EVE-NG 配置 SSL 证书实现 HTTPS 访问
启用ssl模块并重启apache2
我们可以启用https(默认在443端口)提高访问服务的安全性,首先启用apache2的ssl模块:
sudo a2enmod ssl
正常启用成功时,命令行中将会提示重启apache2服务:
sudo systemctl restart apache2
检查“/etc/apache2/ports.conf”文件中443端口是否启用监听,默认情况下443端口是监听的。如果未监听,加入“Listen 443 https”并重新加载apache2。
# If you just change the port or add more ports here, you will likely also # have to change the VirtualHost statement in # /etc/apache2/sites-enabled/000-default.conf Listen 80 <IfModule ssl_module> Listen 443 </IfModule> <IfModule mod_gnutls.c> Listen 443 </IfModule> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
上传证书
将对应域名的SSL证书上传至以下路径
证书:
/etc/ssl/certs/eve-fullchain.crt
私钥:
/etc/ssl/private/eve.key
启用虚拟主机HTTPS监听
编辑unetlab的虚拟主机配置文件并新增一个443端口的虚拟主机监听配置:
/etc/apache2/sites-available/unetlab.conf
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet ServerName eve.example.com #修改为你的域名 <IfModule mod_rewrite.c> # Logging disabled by default # LogLevel mod_rewrite.c:trace2 </IfModule> <Directory /opt/unetlab/html/> Options FollowSymLinks AllowOverride All Require all granted </Directory> <Directory /opt/unetlab/data/Exports/> Options FollowSymLinks Indexes AllowOverride All Require all granted </Directory> <Directory /opt/unetlab/data/Logs/> Options FollowSymLinks Indexes AllowOverride All Require all granted </Directory> <VirtualHost *:80> ServerAdmin [email protected] DocumentRoot /opt/unetlab/html ErrorLog /opt/unetlab/data/Logs/error.txt CustomLog /opt/unetlab/data/Logs/access.txt combined Alias /Exports /opt/unetlab/data/Exports Alias /Logs /opt/unetlab/data/Logs <Location /html5/> Order allow,deny Allow from all ProxyPass http://127.0.0.1:8080/guacamole/ flushpackets=on ProxyPassReverse http://127.0.0.1:8080/guacamole/ </Location> <Location /html5/websocket-tunnel> Order allow,deny Allow from all ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel </Location> </VirtualHost> <VirtualHost _default_:443> ServerName eve.example.com #修改为你的域名 ServerAdmin [email protected] DocumentRoot /opt/unetlab/html/ ErrorLog /opt/unetlab/data/Logs/ssl-error.log CustomLog /opt/unetlab/data/Logs/ssl-access.log combined Alias /Exports /opt/unetlab/data/Exports Alias /Logs /opt/unetlab/data/Logs SSLEngine on SSLCertificateFile /etc/ssl/certs/eve-fullchain.crt SSLCertificateKeyFile /etc/ssl/private/eve.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> <Location /html5/> Order allow,deny Allow from all ProxyPass http://127.0.0.1:8080/guacamole/ flushpackets=on ProxyPassReverse http://127.0.0.1:8080/guacamole/ ProxyPreserveHost On </Location> <Location /html5/websocket-tunnel> Order allow,deny Allow from all ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel </Location> </VirtualHost>
sudo systemctl reload apache2
版权声明:
作者:RuyeNet
链接:https://www.iloveu.top/archives/121
来源:RuyeNet
文章版权归作者所有,未经允许请勿转载。

共有 0 条评论