usr/local/apache/htdocs>
<RequireAll>
Require ip 192.168.100.100
Require all granted
</RequireAll>
</Directory>
// 重启服务
[root@100 ~]# apachectl restart
// 使用192.168.100.96访问
[root@96 ~]# curl http://192.168.100.100/index.html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title> // Forbidden 禁止访问
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /index.html //没有访问权限
on this server.<br />
</p>
</body></html>
//使用192.168.100.100访问
[root@100 ~]# curl http://192.168.100.100/index.html
<html><body><h1>It works!</h1></body></html> //依然可以访问3.虚拟主机:
虚拟主机有三类::
- 相同IP不同端口
- 不同IP相同端口
- 相同IP相同端口不同域名
。相同ip不同端口的配置:
[root@localhost ~]# [root@100 ~]# vim /etc/httpd24/httpd.conf
ServerName www.example.com:80 //取消此行前面的#号
[root@localhost ~]# vim /etc/httpd24/httpd.conf
//在配置文件的最后加上如下内容:
#NameVirtualHost //如果是httpd2.2版本就要加上这一行如果是2.4版本就不要加
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/runtime"
ServerName runtime.example.com
ErrorLog "logs/runtime.example.com-error_log"
CustomLog "logs/rutime.example.com-access_log" common
</VirtualHost>
<VirtualHost *:81>
DocumentRoot "/usr/local/apache/htdocs/wheel"
ServerName wheel.example.com
ErrorLog "logs/wheel.example.com-error_log"
CustomLog "logs/wheel.example.com-access_log" common
</VirtualHost>
// 在配置文件中修改监听的端口号
[root@localhost ~]# vim /etc/httpd24/httpd.conf
#
#Listen 12.34.56.78:80
Listen 80
Listen 81 // 新添加一个81端口
// 创建网站的根目录并且写入内容到index文件中
[root@100 ~]# mkdir /usr/local/apache/htdocs/runtime
[root@100 ~]# mkdir /usr/local/apache/htdocs/wheel
[root@100 ~]# apachectl -t
Syntax OK
[root@100 ~]# echo "runtime" >/usr/local/apache/htdocs/runtime/index.html
[root@100 ~]# echo "wheel" >/usr/local/apache/htdocs/wheel/index.html
[root@100 ~]# apachectl restart //重启服务
[root@100 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::81 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*浏览器进行验证:
输入ip192.168.100.100 //默认使用的是80端口
使用81端口访问:
。不同IP相同端口配置:
[root@localhost ~]# vim /etc/httpd24/httpd.conf
ServerName www.example.com:80 //取消此行前面的#号
[root@localhost ~]# vim /etc/httpd24/httpd.conf
//在配置文件的最后加上如下内容:
#NameVirtualHost //如果是httpd2.2版本就要加上这一行如果是2.4版本就不要加
<VirtualHost 192.168.100.100:80>
DocumentRoot "/usr/local/apache/htdocs/runtime"
ServerName runtime.example.com
ErrorLog "logs/runtime.example.com-error_log"
CustomLog "logs/rutime.example.com-access_log" common
</VirtualHost>
<VirtualHost 192.168.100.101:80>
DocumentRoot "/usr/local/apache/htdocs/wheel"
ServerName wheel.example.com
ErrorLog "logs/wheel.example.com-error_log"
CustomLog "logs/wheel.example.com-access_log" common
</VirtualHost>
// 创建网站的根目录并且写入内容到index文件中
[root@100 ~]# mkdir /usr/local/apache/htdocs/runtime
[root@100 ~]# mkdir /usr/local/apache/htdocs/wheel
[root@100 ~]# apachectl -t
Syntax OK
[root@100 ~]# echo "runtime" >/usr/local/apache/htdocs/runtime/index.html
[root@100 ~]# echo "wheel" >/usr/local/apache/htdocs/wheel/index.html
[root@100 ~]# apachectl restart //重启服务
[root@100 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::81 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
//给主机服务端再添加一个ip为192.168.100.101
[root@100 ~]# ip addr add 192.168.100.101 dev eth0
[root@100 ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:0f:a6:60 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.100/24 brd 192.168.100.255 scope global eth0
valid_lft forever preferred_lft forever
inet 192.168.100.101/32 scope global eth0
valid_lft forever preferred_lft forever// 验证:
使用192.168.100.100访问:
使用192.168.100.101访问;
。相同IP相同端口不同域名配置
[root@localhost ~]# vim /etc/httpd24/httpd.conf
ServerName www.example.com:80 //取消此行前面的#号
[root@localhost ~]# vim /etc/httpd24/httpd.conf
//在配置文件的最后加上如下内容:
#NameVirtualHost //如果是httpd2.2版本就要加上这一行如果是2.4版本就不要加
<VirtualHost *:80> // 虚拟主机1配置
DocumentRoot "/usr/local/apache/htdocs/runtime"
ServerName runtime.example.com
ErrorLog "logs/runtime.example.com-error_log"
CustomLog "logs/rutime.example.com-access_log" common
</VirtualHost>
<VirtualHost *:80> //虚拟主机2配置
DocumentRoot "/usr/local/apache/htdocs/wheel"
ServerName wheel.example.com
ErrorLog "logs/wheel.example.com-error_log"
CustomLog "logs/wheel.example.com-access_log" common
</VirtualHost>
// 创建网站的根目录并且写入内容到index文件中
[root@100 ~]# mkdir /usr/local/apache/htdocs/runtime
[root@100 ~]# mkdir /usr/local/apache/htdocs/wheel
[root@100 ~]# apachectl -t
Syntax OK
[root@100 ~]# echo "runtime" >/usr/local/apache/htdocs/runtime/index.html
[root@100 ~]# echo "wheel" >/usr/local/apache/htdocs/wheel/index.html
[root@100 ~]# apachectl restart //重启服务
[root@100 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::81 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
// 修改主机端的hosts文件
[root@96 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.100 runtime.example.com //添加服务端的ip 和域名进来
192.168.100.100 wheel.example.com // 添加服务端的另一个ip和域名
// 验证:
// 访问runtime.example.com
[root@96 ~]# curl http://runtime.example.com
runtime
// 访问wheel.example.com
[root@96 ~]# curl http://wheel.example.com
wheel// DocumentRoot “/usr/local/apache/htdocs/wheel” 网页的目录站点不是固定的可以指定
// 例如将网站目录放在/var/www/html 则可以改为:DocumentRoot “/var/www/html/www”
将网页的目录站点放到/var/www/html日志文件放在/var/log/httpd进行一下配置:
[root@100 ~]# vim /etc/httpd24/httpd.conf
ServerName www.example.com:80 //取消此行前面的#号
`[root@100 ~]# vim /etc/httpd24/httpd.conf
//在配置文件的最后加上如下内容
#虚拟主机 1 配置:
<VirtualHost 192.168.100.100:80>
ServerName runtime.example.com
DocumentRoot "/var/www/html/www"
ErrorLog "/var/log/httpd/www/error_log"
CustomLog "/var/log/httpd/www/access_log" combined
<Directory /var/www/html/www>
<RequireAll>
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
#虚拟主机 2 配置:
<VirtualHost 192.168.100.100:80>
ServerName wheel.example.com
DocumentRoot "/var/www/html/blog"
ErrorLog "/var/log/httpd/blog/error_log"
CustomLog "/var/log/httpd/blog/access_log" combined
<Directory /var/www/html/blog>
<RequireAll>
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
注意:httpd-2.4版本默认是拒绝所有主机访问的,所以安装以后必须做显示授权访问
// 创建网站目录并修改属主和属组为Apache
[root@100 ~]# cd /var/www/html/
[root@100 html]# mkdir www blog
[root@100 html]# ls
blog www
[root@100 html]# chown -R apache.apache blog
[root@100 html]# chown -R apache.apache www
[root@100 html]# ll
总用量 0
drwxr-xr-x. 2 apache apache 6 6月 19 16:23 blog
drwxr-xr-x. 2 apache apache 6 6月 19 16:23 www
[root@100 html]# echo "www.baidu.com" >www/index.html
[root@100 html]# echo "blog.it.com" >blog/index.html
// 创建相应的日志目录并修改属主和属组为Apache
[root@100 html]# mkdir /var/log/httpd/{www,blog}
[root@100 html]# ls /var/log/httpd/
blog www
[root@100 html]# chown -R apache.apache /var/log/httpd/
[root@100 html]# ll /var/log/httpd/
drwxr-xr-x. 2 apache apache 6 6月 19 16:28 blog
drwxr-xr-x. 2 apache apache 6 6月 19 16:28 www
// 重启服务 [root@100 httpd]# apachectl restart
查看是否有80端口
[root@100 html]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
// 修改主机端的hosts文件
[root@96 ~]# vim /etc/hosts
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
// 添加以下两行
192.168.100.100 runtime.example.com
192.168.100.100 wheel.example.com
// 主机进行验证:
[root@96 ~]# curl http://runtime.example.com
www.baidu.com
[root@96 ~]# curl http://wheel.example.com
blog.it.com
[root@96 ~]#。ssl
启用模块:
yum 安装的情况下:
编辑/etc/httpd/conf.modules.d/00-base.conf文件,添加下面这行,如果已经有了但是注释了,则取消注释即可LoadModule ssl_module modules/mod_ssl.so
源码安装的情况下:
[root@100 httpd]# vim /etc/httpd24/httpd.conf
LoadModule ssl_module modules/mod_ssl.so //将此行注释取消掉。https配置:
环境说明:
服务端 | 客户端 |
192.168.100.100 | 192.168.100.96 |
// openssl实现私有CA:CA的配置文件:/etc/pki/tls/openssl.cnf a) CA生成一对密钥
[root@96 ~]# cd /etc/pki/CA
[root@96 CA]# ls
certs crl newcerts private
[root@96 CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
.............+++
................+++
e is 65537 (0x10001)
[root@96 CA]# openssl rsa -in private/cakey.pem -puboutb) CA生成自签署证书
[root@96 CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HuBei
Locality Name (eg, city) [Default City]:WuHan
Organization Name (eg, company) [Default Company Ltd]:runtime.example.com
Organizational Unit Name (eg, section) []:runtime.example.com
Common Name (eg, your name or your server's hostname) []:runtime.example.com
Email Address []:1@2.com
[root@96 CA]# openssl x509 -text -in cacert.pem //读出证书的内容
内容略。。。。
[root@96 CA]# mkdir certs newcerts crl //创建目录
[root@96 CA]# touch index.txt && echo 01 > serial
[root@96 CA]# ls
cacert.pem certs crl index.txt newcerts private serial
[root@96 CA]# cat serial
01c) 服务端生成密钥
[root@100 ~]# cd /etc/httpd24 && mkdir ssl && cd ssl
[root@100 ssl]#
[root@100 ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus
.....................+++
................+++
e is 65537 (0x10001)
[root@100 ssl]#d) 服务端生成证书签署请求
[root@100 ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HuBei
Locality Name (eg, city) [Default City]:WuHan
Organization Name (eg, company) [Default Company Ltd]:runtime.example.com
Organizational Unit Name (eg, section) []:runtime.example.com
Common Name (eg, your name or your server's hostname) []:runtime.example.com
Email Address []:1@2.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: //不设置密码直接回车
An optional company name []:
[root@100 ssl]#e) 服务端把证书签署请求文件发送给CA
[root@100 ssl]# scp httpd.csr root@192.168.100.96:/root
httpd.csr 100% 1082 21.2KB/s 00:00
[root@100 ssl]#
[root@96 CA]# cd
[root@96 ~]# ls
httpd.csrf) CA签署服务端提交上来的证书
[root@96 ~]# openssl ca -in /root/httpd.csr -out httpd.crt -days 365
[root@96 ~]# ls
httpd.crt httpd.csrg) CA把签署好的证书httpd.crt发给服务端
[root@96 ~]# scp httpd.crt root@192.168.100.100:/root/
[root@100 ~]# ls
httpd.crt
[root@100 ~]# mv httpd.crt /etc/httpd24/ssl/
[root@100 ~]# cd /etc/httpd24/ssl/
[root@100 ssl]# ls
httpd.crt httpd.csr httpd.key
[root@100 ssl]#// ssl配置:
// 配置虚拟主机
[root@100 ~]# vim /etc/httpd24/extra/httpd-ssl.conf
/DocumentRoot //搜索
修改为以下内容:
DocumentRoot "/usr/local/apache/htdocs/runtime"
ServerName runtime.example.com:443
ServerAdmin you@example.com
ErrorLog "/usr/local/apache/logs/runtime.example.com-error_log"
TransferLog "/usr/local/apache/logs/runtime.example.com-access_log"
紧接着将
SSLCertificateFile "/etc/httpd24/server.crt" 改为 SSLCertificateFile "/etc/httpd24/ssl/httpd.crt"
SSLCertificateKeyFile "/etc/httpd24/server.key" 改为 SSLCertificateKeyFile "/etc/httpd24/ssl/httpd.key"
//配置完成之后检查一下配置文件是否有语法错误:
[root@100 httpd24]# apachectl -t
Syntax OK
[root@100 httpd24]# vim httpd.conf
Include /etc/httpd24/extra/httpd-ssl.conf //将此行的注释取消
LoadModule ssl_module modules/mod_ssl.so //将此行的注释取消
[root@100 httpd24]# vim extra/httpd-ssl.conf
#SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_scache(512000)" //此行添加注释
//修改完成之后检查一下配置文件是否有语法错误:
[root@100 httpd24]# apachectl -t
Syntax OK
//重启服务
[root@100 httpd24]# apachectl restart
//查看https端口(443)起来没有
[root@100 httpd24]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 50 *:139 *:*
LISTEN 0 128 *:111 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 50 *:445 *:*
LISTEN 0 128 *:44643 *:*
LISTEN 0 50 :::139 :::*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 128 :::443 :::* //443端口起来了
修改客户端的hosts文件
C:\Windows\System32\drivers\etc\hosts
192.168.100.100 runtime.example.com//访问结果:
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
