实验要求:
搭建一个基于https://www.zuoye.com:22222访问的web网站,网站首页在/www/https/,内容为zuoye,可以根据https://www.zuoye.com:22222/mimi访问到的信息为mimi,该网站的实际内容在/usr/local/secret,该网站的内容只有用户xiaoming能够查看。
1、关闭防火墙和selinux
[root@bogon ~]# systemctl stop firewalld
[root@bogon ~]# setenforce 0
2、安装httpd、make和mod_ssl
[root@bogon httpd]# yum install -y httpd
[root@bogon httpd]# yum install -y mod_ssl
[root@bogon httpd]# yum install -y make
3、查看/etc/pki/tls/certs/下是否有Makefile文件,若没有则需要从rhel7复制该文件(没有此文件则不能自制证书)
[root@bogon ~]# cd /etc/pki/tls/certs
[root@bogon certs]# scp [email protected]:/etc/pki/tls/certs/Makefile .
4、给虚拟服务器自制证书以及秘钥
[root@bogon conf.d]# cd /etc/pki/tls/certs
[root@bogon certs]# make zhengshu.crt //制作证书
umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 > zhengshu.key
Generating RSA private key, 2048 bit long modulus (2 primes)
............+++++
.........................................................................................................+++++
e is 65537 (0x010001)
Enter pass phrase: //设置密码
Verifying - Enter pass phrase: //确认密码
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key zhengshu.key -x509 -days 365 -out zhengshu.crt -set_serial 0
Enter pass phrase for zhengshu.key: //此密码与上述密码相同
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ZG //国家
State or Province Name (full name) []:SX //省份
Locality Name (eg, city) [Default City]:Xi'an //城市
Organization Name (eg, company) [Default Company Ltd]:beixin //公司
Organizational Unit Name (eg, section) []:ce //部门
Common Name (eg, your name or your server's hostname) []:www.ceshi.com //服务器名
Email Address []:[email protected] //邮箱
5、创建两个主页文件根目录,并定义页面内容
[root@bogon ~]# mkdir -p /www/https/
[root@bogon ~]# mkdir -p /usr/local/secret
[root@bogon ~]# echo zuoye > /www/https/index.html
[root@bogon ~]# echo mimi > /usr/local/secret/index.html
6、定义可访问服务器的用户(小明)
[root@bogon certs]# htpasswd -c /etc/httpd/mymima xiaoming
[root@bogon certs]# htpasswd -c /etc/httpd/mymima xiaoming
New password: //设置密码
Re-type new password: //确认密码
Adding password for user xiaoming //添加成功
7、通过查看/etc/httpd/conf.d/ssl.conf文件来写配置文件(vhost-https-virtual-user.conf)
[root@bogon httpd]# vim /etc/httpd/conf.d/vhost-https-virtual-user.conf
listen 22222 //监听22222端口
<virtualhost 192.168.74.130:22222>
documentroot /www/https //网页文件存放的位置
servername www.zuoye.com //服务器名
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/zhengshu.crt //证书所在位置
SSLCertificateKeyFile /etc/pki/tls/certs/zhengshu.key //秘钥所在位置
alias /mimi /usr/local/secret //别名为mimi,内容在/usr/local/secret
</virtualhost>
<directory /www/https>
allowoverride none
require all granted
</directory>
<directory /usr/local/secret>
AuthType basic //基本认证类型(账号)
AuthName "Please login:" //提示信息,双引号必须有,可以更换为其它提示信息
AuthuserFile /etc/httpd/mymima //用户认证文件的用户名和密码指定的文件所在位置
Require user xiaoming //指定这两个用户可以访问该服务器
</directory>
8、重新启动httpd服务
[root@bogon httpd]# systemctl restart httpd
Enter TLS private key passphrase for www.zuoye.com:443 (RSA) : ****** //输入密码
9、在虚拟机上添加此域名解析(/etc/hosts)
10、在主机上添加此域名解析(可用Notepad++打开C:\Windows\System32\drivers\etc\hosts文件进行修改)
11、测试