####前端空殼,後端處理####
前端機器 IP:172.25.254.21
yum reinstall postfix -y
vim /etc/postfix/main.cf
75 myhostname = 21westos.westos.com
83 mydomain = westos.com
98 myorigin = westos.org
113 inet_interfaces = all
116 #inet_interfaces = localhost
140 local_transport = error:local delivery disabled
164 mydestination =
314 relayhost = 172.25.254.11
後端機器 ##配置好虛擬用戶的機器 IP:172.25.254.11
vim /etc/postfix/main.cf
264 mynetworks = 172.25.254.21
雙方都重啓postfix
####Apache####
install Apache
yum install httpd -y ##install Apache
vim /etc/httpd/conf/httpd.conf ##修改Apache的默認讀取文件
163 <IfModule dir_module>
164 DirectoryIndex file index.html ##默認讀取file
165 </IfModule>
systemctl restart httpd
yum install httpd-manual -y ##Apache手冊
ls -Z 文件名字 ##顯示文件的標籤
semanage fcontext -a -t httpd_sys_content_t '/www/westos(/.*)?' ##修改標籤
restorecon -RvvF /www/ ##修改後刷新
vim /etc/httpd/conf/httpd.conf
121 <Directory "/www/westos">
122 require all granted
123 </Directory>
systemctl restart httpd
####訪問權限問題####
vim /etc/httpd/conf/httpd.conf
120 DocumentRoot "/www/westos"
121 <Directory "/www/westos">
122 require all granted
123 Order Allow,Deny
124 Allow from ALL
125 Deny from 172.25.254.32
126 </Directory> ##允許所有ip訪問,除了172.25.254.32
120 DocumentRoot "/www/westos"
121 <Directory "/www/westos">
122 require all granted
123 Order Deny,Allow
124 Allow from 172.25.254.11
125 Deny from ALL
126 </Directory> ##禁止所有ip訪問,除了172.25.254.11
120 DocumentRoot "/www/westos"
121 <Directory "/www/westos">
122 require all granted
123 Order Deny,Allow
124 Allow from 172.25.254.0/24
125 Deny from ALL ##禁止所有ip訪問,除了172.25.254.0/24網段
126 </Directory>
####輸入用戶和密碼才能訪問####
cd /etc/httpd/
htpasswd -cm htpasswdfile admin
htpasswd -m htpasswdfile yan
120 DocumentRoot "/www/westos"
121 <Directory "/www/westos">
122 AllowOverride All
123 Authuserfile /etc/httpd/htpasswdfile
124 Authname "please input username and password"
125 Authtype basic
126 Require valid-user
127 </Directory> ##編輯httpd.conf文件
####不同內容不同頁面訪問####
服務主機配置
mkdir /var/www/virtual/news.westos.com/html -p
mkdir /var/www/virtual/music.westos.com/html -p
分別在相應目錄下建立文件,要不沒內容
cd /etc/httpd/conf.d
vim default.conf
vim news.conf
vim music.conf
##news.conf##
<Virtualhost *:80>
Servername news.westos.com
Documentroot /var/www/virtual/news.westos.com/html
Customlog "logs/news.log" combined
</Virtualhost>
<Directory "/var/www/virtual/news.westos.com/html">
Require all granted
</Directory>
##music.conf##
<Virtualhost *:80>
Servername music.westos.com
Documentroot /var/www/virtual/music.westos.com/html
Customlog "logs/music.log" combined
</Virtualhost>
<Directory "/var/www/virtual/music.westos.com/html">
Require all granted
</Directory>
##default.conf##
<Virtualhost _default_:80>
Documentroot /var/www/html
Customlog "logs/default.log" combined
</Virtualhost>
<Directory "/var/www/html">
Require all granted
</Directory>
客戶端主機配置
vim /etc/hosts
172.25.254.11 www.westos.com music.westos.com news.westos.com
####https安全訪問####
yum install crypto-utils.x86_64 -y
yum install mod_ssl.x86_64 -y
genkey www.westos.com ##生成證書
┌──────────────────────────┤ Keypair generation ├──────────────────────────┐
│ │
│ You are now generating a new keypair which will be used to encrypt all ↑ │
│ SSL traffic to the server named www.westos-c.com. ▮ │
│ Optionally you can also create a certificate request and send it to a ▒ │
│ certificate authority (CA) for signing. ▒ │
│ ▒ │
│ The key will be stored in ▒ │
│ /etc/pki/tls/private/www.westos-c.com.key ▒ │
│ The certificate stored in ▒ │
│ /etc/pki/tls/certs/www.westos-c.com.crt ▒ │
│ ↓ │
│ │
│ ┌──────┐ ┌────────┐ │
│ │ Next │ │ Cancel │ │
│ └──────┘ └────────┘ │
│ │
│ │
└──────────────────────────────────────────────────────────────────────────┘
┌──────────────────────────┤ Choose key size ├───────────────────────────┐
│ │
│ Choose the size of your key. The smaller the key you choose the faster │
│ your server response will be, but you'll have less security. Keys of │
│ less than 1024 bits are easily cracked. │
│ │
│ We suggest you select the default, 2048 bits. │
│ │
│ │
│ 512 (insecure) │
│ 1024 (low-grade, fast speed) │
│ 2048 (medium-security, medium speed) [RECOMMENDED] │
│ 4096 (high-security, slow speed) │
│ Choose your own │
│ │
│ ┌──────┐ ┌──────┐ ┌────────┐ │
│ │ Next │ │ Back │ │ Cancel │ │
│ └──────┘ └──────┘ └────────┘ │
│ │
│ │
└────────────────────────────────────────────────────────────────────────┘
┌──────────────────┤ Generate CSR ├──────────────────┐
│ │
│ Would you like to send a Certificate Request (CSR) │
│ to a Certificate Authority (CA)? │
│ │
│ ┌─────┐ ┌────┐ │
│ │ Yes │ │ No │ │
│ └─────┘ └────┘ │
│ │
│ │
└────────────────────────────────────────────────────┘
┌────────────────────┤ Protecting your private key ├─────────────────────┐
│ │
│ At this stage you can set the passphrase on your private key. If you │
│ set the passphrase you will have to enter it every time the server │
│ starts. The passphrase you use to encrypt your key must be the same │
│ for all the keys used by the same server installation. │
│ │
│ If you do not encrypt your key, then if someone breaks into your │
│ server and grabs the file containing your key, they will be able to │
│ decrypt all communications to and from the server that were negotiated │
│ using that key. If your key is encrypted it would be much more │
│ work for someone to retrieve the private key. │
│ │
│ [ ] Encrypt the private key │
│ │
│ ┌──────┐ ┌──────┐ ┌────────┐ │
│ │ Next │ │ Back │ │ Cancel │ │
│ └──────┘ └──────┘ └────────┘ │
│ │
│ │
└────────────────────────────────────────────────────────────────────────┘
┌──────────────────┤ Enter details for your certificate ├──────────────────┐
│ │
│ You are about to be asked to enter information that will be made into │
│ a self-signed certificate for your server. What you are about to enter │
│ is what is called a Distinguished Name or a DN. There are quite a few │
│ fields but you can leave some blank │
│ │
│ Country Name (ISO 2 letter code) CN_ │
│ State or Province Name (full name) shannxi_____________ │
│ Locality Name (e.g. city) xi'an_______________ │
│ Organization Name (eg, company) westos________________________ │
│ Organizational Unit Name (eg, section) linux_________________________ │
│ │
│ Common Name (fully qualified domain name) www.westos.com________________ │
│ │
│ ┌──────┐ ┌──────┐ ┌────────┐ │
│ │ Next │ │ Back │ │ Cancel │ │
│ └──────┘ └──────┘ └────────┘ │
│ │
└──────────────────────────────────────────────────────────────────────────┘
vim ssl.conf
100 SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
108 SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key
前端機器 IP:172.25.254.21
yum reinstall postfix -y
vim /etc/postfix/main.cf
75 myhostname = 21westos.westos.com
83 mydomain = westos.com
98 myorigin = westos.org
113 inet_interfaces = all
116 #inet_interfaces = localhost
140 local_transport = error:local delivery disabled
164 mydestination =
314 relayhost = 172.25.254.11
後端機器 ##配置好虛擬用戶的機器 IP:172.25.254.11
vim /etc/postfix/main.cf
264 mynetworks = 172.25.254.21
雙方都重啓postfix
####Apache####
install Apache
yum install httpd -y ##install Apache
vim /etc/httpd/conf/httpd.conf ##修改Apache的默認讀取文件
163 <IfModule dir_module>
164 DirectoryIndex file index.html ##默認讀取file
165 </IfModule>
systemctl restart httpd
yum install httpd-manual -y ##Apache手冊
ls -Z 文件名字 ##顯示文件的標籤
semanage fcontext -a -t httpd_sys_content_t '/www/westos(/.*)?' ##修改標籤
restorecon -RvvF /www/ ##修改後刷新
vim /etc/httpd/conf/httpd.conf
121 <Directory "/www/westos">
122 require all granted
123 </Directory>
systemctl restart httpd
####訪問權限問題####
vim /etc/httpd/conf/httpd.conf
120 DocumentRoot "/www/westos"
121 <Directory "/www/westos">
122 require all granted
123 Order Allow,Deny
124 Allow from ALL
125 Deny from 172.25.254.32
126 </Directory> ##允許所有ip訪問,除了172.25.254.32
120 DocumentRoot "/www/westos"
121 <Directory "/www/westos">
122 require all granted
123 Order Deny,Allow
124 Allow from 172.25.254.11
125 Deny from ALL
126 </Directory> ##禁止所有ip訪問,除了172.25.254.11
120 DocumentRoot "/www/westos"
121 <Directory "/www/westos">
122 require all granted
123 Order Deny,Allow
124 Allow from 172.25.254.0/24
125 Deny from ALL ##禁止所有ip訪問,除了172.25.254.0/24網段
126 </Directory>
####輸入用戶和密碼才能訪問####
cd /etc/httpd/
htpasswd -cm htpasswdfile admin
htpasswd -m htpasswdfile yan
120 DocumentRoot "/www/westos"
121 <Directory "/www/westos">
122 AllowOverride All
123 Authuserfile /etc/httpd/htpasswdfile
124 Authname "please input username and password"
125 Authtype basic
126 Require valid-user
127 </Directory> ##編輯httpd.conf文件
####不同內容不同頁面訪問####
服務主機配置
mkdir /var/www/virtual/news.westos.com/html -p
mkdir /var/www/virtual/music.westos.com/html -p
分別在相應目錄下建立文件,要不沒內容
cd /etc/httpd/conf.d
vim default.conf
vim news.conf
vim music.conf
##news.conf##
<Virtualhost *:80>
Servername news.westos.com
Documentroot /var/www/virtual/news.westos.com/html
Customlog "logs/news.log" combined
</Virtualhost>
<Directory "/var/www/virtual/news.westos.com/html">
Require all granted
</Directory>
##music.conf##
<Virtualhost *:80>
Servername music.westos.com
Documentroot /var/www/virtual/music.westos.com/html
Customlog "logs/music.log" combined
</Virtualhost>
<Directory "/var/www/virtual/music.westos.com/html">
Require all granted
</Directory>
##default.conf##
<Virtualhost _default_:80>
Documentroot /var/www/html
Customlog "logs/default.log" combined
</Virtualhost>
<Directory "/var/www/html">
Require all granted
</Directory>
客戶端主機配置
vim /etc/hosts
172.25.254.11 www.westos.com music.westos.com news.westos.com
####https安全訪問####
yum install crypto-utils.x86_64 -y
yum install mod_ssl.x86_64 -y
genkey www.westos.com ##生成證書
┌──────────────────────────┤ Keypair generation ├──────────────────────────┐
│ │
│ You are now generating a new keypair which will be used to encrypt all ↑ │
│ SSL traffic to the server named www.westos-c.com. ▮ │
│ Optionally you can also create a certificate request and send it to a ▒ │
│ certificate authority (CA) for signing. ▒ │
│ ▒ │
│ The key will be stored in ▒ │
│ /etc/pki/tls/private/www.westos-c.com.key ▒ │
│ The certificate stored in ▒ │
│ /etc/pki/tls/certs/www.westos-c.com.crt ▒ │
│ ↓ │
│ │
│ ┌──────┐ ┌────────┐ │
│ │ Next │ │ Cancel │ │
│ └──────┘ └────────┘ │
│ │
│ │
└──────────────────────────────────────────────────────────────────────────┘
┌──────────────────────────┤ Choose key size ├───────────────────────────┐
│ │
│ Choose the size of your key. The smaller the key you choose the faster │
│ your server response will be, but you'll have less security. Keys of │
│ less than 1024 bits are easily cracked. │
│ │
│ We suggest you select the default, 2048 bits. │
│ │
│ │
│ 512 (insecure) │
│ 1024 (low-grade, fast speed) │
│ 2048 (medium-security, medium speed) [RECOMMENDED] │
│ 4096 (high-security, slow speed) │
│ Choose your own │
│ │
│ ┌──────┐ ┌──────┐ ┌────────┐ │
│ │ Next │ │ Back │ │ Cancel │ │
│ └──────┘ └──────┘ └────────┘ │
│ │
│ │
└────────────────────────────────────────────────────────────────────────┘
┌──────────────────┤ Generate CSR ├──────────────────┐
│ │
│ Would you like to send a Certificate Request (CSR) │
│ to a Certificate Authority (CA)? │
│ │
│ ┌─────┐ ┌────┐ │
│ │ Yes │ │ No │ │
│ └─────┘ └────┘ │
│ │
│ │
└────────────────────────────────────────────────────┘
┌────────────────────┤ Protecting your private key ├─────────────────────┐
│ │
│ At this stage you can set the passphrase on your private key. If you │
│ set the passphrase you will have to enter it every time the server │
│ starts. The passphrase you use to encrypt your key must be the same │
│ for all the keys used by the same server installation. │
│ │
│ If you do not encrypt your key, then if someone breaks into your │
│ server and grabs the file containing your key, they will be able to │
│ decrypt all communications to and from the server that were negotiated │
│ using that key. If your key is encrypted it would be much more │
│ work for someone to retrieve the private key. │
│ │
│ [ ] Encrypt the private key │
│ │
│ ┌──────┐ ┌──────┐ ┌────────┐ │
│ │ Next │ │ Back │ │ Cancel │ │
│ └──────┘ └──────┘ └────────┘ │
│ │
│ │
└────────────────────────────────────────────────────────────────────────┘
┌──────────────────┤ Enter details for your certificate ├──────────────────┐
│ │
│ You are about to be asked to enter information that will be made into │
│ a self-signed certificate for your server. What you are about to enter │
│ is what is called a Distinguished Name or a DN. There are quite a few │
│ fields but you can leave some blank │
│ │
│ Country Name (ISO 2 letter code) CN_ │
│ State or Province Name (full name) shannxi_____________ │
│ Locality Name (e.g. city) xi'an_______________ │
│ Organization Name (eg, company) westos________________________ │
│ Organizational Unit Name (eg, section) linux_________________________ │
│ │
│ Common Name (fully qualified domain name) www.westos.com________________ │
│ │
│ ┌──────┐ ┌──────┐ ┌────────┐ │
│ │ Next │ │ Back │ │ Cancel │ │
│ └──────┘ └──────┘ └────────┘ │
│ │
└──────────────────────────────────────────────────────────────────────────┘
vim ssl.conf
100 SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
108 SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key
