基于httpd-2.4配置虚拟主机web站点,并提供https服务(二)

使用httpd-2.2和httpd-2.4实现

> 1.建立httpd服务,要求:

> 1) 提供两个基于名称的虚拟主机www1, www2;要求每个虚拟主机都有单独的错误日志和访问日志;

> 2) 通过www1的/server-status提供状态信息,且仅允许172.16.0.1主机访问;

> 3) www2不允许192.168.1.0/24网络中任意主机访问;

> 2.为上面的第2)个虚拟主机提供https服务。

>

基于httpd-2.4配置虚拟主机web站点,并提供https服务:

1.准备:(1)在VMwareWorkstation平台下的CentOS7.2一枚;(2)真实机客户端一个;

2.环境:(1)CentOS7.2系统中安装httpd应用程序并启动httpd服务;(2)关闭防火墙;(3)设置SELinux;

(1) [[email protected] ~]# yum -y install httpd

[[email protected] ~]# systemctl restart http.service

Active: active (running)

(2) [[email protected] ~]# iptables -F

(3) [[email protected] ~]# setenforce 0

3.操作步骤:

[[email protected] ~]# cd /etc/httpd/conf.d

创建两个基于主机名的web站点:

[[email protected] conf.d]# vim www1.conf

<VirtualHost 172.16.72.1:80>

ServerName www1.cl7.com

DocumentRoot /var/www/www1

ErrorLog logs/www1-error_log

CustomLog logs/www1-access_log combined

<Location /server-status>

SetHandler server-status

Require all denied            //httpd-2.4中统一使用Require来允许或阻止客户端主机访问,只要没有明确的指明允许哪些客户端主机访问,则拒绝所有客户端主机访问;

Require ip 172.16.0.1

</Location>

</VirtualHost>

[[email protected] conf.d]# vim www2.conf

<VirtualHost 172.16.72.1:80>

ServerName www2.cl7.com

DocumentRoot "/var/www/www2"

ErrorLog logs/www2-error_log

CustomLog logs/www2-access_log combiend

<Directory "/var/www/www2">

Options None

AllowOverride None

<RequireAll>                                     //如果允许和拒绝等访问控制要同时设置,则所有的Require指令必须要放置在<RequireAny>或者<RequireAll>容器指令中

Require not ip 192.168.1.0/24

Require all granted

</RequireAll>

</Directory>

</VirtualHost>

检查创建的虚拟主机语法有没有错误:

[[email protected] conf.d]# httpd -t

AH00557: httpd: apr_sockaddr_info_get() failed for chenliang

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message

Syntax OK

创建路径映射目录:

[[email protected] conf]# mkdir -pv /var/www/www{1,2}

mkdir: 已创建目录 "/var/www/www1"

mkdir: 已创建目录 "/var/www/www2"

[[email protected] conf]# echo "WWW1's page~~" > /var/www/www1/index.html

[[email protected] conf]# echo "WWW2's page~~" > /var/www/www2/index.html

添加域名解析:

[[email protected] conf.d]# echo "172.16.72.1 www1.cl.com www2.cl.com" >> /etc/hosts

重启httpd服务:

[[email protected] conf.d]# systemctl restart httpd.service

在真实机端打开系统盘:C:\Windows\System32\drivers\etc\hosts,使用文本编辑器编辑添加并保存添加内容:172.16.72.1 www1.cl7.com www2.cl7.com

使用客户端测试结果如下:

测试www1是否能允许172.16.0.1网段内的主机查看服务器属性:

4.为虚拟主机www2提供https服务:

(1) 创建私有CA:

1)生成私钥:

[[email protected] ~]# cd /etc/pki/CA

[[email protected] CA]# ls

certs  crl  newcerts  private

[[email protected] CA]# (umask 077; openssl genrsa -out private/cakey.pem 4096)

Generating RSA private key, 4096 bit long modulus

............................................................................................................................................................++

.....................................................................................................................................................................................................................................................++

e is 65537 (0x10001)

2)生成自签证书:

[[email protected] CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:Hebei

Locality Name (eg, city) [Default City]:Handan

Organization Name (eg, company) [Default Company Ltd]:chenliang

Organizational Unit Name (eg, section) []:chenliang

Common Name (eg, your name or your server's hostname) []:chenliang

Email Address []:

[[email protected] CA]# ls

cacert.pem  certs  crl  newcerts  private

3)将文本文件和目录添加完成私有CA配置:

[[email protected] CA]# touch index.txt

[[email protected] CA]# echo 01 > serial

(2)创建https站点:{前提要安装httpd模块列表中的mod_ssl模块}

1)生成私钥并生成证书请求:

[[email protected] ~]# mkdir -pv /etc/httpd/ssl

mkdir: 已创建目录 "/etc/httpd/ssl"

[[email protected] ~]# cd /etc/httpd/ssl

[[email protected] ssl]# ls

[[email protected] ssl]# (umask 077;openssl genrsa -out httpd.key 4096)

Generating RSA private key, 4096 bit long modulus

...............................++

......................++

e is 65537 (0x10001)

[[email protected] ssl]# openssl req -new -key httpd.key -out httpd.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:Hebei

Locality Name (eg, city) [Default City]:Handan

Organization Name (eg, company) [Default Company Ltd]:chenliang

Organizational Unit Name (eg, section) []:chenliang

Common Name (eg, your name or your server's hostname) []:chenliang

Email Address []:

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:123456

An optional company name []:CL

[[email protected] ssl]# ls

httpd.csr  httpd.key

2)将证书请求发送到CA:

[[email protected] ssl]# cp httpd.csr /tmp/

3)在CA上为此次请求签发证书:

[[email protected] ssl]# openssl ca -in /tmp/httpd.csr -out /etc/pki/CA/certs/httpd.crt

Using configuration from /etc/pki/tls/openssl.cnf

Check that the request matches the signature

Signature ok

Certificate Details:

Serial Number: 1 (0x1)

Validity

Not Before: Apr 27 12:51:29 2018 GMT

Not After : Apr 27 12:51:29 2019 GMT

Subject:

countryName               = CN

stateOrProvinceName       = Hebei

organizationName          = chenliang

organizationalUnitName    = chenliang

commonName                = chenliang

X509v3 extensions:

X509v3 Basic Constraints:

CA:FALSE

Netscape Comment:

OpenSSL Generated Certificate

X509v3 Subject Key Identifier:

92:A4:5B:5C:88:0D:CE:84:67:5F:2A:9B:1F:57:15:AD:12:A9:13:CE

X509v3 Authority Key Identifier:

keyid:B6:C0:56:B6:E7:CF:C6:9B:CB:35:6D:1F:C9:06:94:69:D2:D9:23:68

Certificate is to be certified until Apr 27 12:51:29 2019 GMT (365 days)

Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y

Write out database with 1 new entries

Data Base Updated

4)在CA上将CA签发的证书传送到httpd服务器:

[[email protected] ssl]# scp /etc/pki/CA/certs/httpd.crt  /etc/httpd/ssl/

5)在httpd服务器上,删除证书请求文件:

[[email protected] ssl]# ls
httpd.crt  httpd.csr  httpd.key
[[email protected] ssl]# rm -fr httpd.csr
[[email protected] ssl]# ls
httpd.crt  httpd.key

6)在httpd服务器上配置ssl支持:(需要安装httpd中的mod_ssl模块,没有安装需要提前安装)

配置https的虚拟主机:

[[email protected] ~]# vim /etc/httpd/conf.d/ssl.conf

<VirtualHost>
     DocumentRoot "/data/vhosts/www2"
     ServerName www2.magedu.com:443
     SSLCertificateFile /etc/httpd/ssl/httpd.crt 
     SSLCertificateKeyFile /etc/httpd/ssl/httpd.key

</VirtualHost>

5.测试https是否配置成功:

至此,httpd-2.4基于主机名建立虚拟主机并实现web站点的https服务完成

原文地址:http://blog.51cto.com/chenliangdeeper/2108657

时间: 2024-12-26 05:42:31

基于httpd-2.4配置虚拟主机web站点,并提供https服务(二)的相关文章

基于httpd-2.2和httpd-2.4配置虚拟主机web站点,并提供https服务(二)

使用httpd-2.2和httpd-2.4实现 > 1.建立httpd服务,要求: > 1) 提供两个基于名称的虚拟主机www1, www2:要求每个虚拟主机都有单独的错误日志和访问日志: > 2) 通过www1的/server-status提供状态信息,且仅允许172.16.0.1主机访问: > 3) www2不允许192.168.1.0/24网络中任意主机访问: > 2.为上面的第2)个虚拟主机提供https服务. > 二.基于httpd-2.4配置虚拟主机web站

基于httpd-2.2和httpd-2.4配置虚拟主机web站点,并提供https服务(一)

使用httpd-2.2和httpd-2.4实现 > 1.建立httpd服务,要求: > 1) 提供两个基于名称的虚拟主机www1, www2:要求每个虚拟主机都有单独的错误日志和访问日志: > 2) 通过www1的/server-status提供状态信息,且仅允许172.16.0.1主机访问: > 3) www2不允许192.168.1.0/24网络中任意主机访问: > 2.为上面的第2)个虚拟主机提供https服务. > 一.使用httpd-2.2实现基于主机名的虚拟

基于httpd-2.2配置虚拟主机web站点,并提供https服务(一)

使用httpd-2.2和httpd-2.4实现 > 1.建立httpd服务,要求: > 1) 提供两个基于名称的虚拟主机www1, www2:要求每个虚拟主机都有单独的错误日志和访问日志: > 2) 通过www1的/server-status提供状态信息,且仅允许172.16.0.1主机访问: > 3) www2不允许192.168.1.0/24网络中任意主机访问: > 2.为上面的第2)个虚拟主机提供https服务. > 使用httpd-2.2实现基于主机名的虚拟主机

一台centos7主机部署LAMP,提供https服务

在一台centos7上部署LAMP以及xcache并安装分别在2个虚拟主机上部署wordpress和php-myadmin且为phpmyadmin提供https服务: #用rpm包快速部署 :LAMP 1.yum安装: yum  install  -y      httpd   php    php-mysql  php-gd   php-mbstring   php-xml    mariadb-server  mod_ssl Installed: httpd.x86_64 0:2.4.6-4

apache安装、配置虚拟主机、配置日志

apache的安装与配置 安装 01)下载httpd-2.2.27.tar.gz 02)解压:tar xf httpd-2.2.27.tar.gz 然后进入解压的文件查看INSTALL和RAEDME 03)直接make会出错,然后进行编译(也会有问题,这时候yum -y install zlib zlib-devel即可解决),然后进行编译: ./configure --prefix=/application/apache2.2.27 \   安装路径 --enable-deflate \   

httpd配置虚拟主机及访问控制

一.虚拟主机是在一台物理服务器上配置多个站点,有三种实现方法:基于ip,基于端口,基于域名 配置虚拟主机建议在单独一个文件,并在主配置文件使用 include "xxx" 包含进来,这样使配置件更清晰 基于端口:应先在主配置文件中增加一个监听的端口listen 8080 <virtualhost 172.16.168.140:80> options none documentroot "/var/www/80" </virtualhost>

php中apache服务器使用及配置④ apache虚拟主机 web访问时序图

虚拟主机的配置 思考问题!http://localhost/news.html http://www.sohu.comhttp://www.taobao.com.cn目前我们是 http://localhost/myblog/需求我希望http://www.shunping.comhttp://www.sohu.com配置虚拟主机的步骤如下:1. 启用 httpd-vhosts.conf在 httpd.conf 文件中# Virtual hosts ,虚拟主机Include conf/extra

[javaEE] web应用的目录结构&amp;配置虚拟主机

myWebSite | |-- 静态资源和JSP文件都可以直接放在web应用目录下,浏览器可以直接访问 |-- WEB-INF 浏览器没有办法直接访问 |-- classes 动态web运行时的class文件,java类 |-- lib 动态web资源运行时所依赖的jar包 |--web.xml 整个web的配置文件,配置主页,Servlet的映射,过滤器,监听器的配置 web.xml 配置虚拟主机 添加主机,在tomcat/confserver.xml中添加一个<Host>节点,设置名称和路

javaweb学习总结十七(web应用组织结构、web.xml作用以及配置虚拟主机搭建网站)

一:web应用组织结构 1:web应用组成结构 2:安装web组成机构手动创建一个web应用程序目录 a:在webapps下创建目录web b:在web目录下创建html.jsp.css.js.WEB-INF等目录以及index.html访问首页文件 c:在html.jsp.css.js目录中写对应的文件,在WEB-INF目录创建classes.lib以及web.xml文件 d:启动服务器,访问: 默认访问index.html 如果将web设置成服务器默认访问的应用程序,那么只需要访问local