dnf -y install httpd bind openssl mod_ssl
# cd /etc/pki/tls/certs
[개인키 생성]
# openssl genrsa -out http.key 2048
lrwxrwxrwx. 1 root root 49 8월 22 2024 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx. 1 root root 55 8월 22 2024 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rw-------. 1 root root 1704 3월 26 17:08 http.key
[CSR 인증서 발급 요청]
# openssl req -new -key http.key -out http.csr
[개인키 CSR 이용한 인증서 생성]
# openssl x509 -req -days 365 -in http.csr -signkey http.key -out http.crt
[ssl 환경설정]
vi /etc/httpd/conf.d/ssl.conf
생성한 파일명으로 수정
85 SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /etc/pki/tls/certs/http.crt
93 SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /etc/pki/tls/certs/http.key
[클라이언트 접속]
방화벽
네임 서버 구축 forbidden
chmod -R 755 /var/www/html
vi /etc/httpd/conf/httpd.conf
<Directory "/var/www/html">
AllowOverride ***All***
Require all granted
</Directory>
'IT 엔지니어 > Linux server' 카테고리의 다른 글
| Web security 취약점 (0) | 2025.04.25 |
|---|---|
| Web Security (0) | 2025.04.25 |
| TOMCAT (0) | 2025.04.23 |
| Web Security (0) | 2025.04.23 |
| KAIL linux & UTM (0) | 2025.04.22 |
