web服務httpd-2.2基於域名虛擬主機

原創 進入倒計時 2018-09-11 05:14

web網站服務:

Apache著名的開源Web服務軟件,由ASF自由軟件基金負責維護操作

官方站點:http://httpd.apache.org/

http://www.netcraft.com/ 對各種Web軟件的市場份額做了詳細的統計


實驗需求:

1、建立httpd服務,要求:
   (1) 提供兩個基於名稱的虛擬主機www1, www2;有單獨的錯誤日誌和訪問日誌 
   (2) 通過www1的/server-status提供狀態信息,且僅允許tom用戶訪問
   (3) www2不允許192.168.0.0/24網絡中任意主機訪問
2、爲上面的第2個虛擬主機提供https服務


實驗環境:

Web Server: CentOS 6.7x86_64          IP:172.16.251.164

         httpd-2.2.15-45.el6.centos.x86_64

客戶端:CentOS 7.2x86_64                     IP:172.16.251.138


實驗準備:

[root@www ~]# iptables –F                     //關閉防火牆

[root@www ~]# setenforce 0                   //關閉SeLinux


安裝httpd:

[root@www ~]# yum -y install httpd

[root@www ~]# rpm -qc httpd                //查看安裝httpd生成的配置文件

/etc/httpd/conf.d/welcome.conf

/etc/httpd/conf/httpd.conf

/etc/httpd/conf/magic

/etc/logrotate.d/httpd

/etc/sysconfig/htcacheclean

/etc/sysconfig/httpd

[root@www ~]# service httpd start

[root@www ~]# ss –tnl

LISTEN    0      128                          :::80


主配置文件:

[root@www conf]# cp -p httpd.confhttpd.conf.bak

[root@www httpd]# vim/etc/httpd/conf/httpd.conf

NameVirtualHost 172.16.251.164:80                 //啓用虛擬主機


創建虛擬主機www1配置文件:

[root@www ~]# vim /etc/httpd/conf.d/v1.conf

<VirtualHost 172.16.251.164:80>

        DocumentRoot /var/www/virt1

ServerNamewww1.a.com

ErrorLog logs/www1-error_log
       CustomLog logs/www1-access_log combined

<Location /server-status>

    SetHandler server-status

    AuthType basic

    AuthName "Fortom"

    AuthUserFile"/etc/httpd/conf/.htpasswd"

    Require user tom

</Location>

</VirtualHost>


創建虛擬主機www2配置文件:

[root@www ~]# vim /etc/httpd/conf.d/v2.conf

<VirtualHost 172.16.251.164:80>

       DocumentRoot /var/www/virt2

ServerNamewww2.a.com

ErrorLog logs/www2-error_log
       CustomLog logs/www2-access_log combined

<Directory"/var/www/virt2">

        Options None

        AllowOverride None

        Order deny,allow

        Deny from 192.168.0.0/24

</Directory>

</VirtualHost>


創建測試站點資源:

[root@www conf]# mkdir -pv/var/www/virt{1,2}

[root@www www]# echo "www1">> /var/www/virt1/index.html

[root@www www]# echo "www2" >>/var/www/virt2/index.html


創建tom用戶文件:

[root@www conf]# htpasswd -cm/etc/httpd/conf/.htpasswd tom

[root@www conf]# httpd -t

Syntax OK

[root@www conf]# service httpd restart


客戶端測試:

[root@localhost ~]# cat /etc/hosts

172.16.251.164        www1.a.com   www2.a.com

[root@localhost ~]# curl http://www1.a.com

www1

[root@localhost ~]# curl http://www2.a.com

www2

[root@www conf.d]# ll /var/log/httpd/

-rw-r--r--. 1 root root 11465 7月  17 12:33 www1-access_log

-rw-r--r--. 1 root root  3517 7月  17 12:33 www1-error_log

-rw-r--r--. 1 root root  2306 7月  17 10:25 www2-access_log

-rw-r--r--. 1 root root  1142 7月  17 10:17 www2-error_log

[root@localhost ~]# links http://www1.a.com/server-status

wKiom1eMkleTe08KAAFMUnfDPRQ831.jpg-wh_50

wKioL1eMkljBYVjDAAJUzwHWkRc998.jpg-wh_50



提供https服務:

1.建立私有CA

[root@www CA]# (umask 077; openssl genrsa-out private/cakey.pem 2048)

[root@www CA]# openssl req -new -x509 -keyprivate/cakey.pem -out cacert.pem

Country Name (2 letter code) [XX]:CN  
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:ym
Organizational Unit Name (eg, section) []:Ops      
Common Name (eg, your name or your server's hostname) []:www2.a.com
Email Address []:[email protected]

[root@www CA]# touch index.txt

[root@www CA]# echo 01 > serial

2.申請證書:

[root@www CA]# mkdir -pv /etc/httpd/ssl

[root@www ssl]# (umask 077; openssl genrsa-out httpd.key 1024)

[root@www ssl]#  openssl req -new -key httpd.key -outhttpd.csr

Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:ym
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:www2.a.com
Email Address []:admin@acom

[root@www ssl]# cp httpd.csr /testdir/


3.CA簽發證書,並將證書發送請求者

[root@www ssl]# openssl ca -in /testdir/httpd.csr -out /etc/pki/CA/certs/httpd.crt

[root@www ssl]# cp/etc/pki/CA/certs/httpd.crt /etc/httpd/ssl/


4.安裝mod_ssl模塊

[root@www conf.d]# httpd -M | grep ssl

[root@www conf.d]# yum -y install mod_ssl

[root@www conf.d]# rpm -ql mod_ssl

[root@www conf.d]# vim/etc/httpd/conf.d/ssl.conf

<VirtualHost 172.16.251.164:443>

DocumentRoot "/var/www/virt2"

ServerName www2.a.com:443

SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key

[root@www conf.d]# service httpd restart

[root@www conf.d]# ss -tnl

LISTEN    0      128                          :::443


客戶端測試:https//172.16.251.164:443

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

httpd2.2 虛擬主機、訪問控制及https的實現

mandb 2019-02-23 13:38:22

Apache的虛擬主機配置和網頁加密

心碎小胖子 2019-02-23 13:34:47

WIKI系統及MysQL數據庫宕機恢復文檔

chengcai 2019-02-23 13:08:35

對於大流量的網站,您採用什麼樣的方法來解決訪問量問題?

xtyz08gu 2019-02-23 00:42:24

配置虛擬主機

V屋物無W 2019-02-23 00:36:41

基於nginx的單臺服務器多站點的虛擬主機

2532176285 2019-02-23 00:17:22

Lamp

不露山 2019-02-22 23:59:56

六個免費的虛擬主機管理系統

老客網絡 2019-02-22 23:57:11

ubuntu apache2配置詳解(含虛擬主機配置方法)

lolanoo 2019-02-22 23:52:46

centos7下apache2.4.6虛擬主機配置

LeonSky 2019-02-22 23:50:31

win虛擬主機下安裝wordpress僞靜態及中文標籤等相關設置

冷色人 2019-02-22 23:49:33

Tomcat調優和虛擬主機的設置

恆星v 2019-02-22 23:45:18

VMWare提供三種工作模式橋接(bridge)、NAT(網絡地址轉換)和host-only(主機模式)

傑傑無敵 2019-02-22 23:43:40

wamp配置虛擬主機

帥白123 2019-02-22 23:43:24

tomcat9虛擬主機配置

w1090691643 2019-02-22 23:35:06