CentOS7.2上搭建httpd-2.4

CcentOS7.2上搭建httpd-2.4

1.实验需求:

1、建立httpd服务,要求:
    (1) 提供两个基于名称的虚拟主机www1, www2;有单独的错误日志和访问日志;
    (2) 通过www1的/server-status提供状态信息,且仅允许tom用户访问;
    (3) www2不允许192.168.0.0/24网络中任意主机访问;
2、为上面的第2个虚拟主机提供https服务

2.实验环境:

Linux服务器操作系统版本:CentOS release 7.2 (Final) IP:172.16.250.60
WIN7系统客户机:IP:172.16.250.100

3.实验前提:
    1)关闭防火墙和SELinux
~]# systemctl stop iptables
~]# setenforce 0
    
4.实验过程:

1.提供两个基于名称的虚拟主机www1, www2;有单独的错误日志和访问日志

一、安装服务

1)yum安装httpd-2.4
~]# yum install httpd -y

~]# rpm -qa httpd

~]# rpm -ql httpd
/etc/httpd
/var/log/httpd
/var/www/html

~]# rpm -qc httpd
/etc/httpd/conf/httpd.conf
/etc/sysconfig/httpd
/etc/httpd/conf.d/welcome.conf

~]# systemctl restart httpd.service
~]# ss -lnt
LISTEN      0      128       :::80      :::*

二、创建虚拟主机
            
~]# cat /etc/httpd/conf.d/www1.conf
<VirtualHost 172.16.250.60:80>
        ServerName www1.magedu.com
        DocumentRoot /data/vhosts/www1
        ErrorLog logs/www1-error_log
        CustomLog logs/www1-access_log combined
    <Directory "/data/vhosts/www1">
        Options None
        AllowOverride None
        Require all granted
    </Directory>

</VirtualHost>

~]# cat /etc/httpd/conf.d/www2.conf

<VirtualHost 172.16.250.60:80>
        ServerName www2.magedu.com
        DocumentRoot /data/vhosts/www2
        ErrorLog logs/www2-error_log
        CustomLog logs/www2-access_log combiend
    <Directory "/data/vhosts/www2">
        Options None
        AllowOverride None
        Require all granted
    </Directory>
</VirtualHost>

三、修改配置参数:

注意:基于FQDN的虚拟主机不再需要专门的指令NameVirtualHost
    
    1)备份原有的配置文件
~]# cp -p httpd.conf httpd.conf.bak
    
    2)创建站点目录:
~]# mkdir -pv /data/vhosts/www{1,2}

3)创建访问主页
~]# echo "<h1> www1.magedu.com </h1>" > /data/vhosts/www1/index.html
~]# echo "<h1> www2.magedu.com </h1>" > /data/vhosts/www2/index.html

4)添加hosts域名解析
~]# echo " 172.16.250.60 www1.magedu.com www2.magedu.com " >> /etc/hsots

5)修改配置需要重载
~]# httpd -t
~]# systemctl reload httpd.service

四、PC端上测试内容

1)在wind7上添加域名解析:路径:C:\Windows\System32\drivers\etc\hosts
    2)用记事本打开hosts添加并保存:172.16.250.60 www1.magedu.com www2.magedu.com
    3)测试都正常访问

2.通过www1的/server-status提供状态信息,且仅允许tom用户访问;

一、修改配置文件:
    
    1)只允许tom用户访问/server-status;
<Location /server-status>
    SetHandler server-status
    AuthType basic
    AuthName "For tom"
    AuthUserFile "/etc/httpd/conf/.htpasswd"
    Require user tom
</Location>

2)创建虚拟用户tom文件
~]# htpasswd -c -m /etc/httpd/conf/.htpasswd tom

3)检查语法并重载配置文件
~]# httpd -t                                
~]# systemctl reload httpd.service

二、在PC机浏览器中测试:

1)输入 http://172.16.250.60/server-status 需要用户tom认证才能访问
测试:
http://www1.magedu.com/server-status

Apache Server Status for www1.magedu.com (via 172.16.250.60)

Server Version: Apache/2.4.6 (CentOS)
Server MPM: prefork
Server Built: Nov 19 2015 21:43:13

Current Time: Thursday, 14-Jul-2016 20:10:17 CST
Restart Time: Thursday, 14-Jul-2016 18:59:52 CST
Parent Server Config. Generation: 5
Parent Server MPM Generation: 4
Server uptime: 1 hour 10 minutes 24 seconds
Server load: 0.01 0.02 0.05
Total accesses: 60 - Total Traffic: 112 kB
CPU Usage: u0 s0 cu0 cs0
.0142 requests/sec - 27 B/second - 1911 B/request
1 requests currently being processed, 4 idle workers

W____...........................................................
................................................................
................................................................
................................................................

Scoreboard Key:
"_" Waiting for Connection, "S" Starting up, "R" Reading Request,
"W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup,
"C" Closing connection, "L" Logging, "G" Gracefully finishing,
"I" Idle cleanup of worker, "." Open slot with no current process

Srv    PID    Acc    M    CPU     SS    Req    Conn    Child    Slot    Client    VHost    Request
0-4    6133    0/0/14    W     0.00    0    0    0.0    0.00    0.02     172.16.250.149    www1.magedu.com:80    GET /server-status HTTP/1.1
1-4    6134    0/0/16    _     0.00    145    0    0.0    0.00    0.06     ::1    www1.magedu.com:80    OPTIONS * HTTP/1.0
2-4    6135    0/0/6    _     0.00    145    0    0.0    0.00    0.01     ::1    www1.magedu.com:80    OPTIONS * HTTP/1.0
3-4    6136    0/0/5    _     0.00    145    0    0.0    0.00    0.00     ::1    www1.magedu.com:80    OPTIONS * HTTP/1.0
4-4    6137    0/0/5    _     0.00    145    0    0.0    0.00    0.00     ::1    www1.magedu.com:80    OPTIONS * HTTP/1.0
5-3    -    0/0/7    .     0.00    145    0    0.0    0.00    0.01     ::1    www1.magedu.com:80    OPTIONS * HTTP/1.0
6-1    -    0/0/2    .     0.00    862    8    0.0    0.00    0.00     ::1    www.magedu.com:80    OPTIONS * HTTP/1.0
7-1    -    0/0/5    .     0.00    862    0    0.0    0.00    0.01     ::1    www.magedu.com:80    OPTIONS * HTTP/1.0
Srv    Child Server number - generation
PID    OS process ID
Acc    Number of accesses this connection / this child / this slot
M    Mode of operation
CPU    CPU usage, number of seconds
SS    Seconds since beginning of most recent request
Req    Milliseconds required to process most recent request
Conn    Kilobytes transferred this connection
Child    Megabytes transferred this child
Slot    Total megabytes transferred this slot

3、为上面的第2个虚拟主机提供https服务;

工作目录:/etc/pki/CA/

一、建立私有CA

1)生成私钥
CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048)

2)生成自签证书
CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.‘, the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN  
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:liyang
Organizational Unit Name (eg, section) []:Ops      
Common Name (eg, your name or your server‘s hostname) []:www2.magedu.com
Email Address []:[email protected]

3)提供辅助文件
CA]# touch index.txt
CA]# echo 01 > serial 序列号
CA]# tree
.
├── cacert.pem
├── certs
├── crl
├── index.txt
├── newcerts
├── private
│   └── cakey.pem
└── serial

二、节点申请证书
    
    1)生成私钥
~]# mkdir -pv /etc/httpd/ssl
ssl]# (umask 077; openssl genrsa -out httpd.key 1024)

2)生成证书签署请求:
ssl]# openssl req -new -key httpd.key -out httpd.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.‘, the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:liyang
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server‘s hostname) []:www2.magedu.com
Email Address []:[email protected]

Please enter the following ‘extra‘ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

3)把请求发给CA
ssl]# cp httpd.csr /tmp/

三、CA签发证书

1)签署证书
~]# openssl ca -in /tmp/httpd.csr -out /etc/pki/CA/certs/httpd.crt
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Jul 14 13:24:47 2016 GMT
            Not After : Jul 14 13:24:47 2017 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = Beijing
            organizationName          = liyang
            organizationalUnitName    = Ops
            commonName                = www2.magedu.com
            emailAddress              = [email protected]
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                88:92:7A:EE:97:0B:51:8C:68:56:4D:E0:51:8E:79:CD:56:D5:DF:05
            X509v3 Authority Key Identifier:
                keyid:0B:2F:43:5B:2D:B7:5D:F5:11:16:C2:78:0D:15:60:8F:39:9E:CA:70

Certificate is to be certified until Jul 14 13:24:47 2017 GMT (365 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

2)把签署好的证书发还给请求者。
~]# cp /etc/pki/CA/certs/httpd.crt /etc/httpd/ssl/

注意:本次私建CA和节点申请证书在同一台机器完成。

四、配置httpd支持使用ssl,及使用的证书

1)yum安装mod_ssl模块
~]# httpd -M | grep ssl        
~]# yum install mod_ssl -y
~]# rpm -ql mod_ssl

2)修改配置文件
~]# cat /etc/httpd/conf.d/ssl.conf
    <VirtualHost>
     DocumentRoot "/data/vhosts/www2"
     ServerName www2.magedu.com:443
     SSLCertificateFile /etc/httpd/ssl/httpd.crt
     SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
     <Directory "/data/vhosts/www2">
            SSLOptions +StdEnvVars
            AllowOverride None
            Require all granted
     </Directory>
    </VirtualHost>

五、测试结果:
    1)在PC机浏览器中测试:https://www2.magedu.com  通过443端口访问
    2)在PC机浏览器中测试:http://www2.magedu.com   通过80端口访问

时间: 2024-10-12 17:58:22

CentOS7.2上搭建httpd-2.4的相关文章

CentOS7.2上搭建httpbin环境

CentOS7上搭建httpbin环境 1.安装python31)安装python3.6可能使用的依赖yum -y install openssl-devel bzip2-devel expat-devel gdbm-devel readline-devel sqlite-devel 2)到python官网找到下载路径, 用wget下载wget https://www.python.org/ftp/python/3.6.4/Python-3.6.4.tgz 3)解压tgz包tar -zxvf P

在Centos7服务器上搭建网关服务

准备搭建网关的服务器环境介绍: OS:Centos7.1 网络:一块网卡,能够上网(能够连接到更外层网络),IP为192.168.7.54 内存.CPU随意 以下命令的作用依次是: 开启ip_forward功能: 将ip_ forward功能加入系统参数,以备重启之后仍然起作用: 转发192.168.7.0/24网段的流量(只能转发同一个交换机.同一个vlan之上的服务器): 重载防火墙: 永久关闭防火墙. 配置完成之后,192.168.7.0/24网段内的机器上可以通过设置网关为当前机器,继而

在 CentOS7.0 上搭建 Chroot 的 Bind DNS 服务器

BIND(Berkeley internet Name Daemon)也叫做NAMED,是现今互联网上使用最为广泛的DNS 服务器程序.这篇文章将要讲述如何在 chroot 监牢中运行 BIND,这样它就无法访问文件系统中除"监牢"以外的其它部分. 例如,在这篇文章中,我会将BIND的运行根目录改为 /var/named/chroot/.当然,对于BIND来说,这个目录就是 /(根目录). "jail"(监牢,下同)是一个软件机制,其功能是使得某个程序无法访问规定区

在Centos7.6上搭建Hadoop环境时安装jdk1.8,java:未找到命令

首先卸载Centos本身自带的openjdk,我参考的这位博主的安装教程 https://www.cnblogs.com/happyflyingpig/p/8068020.html 安装Hadoop环境,我参考的是这位博主的安装教程 https://blog.csdn.net/frank409167848/article/details/80968531 注意: 在步骤1.4时:如果是以root用户安装环境时,应当直接cd /opt(这是根目录下的opt),并在该目录下创建相应module.so

[AI开发]centOS7.5上基于keras/tensorflow深度学习环境搭建

这篇文章详细介绍在centOS7.5上搭建基于keras/tensorflow的深度学习环境,该环境可用于实际生产.本人现在非常熟练linux(Ubuntu/centOS/openSUSE).windows上该环境的搭建 :) 前面三篇博客代码实现均基于该环境(开发或者测试过): [AI开发]Python+Tensorflow打造自己的计算机视觉API服务 [AI开发]基于深度学习的视频多目标跟踪实现 [AI开发]视频多目标跟踪高级版 运行环境 1) centOS 7.5 ,不要安装GUI桌面:

CentOS 7 上搭建nginx 1.6

准备要素,编译环境,创建组,创建被service所管理的脚本,两种隐藏版本方法,实现主进程用root创建 子进程有nginx 创建,图片缓存时间 在最新的centos7.3上搭建nginx 1.6. 安装需要的环境 yum install gcc gcc-c++ pcre-devel zlib-devel -y yum install elinks -y 创建用户组 ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/ cd /opt/nginx-

linux,centos7上搭建LVS负载均衡

在linux,centos7上搭建LVS负载均衡 实前准备 准备五台虚拟机 四台centos7 一台做调度 一台做nfs缓存 两台做wed群集 一台windows7 开始逐个配置 配置nfs服务器(centos7在用的时候是在线下载源代码包但是为了做实验先把源代码用yum安装好后改为仅主机模式) IP:192.168.10.174 用rpm -q nfs-utils查看有没有安装 rpcbind (远程过程调用) 编辑配置文件 [[email protected] ~]# vim /etc/ex

在Centos7上搭建局域网的yum源仓库

1.#输入命令rmp -q -vsftpd,查看是否安装了该包. 2.#创建挂载点,把光盘挂载到该点 3.#使用命令用rpm-ivh 安装vsftpd安装包 4.#启动vsftpd服务,设为下次开机启动. 5.#输入ifconfig,找到自己的局域网地址,看是否连接超时,如果超时就是没关闭防火墙的原因,那么就关闭防火墙.(学习环境中关闭防火墙就行了,不支持实际工作环境中关闭). 6.#用浏览器访问自己的局域网地址 ,会出现以下页面,说明ftp服务配置成功. 7.#创建文件夹,将CentOS7安装

在Centos7上搭建Nginx+rtmp服务器

在VPS服务器上配置一个直播环境,在iOS客户端实现推流到直播服务器,通过VLC播放器实现拉取服务器上的流观看直播. 效果图 Demo_01 Centos7上搭建Nginx+rtmp服务器 今天第一次在Centos7上搭建Nginx+rtmp服务器,以前在Mac上成功搭建,所以今天想在Centos7上试一试,在此记录一下,过程还是比较顺利. (1)准备需要的模块及工具(nginx-rtmp-module,openssl和git) 1.使用yum安装git [root~]# yum -y inst