Linux_配置加密的https
一、配置https
1、安装好httpd服务后,安装mod_ssl模块
//首先查看是否安装mod_ssl [root@localhost ~]# rpm -qa | grep mod_ssl //安装mod_ssl模块 [root@localhost ~]# yum install -y mod_ssl ........... Installed: mod_ssl-1:2.4.37-16.module+el8.1.0+4134+e6bad0ed.x86_64 sscg-2.3.3-6.el8.x86_64 Complete!
2、在/etc/httpd/conf.modules.d/目录查看是否z自动生成00-ssl.conf文件
[root@localhost ~]# cd /etc/httpd/conf.modules.d/ [root@localhost conf.modules.d]# ls 00-base.conf 00-dav.conf 00-lua.conf 00-mpm.conf 00-optional.conf 00-proxy.conf 00-ssl.conf 00-systemd.conf 01-cgi.conf 10-h2.conf 10-proxy_h2.conf README //查看00-ssl.conf里面,如下内容是否取消了注释,如果没有就取消注释 LoadModule ssl_module modules/mod_ssl.so
3、生成证书
4、在/etc/httpd/conf.d/ssl.conf文件里配置证书的位置
[root@localhost ~]# cd /etc/httpd/conf.d/ [root@localhost conf.d]# ls autoindex.conf httpd-vhosts.conf README ssl.conf userdir.conf welcome.conf [root@localhost conf.d]# vim ssl.conf .......... DocumentRoot "/var/www/html/test1" //取消该行的注释,修主目录的位置 ServerName www.qiangge.com:443 //取消该行的注释,修改域名(主机名) .......... SSLCertificateFile /etc/httpd/ssl/httpd.crt //修改http存放证书的绝对路径 .......... SSLCertificateKeyFile /etc/httpd/ssl/httpd.key //修改http存放密钥文件的绝对路径 ..........
5、重启httpd服务
//首先检测配置文件语法是否出错
[root@localhost ~]# httpd -t
Syntax OK
//重启httpd服务
[root@localhost ~]# systemctl restart httpd
[root@localhost ~]# ss -antlp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=1020,fd=4))
LISTEN0 128 *:80 *:* users:(("httpd",pid=19290,fd=4),("httpd",pid=19289,fd=4),("httpd",pid=19288,fd=4),("httpd",pid=19286,fd=4))
LISTEN0 128 [::]:22 [::]:* users:(("sshd",pid=1020,fd=6))
LISTEN0 128 *:443 *:* users:(("httpd",pid=19290,fd=9),("httpd",pid=19289,fd=9),("httpd",pid=19288,fd=9),("httpd",pid=19286,fd=9))
//443端口已经监听,说明https配置成功
6、浏览器使用https访问
