实例一
- 1.从http://ldap.example.com/pub/example.html下载文件,并重命名为index.html,不修改文件内容
- 2.将文件index.html拷贝到你的DocumentRoot目录下
- 3 来自于example.com的客户端可以访问web服务器
- 4.来自于my133t.org的客户端的访问会被拒绝
[root@server30 html]# mv example.html index.html
[root@server30 ~]# systemctl mask iptables ebtables
ln -s '/dev/null' '/etc/systemd/system/iptables.service'
ln -s '/dev/null' '/etc/systemd/system/ebtables.service'
[root@server30 ~]# systemctl stop iptables ebtables
[root@server30 ~]# firewall-cmd --get-service|grep http
amanda-client bacula bacula-client dhcp dhcpv6 dhcpv6-client dns ftp high-availability http https imaps ipp ipp-client ipsec kerberos kpasswd ldap ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind samba samba-client smtp ssh telnet tftp tftp-client transmission-client vnc-server wbem-https
[root@server30 ~]# firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 service name=http accept'
success
[root@server30 ~]# firewall-cmd --reload
success
[root@server30 ~]# systemctl restart httpd
测试
实例二
- 1.已签名证书从http://ldap.example.com/pub/server30.crt获取
- 2.证书的密钥从http://ldap.example.com/pub/server30.key获取
- 3.证书的签名授权信息从http://ldap.example.com/pub/group30.crt获取
**先安装mod_ssl,然后到/etc/httpd/conf.d/ssl.conf下面配置
[root@server30 ~]# rpm -qa|grep mod_ssl
mod_ssl-2.4.6-17.el7.x86_64
[roo