Linux與雲計算——第二階段Linux服務器架設 第七章:網站WEB服務器架設—用戶目錄虛擬主機和SSL

Linux與雲計算——第二階段Linux服務器架設

第七章:網站WEB服務器架設—用戶目錄虛擬主機和SSL

啓用userdir

啓用userdir, 用戶可以創建自己的網站

[1] 配置httpd.

[root@client ~]# vi /etc/httpd/conf.d/userdir.conf

# line 17: 註釋掉

#UserDir disabled

# line 24: 去掉註釋

UserDir public_html

# line 31 – 35 修改

<Directory "/home/*/public_html">

    AllowOverride All

    Options None

    Require method GET POST OPTIONS

</Directory>

[root@client ~]# systemctl restart httpd

[2] 創建一個測試頁面

[jeffrey@server ~]$ mkdir public_html

[jeffrey@server ~]$ chmod 711 /home/jeffrey

[jeffrey@server ~]$ chmod 755 /home/jeffrey/public_html

[jeffrey@server ~]$ vi ./public_html/index.html

 <html>

<body>

<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">

UserDir Test Page

</div>

</body>

</html>

虛擬主機

配置Virtual Hostings來使用多個主機名.

[1]配置Virtual Hostings.

[root@client ~]# vi /etc/httpd/conf.d/vhost.conf

<VirtualHost *:80>

   DocumentRoot /var/www/html

   ServerName www.example.com

</VirtualHost>

<VirtualHost *:80>

   DocumentRoot /home/jeffrey/public_html

   ServerName www.virtual.host

</VirtualHost>

[root@client ~]# systemctl restart httpd

[2] 創建一個測試頁面.

[root@server ~]# vim /home/jeffrey/public_html/virtual.php

 <html>

<body>

<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">

Virtual Host Test Page

</div>

</body>

</html>

配置SSL

配置SSL建立安全加密連接.

[1] 創建密鑰

[root@server certs]# make server.key

umask 77 ; \

/usr/bin/openssl genrsa -aes128 2048 > server.key

Generating RSA private key, 2048 bit long modulus

.......................+++

....+++

e is 65537 (0x10001)

Enter pass phrase:

Verifying - Enter pass phrase:

[root@server certs]# openssl rsa -in server.key -out server.key

Enter pass phrase for server.key:

writing RSA key

[root@server certs]# openssl rsa -in server.key -out server.key

Enter pass phrase for server.key:

writing RSA key

[root@server certs]# make server.csr

umask 77 ; \

/usr/bin/openssl req -utf8 -new -key server.key -out server.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:SHA

Locality Name (eg, city) [Default City]:XIAN

Organization Name (eg, company) [Default Company Ltd]:Ruiyung

Organizational Unit Name (eg, section) []:Tech

Common Name (eg, your name or your server's hostname) []:server.example.com

Email Address []:[email protected]

 

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

[root@server certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650

Signature ok

subject=/C=CN/ST=SHA/L=XIAN/O=Ruiyung/OU=Tech/CN=server.example.com/[email protected]

Getting Private key

[2] 配置 SSL.

[root@client ~]# yum -y install mod_ssl

[root@client ~]# vi /etc/httpd/conf.d/ssl.conf

# line 59: 去掉註釋

DocumentRoot "/var/www/html"

# line 60: 去掉註釋並進行修改

ServerName www.example.com:443

# line 100: 修改爲第一步中創建的證書

SSLCertificateFile /etc/pki/tls/certs/server.crt

# line 107: 修改爲第一步中創建的密鑰

SSLCertificateKeyFile /etc/pki/tls/certs/server.key

[root@client ~]# systemctl restart httpd

[3] 如果開啓了防火牆,放行HTTPS服務. HTTPS使用443/TCP.

[root@server ~]# firewall-cmd --add-service=https --permanent

[root@server ~]# firewall-cmd --reload

[4] 在客戶機上進行驗證.


發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章