Zabbix-Web啟用安全鏈接ssl

前端設(shè)置

1. 安裝mod_ssl
   sudo yum install mod_ssl -y
2. 創(chuàng)建ssl-keys

# mkdir for private key
sudo mkdir -p /etc/httpd/ssl/private
# change mod 700
sudo chmod 700 /etc/httpd/ssl/private
# create ssl key
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/private/zabbix-web.key -out /etc/httpd/ssl/zabbix-web.crt

3. 配置Apache ssl

cd /etc/httpd/conf.d/ && sudo cp ssl.conf ssl.conf.old
sudo vi ssl.conf
# change 
SSLCertificateFile /etc/httpd/ssl/zabbix-web.crt
SSLCertificateKeyFile /etc/httpd/ssl/private/zabbix-web.key
# restart apache service
sudo systemctl restart httpd

啟用ssl

cd /etc/httpd/conf && sudo cp httpd.conf httpd.conf.old
# add replace server_address use your server_name
<VirtualHost *:*>
    ServerName server_address
    Redirect permanent / http://server_address
</VirtualHost>
# restart apache service
sudo systemctl restart httpd

禁用顯示W(wǎng)eb服務(wù)器信息

sudo vi /etc/httpd/conf/httpd.conf
# add
ServerSignature Off
ServerTokens Prod

添加防火墻策略

如果啟用了防火墻，還需要同時(shí)開放80和443端口號(hào)
firewall-cmd --zone=public --add-rich-rule='rule family=ipv4 source address=192.168.0.1/24 port port=443 protocol=tcp accept' --permanent

使用https打開web

我們使用的是自己創(chuàng)建的密鑰和證書，未經(jīng)過證書機(jī)構(gòu)，打開的時(shí)候會(huì)提示Your connection is not private,點(diǎn)擊繼續(xù)訪問即可

tip_unsafe

ssl_web