Shulou(Shulou.com)06/01 Report--

Detailed installation configuration of Apache and SSL configuration of Certificate Application under Centos7

First of all, when it comes to Centos, we are already very familiar with it, so we won't say much about the specific development of Centos. First of all, we know that the commands in the previous version of Centos7 are exactly the same as those in ReadHat, but after Centos was upgraded from version 6.0 to Centos7, there have been great changes in commands and functions. The most obvious difference is that there have been great changes in the installation interface and operation commands. Not to mention the functional changes, such as the change from the centos6.x version of iptalbes to centos7's firewall, of course, there are a lot of changes, so I won't say much about it. Today, I will mainly introduce the installation and configuration of Apache under Centos7, the function of enabling SSL and the introduction of certificate application. In this environment, we use the CA server installed on the windows system. The specific steps are described in other blog articles. The details of today's article are as follows:

We skipped the installation process of Centos7. As described in the previous document, after installation, we connect to the relevant operation console of centos7 through xshell or crt tool:

Modify the computer name:

Hostnamectl set-hostname apache.iternalsoft.com

Disable the firewall from booting

Systemctl disable firewalld.service

Temporarily turn off the firewall

Systemctl stop firewalld.service enable firewall boot boot Systemctl enable firewalld.service # enable firewall boot boot

Close selinux Vim / etc/selinux/config Set enforce 1

After defining the configuration, we can begin to install apache. First, use the following command to check whether the system has installed httpd-related services:

Rpm-qa | grep httpd

Yum install-y httpd

Start installation of httpd service and installation is complete

Yum install-y net-tools

This command is a netstat-anlpt plug-in. If you do not install this function under centos7, you cannot use the function of netstat. If you want to use this command, you need to install this tool.

Netstat-anlpt

Found no port 80

Systemctl start httpd

Start the apache service

Access it through the browser

The default access page is in this directory

/ etc/httpd/conf.d/welcome.conf

File

For better display, we modify the default index.html file

Cd / var/www/html

There is no Index.html file for this path by default, so we need to create a new one

Vim index.html create a new index.html file and edit the display content

Then restart the apache service:

Systemctl restart httpd

Next, to enable ssl for apache, we first need to provide TLS/SSL functionality for the Apache installation mod_ssl module:

Https is implemented through mod_ssl, so check and install mod_ssl:

[root@Centos ~] # ls / etc/httpd/modules/ | grep "mod_ssl" # mod_ssl is not installed by default

[root@Centos ~] # yum list all mod_ssl # View the installation package information of mod_ssl

Yum install-y mod_ssl # install mod_ssl

Installation completed

Check that mod_ssl is the result of installation

Rpm-qc mod_ssl/etc/httpd/conf.d/ssl.conf # mod_ssl configuration file location

After installing the ssl module, I can apply for a certificate

Cd / etc/pki/tlsOpenssl genrsa-out server.key 1024Server.key is the private key

Generate a certificate request file csr with a private key serverkey file

Openssl req-new-key server.key-out server.csrServer.csr is the certificate request file

Ls View

Next, we apply for a certificate on the internal CA through server.csr.

We apply for a certificate to complete the application for the certificate next.

Certificate application completed

Next, we need to copy the certificate to the directory corresponding to linux to modify it.

We go to the installation directory of httpd in cd / etc/httpd/conf/

Then mkdir ssl creates the certificate directory

And then

Cp / etc/pki/tls/certnew.cer server.key

Copy to / etc/httpd/conf/ssl/ directory

In order to display better, we * file naming

Cp certnew.cer web.pem

Then delete the certnew.cer.

Next, we modify the SSL configuration of httpd.

Cd / etc/httpd/conf.d # enter the SSL configuration directory of HTTPD

Ls View

Vim ssl.conf # Edit SSL configuration file

Cancel the following comments:

DocumentRoot "/ var/www/html/" ServerName apache.iternalsoft.com:443

* the path to the file and key file is defined according to your real environment

SSLCertficateFile / etc/httpd/conf/ssl/web.pemSSLCertficateKeyFile / etc/httpd/conf/ssl/server.key

After our configuration is completed, we access it through ssl

Then let's talk about the storage path of the module module under centos7. In fact, there are great differences between the previous versions of centos7 and centos6, no matter in terms of commands or some file formats. For example, module_ssl is in the httpd.conf file before centos6, while for centos7, it is in a separate directory: cd / etc/httpd/conf.modules.d.

Cd / etc/httpd/conf.modules.d

We passed

Vim 00-ssl.conf

To edit the module; module information for mod_ssl

Let's take another look.

Cd / etc/httpd/modules/

What about the next message?

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.