httpd安装、配置、编译&三种访问模式控制&https证书的安装&访问实例及排错
httpd依赖于apr-1.7.0,apr-util-1.6.1
//安装开发环境
//yum安装依赖包,主程序用源码安装
[root@localhost ~]# yum groups mark install "Development Tools" //安装开发工具包
[root@localhost ~]# useradd -r -M -s /sbin/nologin apache //创建系统用户Apache
[root@localhost ~]# id apache
uid=975(apache) gid=974(apache) 组=974(apache)
[root@localhost ~]# grep apache /etc/group
apache:x:974:
[root@localhost ~]# yum -y install openssl-devel pcre-devel expat-devel libtool //安装依赖包
[root@localhost ~]# dnf -y install wget
[root@localhost ~]# dnf -y install gcc gcc-c++
[root@localhost ~]# dnf -y install vim
[root@localhost ~]# dnf -y install make
使用wget下载apr-1.7.0,apr-util-1.6.1,httpd-2.4.54
[root@localhost ~]# wget https://downloads.apache.org/apr/apr-1.7.0.tar.gz
[root@localhost ~]# wget https://downloads.apache.org/apr/apr-util-1.6.1.tar.gz
[root@localhost ~]# wget https://downloads.apache.org/httpd/httpd-2.4.54.tar.gz
解压apr-1.7.0 apr-util-1.6.1 httpd-2.4.54
[root@localhost ~]# tar xf apr-1.7.0.tar.gz
[root@localhost ~]# tar xf apr-util-1.6.1.tar.gz
[root@localhost ~]# tar xf httpd-2.4.54.tar.gz
[root@localhost ~]# ls
公共 图片 音乐 apr-1.7.0 apr-1.7.0.tar.gz
模板 文档 桌面 apr-util-1.6.1 apr-util-1.6.1.tar.gz
视频 下载 httpd-2.4.54 httpd-2.4.54.tar.gz
anaconda-ks.cfg initial-setup-ks.cfg
安装apr-1.7.0 apr-util-1.6.1 httpd-2.4.54
[root@localhost ~]# cd apr-1.7.0/
[root@localhost apr-1.7.0]# vi configure
cfgfile="${ofile}T"
trap "$RM \"$cfgfile\"; exit 1" 1 2 15
# $RM "$cfgfile" //将此行注释,或删除
[root@localhost apr-1.7.0]# ./configure --prefix=/usr/local/apr
[root@localhost apr-1.7.0]# make -j 4
[root@localhost apr-1.7.0]# make install
[root@localhost ~]# cd apr-util-1.6.1
[root@localhost apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr //编译子包时需要告诉主包位置
[root@localhost apr-util-1.6.1]# make -j 4
[root@localhost apr-util-1.6.1]# make install
[root@localhost apr-util-1.6.1]# cd ../httpd-2.4.54/
[root@localhost httpd-2.4.54]# pwd
/root/httpd-2.4.54
[root@localhost httpd-2.4.54]# ./configure --prefix=/usr/local/apache \
--enable-so \
--enable-ssl \
--enable-cgi \
--enable-rewrite \
--with-zlib \
--with-pcre \
--with-apr=/usr/local/apr \
--with-apr-util=/usr/local/apr-util/ \
--enable-modules=most \
--enable-mpms-shared=all \
--with-mpm=prefork
[root@localhost httpd-2.4.54]# make -j 4
[root@localhost httpd-2.4.54]# make install
[root@localhost httpd-2.4.54]# cd
[root@localhost ~]# ls
公共 图片 音乐 apr-1.7.0 apr-util-1.6.1.tar.gz initial-setup-ks.cfg
模板 文档 桌面 apr-1.7.0.tar.gz httpd-2.4.54
视频 下载 anaconda-ks.cfg apr-util-1.6.1 httpd-2.4.54.tar.gz
[root@localhost ~]# ls /usr/local/
apache apr apr-util bin etc games include lib lib64 libexec sbin share src
[root@localhost ~]# cd /usr/local/apache/
[root@localhost apache]# ls
bin build cgi-bin conf error htdocs icons include logs man manual modules
设置环境变量
[root@localhost ~]# echo 'export PATH=/usr/local/apache/bin:$PATH' >/etc/profile.d/apache.sh
[root@localhost ~]# source /etc/profile.d/apache.sh
[root@localhost ~]# which httpd //查看httpd命令是否存在
/usr/local/apache/bin/httpd
[root@localhost ~]# which apachectl //查看apachectl命令是否存在
/usr/local/apache/bin/apachectl
做映射关系
[root@localhost apache]# ln -s /usr/local/apache/include /usr/include/apache //设置软链接,将include,链接到apache
[root@localhost apache]# vi /etc/man_db.conf //编辑man文档
#MANDATORY_MANPATH /usr/src/pvm3/man
#
MANDATORY_MANPATH /usr/man
MANDATORY_MANPATH /usr/share/man
MANDATORY_MANPATH /usr/local/share/man
MANDATORY_MANPATH /usr/local/apache/man //将此行添加到文档该处
关闭防火墙
[root@localhost]# systemctl disable --now firewalld.service //开机不自启并且立马关闭
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# systemctl status firewalld //查看状态
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabl>
Active: inactive (dead) since Sun 2022-04-17 00:38:50 CST; 1min 52s ago
Docs: man:firewalld(1)
Process: 1025 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited,>
Main PID: 1025 (code=exited, status=0/SUCCESS
[root@localhost ~]# setenforce 0 //关闭selinux并当前生效(0关闭,1开启)
[root@localhost ~]# getenforce
Permissive
[root@localhost ~]# vim /etc/selinux/config //编译selinux/config
SELINUX=enforcing>SELINUX=disabled //更改后永久关闭
[root@localhost ~]# ss -antl //查看80端口号是否开启
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
[root@localhost ~]# apachectl start //开启80端口号
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
[root@localhost ~]# ss -antl //再次查看发现80端口号已经开启
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
访问虚拟机的IP地址
[root@localhost ~]# apachectl stop //关闭
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
[root@localhost ~]# ss -antl //查看发现80端口已经关闭
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
取消警告信息
[root@localhost ~]# cd /usr/local/apache/
[root@localhost apache]# ls
bin(存放命令) build cgi-bin conf(放配置文件) error htdocs(存放网站) icons include logs(存放日志) man manual modules
[root@localhost apache]# cd conf/
[root@localhost conf]# ls
extra httpd.conf magic mime.types original
[root@localhost conf]# vim httpd.conf
#ServerName www.example.com:80 //将这一行前面的注释删掉
[root@localhost conf]# apachectl start //此时发现已经没有警告
[root@localhost conf]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
使用systemctl命令使用httpd
[root@localhost ~]# cd /usr/lib/systemd/system
[root@localhost system]# ls sshd.service
sshd.service
[root@localhost system]# cp sshd.service httpd.service //放service文件的位置进去后复制一份然后改名为httpd.service
[root@localhost system]# vim httpd.service //编辑这个文件
[Unit]
Description=OpenSSH server daemon //修改成Description=httpd server daemon
Documentation=man:sshd(8) man:sshd_config(5) //删除
After=network.target sshd-keygen.target
Wants=sshd-keygen.target //删除
[Service]
Type=notify //修改成Type=forking
EnvironmentFile=-/etc/crypto-policies/back-ends/opensshserver.config //删除
EnvironmentFile=-/etc/sysconfig/sshd //删除
ExecStart=/usr/sbin/sshd -D $OPTIONS $CRYPTO_POLICY //修改成ExecStart=/usr/local/apache/bin/apachectl start
ExecStop=/usr/local/apache/bin/apachectl stop //添加此行用作停止
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process //删除
Restart=on-failure //删除
RestartSec=42s //删除
[Install]
WantedBy=multi-user.target
[root@localhost system]# systemctl daemon-reload //重新加载
[root@localhost system]# cd
[root@localhost ~]# systemctl status httpd //发现已经有此服务
● httpd.service - httpd server daemont
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: inactive (dead) //服务显示默认关闭
[root@localhost ~]# systemctl start httpd //使用systemctl开启httpd服务
[root@localhost ~]# ss -antl //查看发现开启80端口成功
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
[root@localhost system]# systemctl enable --now httpd //设置开机自启
[root@localhost ~]# systemctl status httpd
● httpd.service - httpd server daemont
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2022-04-17 02:21:15 CST; 7min ago
Main PID: 71465 (httpd)
Tasks: 6 (limit: 4596)
Memory: 4.2M
CGroup: /system.slice/httpd.service
├─71465 /usr/local/apache/bin/httpd -k start
├─71466 /usr/local/apache/bin/httpd -k start
├─71467 /usr/local/apache/bin/httpd -k start
├─71468 /usr/local/apache/bin/httpd -k start
├─71469 /usr/local/apache/bin/httpd -k start
└─71470 /usr/local/apache/bin/httpd -k start
4月 17 02:21:15 localhost.localdomain systemd[1]: Starting httpd server daemont...
4月 17 02:21:15 localhost.localdomain systemd[1]: Started httpd server daemont.
配置三种不同的虚拟主机
IP地址访问
[root@localhost ~]# cd /usr/local/apache/conf/
[root@localhost conf]# ls
extra httpd.conf magic mime.types original
[root@localhost conf]# ls extra/
httpd-autoindex.conf httpd-languages.conf httpd-ssl.conf
httpd-dav.conf httpd-manual.conf httpd-userdir.conf
httpd-default.conf httpd-mpm.conf httpd-vhosts.conf
httpd-info.conf httpd-multilang-errordoc.conf proxy-html.conf
[root@localhost extra]# cd /usr/local/apache/htdocs/ //此目录为存放完网站的目录
[root@localhost htdocs]# mkdir hxwyy.example.com //创建一个目录用于存放网站
[root@localhost conf]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf //修改虚拟主机文件
[root@localhost conf]# vim /usr/local/apache/conf/httpd.conf //将此文件的下面一行 注释取消 让其包含虚拟主机文件 使其生效
Include conf/extra/httpd-vhosts.conf
[root@localhost conf]# systemctl restart httpd //重启服务
[root@localhost htdocs]# cd hxwyy.example.com/
[root@localhost hxwyy.example.com]# echo "123">index.html
[root@localhost hxwyy.example.com]# ls
index.html //创建网站的此时页面
访问ip地址成功
ip加端口号访问
相同ip不同端口
[root@localhost ~]# cd /usr/local/apache/htdocs/
[root@localhost htdocs]# mkdir mgjmg.example.com //创建一个新的存放网站的目录
[root@localhost htdocs]# ls
hxwyy.example.com index.html mgjmg.example.com
[root@localhost htdocs]# cd mgjmg.example.com/
[root@localhost mgjmg.example.com]# echo "linux" > index.html //创建一个新的测试文件
[root@localhost mgjmg.example.com]# cat index.html
linux
[root@localhost ~]# cd /usr/local/apache/conf/extra/
[root@localhost extra]# vim httpd-vhosts.conf
[root@localhost extra]# cat httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/hxwyy.example.com"
ServerName hxwyy.example.com
ErrorLog "logs/hxwyy.example.com-error_log"
CustomLog "logs/hxwyy.example.com-access_log" common
</VirtualHost>
Listen 81 //为其添加81的监听
<VirtualHost *:81> //将端口号修改为81
DocumentRoot "/usr/local/apache/htdocs/mgjmg.example.com"
ServerName mgjmg.example.com
ErrorLog "logs/mgjmg.example.com-error_log"
CustomLog "logs/mgjmg.example.com-access_log" common
</VirtualHost>
[root@localhost extra]# systemctl restart httpd.service //重启服务
[root@localhost extra]# ss -antl //查看端口号出现了两个端口80 81
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 127.0.0.1:6010 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:81 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
LISTEN 0 128 [::1]:6010 [::]:*
再次输入IP地址
加上端口号即使可访问不同的测试页面
81端口号
80端口号
80是默认的可以不需要接端口号
不同ip访问
不同ip相同端口
[root@localhost extra]# ip addr add 192.168.47.129/24 dev ens33 //为ens33添加一个新的ip 此添加为临时添加
[root@localhost extra]# ip addr show ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:2a:62:e5 brd ff:ff:ff:ff:ff:ff
inet 192.168.47.128/24 brd 192.168.47.255 scope global dynamic noprefixroute ens33
valid_lft 1776sec preferred_lft 1776sec
inet 192.168.47.129/24 scope global secondary ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe2a:62e5/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@localhost extra]# vim httpd-vhosts.conf
[root@localhost extra]# cat httpd-vhosts.conf
<VirtualHost 192.168.47.128:80> //修为固定ip
DocumentRoot "/usr/local/apache/htdocs/hxwyy.example.com"
ServerName hxwyy.example.com
ErrorLog "logs/hxwyy.example.com-error_log"
CustomLog "logs/hxwyy.example.com-access_log" common
</VirtualHost>
<VirtualHost 192.168.47.129:80> //修改为新添加的ip端口号改为80
DocumentRoot "/usr/local/apache/htdocs/mgjmg.example.com"
ServerName mgjmg.example.com
ErrorLog "logs/mgjmg.example.com-error_log"
CustomLog "logs/mgjmg.example.com-access_log" common
</VirtualHost>
[root@localhost extra]# systemctl restart httpd.service //重启服务
192.168.47.128 的测试页面
192.168.47.129 的测试页面
相同ip端口不同域名
[root@localhost extra]# vim httpd-vhosts.conf
[root@localhost extra]# cat httpd-vhosts.conf
<VirtualHost *:80> //将原来的固定IP修改为*
DocumentRoot "/usr/local/apache/htdocs/hxwyy.example.com"
ServerName hxwyy.example.com //此处是域名
ErrorLog "logs/hxwyy.example.com-error_log"
CustomLog "logs/hxwyy.example.com-access_log" common
</VirtualHost>
<VirtualHost *:80> //将原来的固定IP修改为*
DocumentRoot "/usr/local/apache/htdocs/mgjmg.example.com"
ServerName mgjmg.example.com //此处是域名
ErrorLog "logs/mgjmg.example.com-error_log"
CustomLog "logs/mgjmg.example.com-access_log" common
</VirtualHost>
域名是无法访问的需要修改hosts文件
路径: C:\Windows\System32\drivers\etc
hosts文件内添加这两行
192.168.47.128 hxwyy.example.com
192.168.47.129 mgjmg.example.com
hxwyy.example.com域名访问
mgjmg.example.com域名访问
配置拒指定ip访问
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/hxwyy.example.com"
ServerName hxwyy.example.com
ErrorLog "logs/hxwyy.example.com-error_log"
CustomLog "logs/hxwyy.example.com-access_log" common
</VirtualHost>
<Directory "/usr/local/apache/htdocs/hxwyy.example.com"> //添加要拒绝的网站存放位置
<RequireAll>
Require not ip 192.168.47.1 //添加要拒绝的ip
Require all granted
</RequireAll>
</Directory>
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/mgjmg.example.com"
ServerName mgjmg.example.com
ErrorLog "logs/mgjmg.example.com-error_log"
CustomLog "logs/mgjmg.example.com-access_log" common
</VirtualHost>
[root@localhost extra]# systemctl restart httpd.service //
mgjmg.example.com是没有做拒绝的所以可以访问
mgjmg.example.com对192.168.47.1(主机)所以无法访问
配置https步骤
[root@localhost conf]# vim httpd.conf //源码安装的服务模块在httpd.conf文件里
LoadModule ssl_module modules/mod_ssl.so //注释掉这一行
生成证书
openssl实现私有CA:
[root@localhost ~]# cd /etc/pki/
[root@localhost pki]# mkdir CA
[root@localhost pki]# cd CA/
[root@localhost CA]# mkdir private
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048) //在private目录下生成私钥文件
Generating RSA private key, 2048 bit long modulus (2 primes)
.....................................................+++++
..............+++++
e is 65537 (0x010001)
[root@localhost CA]# ls private/
cakey.pem
[root@localhost CA]# openssl rsa -in private/cakey.pem -pubout
writing RSA key //查看公钥
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzImoXl90+hG4T/3l8TJ2
vsSKWWXN2nuWWa05yBNA+GznsQL5xRxQhjAirjv1aP2mHLAuiecnaVgvC1Fx2fBR
yWyZDM8xUAbbm/LvNwj98jcbZYdO+nyNXSBEPe+eOx8lsdeZ/Q1adrFYnpZoOcmA
PH6AukIT5KmllY1l2m+cqTYAz5SoaKjZeT7xXpWC2hMjByQkrdfnEaf4FFn/LnSs
9wlcTWWI3xrSOG2AdaV+duYE0r7kFqg3Qzmu05hRDEML/jyMza8yyFtguyhyYi/n
czcGrPEaos3s6+FEcP5EjO16JJyvsFzDSihJRYZ+0GgX93cb0YBu2IfdwCR7XEnF
YQIDAQAB
-----END PUBLIC KEY-----
CA生成自签署证书
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 //生成一个证书 有效日期为365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN //国家
State or Province Name (full name) []:HB //省份
Locality Name (eg, city) [Default City]:WH //市
Organization Name (eg, company) [Default Company Ltd]:kurumi //公司
Organizational Unit Name (eg, section) []:kurumi //单位
Common Name (eg, your name or your server's hostname) []:mgjmg.example.com //域名
Email Address []:1@123.com //邮箱
[root@localhost CA]# mkdir certs newcerts crl
[root@localhost CA]# touch index.txt && echo 01 > serial
服务器生成httpd密钥
[root@localhost CA]# cd /usr/local/apache/conf/
[root@localhost conf]# ls
extra httpd.conf magic mime.types original
[root@localhost conf]# mkdir ssl
[root@localhost conf]# cd ssl/
[root@localhost ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
...............+++++
....................................................................................................+++++
e is 65537 (0x010001)
服务器生成证书签署请求
[root@localhost ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:kurumi
Organizational Unit Name (eg, section) []:kurumi
Common Name (eg, your name or your server's hostname) []: mgjmg.example.com
Email Address []:1@123.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@localhost ssl]# ls
httpd.csr httpd.key
CA签署客户端提交上来的证书
[root@localhost ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Apr 16 23:55:00 2022 GMT
Not After : Apr 16 23:55:00 2023 GMT
Subject:
countryName = CN
stateOrProvinceName = HB
organizationName = kurumi
organizationalUnitName = kurumi
commonName = web.example.com
emailAddress = 1@123.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
29:9C:D0:27:4B:0A:F2:C4:3F:16:64:FF:10:25:17:B5:2D:8C:8B:95
X509v3 Authority Key Identifier:
keyid:06:4C:FC:24:29:DF:6F:27:2F:F3:0D:7C:E5:33:DC:C1:3C:D2:F3:6D
Certificate is to be certified until Apr 16 23:55:00 2023 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@localhost ssl]# ls
httpd.crt httpd.csr httpd.key
在httpd-vhosts.conf中配置虚拟主机
在httpd-ssl.conf中配置证书的位置
[root@localhost ssl]# cd /usr/local/apache/conf/
[root@localhost conf]# vim httpd.conf //取消注释 让其包含
Include conf/extra/httpd-ssl.conf
[root@localhost conf]# vim extra/httpd-ssl.conf
DocumentRoot "/usr/local/apache/htdocs/mgjmg.example.com" //修改为证书的域名
ServerName mgjmg.example.com:443 //修改
ServerAdmin you@example.com
ErrorLog "/usr/local/apache/logs/error_log"
TransferLog "/usr/local/apache/logs/access_log"
SSLCertificateFile "/usr/local/apache/conf/ssl/httpd.crt" //修改httpdctl的路径
SSLCertificateKeyFile "/usr/local/apache/conf/ssl/httpd.key" //修改httpd.key的路径
检查配置文件是否有语法错误
如果报错AH00526: Syntax error on line 92
检查语法发现有一个模块未打开(选择性)
[root@localhost conf]# httpd -t
AH00526: Syntax error on line 92 of /usr/local/apache/conf/extra/httpd-ssl.conf:
SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).
[root@localhost conf]# vim extra/httpd-ssl.conf
检查配置文件是否有语法错误
如果报错AH00526: Syntax error on line 32
检查语法发现第 32 行的语法错误(选择性)
[root@localhost conf]# httpd -t
AH00526: Syntax error on line 32 of /usr/local/apache/conf/extra/httpd-vhosts.conf:
Unknown Authz provider: ip192.168.47.1
//AH00526:/usr/local/apache/conf/extra/httpd-vhosts.conf 第 32 行的语法错误:
未知的 Authz 提供商: ip192.168.47.1
[root@localhost conf]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf //修改配置文件
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/hxwyy.example.com"
ServerName hxwyy.example.com
ErrorLog "logs/hxwyy.example.com-error_log"
CustomLog "logs/hxwyy.example.com-access_log" common
</VirtualHost>
<Directory "/usr/local/apache/htdocs/hxwyy.example.com"> //删除
<RequireAll> //删除
Require not ip 192.168.47.1 //删除
Require all granted //删除
</RequireAll>
</Directory> //删除
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/mgjmg.example.com"
ServerName mgjmg.example.com
ErrorLog "logs/mgjmg.example.com-error_log"
CustomLog "logs/mgjmg.example.com-access_log" common
</VirtualHost>
[root@localhost conf]# httpd -t //再次检测成功
Syntax OK
[root@localhost conf]# systemctl restart httpd //重启服务
[root@localhost conf]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 127.0.0.1:6010 0.0.0.0:*
LISTEN 0 128 127.0.0.1:6011 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
LISTEN 0 128 [::1]:6010 [::]:*
LISTEN 0 128 *:443 *:*
LISTEN 0 128 [::1]:6011 [::]:*
此时可以使用https访问
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· TypeScript + Deepseek 打造卜卦网站:技术与玄学的结合
· Manus的开源复刻OpenManus初探
· AI 智能体引爆开源社区「GitHub 热点速览」
· 从HTTP原因短语缺失研究HTTP/2和HTTP/3的设计差异
· 三行代码完成国际化适配,妙~啊~