目錄

一、創建用戶賬號

二、TLS加密

三、配置http服務子配置文件

四、創建訪問http服務的文件夾以及輸入重定向到文件

五、配置Linux本地倉庫以及Windows下的本地倉庫

六、基礎操作

七、測試

---

一、創建用戶賬號

用戶認證

# 創建兩個賬戶
[root@localhost ~]# htpasswd -c /etc/httpd/zhanghao tom
New password: 
Re-type new password: 
Adding password for user tom
[root@localhost ~]# htpasswd /etc/httpd/zhanghao jerry
New password: 
Re-type new password: 
Adding password for user jerry
# 查看是否創建成功
[root@localhost ~]# tail /etc/httpd/zhanghao
tom:$apr1$2s/wloz6$G0SlGTKB62a4.2gJmy.AL.
jerry:$apr1$lOxB9Dtq$tOTaJ35Jtt8dWouHbjgWi1

二、TLS加密

1.下載mod_ssl

[root@localhost ~]# yum install mod_ssl -y

?注意：下載軟件，需要配置倉庫和掛載，如有需要可以查看本人前面所寫的文章?

2.tls加密：

# 創建密鑰
[root@localhost certs]# openssl genrsa -aes128 2048 > jiami.key
# 輸入密碼
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
# 創建證書
[root@localhost certs]# openssl req -utf8 -new -key jiami.key -x509 -days 100 -out jiami.crt
Enter pass phrase for jiami.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:86              # 國家
State or Province Name (full name) []:shaanxi     # 省份
Locality Name (eg, city) [Default City]:xi'an     # 城市
Organization Name (eg, company) [Default Company Ltd]:rhce  # 組織
Organizational Unit Name (eg, section) []:peihua  # 組織單元
Common Name (eg, your name or your server's hostname) []:www.hehe.com # 主機名！！！
Email Address []:admin@hehe.com    # 郵箱

3.移動密鑰位置

# 移動密鑰位置
[root@localhost certs]# cd /etc/pki/tls/certs
# 密鑰位置為/etc/pki/tls/private/jiami.key
[root@localhost certs]# mv jiami.key ../private/

?4.修改/etc/httpd/conf.d/ssl.conf文件

SSLCertificateFile /etc/pki/tls/certs/jiami.crt
SSLCertificateKeyFile /etc/pki/tls/private/jiami.key

?修改為自己創建的密鑰和證書

三、配置http服務子配置文件

[root@localhost certs]# vim /etc/httpd/conf.d/vhost.conf 
# 重啟服務時需要輸入創建tls時的密碼
[root@localhost certs]# systemctl restart httpd
🔐 Enter TLS private key passphrase for www.hehe.com:443 (RSA) : ******     

?文件內容：

<directory /www>
allowoverride none
require all granted
</directory>
# 用戶認證
<directory /usr/local/secret>
authtype basic
authname "Please input your passwd: "
authuserfile /etc/httpd/zhanghao
require user tom jerry
</directory>
# tls加密，地址為自己的主機地址，端口為443代表https服務
<virtualhost 192.168.198.151:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/jiami.crt
SSLCertificateKeyFile /etc/pki/tls/private/jiami.key
documentroot /www/hehe
servername www.hehe.com
alias /hehe /usr/local/secret
</virtualhost>

重啟http服務

systemctl restart httpd

四、創建訪問http服務的文件夾以及輸入重定向到文件

[root@localhost certs]# mkdir /www
[root@localhost certs]# mkdir /www/hehe
[root@localhost certs]# mkdir /usr/local/secret
[root@localhost certs]# echo hehe > /www/hehe/index.html
[root@localhost certs]# echo secret > /usr/local/secret/index.html

五、配置Linux本地倉庫以及Windows下的本地倉庫

1.Linux本地倉庫（/etc/hosts）

[root@localhost certs]# vim /etc/hosts
192.168.198.151   www.hehe.com

2.配置Windows中的本地倉庫

如果需要在瀏覽器中測試需要配置Windows本地倉庫（C:\Windows\System32\drivers\etc\hosts）?

2.1 win+r打開運行窗口

2.2ctrl+shift+enter，以管理員方式運行

2.3 輸入"notepad"，會跳出記事本

2.4 打開文件

2.5?選擇/windows/system32/drivers/etc/hosts

2.6 將代碼加入到hosts文件中

192.168.198.151  www.hehe.com

六、基礎操作

[root@localhost certs]# systemctl stop firewalld
[root@localhost certs]# setenforce 0
# 修改過子配置文件，都需要重啟http服務，生效
[root@localhost certs]# systemctl restart httpd

七、測試