搭建静态网站——基于https协议的静态网站

搭建一个基于https://www.zuoye.com:4443访问的web网站，网站首页在/www/https/，内容为zuoye

手动配置yum源

[root@localhost ~]# cd /etc/yum.repos.d/   
[root@localhost yum.repos.d]# vim haha.repo
[root@localhost yum.repos.d]# cat haha.repo
[1]
name=app
baseurl=file:///mnt/AppStream
gpgcheck=0

[2]
name=base
baseurl=file:///mnt/BaseOS
gpgcheck=0

连接光盘
点击连接

[root@localhost ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: device write-protected, mounted read-only.
[root@localhost ~]# df -TH   //查看是否挂载成功
Filesystem            Type      Size  Used Avail Use% Mounted on
devtmpfs              devtmpfs  915M     0  915M   0% /dev
tmpfs                 tmpfs     945M     0  945M   0% /dev/shm
tmpfs                 tmpfs     945M   11M  934M   2% /run
tmpfs                 tmpfs     945M     0  945M   0% /sys/fs/cgroup
/dev/mapper/rhel-root xfs        19G  4.5G   14G  25% /
/dev/nvme0n1p1        xfs       1.1G  241M  824M  23% /boot
tmpfs                 tmpfs     189M  1.3M  188M   1% /run/user/42
tmpfs                 tmpfs     189M  4.8M  185M   3% /run/user/0
/dev/sr0              iso9660   8.5G  8.5G     0 100% /mnt

关闭防火墙和selinux

[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
[root@localhost ~]# getenforce
Permissive

手动配置IP地址

[root@localhost ~]# route -n //查看网关
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.189.22  0.0.0.0         UG    100    0        0 ens160
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
192.168.189.0   0.0.0.0         255.255.255.0   U     100    0        0 ens160
[root@localhost ~]# nmcli connection //查看网卡名
NAME    UUID                                  TYPE      DEVICE 
ens160  281b4262-c770-4c2b-b0c5-ff7345f6c8b6  ethernet  ens160 
virbr0  756502e4-ad60-461f-a121-966634a7d937  bridge    virbr0
[root@localhost ~]# nmcli connection modify ens160 ipv4.addresses 192.168.189.10/24   ipv4.gateway  192.168.189.22  ipv4.dns 192.168.189.22 ipv4.method manual autoconnect yes

安装包

[root@localhost ~]# yum install httpd mod_ssl -y

开始http服务

[root@localhost ~]# systemctl start httpd

编辑配置文件

[root@localhost httpd]# cd /etc/httpd/conf.d/
[root@localhost conf.d]# vim zuoye.conf
[root@localhost conf.d]# cat zuoye.conf
listen 4443
<virtualhost 192.168.189.10:4443>
	documentroot /www/https
	servername www.zuoye.com
</virtualhost>

<directory /www/https>
	allowoverride none
	require all granted
</directory>
[root@localhost conf.d]# mkdir -p /www/https  //创建目录
[root@localhost conf.d]# echo zuoye > /www/https/index.html  //在访问页面写入作业
[root@localhost conf.d]# systemctl restart httpd  //重启httpd服务

测试http服务是否成功

[root@localhost conf.d]# curl www.zuoye.com:4443
zuoye		//显示成功

生成私钥文件

[root@localhost conf.d]# openssl genrsa -aes128 2048 > hehe.key   重定向符号到指定文件
Generating RSA private key, 2048 bit long modulus (2 primes)
..........+++++
.............................................+++++
e is 65537 (0x010001)
Enter pass phrase:
Verifying - Enter pass phrase:
[root@localhost conf.d]# ll		//查看文件是否生成
total 36
-rw-r--r--. 1 root root 2926 Dec  2  2019 autoindex.conf
-rw-r--r--. 1 root root 1766 Oct 15 15:25 hehe.key
-rw-r--r--. 1 root root  400 Dec  2  2019 README
-rw-r--r--. 1 root root 8720 Dec  2  2019 ssl.conf
-rw-r--r--. 1 root root 1252 Dec  2  2019 userdir.conf
-rw-r--r--. 1 root root  516 Dec  2  2019 welcome.conf
-rw-r--r--. 1 root root  190 Oct 15 15:16 zuoye.conf

针对上面的私钥生成公钥文件

[root@localhost conf.d]# openssl req -utf8 -new -key hehe.key  -x509 -days 365 -out haha.crt -set_serial 0
Enter pass phrase for hehe.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:nj
Locality Name (eg, city) [Default City]:x
Organization Name (eg, company) [Default Company Ltd]:dl
Organizational Unit Name (eg, section) []:cd
Common Name (eg, your name or your server's hostname) []:[email protected]
Email Address []:[email protected]
[root@localhost conf.d]# ll		//查看文件是否生成
total 40
-rw-r--r--. 1 root root 2926 Dec  2  2019 autoindex.conf
-rw-r--r--. 1 root root 1387 Oct 15 15:38 haha.crt
-rw-r--r--. 1 root root 1766 Oct 15 15:25 hehe.key
-rw-r--r--. 1 root root  400 Dec  2  2019 README
-rw-r--r--. 1 root root 8720 Dec  2  2019 ssl.conf
-rw-r--r--. 1 root root 1252 Dec  2  2019 userdir.conf
-rw-r--r--. 1 root root  516 Dec  2  2019 welcome.conf
-rw-r--r--. 1 root root  190 Oct 15 15:16 zuoye.conf

重新编辑配置文件

[root@localhost conf.d]# vim zuoye.conf
[root@localhost conf.d]# cat zuoye.conf
listen 4443
<virtualhost 192.168.189.10:4443>
	sslengine on
	documentroot /www/https
	servername www.zuoye.com
SSLCertificateFile /etc/httpd/conf.d/haha.crt
ssLCertificateKeyFile /etc/httpd/conf.d/hehe.key

</virtualhost>

<directory /www/https>
	allowoverride none
	require all granted
</directory>
[root@localhost conf.d]# systemctl restart httpd  //重启httpd服务
Enter TLS private key passphrase for www.zuoye.com:443 (RSA) :  //输入私钥的密码

测试

[root@localhost conf.d]# curl https://www.zuoye.com:4443 -k  //自己访问自己
zuoye		//成功

客户端访问服务器