EVE-NG 配置 SSL 证书实现 HTTPS 访问

启用ssl模块并重启apache2

我们可以启用https（默认在443端口）提高访问服务的安全性，首先启用apache2的ssl模块：

sudo a2enmod ssl

正常启用成功时，命令行中将会提示重启apache2服务：

sudo systemctl restart apache2

检查“/etc/apache2/ports.conf”文件中443端口是否启用监听，默认情况下443端口是监听的。如果未监听，加入“Listen 443 https”并重新加载apache2。

# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
​
Listen 80
​
<IfModule ssl_module>
    Listen 443
</IfModule>
​
<IfModule mod_gnutls.c>
    Listen 443
</IfModule>
​
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

上传证书

将对应域名的SSL证书上传至以下路径

证书：

/etc/ssl/certs/eve-fullchain.crt

私钥：

/etc/ssl/private/eve.key

启用虚拟主机HTTPS监听

编辑unetlab的虚拟主机配置文件并新增一个443端口的虚拟主机监听配置：

/etc/apache2/sites-available/unetlab.conf

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
​
ServerName eve.example.com #修改为你的域名
​
<IfModule mod_rewrite.c>
    # Logging disabled by default
    # LogLevel mod_rewrite.c:trace2
</IfModule>
​
<Directory /opt/unetlab/html/>
    Options FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>
​
<Directory /opt/unetlab/data/Exports/>
    Options FollowSymLinks Indexes
    AllowOverride All
    Require all granted
</Directory>
​
<Directory /opt/unetlab/data/Logs/>
    Options FollowSymLinks Indexes
    AllowOverride All
    Require all granted
</Directory>
​
<VirtualHost *:80>
    ServerAdmin [email protected]
    DocumentRoot /opt/unetlab/html
​
    ErrorLog /opt/unetlab/data/Logs/error.txt
    CustomLog /opt/unetlab/data/Logs/access.txt combined
​
    Alias /Exports /opt/unetlab/data/Exports
    Alias /Logs /opt/unetlab/data/Logs
​
    <Location /html5/>
        Order allow,deny
        Allow from all
        ProxyPass http://127.0.0.1:8080/guacamole/ flushpackets=on
        ProxyPassReverse http://127.0.0.1:8080/guacamole/
    </Location>
​
    <Location /html5/websocket-tunnel>
        Order allow,deny
        Allow from all
        ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel
        ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel
    </Location>
</VirtualHost>
​
<VirtualHost _default_:443>
        ServerName eve.example.com #修改为你的域名
        ServerAdmin webmaster@localhost
        DocumentRoot /opt/unetlab/html/
        ErrorLog /opt/unetlab/data/Logs/ssl-error.log
        CustomLog /opt/unetlab/data/Logs/ssl-access.log combined
        Alias /Exports /opt/unetlab/data/Exports
        Alias /Logs /opt/unetlab/data/Logs
        SSLEngine on
        SSLCertificateFile /etc/ssl/certs/eve-fullchain.crt
        SSLCertificateKeyFile /etc/ssl/private/eve.key
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>
        <Location /html5/>
        Order allow,deny
        Allow from all
        ProxyPass http://127.0.0.1:8080/guacamole/ flushpackets=on
        ProxyPassReverse http://127.0.0.1:8080/guacamole/
        ProxyPreserveHost On
        </Location>
​
        <Location /html5/websocket-tunnel>
                Order allow,deny
                Allow from all
                ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel
                ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel
        </Location>
</VirtualHost>

保存并退出文件，重新加载apache2：

sudo systemctl reload apache2