[root@westosb html]# dnf install mod_ssl -y ##安装加密插件mod_ssl
[root@westosb html]# mkdir /etc/httpd/tls
[root@westosb html]# cd
[root@westosb ~]# openssl req --newkey rsa:2048 -nodes -sha256 -keyout /etc/httpd/tls/westos.org.key -x509 -days 365 -out /etc/httpd/tls/westos.org.crt ##重新生成密钥和证书
Generating a RSA private key
.....................................................................+++++
.......................................................................................................................................+++++
writing new private key to '/etc/httpd/tls/westos.org.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn ##国家
State or Province Name (full name) []:shanxi ##省
Locality Name (eg, city) [Default City]:xian ##城市
Organization Name (eg, company) [Default Company Ltd]:westos ##组名称
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:www.westos.org
Email Address []:admin@qq.com
[root@westosb ~]# ls /etc/httpd/tls/ ##生成的证书和钥匙
westos.org.crt westos.org.key
[root@westosb ~]# mkdir /var/www/vhost/westos.org/login
[root@westosb ~]# vim /var/www/vhost/westos.org/login/index.html
//
gin.westos.org
//
[root@westosb ~]# vim /etc/httpd/conf.d/vhosts.conf
//
<VirtualHost *:443> ##443是https端口
ServerName login.westos.org
DocumentRoot /var/www/vhost/westos.org/login
CustomLog logs/login.log combined
SSLEngine on
SSLCertificateFile /etc/httpd/tls/westos.org.crt
SSLCertificateKeyFile /etc/httpd/tls/westos.org.key
</VirtualHost>
//
[root@westosb ~]# systemctl restart httpd
在搜索主机上的操作:
[root@westos_student11 ~]# vim /etc/hosts
//
172.25.254.211 www.westos.org music.westos.org news.westos.org jwh.westos.org wsgi.westos.org login.westos.org ##
//
我们在浏览器所在的真实主机不走加密路径也可以直接访问172.25.254.211,这显然是不合理的,出安全性考虑,当客户主机使用非加密方式访问时,我们要将其转换成加密方式来进行访问,这里需要页面转换:
[root@westosb ~]# vim /etc/httpd/conf.d/vhosts.conf ##编写虚拟主机配置文件
//
<VirtualHost *:80>
ServerName login.westos.org
RewriteEngine On
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1
</VirtualHost>
//
[root@westosb ~]# systemctl restart ##重启httpd服务