https安装配置(网页认证形式)
2014-05-21 10:47
351 查看
1 http和https的区别
https是使用ssl加密的,保证了数据传输的安全性http使用端口是80,https使用端口是443
确切的说: Https 是由http+ssl协议构成的可进行加密传输,身份认证的网络协议。
2 http安装配置
2.1 http安装
rpm安装http#rpm -ivh httpd-2.2.3-63.el5.x86_64.rpm
2.2 http配置
http的主目录:/etc/httpdhttp的配置文件:/etc/httpd/conf/httpd.conf
# vi httpd.conf
需要注意以下内容的修改:
ServerRoot "/etc/httpd" #主目录 Listen 80 #监听端口 Include conf.d/*.conf #导入所有以conf为后缀的文件到conf.d目录中 User apache #用户和组 Group apache DocumentRoot "/var/www/html" #主页目录 DirectoryIndex index.html index.html.var #主页形式设置 #NameVirtualHost *:80 #是否开启域名访问功能 #ServerName www.example.com:80 #以网页形式访问时,网站的名字 |
注意设置hosts文件,添加域名访问的ip:
[root@localhost conf]# more /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
10.15.62.115 abc.taozt.com
2.3
15a8b
启动httpd服务
[root@localhost conf]# /etc/init.d/httpd startStarting httpd: [ OK ]
3 https安装配置
安装好http之后,需要安装:# rpm -ivh mod_ssl-2.2.3-63.el5.x86_64.rpm
安装完成之后,/etc/httpd/conf.d/目录下会产生ssl.conf文件
[root@localhost conf.d]# cd /etc/httpd/conf.d/
[root@localhost conf.d]# ll
total 24
-rw-r--r-- 1 root root 566 Jan 5 2012 proxy_ajp.conf
-rw-r--r-- 1 root root 392 Jan 5 2012 README
-rw-r--r-- 1 root root 9677 Jan 5 2012 ssl.conf
-rw-r--r-- 1 root root 299 Jan 5 2012 welcome.conf
# vi ssl.conf
LoadModule ssl_module modules/mod_ssl.so # 查看此条信息是否存在,如果不存在,自己手动添加 Listen 443 #监听端口443 |
3.0.1 设置私钥
[root@localhost conf.d]# openssl genrsa -out server.key 1024Generating RSA private key, 1024 bit long modulus
......................................................................++++++
.............++++++
e is 65537 (0x10001)
[root@localhost conf.d]# ll
total 28
-rw-r--r-- 1 root root 566 Jan 5 2012 proxy_ajp.conf
-rw-r--r-- 1 root root 392 Jan 5 2012 README
-rw-r--r-- 1 root root 887 May 20 15:14 server.key
-rw-r--r-- 1 root root 9677 Jan 5 2012 ssl.conf
-rw-r--r-- 1 root root 299 Jan 5 2012 welcome.conf
3.0.2 赋予私钥600权限
[root@localhost conf.d]# chmod 600 server.key[root@localhost conf.d]# ll
total 28
-rw-r--r-- 1 root root 566 Jan 5 2012 proxy_ajp.conf
-rw-r--r-- 1 root root 392 Jan 5 2012 README
-rw------- 1 root root 887 May 20 15:14 server.key
-rw-r--r-- 1 root root 9677 Jan 5 2012 ssl.conf
-rw-r--r-- 1 root root 299 Jan 5 2012 welcome.conf
3.0.3 设置公钥
设置公钥信息根据个人情况设置[root@localhost conf.d]# openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:cn
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:dzh
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
3.0.4 设置有效期
[root@localhost conf.d]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crtSignature ok
subject=/C=cn/ST=Berkshire/L=Newbury/O=dzh
Getting Private key
3.0.5 在ssl.conf文件中指定私钥和有效期所在的目录
我们将server.crt,server.csr,server.key 三个文件移动到zyn目录下:[root@localhost zyn]# pwd
/var/www/html/zyn
[root@localhost zyn]# ll
total 12
-rw-r--r-- 1 root root 745 May 20 15:22 server.crt
-rw-r--r-- 1 root root 599 May 20 15:18 server.csr
-rw------- 1 root root 887 May 20 15:14 server.key
指定ssl.conf文件中这几个文件所在的目录
SSLCertificateFile /var/www/html/zyn/server.crt #有效期所在目录 SSLCertificateKeyFile /var/www/html/zyn/server.key #私钥文件所在目录 |
3.0.6 重启httpd
[root@localhost conf.d]# /etc/init.d/httpd restartStopping httpd: [ OK ]
Starting httpd: [ OK ]
4 网页认证形式访问
4.0.1 配置
修改ssl.conf文件中内容DocumentRoot "/var/www/html/zyn" ServerName abc.taozt.com:443 |
<VirtualHost 10.15.62.115:443> ServerAdmin webmaster@dummy-host.example.com DocumentRoot /var/www/html/zyn ServerName abc.taozt.com:443 ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /var/www/html/zyn/server.crt SSLCertificateKeyFile /var/www/html/zyn/server.key |
4.0.2 要求访问时提示输入用户名和密码
我们需要在httpd.conf文件中添加内容:在文件末尾添加:
<Directory "/var/www/html/zyn/"> Options None AllowOverride AuthConfig Order allow,deny Allow from all </Directory> |
[root@localhost zyn]# pwd
/var/www/html/zyn
[root@localhost zyn]# vi .htaccess
AuthName "please input passwd"
Authtype "Basic"
AuthUserFile /var/www/html/zyn/passwd
require valid-use
创建密码:
第一次创建时:
[root@localhost zyn]# htpasswd -c passwd zyn
New password:
Re-type new password:
Adding password for user zyn
第二次修改时可以使用以下命令:
[root@localhost zyn]# htpasswd passwd zyn
New password:
Re-type new password:
Updating password for user zyn
修改密码文件权限:
# chown apache.apache .htaccess
修改zyn目录权限为apache:
# chown apache. -R zyn/
4.1 测试
注意:测试ip和域名访问时首先要保证dns正反向解析正确。因使用的这个机器上之前dns正反向解析已经做过,此试验中直接使用了。[root@localhost zyn]# nslookup abc.taozt.com
Server: 10.15.62.115
Address: 10.15.62.115#53
Name: abc.taozt.com
Address: 10.15.62.115
[root@localhost zyn]# nslookup 10.15.62.115
Server: 10.15.62.115
Address: 10.15.62.115#53
115.62.15.10.in-addr.arpa name = abc.taozt.com.62.15.10.in-addr.arpa.
115.62.15.10.in-addr.arpa name = nsl.taozt.com.62.15.10.in-addr.arpa.
115.62.15.10.in-addr.arpa name = www.taozt.com.62.15.10.in-addr.arpa.
4.1.1 Ip访问
手动创建index.html文件,里边内容设置为abc[root@localhost zyn]# more index.html
Abc
访问https://10.15.62.115/
提示输入用户名和密码:
用户名为zyn,密码为空,登陆之后页面内容显示为abc
Ip访问成功。
4.1.2 域名访问
访问时出现访问不成功页面,可能是主机DNS没有设置成服务器的dns造成的将本地连接中dns指定为:10.15.62.115
再次访问
https://abc.taozt.com/
提示输入用户名和密码:
之前设置的用户名:zyn
密码:为空
登陆成功,显示内容为abc
测试成功。
4.1.3 常见问题
l 如果登陆不成功,可能是密码文件权限问题,现在修改密码文件权限:# chown apache.apache .htaccess
l 如果ip可以访问成功,域名访问不成功,则是主机DNS解析的问题,将主机DNS设置成服务器的IP,再次访问,就可以了。
l 如果访问时提示权限拒绝,把访问目录权限改为apache就可以了。
相关文章推荐
- https 单向认证和双向认证及tomcat配置及各种证书类型之间的转换,适用ios,Android,网页端
- Linux下Mysql的配置(rpm形式安装)
- 配置ActiveX控件在网页中下载安装
- tomcat配置https单向认证
- 在s2sh+tomcat下的,keytool+tomcat配置HTTPS双向证书认证
- keytool+tomcat配置HTTPS双向证书认证
- 网页监控系统安装与配置(websense)
- Centos6.3下Apache配置基于加密的认证https加密证书访问
- keytool+tomcat配置HTTPS双向证书认证
- CentOS安装SVN服务器并配置HTTPS连接
- RHEL4- WEB服务(十)网页形式查看apache服务配置信息 推荐
- SP2010: SharePoint 2010认证大师考试之---安装配置 Exam 70-667
- 安装和配置 WAMP 网页服务
- Qmail+vpopmail+daemontools+ucspi邮件系统安装及其SMTP认证配置
- keytool+tomcat配置HTTPS双向证书认证(无openssl)
- josso单点认证 安装配置
- tomcat6配置https (双向认证/单向认证)
- keytool+tomcat配置HTTPS双向证书认证
- 配置ActiveX控件在网页中下载安装
- keytool+tomcat配置HTTPS双向证书认证