CentOS 7 不会提供静态 https 内容,为什么不呢?

CentOS 7 不会提供静态 https 内容,为什么不呢?

我刚刚重新安装httpd并创建了一个静态index.html文件。我已firewalld配置为允许通过互联网访问该https服务。但是当我https://my.server.ip在网络浏览器中输入内容时,浏览器会给出错误消息,指出无法与服务器连接。 为了让浏览器接收文件,我必须更改什么index.html

以下是firewalld公共区域的定义:

[[email protected]]# firewall-cmd --list-all
public (default, active)
  interfaces: enp3s0
  sources: 
  services: https ssh
  ports: 
  masquerade: no
  forward-ports: 
  icmp-blocks: 
  rich rules: 

这是该index.html文件及其位置:

[[email protected]]# cd /var/www/html
[[email protected] html]# cat index.html
<html>
<body>
Understand that this is a test.  If this text appears in the browser, then https is working.
</body>
</html>

这是VirtualHost中的标签httpd.conf

<VirtualHost server.ip.address:443>
   DocumentRoot /var/www/html/
   SSLEngine on
   SSLProxyEngine on
   SSLCertificateFile /etc/pki/tls/certs/localhost.crt
   SSLCertificateChainFile /etc/pki/tls/certs/ca-bundle.crt
   SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
   # ProxyPass / http://localhost:8080/
   # ProxyPassReverse / http://localhost:8080/
</VirtualHost>  

这是一个链接到整个 httpd.conf 文件。

编辑#1

当我查看系统中安装的 ssl 时,得到的结果好坏参半。例如,443 上没有任何监听。此外,虽然 systemctl 找不到 openssl,但 yum 似乎认为 opensl 已经安装。但我确实确认 .crt 文件都位于其预期位置。

[root@1my-server-ip-addr ~]# netstat -na | grep 443.*LISTEN
[root@1my-server-ip-addr ~]# systemctl status openssl
openssl.service
   Loaded: not-found (Reason: No such file or directory)
   Active: inactive (dead)

[root@1my-server-ip-addr ~]# yum install openssl
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.chkhosting.com
 * epel: mirror.nexcess.net
 * extras: ftpmirror.your.org
 * updates: centos.mbni.med.umich.edu
Package 1:openssl-1.0.1e-34.el7_0.6.x86_64 already installed and latest version
Nothing to do

编辑#2

我还检查了 mod_ssl 和 httpd 状态,如下所示:

[root@1my-server-ip-addr certs]# systemctl status mod_ssl.service
mod_ssl.service
   Loaded: not-found (Reason: No such file or directory)
   Active: inactive (dead)

[root@1my-server-ip-addr certs]# systemctl status httpd
httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled)
   Active: active (running) since Thu 2014-12-11 18:44:31 EST; 1h 54min ago
 Main PID: 4094 (httpd)
   Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"
   CGroup: /system.slice/httpd.service
           ├─4094 /usr/sbin/httpd -DFOREGROUND
           ├─4095 /usr/sbin/httpd -DFOREGROUND
           ├─4096 /usr/sbin/httpd -DFOREGROUND
           ├─4097 /usr/sbin/httpd -DFOREGROUND
           ├─4098 /usr/sbin/httpd -DFOREGROUND
           └─4099 /usr/sbin/httpd -DFOREGROUND

Dec 11 18:44:31 1my-server-ip-addr.static.servdns.com systemd[1]: Started The Apac...
Hint: Some lines were ellipsized, use -l to show in full.  

编辑#3

根据 prateek61 的建议,我还尝试了以下方法:

[root@1my-server-ip-addr certs]# error_log
-bash: error_log: command not found
[root@1my-server-ip-addr certs]# access_log
-bash: access_log: command not found
[root@1my-server-ip-addr certs]# sestatus
SELinux status:                 disabled  

编辑#4

我在access_log中发现了以下内容。我不知道如何解释它,因为今天很多配置都发生了变化,其中一些日志可能是在不同的配置下生成的:

[Thu Dec 11 15:37:59.025223 2014] [mpm_prefork:notice] [pid 2627] AH00170:  caught SIGWINCH, shutting down gracefully
[Thu Dec 11 16:40:07.114619 2014] [mime:error] [pid 981] (2)No such file or directory: AH01597: could not open mime types config file /etc/httpd/conf/mime.types.
AH00016: Configuration Failed
[Thu Dec 11 16:43:30.051125 2014] [mime:error] [pid 1076] (2)No such file or directory: AH01597: could not open mime types config file /etc/httpd/conf/mime.types.
AH00016: Configuration Failed
[Thu Dec 11 18:44:31.845012 2014] [suexec:notice] [pid 4094] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Dec 11 18:44:31.891627 2014] [auth_digest:notice] [pid 4094] AH01757: generating secret for digest authentication ...
[Thu Dec 11 18:44:31.893061 2014] [lbmethod_heartbeat:notice] [pid 4094] AH02282: No slotmem from mod_heartmonitor
[Thu Dec 11 18:44:31.898347 2014] [mpm_prefork:notice] [pid 4094] AH00163: Apache/2.4.6 (CentOS) configured -- resuming normal operations
[Thu Dec 11 18:44:31.898394 2014] [core:notice] [pid 4094] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'  

编辑#5

我跑了yum remove mod_ssl httpd然后yum install mod_ssl httpd。然后我打开网络浏览器并请求https server.ip.addr并收到相同的连接失败消息。但是,创建了以下日志:

access_log

::1 - - [11/Dec/2014:21:47:42 -0500] "OPTIONS * HTTP/1.0" 200 - "-"  "Apache/2.4.6 (CentOS) (internal dummy connection)"
::1 - - [11/Dec/2014:21:47:42 -0500] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) (internal dummy connection)"
::1 - - [11/Dec/2014:21:47:42 -0500] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) (internal dummy connection)"
::1 - - [11/Dec/2014:21:47:42 -0500] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) (internal dummy connection)"
::1 - - [11/Dec/2014:21:47:42 -0500] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) (internal dummy connection)"  

错误日志

[Thu Dec 11 21:47:42.930487 2014] [mpm_prefork:notice] [pid 4094] AH00170: caught SIGWINCH, shutting down gracefully  

或没有变化 ssl_access_logssl_error_logssl_request_log

我不知道某些新日志是否是通过卸载然后重新安装的行为创建的。


部分答案

当通过以下方式请求时,需要执行三个步骤httpd来提供页面: index.htmlhttps my.server.ip

1.) yum remove mod_ssl httpd  
2.) yum install mod_ssl httpd  
3.) systemctl restart httpd.service  

但更仔细的检查表明,删除VirtualHost指令和Listen 443fromhttpd.conf在提供静态内容方面发挥了作用。当我VirtualHost重新添加该指令时,引发了一个新错误。

我需要该指令,因为最终目标是在 Web 浏览器收到对给定域的请求时VirtualHost提供war文件。tomcathttps

我没有尝试放回Listen 443httpd.conf因为Listen中给出了类似的指令ssl.conf

答案1

您在上面的示例中注释掉了侦听端口 8080 的代理。是否配置了(反向)代理并仍在前端侦听?在这种情况下,您应该在前端服务器上启用 ssl,并按照上面的示例取消监听 8080 的注释。

如果还没有/根本没有前端代理侦听:请确保在按照您的描述删除并重新安装时再次配置 ssl.conf - 这也删除了之前配置的值和证书路径(您如何创建的) ?)。

httpd -t重新启动 httpd 并使用.检查语法。如果返回 Syntax OK,我建议执行 ping 操作以查看是否完全正常。如果是这样的话,请。分享你的 ssl.conf

相关内容