一、概要
1. 环境
(1) Rocky Linux 9.3
二、安装与配置
1. 安装
(1) 安装
bash
sudo dnf install httpd -y
(2) 服务
bash
sudo systemctl start httpd
sudo systemctl enable httpd
systemctl status httpd
(3) 防火墙
bash
sudo firewall-cmd --add-service={http,https} --permanent
sudo firewall-cmd --reload
2. SSL
(1) 安装SSL模块
bash
sudo dnf install mod_ssl -y
安装完成之后会在/etc/httpd/conf.d
目录下出现一个文件ssl.conf
。
(2) 为域名设置SSL/TLS
假设我们需要为www.example.com
设置SSL/TLS
:
a. 创建证书目录
bash
sudo mkdir /etc/httpd/certs
b. 准备证书
i. CA证书;
ii. 域名证书;
iii. 域名证书密钥;
c. 创建配置文件
bash
sudo vi /etc/httpd/certs/www.example.com.conf
d. 初始化配置文件:
bash
<VirtualHost *:443>
ServerName ldapadmin.example.com
SSLEngine on
SSLVerifyClient optional
SSLVerifyDepth 1
SSLCACertificateFile "/etc/httpd/certs/cacert.pem"
SSLCertificateFile "/etc/httpd/certs/www.example.com.cert.pem"
SSLCertificateKeyFile "/etc/httpd/certs/key.pem"
</VirtualHost>
e. 重启服务
bash
sudo systemctl restart httpd
systemctl status httpd
3. 强制HTTPS访问
(1) 编辑配置文件
bash
sudo vi /etc/httpd/certs/www.example.com.conf
(2) 新增配置:
bash
<VirtualHost *:80>
ServerName www.example.com
RewriteEngine on
RewriteCond %{SERVER\_PORT} !^443$
RewriteRule ^/?(.\*)$ https://%{SERVER\_NAME}/$1 \[L,R\]
<Directory "${INSTALL\_DIR}/htocs"\>
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
4. 测试配置
bash
apachectl configtest
三、引用
1. 官方