web網站服務:
Apache著名的開源Web服務軟件,由ASF自由軟件基金負責維護操作
官方站點:http://httpd.apache.org/
http://www.netcraft.com/ 對各種Web軟件的市場份額做了詳細的統計
實驗需求:
1、建立httpd服務,要求:
(1) 提供兩個基於名稱的虛擬主機www1, www2;有單獨的錯誤日誌和訪問日誌
(2) 通過www1的/server-status提供狀態信息,且僅允許tom用戶訪問
(3) www2不允許192.168.0.0/24網絡中任意主機訪問
2、爲上面的第2個虛擬主機提供https服務
實驗環境:
Web Server: CentOS 6.7x86_64 IP:172.16.251.164
httpd-2.2.15-45.el6.centos.x86_64
客戶端:CentOS 7.2x86_64 IP:172.16.251.138
實驗準備:
[root@www ~]# iptables –F //關閉防火牆
[root@www ~]# setenforce 0 //關閉SeLinux
安裝httpd:
[root@www ~]# yum -y install httpd
[root@www ~]# rpm -qc httpd //查看安裝httpd生成的配置文件
/etc/httpd/conf.d/welcome.conf
/etc/httpd/conf/httpd.conf
/etc/httpd/conf/magic
/etc/logrotate.d/httpd
/etc/sysconfig/htcacheclean
/etc/sysconfig/httpd
[root@www ~]# service httpd start
[root@www ~]# ss –tnl
LISTEN 0 128 :::80
主配置文件:
[root@www conf]# cp -p httpd.confhttpd.conf.bak
[root@www httpd]# vim/etc/httpd/conf/httpd.conf
NameVirtualHost 172.16.251.164:80 //啓用虛擬主機
創建虛擬主機www1配置文件:
[root@www ~]# vim /etc/httpd/conf.d/v1.conf
<VirtualHost 172.16.251.164:80>
DocumentRoot /var/www/virt1
ServerNamewww1.a.com
ErrorLog logs/www1-error_log
CustomLog logs/www1-access_log combined
<Location /server-status>
SetHandler server-status
AuthType basic
AuthName "Fortom"
AuthUserFile"/etc/httpd/conf/.htpasswd"
Require user tom
</Location>
</VirtualHost>
創建虛擬主機www2配置文件:
[root@www ~]# vim /etc/httpd/conf.d/v2.conf
<VirtualHost 172.16.251.164:80>
DocumentRoot /var/www/virt2
ServerNamewww2.a.com
ErrorLog logs/www2-error_log
CustomLog logs/www2-access_log combined
<Directory"/var/www/virt2">
Options None
AllowOverride None
Order deny,allow
Deny from 192.168.0.0/24
</Directory>
</VirtualHost>
創建測試站點資源:
[root@www conf]# mkdir -pv/var/www/virt{1,2}
[root@www www]# echo "www1">> /var/www/virt1/index.html
[root@www www]# echo "www2" >>/var/www/virt2/index.html
創建tom用戶文件:
[root@www conf]# htpasswd -cm/etc/httpd/conf/.htpasswd tom
[root@www conf]# httpd -t
Syntax OK
[root@www conf]# service httpd restart
客戶端測試:
[root@localhost ~]# cat /etc/hosts
172.16.251.164 www1.a.com www2.a.com
[root@localhost ~]# curl http://www1.a.com
www1
[root@localhost ~]# curl http://www2.a.com
www2
[root@www conf.d]# ll /var/log/httpd/
-rw-r--r--. 1 root root 11465 7月 17 12:33 www1-access_log
-rw-r--r--. 1 root root 3517 7月 17 12:33 www1-error_log
-rw-r--r--. 1 root root 2306 7月 17 10:25 www2-access_log
-rw-r--r--. 1 root root 1142 7月 17 10:17 www2-error_log
[root@localhost ~]# links http://www1.a.com/server-status
提供https服務:
1.建立私有CA
[root@www CA]# (umask 077; openssl genrsa-out private/cakey.pem 2048)
[root@www CA]# openssl req -new -x509 -keyprivate/cakey.pem -out cacert.pem
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:ym
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:www2.a.com
Email Address []:[email protected]
[root@www CA]# touch index.txt
[root@www CA]# echo 01 > serial
2.申請證書:
[root@www CA]# mkdir -pv /etc/httpd/ssl
[root@www ssl]# (umask 077; openssl genrsa-out httpd.key 1024)
[root@www ssl]# openssl req -new -key httpd.key -outhttpd.csr
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:ym
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:www2.a.com
Email Address []:admin@acom
[root@www ssl]# cp httpd.csr /testdir/
3.CA簽發證書,並將證書發送請求者
[root@www ssl]# openssl ca -in /testdir/httpd.csr -out /etc/pki/CA/certs/httpd.crt
[root@www ssl]# cp/etc/pki/CA/certs/httpd.crt /etc/httpd/ssl/
4.安裝mod_ssl模塊
[root@www conf.d]# httpd -M | grep ssl
[root@www conf.d]# yum -y install mod_ssl
[root@www conf.d]# rpm -ql mod_ssl
[root@www conf.d]# vim/etc/httpd/conf.d/ssl.conf
<VirtualHost 172.16.251.164:443>
DocumentRoot "/var/www/virt2"
ServerName www2.a.com:443
SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
[root@www conf.d]# service httpd restart
[root@www conf.d]# ss -tnl
LISTEN 0 128 :::443
客戶端測試:https://172.16.251.164:443