一:环境配置
[root@localhost ~]# cd /media/cdrom/Packages/
[root@localhost Packages]# yum –disablerepo=* –enablerepo=c7-media install httpd -y
[root@localhost Packages]# yum –disablerepo=* –enablerepo=c7-media install psmisc -y
二:来源控制
只让其来访问,不让其它来访问
[root@localhost Packages]# vim /etc/httpd/conf/httpd.conf
[root@localhost Packages]# systemctl restart httpd
[root@localhost ~]# lynx http://192.168.159.135
[root@localhost Packages]# yum –disablerepo=* –enablerepo=c7-media install lynx -y
不让其来访问,让其它来访问
[root@localhost Packages]# vim /etc/httpd/conf/httpd.conf
[root@localhost Packages]# systemctl restart httpd
[root@localhost ~]# lynx http://192.168.159.135
三:身份验证
[root@localhost html]# vim .htaccess
[root@localhost html]# cat .htaccess
authuserfile /var/www/html/.htpasswd
[root@localhost html]# htpasswd -c .htpasswd zhangsan #建立账号库
New password:
Re-type new password:
Adding password for user zhangsan
[root@localhost html]# cat .htpasswd
[root@localhost html]# htpasswd .htpasswd lisi #加入新身份
New password:
Re-type new password:
Adding password for user lisi
[root@localhost html]# cat .htpasswd
zhangsan:
apr1
a
p
r
1
vzEoNd2l
Sstcce2L1O0765a8fl4w9/lisi:
S
s
t
c
c
e
2
L
1
O
0765
a
8
f
l
4
w
9
/
l
i
s
i
:
apr1
a39pYSnB
a
39
p
Y
S
n
B
PDD8yTn1Bzeb2WUzBnZFt1
打开身份验证
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
[root@localhost ~]# service httpd restart
点击取消:
[root@localhost html]# lynx http://192.168.159.135
四:加密访问
[root@localhost ~]# yum –disablerepo=* –enablerepo=c7-media install httpd -y
[root@localhost ~]# cd /etc/pki/CA/
[root@localhost CA]# touch index.txt
[root@localhost CA]# touch serial
[root@localhost CA]# echo “01” >serial
1 :办理CA的权限
修改/etc/pki/CA/tls/openssl.conf
[root@localhost ~]# cd /etc/pki
[root@localhost pki]# vim /etc/pki/tls/openssl.cnf
产生私钥
[root@localhost CA]# openssl genrsa 1024 >private/cakey.pem
[root@localhost CA]# vim private/cakey.pem
[root@localhost CA]# chmod 600 private/cakey.pem #加密
产生CA的证书
[root@localhost CA]# openssl req -new -key private/cakey.pem -x509 -out cacert.pem
2:办理自己的权限
[root@localhost CA]# yum –disablerepo=* –enablerepo=c7-media install mod_ssl -y
产生私钥
[root@localhost pki]# mkdir /etc/httpd/certs #创建新文件
[root@localhost pki]# cd /etc/httpd/certs
[root@localhost certs]# openssl genrsa 1024 >httpd.key #产生私钥
[root@localhost certs]# chmod 600 httpd.key #加密
请求文件
[root@localhost certs]# openssl req -new -key httpd.key -out httpd.req
web服务器证书
[root@localhost certs]# openssl ca -in httpd.req -out httpd.cer
[root@localhost CA]# vim /etc/httpd/conf.d/ssl.conf
[root@localhost CA]# systemctl start httpd
[root@localhost html]#firewall-cmd –zone=public –add-service http –permanent
[root@localhost html]#firewall-cmd –zone=public –add-service https –permanent
[root@localhost html]#firewall-cmd –reload
[root@localhost html]#firewall-cmd –zone=public –list-all
[root@localhost html]#systemctl status firewalld
只要密文不要铭文:
[root@localhost html]#vim /etc/httpd/conf/httpd.cong
[root@localhost html]#service httpd restart