Apache服务器搭建基于HTTPS的安全服务

最新推荐文章于 2024-07-21 11:00:00 发布

huaying927

最新推荐文章于 2024-07-21 11:00:00 发布

阅读量283

点赞数

分类专栏：云计算 linux 运维

本文链接：https://blog.csdn.net/huaying927/article/details/96853980

版权

linux 同时被 3 个专栏收录

78 篇文章 4 订阅

订阅专栏

云计算

75 篇文章 1 订阅

订阅专栏

运维

69 篇文章 2 订阅

订阅专栏

搭建基于https的加密服务
1.生成证书及秘钥文件
(1)[root@httpd ~]# mkdir /etc/httpd/ssl
(2)生成秘钥
     [root@httpd ~]# openssl genrsa 1024 > /etc/httpd/ssl/server.key
     Generating RSA private key, 1024 bit long modulus
     ...................................++++++
     ...................................++++++
     e is 65537 (0x10001)
(3)通过秘钥申请证书
     [root@httpd ~]# openssl req -new -key /etc/httpd/ssl/server.key >     /etc/httpd/ssl/server.csr
   You are about to be asked to enter information that will be incor     p orated
   into your certificate request.
   What you are about to enter is what is called a Distinguished Nam     e or a DN.
   There are quite a few fields but you can leave some blank
   For some fields there will be a default value,
   If you enter '.', the field will be left blank.
   -----
   Country Name (2 letter code) [XX]:bj
   State or Province Name (full name) []:bj
   Locality Name (eg, city) [Default City]:bj
   Organization Name (eg, company) [Default Company Ltd]:bj
   Organizational Unit Name (eg, section) []:bj
   Common Name (eg, your name or your server's hostname) []:www.caj.     c om
   Email Address []:123456@qq.com

   Please enter the following 'extra' attributes
   to be sent with your certificate request
   A challenge password []:
   An optional company name []:
(4)查看生成的秘钥和证书文件
     [root@httpd ~]# ls /etc/httpd/ssl/
     server.csr server.key
(5)签发证书文件
     [root@httpd ~]# openssl req -x509 -days 365 -key /etc/httpd/ssl/s     erver.key -in /etc/httpd/ssl/server.csr > /etc/httpd/ssl/server.      crt
(6)再次查看生成证书文件
     [root@httpd ~]# ls /etc/httpd/ssl/
     server.crt server.csr server.key
2.安装mod_ssl模块
yum install -y mod_ssl
查看生成配置虚拟主机的https的配置文件
[root@httpd ~]# ls /etc/httpd/conf.d/
   autoindex.conf manual.conf README ssl.conf userdir.conf welcom   e.conf
3.修改ssl.conf
vim ssl.conf
修改四处：
DocumentRoot "/caj"
ServerName www.caj.com:443
SSLCertificateFile /etc/httpd/ssl/server.crt
SSLCertificateKeyFile /etc/httpd/ssl/server.key
另外，由于虚拟机配置根目录不是在/var/www/html下，所以需要添加访问/caj的权限
<Directory "/caj">
      Require all granted
</Directory>
保存退出
4.查看生成的ssl.conf文件
[root@httpd ~]# cd /etc/httpd/conf.d/
[root@httpd conf.d]# ls
   autoindex.conf manual.conf README ssl.conf userdir.conf welcom   e.conf
5.测试服务，重启端口
   [root@httpd conf.d]# httpd -t
   Syntax OK
   [root@httpd conf.d]# systemctl restart httpd
   [root@httpd conf.d]# cd
   [root@httpd ~]# ss -antp |grep httpd
   LISTEN     0      128         :::80                      :::*                   users:(("httpd",pid=6151,fd=4),("httpd",pid=6150,fd=4),("       httpd",pid=6149,fd=4),("httpd",pid=6148,fd=4),("httpd",pid=6147,fd    =4),("httpd",pid=6145,fd=4))
    LISTEN     0      128         :::443                     :::*                   users:(("httpd",pid=6151,fd=6),("httpd",pid=6150,fd=6),(    "httpd",pid=6149,fd=6),("httpd",pid=6148,fd=6),("httpd",pid=6147,f    d=6),("httpd",pid=6145,fd=6))
6.测试：

(1)输入www.caj.com,则跳转到默认路径下的首页
7.使用url重写模块，实现域名跳转，在一个配置好的基于HTTP的任一虚拟主机标记VirtualHost中添加以下三行代码，则可以直接跳转到基于HTTPS的服务器上
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.caj.com
RewriteRule ^/(.*) https://www.caj.com [L]