for SSL keys: mkdir -p /etc/httpd/ssl/private chmod 700 /etc/httpd/ssl/private Create SSL certificate: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/private/apache-selfsigned ned.key -out /etc/httpd/ssl/apache-selfsigned.crt Fill out the prompts appropriately. The most important line is the one that requests the Common Name. You need to enter the domain name that you want configuration: /etc/httpd/conf.d/ssl.conf DocumentRoot "/usr/share/zabbix" ServerName example.com:443 SSLCertificateFile /etc/httpd/ssl/apache-selfsigned.crt SSLCertificateKeyFile /etc/httpd/ssl/private/apache-selfsigned

for SSL keys: mkdir -p /etc/httpd/ssl/private chmod 700 /etc/httpd/ssl/private Create SSL certificate: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/private/apache-selfsigned ned.key -out /etc/httpd/ssl/apache-selfsigned.crt Fill out the prompts appropriately. The most important line is the one that requests the Common Name. You need to enter the domain name that you want configuration: /etc/httpd/conf.d/ssl.conf DocumentRoot "/usr/share/zabbix" ServerName example.com:443 SSLCertificateFile /etc/httpd/ssl/apache-selfsigned.crt SSLCertificateKeyFile /etc/httpd/ssl/private/apache-selfsigned

for SSL keys: mkdir -p /etc/httpd/ssl/private chmod 700 /etc/httpd/ssl/private Create SSL certificate: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/private/apache-selfsigned ned.key -out /etc/httpd/ssl/apache-selfsigned.crt Fill out the prompts appropriately. The most important line is the one that requests the Common Name. You need to enter the domain name that you want configuration: /etc/httpd/conf.d/ssl.conf DocumentRoot "/usr/share/zabbix" ServerName example.com:443 SSLCertificateFile /etc/httpd/ssl/apache-selfsigned.crt SSLCertificateKeyFile /etc/httpd/ssl/private/apache-selfsigned

for SSL keys: mkdir -p /etc/httpd/ssl/private chmod 700 /etc/httpd/ssl/private Create SSL certificate: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/private/apache-selfsigned ned.key -out /etc/httpd/ssl/apache-selfsigned.crt 44 Fill out the prompts appropriately. The most important line is the one that requests the Common Name. You need to enter the domain name that you configuration: /etc/httpd/conf.d/ssl.conf DocumentRoot "/usr/share/zabbix" ServerName example.com:443 SSLCertificateFile /etc/httpd/ssl/apache-selfsigned.crt SSLCertificateKeyFile /etc/httpd/ssl/private/apache-selfsigned

for SSL keys: mkdir -p /etc/httpd/ssl/private chmod 700 /etc/httpd/ssl/private Create SSL certificate: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/private/apache-selfsigned ned.key -out /etc/httpd/ssl/apache-selfsigned.crt Fill out the prompts appropriately. The most important line is the one that requests the Common Name. You need to enter the domain name that you want configuration: /etc/httpd/conf.d/ssl.conf DocumentRoot "/usr/share/zabbix" ServerName example.com:443 SSLCertificateFile /etc/httpd/ssl/apache-selfsigned.crt SSLCertificateKeyFile /etc/httpd/ssl/private/apache-selfsigned

for SSL keys: mkdir -p /etc/httpd/ssl/private chmod 700 /etc/httpd/ssl/private Create SSL certificate: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/private/apache-selfsigned ned.key -out /etc/httpd/ssl/apache-selfsigned.crt Fill out the prompts appropriately. The most important line is the one that requests the Common Name. You need to enter the domain name that you want configuration: /etc/httpd/conf.d/ssl.conf DocumentRoot "/usr/share/zabbix" ServerName example.com:443 SSLCertificateFile /etc/httpd/ssl/apache-selfsigned.crt SSLCertificateKeyFile /etc/httpd/ssl/private/apache-selfsigned

RHEL/Centos, install mod_ssl package: yum install mod_ssl Create directory for SSL keys: mkdir /etc/httpd/ssl Add settings for SSL setup: Country Name (2 letter code) [XX]: State or Province Name (full configuration: /etc/httpd/conf.d/ssl.conf DocumentRoot "/usr/share/zabbix" ServerName localhost:443 SSLCertificateFile /etc/httpd/ssl/apache.crt SSLCertificateKeyFile /etc/httpd/ssl/apache.key Restart Restart the Apache service to apply the changes: systemctl restart httpd.service Enabling Zabbix on root directory of URL Add a virtual host to Apache configuration and set permanent redirect for document

-p /etc/httpd/ssl/private chmod 700 /etc/httpd/ssl/private 创建 SSL 证书： openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/private/apache-selfsigned.key -out /etc/httpd/ssl/apache-selfsigned SSL 配置： /etc/httpd/conf.d/ssl.conf DocumentRoot "/usr/share/zabbix" ServerName example.com:443 SSLCertificateFile /etc/httpd/ssl/apache-selfsigned.crt SSLCertificateKeyFile /etc/httpd/ssl/private/apache-selfsigned systemctl restart httpd.service Web server hardening 在 URL 的根目录上启用 Zabbix 将虚拟主机添加到 Apache 配置，并将文档根目录的永久重定向设置为 Zabbix SSL URL。不要忘记将 example.com 替换为服务器的实际 名称。 /etc/httpd/conf/httpd.conf #Add lines

SSL keys: mkdir -p /etc/httpd/ssl/private chmod 700 /etc/httpd/ssl/private Create the SSL certificate: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/private/apache-selfsigned igned.key -out /etc/httpd/ssl/apache-selfsigned.crt Fill out the prompts appropriately. The most important line is the one that requests the Common Name. You need to enter the domain name that you want configuration file (/etc/httpd/conf.d/ssl.conf): DocumentRoot "/usr/share/zabbix" ServerName example.com:443 SSLCertificateFile /etc/httpd/ssl/apache-selfsigned.crt SSLCertificateKeyFile /etc/httpd/ssl/private/apache-selfsigned

SSL keys: mkdir -p /etc/httpd/ssl/private chmod 700 /etc/httpd/ssl/private Create the SSL certificate: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/private/apache-selfsigned igned.key -out /etc/httpd/ssl/apache-selfsigned.crt Fill out the prompts appropriately. The most important line is the one that requests the Common Name. You need to enter the domain name that you want configuration file (/etc/httpd/conf.d/ssl.conf): DocumentRoot "/usr/share/zabbix" ServerName example.com:443 SSLCertificateFile /etc/httpd/ssl/apache-selfsigned.crt SSLCertificateKeyFile /etc/httpd/ssl/private/apache-selfsigned