配置https虚拟主机

配置https步骤

生成证书

openssl实现私有CA参考

配置httpd.conf，取消以下内容的注释

     LoadModule ssl_module modules/mod_ssl.so
     Include /etc/httpd24/extra/httpd-ssl.conf

 [root@node2 conf]# vim httpd.conf
 ...
 #LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
 LoadModule ssl_module modules/mod_ssl.so
 #LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
 #LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
 ...
 # Secure (SSL/TLS) connections
 Include conf/extra/httpd-ssl.conf
 #
 # Note: The following must must be present to support
 ...
 [root@node2 conf]# 

在httpd-ssl.conf中配置证书的位置

 [root@node2 conf]# cd extra/
 [root@node2 extra]# ls
 httpd-autoindex.conf  httpd-languages.conf           httpd-ssl.conf
 httpd-dav.conf        httpd-manual.conf              httpd-userdir.conf
 httpd-default.conf    httpd-mpm.conf                 httpd-vhosts.conf
 httpd-info.conf       httpd-multilang-errordoc.conf  proxy-html.conf
 [root@node2 extra]# vim httpd-ssl.conf 
 <VirtualHost _default_:443>
 ​
 #   General setup for the virtual host
 DocumentRoot "/usr/local/apache/htdocs/www.mashuangle.com"
 ServerName www.mashuangle.com:443
 ServerAdmin you@example.com
 ErrorLog "/usr/local/apache/logs/www.mashuangle_error_log"
 TransferLog "/usr/local/apache/logs/www.mashuangle_access_log"
 ​
 #   SSL Engine Switch:
 #   Enable/Disable SSL for this virtual host.
 ...
 SSLCertificateFile "/usr/local/apache/conf/ssl/httpd.crt"
 #SSLCertificateFile "/usr/local/apache/conf/server-dsa.crt"
 #SSLCertificateFile "/usr/local/apache/conf/server-ecc.crt"
 ​
 #   Server Private Key:
 #   If the key is not combined with the certificate, use this
 #   directive to point at the key file.  Keep in mind that if
 #   you've both a RSA and a DSA private key you can configure
 #   both in parallel (to also allow the use of DSA ciphers, etc.)
 #   ECC keys, when in use, can also be configured in parallel
 SSLCertificateKeyFile "/usr/local/apache/conf/ssl/httpd.key"

检查配置文件是否有语法错误

 [root@node2 ~]# systemctl  restart httpd
 Job for httpd.service failed because the control process exited with error code.
 See "systemctl status httpd.service" and "journalctl -xe" for details.
 [root@node2 ~]# httpd -t
 AH00526: Syntax error on line 92 of /usr/local/apache/conf/extra/httpd-ssl.conf:
 SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).
 [root@node2 ~]# cd /usr/local/apache/conf
 [root@node2 conf]# ls
 extra  httpd.conf  magic  mime.types  original  ssl
 [root@node2 conf]# vim httpd.conf 
 #LoadModule cache_disk_module modules/mod_cache_disk.so
 #LoadModule cache_socache_module modules/mod_cache_socache.so
 LoadModule socache_shmcb_module modules/mod_socache_shmcb.so #取消此行注释
 #LoadModule socache_dbm_module modules/mod_socache_dbm.so
 [root@node2 htdocs]# httpd -t
 Syntax OK

启动或重启服务

 [root@node2 ~]# systemctl restart httpd
 [root@node2 ~]# ss -antl
 State    Recv-Q   Send-Q     Local Address:Port       Peer Address:Port   Process   
 LISTEN   0        128              0.0.0.0:111             0.0.0.0:*                
 LISTEN   0        128              0.0.0.0:22              0.0.0.0:*                
 LISTEN   0        128                 [::]:111                [::]:*                
 LISTEN   0        128                    *:8080                  *:*                
 LISTEN   0        128                    *:80                    *:*                
 LISTEN   0        128                 [::]:22                 [::]:*                
 LISTEN   0        128                    *:443                   *:*  

使用域名访问