Linux—搭建Apache(httpd)服务

1、httpd简介?

http是Apache超文本传输协议服务器的主程序。它是一个独立的后台进程,能够处理请求的子进程和线程。

http常用用的两个版本是httpd-2.2和httpd-2.4

  • CentOS6系列的默认httpd版本是httpd-2.2版本的rpm包
  • CentOS7系列的默认httpd版本是httpd-2.4版本的rpm包

2、httpd服务特点

名称 特点
高度模块化 core + modules,核心加模块,想要什么功能添加什么模块;
DSO Dynamic Shared Object,动态共享库;
MPM Multipath processing Modules 多路处理模块。

3、 httpd的工作模型

  • prefork:两级进程模型,父进程管理子进程,每个进程响应一个请求
# 工作模型
一个主进程:
    负责生成子进程及回收子进程
    负责创建套接字、接受请求,并将其派发给某子进程进行处理
n个子进程:
    每个子进程处理一个请求

# 注意:
会预先生成几个空闲进程,随时等待用于响应用户请求,最大不会超过1024个
  • worker:三级进程模型,父进程管理子进程,子进程通过线程响应用户请求,每个线程处理一个用户请求
# 工作模型
一个主进程:
  负责生成子进程、创建套接字、接受请求,并将其派发给某子进程进行处理
多个子进程:
  每个子进程负责生成多个线程
每个线程:
  负责响应用户请求
  • event:两级模型,父进程管理子进程,子进程通过事件驱动event-driven机制直接响应n个请求
# 工作模型:
一个主进程:
    负责生成子进程、创建套接字、接受请求,并将其派发给某子进程进行处理
子进程:
    基于事件驱动机制直接响应多个请求

4、httpd的配置文件

文件/目录 对应的功能
/var/log/httpd/access.log 访问日志
/var/log/httpd/error_log 错误日志
/var/www/html/ 站点文档目录
/usr/lib64/httpd/modules/ 模块文件路径
/etc/httpd/conf/httpd.conf 主配置文件
/etc/httpd/conf.modules.d/*.conf 模块配置文件
/etc/httpd/conf.d/*.conf 辅助配置文件

5、httpd自带的工具程序

工具 功能
htpasswd basic认证基于文件实现时,用到的帐号密码生成工具
apachectl httpd自带的服务控制脚本,支持start,stop,restart
apxs 由httpd-devel包提供的,扩展httpd使用第三方模块的工具
rotatelogs 日志滚动工具
suexec 访问某些有特殊权限配置的资源时,临时切换至指定用户运行的工具
ab apache benchmark,httpd的压力测试工具

6、httpd常用配置

6.1 安装httpd服务

[root@localhost ~]# dnf install -y httpd			//用dnf安装httpd服务
[root@localhost ~]# systemctl status httpd		//服务默认是未开启的
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor pres>
   Active: inactive (dead)
     Docs: man:httpd.service(8)
[root@localhost ~]# systemctl stop firewalld		//开启服务前关闭防火墙
[root@localhost ~]# systemctl start httpd		//开启httpd服务
[root@localhost ~]# systemctl status httpd		//查看服务是否开启成功
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor pres>
   Active: active (running) since Thu 2022-07-21 21:16:35 CST; 14s ago
     Docs: man:httpd.service(8)
 Main PID: 15207 (httpd)
   Status: "Running, listening on: port 80"
    Tasks: 213 (limit: 11202)
   Memory: 24.8M
   CGroup: /system.slice/httpd.service
           ├─15207 /usr/sbin/httpd -DFOREGROUND
           ├─15208 /usr/sbin/httpd -DFOREGROUND
           ├─15209 /usr/sbin/httpd -DFOREGROUND
           ├─15210 /usr/sbin/httpd -DFOREGROUND
           └─15211 /usr/sbin/httpd -DFOREGROUND

用浏览器输入IP地址打开httpdde测试页面

6.2 访问控制法则

法则 功能
Require all granted 允许所有主机访问
Require all deny 拒绝所有主机访问
Require ip IPADDR 授权指定来源地址的主机访问
Require not ip IPADDR 拒绝指定来源地址的主机访问
Require host HOSTNAME 授权指定来源主机名的主机访问
Require not host HOSTNAME 拒绝指定来源主机名的主机访问
IPADDR的类型 HOSTNAME的类型
IP:192.168.1.1 Network/mask:192.168.1.0/255.255.255.0 Network/Length:192.168.1.0/24 Net:192.168 FQDN:特定主机的全名 DOMAIN:指定域内的所有主机

注意:httpd-2.4版本在配置文件加入Requirt才是默认是拒绝所有主机访问的,所以安装以后必须做显示授权访问

配置示例: 允许除了IP192.168.111.1以外的所有主机访问

[root@localhost ~]# vim /etc/httpd/conf/httpd.conf 
......
 #
    # Controls who can get stuff from this server.
    #
    Require all granted
</Directory>
<Directory "/var/www/html/Tanke">
    <RequireAll>
        Require not 192.168.111.1
        Require all granted
    </RequireAll>
</Directory>
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
......
[root@localhost ~]# httpd -t
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
Syntax OK
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf 		//把#ServerName www.example.com:80前的#删掉
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
#ServerName www.example.com:80
[root@localhost ~]# httpd -t
Syntax OK

6.3 虚拟主机

虚拟主机有三种:

  • 相同IP不同端口
  • 不同IP相同端口
  • 相同IP相同端口不同域名

httpd服务如何配置?

  1. 先在全局范围内找*vhosts.conf文件
  2. 把*vhosts.conf文件复制到当前路径中

相同IP不同端口

[root@localhost ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf 
......
<VirtualHost *:80>
    DocumentRoot "/var/www/html/Tanke"
    ServerName www.Tanke.com
    ErrorLog "/var/log/httpd/www.Tanke1.com-error_log"
    CustomLog "/var/log/httpd/www.Tanke1.com-access_log" common
</VirtualHost>

Listen 81
<VirtualHost *:81>
    DocumentRoot "/var/www/html/Feiji"
    ServerName www.Feiji.com
    ErrorLog "/var/log/httpd/www.Feiji1.com-error_log"
    CustomLog "/var/log/httpd/www.Feiji1.com-access_log" common
</VirtualHost>
......
[root@localhost ~]# httpd -t
Syntax OK
[root@localhost ~]# systemctl restart httpd
[root@localhost ~]# ss -anlt
State    Recv-Q   Send-Q     Local Address:Port     Peer Address:Port  Process  
LISTEN   0        128              0.0.0.0:22            0.0.0.0:*              
LISTEN   0        128                    *:80                  *:*              
LISTEN   0        128                    *:81                  *:*              
LISTEN   0        128                 [::]:22               [::]:*   

不同IP相同端口

[root@localhost ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf 
......
<VirtualHost 192.168.111.135:80>
    DocumentRoot "/var/www/html/Tanke"
    ServerName www.Tanke.com
    ErrorLog "/var/log/httpd/www.Tanke1.com-error_log"
    CustomLog "/var/log/httpd/www.Tanke1.com-access_log" common
</VirtualHost>

<VirtualHost 192.168.111.136:80>
    DocumentRoot "/var/www/html/Feiji"
    ServerName www.Feiji.com
    ErrorLog "/var/log/httpd/www.Feiji1.com-error_log"
    CustomLog "/var/log/httpd/www.Feiji1.com-access_log" common
</VirtualHost>
......
[root@localhost ~]# httpd -t
Syntax OK
[root@localhost ~]# ip a		//查看是否存在IP192.168.111.136
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:bb:22:82 brd ff:ff:ff:ff:ff:ff
    inet 192.168.111.135/24 brd 192.168.111.255 scope global dynamic noprefixroute ens160
       valid_lft 1537sec preferred_lft 1537sec
    inet6 fe80::3d5c:b9d6:55f:48e9/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@localhost ~]# ip addr add 192.168.111.136/24 dev ens160		//添加IP
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:bb:22:82 brd ff:ff:ff:ff:ff:ff
    inet 192.168.111.135/24 brd 192.168.111.255 scope global dynamic noprefixroute ens160
       valid_lft 1463sec preferred_lft 1463sec
    inet 192.168.111.136/24 scope global secondary ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::3d5c:b9d6:55f:48e9/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@localhost ~]# systemctl restart httpd		//重启httpd服务

相同IP相同端口不同域名

[root@localhost ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf
......
<VirtualHost *:80>
    DocumentRoot "/var/www/html/Tanke"
    ServerName www.Tanke.com
    ErrorLog "/var/log/httpd/www.Tanke1.com-error_log"
    CustomLog "/var/log/httpd/www.Tanke1.com-access_log" common
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "/var/www/html/Feiji"
    ServerName www.Feiji.com
    ErrorLog "/var/log/httpd/www.Feiji1.com-error_log"
    CustomLog "/var/log/httpd/www.Feiji1.com-access_log" common
</VirtualHost>
......
[root@localhost ~]# httpd -t
Syntax OK
[root@localhost ~]# systemctl restart httpd

主机名解析

Linux 和MAC系统中修改 /etc/host

windows主机名解析 在C:\windows\system32\drivers\etc\hosts找到文件无法修改,需要把文件拖到桌面修改,添加解析,再放回原位

7、配置https步骤

https(全称:Hyper Text Transfer Protocol over SecureSocket Layer),是以安全为目标的 http 通道,在 http 的基础上通过传输加密和身份认证保证了传输过程的安全性。

1. mod_ssl模块

mod_ssl 模块可以实现https加密认证。

//安装mod_ssl模块
[root@localhost ~]# dnf install -y mod_ssl

a).CACA生成一对密钥

[root@localhost ~]# mkdir /etc/pki/CA
[root@localhost ~]# cd /etc/pki/CA
[root@localhost CA]# mkdir private
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)		#生成密钥
Generating RSA private key, 2048 bit long modulus (2 primes)
....+++++
....................................................+++++
e is 65537 (0x010001)
[root@localhost CA]# openssl rsa -in private/cakey.pem -pubout		#提取公钥
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2vmOLM61l3syZOvzhO3O
9YzRUTF8IuGVv3F2ASWfUuvYTwq9Q7C5xxqaCOSR73iieQU9mkrtv98a8AoY/Oyd
9fehZbrMxgDUFL7skcRxhYpacYeLfhnDlMLCU73ilVa4K2ZSm4MNLJ6DKDzgOozu
wzOTNvvy7wrkHXyMDt4M0DOFc051sPwT4ncBQQKcHjDpi9A8iCAgWTbInNXvLjHg
FV2E4HxPlhgzNwf99D01JJVK8qZSeL+aj0gYlmpBvh60czHfi28nqp8qqZocmUXf
BDUHK27usf8s3Pmdi/9I1mwGYPOQoH/SzTC3ce9RTd2inzSaQCMdbZe7pmp4rPW2
rwIDAQAB
-----END PUBLIC KEY-----

b). CA生成自签署证书

[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365		#生成自签署证书
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:zsl
Organizational Unit Name (eg, section) []:mxx
Common Name (eg, your name or your server's hostname) []:www.Tanke1.com
Email Address []:[email protected]
[root@localhost CA]# openssl x509 -text -in cacert.pem		#读出cacert.pem证书的内容
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:a0:c6:d4:e7:7a:4d:dc:21:1b:71:ba:25:8e:74:f3:1b:41:5b:2a
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = cn, ST = hb, L = wh, O = zsl, OU = mxx, CN = www.Tanke1.com, emailAddress = [email protected]
        Validity
            Not Before: Jul 21 15:31:42 2022 GMT
            Not After : Jul 21 15:31:42 2023 GMT
        Subject: C = cn, ST = hb, L = wh, O = zsl, OU = mxx, CN = www.Tanke1.com, emailAddress = [email protected]
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:f9:8e:2c:ce:b5:97:7b:32:64:eb:f3:84:ed:
                    ce:f5:8c:d1:51:31:7c:22:e1:95:bf:71:76:01:25:
                    9f:52:eb:d8:4f:0a:bd:43:b0:b9:c7:1a:9a:08:e4:
                    91:ef:78:a2:79:05:3d:9a:4a:ed:bf:df:1a:f0:0a:
                    18:fc:ec:9d:f5:f7:a1:65:ba:cc:c6:00:d4:14:be:
                    ec:91:c4:71:85:8a:5a:71:87:8b:7e:19:c3:94:c2:
                    c2:53:bd:e2:95:56:b8:2b:66:52:9b:83:0d:2c:9e:
                    83:28:3c:e0:3a:8c:ee:c3:33:93:36:fb:f2:ef:0a:
                    e4:1d:7c:8c:0e:de:0c:d0:33:85:73:4e:75:b0:fc:
                    13:e2:77:01:41:02:9c:1e:30:e9:8b:d0:3c:88:20:
                    20:59:36:c8:9c:d5:ef:2e:31:e0:15:5d:84:e0:7c:
                    4f:96:18:33:37:07:fd:f4:3d:35:24:95:4a:f2:a6:
                    52:78:bf:9a:8f:48:18:96:6a:41:be:1e:b4:73:31:
                    df:8b:6f:27:aa:9f:2a:a9:9a:1c:99:45:df:04:35:
                    07:2b:6e:ee:b1:ff:2c:dc:f9:9d:8b:ff:48:d6:6c:
                    06:60:f3:90:a0:7f:d2:cd:30:b7:71:ef:51:4d:dd:
                    a2:9f:34:9a:40:23:1d:6d:97:bb:a6:6a:78:ac:f5:
                    b6:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                8F:33:2D:51:A9:40:12:AC:BA:56:09:42:A1:CC:38:E3:4C:2B:79:DF
            X509v3 Authority Key Identifier: 
                keyid:8F:33:2D:51:A9:40:12:AC:BA:56:09:42:A1:CC:38:E3:4C:2B:79:DF

            X509v3 Basic Constraints: critical
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
         22:a1:8f:18:0d:53:a7:1f:59:41:cc:f1:b7:04:0e:9e:9c:23:
         2b:ab:e7:47:d0:1c:39:de:e9:b4:99:72:44:ec:1d:40:7c:71:
         73:d6:9c:98:d4:03:92:9a:5e:83:60:52:53:db:08:b9:e0:a0:
         6b:98:7d:e5:13:0e:6a:3e:04:0f:0c:09:40:bb:1d:94:61:f8:
         09:57:d2:d3:6e:32:b7:e5:02:ed:47:88:b7:3a:13:e9:a2:45:
         0a:5d:b4:fd:40:96:fb:8f:0a:9d:8b:b4:a6:12:a4:14:b0:95:
         ee:66:df:3f:3f:a1:bf:cd:e9:ad:7b:48:d5:67:11:4d:22:98:
         4e:e3:b5:31:18:41:5d:ee:39:9f:ae:89:ba:69:76:11:3d:82:
         37:09:02:69:3e:c2:26:c5:17:8e:97:a3:e4:10:bc:a2:8a:e3:
         83:be:83:05:91:59:82:29:fa:34:d8:0d:31:7c:37:3e:28:48:
         96:3c:04:38:d1:43:55:da:c5:de:65:ef:bb:3d:db:e8:66:50:
         9f:7d:cf:77:4f:d9:55:c9:69:8e:c2:fa:ea:8f:8a:50:5a:c8:
         da:b1:c5:50:60:fb:74:60:30:3c:01:ce:3e:c5:6c:f6:e2:04:
         d1:ca:63:70:e8:84:90:b8:32:96:67:22:d2:7d:15:47:34:07:
         c1:2a:47:70
-----BEGIN CERTIFICATE-----
MIIDzzCCAregAwIBAgIUdqDG1Od6TdwhG3G6JY508xtBWyowDQYJKoZIhvcNAQEL
BQAwdzELMAkGA1UEBhMCY24xCzAJBgNVBAgMAmhiMQswCQYDVQQHDAJ3aDEMMAoG
A1UECgwDenNsMQwwCgYDVQQLDANteHgxFzAVBgNVBAMMDnd3dy5UYW5rZTEuY29t
MRkwFwYJKoZIhvcNAQkBFgoxMjNAcXEuY29tMB4XDTIyMDcyMTE1MzE0MloXDTIz
MDcyMTE1MzE0MlowdzELMAkGA1UEBhMCY24xCzAJBgNVBAgMAmhiMQswCQYDVQQH
DAJ3aDEMMAoGA1UECgwDenNsMQwwCgYDVQQLDANteHgxFzAVBgNVBAMMDnd3dy5U
YW5rZTEuY29tMRkwFwYJKoZIhvcNAQkBFgoxMjNAcXEuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2vmOLM61l3syZOvzhO3O9YzRUTF8IuGVv3F2
ASWfUuvYTwq9Q7C5xxqaCOSR73iieQU9mkrtv98a8AoY/Oyd9fehZbrMxgDUFL7s
kcRxhYpacYeLfhnDlMLCU73ilVa4K2ZSm4MNLJ6DKDzgOozuwzOTNvvy7wrkHXyM
Dt4M0DOFc051sPwT4ncBQQKcHjDpi9A8iCAgWTbInNXvLjHgFV2E4HxPlhgzNwf9
9D01JJVK8qZSeL+aj0gYlmpBvh60czHfi28nqp8qqZocmUXfBDUHK27usf8s3Pmd
i/9I1mwGYPOQoH/SzTC3ce9RTd2inzSaQCMdbZe7pmp4rPW2rwIDAQABo1MwUTAd
BgNVHQ4EFgQUjzMtUalAEqy6VglCocw440wred8wHwYDVR0jBBgwFoAUjzMtUalA
Eqy6VglCocw440wred8wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
AQEAIqGPGA1Tpx9ZQczxtwQOnpwjK6vnR9AcOd7ptJlyROwdQHxxc9acmNQDkppe
g2BSU9sIueCga5h95RMOaj4EDwwJQLsdlGH4CVfS024yt+UC7UeItzoT6aJFCl20
/UCW+48KnYu0phKkFLCV7mbfPz+hv83prXtI1WcRTSKYTuO1MRhBXe45n66Juml2
ET2CNwkCaT7CJsUXjpej5BC8oorjg76DBZFZgin6NNgNMXw3PihIljwEONFDVdrF
3mXvuz3b6GZQn33Pd0/ZVclpjsL66o+KUFrI2rHFUGD7dGAwPAHOPsVs9uIE0cpj
cOiEkLgylmci0n0VRzQHwSpHcA==
-----END CERTIFICATE-----
[root@localhost CA]# mkdir certs newcerts crl
[root@localhost CA]# touch index.txt && echo 01 > serial

c).客户端(例如httpd服务器)生成密钥

[root@localhost CA]# cd /etc/httpd && mkdir ssl && cd ssl
[root@localhost ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
...+++++
...........................................................................+++++
e is 65537 (0x010001)

d).客户端生成证书签署请求

[root@localhost ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:zsl
Organizational Unit Name (eg, section) []:mxx
Common Name (eg, your name or your server's hostname) []:www.Tanke1.com
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

e).CA签署客户端提交上来的证书

[root@localhost ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Jul 21 15:35:07 2022 GMT
            Not After : Jul 21 15:35:07 2023 GMT
        Subject:
            countryName               = cn
            stateOrProvinceName       = hb
            organizationName          = zsl
            organizationalUnitName    = mxx
            commonName                = www.Tanke1.com
            emailAddress              = [email protected]
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                EA:D9:52:5A:E7:84:C2:09:1A:15:5B:4D:F2:77:23:F0:1D:C1:F9:D0
            X509v3 Authority Key Identifier: 
                keyid:8F:33:2D:51:A9:40:12:AC:BA:56:09:42:A1:CC:38:E3:4C:2B:79:DF

Certificate is to be certified until Jul 21 15:35:07 2023 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

2. 在ssl.conf 中配置证书的位置

[root@localhost ~]# cd /etc/httpd/conf.d/
[root@localhost conf.d]# vim ssl.conf
......
//把#DocumentRoot "/var/www/html/Feiji"
#ServerName www.Feiji1.com:443#号删除并指定其使用目录路径
<VirtualHost _default_:443>

# General setup for the virtual host, inherited from global configuration
DocumentRoot "/var/www/html/Feiji"
ServerName www.Feiji1.com:443

//配置证书的路径
SSLCertificateFile /etc/httpd/ssl/httpd.crt

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
#   ECC keys, when in use, can also be configured in parallel
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
......

3. 检查配置文件是否有语法错误

[root@localhost conf.d]# httpd -t
Syntax OK

4. 重启服务

[root@localhost conf.d]# systemctl restart httpd
[root@localhost conf.d]# ss -anlt
State      Recv-Q     Send-Q           Local Address:Port           Peer Address:Port     Process     
LISTEN     0          128                    0.0.0.0:22                  0.0.0.0:*                    
LISTEN     0          128                          *:443                       *:*                    
LISTEN     0          128                          *:80                        *:*                    
LISTEN     0          128                       [::]:22                     [::]:*

Tags: