參考文章: https://blog.csdn.net/huade20/article/details/88312215php
一、下載安裝mod_ssl和opensslhtml
二、生成證書apache
openssl genrsa -out server.key 2048 #生成加密私鑰 openssl req -new -key server.key -out server.csr #生成證書籤名請求 openssl x509 -req -days 36500 -in server.csr -signkey server.key -out server.crt #生成證書
我這裏使用企業已有的證書進行配置vim
三、修改apache配置文件
vim /etc/httpd/conf.d/ssl.conf
寫上證書的正確路徑瀏覽器
四、配置虛擬主機
vim /etc/httpd/conf.d/vhost.conf服務器
<VirtualHost *:80> DocumentRoot /usr/share/zabbix ServerName ** #寫上你服務器的域名 </VirtualHost> <VirtualHost *:443> DocumentRoot /usr/share/zabbix ServerName **:443 #寫上你服務器的域名 </VirtualHost> <Directory /usr/share> AllowOverride All RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^(.*)?$ https://%{SERVER_NAME}/$1 [L,R] </Directory>
重啓httpd服務
瀏覽器輸入https://IP/zabbix已經能夠訪問
可是經過http://IP/zabbix仍是能夠訪問到zabbix控制檯的,如今設置默認http到https的跳轉app
五、http--> https
vim /etc/httpd/conf/httpd.confide
LoadModule rewrite_module modules/mod_rewrite.so #新增內容
在/usr/share/zabbix目錄中建文件 .htaccessui
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteCond %{REQUEST_URI} !^/*.php RewriteRule (.*) https://%{SERVER_NAME}/$1 [R]
重啓httpd服務器。加密
這裏展現一下/etc/httpd/conf/httpd.conf配置文件的內容:
cat /etc/httpd/conf/httpd.conf | grep -v "^#" | grep -v "^[[:space:]].*#" | grep -v "^$"
ServerRoot "/etc/httpd" Listen 80 LoadModule rewrite_module modules/mod_rewrite.so Include conf.modules.d/*.conf User apache Group apache ServerAdmin root@localhost ServerName 寫本身服務器的域名:80 <Directory /> AllowOverride All Require all denied </Directory> DocumentRoot "/usr/share/zabbix" <Directory "/usr/share"> AllowOverride All Require all granted </Directory> <Directory "/usr/share/zabbix"> Options Indexes FollowSymLinks AllowOverride All Require all granted </Directory> <IfModule dir_module> DirectoryIndex index.html </IfModule> <Files ".ht*"> Require all denied </Files> ErrorLog "logs/error_log" LogLevel warn <IfModule log_config_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> CustomLog "logs/access_log" combined </IfModule> <IfModule alias_module> ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" </IfModule> <Directory "/var/www/cgi-bin"> AllowOverride None Options None Require all granted </Directory> <IfModule mime_module> TypesConfig /etc/mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType text/html .shtml AddOutputFilter INCLUDES .shtml </IfModule> AddDefaultCharset UTF-8 <IfModule mime_magic_module> MIMEMagicFile conf/magic </IfModule> EnableSendfile on IncludeOptional conf.d/*.conf
如今已經實現http://IP/zabbix 跳轉至 https://IP/zabbix
提示:
因爲此地址沒有在內網作解析,因此須要在本地電腦的host文件寫上服務器的解析,否則會提示證書無效:
寫上解析後:
六、瀏覽器訪問去掉zabbix。直接輸入HTTPS://IP 訪問zabbix控制檯(可選)
vim /etc/httpd/conf/httpd.conf
修改如下內容