實驗環境
系統:CentOS7
IP:192.168.253.128
http版本:2.4
先把防火牆和selinux關了
systemctl stop firewalld
setenforce 0
編譯安裝httpd2.4
cd /usr/local/src
wget http://mirror.bit.edu.cn/apache//httpd/httpd-2.4.34.tar.gz ##這是官網的httpd2.4tar包地址
wget http://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-1.6.3.tar.gz ##官網的apr包
wget http://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-util-1.6.1.tar.gz ##官網的apr-util地址
tar -xf apr-1.6.3.tar.gz
tar -xf apr-util-1.6.1.tar.gz
tar -xf httpd-2.4.34.tar.gz
mv apr-1.6.3 /usr/local/src/httpd-2.4.34/srclib/apr
mv apr-util-1.6.1 /usr/local/src/httpd-2.4.34/srclib/apr-util
cd httpd-2.4.34
yum install pcre pcre-devel openssl openssl-devel gcc gcc-devel gcc-c++ expat-devel -y
./configure --prefix=/usr/local/apache2.4 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork --with-included-apr
make && make install
PATH=/usr/local/apache2.4/bin/:$PATH
自建CA並簽發證書
命令相關的詳細解釋可以看下面這個文章,這裏簡單直接的自建一下
https://blog.csdn.net/L835311324/article/details/81540086
(umask 077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 4096)
openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3655
mkdir -pv /etc/pki/CA/{certs,crl,newcerts}
touch /etc/pki/CA/{serial,index.txt}
echo 01 > /etc/pki/CA/serial
mkdir /usr/local/apache2.4/ssl ##創建一個存放ssl證書和密鑰的地方
cd /usr/local/apache2.4/ssl
(umask 077; openssl genrsa -out /usr/local/apache2.4/ssl/apache.key 2048)
openssl req -new -key /usr/local/apache2.4/ssl/apache.key -out /usr/local/apache2.4/ssl/apache_ssl.csr -days 365
openssl ca -in /usr/local/apache2.4/ssl/apache_ssl.csr -out /usr/local/apache2.4/ssl/apache_ssl.crt
設置虛擬主機
創建站點目錄
mkdir -pv /var/www/html/ice
備份一下原始的文件/usr/local/apache2.4/conf/extra/httpd-vhosts.conf
cp /usr/local/apache2.4/conf/extra/httpd-vhosts.conf{,.bak}
修改配置文件/usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:443>
ServerAdmin [email protected]
DocumentRoot "/var/www/html/ice"
ServerName www.ice.com
ServerAlias www.ice.com
ErrorLog "logs/ice-error_log"
CustomLog "logs/ice-access_log" common
<Directory "/var/www/html/ice">
Options None
AllowOverride None
Require all granted
</Directory>
SSLEngine on
SSLCertificateFile "/usr/local/apache2.4/ssl/apache_ssl.crt"
SSLCertificateKeyFile "/usr/local/apache2.4/ssl/apache.key"
</VirtualHost>
修改主配置文件
Listen 443 ssl
ServerName 127.0.0.1
LoadModule ssl_module modules/mod_ssl.so##取消註釋
Include conf/extra/httpd-vhosts.conf##取消註釋
寫一個測試主頁
echo “www.ice.com”> /var/www/html/ice/index.html
檢查一下配置文件
httpd -t
啓動httpd服務
httpd -k start
查看一下端口起了沒
ss -nlt
我們還需要修改一下物理機的hosts文件
路徑:C:\Windows\System32\drivers\etc
打開瀏覽器訪問試試
因爲CA是自建的所以這裏顯示連接不安全 沒關係我們導入一下我們的CA證書
將虛擬機CA證書上傳到物理機
yum install lrzsz -y
sz /etc/pki/CA/cacert.pem
然後再瀏覽器中導入證書
選項—->隱私與安全—->證書
導入證書,選擇剛剛虛擬機上傳的證書
然後重新訪問一下https://www.ice.com:443/index.html
可以看出成功了