首先先把防火墙关闭并且下载好ssl

[root@localhost li]# systemctl stop firewalld[root@localhost li]# setenforce 0[root@localhost li]# yum install mod_ssl

 1.基于域名www.openlab.com可以访问网站内容为welcome to openlab

先制作服务器证书

req -newkey rsa:4096 -nodes -sha256 -keyout haha.key -x509 - days 365 -out haha.crt

req 是 证书请求的子命令                                        newkey 生成一个新密钥    

rsa   一种非对称密钥算法  可指定长度信息           nodes   生成文本 

sha256  加密算法                                              keyout 生成私钥文件

-x509  表示输出证书                                        -days  表示有效期

我们由于没有设定路径，所以创建的证书和密钥会放在当前目录 

[root@localhost certs]# openssl req -newkey rsa  -nodes -keyout openlab.key -x509 -days 365 -out openlab.crt
Generating a RSA private key
......................................................................................................................+++++
..+++++
writing new private key to 'openlab.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:86
State or Province Name (full name) []:ningxia
Locality Name (eg, city) [Default City]:yinchuan
Organization Name (eg, company) [Default Company Ltd]:openlab
Organizational Unit Name (eg, section) []:1 
Common Name (eg, your name or your server's hostname) []:localhost
Email Address []:1907781431@qq.com

2.定义基于域名访问的网站配置文件

创建测试网页文件根目录

定义网页内容

重启服务

[root@localhost openlab]# vim /etc/httpd/conf.d/vhosts.conf 
[root@localhost openlab]# cat /etc/httpd/conf.d/vhosts.conf 
<VirtualHost  192.168.138.135:443>ServerName     www.openlab.com DocumentRoot       /www/openlab  SSLEngine onSSLCertificateFile /etc/pki/tls/certs/openlab.crtSSLCertificateKeyFile /etc/pki/tls/private/openlab.key
</VirtualHost><Directory   /www>AllowOverride noneRequire all granted
</Directory>
[root@localhost openlab]# mkdir -pv /www/openlab
[root@localhost openlab]# echo 这是一个https测试文件 > /www/openlab/index.html
[root@localhost openlab]# echo welcome to openlab!! >> /www/openlab/index.html
echo welcome to openlabcat /etc/httpd/conf.d/vhosts.conf  >> /www/openlab/index.html[root@localhost certs]# vim /etc/hosts
[root@localhost certs]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.138.135 www.openlab.com[root@localhost openlab]# systemctl restart httpd

3 进行测试

 2 在openlab下创建三个子界面

三个界面分别显示学生的信息和资料还有缴费

<VirtualHost  192.168.138.135:443>ServerName     wwww.openlab.comDocumentRoot       /www/openlabAlias /student   Alias /date      Alias /money    SSLEngine onSSLCertificateFile /etc/pki/tls/certs/openlab.crtSSLCertificateKeyFile /etc/pki/tls/private/openlab.key
</VirtualHost>

[root@localhost /]# mkdir -pv student[root@localhost /]# mkdir -pv date[root@localhost /]# mkdir -pv money[root@localhost /]# echo 学生信息 > /student/index.html
[root@localhost /]# echo 资料  > /date/index.html
[root@localhost /]# echo 缴费> /money/index.html

从www.openlab.com /student访问学生的信息

从www.openlab.com /date 访问学习资料

 

从www.openlab.com/money访问缴费网站

 3.

(1)学生信息网站只有song和tian两人可以访问，其他用户不能访问。

vim /etc/httpd/conf.d/vhosts.conf<Directory   /ce1>AllowOverride noneAuthType basicAuthName "login"AuthUserfile /etc/httpd/usersRequire user songRequire user tian
</Directory>

[root@localhost /]# htpasswd  -c  /etc/httpd/users tian
New password: 
Re-type new password: 
Adding password for user tian[root@localhost /]# htpasswd    /etc/httpd/users song
New password: 
Re-type new password: 
Adding password for user song[root@localhost /]# cat /etc/httpd/users
tian:$apr1$7IBNs..3$SK/qV7wm/QZ/Tbj7NBgRs0
song:$apr1$BQQo.P6j$OktS6H0XaCbw23cGr5xIn/

之后重启后进行测试

 

 之后基于https 访问就可以了