Linux與雲計算——第二階段Linux服務器架設
第七章:網站WEB服務器架設—用戶目錄虛擬主機和SSL
啓用userdir
啓用userdir, 用戶可以創建自己的網站
[1] 配置httpd.
[root@client ~]# vi /etc/httpd/conf.d/userdir.conf
# line 17: 註釋掉
#UserDir disabled
# line 24: 去掉註釋
UserDir public_html
# line 31 – 35 修改
<Directory "/home/*/public_html">
AllowOverride All
Options None
Require method GET POST OPTIONS
</Directory>
[root@client ~]# systemctl restart httpd
[2] 創建一個測試頁面
[jeffrey@server ~]$ mkdir public_html
[jeffrey@server ~]$ chmod 711 /home/jeffrey
[jeffrey@server ~]$ chmod 755 /home/jeffrey/public_html
[jeffrey@server ~]$ vi ./public_html/index.html
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
UserDir Test Page
</div>
</body>
</html>
虛擬主機
配置Virtual Hostings來使用多個主機名.
[1]配置Virtual Hostings.
[root@client ~]# vi /etc/httpd/conf.d/vhost.conf
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName www.example.com
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /home/jeffrey/public_html
ServerName www.virtual.host
</VirtualHost>
[root@client ~]# systemctl restart httpd
[2] 創建一個測試頁面.
[root@server ~]# vim /home/jeffrey/public_html/virtual.php
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Virtual Host Test Page
</div>
</body>
</html>
配置SSL
配置SSL來建立安全加密連接.
[1] 創建密鑰
[root@server certs]# make server.key
umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 > server.key
Generating RSA private key, 2048 bit long modulus
.......................+++
....+++
e is 65537 (0x10001)
Enter pass phrase:
Verifying - Enter pass phrase:
[root@server certs]# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:
writing RSA key
[root@server certs]# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:
writing RSA key
[root@server certs]# make server.csr
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:SHA
Locality Name (eg, city) [Default City]:XIAN
Organization Name (eg, company) [Default Company Ltd]:Ruiyung
Organizational Unit Name (eg, section) []:Tech
Common Name (eg, your name or your server's hostname) []:server.example.com
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@server certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650
Signature ok
subject=/C=CN/ST=SHA/L=XIAN/O=Ruiyung/OU=Tech/CN=server.example.com/[email protected]
Getting Private key
[2] 配置 SSL.
[root@client ~]# yum -y install mod_ssl
[root@client ~]# vi /etc/httpd/conf.d/ssl.conf
# line 59: 去掉註釋
DocumentRoot "/var/www/html"
# line 60: 去掉註釋並進行修改
ServerName www.example.com:443
# line 100: 修改爲第一步中創建的證書
SSLCertificateFile /etc/pki/tls/certs/server.crt
# line 107: 修改爲第一步中創建的密鑰
SSLCertificateKeyFile /etc/pki/tls/certs/server.key
[root@client ~]# systemctl restart httpd
[3] 如果開啓了防火牆,放行HTTPS服務. HTTPS使用443/TCP.
[root@server ~]# firewall-cmd --add-service=https --permanent
[root@server ~]# firewall-cmd --reload