搭建一个基于https://www.zuoye.com:4443访问的web网站,网站首页在/www/https/,内容为zuoye
手动配置yum源
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# vim haha.repo
[root@localhost yum.repos.d]# cat haha.repo
[1]
name=app
baseurl=file:///mnt/AppStream
gpgcheck=0
[2]
name=base
baseurl=file:///mnt/BaseOS
gpgcheck=0
连接光盘
点击连接
[root@localhost ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: device write-protected, mounted read-only.
[root@localhost ~]# df -TH //查看是否挂载成功
Filesystem Type Size Used Avail Use% Mounted on
devtmpfs devtmpfs 915M 0 915M 0% /dev
tmpfs tmpfs 945M 0 945M 0% /dev/shm
tmpfs tmpfs 945M 11M 934M 2% /run
tmpfs tmpfs 945M 0 945M 0% /sys/fs/cgroup
/dev/mapper/rhel-root xfs 19G 4.5G 14G 25% /
/dev/nvme0n1p1 xfs 1.1G 241M 824M 23% /boot
tmpfs tmpfs 189M 1.3M 188M 1% /run/user/42
tmpfs tmpfs 189M 4.8M 185M 3% /run/user/0
/dev/sr0 iso9660 8.5G 8.5G 0 100% /mnt
关闭防火墙和selinux
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
[root@localhost ~]# getenforce
Permissive
手动配置IP地址
[root@localhost ~]# route -n //查看网关
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.189.22 0.0.0.0 UG 100 0 0 ens160
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
192.168.189.0 0.0.0.0 255.255.255.0 U 100 0 0 ens160
[root@localhost ~]# nmcli connection //查看网卡名
NAME UUID TYPE DEVICE
ens160 281b4262-c770-4c2b-b0c5-ff7345f6c8b6 ethernet ens160
virbr0 756502e4-ad60-461f-a121-966634a7d937 bridge virbr0
[root@localhost ~]# nmcli connection modify ens160 ipv4.addresses 192.168.189.10/24 ipv4.gateway 192.168.189.22 ipv4.dns 192.168.189.22 ipv4.method manual autoconnect yes
安装包
[root@localhost ~]# yum install httpd mod_ssl -y
开始http服务
[root@localhost ~]# systemctl start httpd
编辑配置文件
[root@localhost httpd]# cd /etc/httpd/conf.d/
[root@localhost conf.d]# vim zuoye.conf
[root@localhost conf.d]# cat zuoye.conf
listen 4443
<virtualhost 192.168.189.10:4443>
documentroot /www/https
servername www.zuoye.com
</virtualhost>
<directory /www/https>
allowoverride none
require all granted
</directory>
[root@localhost conf.d]# mkdir -p /www/https //创建目录
[root@localhost conf.d]# echo zuoye > /www/https/index.html //在访问页面写入作业
[root@localhost conf.d]# systemctl restart httpd //重启httpd服务
测试http服务是否成功
[root@localhost conf.d]# curl www.zuoye.com:4443
zuoye //显示成功
生成私钥文件
[root@localhost conf.d]# openssl genrsa -aes128 2048 > hehe.key 重定向符号到指定文件
Generating RSA private key, 2048 bit long modulus (2 primes)
..........+++++
.............................................+++++
e is 65537 (0x010001)
Enter pass phrase:
Verifying - Enter pass phrase:
[root@localhost conf.d]# ll //查看文件是否生成
total 36
-rw-r--r--. 1 root root 2926 Dec 2 2019 autoindex.conf
-rw-r--r--. 1 root root 1766 Oct 15 15:25 hehe.key
-rw-r--r--. 1 root root 400 Dec 2 2019 README
-rw-r--r--. 1 root root 8720 Dec 2 2019 ssl.conf
-rw-r--r--. 1 root root 1252 Dec 2 2019 userdir.conf
-rw-r--r--. 1 root root 516 Dec 2 2019 welcome.conf
-rw-r--r--. 1 root root 190 Oct 15 15:16 zuoye.conf
针对上面的私钥生成公钥文件
[root@localhost conf.d]# openssl req -utf8 -new -key hehe.key -x509 -days 365 -out haha.crt -set_serial 0
Enter pass phrase for hehe.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:nj
Locality Name (eg, city) [Default City]:x
Organization Name (eg, company) [Default Company Ltd]:dl
Organizational Unit Name (eg, section) []:cd
Common Name (eg, your name or your server's hostname) []:[email protected]
Email Address []:[email protected]
[root@localhost conf.d]# ll //查看文件是否生成
total 40
-rw-r--r--. 1 root root 2926 Dec 2 2019 autoindex.conf
-rw-r--r--. 1 root root 1387 Oct 15 15:38 haha.crt
-rw-r--r--. 1 root root 1766 Oct 15 15:25 hehe.key
-rw-r--r--. 1 root root 400 Dec 2 2019 README
-rw-r--r--. 1 root root 8720 Dec 2 2019 ssl.conf
-rw-r--r--. 1 root root 1252 Dec 2 2019 userdir.conf
-rw-r--r--. 1 root root 516 Dec 2 2019 welcome.conf
-rw-r--r--. 1 root root 190 Oct 15 15:16 zuoye.conf
重新编辑配置文件
[root@localhost conf.d]# vim zuoye.conf
[root@localhost conf.d]# cat zuoye.conf
listen 4443
<virtualhost 192.168.189.10:4443>
sslengine on
documentroot /www/https
servername www.zuoye.com
SSLCertificateFile /etc/httpd/conf.d/haha.crt
ssLCertificateKeyFile /etc/httpd/conf.d/hehe.key
</virtualhost>
<directory /www/https>
allowoverride none
require all granted
</directory>
[root@localhost conf.d]# systemctl restart httpd //重启httpd服务
Enter TLS private key passphrase for www.zuoye.com:443 (RSA) : //输入私钥的密码
测试
[root@localhost conf.d]# curl https://www.zuoye.com:4443 -k //自己访问自己
zuoye //成功
客户端访问服务器