红帽认证7.0【RHCE】第13题:配置安全web服务
yum install mod_ssl
firewall-cmd –permanent –add-service=https
firewall-cmd –reload
firewall-cmd –list-all
mkidr /etc/httpd/certs
wget -P /etc/httpd/certs/ http://server.group8.example.com/pub/tls/certs/system1.crt
wget -P /etc/httpd/certs/ http://server.group8.example.com/pub/tls/private/system1.key
wget -P /etc/httpd/certs/ http://server.group8.example.com/pub/tls/certs/ssl-ca.crt
vi /etc/httpd/conf.d/web.conf
<VirtualHost *:443>
ServerName system1.group8.example.com
DocumentRoot /var/www/html
<Directory /var/www/html>
order allow,deny
allow from all
deny from 172.13.8.0/24
</Directory>
SSLEngine on
SSLCertificateFile /etc/httpd/certs/system1.crt
SSLCertificateKeyFile /etc/httpd/certs/system1.key
SSLCACertificateFile /etc/httpd/certs/ssl-ca.crt
</VirtualHost>
httpd -t
systemctl restart httpd