搭建一个基于https://www.zuoye.com访问的web网站,网站首页在/www/https/,内容为exercise
服务器端配置host解析
[root@rhce conf.d]# vim /etc/hosts
[root@rhce conf.d]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.21.128 www.zuoye.com
服务器配置网站首页内容
[root@rhce conf.d]# mkdir -pv /www/https/
mkdir: created directory '/www/https/'
[root@rhce conf.d]# echo "exercise" > /www/https/index.html
[root@rhce conf.d]# tree /www/
/www/
├── https
│ └── index.html
└── xxj
└── index.html
2 directories, 2 files
[root@rhce conf.d]# cat /www/https/index.html
exercise
配置ssl证书
[root@localhost ~]# yum install mod_ssl -y
[root@rhce yum.repos.d]# cd /etc/pki/tls/certs/
[root@rhce certs]# ll
total 4
lrwxrwxrwx. 1 root root 49 Jun 17 2021 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx. 1 root root 55 Jun 17 2021 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rw-r--r--. 1 root root 2516 Nov 13 10:18 Makefile
[root@rhce certs]# make zuoye.crt
umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 > zuoye.key
Generating RSA private key, 2048 bit long modulus (2 primes)
.............................................+++++
...........................+++++
e is 65537 (0x010001)
Enter pass phrase:
Verifying - Enter pass phrase:
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key zuoye.key -x509 -days 365 -out zuoye.crt
Enter pass phrase for zuoye.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:86
State or Province Name (full name) []:sx
Locality Name (eg, city) [Default City]:xa
Organization Name (eg, company) [Default Company Ltd]:ce
Organizational Unit Name (eg, section) []:ce
Common Name (eg, your name or your server's hostname) []:www.zuoye.com
Email Address []:admin@rhce.com
[root@rhce certs]# ll zuoye.*
-rw-------. 1 root root 1383 Nov 13 10:24 zuoye.crt
-rw-------. 1 root root 1766 Nov 13 10:22 zuoye.key
配置httpd服务
[root@rhce certs]# vim /etc/httpd/conf.d/https-zuoye.conf
[root@rhce certs]# cat /etc/httpd/conf.d/https-zuoye.conf
<VirtualHost 192.168.21.128:443>
# ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/www/https"
ServerName www.zuoye.com
# ServerAlias www.dummy-host.example.com
ErrorLog "/var/log/httpd/https_zuoye-error_log"
CustomLog "/var/log/httpd/https_zuoye-access_log" common
# ssl
sslengine on
SSLCertificateFile /etc/pki/tls/certs/zuoye.crt
SSLCertificateKeyFile /etc/pki/tls/certs/zuoye.key
</VirtualHost>
<Directory "/www/https">
AllowOverride None
Require all granted
</Directory>
[root@rhce certs]# systemctl restart httpd
Enter TLS private key passphrase for www.zuoye.com:443 (RSA) : ****
本机访问验证
[root@rhce certs]# curl -k https://www.zuoye.com
exercise
windows宿主机host文件修改
打开C:\Windows\System32\drivers\etc\hosts 文件,添加如下内容:
验证:win+R 输入“cmd”,输入ping命令