惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
The Blog of Author Tim Ferriss
Know Your Adversary
Know Your Adversary
P
Palo Alto Networks Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
K
Kaspersky official blog
L
LINUX DO - 热门话题
P
Proofpoint News Feed
P
Privacy & Cybersecurity Law Blog
Google DeepMind News
Google DeepMind News
Attack and Defense Labs
Attack and Defense Labs
Cisco Talos Blog
Cisco Talos Blog
AI
AI
L
LINUX DO - 最新话题
H
Heimdal Security Blog
Hacker News: Ask HN
Hacker News: Ask HN
Webroot Blog
Webroot Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
The GitHub Blog
The GitHub Blog
I
Intezer
Blog — PlanetScale
Blog — PlanetScale
有赞技术团队
有赞技术团队
S
Securelist
博客园_首页
IT之家
IT之家
Schneier on Security
Schneier on Security
博客园 - 叶小钗
罗磊的独立博客
WordPress大学
WordPress大学
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
MongoDB | Blog
MongoDB | Blog
P
Proofpoint News Feed
阮一峰的网络日志
阮一峰的网络日志
A
Arctic Wolf
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
W
WeLiveSecurity
The Register - Security
The Register - Security
D
DataBreaches.Net
S
Security @ Cisco Blogs
Security Archives - TechRepublic
Security Archives - TechRepublic
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
腾讯CDC
Recorded Future
Recorded Future
NISL@THU
NISL@THU
N
News and Events Feed by Topic
T
Tailwind CSS Blog
N
News and Events Feed by Topic
Cyberwarzone
Cyberwarzone
T
Tor Project blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com

博客园 - 白马黑衣

网络安全3 - Easy RSA重新签发客户端证书 RHEL - 笔记本合盖不休眠 RHEL - yum cache JFrog Artifactory 系列6 --- 其他配置 Node.js - 配置npm Rocky Linux 升级失败 Nginx 系列2 --- 配置 Linux --- firewalld 2 - nfttables Linux - DNS 关闭SELinux RHEL - 设置hostname和IP地址 Linux --- 查看PID 判断端口是否已经被占用 Maven 常用命令 Jenkins 系列3 --- pipeline Git自签名证书的验证 iptables Jenkins 系列2 --- Node/Agent Jenkins 系列1 --- 安装与配置
Apache HTTP Server
白马黑衣 · 2023-12-09 · via 博客园 - 白马黑衣

一、概要

1. 环境

(1) Rocky Linux 9.3

二、安装与配置

1. 安装

(1) 安装

sudo dnf install httpd -y

(2) 服务

sudo systemctl start httpd
sudo systemctl enable httpd
systemctl status httpd

(3) 防火墙

sudo firewall-cmd --add-service={http,https} --permanent
sudo firewall-cmd --reload

2. SSL

(1) 安装SSL模块

sudo dnf install mod_ssl -y

安装完成之后会在/etc/httpd/conf.d目录下出现一个文件ssl.conf。

(2) 为域名设置SSL/TLS

假设我们需要为www.example.com设置SSL/TLS:

a. 创建证书目录

sudo mkdir /etc/httpd/certs

b. 准备证书

OpenSSL 系列2 --- 应用

i. CA证书;

ii. 域名证书;

iii. 域名证书密钥;

c. 创建配置文件

sudo vi /etc/httpd/certs/www.example.com.conf

d. 初始化配置文件:

<VirtualHost *:443>
    ServerName ldapadmin.example.com
    SSLEngine on
    SSLVerifyClient optional
    SSLVerifyDepth 1
    SSLCACertificateFile "/etc/httpd/certs/cacert.pem"
    SSLCertificateFile "/etc/httpd/certs/www.example.com.cert.pem"
    SSLCertificateKeyFile "/etc/httpd/certs/key.pem"
</VirtualHost>

e. 重启服务

sudo systemctl restart httpd
systemctl status httpd

3. 强制HTTPS访问

(1) 编辑配置文件

sudo vi /etc/httpd/certs/www.example.com.conf

(2) 新增配置:

<VirtualHost *:80>
    ServerName www.example.com
    RewriteEngine on
    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/?(.*)$ https://%{SERVER_NAME}/$1 [L,R]

    <Directory "${INSTALL_DIR}/htocs">
        Options +Indexes +Includes +FollowSymLinks +MultiViews
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

4. 测试配置

三、引用

1. 官方

https://httpd.apache.org/

https://httpd.apache.org/docs/2.4/en/ssl/ssl_howto.html