搭建https静态网页

搭建一个基于https://www.zuoye.com访问的web网站，网站首页在/www/https/，内容为exercise。

安装和使用mod_ssl软件包

#安装mod_ssl软件包
[root@server ~]# yum install mod_ssl -y
Complete!

#查看mod_ssl软件包安装后产生文件列表
[root@server ~]# rpm -ql mod_ssl
/etc/httpd/conf.d/ssl.conf
/etc/httpd/conf.modules.d/00-ssl.conf
/usr/lib/.build-id
/usr/lib/.build-id/7e/0f18169bb8cf7567e4560b4522327c446c414a
/usr/lib/systemd/system/httpd-init.service
/usr/lib/systemd/system/httpd.socket.d/10-listen443.conf
/usr/lib64/httpd/modules/mod_ssl.so
/usr/libexec/httpd-ssl-gencerts
/usr/libexec/httpd-ssl-pass-dialog
/usr/share/man/man8/httpd-init.service.8.gz
/var/cache/httpd/ssl

生成私钥文件和证书

[root@server ~]# cd /etc/pki/tls/certs
#生成私钥文件
#生成由aes128编码的RSA私钥
[root@server certs]# openssl genrsa -aes128 2048 > https.key
Generating RSA private key, 2048 bit long modulus (2 primes)
.................+++++
.......................................................................................+++++
e is 65537 (0x010001)
Enter pass phrase:
Verifying - Enter pass phrase:

#生成证书
#生成由utf8编码的期限为365天的x509证书
[root@server certs]# openssl req -utf8 -new -key https.key -x509 -days 365 -out https.crt
Enter pass phrase for https.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:86  #国家代码
State or Province Name (full name) []:gd   #省
Locality Name (eg, city) [Default City]:gz   #城市
Organization Name (eg, company) [Default Company Ltd]:ce  #企业/组织
Organizational Unit Name (eg, section) []:ce  #部门
Common Name (eg, your name or your server's hostname) []:www.zuoye.com   #域名
Email Address []:admin@zuoye.com   #邮箱

#查看生成的私钥和证书
[root@server certs]# ll
total 12
lrwxrwxrwx. 1 root root   49 Jun 17  2021 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx. 1 root root   55 Jun 17  2021 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rw-r--r--. 1 root root 1387 Nov 13 20:54 https.crt
-rw-r--r--. 1 root root 1766 Nov 13 20:52 https.key
-rw-r--r--. 1 root root 3749 Nov 13 17:28 localhost.crt

创建网页路径和文件

#创建网页路径和文件
[root@server ~]# mkdir -pv /www/https
mkdir: created directory '/www/https'

#编写文件内容
[root@server ~]# cd /www/https
[root@server https]# vim index.html
exercise

关闭防火墙和SELinux

#关闭防火墙
[root@server ~]# systemctl stop firewalld
#查看防火墙关闭情况
[root@server ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: e>
   Active: inactive (dead) since Sun 2022-11-13 15:05:11 CST; 7h ago
     Docs: man:firewalld(1)
 Main PID: 1099 (code=exited, status=0/SUCCESS)
 
 #关闭SElinux
[root@server ~]# setenforce 0
 #查看SElinux关闭情况
[root@server ~]# getenforce
Permissive

编写配置文件

[root@server https]# cd /etc/httpd/conf.d/
#编写配置文件
[root@server conf.d]# vim https.conf域名restart
<VirtualHost 192.168.32.11:443>
    DocumentRoot "/www/https"
    servername  www.zuoye.com
    SSLEngine on
    ErrorLog "/var/log/httpd/https_error_log"
    TransferLog "/var/log/httpd/https_access_log"
    SSLCertificateFile /etc/pki/tls/certs/https.crt
    SSLCertificateKeyFile /etc/pki/tls/certs/https.key
</VirtualHost>

<Directory "/www/https">
    AllowOverride None
    Require all granted
</Directory>

#重启http服务
[root@server conf.d]# systemctl restart httpd
Enter TLS private key passphrase for www.zuoye.com:443 (RSA) : ****

通过IP地址访问测试

#在linux中通过IP地址访问
[root@server conf.d]# curl https://192.168.32.11 -k
exercise
[root@server conf.d]# curl https://192.168.32.11 --insecure
exercise

#使用Windows的浏览器用IP地址访问

 通过域名访问 

#写好Linux本地IP对应的域名
[root@server ~]# vim /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.32.11 www.zuoye.com

#使用域名通过linux测试
[root@server ~]# curl https://www.zuoye.com -k
exercise

使用windows的浏览器用域名访问

#修改windows本地的hosts文件

#通过域名访问