{"id":28547,"date":"2023-12-29T18:45:03","date_gmt":"2024-01-10T19:13:32","guid":{"rendered":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%be%9ecentos_webserver%e6%a7%8b%e5%bb%ba%e5%88%b0https%e9%80%a3%e6%8e%a5-2\/"},"modified":"2025-08-12T08:47:19","modified_gmt":"2025-08-12T00:47:19","slug":"%e5%be%9ecentos_webserver%e6%a7%8b%e5%bb%ba%e5%88%b0https%e9%80%a3%e6%8e%a5-2","status":"publish","type":"post","link":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%be%9ecentos_webserver%e6%a7%8b%e5%bb%ba%e5%88%b0https%e9%80%a3%e6%8e%a5-2\/","title":{"rendered":"\u5f9eCentOS_WebServer\u69cb\u5efa\u5230HTTPS\u9023\u63a5"},"content":{"rendered":"

\u5efa\u7acb\u7f51\u9875\u670d\u52a1\u5668<\/p>\n

\u73af\u5883\u4fe1\u606fCentOS-8.5.2111 \u7684\u542b\u4e49\u662f\u4ec0\u4e48\uff1f<\/p>\n
\n
\u30d1\u30c3\u30b1\u30fc\u30b8\u540d\u30d0\u30fc\u30b8\u30e7\u30f3httpd2.4.37-43.module_el8.5.0+1022+b541f3b1.x86_64httpd-tools2.4.37-43.module_el8.5.0+1022+b541f3b1.x86_64httpd-devel2.4.37-43.module_el8.5.0+1022+b541f3b1.x86_64httpd-maunal2.4.37-43.module_el8.5.0+1022+b541f3b1.noarch<\/p>\n
    \n
  • \n
      WebServer<\/ul>\n<\/li>\n<\/ul>\n

      192.0.2.1\/24<\/p>\n

      \u5b89\u88c5\u8f6f\u4ef6\u5305\u65e0\u8bba\u662f\u5728dnf\u8fd8\u662fyum\u547d\u4ee4\u4e2d\uff0c\u5b83\u4eec\u7684\u529f\u80fd\u662f\u76f8\u540c\u7684\uff08\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\u8bf7\u53c2\u8003\u4ee5\u4e0bURL\uff09\u3002<\/p>\n
      # dnf install -y httpd && dnf install -y httpd-tools && dnf install -y httpd-devel && dnf install -y httpd-maunal\r\n<\/code><\/pre>\n
       <\/p>\n
      \u786e\u8ba4\u5b89\u88c5\u5305<\/p>\n
      # yum list installed | grep httpd\r\n<\/code><\/pre>\n
      \u5982\u679c\u8f93\u51fa\u663e\u793a\u201c\u65e0\u6cd5\u4f7f\u7528\u5305\u201d\uff0c\u8bf7\u786e\u8ba4\u60a8\u4f7f\u7528\u7684\u4ed3\u5e93\u662f\u5426\u65e0\u6cd5\u63d0\u4f9b\u3002<\/p>\n
      # yum search httpd\r\n<\/code><\/pre>\n
      \u521b\u5efa\u76ee\u5f55\uff0c\u6539\u53d8\u6743\u9650<\/p>\n
      # useradd www\r\n<\/code><\/pre>\n
      # passwd www\r\n<\/code><\/pre>\n
      # mkdir -p \/home\/www\/public_html\/cgi-bin\r\n<\/code><\/pre>\n
      # chown -R www.www \/home\/www && chmod -R 777 \/home\/www\r\n<\/code><\/pre>\n
      \u5c06\/etc\/httpd\/conf\/httpd.conf\u8fdb\u884c\u4fee\u6539\u3002<\/p>\n
      # This is the main Apache HTTP server configuration file.  It contains the<\/span>\r\n# configuration directives that give the server its instructions.<\/span>\r\n# See <URL:http:\/\/httpd.apache.org\/docs\/2.4\/> for detailed information.<\/span>\r\n# In particular, see <\/span>\r\n# <URL:http:\/\/httpd.apache.org\/docs\/2.4\/mod\/directives.html><\/span>\r\n# for a discussion of each configuration directive.<\/span>\r\n# See the httpd.conf(5) man page for more information on this configuration,<\/span>\r\n# and httpd.service(8) on using and configuring the httpd service.<\/span>\r\n#\r\n# Do NOT simply read the instructions in here without understanding<\/span>\r\n# what they do.  They're here only as hints or reminders.  If you are unsure<\/span>\r\n# consult the online docs. You have been warned.  <\/span>\r\n#\r\n# Configuration and logfile names: If the filenames you specify for many<\/span>\r\n# of the server's control files begin with \"\/\" (or \"drive:\/\" for Win32), the<\/span>\r\n# server will use that explicit path.  If the filenames do *not* begin<\/span>\r\n# with \"\/\", the value of ServerRoot is prepended -- so 'log\/access_log'<\/span>\r\n# with ServerRoot set to '\/www' will be interpreted by the<\/span>\r\n# server as '\/www\/log\/access_log', where as '\/log\/access_log' will be<\/span>\r\n# interpreted as '\/log\/access_log'.<\/span>\r\n\r\n#\r\n# ServerRoot: The top of the directory tree under which the server's<\/span>\r\n# configuration, error, and log files are kept.<\/span>\r\n#\r\n# Do not add a slash at the end of the directory path.  If you point<\/span>\r\n# ServerRoot at a non-local disk, be sure to specify a local disk on the<\/span>\r\n# Mutex directive, if file-based mutexes are used.  If you wish to share the<\/span>\r\n# same ServerRoot for multiple httpd daemons, you will need to change at<\/span>\r\n# least PidFile.<\/span>\r\n#\r\n<\/span>\r\nServerRoot<\/span> \"\/etc\/httpd\"<\/span>\r\n\r\nKeepAlive<\/span> On<\/span>\r\nMaxKeepAliveRequests<\/span> 100<\/span>\r\nKeepAliveTimeout<\/span> 5<\/span>\r\n\r\n#\r\n# Listen: Allows you to bind Apache to specific IP addresses and\/or<\/span>\r\n# ports, instead of the default. See also the <VirtualHost><\/span>\r\n# directive.<\/span>\r\n#\r\n# Change this to Listen on specific IP addresses as shown below to <\/span>\r\n# prevent Apache from glomming onto all bound IP addresses.<\/span>\r\n#\r\n#Listen 12.34.56.78:80<\/span>\r\nListen<\/span> 80<\/span>\r\n\r\n#\r\n# Dynamic Shared Object (DSO) Support<\/span>\r\n#\r\n# To be able to use the functionality of a module which was built as a DSO you<\/span>\r\n# have to place corresponding `LoadModule' lines at this location so the<\/span>\r\n# directives contained in it are actually available _before_ they are used.<\/span>\r\n# Statically compiled modules (those listed by `httpd -l') do not need<\/span>\r\n# to be loaded here.<\/span>\r\n#\r\n# Example:<\/span>\r\n# LoadModule foo_module modules\/mod_foo.so<\/span>\r\n#\r\nInclude conf.modules.d\/*.conf<\/span>\r\n\r\n#\r\n# If you wish httpd to run as a different user or group, you must run<\/span>\r\n# httpd as root initially and it will switch.  <\/span>\r\n#\r\n# User\/Group: The name (or #number) of the user\/group to run httpd as.<\/span>\r\n# It is usually good practice to create a dedicated user and group for<\/span>\r\n# running httpd, as with most system services.<\/span>\r\n\r\nUser<\/span> www<\/span>\r\nGroup<\/span> www<\/span>\r\n\r\n# 'Main' server configuration<\/span>\r\n#\r\n# The directives in this section set up the values used by the 'main'<\/span>\r\n# server, which responds to any requests that aren't handled by a<\/span>\r\n# <VirtualHost> definition.  These values also provide defaults for<\/span>\r\n# any <VirtualHost> containers you may define later in the file.<\/span>\r\n#\r\n# All of these directives may appear inside <VirtualHost> containers,<\/span>\r\n# in which case these default settings will be overridden for the<\/span>\r\n# virtual host being defined.<\/span>\r\n#\r\n<\/span>\r\n#\r\n# ServerAdmin: Your address, where problems with the server should be<\/span>\r\n# e-mailed.  This address appears on some server-generated pages, such<\/span>\r\n# as error documents.  e.g. admin@your-domain.com<\/span>\r\n#\r\n<\/span>\r\nServerAdmin<\/span> root<\/span>@<\/span>localhost<\/span>\r\n\r\n#\r\n# ServerName gives the name and port that the server uses to identify itself.<\/span>\r\n# This can often be determined automatically, but we recommend you specify<\/span>\r\n# it explicitly to prevent problems during startup.<\/span>\r\n#\r\n# If your host doesn't have a registered DNS name, enter its IP address here.<\/span>\r\n#\r\n<\/span>\r\nServerName<\/span> hoge1<\/span>.<\/span>com<\/span>:<\/span>80<\/span>\r\n\r\n#\r\n# Deny access to the entirety of your server's filesystem. You must<\/span>\r\n# explicitly permit access to web content directories in other <\/span>\r\n# <Directory> blocks below.<\/span>\r\n#\r\n<\/span>\r\n<<\/span>Directory<\/span> \/><\/span>\r\n    AllowOverride<\/span> All<\/span>\r\n    Require<\/span> all<\/span> denied<\/span>\r\n    Options<\/span> All<\/span>\r\n<\/<\/span>Directory<\/span>><\/span>\r\n\r\n#\r\n# Note that from this point forward you must specifically allow<\/span>\r\n# particular features to be enabled - so if something's not working as<\/span>\r\n# you might expect, make sure that you have specifically enabled it<\/span>\r\n# below.<\/span>\r\n#\r\n<\/span>\r\n#\r\n# DocumentRoot: The directory out of which you will serve your<\/span>\r\n# documents. By default, all requests are taken from this directory, but<\/span>\r\n# symbolic links and aliases may be used to point to other locations.<\/span>\r\n#\r\n<\/span>\r\nDocumentRoot<\/span> \"\/home\/www\/public_html\"<\/span>\r\n\r\n#\r\n# Relax access to content within \/var\/www.<\/span>\r\n#\r\n<\/span>\r\n<<\/span>Directory<\/span> \"\/var\/www\"<\/span>><\/span>\r\n    AllowOverride<\/span> None<\/span>\r\n    # Allow open access:<\/span>\r\n    Require<\/span> all<\/span> granted<\/span>\r\n<\/<\/span>Directory<\/span>><\/span>\r\n\r\n# Further relax access to the default document root:<\/span>\r\n<<\/span>Directory<\/span> \"\/var\/www\/html\"<\/span>><\/span>\r\n    #\r\n    # Possible values for the Options directive are \"None\", \"All\",<\/span>\r\n    # or any combination of:<\/span>\r\n    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews<\/span>\r\n    #\r\n    # Note that \"MultiViews\" must be named *explicitly* --- \"Options All\"<\/span>\r\n    # doesn't give it to you.<\/span>\r\n    #\r\n    # The Options directive is both complicated and important.  Please see<\/span>\r\n    # http:\/\/httpd.apache.org\/docs\/2.4\/mod\/core.html#options<\/span>\r\n    # for more information.<\/span>\r\n    #\r\n    <\/span>\r\n    Options<\/span> FollowSymLinks<\/span>\r\n\r\n    #\r\n    # AllowOverride controls what directives may be placed in .htaccess files.<\/span>\r\n    # It can be \"All\", \"None\", or any combination of the keywords:<\/span>\r\n    #   Options FileInfo AuthConfig Limit<\/span>\r\n    #\r\n    <\/span>\r\n    AllowOverride<\/span> None<\/span>\r\n\r\n    #\r\n    # Controls who can get stuff from this server.<\/span>\r\n    #\r\n    Require all granted<\/span>\r\n<\/<\/span>Directory<\/span>><\/span>\r\n\r\n#\r\n# DirectoryIndex: sets the file that Apache will serve if a directory<\/span>\r\n# is requested.<\/span>\r\n#\r\n<\/span>\r\n<<\/span>IfModule<\/span> dir_module<\/span>><\/span>\r\n    DirectoryIndex<\/span> index<\/span>.<\/span>html<\/span>\r\n<\/<\/span>IfModule<\/span>><\/span>\r\n\r\n#\r\n# The following lines prevent .htaccess and .htpasswd files from being <\/span>\r\n# viewed by Web clients. <\/span>\r\n#\r\n<\/span>\r\n<<\/span>Files<\/span> \".ht*\"<\/span>><\/span>\r\n    Require<\/span> all<\/span> granted<\/span>\r\n<\/<\/span>Files<\/span>><\/span>\r\n\r\n#\r\n# ErrorLog: The location of the error log file.<\/span>\r\n# If you do not specify an ErrorLog directive within a <VirtualHost><\/span>\r\n# container, error messages relating to that virtual host will be<\/span>\r\n# logged here.  If you *do* define an error logfile for a <VirtualHost><\/span>\r\n# container, that host's errors will be logged there and not here.<\/span>\r\n#\r\nErrorLog \"logs\/error_log\"<\/span>\r\n\r\n#\r\n# LogLevel: Control the number of messages logged to the error_log.<\/span>\r\n# Possible values include: debug, info, notice, warn, error, crit,<\/span>\r\n# alert, emerg.<\/span>\r\n#\r\nLogLevel warn<\/span>\r\n\r\n<<\/span>IfModule<\/span> log_config_module<\/span>><\/span>\r\n    #\r\n    # The following directives define some format nicknames for use with<\/span>\r\n    # a CustomLog directive (see below).<\/span>\r\n    #\r\n    LogFormat \"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\"\" combined<\/span>\r\n    LogFormat<\/span> \"%h %l %u %t <\/span>\\\"<\/span>%r<\/span>\\\"<\/span> %>s %b\"<\/span> common<\/span>\r\n\r\n    <<\/span>IfModule<\/span> logio_module<\/span>><\/span>\r\n      # You need to enable mod_logio.c to use %I and %O<\/span>\r\n      LogFormat<\/span> \"%h %l %u %t <\/span>\\\"<\/span>%r<\/span>\\\"<\/span> %>s %b <\/span>\\\"<\/span>%<\/span>{<\/span>Referer<\/span>}<\/span>i<\/span>\\\"<\/span> \\\"<\/span>%<\/span>{<\/span>User-Agent<\/span>}<\/span>i<\/span>\\\"<\/span> %I %O\"<\/span> combinedio<\/span>\r\n    <\/<\/span>IfModule<\/span>><\/span>\r\n\r\n    #\r\n    # The location and format of the access logfile (Common Logfile Format).<\/span>\r\n    # If you do not define any access logfiles within a <VirtualHost><\/span>\r\n    # container, they will be logged here.  Contrariwise, if you *do*<\/span>\r\n    # define per-<VirtualHost> access logfiles, transactions will be<\/span>\r\n    # logged therein and *not* in this file.<\/span>\r\n    #\r\n    #CustomLog \"logs\/access_log\" common<\/span>\r\n\r\n    #\r\n    # If you prefer a logfile with access, agent, and referer information<\/span>\r\n    # (Combined Logfile Format) you can use the following directive.<\/span>\r\n    #\r\n    CustomLog \"logs\/access_log\" combined<\/span>\r\n<\/<\/span>IfModule<\/span>><\/span>\r\n\r\n<<\/span>IfModule<\/span> alias_module<\/span>><\/span>\r\n    #\r\n    # Redirect: Allows you to tell clients about documents that used to <\/span>\r\n    # exist in your server's namespace, but do not anymore. The client <\/span>\r\n    # will make a new request for the document at its new location.<\/span>\r\n    # Example:<\/span>\r\n    # Redirect permanent \/foo http:\/\/www.example.com\/bar<\/span>\r\n\r\n    #\r\n    # Alias: Maps web paths into filesystem paths and is used to<\/span>\r\n    # access content that does not live under the DocumentRoot.<\/span>\r\n    # Example:<\/span>\r\n    # Alias \/webpath \/full\/filesystem\/path<\/span>\r\n    #\r\n    # If you include a trailing \/ on \/webpath then the server will<\/span>\r\n    # require it to be present in the URL.  You will also likely<\/span>\r\n    # need to provide a <Directory> section to allow access to<\/span>\r\n    # the filesystem path.<\/span>\r\n\r\n    #\r\n    # ScriptAlias: This controls which directories contain server scripts. <\/span>\r\n    # ScriptAliases are essentially the same as Aliases, except that<\/span>\r\n    # documents in the target directory are treated as applications and<\/span>\r\n    # run by the server when requested rather than as documents sent to the<\/span>\r\n    # client.  The same rules about trailing \"\/\" apply to ScriptAlias<\/span>\r\n    # directives as to Alias.<\/span>\r\n    #\r\n    ScriptAlias \/cgi-bin\/ \"\/home\/www\/public_html\/cgi-bin\/\"<\/span>\r\n\r\n<\/<\/span>IfModule<\/span>><\/span>\r\n\r\n#\r\n# \"\/var\/www\/cgi-bin\" should be changed to whatever your ScriptAliased<\/span>\r\n# CGI directory exists, if you have that configured.<\/span>\r\n#\r\n<\/span>\r\n<<\/span>Directory<\/span> \"\/home\/www\/public_html\/cgi-bin\"<\/span>><\/span>\r\n    AllowOverride<\/span> None<\/span>\r\n    Options<\/span> Indexes<\/span> FollowSymLinks<\/span> ExecCGI<\/span>\r\n    Order<\/span> allow<\/span>,<\/span>deny<\/span>\r\n    Allow<\/span> from<\/span> all<\/span>\r\n<\/<\/span>Directory<\/span>><\/span>\r\n\r\n<<\/span>IfModule<\/span> mime_module<\/span>><\/span>\r\n    #\r\n    # TypesConfig points to the file containing the list of mappings from<\/span>\r\n    # filename extension to MIME-type.<\/span>\r\n    #\r\n    TypesConfig \/etc\/mime.types<\/span>\r\n\r\n    #\r\n    # AddType allows you to add to or override the MIME configuration<\/span>\r\n    # file specified in TypesConfig for specific file types.<\/span>\r\n    #\r\n    #AddType application\/x-gzip .tgz<\/span>\r\n    #\r\n    # AddEncoding allows you to have certain browsers uncompress<\/span>\r\n    # information on the fly. Note: Not all browsers support this.<\/span>\r\n    #\r\n    #AddEncoding x-compress .Z<\/span>\r\n    #AddEncoding x-gzip .gz .tgz<\/span>\r\n    #\r\n    # If the AddEncoding directives above are commented-out, then you<\/span>\r\n    # probably should define those extensions to indicate media types:<\/span>\r\n    #\r\n    AddType application\/x-compress .Z<\/span>\r\n    AddType<\/span> application<\/span>\/<\/span>x<\/span>-<\/span>gzip<\/span> .<\/span>gz<\/span> .<\/span>tgz<\/span>\r\n\r\n    #\r\n    # AddHandler allows you to map certain file extensions to \"handlers\":<\/span>\r\n    # actions unrelated to filetype. These can be either built into the server<\/span>\r\n    # or added with the Action directive (see below)<\/span>\r\n    #\r\n    # To use CGI scripts outside of ScriptAliased directories:<\/span>\r\n    # (You will also need to add \"ExecCGI\" to the \"Options\" directive.)<\/span>\r\n    #\r\n    #AddHandler cgi-script .cgi<\/span>\r\n\r\n    # For type maps (negotiated resources):<\/span>\r\n    #AddHandler type-map var<\/span>\r\n\r\n    #\r\n    # Filters allow you to process content before it is sent to the client.<\/span>\r\n    #\r\n    # To parse .shtml files for server-side includes (SSI):<\/span>\r\n    # (You will also need to add \"Includes\" to the \"Options\" directive.)<\/span>\r\n    #\r\n    AddType text\/html .shtml<\/span>\r\n    AddOutputFilter<\/span> INCLUDES<\/span> .<\/span>shtml<\/span>\r\n<\/<\/span>IfModule<\/span>><\/span>\r\n\r\n#\r\n# Specify a default charset for all content served; this enables<\/span>\r\n# interpretation of all content as UTF-8 by default.  To use the <\/span>\r\n# default browser choice (ISO-8859-1), or to allow the META tags<\/span>\r\n# in HTML content to override this choice, comment out this<\/span>\r\n# directive:<\/span>\r\n#\r\nAddDefaultCharset shift_js<\/span>\r\n\r\n<<\/span>IfModule<\/span> mime_magic_module<\/span>><\/span>\r\n    #\r\n    # The mod_mime_magic module allows the server to use various hints from the<\/span>\r\n    # contents of the file itself to determine its type.  The MIMEMagicFile<\/span>\r\n    # directive tells the module where the hint definitions are located.<\/span>\r\n    #\r\n    MIMEMagicFile conf\/magic<\/span>\r\n<\/<\/span>IfModule<\/span>><\/span>\r\n\r\n#\r\n# Customizable error responses come in three flavors:<\/span>\r\n# 1) plain text 2) local redirects 3) external redirects<\/span>\r\n#\r\n# Some examples:<\/span>\r\n#ErrorDocument 500 \"The server made a boo boo.\"<\/span>\r\n#ErrorDocument 404 \/missing.html<\/span>\r\n#ErrorDocument 404 \"\/cgi-bin\/missing_handler.pl\"<\/span>\r\n#ErrorDocument 402 http:\/\/www.example.com\/subscription_info.html<\/span>\r\n#\r\n<\/span>\r\n#\r\n# EnableMMAP and EnableSendfile: On systems that support it, <\/span>\r\n# memory-mapping or the sendfile syscall may be used to deliver<\/span>\r\n# files.  This usually improves server performance, but must<\/span>\r\n# be turned off when serving from networked-mounted <\/span>\r\n# filesystems or if support for these functions is otherwise<\/span>\r\n# broken on your system.<\/span>\r\n# Defaults if commented: EnableMMAP On, EnableSendfile Off<\/span>\r\n#\r\n#EnableMMAP off<\/span>\r\nEnableSendfile<\/span> on<\/span>\r\n\r\n# Supplemental configuration<\/span>\r\n#\r\n# Load config files in the \"\/etc\/httpd\/conf.d\" directory, if any.<\/span>\r\nIncludeOptional<\/span> conf<\/span>.<\/span>d<\/span>\/*.<\/span>conf<\/span>\r\n<\/code><\/pre>\n
      \u5220\u9664\u4e0d\u5fc5\u8981\u7684\u6587\u4ef6<\/p>\n
      # cd \/etc\/httpd\/conf.d\r\n<\/code><\/pre>\n
      # rm autoindex.conf ; rm welcome.conf\r\n<\/code><\/pre>\n
      \u9009\u62e9\u8981\u5728\u7f51\u4e0a\u516c\u5f00\u7684\u6587\u4ef6<\/p>\n
      # cd \/home\/www\/public_html\r\n<\/code><\/pre>\n
      \u5728\/home\/www\/public_html\u76ee\u5f55\u4e0b\u521b\u5efa\u4e00\u4e2a\u53ef\u5728\u7f51\u4e0a\u516c\u5f00\u7684index.html\u6587\u4ef6\u3002<\/p>\n
      # vi index.html\r\n<\/code><\/pre>\n
      \u5c06\u6743\u9650\u66f4\u6539\u4e3a\u5148\u524d\u521b\u5efa\u7684\u7528\u6237\u548c\u7ec4\u3002<\/p>\n
      # chown www:www index.html\r\n<\/code><\/pre>\n
      \u5728\u9632\u706b\u5899\u4e2d\u6253\u5f0080\u53f7\u7aef\u53e3\u3002<\/p>\n
      # firewall-cmd --add-service=http --permanent\r\n<\/code><\/pre>\n
      # firewall-cmd --reload && firewall-cmd --list-all\r\n<\/code><\/pre>\n
      \u542f\u52a8httpd<\/p>\n
      # systemctl start httpd\r\n<\/code><\/pre>\n
      \u5982\u679c\u8981\u8fdb\u884c\u53e5\u6cd5\u68c0\u67e5<\/p>\n
      # httpd -t\r\n<\/code><\/pre>\n
      \u81ea\u5df1\u8bc1\u660e\u4e66\u5236\u4f5c<\/p>\n
      \u5b89\u88c5mod_ssl\u3002<\/p>\n
      # dnf install mod_ssl\r\n<\/code><\/pre>\n
      \u521b\u5efa\u670d\u52a1\u5668\u79c1\u94a5\u521b\u5efa\u540d\u4e3a\u201cca.key\u201d\u7684\u6587\u4ef6<\/p>\n
      # openssl genrsa -out ca.key 2048\r\nGenerating RSA private key, 2048 bit long modulus (2 primes)\r\n..............................................................................+++++\r\n......................+++++\r\ne is 65537 (0x010001)\r\n<\/code><\/pre>\n
      \u8bf7\u64b0\u5199\u8bc1\u4e66\u53d1\u884c\u8981\u6c42\u4e66\u3002\u521b\u5efa\u4e00\u4e2a\u540d\u4e3a\u201cca.csr\u201d\u7684\u8bc1\u4e66\u7b7e\u53d1\u8bf7\u6c42\uff0c\u5e76\u5411\u8ba4\u8bc1\u673a\u6784\u8981\u6c42\u9881\u53d1\u8bc1\u4e66\u3002\u7531\u4e8e\u8fd9\u662f\u81ea\u7b7e\u540d\u8bc1\u4e66\uff0c\u6240\u4ee5\u5c06\u81ea\u5df1\u4f5c\u4e3a\u7533\u8bf7\u8005\u3002<\/p>\n
      You are about to be asked to enter information that will be incorporated\r\ninto your certificate request.\r\nWhat you are about to enter is what is called a Distinguished Name or a DN.\r\nThere are quite a few fields but you can leave some blank\r\nFor some fields there will be a default value,\r\nIf you enter '.', the field will be left blank.\r\n-----\r\nCountry Name (2 letter code) [XX]:JP\r\nState or Province Name (full name) []:Tokyo\r\nLocality Name (eg, city) [Default City]:Shinjuku\r\nOrganization Name (eg, company) [Default Company Ltd]:        \r\nOrganizational Unit Name (eg, section) []:\r\nCommon Name (eg, your name or your server's hostname) []:root.localhost\r\nEmail Address []:\r\n\r\nPlease enter the following 'extra' attributes\r\nto be sent with your certificate request\r\nA challenge password []:\r\nAn optional company name []:\r\n<\/code><\/pre>\n
      # echo \"subjectAltName=DNS:*.localhost,IP:192.0.2.1\" > san.txt\r\n<\/code><\/pre>\n
      \u521b\u5efa\u670d\u52a1\u5668\u8bc1\u4e66\u8a8d\u8b49\u6a5f\u69cb\uff08\u81ea\u5df1\u70ba\u8a8d\u8b49\u6a5f\u69cb\uff09\u5c0d\u65bc\u8b49\u66f8\u7533\u8acb\u6a94\u9032\u884c\u9a57\u8b49\uff0c\u4e26\u5275\u5efa\u4e86\u670d\u52d9\u5668\u8b49\u66f8\u300cca.crt\u300d\u3002<\/p>\n
      # openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt -extfile san.txt\r\nSignature ok\r\nsubject=C = JP, ST = Tokyo, L = Shinjuku, O = Default Company Ltd, CN = root.localhost\r\nGetting Private key\r\n<\/code><\/pre>\n
      \u81ea\u5df1\u7684\u8457\u540d\u8bc1\u4e66\u8bbe\u7f6e<\/p>\n
      # cp ca.crt \/etc\/pki\/tls\/certs\r\n# cp ca.key \/etc\/pki\/tls\/private\/ca.key\r\n# cp ca.csr \/etc\/pki\/tls\/private\/ca.csr\r\n<\/code><\/pre>\n
      \u7f16\u8f91\/etc\/httpd\/conf.d\/ssl.conf
      \n\u5c06\u670d\u52a1\u5668\u8bc1\u4e66\u201cca.crt\u201d\u653e\u7f6e\u5728SSLCertificateFile\u6307\u4ee4\u4e2d\u3002
      \n\u5c06\u670d\u52a1\u5668\u79c1\u94a5\u201cca.key\u201d\u653e\u7f6e\u5728SSLCertificateKeyFile\u6307\u4ee4\u4e2d\u3002<\/p>\n
      #\r\n# When we also provide SSL we have to listen to the <\/span>\r\n# standard HTTPS port in addition.<\/span>\r\n#\r\nListen 443 https<\/span>\r\n\r\n##<\/span>\r\n##  SSL Global Context<\/span>\r\n##<\/span>\r\n##  All SSL configuration in this context applies both to<\/span>\r\n##  the main server and all SSL-enabled virtual hosts.<\/span>\r\n##<\/span>\r\n\r\n#   Pass Phrase Dialog:<\/span>\r\n#   Configure the pass phrase gathering process.<\/span>\r\n#   The filtering dialog program (`builtin' is a internal<\/span>\r\n#   terminal dialog) has to provide the pass phrase on stdout.<\/span>\r\nSSLPassPhraseDialog<\/span> exec<\/span>:\/<\/span>usr<\/span>\/<\/span>libexec<\/span>\/<\/span>httpd<\/span>-<\/span>ssl<\/span>-<\/span>pass<\/span>-<\/span>dialog<\/span>\r\n\r\n#   Inter-Process Session Cache:<\/span>\r\n#   Configure the SSL Session Cache: First the mechanism <\/span>\r\n#   to use and second the expiring timeout (in seconds).<\/span>\r\nSSLSessionCache<\/span>         shmcb<\/span>:\/<\/span>run<\/span>\/<\/span>httpd<\/span>\/<\/span>sslcache<\/span>(<\/span>512000<\/span>)<\/span>\r\nSSLSessionCacheTimeout<\/span>  300<\/span>\r\n\r\n#\r\n# Use \"SSLCryptoDevice\" to enable any supported hardware<\/span>\r\n# accelerators. Use \"openssl engine -v\" to list supported<\/span>\r\n# engine names.  NOTE: If you enable an accelerator and the<\/span>\r\n# server does not start, consult the error logs and ensure<\/span>\r\n# your accelerator is functioning properly. <\/span>\r\n#\r\nSSLCryptoDevice builtin<\/span>\r\n#SSLCryptoDevice ubsec<\/span>\r\n\r\n##<\/span>\r\n## SSL Virtual Host Context<\/span>\r\n##<\/span>\r\n\r\n<<\/span>VirtualHost<\/span> _default_<\/span>:<\/span>443<\/span>><\/span>\r\n\r\n# General setup for the virtual host, inherited from global configuration<\/span>\r\n#DocumentRoot \"\/var\/www\/html\"<\/span>\r\n#ServerName www.example.com:443<\/span>\r\n\r\n# Use separate log files for the SSL virtual host; note that LogLevel<\/span>\r\n# is not inherited from httpd.conf.<\/span>\r\nErrorLog<\/span> logs<\/span>\/<\/span>ssl_error_log<\/span>\r\nTransferLog<\/span> logs<\/span>\/<\/span>ssl_access_log<\/span>\r\nLogLevel<\/span> warn<\/span>\r\n\r\n#   SSL Engine Switch:<\/span>\r\n#   Enable\/Disable SSL for this virtual host.<\/span>\r\nSSLEngine<\/span> on<\/span>\r\n\r\n#   List the protocol versions which clients are allowed to connect with.<\/span>\r\n#   The OpenSSL system profile is used by default.  See<\/span>\r\n#   update-crypto-policies(8) for more details.<\/span>\r\n#SSLProtocol all -SSLv3<\/span>\r\n#SSLProxyProtocol all -SSLv3<\/span>\r\n\r\n#   User agents such as web browsers are not configured for the user's<\/span>\r\n#   own preference of either security or performance, therefore this<\/span>\r\n#   must be the prerogative of the web server administrator who manages<\/span>\r\n#   cpu load versus confidentiality, so enforce the server's cipher order.<\/span>\r\nSSLHonorCipherOrder<\/span> on<\/span>\r\n\r\n#   SSL Cipher Suite:<\/span>\r\n#   List the ciphers that the client is permitted to negotiate.<\/span>\r\n#   See the mod_ssl documentation for a complete list.<\/span>\r\n#   The OpenSSL system profile is configured by default.  See<\/span>\r\n#   update-crypto-policies(8) for more details.<\/span>\r\nSSLCipherSuite<\/span> PROFILE<\/span>=<\/span>SYSTEM<\/span>\r\nSSLProxyCipherSuite<\/span> PROFILE<\/span>=<\/span>SYSTEM<\/span>\r\n\r\n#   Point SSLCertificateFile at a PEM encoded certificate.  If<\/span>\r\n#   the certificate is encrypted, then you will be prompted for a<\/span>\r\n#   pass phrase.  Note that restarting httpd will prompt again.  Keep<\/span>\r\n#   in mind that if you have both an RSA and a DSA certificate you<\/span>\r\n#   can configure both in parallel (to also allow the use of DSA<\/span>\r\n#   ciphers, etc.)<\/span>\r\n#   Some ECC cipher suites (http:\/\/www.ietf.org\/rfc\/rfc4492.txt)<\/span>\r\n#   require an ECC certificate which can also be configured in<\/span>\r\n#   parallel.<\/span>\r\nSSLCertificateFile<\/span> \/<\/span>etc<\/span>\/<\/span>pki<\/span>\/<\/span>tls<\/span>\/<\/span>certs<\/span>\/<\/span>ca<\/span>.<\/span>crt<\/span>\r\n\r\n#   Server Private Key:<\/span>\r\n#   If the key is not combined with the certificate, use this<\/span>\r\n#   directive to point at the key file.  Keep in mind that if<\/span>\r\n#   you've both a RSA and a DSA private key you can configure<\/span>\r\n#   both in parallel (to also allow the use of DSA ciphers, etc.)<\/span>\r\n#   ECC keys, when in use, can also be configured in parallel<\/span>\r\nSSLCertificateKeyFile<\/span> \/<\/span>etc<\/span>\/<\/span>pki<\/span>\/<\/span>tls<\/span>\/<\/span>private<\/span>\/<\/span>ca<\/span>.<\/span>key<\/span>\r\n\r\n#   Server Certificate Chain:<\/span>\r\n#   Point SSLCertificateChainFile at a file containing the<\/span>\r\n#   concatenation of PEM encoded CA certificates which form the<\/span>\r\n#   certificate chain for the server certificate. Alternatively<\/span>\r\n#   the referenced file can be the same as SSLCertificateFile<\/span>\r\n#   when the CA certificates are directly appended to the server<\/span>\r\n#   certificate for convenience.<\/span>\r\n#SSLCertificateChainFile \/etc\/pki\/tls\/certs\/server-chain.crt<\/span>\r\n\r\n#   Certificate Authority (CA):<\/span>\r\n#   Set the CA certificate verification path where to find CA<\/span>\r\n#   certificates for client authentication or alternatively one<\/span>\r\n#   huge file containing all of them (file must be PEM encoded)<\/span>\r\n#SSLCACertificateFile \/etc\/pki\/tls\/certs\/ca-bundle.crt<\/span>\r\n\r\n#   Client Authentication (Type):<\/span>\r\n#   Client certificate verification type and depth.  Types are<\/span>\r\n#   none, optional, require and optional_no_ca.  Depth is a<\/span>\r\n#   number which specifies how deeply to verify the certificate<\/span>\r\n#   issuer chain before deciding the certificate is not valid.<\/span>\r\n#SSLVerifyClient require<\/span>\r\n#SSLVerifyDepth  10<\/span>\r\n\r\n#   Access Control:<\/span>\r\n#   With SSLRequire you can do per-directory access control based<\/span>\r\n#   on arbitrary complex boolean expressions containing server<\/span>\r\n#   variable checks and other lookup directives.  The syntax is a<\/span>\r\n#   mixture between C and Perl.  See the mod_ssl documentation<\/span>\r\n#   for more details.<\/span>\r\n#<Location \/><\/span>\r\n#SSLRequire (    %{SSL_CIPHER} !~ m\/^(EXP|NULL)\/ \\<\/span>\r\n#            and %{SSL_CLIENT_S_DN_O} eq \"Snake Oil, Ltd.\" \\<\/span>\r\n#            and %{SSL_CLIENT_S_DN_OU} in {\"Staff\", \"CA\", \"Dev\"} \\<\/span>\r\n#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \\<\/span>\r\n#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \\<\/span>\r\n#           or %{REMOTE_ADDR} =~ m\/^192\\.76\\.162\\.[0-9]+$\/<\/span>\r\n#<\/Location><\/span>\r\n\r\n#   SSL Engine Options:<\/span>\r\n#   Set various options for the SSL engine.<\/span>\r\n#   o FakeBasicAuth:<\/span>\r\n#     Translate the client X.509 into a Basic Authorisation.  This means that<\/span>\r\n#     the standard Auth\/DBMAuth methods can be used for access control.  The<\/span>\r\n#     user name is the `one line' version of the client's X.509 certificate.<\/span>\r\n#     Note that no password is obtained from the user. Every entry in the user<\/span>\r\n#     file needs this password: `xxj31ZMTZzkVA'.<\/span>\r\n#   o ExportCertData:<\/span>\r\n#     This exports two additional environment variables: SSL_CLIENT_CERT and<\/span>\r\n#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the<\/span>\r\n#     server (always existing) and the client (only existing when client<\/span>\r\n#     authentication is used). This can be used to import the certificates<\/span>\r\n#     into CGI scripts.<\/span>\r\n#   o StdEnvVars:<\/span>\r\n#     This exports the standard SSL\/TLS related `SSL_*' environment variables.<\/span>\r\n#     Per default this exportation is switched off for performance reasons,<\/span>\r\n#     because the extraction step is an expensive operation and is usually<\/span>\r\n#     useless for serving static content. So one usually enables the<\/span>\r\n#     exportation for CGI and SSI requests only.<\/span>\r\n#   o StrictRequire:<\/span>\r\n#     This denies access when \"SSLRequireSSL\" or \"SSLRequire\" applied even<\/span>\r\n#     under a \"Satisfy any\" situation, i.e. when it applies access is denied<\/span>\r\n#     and no other module can change it.<\/span>\r\n#   o OptRenegotiate:<\/span>\r\n#     This enables optimized SSL connection renegotiation handling when SSL<\/span>\r\n#     directives are used in per-directory context. <\/span>\r\n#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire<\/span>\r\n<<\/span>FilesMatch<\/span> \"\\.(cgi|shtml|phtml|php)$\"<\/span>><\/span>\r\n    SSLOptions<\/span> +<\/span>StdEnvVars<\/span>\r\n<\/<\/span>FilesMatch<\/span>><\/span>\r\n<<\/span>Directory<\/span> \"\/var\/www\/cgi-bin\"<\/span>><\/span>\r\n    SSLOptions<\/span> +<\/span>StdEnvVars<\/span>\r\n<\/<\/span>Directory<\/span>><\/span>\r\n\r\n#   SSL Protocol Adjustments:<\/span>\r\n#   The safe and default but still SSL\/TLS standard compliant shutdown<\/span>\r\n#   approach is that mod_ssl sends the close notify alert but doesn't wait for<\/span>\r\n#   the close notify alert from client. When you need a different shutdown<\/span>\r\n#   approach you can use one of the following variables:<\/span>\r\n#   o ssl-unclean-shutdown:<\/span>\r\n#     This forces an unclean shutdown when the connection is closed, i.e. no<\/span>\r\n#     SSL close notify alert is sent or allowed to be received.  This violates<\/span>\r\n#     the SSL\/TLS standard but is needed for some brain-dead browsers. Use<\/span>\r\n#     this when you receive I\/O errors because of the standard approach where<\/span>\r\n#     mod_ssl sends the close notify alert.<\/span>\r\n#   o ssl-accurate-shutdown:<\/span>\r\n#     This forces an accurate shutdown when the connection is closed, i.e. a<\/span>\r\n#     SSL close notify alert is sent and mod_ssl waits for the close notify<\/span>\r\n#     alert of the client. This is 100% SSL\/TLS standard compliant, but in<\/span>\r\n#     practice often causes hanging connections with brain-dead browsers. Use<\/span>\r\n#     this only for browsers where you know that their SSL implementation<\/span>\r\n#     works correctly. <\/span>\r\n#   Notice: Most problems of broken clients are also related to the HTTP<\/span>\r\n#   keep-alive facility, so you usually additionally want to disable<\/span>\r\n#   keep-alive for those clients, too. Use variable \"nokeepalive\" for this.<\/span>\r\n#   Similarly, one has to force some clients to use HTTP\/1.0 to workaround<\/span>\r\n#   their broken HTTP\/1.1 implementation. Use variables \"downgrade-1.0\" and<\/span>\r\n#   \"force-response-1.0\" for this.<\/span>\r\nBrowserMatch<\/span> \"MSIE [2-5]\"<\/span> \\<\/span>\r\n         nokeepalive<\/span> ssl<\/span>-<\/span>unclean<\/span>-<\/span>shutdown<\/span> \\<\/span>\r\n         downgrade<\/span>-<\/span>1.0<\/span> force<\/span>-<\/span>response<\/span>-<\/span>1.0<\/span>\r\n\r\n#   Per-Server Logging:<\/span>\r\n#   The home of a custom SSL log file. Use this when you want a<\/span>\r\n#   compact non-error SSL logfile on a virtual host basis.<\/span>\r\nCustomLog<\/span> logs<\/span>\/<\/span>ssl_request_log<\/span> \\<\/span>\r\n          \"%t %h %<\/span>{<\/span>SSL_PROTOCOL<\/span>}<\/span>x %<\/span>{<\/span>SSL_CIPHER<\/span>}<\/span>x <\/span>\\\"<\/span>%r<\/span>\\\"<\/span> %b\"<\/span>\r\n\r\n<\/<\/span>VirtualHost<\/span>><\/span>\r\n<\/code><\/pre>\n
      \u91cd\u65b0\u542f\u52a8httpd<\/p>\n
      # systemctl restart httpd\r\n<\/code><\/pre>\n
      \u6253\u5f00\u9632\u706b\u5899\u7684443\u7aef\u53e3\u3002\u68c0\u67e5\u670d\u52a1\u72b6\u6001\u3002<\/p>\n
      # firewall-cmd --list-all\r\npublic (active)\r\n  target: default\r\n  icmp-block-inversion: no\r\n  interfaces: ens192\r\n  sources: \r\n  services: cockpit dhcpv6-client dns http ssh\r\n  ports: 3389\/tcp\r\n  protocols: \r\n  forward: no\r\n  masquerade: no\r\n  forward-ports: \r\n  source-ports: \r\n  icmp-blocks: \r\n  rich rules: \r\n<\/code><\/pre>\n
      \u9ed8\u8ba4\u533a\u57df\u9a8c\u8bc1\u3002<\/p>\n
      # firewall-cmd --get-default-zone\r\npublic\r\n<\/code><\/pre>\n
      # firewall-cmd --add-service=https --permanent\r\nsuccess\r\n# firewall-cmd --reload && firewall-cmd --list-all\r\nsuccess\r\npublic (active)\r\n  target: default\r\n  icmp-block-inversion: no\r\n  interfaces: ens192\r\n  sources: \r\n  services: cockpit dhcpv6-client dns http https ssh\r\n  ports: 3389\/tcp\r\n  protocols: \r\n  forward: no\r\n  masquerade: no\r\n  forward-ports: \r\n  source-ports: \r\n  icmp-blocks: \r\n  rich rules:\r\n<\/code><\/pre>\n
      \u786e\u8ba4\u901a\u4fe1<\/p>\n
      \"web_Server@test.PNG\"<\/p>\n","protected":false},"excerpt":{"rendered":"
      \u5efa\u7acb\u7f51\u9875\u670d\u52a1\u5668 \u73af\u5883\u4fe1\u606fCentOS-8.5.2111 \u7684\u542b\u4e49\u662f\u4ec0\u4e48\uff1f \u30d1\u30c3\u30b1\u30fc\u30b8\u540d\u30d0\u30fc\u30b8\u30e7\u30f3httpd2.4 […]<\/p>\n","protected":false},"author":12,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[227],"class_list":["post-28547","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-227"],"yoast_head":"\n\u5f9eCentOS_WebServer\u69cb\u5efa\u5230HTTPS\u9023\u63a5 - Blog - Silicon Cloud<\/title>\n<meta name=\"description\" content=\"\u5173\u4e8e\u5f9eCentOS_WebServer\u69cb\u5efa\u5230HTTPS\u9023\u63a5\u7684\u6280\u672f\u6587\u7ae0\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/zh\/blog\/\u5f9ecentos_webserver\u69cb\u5efa\u5230https\u9023\u63a5-2\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u5f9eCentOS_WebServer\u69cb\u5efa\u5230HTTPS\u9023\u63a5\" \/>\n<meta property=\"og:description\" content=\"\u5173\u4e8e\u5f9eCentOS_WebServer\u69cb\u5efa\u5230HTTPS\u9023\u63a5\u7684\u6280\u672f\u6587\u7ae0\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/zh\/blog\/\u5f9ecentos_webserver\u69cb\u5efa\u5230https\u9023\u63a5-2\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-10T19:13:32+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-08-12T00:47:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657c237cd0c9c81e0f5c58d7\/63-0.png\" \/>\n<meta name=\"author\" content=\"\u9038, \u79d1\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u9038, \u79d1\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%be%9ecentos_webserver%e6%a7%8b%e5%bb%ba%e5%88%b0https%e9%80%a3%e6%8e%a5-2\/\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%be%9ecentos_webserver%e6%a7%8b%e5%bb%ba%e5%88%b0https%e9%80%a3%e6%8e%a5-2\/\",\"name\":\"\u5f9eCentOS_WebServer\u69cb\u5efa\u5230HTTPS\u9023\u63a5 - Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\"},\"datePublished\":\"2024-01-10T19:13:32+00:00\",\"dateModified\":\"2025-08-12T00:47:19+00:00\",\"author\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/85c1dae56e6ea1e695c73d33c684d487\"},\"description\":\"\u5173\u4e8e\u5f9eCentOS_WebServer\u69cb\u5efa\u5230HTTPS\u9023\u63a5\u7684\u6280\u672f\u6587\u7ae0\",\"breadcrumb\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%be%9ecentos_webserver%e6%a7%8b%e5%bb%ba%e5%88%b0https%e9%80%a3%e6%8e%a5-2\/#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%be%9ecentos_webserver%e6%a7%8b%e5%bb%ba%e5%88%b0https%e9%80%a3%e6%8e%a5-2\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%be%9ecentos_webserver%e6%a7%8b%e5%bb%ba%e5%88%b0https%e9%80%a3%e6%8e%a5-2\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.silicloud.com\/zh\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u5f9eCentOS_WebServer\u69cb\u5efa\u5230HTTPS\u9023\u63a5\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/\",\"name\":\"Blog - Silicon Cloud\",\"description\":\"\",\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/85c1dae56e6ea1e695c73d33c684d487\",\"name\":\"\u9038, \u79d1\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c94f6d9cbbfbca863fab309840bd690c153c95f8490c290ad2ed54dd693dad16?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c94f6d9cbbfbca863fab309840bd690c153c95f8490c290ad2ed54dd693dad16?s=96&d=mm&r=g\",\"caption\":\"\u9038, \u79d1\"},\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/author\/keyi\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%be%9ecentos_webserver%e6%a7%8b%e5%bb%ba%e5%88%b0https%e9%80%a3%e6%8e%a5-2\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Blog - Silicon Cloud\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u5f9eCentOS_WebServer\u69cb\u5efa\u5230HTTPS\u9023\u63a5 - Blog - Silicon Cloud","description":"\u5173\u4e8e\u5f9eCentOS_WebServer\u69cb\u5efa\u5230HTTPS\u9023\u63a5\u7684\u6280\u672f\u6587\u7ae0","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/zh\/blog\/\u5f9ecentos_webserver\u69cb\u5efa\u5230https\u9023\u63a5-2\/","og_locale":"zh_CN","og_type":"article","og_title":"\u5f9eCentOS_WebServer\u69cb\u5efa\u5230HTTPS\u9023\u63a5","og_description":"\u5173\u4e8e\u5f9eCentOS_WebServer\u69cb\u5efa\u5230HTTPS\u9023\u63a5\u7684\u6280\u672f\u6587\u7ae0","og_url":"https:\/\/www.silicloud.com\/zh\/blog\/\u5f9ecentos_webserver\u69cb\u5efa\u5230https\u9023\u63a5-2\/","og_site_name":"Blog - Silicon Cloud","article_published_time":"2024-01-10T19:13:32+00:00","article_modified_time":"2025-08-12T00:47:19+00:00","og_image":[{"url":"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657c237cd0c9c81e0f5c58d7\/63-0.png"}],"author":"\u9038, \u79d1","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"\u9038, \u79d1","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"1 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%be%9ecentos_webserver%e6%a7%8b%e5%bb%ba%e5%88%b0https%e9%80%a3%e6%8e%a5-2\/","url":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%be%9ecentos_webserver%e6%a7%8b%e5%bb%ba%e5%88%b0https%e9%80%a3%e6%8e%a5-2\/","name":"\u5f9eCentOS_WebServer\u69cb\u5efa\u5230HTTPS\u9023\u63a5 - Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website"},"datePublished":"2024-01-10T19:13:32+00:00","dateModified":"2025-08-12T00:47:19+00:00","author":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/85c1dae56e6ea1e695c73d33c684d487"},"description":"\u5173\u4e8e\u5f9eCentOS_WebServer\u69cb\u5efa\u5230HTTPS\u9023\u63a5\u7684\u6280\u672f\u6587\u7ae0","breadcrumb":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%be%9ecentos_webserver%e6%a7%8b%e5%bb%ba%e5%88%b0https%e9%80%a3%e6%8e%a5-2\/#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/zh\/blog\/%e5%be%9ecentos_webserver%e6%a7%8b%e5%bb%ba%e5%88%b0https%e9%80%a3%e6%8e%a5-2\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%be%9ecentos_webserver%e6%a7%8b%e5%bb%ba%e5%88%b0https%e9%80%a3%e6%8e%a5-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.silicloud.com\/zh\/blog\/"},{"@type":"ListItem","position":2,"name":"\u5f9eCentOS_WebServer\u69cb\u5efa\u5230HTTPS\u9023\u63a5"}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website","url":"https:\/\/www.silicloud.com\/zh\/blog\/","name":"Blog - Silicon Cloud","description":"","inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/85c1dae56e6ea1e695c73d33c684d487","name":"\u9038, \u79d1","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/c94f6d9cbbfbca863fab309840bd690c153c95f8490c290ad2ed54dd693dad16?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c94f6d9cbbfbca863fab309840bd690c153c95f8490c290ad2ed54dd693dad16?s=96&d=mm&r=g","caption":"\u9038, \u79d1"},"url":"https:\/\/www.silicloud.com\/zh\/blog\/author\/keyi\/"},{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%be%9ecentos_webserver%e6%a7%8b%e5%bb%ba%e5%88%b0https%e9%80%a3%e6%8e%a5-2\/#local-main-organization-logo","url":"","contentUrl":"","caption":"Blog - Silicon Cloud"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/28547","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/comments?post=28547"}],"version-history":[{"count":3,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/28547\/revisions"}],"predecessor-version":[{"id":111347,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/28547\/revisions\/111347"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/media?parent=28547"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/categories?post=28547"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/tags?post=28547"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}