一、httpd 基於FQDN的虛擬主機配置
以下小字體爲配置文件內容,綠色加粗字體爲可行的命令
1、安裝httpd
yum -y install httpd
2、創建虛擬主機配置文件
vim /etc/httpd/conf.d/www.conf
<VirtualHost172.16.19.11:80>
ServerName www1.abc.com
DocumentRoot /var/www/www1
ErrorLog logs/www1.error_log
CustomLog logs/www1.acess_log common
</VirtualHost>
<VirtualHost172.16.19.11:80>
ServerName www2.abc.com
DocumentRoot /var/www/www2
ErrorLog logs/www2.error_log
CustomLog logs/www2.access_log common
</VirtualHost>
3、打開NameVirtualHost
vim/etc/httpd/conf/httpd.conf
NameVirtualHost172.16.19.11:80
4、創建虛擬主機跟目錄
mkdir/var/www/www1; mkdir /var/www/www1;
5、配置文件語法檢查
httpd -t
6、啓動服務
service httpdrestart
7、創建測試頁面
echo "<h1> www1 </h1>"> /var/www/www1/index.html
echo "<h1> www1</h2>" > /var/www/www2/index.html
8、修改本地hosts測試虛擬主機
a) vim /etc/hosts #新建一行添加ip與域名
172.16.19.11 www1.abc.com www2.abc.com
b)測試基於域名的虛擬主機是否工作正常,效果如下圖所示
二、爲www1.abc.com添加status頁面,並設置訪問控制
a) httpd -M | grep status #確認模塊是否加載,如未加載在httpd.conf主配置文件找到以下字段取消註釋,然後重載服務。
LoadMoudule status_module modules/mod_status.so
b) vim /etc/httpd/conf.d/www.conf #編輯配置文件,在www1虛擬主機內添加一下內容
<Location /server-status>
SetHandlerserver-status
AuthType basic
AuthNAME"only tom"
AuthUserfile/etc/httpd/conf/.htpw
Require user tom
</Location>
c) 爲tom 用戶創建訪問密碼
htpasswd -m -c /etc/httpd/conf/.htpw tom
d) 重載服務測試
service httpd reload
http://www1.abc.com/server-status
三、爲www1配置爲https
A) 創建CA
(umask077;openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)
openssl req -new -x509 -key/etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem
touch /etc/pki/CA/index.txt
echo 01 > /etc/pki/CA/serial
B) 爲https製作證書
a)創建保存祕鑰的文件夾
mkdir /etc/httpd/ssl
b) 生成httpd祕鑰
(umask 077;openssl genrsa -out/etc/httpd/ssl/httpd.key 2048)
c)生成證書請求文件
openssl req -new -key/etc/httpd/ssl/httpd.key -out /etc/httpd/ssl/httpd.csr
d)CA簽發證書
openssl ca -in /etc/httpd/ssl/httpd.csr-out /etc/httpd/ssl/httpd.crt
C) 配置https
a) 安裝必要的rpm包
yum -y install mod_ssl
b) 編輯配置文件
vim /etc/httpd/conf.d/ssl.conf
<VirtualHost172.16.19.11:443>
DocumentRoot"/var/www/www1"
ServerName www.abc.com:443
SSLCertificateFile/etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile/etc/httpd/ssl/httpd.key
D) 重啓測試服務
service httpd restart