关于https的网站搭建

最新推荐文章于 2024-11-17 10:29:54 发布

原创最新推荐文章于 2024-11-17 10:29:54 发布 · 996 阅读

0 ·

本内容遵循CC 4.0 BY-SA版权协议

标签

#linux #服务器 #运维

目标

搭建一个基于https://www.zuoye.com访问的web网站，网站首页在/www/https/，内容为exercise。

首先安装和使用mod_ssl软件包

[root@red-85 nfs]# yum install mod_ssl -y

Complete!
[root@red-85 nfs]#

生成私钥

[root@red-85 certs]# openssl genrsa -aes128 2048 > https.key
Generating RSA private key, 2048 bit long modulus (2 primes)
..................+++++
............................................................................+++++
e is 65537 (0x010001)
Enter pass phrase:
Verifying - Enter pass phrase:
[root@red-85 certs]#

生成证书

[root@red-85 certs]# openssl req -utf8 -new -key https.key -x509 -days 365 -out https..crt
Enter pass phrase for https.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:86  #国家代码
State or Province Name (full name) []:gd  #省代码
Locality Name (eg, city) [Default City]:gz  #城市代码
Organization Name (eg, company) [Default Company Ltd]:ce #公司、企业、组织
Organizational Unit Name (eg, section) []:ce #部门
Common Name (eg, your name or your server's hostname) []:www.ceshi.com #域名
Email Address []:admin@ceshi.com  #邮箱
[root@red-85 certs]#

查看生成的密钥和证书

[root@red-85 certs]# ll
total 8
lrwxrwxrwx. 1 root root   49 Jun 17  2021 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx. 1 root root   55 Jun 17  2021 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rw-r--r--. 1 root root 1411 Dec  2 22:12 https..crt
-rw-r--r--. 1 root root 1766 Dec  2 22:09 https.key
[root@red-85 certs]#

创建网页路径

[root@red-85 certs]# mkdir -pv /www/https
mkdir: created directory '/www/https'
[root@red-85 certs]# ll /www/
total 0
drwxr-xr-x. 2 root root  6 Dec  2 22:20 https
drwxr-xr-x. 2 root root 24 Nov 27 17:19 tx

编写文件内容

[root@red-85 certs]# cd /www/https
[root@red-85 https]# vim index.html
[root@red-85 https]# cat index.html
exercise

关闭防火墙和selinux

[root@red-85 https]# systemctl stop firewalld
[root@red-85 https]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Fri 2022-12-02 20:09:54 CST; 2h 13min ago
     Docs: man:firewalld(1)
  Process: 985 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, stat>
 Main PID: 985 (code=exited, status=0/SUCCESS)

Nov 30 20:08:23 red-85 systemd[1]: Starting firewalld - dynamic firewall daemon...
Nov 30 20:08:26 red-85 systemd[1]: Started firewalld - dynamic firewall daemon.
Nov 30 20:08:27 red-85 firewalld[985]: WARNING: AllowZoneDrifting is enabled. This is considered>
Dec 02 20:09:48 red-85 systemd[1]: Stopping firewalld - dynamic firewall daemon...
Dec 02 20:09:54 red-85 systemd[1]: firewalld.service: Succeeded.
Dec 02 20:09:54 red-85 systemd[1]: Stopped firewalld - dynamic firewall daemon.

[root@red-85 https]# setenforce 0
[root@red-85 https]# getenforce
Permissive
[root@red-85 https]#

编写配置文件

<VirtualHost 192.168.240.11:443>
documentroot "/www/https"
servername www.ceshi.com
sslengine on
errorlog "/var/log/httpd/https_error_log"
transferlog "/var/log/httpd/https_access_log"
sslcertificatefile /etc/pki/tls/certs/https.crt
sslcertificatekeyfile /etc/pki/tls/certs/https.key
</VirtualHost>



<Directory "/www/https">
allowoverride none
require all granted
</Directory>

重启服务

[root@server ~]# systemctl restart httpd
Enter TLS private key passphrase for www.ceshi.com:443(RSA):*********

通过ip地址访问


[root@server conf.d]#curl https://192.168.240.11 - k
exercise

通过域名访问


[root@server conf.d]#curl https://www.ceshi.com -k
exercise