httpd的编译安装
文章目录
1. httpd需要用到的安装包
2. 安装顺序:apr→apr-util→httpd
[root@localhost ~]# ls
anaconda-ks.cfg nginx-1.20.2 nginx-1.20.2.tar.gz
用xftp上传后:
[root@localhost ~]# ls
anaconda-ks.cfg apr-util-1.6.1.tar.gz
apr-1.7.0.tar.bz2 httpd-2.4.53.tar.gz
解压
[root@localhost ~]# yum -y install bzip2 //系统默认没有解压bz2格式压缩包的工具
[root@localhost ~]# tar xf apr-util-1.6.1.tar.gz
[root@localhost ~]# tar xf httpd-2.4.53.tar.gz
[root@localhost ~]# tar xf apr-1.7.0.tar.bz2
[root@localhost ~]# ls
anaconda-ks.cfg apr-util-1.6.1 httpd-2.4.53.tar.gz
apr-1.7.0 apr-util-1.6.1.tar.gz
apr-1.7.0.tar.bz2 httpd-2.4.53
[root@localhost ~]# useradd -r -M -s /sbin/nologin apache
[root@localhost ~]# id apache
uid=995(apache) gid=992(apache) groups=992(apache)
[root@localhost ~]# grep apache /etc/group
apache:x:992:
//创建apache的用户和组
[root@localhost ~]# cd apr-1.7.0
[root@localhost apr-1.7.0]# ls
apr-config.in CMakeLists.txt libapr.mak poll
apr.dep config.layout libapr.rc random
apr.dsp configure LICENSE README
apr.dsw configure.in locks README.cmake
apr.mak docs Makefile.in shmem
apr.pc.in dso Makefile.win strings
apr.spec emacs-mode memory support
atomic encoding misc tables
build file_io mmap test
build.conf helpers network_io threadproc
buildconf include NOTICE time
build-outputs.mk libapr.dep NWGNUmakefile tools
CHANGES libapr.dsp passwd user
在安装之前装编辑工具:
[root@localhost apr-1.7.0]# dnf -y install gcc gcc-c++
依赖包也要提前装,不提前装就算最后安装好了,也会出现各种问题
[root@localhost ~]# yum -y install openssl-devel pcre-devel expat-devel libtool
[root@localhost apr-1.7.0]# ./configure -- prefix=/usr/local/apr
//配置脚本,指定软件的安装路径,安装的功能,生成makefile编译脚本
这里直接装,出现报错:
rm: cannot remove 'libtoolT': No such file or directory config.status: executing default commands
解决:
因为显示缺包,所以先尝试装包
[root@localhost ~]# dnf list all|grep -i libtool
libtool-ltdl.x86_64 2.4.6-25.el8 @anaconda
libtool.x86_64 2.4.6-25.el8 AppStream
libtool-ltdl.i686 2.4.6-25.el8 base
libtool-ltdl-devel.i686 2.4.6-25.el8 AppStream
libtool-ltdl-devel.x86_64 2.4.6-25.el8 AppStream
[root@localhost ~]# dnf -y install libtool libtool-ltdl libtool-ltdl-devel
装过依旧报该错,尝试其他方法:
在该软件目录下,vi/vim打开configure这个配置文件
方法一:找到$RM "cfgfile",删除或注释它
方法二:找到RM='$RM'这一行 修改为RM='$RM -f'
最后执行make命令进行编译,可以使用-j指定CPU核心数进行编译
[root@localhost ~]# dnf -y install make
[root@localhost apr-1.7.0]# make //编译
[root@localhost apr-1.7.0]# make install //make install安装,将编译好的二进制文件拷贝到指定的安装路径下,自动创建目录
[root@localhost ~]# cd apr-util-1.6.1
[root@localhost apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
[root@localhost apr-util-1.6.1]# make
[root@localhost apr-util-1.6.1]# make install
在编译安装httpd之前,讲一个方法,当命令太长了,可以用\换行显示,但实际上是一行的东西
[root@localhost httpd-2.4.53]# hhhhh\
>
[root@localhost ~]# cd httpd-2.4.53
[root@localhost httpd-2.4.53]# ./configure --prefix=/usr/local/apache \
--enable-so \
--enable-ssl \
--enable-cgi \
--enable-rewrite \
--with-zlib \
--with-pcre \
--with-apr=/usr/local/apr \
--with-apr-util=/usr/local/apr-util/ \
--enable-modules=most \
--enable-mpms-shared=all \
--with-mpm=prefork
[root@localhost httpd-2.4.53]# make
[root@localhost httpd-2.4.53]# make install
[root@localhost ~]# ls /usr/local/
apache apr-util etc include lib64 nginx share
apr bin games lib libexec sbin src
[root@localhost ~]# cd /usr/local/apache/
[root@localhost apache]# ls
bin cgi-bin error icons logs manual
build conf htdocs include man modules
1. 设置环境变量bin
[root@localhost apache]# which httpd
/usr/bin/which: no httpd in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
[root@localhost apache]# which apachectl
/usr/bin/which: no apachctl in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
[root@localhost apache]# cd
[root@localhost ~]# which httpd
/usr/bin/which: no httpd in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
[root@localhost ~]# which apachectl
/usr/bin/which: no apachctl in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
//这里我们发现找不到httpd和apachctl
[root@localhost ~]# echo 'export PATH=/usr/local/apache/bin:$PATH' > /etc/profile.d/apache.sh
[root@localhost ~]# source /etc/profile.d/apache.sh
[root@localhost ~]# which httpd
/usr/local/apache/bin/httpd
[root@localhost ~]# which apachectl
/usr/local/apache/bin/apachectl
2. 有include头文件,做映射关系
[root@localhost ~]# ln -s /usr/local/apache/include /usr/include/apache
3. 有man文档
[root@localhost ~]# vim /etc/man_db.conf
#
MANDATORY_MANPATH /usr/man
MANDATORY_MANPATH /usr/share/man
MANDATORY_MANPATH /usr/local/share/man
MANDATORY_MANPATH /usr/local/apache/man
#---------------------------------------------------------
增加这一行:
MANDATORY_MANPATH /usr/local/apache/man
到这里就算配置完了,关闭防火墙:
[root@localhost ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disa>
Active: inactive (dead)
Docs: man:firewalld(1)
Apr 15 09:32:56 localhost.localdomain systemd[1]: Starting firewal>
Apr 15 09:32:57 localhost.localdomain systemd[1]: Started firewall>
Apr 15 09:32:57 localhost.localdomain firewalld[1011]: WARNING: Al>
Apr 17 14:43:47 localhost.localdomain systemd[1]: Stopping firewal>
Apr 17 14:43:48 localhost.localdomain systemd[1]: firewalld.servic>
Apr 17 14:43:48 localhost.localdomain systemd[1]: Stopped firewall>
[root@localhost ~]# setenforce 0
[root@localhost ~]# getenforce
Permissive
[root@localhost ~]# vim /etc/selinux/config
......
SELINUX=enforcing 改为:SELINUX=disabled
......
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
[root@localhost ~]# which apachectl
/usr/local/apache/bin/apachectl
[root@localhost ~]# apachectl start
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:80 *:*
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:80 *:*
[root@localhost ~]# apachectl stop
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
我们发现报了这个错,解决:
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
[root@localhost ~]# cd /usr/local/apache
[root@localhost apache]# ls
bin cgi-bin error icons logs manual
build conf htdocs include man modules
bin:放置命令的
conf:放配置文件的
htdocs:放网站的
logs:放日志的
[root@localhost apache]# cd conf
[root@localhost conf]# ls
extra httpd.conf magic mime.types original
httpd.conf:主配置文件
[root@localhost conf]# vim httpd.conf //打开80端口号
......
#ServerName www.example.com:80
找到这一行并把注释取消掉,保存
设置阿帕奇服务开机自启动
[root@localhost conf]# cd /usr/lib/systemd/system
[root@localhost system]# ls sshd.service
sshd.service
[root@localhost system]# cp sshd.service httpd.service
[root@localhost system]# vim httpd.service
原文件:
[Unit]
Description=OpenSSH server daemon
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target sshd-keygen.target
Wants=sshd-keygen.target
[Service]
Type=notify
EnvironmentFile=-/etc/crypto-policies/back-ends/opensshserver.config
EnvironmentFile=-/etc/sysconfig/sshd
ExecStart=/usr/sbin/sshd -D $OPTIONS $CRYPTO_POLICY
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s
[Install]
WantedBy=multi-user.target
~
改为:
[Unit]
Description=httpd server daemon
After=network.target sshd-keygen.target
[Service]
Type=forking
ExecStart=/usr/local/apache/bin/apachectl start
ExecStop=/usr/local/apache/bin/apachectl stop
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
~
保存
[root@localhost system]# systemctl daemon-reload
//重新加载
[root@localhost system]# cd
[root@localhost ~]# systemctl status httpd
● httpd.service - httpd server daemon
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled>
Active: inactive (dead)
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:80 *:*
[root@localhost ~]# systemctl status httpd
● httpd.service - httpd server daemon
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled>
Active: active (running) since Sun 2022-04-17 19:25:34 CST; 1mi>
Process: 82985 ExecStart=/usr/local/apache/bin/apachectl start (>
Main PID: 82988 (httpd)
Tasks: 6 (limit: 11216)
Memory: 4.2M
CGroup: /system.slice/httpd.service
├─82988 /usr/local/apache/bin/httpd -k start
├─82989 /usr/local/apache/bin/httpd -k start
├─82990 /usr/local/apache/bin/httpd -k start
├─82991 /usr/local/apache/bin/httpd -k start
├─82992 /usr/local/apache/bin/httpd -k start
└─82993 /usr/local/apache/bin/httpd -k start
Apr 17 19:25:34 localhost.localdomain systemd[1]: Starting httpd s>
Apr 17 19:25:34 localhost.localdomain systemd[1]: Started httpd se>
设置开机自启:
[root@localhost ~]# systemctl enable httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@localhost ~]# systemctl status httpd
● httpd.service - httpd server daemon
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled;>
Active: active (running) since Sun 2022-04-17 19:25:34 CST; 3mi>
Main PID: 82988 (httpd)
Tasks: 6 (limit: 11216)
Memory: 4.2M
CGroup: /system.slice/httpd.service
├─82988 /usr/local/apache/bin/httpd -k start
├─82989 /usr/local/apache/bin/httpd -k start
├─82990 /usr/local/apache/bin/httpd -k start
├─82991 /usr/local/apache/bin/httpd -k start
├─82992 /usr/local/apache/bin/httpd -k start
└─82993 /usr/local/apache/bin/httpd -k start
Apr 17 19:25:34 localhost.localdomain systemd[1]: Starting httpd s>
Apr 17 19:25:34 localhost.localdomain systemd[1]: Started httpd se>
3. 如何配置虚拟主机
3.1 访问控制法则
[root@localhost ~]# cd /usr/local/apache/conf/
[root@localhost conf]# ls
extra httpd.conf magic mime.types original
[root@localhost conf]# ls extra //子配置文件
httpd-autoindex.conf httpd-mpm.conf
httpd-dav.conf httpd-multilang-errordoc.conf
httpd-default.conf httpd-ssl.conf
httpd-info.conf httpd-userdir.conf
httpd-languages.conf httpd-vhosts.conf虚拟主机
httpd-manual.conf proxy-html.conf
[root@localhost ~]# cd /usr/local/apache/htdocs/
[root@localhost htdocs]# ls
index.html
[root@localhost htdocs]# mkdir test.example.com
[root@localhost htdocs]# mkdir blog.example.com
[root@localhost htdocs]# ls
blog.example.com index.html test.example.com
[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf
修改这一部分:
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/test.example.com"
ServerName test.example.com
ErrorLog "logs/test.example.com-error_log"错误日志存放的文件
CustomLog "logs/test.example.com-access_log" common
</VirtualHost>正常日志存放的文件
保存,配好了虚拟主机,但是还不能用,还要配置主配置文件:
[root@localhost ~]# vim /usr/local/apache/conf/httpd.conf
......
#Include conf/extra/httpd-vhosts.conf
//找到httpd-vhosts.conf文件并取消注释
Include conf/extra/httpd-vhosts.conf
保存
[root@localhost ~]# systemctl restart httpd //重启服务
现在虚拟主机就算配置好了
[root@localhost ~]# cd /usr/local/apache/htdocs/
[root@localhost htdocs]# ls
blog.example.com index.html test.example.com
[root@localhost htdocs]# cd test.example.com/
[root@localhost test.example.com]# ls
[root@localhost test.example.com]# echo "test page" > abc.html
[root@localhost test.example.com]# ls
abc.html
[root@localhost test.example.com]# mv abc.html index.html
[root@localhost test.example.com]# ls
index.html
这样就可以直接访问了
[root@localhost ~]# vim /usr/local/apache/conf/httpd.conf 因为在主配置文件里,首页文件DirectoryIndex规定叫index.html了
3.1.1 相同IP不同端口号配置方法
[root@localhost htdocs]# ls
blog.example.com index.html test.example.com
[root@localhost htdocs]# cd test.example.com/
[root@localhost test.example.com]# echo "test page" > index.html
[root@localhost test.example.com]# ls
index.html
[root@localhost test.example.com]# cd ..
[root@localhost htdocs]# cd blog.example.com/
[root@localhost blog.example.com]# echo "blog page" > index.html
[root@localhost blog.example.com]# ls
index.html
[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/test.example.com"
ServerName test.example.com
ErrorLog "logs/test.example.com-error_log"
CustomLog "logs/test.example.com-access_log" common
</VirtualHost>
Listen 81
<VirtualHost *:81>
DocumentRoot "/usr/local/apache/htdocs/blog.example.com"
ServerName blog.example.com
ErrorLog "logs/blog.example.com-error_log"
CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>
[root@localhost ~]# systemctl restart httpd //服务重启
[root@localhost ~]# systemctl restart httpd
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:81 *:*
(注意输入:81的时候用英文)
3.1.2 不同IP相同端口号
先给网卡配置两个能用的IP:
[root@localhost ~]# ip addr add 192.168.163.150/24 dev ens160
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:48:d5:d5 brd ff:ff:ff:ff:ff:ff
inet 192.168.163.129/24 brd 192.168.163.255 scope global dynamic noprefixroute ens160
valid_lft 1007sec preferred_lft 1007sec
inet 192.168.163.150/24 scope global secondary ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe48:d5d5/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf
<VirtualHost 192.168.163.129:80>
DocumentRoot "/usr/local/apache/htdocs/test.example.com"
ServerName test.example.com
ErrorLog "logs/test.example.com-error_log"
CustomLog "logs/test.example.com-access_log" common
</VirtualHost>
<VirtualHost 192.168.163.150:80>
DocumentRoot "/usr/local/apache/htdocs/blog.example.com"
ServerName blog.example.com
ErrorLog "logs/blog.example.com-error_log"
CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>
~
[root@localhost ~]# systemctl restart httpd
3.1.3 相同IP相同端口不同域名
[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/test.example.com"
ServerName test.example.com
ErrorLog "logs/test.example.com-error_log"
CustomLog "logs/test.example.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/blog.example.com"
ServerName blog.example.com
ErrorLog "logs/blog.example.com-error_log"
CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>
为了让我们的Windows电脑,可以识别该域名,做出以下修改:
文件结尾添加这一行:
192.168.163.129 test.example.com blog.example.com
4. 访问控制:禁用某主机访问某网站(虚拟主机)
[root@localhost ~]# systemctl restart httpd
[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/test.example.com"
ServerName test.example.com
ErrorLog "logs/test.example.com-error_log"
CustomLog "logs/test.example.com-access_log" common
<Directory "/usr/local/apache/htdocs/test.example.com">
<RequireAll>
Require not ip 192.168.64.1 //这里是真机的IP
Require all granted //允许其他所有
</RequireAll>
</Directory>
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/blog.example.com"
ServerName blog.example.com
ErrorLog "logs/blog.example.com-error_log"
CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>
~
尝试其他主机访问:
[root@localhost ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.163.129 test.example.com blog.example.com~
[root@localhost ~]# curl test.example.comtest page
//可以访问
ssl:
启用模块:编辑/usr/local/apache/conf/httpd.conf文件,添加下面这行,如果已经有了但是注释了,则取消注释即可
LoadModule ssl_module modules/mod_ssl.so
4.1 配置https步骤
4.1.1 生成证书
[root@localhost conf]# cd /etc/pki/
[root@localhost pki]# ls
ca-trust entitlement product rpm-gpg swid
consumer java product-default rsyslog tls
[root@localhost pki]# mkdir CA
[root@localhost pki]# cd CA
[root@localhost CA]# pwd
/etc/pki/CA
[root@localhost CA]# ls
[root@localhost CA]# mkdir private
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048) //生成密钥
Generating RSA private key, 2048 bit long modulus (2 primes)
.....................................+++++
....+++++
e is 65537 (0x010001)
[root@localhost CA]# ls
private
[root@localhost CA]# ls private/
cakey.pem
[root@localhost CA]# openssl rsa -in private/cakey.pem -pubout //提取公钥
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwgQzFI9lv4h8Y2rw0r8Y
NcADUH7OF5WVR9uqyk7O9QmK2XmRrcmtZts6Fzd8uclZ5EFVfQelbeLTOBfDA5rl
peg7bwp6jdoCNR8wvRvpKsoxvaGlxGm4wgUuw29Ggx4HLn56i98XoaM18QTY/kDF
dEA058o//IUVpzK1GFOQzS8aJ481ULBvUNeovp55dB/EDaJqDQptrzDDGItGKZJg
g9q7pUFkzoL7DA60dWc+t2ezbD5R1Ru0wRYvYQU7uVf617F91sqVYIOxMIPF/Pe9
ss5boR08bTnJfHaawz/jNyDANoYTzaUFABMFyUJ141adQ0Sh0wUTuxm68BAIls71
ewIDAQAB
-----END PUBLIC KEY-----
[root@localhost CA]# ls
private
[root@localhost CA]# ls private/
cakey.pem
CA生成自签署证书:
[root@localhost CA]# openssl rsa -in private/cakey.pem -pubout
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwgQzFI9lv4h8Y2rw0r8Y
NcADUH7OF5WVR9uqyk7O9QmK2XmRrcmtZts6Fzd8uclZ5EFVfQelbeLTOBfDA5rl
peg7bwp6jdoCNR8wvRvpKsoxvaGlxGm4wgUuw29Ggx4HLn56i98XoaM18QTY/kDF
dEA058o//IUVpzK1GFOQzS8aJ481ULBvUNeovp55dB/EDaJqDQptrzDDGItGKZJg
g9q7pUFkzoL7DA60dWc+t2ezbD5R1Ru0wRYvYQU7uVf617F91sqVYIOxMIPF/Pe9
ss5boR08bTnJfHaawz/jNyDANoYTzaUFABMFyUJ141adQ0Sh0wUTuxm68BAIls71
ewIDAQAB
-----END PUBLIC KEY-----
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:runtime
Common Name (eg, your name or your server's hostname) []:test.example.com
Email Address []:123@qq.com
[root@localhost CA]# ls
cacert.pem private
[root@localhost CA]# mkdir certs newcerts crl
[root@localhost CA]# touch index.txt && echo 01 > serial
[root@localhost CA]# ls
cacert.pem certs crl index.txt newcerts private serial
[root@localhost CA]# cd
[root@localhost ~]# cd /usr/local/apache/conf
[root@localhost conf]# ls
extra httpd.conf magic mime.types original
[root@localhost conf]# mkdir ssl
[root@localhost conf]# ls
extra httpd.conf magic mime.types original ssl
[root@localhost ssl]# (umask 077;openssl genrsa -out httpd.key 2048)Generating RSA private key, 2048 bit long modulus (2 primes)
...........................................................................................+++++
............................................................................................................................................+++++
e is 65537 (0x010001)
[root@localhost ssl]# ls
httpd.key
[root@localhost ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:runtime
Common Name (eg, your name or your server's hostname) []:test.example.com
Email Address []:123@qq.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@localhost ssl]# ls
httpd.csr httpd.key
[root@localhost ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Apr 17 16:19:12 2022 GMT
Not After : Apr 17 16:19:12 2023 GMT
Subject:
countryName = CN
stateOrProvinceName = HB
organizationName = runtime
organizationalUnitName = runtime
commonName = test.example.com
emailAddress = 123@qq.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
E8:AD:2F:B8:DB:31:80:BA:FC:EB:0B:BF:79:15:DD:48:AF:FB:22:56
X509v3 Authority Key Identifier:
keyid:48:CA:B8:5B:04:1A:C3:00:AE:8E:5D:88:A2:31:15:56:DC:E1:27:10
Certificate is to be certified until Apr 17 16:19:12 2023 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@localhost ssl]# ls
httpd.crt httpd.csr httpd.key
[root@localhost ssl]# rm -f httpd.csr
[root@localhost ssl]# ls
httpd.crt httpd.key
4.1.2 配置httpd.conf,取消以下内容的注释
LoadModule ssl_module modules/mod_ssl.so
Include /etc/httpd24/extra/httpd-vhosts.conf
Include /etc/httpd24/extra/httpd-ssl.conf
先在主配置文件httpd。conf里注释 Include /etc/httpd24/extra/httpd-ssl.conf 启用它,随后配置它
[root@localhost ssl]# cd ..
[root@localhost conf]# ls
extra httpd.conf magic mime.types original ssl
[root@localhost conf]# vim httpd.conf
[root@localhost conf]# ls extra/
httpd-autoindex.conf httpd-mpm.conf
httpd-dav.conf httpd-multilang-errordoc.conf
httpd-default.conf httpd-ssl.conf
httpd-info.conf httpd-userdir.conf
httpd-languages.conf httpd-vhosts.conf
httpd-manual.conf proxy-html.conf
[root@localhost conf]# vim extra/httpd-ssl.conf
......
DocumentRoot "/usr/local/apache/htdocs/test.example.com"
ServerName test.example.com:443
......
SSLCertificateFile "/usr/local/apache/conf/ssl/httpd.crt"
......
SSLCertificateKeyFile "/usr/local/apache/conf/ssl/httpd.key"
......
4.1.3 检查配置文件是否有语法错误
[root@localhost conf]# httpd -t
AH00526: Syntax error on line 92 of /usr/local/apache/conf/extra/httpd-ssl.conf:
SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).
[root@localhost conf]# vim httpd.conf
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so //找到它,并注释它
[root@localhost conf]# httpd -t
Syntax OK //检查OK了
[root@localhost conf]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:443 *:*
LISTEN 0 128 *:80 *:*
扫一扫
2442
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
