Zabbix-Web启用安全链接ssl
前端设置
- 安装mod_ssl
sudo yum install mod_ssl -y - 创建ssl-keys
# mkdir for private keysudo mkdir -p /etc/httpd/ssl/private# change mod 700sudo chmod 700 /etc/httpd/ssl/private# create ssl keyopenssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/private/zabbix-web.key -out /etc/httpd/ssl/zabbix-web.crt复制代码
- 配置Apache ssl
cd /etc/httpd/conf.d/ && sudo cp ssl.conf ssl.conf.oldsudo vi ssl.conf# change SSLCertificateFile /etc/httpd/ssl/zabbix-web.crtSSLCertificateKeyFile /etc/httpd/ssl/private/zabbix-web.key# restart apache servicesudo systemctl restart httpd复制代码
启用ssl
cd /etc/httpd/conf && sudo cp httpd.conf httpd.conf.old# add replace server_address use your server_nameServerName server_address Redirect permanent / http://server_address # restart apache servicesudo systemctl restart httpd复制代码
禁用显示Web服务器信息
sudo vi /etc/httpd/conf/httpd.conf# addServerSignature OffServerTokens Prod复制代码
添加防火墙策略
如果启用了防火墙,还需要同时开放80和443端口号 firewall-cmd --zone=public --add-rich-rule='rule family=ipv4 source address=192.168.0.1/24 port port=443 protocol=tcp accept' --permanent
使用https打开web
我们使用的是自己创建的密钥和证书,未经过证书机构,打开的时候会提示Your connection is not private,点击继续访问即可