#httpd
文章目录
##1.httpd常用配置 //LoadModule mpm_NAME_module modules/mod_mpm_NAME.so //NAME有三种,分别是: prefork event worker[root@localhost ~]# yum install -y httpd Last metadata expiration check: 0:36:34 ago on Thu 21 Jul 2022 02:38:31 PM CST. Dependencies resolved. ================================================================================================================================= Package Architecture Version Repository Size ================================================================================================================================= ... Complete! [root@localhost ~]# systemctl start httpd [root@localhost ~]# ss -antl State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 128 0.0.0.0:111 0.0.0.0:* LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 [::]:111 [::]:* LISTEN 0 128 *:80 *:* LISTEN 0 128 [::]:22 [::]:* [root@localhost ~]# systemctl stop firewalld [root@localhost ~]# 
[root@localhost ~]# cd /etc/httpd/ [root@localhost httpd]# ls conf conf.d conf.modules.d logs modules run state [root@localhost httpd]# cd conf.modules.d/ [root@localhost conf.modules.d]# pwd /etc/httpd/conf.modules.d [root@localhost conf.modules.d]# ls 00-base.conf 00-lua.conf 00-optional.conf 00-systemd.conf 10-h2.conf README 00-dav.conf 00-mpm.conf 00-proxy.conf 01-cgi.conf 10-proxy_h2.conf [root@localhost conf.modules.d]# vim 00-mpm.conf
| 法则 | 功能 |
|---|---|
| Require all granted | 允许所有主机访问 |
| Require all deny | 拒绝所有主机访问 |
| Require ip IPADDR | 授权访问指定来源地址的主机 |
| Require not ip IPADDR | 拒绝指定来源地址的主机访问 |
| Require host HOSTNAME | 授权来源指定主机名称的主机访问 |
| Require not host HOSTNAME | 拒绝访问指定来源主机名称的主机 |
示例:
[root@localhost ~]# cd /var/www/html/ [root@localhost html]# ls [root@localhost html]# echo "hello" > index.html [root@localhost html]# ls index.html [root@localhost html]# mkdir youxi [root@localhost html]# ll total 4 -rw-r–r–. 1 root root 6 Jul 21 21:02 index.html drwxr-xr-x. 2 root root 6 Jul 21 21:12 youxi [root@localhost html]# ls index.html youxi [root@localhost html]# cd youxi/ [root@localhost youxi]# ls [root@localhost youxi]# ls feijiedazhan.zip [root@localhost youxi]# yum -y install zip* Last metadata expiration check: 0:19:30 ago on Thu 21 Jul 2022 08:56:41 PM CST. Dependencies resolved. … Complete! [root@localhost youxi]# ls feijiedazhan.zip [root@localhost youxi]# unzip feijiedazhan.zip … [root@localhost youxi]# ls feijiedazhan.zip HTML全国飞机大战小游戏 [root@localhost youxi]# rm -rf feijiedazhan.zip [root@localhost youxi]# ls HTML全国飞机大战小游戏 [root@localhost youxi]# mv HTML5全民飞机大战小游戏 feiji [root@localhost youxi]# ls feiji [root@localhost youxi]# mv feiji /var/www/html/ [root@localhost youxi]# cd [root@localhost ~]# cd /var/www/html/ [root@localhost html]# ls feiji index.html youxi [root@localhost html]# rm -rf youxi [root@localhost html]# ls feiji index.html [root@localhost html]# cd feiji/ [root@localhost feiji]# ls css img index.html j [root@localhost feiji]# cd … [root@localhost html]# ls feiji index.html [root@localhost html]# cd [root@localhost ~]# cd /etc/httpd/ [root@localhost httpd]# ls conf conf.d conf.modules.d logs modules run state [root@localhost httpd]# cd conf [root@localhost conf]# ls httpd.conf magic [root@localhost conf]# pwd /etc/httpd/conf [root@localhost conf]# ls httpd.conf magic [root@localhost conf]# vim httpd.conf [root@localhost conf]# systemctl restart httpd
虚拟主机有三类:
- 相同IP不同端口
[root@localhost ~]# mkdir /var/www/vhost1
[root@localhost ~]# vim /var/www/vhost1/index.html
vhost1
[root@localhost ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf
Listen 80
<VirtualHost 192.168.56.166:8080>
ServerAdmin root@localhost
ServerName www.wyn.com
ServerAlias www.wyn1.com
DocumentRoot "/var/www/vhost1/"
ErrorLog "/var/log/httpd/error_log"
CustomLog "/var/log/httpd/access_log" combined
<Directory "/var/www/vhost1/">
<RequireAll>
Require all granted
Require not ip 192.168.1.1
</RequireAll>
</Directory>
</VirtualHost>
[root@localhost ~]# mkdir /var/www/vhost2/
[root@localhost ~]# vim /var/www/vhost2/index.html
vhost2
[root@localhost ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf
Listen 8800
<VirtualHost 192.168.56.166:8800>
ServerAdmin root@localhost
ServerName www.nyw.com
ServerAlias www.nyw1.com
DocumentRoot "/var/www/vhost2/"
ErrorLog "/var/log/httpd/error_log"
CustomLog "/var/log/httpd/access_log" common
<Directory "/var/www/vhost2/">
<RequireAll>
Require all granted
Require not ip 192.168.1.1
</RequireAll>
</Directory>
</VirtualHost>
[root@localhost ~]# systemctl restart httpd
注意:防火墙是否放行端口,selinux是否开放端口。
- 不同IP相同端口
[root@localhost ~]# ip a add 192.168.56.167/24 dev ens33
[root@localhost ~]# ip a add 192.168.56.168/24 dev ens33
[root@localhost ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf
<VirtualHost 192.168.52.156:80>
DocumentRoot "/var/www/html"
</VirtualHost>
<VirtualHost 192.168.56.167:80>
ServerAdmin root@localhost
ServerName www.wyn.com
ServerAlias www.wyn1.com
DocumentRoot "/var/www/vhost1/"
ErrorLog "/var/log/httpd/error_log"
CustomLog "/var/log/httpd/access_log" combined
<Directory "/var/www/vhost1/">
<RequireAll>
Require all granted
Require not ip 192.168.56.134
</RequireAll>
</Directory>
</VirtualHost>
<VirtualHost 192.168.56.168:80>
ServerAdmin root@localhost
ServerName www.nyw.com
ServerAlias www.nyw1.com
DocumentRoot "/var/www/vhost2/"
ErrorLog "/var/log/httpd/error_log"
CustomLog "/var/log/httpd/access_log" common
<Directory "/var/www/vhost2/">
<RequireAll>
Require all granted
Require not ip 192.168.56.134
</RequireAll>
</Directory>
</VirtualHost>
[root@localhost ~]# systemctl restart httpd
- 相同IP相同端口不同域名
[root@localhost ~]#vim /etc/httpd/conf.d/httpd-vhosts.conf
<VirtualHost 192.168.56.166:80>
ServerAdmin root@localhost
ServerName www.wyn.com
ServerAlias www.wyn1.com
DocumentRoot "/var/www/vhost1/"
ErrorLog "/var/log/httpd/error_log"
CustomLog "/var/log/httpd/access_log" combined
<Directory "/var/www/vhost1/">
<RequireAll>
Require all granted
Require not ip 192.168.56.134
</RequireAll>
</Directory>
</VirtualHost>
<VirtualHost 192.168.56.166:80>
ServerAdmin root@localhost
ServerName www.nyw.com
ServerAlias www.nyw1.com
DocumentRoot "/var/www/vhost2/"
ErrorLog "/var/log/httpd/error_log"
CustomLog "/var/log/httpd/access_log" common
<Directory "/var/www/vhost2/">
<RequireAll>
Require all granted
Require not ip 192.168.56.134
</RequireAll>
</Directory>
</VirtualHost>
[root@localhost ~]# systemctl restart httpd
ssl: 启用模块:编辑/etc/httpd/conf.modules.d/00-base.conf文件,添加下面这行,如果已经有了但是注释了,则取消注释即可
[root@localhost ~]# cd /etc/httpd/conf
[root@localhost conf]# ls
httpd.conf magic
[root@localhost conf]# cd ..
[root@localhost httpd]# ls
conf conf.d conf.modules.d logs modules run state
[root@localhost httpd]# cd conf.modules.d
[root@localhost conf.modules.d]# ls
00-base.conf 00-lua.conf 00-optional.conf 00-systemd.conf 10-h2.conf README
00-dav.conf 00-mpm.conf 00-proxy.conf 01-cgi.conf 10-proxy_h2.conf
[root@localhost conf.modules.d]# cd ..
[root@localhost httpd]# ls
conf conf.d conf.modules.d logs modules run state
[root@localhost httpd]# cd conf.d/
[root@localhost conf.d]# ls
autoindex.conf README userdir.conf welcome.conf
[root@localhost conf.d]# cd ..
[root@localhost httpd]# ls
conf conf.d conf.modules.d logs modules run state
[root@localhost httpd]# cd conf.modules.d/
[root@localhost conf.modules.d]# ls
00-base.conf 00-lua.conf 00-optional.conf 00-systemd.conf 10-h2.conf README
00-dav.conf 00-mpm.conf 00-proxy.conf 01-cgi.conf 10-proxy_h2.conf
[root@localhost conf.modules.d]# yum -y install mod_ssl
Last metadata expiration check: 1:41:12 ago on Thu 21 Jul 2022 08:56:41 PM CST.
Dependencies resolved.
=================================================================================================================================
Package Architecture Version Repository Size
=================================================================================================================================
Installing:
mod_ssl x86_64 1:2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1 appstream 137 k
Installing dependencies:
sscg x86_64 2.3.3-15.el8 appstream 49 k
Transaction Summary
=================================================================================================================================
Install 2 Packages
Total download size: 187 k
Installed size: 364 k
Downloading Packages:
(1/2): sscg-2.3.3-15.el8.x86_64.rpm 192 kB/s | 49 kB 00:00
(2/2): mod_ssl-2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.x86_64.rpm 487 kB/s | 137 kB 00:00
---------------------------------------------------------------------------------------------------------------------------------
Total 252 kB/s | 187 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : sscg-2.3.3-15.el8.x86_64 1/2
Installing : mod_ssl-1:2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.x86_64 2/2
Running scriptlet: mod_ssl-1:2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.x86_64 2/2
Verifying : mod_ssl-1:2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.x86_64 1/2
Verifying : sscg-2.3.3-15.el8.x86_64 2/2
Installed products updated.
Installed:
mod_ssl-1:2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.x86_64 sscg-2.3.3-15.el8.x86_64
Complete!
[root@localhost conf.modules.d]# ls
00-base.conf 00-lua.conf 00-optional.conf 00-ssl.conf 01-cgi.conf 10-proxy_h2.conf
00-dav.conf 00-mpm.conf 00-proxy.conf 00-systemd.conf 10-h2.conf README
[root@localhost conf.modules.d]# cd ..
[root@localhost httpd]# ls
conf conf.d conf.modules.d logs modules run state
[root@localhost httpd]# cd conf.d/
[root@localhost conf.d]# ls
autoindex.conf README ssl.conf userdir.conf welcome.conf
[root@localhost conf.d]# cd ..
[root@localhost httpd]# ls
conf conf.d conf.modules.d logs modules run state
[root@localhost httpd]# cd conf.modules.d/
[root@localhost conf.modules.d]# ls
00-base.conf 00-lua.conf 00-optional.conf 00-ssl.conf 01-cgi.conf 10-proxy_h2.conf
00-dav.conf 00-mpm.conf 00-proxy.conf 00-systemd.conf 10-h2.conf README
[root@localhost conf.modules.d]# vim 00-ssl.conf
LoadModule ssl_module modules/mod_ssl.so
配置https步骤:
- 生成证书(参考博客linux运维系列第6章)
[root@localhost ~]# mkdir /etc/pki/CA
[root@localhost ~]# cd /etc/pki/CA
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
genrsa: Can't open "private/cakey.pem" for writing, No such file or directory
[root@localhost CA]# mkdir private
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
...................................................................................................................................................................+++++
..........+++++
e is 65537 (0x010001)
[root@localhost CA]# openssl rsa -in private/cakey.pem -pubout
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVhvBdk08oXwZHJoQuc5
34WNgyP0ONnax4/dGFJUJNHeDirO2ozKR2/zmBxT8FGBQKvtvK1JV49DUphYA3Nj
bocDUZhUFaJ1/Zf9psMQhX78yc2m0mydx4l+N6LREBbjqsxa2NcsYumo+OpT6V+i
STCXzvJC8ITnyxkl1WRumshcSdPLfuMlWaUQX8uxzWlvVmDZBpI5mbJGtgF2fYuV
3IcUWcwJ02Ap+CuObC/mr7w3b7nveDg3lNjivFrk+iZB9/g6mpQxkeq5I0jxE4b7
5vTp76BOVixV26K8fd9PV9ogvKOgESHUVnvccxyLw1dsGbdbG3HjRQ+SYMA3D0XB
6QIDAQAB
-----END PUBLIC KEY-----
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:peixun
Common Name (eg, your name or your server's hostname) []:www.wyn.com
Email Address []:1@2.com
[root@localhost CA]# ls private/
cakey.pem
[root@localhost CA]# ls
cacert.pem private
[root@localhost CA]# openssl x509 -text -in cacert.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
60:68:ce:e8:0a:2a:fc:b7:7f:7f:e8:00:12:d2:5f:6b:09:23:a1:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = cn, ST = hb, L = wh, O = Default Company Ltd, OU = peixun, CN = www.wyn.com, emailAddress = 1@2.com
Validity
Not Before: Jul 21 15:09:47 2022 GMT
Not After : Jul 21 15:09:47 2023 GMT
Subject: C = cn, ST = hb, L = wh, O = Default Company Ltd, OU = peixun, CN = www.wyn.com, emailAddress = 1@2.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:58:6f:05:d9:34:f2:85:f0:64:72:68:42:e7:
39:df:85:8d:83:23:f4:38:d9:da:c7:8f:dd:18:52:
54:24:d1:de:0e:2a:ce:da:8c:ca:47:6f:f3:98:1c:
53:f0:51:81:40:ab:ed:bc:ad:49:57:8f:43:52:98:
58:03:73:63:6e:87:03:51:98:54:15:a2:75:fd:97:
fd:a6:c3:10:85:7e:fc:c9:cd:a6:d2:6c:9d:c7:89:
7e:37:a2:d1:10:16:e3:aa:cc:5a:d8:d7:2c:62:e9:
a8:f8:ea:53:e9:5f:a2:49:30:97:ce:f2:42:f0:84:
e7:cb:19:25:d5:64:6e:9a:c8:5c:49:d3:cb:7e:e3:
25:59:a5:10:5f:cb:b1:cd:69:6f:56:60:d9:06:92:
39:99:b2:46:b6:01:76:7d:8b:95:dc:87:14:59:cc:
09:d3:60:29:f8:2b:8e:6c:2f:e6:af:bc:37:6f:b9:
ef:78:38:37:94:d8:e2:bc:5a:e4:fa:26:41:f7:f8:
3a:9a:94:31:91:ea:b9:23:48:f1:13:86:fb:e6:f4:
e9:ef:a0:4e:56:2c:55:db:a2:bc:7d:df:4f:57:da:
20:bc:a3:a0:11:21:d4:56:7b:dc:73:1c:8b:c3:57:
6c:19:b7:5b:1b:71:e3:45:0f:92:60:c0:37:0f:45:
c1:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:86:1D:8A:53:D5:C2:7B:50:86:C9:12:7A:C0:B6:3D:6F:71:40:05
X509v3 Authority Key Identifier:
keyid:86:86:1D:8A:53:D5:C2:7B:50:86:C9:12:7A:C0:B6:3D:6F:71:40:05
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
67:32:b1:1f:9d:eb:94:6c:9a:fd:7a:81:9e:f3:e9:50:6e:0e:
a1:a0:28:6c:5e:7a:73:5d:78:94:c0:f4:f9:fa:77:0f:db:3a:
06:df:14:20:23:a3:ff:ef:af:1f:03:29:a7:32:80:e6:05:76:
fa:2c:b3:17:78:c3:7e:70:69:7e:41:03:6a:af:80:f7:6b:9b:
fe:b2:55:b2:29:f6:89:36:42:89:37:e2:fd:bc:c2:29:b8:96:
f7:f1:bd:78:9b:91:5d:f3:13:67:d7:4e:e7:d7:c2:dc:d2:95:
4c:34:ba:bd:12:1e:47:2c:f4:c1:ac:79:91:39:d7:17:89:be:
15:0a:f8:21:71:b5:73:7d:8a:54:02:2f:6f:70:ae:3f:7f:d8:
17:47:16:0f:5d:2b:e4:2d:68:05:88:04:65:d3:ad:c9:90:91:
d1:b2:1c:78:30:b1:d7:63:29:8b:7a:70:ea:88:f9:a8:d7:4f:
bb:a8:a3:ee:a8:b4:73:56:9e:ed:86:dd:66:5e:4a:57:01:3b:
5f:bb:61:1b:6e:a7:e3:99:ed:3a:44:4a:5e:9c:27:3c:9f:1b:
71:56:5b:5f:b5:93:c1:46:3e:77:ec:24:b4:69:74:06:1e:b4:
f3:0a:ff:d1:8e:79:1e:4f:90:96:7d:ee:88:27:30:db:0e:80:
14:6d:9a:02
-----BEGIN CERTIFICATE-----
MIID6zCCAtOgAwIBAgIUYGjO6Aoq/Ld/f+gAEtJfawkjocEwDQYJKoZIhvcNAQEL
BQAwgYQxCzAJBgNVBAYTAmNuMQswCQYDVQQIDAJoYjELMAkGA1UEBwwCd2gxHDAa
BgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxDzANBgNVBAsMBnBlaXh1bjEUMBIG
A1UEAwwLd3d3Lnd5bi5jb20xFjAUBgkqhkiG9w0BCQEWBzFAMi5jb20wHhcNMjIw
NzIxMTUwOTQ3WhcNMjMwNzIxMTUwOTQ3WjCBhDELMAkGA1UEBhMCY24xCzAJBgNV
BAgMAmhiMQswCQYDVQQHDAJ3aDEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0
ZDEPMA0GA1UECwwGcGVpeHVuMRQwEgYDVQQDDAt3d3cud3luLmNvbTEWMBQGCSqG
SIb3DQEJARYHMUAyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AKVYbwXZNPKF8GRyaELnOd+FjYMj9DjZ2seP3RhSVCTR3g4qztqMykdv85gcU/BR
gUCr7bytSVePQ1KYWANzY26HA1GYVBWidf2X/abDEIV+/MnNptJsnceJfjei0RAW
46rMWtjXLGLpqPjqU+lfokkwl87yQvCE58sZJdVkbprIXEnTy37jJVmlEF/Lsc1p
b1Zg2QaSOZmyRrYBdn2LldyHFFnMCdNgKfgrjmwv5q+8N2+573g4N5TY4rxa5Pom
Qff4OpqUMZHquSNI8ROG++b06e+gTlYsVduivH3fT1faILyjoBEh1FZ73HMci8NX
bBm3Wxtx40UPkmDANw9FwekCAwEAAaNTMFEwHQYDVR0OBBYEFIaGHYpT1cJ7UIbJ
EnrAtj1vcUAFMB8GA1UdIwQYMBaAFIaGHYpT1cJ7UIbJEnrAtj1vcUAFMA8GA1Ud
EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGcysR+d65Rsmv16gZ7z6VBu
DqGgKGxeenNdeJTA9Pn6dw/bOgbfFCAjo//vrx8DKacygOYFdvossxd4w35waX5B
A2qvgPdrm/6yVbIp9ok2Qok34v28wim4lvfxvXibkV3zE2fXTufXwtzSlUw0ur0S
Hkcs9MGseZE51xeJvhUK+CFxtXN9ilQCL29wrj9/2BdHFg9dK+QtaAWIBGXTrcmQ
kdGyHHgwsddjKYt6cOqI+ajXT7uoo+6otHNWnu2G3WZeSlcBO1+7YRtup+OZ7TpE
Sl6cJzyfG3FWW1+1k8FGPnfsJLRpdAYetPMK/9GOeR5PkJZ97ognMNsOgBRtmgI=
-----END CERTIFICATE-----
[root@localhost CA]# mkdir certs newcerts crl
[root@localhost CA]# ls
cacert.pem certs crl newcerts private
[root@localhost CA]# touch index.txt && echo 01 > serial
[root@localhost CA]# ls
cacert.pem certs crl index.txt newcerts private serial
[root@localhost CA]# ls
cacert.pem certs crl index.txt newcerts private serial
[root@localhost CA]# cd /etc/httpd && mkdir ssl && cd ssl
[root@localhost ssl]# pwd
/etc/httpd/ssl
[root@localhost ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
......+++++
.................................................................................................................+++++
e is 65537 (0x010001)
[root@localhost ssl]# ls
httpd.key
[root@localhost ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:peixun
Common Name (eg, your name or your server's hostname) []:www.wyn.com
Email Address []:1@2.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@localhost ssl]# ls
httpd.csr httpd.key
[root@localhost ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Jul 21 15:20:50 2022 GMT
Not After : Jul 21 15:20:50 2023 GMT
Subject:
countryName = cn
stateOrProvinceName = hb
organizationName = Default Company Ltd
organizationalUnitName = peixun
commonName = www.wyn.com
emailAddress = 1@2.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
91:63:DF:19:57:4E:A3:83:90:54:DD:DE:2D:7A:AB:33:F2:A9:05:4B
X509v3 Authority Key Identifier:
keyid:86:86:1D:8A:53:D5:C2:7B:50:86:C9:12:7A:C0:B6:3D:6F:71:40:05
Certificate is to be certified until Jul 21 15:20:50 2023 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@localhost ssl]# ls
httpd.crt httpd.csr httpd.key
- 配置httpd.conf,取消以下内容的注释 LoadModule ssl_module modules/mod_ssl.so Include /etc/httpd24/extra/httpd-vhosts.conf Include /etc/httpd24/extra/httpd-ssl.conf
- 在httpd-vhosts.conf中配置虚拟主机
- 在httpd-ssl.conf中配置证书的位置
[root@localhost ~]# cd /etc/httpd/conf.d/
[root@localhost conf.d]# vim ssl.conf
DocumentRoot "/var/www/vhost1/"
ServerName www.wyn.com:443
......
SSLCertificateFile /etc/httpd/ssl/httpd.crt
......
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
- 检查配置文件是否有语法错误
[root@localhost conf.d]# httpd -t
Syntax OK
-
启动或重启服务
systemctl restart httpd ss -antl State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 128 *:80 : LISTEN 0 128 *:443 :
-
设置hosts以便用域名访问(仅学习阶段,企业实际工作中无需做此步。)
效果