实验环境
系统:CentOS7
IP:192.168.253.128
http版本:2.4
先把防火墙和selinux关了
systemctl stop firewalld
setenforce 0
编译安装httpd2.4
cd /usr/local/src
wget http://mirror.bit.edu.cn/apache//httpd/httpd-2.4.34.tar.gz ##这是官网的httpd2.4tar包地址
wget http://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-1.6.3.tar.gz ##官网的apr包
wget http://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-util-1.6.1.tar.gz ##官网的apr-util地址
tar -xf apr-1.6.3.tar.gz
tar -xf apr-util-1.6.1.tar.gz
tar -xf httpd-2.4.34.tar.gz
mv apr-1.6.3 /usr/local/src/httpd-2.4.34/srclib/apr
mv apr-util-1.6.1 /usr/local/src/httpd-2.4.34/srclib/apr-util
cd httpd-2.4.34
yum install pcre pcre-devel openssl openssl-devel gcc gcc-devel gcc-c++ expat-devel -y
./configure --prefix=/usr/local/apache2.4 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork --with-included-apr
make && make install
PATH=/usr/local/apache2.4/bin/:$PATH
自建CA并签发证书
命令相关的详细解释可以看下面这个文章,这里简单直接的自建一下
https://blog.csdn.net/L835311324/article/details/81540086
(umask 077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 4096)
openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3655
mkdir -pv /etc/pki/CA/{certs,crl,newcerts}
touch /etc/pki/CA/{serial,index.txt}
echo 01 > /etc/pki/CA/serial
mkdir /usr/local/apache2.4/ssl ##创建一个存放ssl证书和密钥的地方
cd /usr/local/apache2.4/ssl
(umask 077; openssl genrsa -out /usr/local/apache2.4/ssl/apache.key 2048)
openssl req -new -key /usr/local/apache2.4/ssl/apache.key -out /usr/local/apache2.4/ssl/apache_ssl.csr -days 365
openssl ca -in /usr/local/apache2.4/ssl/apache_ssl.csr -out /usr/local/apache2.4/ssl/apache_ssl.crt
设置虚拟主机
创建站点目录
mkdir -pv /var/www/html/ice
备份一下原始的文件/usr/local/apache2.4/conf/extra/httpd-vhosts.conf
cp /usr/local/apache2.4/conf/extra/httpd-vhosts.conf{,.bak}
修改配置文件/usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:443>
ServerAdmin 835311324@qq.com
DocumentRoot "/var/www/html/ice"
ServerName www.ice.com
ServerAlias www.ice.com
ErrorLog "logs/ice-error_log"
CustomLog "logs/ice-access_log" common
<Directory "/var/www/html/ice">
Options None
AllowOverride None
Require all granted
</Directory>
SSLEngine on
SSLCertificateFile "/usr/local/apache2.4/ssl/apache_ssl.crt"
SSLCertificateKeyFile "/usr/local/apache2.4/ssl/apache.key"
</VirtualHost>
修改主配置文件
Listen 443 ssl
ServerName 127.0.0.1
LoadModule ssl_module modules/mod_ssl.so##取消注释
Include conf/extra/httpd-vhosts.conf##取消注释
写一个测试主页
echo “www.ice.com”> /var/www/html/ice/index.html
检查一下配置文件
httpd -t
启动httpd服务
httpd -k start
查看一下端口起了没
ss -nlt
我们还需要修改一下物理机的hosts文件
路径:C:\Windows\System32\drivers\etc
打开浏览器访问试试
因为CA是自建的所以这里显示连接不安全 没关系我们导入一下我们的CA证书
将虚拟机CA证书上传到物理机
yum install lrzsz -y
sz /etc/pki/CA/cacert.pem
然后再浏览器中导入证书
选项—->隐私与安全—->证书
导入证书,选择刚刚虚拟机上传的证书
然后重新访问一下https://www.ice.com:443/index.html
可以看出成功了