注释:触发器的表达式要用到监控项中的键值。
######
被监控主机配置SSL
笺注:
以下生成一对自定义的SSL证书,方法与生成的证书,在Apache和Nginx是通用的。
安装Apache服务:
[root@oracle-linux6 ~]# yum -y install httpd*
启动Apache:
[root@oracle-linux6 ~]# service httpd start
[root@oracle-linux6 ~]# chkconfig --level 35 httpd on
[root@oracle-linux6 ~]# cd /etc/httpd/conf/
[root@oracle-linux6 conf]# openssl genrsa -des3 -out tmp.key
Generating RSA private key, 1024 bit long modulus
.....++++++
...................++++++
e is 65537 (0x10001)
Enter pass phrase for tmp.key: #输入自定义的密码
Verifying - Enter pass phrase for tmp.key: #重复输入自定义的密码
把tmp.key转换成zhuohua.key:
[root@oracle-linux6 conf]# openssl rsa -in tmp.key -out zhuohua.key
Enter pass phrase for tmp.key: #输入自定义的密码
writing RSA key
[root@oracle-linux6 conf]# rm -rf tmp.key
生成CSR文件:
[root@oracle-linux6 conf]# openssl req -new -key zhuohua.key -out zhuohua.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:zhuohua
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:
生成CRT证书文件:
[root@oracle-linux6 conf]# openssl x509 -req -days 365 -in zhuohua.csr -signkey zhuohua.key -out zhuohua.crt
Signature ok
subject=/C=XX/L=Default City/O=Default Company Ltd/CN=zhuohua
Getting Private key
密钥对生成了:
[root@oracle-linux6 conf]# pwd
/etc/httpd/conf
[root@oracle-linux6 conf]# ll zhuohua.*
-rw-r--r--. 1 root root 798 8月 12 06:37 zhuohua.crt
-rw-r--r--. 1 root root 655 8月 12 06:34 zhuohua.csr
-rw-r--r--. 1 root root 887 8月 12 06:32 zhuohua.key
防火墙配置:(打开TCP 443)
iptables -I INPUT -p tcp --dport 443 -j ACCEPT
iptables-save > /etc/sysconfig/iptables
需要安装openssl和Apache的SSL模块:
[root@oracle-linux6 ~]# yum -y install openssl mod_ssl
可以了:
[root@oracle-linux6 ~]# find / -name "*ssl.conf"
/etc/httpd/conf.d/ssl.conf
修改Apache的配置文件:(Apache的默认网站使用SSL)
[root@oracle-linux6 ~]# vi /etc/httpd/conf/httpd.conf
#ServerName www.example.com:80
修改为:
ServerName www.example.com:443
添加以下代码:
SSLEngine on
SSLCertificateFile /etc/httpd/conf/zhuohua.crt
SSLCertificateKeyFile /etc/httpd/conf/zhuohua.key
效果如下图: