目录
一、创建用户账号
用户认证
# 创建两个账户
[root@localhost ~]# htpasswd -c /etc/httpd/zhanghao tom
New password:
Re-type new password:
Adding password for user tom
[root@localhost ~]# htpasswd /etc/httpd/zhanghao jerry
New password:
Re-type new password:
Adding password for user jerry
# 查看是否创建成功
[root@localhost ~]# tail /etc/httpd/zhanghao
tom:$apr1$2s/wloz6$G0SlGTKB62a4.2gJmy.AL.
jerry:$apr1$lOxB9Dtq$tOTaJ35Jtt8dWouHbjgWi1
二、TLS加密
1.下载mod_ssl
[root@localhost ~]# yum install mod_ssl -y
注意:下载软件,需要配置仓库和挂载,如有需要可以查看本人前面所写的文章
2.tls加密:
# 创建密钥
[root@localhost certs]# openssl genrsa -aes128 2048 > jiami.key
# 输入密码
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
# 创建证书
[root@localhost certs]# openssl req -utf8 -new -key jiami.key -x509 -days 100 -out jiami.crt
Enter pass phrase for jiami.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:86 # 国家
State or Province Name (full name) []:shaanxi # 省份
Locality Name (eg, city) [Default City]:xi'an # 城市
Organization Name (eg, company) [Default Company Ltd]:rhce # 组织
Organizational Unit Name (eg, section) []:peihua # 组织单元
Common Name (eg, your name or your server's hostname) []:www.hehe.com # 主机名!!!
Email Address []:admin@hehe.com # 邮箱
3.移动密钥位置
# 移动密钥位置
[root@localhost certs]# cd /etc/pki/tls/certs
# 密钥位置为/etc/pki/tls/private/jiami.key
[root@localhost certs]# mv jiami.key ../private/4.修改/etc/httpd/conf.d/ssl.conf文件
SSLCertificateFile /etc/pki/tls/certs/jiami.crt
SSLCertificateKeyFile /etc/pki/tls/private/jiami.key修改为自己创建的密钥和证书
三、配置http服务子配置文件
[root@localhost certs]# vim /etc/httpd/conf.d/vhost.conf
# 重启服务时需要输入创建tls时的密码
[root@localhost certs]# systemctl restart httpd
🔐 Enter TLS private key passphrase for www.hehe.com:443 (RSA) : ******
文件内容:
<directory /www>
allowoverride none
require all granted
</directory>
# 用户认证
<directory /usr/local/secret>
authtype basic
authname "Please input your passwd: "
authuserfile /etc/httpd/zhanghao
require user tom jerry
</directory>
# tls加密,地址为自己的主机地址,端口为443代表https服务
<virtualhost 192.168.198.151:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/jiami.crt
SSLCertificateKeyFile /etc/pki/tls/private/jiami.key
documentroot /www/hehe
servername www.hehe.com
alias /hehe /usr/local/secret
</virtualhost>重启http服务
systemctl restart httpd四、创建访问http服务的文件夹以及输入重定向到文件
[root@localhost certs]# mkdir /www
[root@localhost certs]# mkdir /www/hehe
[root@localhost certs]# mkdir /usr/local/secret
[root@localhost certs]# echo hehe > /www/hehe/index.html
[root@localhost certs]# echo secret > /usr/local/secret/index.html
五、配置Linux本地仓库以及Windows下的本地仓库
1.Linux本地仓库(/etc/hosts)
[root@localhost certs]# vim /etc/hosts
192.168.198.151 www.hehe.com2.配置Windows中的本地仓库
如果需要在浏览器中测试需要配置Windows本地仓库(C:\Windows\System32\drivers\etc\hosts)
2.1 win+r打开运行窗口
2.2ctrl+shift+enter,以管理员方式运行
2.3 输入"notepad",会跳出记事本
2.4 打开文件
2.5 选择/windows/system32/drivers/etc/hosts
2.6 将代码加入到hosts文件中
192.168.198.151 www.hehe.com六、基础操作
[root@localhost certs]# systemctl stop firewalld
[root@localhost certs]# setenforce 0
# 修改过子配置文件,都需要重启http服务,生效
[root@localhost certs]# systemctl restart httpd七、测试
