我刚刚重新安装httpd
并创建了一个静态index.html
文件。我已firewalld
配置为允许通过互联网访问该https
服务。但是当我https://my.server.ip
在网络浏览器中输入内容时,浏览器会给出错误消息,指出无法与服务器连接。 为了让浏览器接收文件,我必须更改什么index.html
?
以下是firewalld
公共区域的定义:
[[email protected]]# firewall-cmd --list-all
public (default, active)
interfaces: enp3s0
sources:
services: https ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
这是该index.html
文件及其位置:
[[email protected]]# cd /var/www/html
[[email protected] html]# cat index.html
<html>
<body>
Understand that this is a test. If this text appears in the browser, then https is working.
</body>
</html>
这是VirtualHost
中的标签httpd.conf
:
<VirtualHost server.ip.address:443>
DocumentRoot /var/www/html/
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateChainFile /etc/pki/tls/certs/ca-bundle.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
# ProxyPass / http://localhost:8080/
# ProxyPassReverse / http://localhost:8080/
</VirtualHost>
这是一个链接到整个 httpd.conf 文件。
编辑#1
当我查看系统中安装的 ssl 时,得到的结果好坏参半。例如,443 上没有任何监听。此外,虽然 systemctl 找不到 openssl,但 yum 似乎认为 opensl 已经安装。但我确实确认 .crt 文件都位于其预期位置。
[root@1my-server-ip-addr ~]# netstat -na | grep 443.*LISTEN
[root@1my-server-ip-addr ~]# systemctl status openssl
openssl.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
[root@1my-server-ip-addr ~]# yum install openssl
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.chkhosting.com
* epel: mirror.nexcess.net
* extras: ftpmirror.your.org
* updates: centos.mbni.med.umich.edu
Package 1:openssl-1.0.1e-34.el7_0.6.x86_64 already installed and latest version
Nothing to do
编辑#2
我还检查了 mod_ssl 和 httpd 状态,如下所示:
[root@1my-server-ip-addr certs]# systemctl status mod_ssl.service
mod_ssl.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
[root@1my-server-ip-addr certs]# systemctl status httpd
httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled)
Active: active (running) since Thu 2014-12-11 18:44:31 EST; 1h 54min ago
Main PID: 4094 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
├─4094 /usr/sbin/httpd -DFOREGROUND
├─4095 /usr/sbin/httpd -DFOREGROUND
├─4096 /usr/sbin/httpd -DFOREGROUND
├─4097 /usr/sbin/httpd -DFOREGROUND
├─4098 /usr/sbin/httpd -DFOREGROUND
└─4099 /usr/sbin/httpd -DFOREGROUND
Dec 11 18:44:31 1my-server-ip-addr.static.servdns.com systemd[1]: Started The Apac...
Hint: Some lines were ellipsized, use -l to show in full.
编辑#3
根据 prateek61 的建议,我还尝试了以下方法:
[root@1my-server-ip-addr certs]# error_log
-bash: error_log: command not found
[root@1my-server-ip-addr certs]# access_log
-bash: access_log: command not found
[root@1my-server-ip-addr certs]# sestatus
SELinux status: disabled
编辑#4
我在access_log中发现了以下内容。我不知道如何解释它,因为今天很多配置都发生了变化,其中一些日志可能是在不同的配置下生成的:
[Thu Dec 11 15:37:59.025223 2014] [mpm_prefork:notice] [pid 2627] AH00170: caught SIGWINCH, shutting down gracefully
[Thu Dec 11 16:40:07.114619 2014] [mime:error] [pid 981] (2)No such file or directory: AH01597: could not open mime types config file /etc/httpd/conf/mime.types.
AH00016: Configuration Failed
[Thu Dec 11 16:43:30.051125 2014] [mime:error] [pid 1076] (2)No such file or directory: AH01597: could not open mime types config file /etc/httpd/conf/mime.types.
AH00016: Configuration Failed
[Thu Dec 11 18:44:31.845012 2014] [suexec:notice] [pid 4094] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Dec 11 18:44:31.891627 2014] [auth_digest:notice] [pid 4094] AH01757: generating secret for digest authentication ...
[Thu Dec 11 18:44:31.893061 2014] [lbmethod_heartbeat:notice] [pid 4094] AH02282: No slotmem from mod_heartmonitor
[Thu Dec 11 18:44:31.898347 2014] [mpm_prefork:notice] [pid 4094] AH00163: Apache/2.4.6 (CentOS) configured -- resuming normal operations
[Thu Dec 11 18:44:31.898394 2014] [core:notice] [pid 4094] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
编辑#5
我跑了yum remove mod_ssl httpd
然后yum install mod_ssl httpd
。然后我打开网络浏览器并请求https server.ip.addr
并收到相同的连接失败消息。但是,创建了以下日志:
access_log
::1 - - [11/Dec/2014:21:47:42 -0500] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) (internal dummy connection)"
::1 - - [11/Dec/2014:21:47:42 -0500] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) (internal dummy connection)"
::1 - - [11/Dec/2014:21:47:42 -0500] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) (internal dummy connection)"
::1 - - [11/Dec/2014:21:47:42 -0500] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) (internal dummy connection)"
::1 - - [11/Dec/2014:21:47:42 -0500] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) (internal dummy connection)"
错误日志
[Thu Dec 11 21:47:42.930487 2014] [mpm_prefork:notice] [pid 4094] AH00170: caught SIGWINCH, shutting down gracefully
或没有变化 ssl_access_log
。ssl_error_log
ssl_request_log
我不知道某些新日志是否是通过卸载然后重新安装的行为创建的。
部分答案
当通过以下方式请求时,需要执行三个步骤httpd
来提供页面: index.html
https my.server.ip
1.) yum remove mod_ssl httpd
2.) yum install mod_ssl httpd
3.) systemctl restart httpd.service
但更仔细的检查表明,删除VirtualHost
指令和Listen 443
fromhttpd.conf
在提供静态内容方面发挥了作用。当我VirtualHost
重新添加该指令时,引发了一个新错误。
我需要该指令,因为最终目标是在 Web 浏览器收到对给定域的请求时VirtualHost
提供war
文件。tomcat
https
我没有尝试放回Listen 443
,httpd.conf
因为Listen
中给出了类似的指令ssl.conf
。
答案1
您在上面的示例中注释掉了侦听端口 8080 的代理。是否配置了(反向)代理并仍在前端侦听?在这种情况下,您应该在前端服务器上启用 ssl,并按照上面的示例取消监听 8080 的注释。
如果还没有/根本没有前端代理侦听:请确保在按照您的描述删除并重新安装时再次配置 ssl.conf - 这也删除了之前配置的值和证书路径(您如何创建的) ?)。
httpd -t
重新启动 httpd 并使用.检查语法。如果返回 Syntax OK,我建议执行 ping 操作以查看是否完全正常。如果是这样的话,请。分享你的 ssl.conf