httpd

httpd

编译安装httpd

httpd依赖于apr,apr-util,httpd三个包
包下载位置:apache.org
下载依赖的三个包

[root@localhost ~]# dnf -y install wget
[root@localhost ~]# wget https://downloads.apache.org/apr/apr-1.7.0.tar.gz
[root@localhost ~]# wget https://downloads.apache.org/apr/apr-util-1.6.1.tar.gz
[root@localhost ~]# wget https://downloads.apache.org/httpd/httpd-2.4.53.tar.gz
[root@localhost ~]# yum -y install openssl-devel pcre-devel expat-devel libtool  make   //安装依赖包

安装开发环境

[root@localhost ~]# yum groups mark install "Development Tools"   //安装开发工具包
[root@localhost ~]# useradd -r -M -s /sbin/nologin apache    //创建系统用户
[root@localhost ~]# id apache
uid=995(apache) gid=992(apache) groups=992(apache)

解压

[root@localhost ~]# ls
anaconda-ks.cfg  apr-1.7.0.tar.gz  apr-util-1.6.1.tar.gz  httpd-2.4.53.tar.gz
[root@localhost ~]# tar xf apr-1.7.0.tar.gz 
[root@localhost ~]# tar xf apr-util-1.6.1.tar.gz 
[root@localhost ~]# tar xf httpd-2.4.53.tar.gz 
[root@localhost ~]# ls
anaconda-ks.cfg  apr-1.7.0  apr-1.7.0.tar.gz  apr-util-1.6.1  apr-util-1.6.1.tar.gz  httpd-2.4.53  httpd-2.4.53.tar.gz

安装apr

[root@localhost ~]# cd apr-1.7.0
[root@localhost apr-1.7.0]# vim configure
#   $RM "$cfgfile"    //注释掉或者删除这一行
[root@localhost apr-1.7.0]# .configure --prefix=/usr/local/apr
[root@localhost apr-1.7.0]# make
[root@localhost apr-1.7.0]# make install

安装apr-util

[root@localhost ~]# cd apr-util-1.6.1
[root@localhost apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
[root@localhost apr-util-1.6.1]# make
[root@localhost apr-util-1.6.1]# make install

安装httpd

root@localhost ~]# cd httpd-2.4.53
[root@localhost httpd-2.4.53]# ./configure --prefix=/usr/local/apache \
> --enable-so \
> --enable-ssl \
> --enable-cgi \
> --enable-rewrite \
> --with-zlib \
> --with-pcre \
> --with-apr=/usr/local/apr \
> --with-apr-util=/usr/local/apr-util/ \
> --enable-modules=most \
> --enable-mpms-shared=all \
> --with-mpm=prefork
[root@localhost httpd-2.4.53]# make
[root@localhost httpd-2.4.53]# make install

设置环境变量

[root@localhost ~]# ls /usr/local     //安装apache源码包的位置
apache  apr-util  etc    include  lib64    sbin   src
apr     bin       games  lib      libexec  share
[root@localhost ~]# cd /usr/local/apache/ 
[root@localhost apache]# ls  //htdocs源码安装网站放这里
bin    cgi-bin  error   icons    logs  manual
build  conf     htdocs  include  man   modules
[root@localhost ~]# echo 'export PATH=/usr/local/apache/bin:$PATH' > /etc/profile.d/apache.sh      //配置环境变量
[root@localhost ~]# source /etc/profile.d/apache.sh 
[root@localhost ~]# which httpd
/usr/local/apache/bin/httpd
[root@localhost ~]# which apachectl
/usr/local/apache/bin/apachectl

include头文件,拥有头文件需要做映射关系

[root@localhost ~]# ln -s /usr/local/apache/include /usr/include/apache   //软连接

配置man文档

[root@localhost ~]# vim /etc/man_db.conf 
MANDATORY_MANPATH                       /usr/local/apache/man   
//添加一行内容

关闭防火墙

[root@localhost ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. 

关闭selinux

[root@localhost ~]# setenforce 0    //当前生效,当前关闭
[root@localhost ~]# getenforce
Permissive
[root@localhost ~]# vim /etc/selinux/config    //重启生效
SELINUX=disabled   //修改

开启80端口号

[root@localhost ~]# ss -antl
State  Recv-Q Send-Q Local Address:Port Peer Address:Port Process                                                   
LISTEN 0      128          0.0.0.0:22        0.0.0.0:*                                                              
LISTEN 0      128             [::]:22           [::]:*                                                              
[root@localhost ~]# which apachectl
/usr/local/apache/bin/apachectl
[root@localhost ~]# apachectl start    //开启apachectl
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message   //警示信息
[root@localhost ~]# ss -antl
State  Recv-Q Send-Q Local Address:Port Peer Address:Port Process                                                   
LISTEN 0      128          0.0.0.0:80        0.0.0.0:*                                                              
LISTEN 0      128          0.0.0.0:22        0.0.0.0:*                                                              
LISTEN 0      128             [::]:22           [::]:*                                    

在这里插入图片描述

取消警示信息

[root@localhost ~]# apachectl stop
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
[root@localhost ~]# ss -antl
State  Recv-Q Send-Q Local Address:Port Peer Address:Port Process                                                   
LISTEN 0      128          0.0.0.0:22        0.0.0.0:*                                                              
LISTEN 0      128             [::]:22           [::]:*      
[root@localhost ~]# cd /usr/local/apache/conf/   //conf放配置文件的地方
[root@localhost conf]# ls
extra  httpd.conf  magic  mime.types  original
[root@localhost conf]# vim httpd.conf 
 #ServerName www.example.com:80   //取消这行注释
 [root@localhost conf]# apachectl start   //没有警告信息
[root@localhost conf]# ss -antl
State  Recv-Q Send-Q Local Address:Port Peer Address:Port Process                                                   
LISTEN 0      128          0.0.0.0:80        0.0.0.0:*                                                              
LISTEN 0      128          0.0.0.0:22        0.0.0.0:*                                                              
LISTEN 0      128             [::]:22           [::]:*                                                          
                                                     

用systemctl设置开机自启
适用于所有用源码安装的服务

[root@localhost ~]# cd /usr/lib/systemd/system
[root@localhost system]# ls sshd.service
sshd.service
[root@localhost system]# cp sshd.service httpd.service
[root@localhost system]# vim httpd.service
[root@localhost system]# cat httpd.service 
[Unit]
Description=httpd server daemon
After=network.target sshd-keygen.target

[Service]
Type=forking
ExecStart=/usr/local/apache/bin/apachectl start
ExecStop=/usr/local/apache/bin/apachectl stop
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target

[root@localhost system]# systemctl daemon-reload    //重新加载
[root@localhost system]# cd
[root@localhost ~]# ss -antl
State  Recv-Q Send-Q Local Address:Port Peer Address:Port Process                                                   
LISTEN 0      128          0.0.0.0:22        0.0.0.0:*                                                              
LISTEN 0      128             [::]:22           [::]:*                                                              
[root@localhost ~]# systemctl status httpd    //查看状态
● httpd.service - httpd server daemon
   Loaded: loaded (/usr/lib/systemd/system/httpd.service;>
   Active: inactive (dead) 
[root@localhost ~]# systemctl start httpd   //启动httpd服务
[root@localhost ~]# ss -antl
State  Recv-Q Send-Q Local Address:Port Peer Address:Port Process                                                   
LISTEN 0      128          0.0.0.0:80        0.0.0.0:*                                                              
LISTEN 0      128          0.0.0.0:22        0.0.0.0:*                                                              
LISTEN 0      128             [::]:22           [::]:*                                                              
[root@localhost ~]# systemctl status httpd
● httpd.service - httpd server daemon
   Loaded: loaded (/usr/lib/systemd/system/httpd.service;>
   Active: active (running) since Sun 2022-04-17 05:22:27>
  Process: 86066 ExecStart=/usr/local/apache/bin/apachect>
 Main PID: 86069 (httpd)
    Tasks: 6 (limit: 11217)
   Memory: 4.2M
   CGroup: /system.slice/httpd.service
           ├─86069 /usr/local/apache/bin/httpd -k start
           ├─86070 /usr/local/apache/bin/httpd -k start
           ├─86071 /usr/local/apache/bin/httpd -k start
           ├─86072 /usr/local/apache/bin/httpd -k start
           ├─86073 /usr/local/apache/bin/httpd -k start
           └─86074 /usr/local/apache/bin/httpd -k start

Apr 17 05:22:27 localhost.localdomain systemd[1]: Startin>
Apr 17 05:22:27 localhost.localdomain systemd[1]: Started>
[root@localhost ~]# systemctl enable httpd   //设置开机自启
[root@localhost ~]# systemctl status httpd
● httpd.service - httpd server daemon
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2022-04-17 05:22:27 CST; 2min 12s ago
 Main PID: 86069 (httpd)
    Tasks: 6 (limit: 11217)
   Memory: 4.2M
   CGroup: /system.slice/httpd.service
           ├─86069 /usr/local/apache/bin/httpd -k start
           ├─86070 /usr/local/apache/bin/httpd -k start
           ├─86071 /usr/local/apache/bin/httpd -k start
           ├─86072 /usr/local/apache/bin/httpd -k start
           ├─86073 /usr/local/apache/bin/httpd -k start
           └─86074 /usr/local/apache/bin/httpd -k start

Apr 17 05:22:27 localhost.localdomain systemd[1]: Starting httpd server daemon...
Apr 17 05:22:27 localhost.localdomain systemd[1]: Started httpd server daemon.

配置虚拟主机:

虚拟主机有三类:
相同IP不同端口
不同IP相同端口
相同IP相同端口不同域名

创建放网站的目录

[root@localhost ~]# cd /usr/local/apache/htdocs   //源码安装网站存放地方
[root@localhost htdocs]# ls
index.html
[root@localhost htdocs]# mkdir test.example.com   //创建目录
[root@localhost htdocs]# ls
index.html  test.example.com
[root@localhost htdocs]# cd test.example.com/
[root@localhost test.example.com]# ls

修改虚拟主机配置文件

[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf   //部署网站
<VirtualHost *:80>     
DocumentRoot "/usr/local/apache/htdocs/test.example.com"   // 网站存放的位置   
    ServerName test.example.com    //域名
    ErrorLog "logs/test.example.com-error_log"      //错误日志文件位置 
    CustomLog "logs/test.example.com-access_log" common    //日志文件位置
</VirtualHost>
//此时主配置文件未生效
[root@localhost ~]# vim /usr/local/apache/conf/httpd.conf   //修改主配置文件
#Include conf/extra/httpd-vhosts.conf     //取消这行注释,让它包含进来,生效
[root@localhost ~]# systemctl restart httpd  //重启

此时访问网站是空的没有内容,因为网站目录没有内容在这里插入图片描述
配置网站目录内容

[root@localhost test.example.com]# ls
[root@localhost test.example.com]# echo "yyqx yyds" > abc.html
[root@localhost test.example.com]# ls
abc.html

在这里插入图片描述
点击abc.html
在这里插入图片描述
首页文件必须要叫index.html,不然不能直接跳转,需要手动点,因为在主配置文件里面规定了

[root@localhost test.example.com]# ls
abc.html
[root@localhost test.example.com]# mv abc.html index.html   
[root@localhost test.example.com]# ls
index.html

直接跳转
在这里插入图片描述

配置相同ip不同端口号访问

[root@localhost htdocs]# ls
index.html  test.example.com
[root@localhost htdocs]# mkdir blog.example.com  
[root@localhost htdocs]# ls
blog.example.com  index.html  test.example.com
[root@localhost htdocs]# cd blog.example.com/
[root@localhost blog.example.com]# echo "yyqx yyqx" > index.html
[root@localhost blog.example.com]# ls
index.html

只能访问到第一次的,因为只配置了一个虚拟主机
在这里插入图片描述
配置虚拟主机

[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf 
[root@localhost ~]# cat /usr/local/apache/conf/extra/httpd-vhosts.conf 
<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/test.example.com"
    ServerName test.example.com
    ErrorLog "logs/test.example.com-error_log"
    CustomLog "logs/test.example.com-access_log" common
</VirtualHost>

Listen 81   //监听端口号
<VirtualHost *:81>   //修改端口号
    DocumentRoot "/usr/local/apache/htdocs/blog.example.com"
    ServerName blog.example.com
    ErrorLog "logs/blog.example.com-error_log"
    CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>
[root@localhost ~]# systemctl restart httpd   //重启
[root@localhost ~]# ss -antl   //81端口号开启了
State  Recv-Q Send-Q Local Address:Port Peer Address:Port Process                                                   
LISTEN 0      128          0.0.0.0:80        0.0.0.0:*                                                              
LISTEN 0      128          0.0.0.0:81        0.0.0.0:*                                                              
LISTEN 0      128          0.0.0.0:22        0.0.0.0:*                                                              
LISTEN 0      128             [::]:22           [::]:*                                                             

通过端口号访问
在这里插入图片描述
在这里插入图片描述
配置不同ip相同端口号

[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf 
[root@localhost ~]# cat /usr/local/apache/conf/extra/httpd-vhosts.conf 
<VirtualHost 192.168.50.128:80>
    DocumentRoot "/usr/local/apache/htdocs/test.example.com"
    ServerName test.example.com
    ErrorLog "logs/test.example.com-error_log"
    CustomLog "logs/test.example.com-access_log" common
</VirtualHost>

 
<VirtualHost 192.168.50.129:80>
    DocumentRoot "/usr/local/apache/htdocs/blog.example.com"
    ServerName blog.example.com
    ErrorLog "logs/blog.example.com-error_log"
    CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>

添加ip地址

[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:70:bc:8f brd ff:ff:ff:ff:ff:ff
    inet 192.168.50.128/24 brd 192.168.50.255 scope global noprefixroute ens160
       valid_lft forever preferred_lft forever
[root@localhost ~]# ip addr add 192.168.50.129/24 dev ens160  //添加ip地址
[root@localhost ~]# ip a s ens160
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:70:bc:8f brd ff:ff:ff:ff:ff:ff
    inet 192.168.50.128/24 brd 192.168.50.255 scope global noprefixroute ens160
       valid_lft forever preferred_lft forever
    inet 192.168.50.129/24 scope global secondary ens160
       valid_lft forever preferred_lft forever

[root@localhost ~]# systemctl stop httpd
[root@localhost ~]# ss -antl
State  Recv-Q Send-Q Local Address:Port Peer Address:Port Process                                                   
LISTEN 0      128          0.0.0.0:22        0.0.0.0:*                                                              
LISTEN 0      128             [::]:22           [::]:*                                                              
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# ss -antl
State  Recv-Q Send-Q Local Address:Port Peer Address:Port Process                                                   
LISTEN 0      128          0.0.0.0:80        0.0.0.0:*                                                              
LISTEN 0      128          0.0.0.0:22        0.0.0.0:*                                                              
LISTEN 0      128             [::]:22           [::]:*                                                              

在这里插入图片描述

在这里插入图片描述
配置相同ip相同端口不同域名

[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf 
[root@localhost ~]# cat /usr/local/apache/conf/extra/httpd-vhosts.conf 
<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/test.example.com"
    ServerName test.example.com
    ErrorLog "logs/test.example.com-error_log"
    CustomLog "logs/test.example.com-access_log" common
</VirtualHost>

 
<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/blog.example.com"
    ServerName blog.example.com
    ErrorLog "logs/blog.example.com-error_log"
    CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>
[root@localhost ~]# systemctl stop httpd
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# ss -antl
State  Recv-Q Send-Q Local Address:Port Peer Address:Port Process                                                   
LISTEN 0      128          0.0.0.0:80        0.0.0.0:*                                                              
LISTEN 0      128          0.0.0.0:22        0.0.0.0:*                                                              
LISTEN 0      128             [::]:22           [::]:*                                                            

域名是无法直接访问的,要把真机上的c:\windows\system32\drivers\etc\hosts文件拖到桌面上面修改,然后拖回去
在这里插入图片描述

在这里插入图片描述

在这里插入图片描述
访问控制法则:

法则功能
Require all granted允许所有主机访问
Require all deny拒绝所有主机访问
Require ip IPADDR授权指定来源地址的主机访问
Require not ip IPADDR拒绝指定来源地址的主机访问
Require host HOSTNAME授权指定来源主机名的主机访问
Require not host HOSTNAME拒绝指定来源主机名的主机访问

配置拒绝指定ip访问

[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf 
[root@localhost ~]# cat /usr/local/apache/conf/extra/httpd-vhosts.conf 
<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/test.example.com"
    ServerName test.example.com
    ErrorLog "logs/test.example.com-error_log"
    CustomLog "logs/test.example.com-access_log" common
    <Directory "/usr/local/apache/htdocs/test.example.com">
        <RequireAll>
            Require not ip 192.168.50.1   //添加拒绝访问的ip
            Require all granted   
        </RequireAll>
    </Directory>
</VirtualHost>

 
<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/blog.example.com"
    ServerName blog.example.com
    ErrorLog "logs/blog.example.com-error_log"
    CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>
[root@localhost ~]# systemctl stop httpd
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# ss -antl
State  Recv-Q Send-Q Local Address:Port Peer Address:Port Process                                                   
LISTEN 0      128          0.0.0.0:22        0.0.0.0:*                                                              
LISTEN 0      128                *:80              *:*                                                              
LISTEN 0      128             [::]:22           [::]:*                                                             

在真机上test做了限制所以不能访问

blog没有做限制所以可以访问
在这里插入图片描述

配置httpds

启用ssl

[root@localhost conf]# vim httpd.conf    
#LoadModule ssl_module modules/mod_ssl.so   //取消注释

生成证书
openssl实现私有CA:
CA的配置文件:/etc/pki/tls/openssl.cnf
a) CA生成一对密钥

[root@localhost conf]# cd /etc/pki
[root@localhost pki]# mkdir CA
[root@localhost pki]# cd /etc/pki/CA 
[root@localhost CA]# mkdir private
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)  //生成密钥括号必须要
Generating RSA private key, 2048 bit long modulus (2 primes)
.......................+++++
...............................+++++
e is 65537 (0x010001)
[root@localhost CA]# ls
private
[root@localhost CA]# ls private/
cakey.pem

[root@localhost CA]# ls
private
[root@localhost CA]# ls private/
cakey.pem
[root@localhost CA]# openssl rsa -in private/cakey.pem -pubout    //提取公钥,显示一下没有意义

b) CA生成自签署证书

[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN     //用两个字母表示国家名称
State or Province Name (full name) []:HB    //哪个省份
Locality Name (eg, city) [Default City]:WH   //城市
Organization Name (eg, company) [Default Company Ltd]:runtime   //公司
Organizational Unit Name (eg, section) []:runtime     //单位
Common Name (eg, your name or your server's hostname) []:test.example.com   //域名
Email Address []:1@2.com   //邮箱
[root@localhost CA]# ls
cacert.pem  private
[root@localhost CA]# mkdir certs newcerts crl
[root@localhost CA]# ls
cacert.pem  certs  crl  newcerts  private
[root@localhost CA]# touch index.txt && echo 01 > serial

c) 客户端(例如httpd服务器)生成密钥
[root@localhost ~]# cd /usr/local/apache/
[root@localhost apache]# ls
bin    cgi-bin  error   icons    logs  manual
build  conf     htdocs  include  man   modules
[root@localhost apache]# cd conf/
[root@localhost conf]# ls
extra  httpd.conf  magic  mime.types  original
[root@localhost conf]# mkdir ssl
[root@localhost conf]# cd ssl
[root@localhost ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
........................................+++++
...........................................+++++
e is 65537 (0x010001)
[root@localhost ssl]# ls
httpd.key

d) 客户端生成证书签署请求

[root@localhost ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN    //和上面内容填写一致
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:runtime
Common Name (eg, your name or your server's hostname) []:test.example.com
Email Address []:1@2.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:    //密码
An optional company name []:
[root@localhost ssl]# ls
httpd.csr  httpd.key

e) CA签署客户端提交上来的证书

[root@localhost ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Apr 17 00:47:15 2022 GMT
            Not After : Apr 17 00:47:15 2023 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = HB
            organizationName          = runtime
            organizationalUnitName    = runtime
            commonName                = test.example.com
            emailAddress              = 1@2.com
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                9B:4B:C0:61:4F:80:3D:E4:33:EF:7A:C9:A4:F7:95:10:2A:EC:C0:86
            X509v3 Authority Key Identifier: 
                keyid:83:A1:59:47:B1:81:78:BF:54:13:39:F8:46:C9:5C:44:15:FC:BC:68

Certificate is to be certified until Apr 17 00:47:15 2023 GMT (365 days)
Sign the certificate? [y/n]:y     //要不要签名


1 out of 1 certificate requests certified, commit? [y/n]y    //要不要提交请求
Write out database with 1 new entries
Data Base Updated

[root@localhost ssl]# ls
httpd.crt  httpd.csr  httpd.key
[root@localhost ssl]# rm -f httpd.csr
[root@localhost ssl]# ls
httpd.crt  httpd.key

配置httpd.conf,取消以下内容的注释

[root@localhost conf]# vim httpd.conf 
#Include conf/extra/httpd-ssl.conf    //取消注释

在httpd-ssl.conf中配置证书的位置

[root@localhost conf]# ls extra/
httpd-autoindex.conf  httpd-mpm.conf
httpd-dav.conf        httpd-multilang-errordoc.conf
httpd-default.conf    httpd-ssl.conf
httpd-info.conf       httpd-userdir.conf
httpd-languages.conf  httpd-vhosts.conf
httpd-manual.conf     proxy-html.conf
[root@localhost conf]# vim extra/httpd-ssl.conf 
<VirtualHost _default_:443>

#   General setup for the virtual host
DocumentRoot "/usr/local/apache/htdocs/test.example.com"   //网站位置
ServerName test.example.com:443     //域名
ServerAdmin you@example.com         //邮箱
ErrorLog "/usr/local/apache/logs/error_log"
TransferLog "/usr/local/apache/logs/access_log"

SSLCertificateFile "/usr/local/apache/conf/ssl/httpd.crt"    //修改

SSLCertificateKeyFile "/usr/local/apache/conf/ssl/httpd.key"   //修改

检查配置文件是否有语法错误

[root@localhost conf]# httpd -t    //语法错误,要打开模块
AH00526: Syntax error on line 92 of /usr/local/apache/conf/extra/httpd-ssl.conf:
SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).
[root@localhost ~]# vim /usr/local/apache/conf/httpd.conf   
#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so    //取消注释
[root@localhost ~]# httpd -t  //语法正确
Syntax OK

[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf 
[root@localhost ~]# cat /usr/local/apache/conf/extra/httpd-vhosts.conf 
<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/test.example.com"
    ServerName test.example.com
    ErrorLog "logs/test.example.com-error_log"
    CustomLog "logs/test.example.com-access_log" common
    <Directory "/usr/local/apache/htdocs/test.example.com">
        <RequireAll>
            Require all granted
        </RequireAll>
    </Directory>
</VirtualHost>

 
<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/blog.example.com"
    ServerName blog.example.com
    ErrorLog "logs/blog.example.com-error_log"
    CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>

启动或重启服务
设置hosts以便用域名访问(仅学习阶段,企业实际工作中无需做此步。)

[root@localhost ~]# systemctl restart httpd
[root@localhost ~]# ss -antl
State  Recv-Q Send-Q Local Address:Port Peer Address:Port Process                                                   
LISTEN 0      128          0.0.0.0:22        0.0.0.0:*                                                              
LISTEN 0      128                *:80              *:*                                                              
LISTEN 0      128             [::]:22           [::]:*                                                              
LISTEN 0      128                *:443             *:*                                                           

通过https访问
在这里插入图片描述

  • 2
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值