20221120.12

搭建一个基于https://www.zuoye.com访问的web网站。网站首页在/www/https/，内容为exercise。
（一）检查是否安装http服务

[root@server conf.d]# rpm -qa httpd
httpd-2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64
[root@server conf.d]# 

（二)创建首页

[root@server conf.d]# mkdir -pv /www/https/
mkdir: created directory '/www/https/'
[root@server conf.d]# echo "Excise" > /www/https/index.html
[root@server conf.d]# cat /www/https/index.html
Excise
[root@server conf.d]# 

（三）安装openssl服务和mod_ssl

[root@server conf.d]# yum install -y openssl
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Last metadata expiration check: 0:28:23 ago on Sat 19 Nov 2022 11:20:51 PM +08.
Package openssl-1:1.1.1c-15.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@server conf.d]# 
[root@server conf.d]# yum install -y mod_ssl
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Last metadata expiration check: 0:31:18 ago on Sat 19 Nov 2022 11:20:51 PM +08.
Dependencies resolved.
==================================================================================================================================================================================================================
 Package                                   Architecture                             Version                                                                     Repository                                   Size
==================================================================================================================================================================================================================
Installing:
 mod_ssl                                   x86_64                                   1:2.4.37-21.module+el8.2.0+5008+cca404a3                                    Appstream                                   132 k

Transaction Summary
==================================================================================================================================================================================================================
Install  1 Package

Total size: 132 k
Installed size: 262 k
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                                          1/1 
  Installing       : mod_ssl-1:2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64                                                                                                                                  1/1 
  Running scriptlet: mod_ssl-1:2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64                                                                                                                                  1/1 
  Verifying        : mod_ssl-1:2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64                                                                                                                                  1/1 
Installed products updated.

Installed:
  mod_ssl-1:2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64                                                                                                                                                         

Complete!
[root@server conf.d]# rpm -ql | grep etc

（四）创建证书和私钥

[root@server certs]# openssl genrsa -aes128 2048 > exercise.key
Generating RSA private key, 2048 bit long modulus (2 primes)
..............+++++
..........................+++++
e is 65537 (0x010001)
Enter pass phrase:
Verifying - Enter pass phrase:
[root@server certs]# openssl -new req -utf8 -key exercise.key -x509 -days 365 -out exercise.crt
Invalid command '-new'; type "help" for a list.
[root@server certs]# openssl req -new -utf8 -key exercise.key -x509 -days 365 -out exercise.crt
Enter pass phrase for exercise.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HN
Locality Name (eg, city) [Default City]:CS
Organization Name (eg, company) [Default Company Ltd]:sangfor
Organizational Unit Name (eg, section) []:CTI
Common Name (eg, your name or your server's hostname) []:www.zuoye.com
Email Address []:123456@qq.com
[root@server certs]# ll
total 8
lrwxrwxrwx. 1 root root   49 Oct 19  2019 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx. 1 root root   55 Oct 19  2019 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rw-r--r--. 1 root root 1399 Nov 20 00:01 exercise.crt
-rw-r--r--. 1 root root 1766 Nov 19 23:58 exercise.key

(五)http的conf配置文件

[root@server conf.d]# vim exercise.conf
 [root@server conf.d]# cat exercise.conf 
<VirtualHost 10.10.0.128:443>
	servername www.zuoye.com
	DocumentRoot /www/https/
	SSLengine on
	
	SSLCertificateKeyFile /etc/pki/tls/certs/exercise.key

	SSLCertificateFile /etc/pki/tls/certs/exercise.crt
</VirtualHost>

<Directory /www/https/>
	allowoverride none
	require all granted
</Directory>
[root@server conf.d]# 

（六）重启httpd服务

[root@server conf.d]# systemctl restart httpd
Enter TLS private key passphrase for www.zuoye.com:443 (RSA) : ******
[root@server conf.d]# 

测试结果：

01）用ip登录访问页面

02）用域名登录访问网页