虚拟主机
一、添加虚拟主机ip地址并启用
[root@localhost ~]# nmcli connection modify ens160 +ipv4.addresses 192.168.100.151/24
[root@localhost ~]# nmcli connection up ens160
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
使用ip a查看是否添加成功
二、编写主机配置文件host.conf (注意文件放置的路径)
[root@localhost ~]# cd /etc/httpd/conf.d/
[root@localhost conf.d]# vim host.conf
<directory /www>
allowoverride none
require all granted
</directory>
#虚拟主机实验
<virtualhost 192.168.100.151:443>
servername www.wang.com
documentroot /var/www/wang
ErrorLog "logs/error_wang_log"
CustomLog "logs/custom_wang_log" combined
SSLCertificateFile /etc/pki/tls/certs/wang.crt
SSLCertificateKeyFile /etc/pki/tls/private/wang.key
</virtualhost>
三、前往/var/www路径下创建wang目录
[root@localhost conf.d]# cd /var/www
[root@localhost www]# mkdir /www/wang -p
[root@localhost www]# echo www.wang.com > /www/wang/index.html
四、修改Linux下hosts文件
[root@localhost ~]# vim /etc/hosts
五、创建私钥与密钥
1、安装相关的包
[root@localhost ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: device write-protected, mounted read-only.
[root@localhost ~]# dnf install mod_ssl -y
[root@localhost ~]# dnf install lrzsz -y
[root@localhost ~]# dnf install make -y
2、将文件Makefile移动到目录 /etc/pki/tls/certs
3、创建公钥和密钥
[root@localhost certs]# make wang.crt
umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 > wang.key
Generating RSA private key, 2048 bit long modulus (2 primes)
............................................................................................................................................................+++++
...........+++++
e is 65537 (0x010001)
Enter pass phrase:
Verifying - Enter pass phrase:
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key wang.key -x509 -days 365 -out wang.crt
Enter pass phrase for wang.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:86
State or Province Name (full name) []:chongq
Locality Name (eg, city) [Default City]:yongc
Organization Name (eg, company) [Default Company Ltd]:chengk
Organizational Unit Name (eg, section) []:128
Common Name (eg, your name or your server's hostname) []:192.168.100.151
Email Address []:admin@192.168.100.151
(Country Name到Organizational Unit Name 均可随便填)
4、检查文件是否创建成功
5、将wang.key文件移动到/etc/pki/tls/private目录
[root@localhost certs]# mv /etc/pki/tls/certs/wang.key /etc/pki/tls/private
[root@localhost certs]# ll /etc/pki/tls/private
total 12
-rw-------. 1 root root 1766 Dec 7 11:47 haha.key
-rw-------. 1 root root 1708 Dec 7 11:55 localhost.key
-rw-------. 1 root root 1766 Dec 7 19:33 wang.key
六、重启httpd并关闭防火墙
systemctl restart httpd
systemctl stop firewalld
七、修改权限
setenforce 0
八、检查是否成功
[root@localhost ~]# curl -k https://www.wang.com