web服务httpd-2.2基于域名虚拟主机

web网站服务：

Apache著名的开源Web服务软件，由ASF自由软件基金负责维护操作

官方站点：http://httpd.apache.org/

http://www.netcraft.com/ 对各种Web软件的市场份额做了详细的统计

实验需求：

1、建立httpd服务，要求：
   (1) 提供两个基于名称的虚拟主机www1, www2；有单独的错误日志和访问日志 
   (2) 通过www1的/server-status提供状态信息，且仅允许tom用户访问
   (3) www2不允许192.168.0.0/24网络中任意主机访问
2、为上面的第2个虚拟主机提供https服务

实验环境：

Web Server： CentOS 6.7x86_64          IP:172.16.251.164

httpd-2.2.15-45.el6.centos.x86_64

客户端：CentOS 7.2x86_64                     IP：172.16.251.138

实验准备：

[[email protected] ~]# iptables –F                     //关闭防火墙

[[email protected] ~]# setenforce 0                   //关闭SeLinux

安装httpd：

[[email protected] ~]# yum -y install httpd

[[email protected] ~]# rpm -qc httpd                //查看安装httpd生成的配置文件

/etc/httpd/conf.d/welcome.conf

/etc/httpd/conf/httpd.conf

/etc/httpd/conf/magic

/etc/logrotate.d/httpd

/etc/sysconfig/htcacheclean

/etc/sysconfig/httpd

[[email protected] ~]# service httpd start

[[email protected] ~]# ss –tnl

LISTEN    0      128                          :::80

主配置文件：

[[email protected] conf]# cp -p httpd.confhttpd.conf.bak

[[email protected] httpd]# vim/etc/httpd/conf/httpd.conf

NameVirtualHost 172.16.251.164:80                 //启用虚拟主机

创建虚拟主机www1配置文件：

[[email protected] ~]# vim /etc/httpd/conf.d/v1.conf

<VirtualHost 172.16.251.164:80>

DocumentRoot /var/www/virt1

ServerNamewww1.a.com

ErrorLog logs/www1-error_log
       CustomLog logs/www1-access_log combined

<Location /server-status>

SetHandler server-status

AuthType basic

AuthName "Fortom"

AuthUserFile"/etc/httpd/conf/.htpasswd"

Require user tom

</Location>

</VirtualHost>

创建虚拟主机www2配置文件：

[[email protected] ~]# vim /etc/httpd/conf.d/v2.conf

<VirtualHost 172.16.251.164:80>

DocumentRoot /var/www/virt2

ServerNamewww2.a.com

ErrorLog logs/www2-error_log
       CustomLog logs/www2-access_log combined

<Directory"/var/www/virt2">

Options None

AllowOverride None

Order deny,allow

Deny from 192.168.0.0/24

</Directory>

</VirtualHost>

创建测试站点资源：

[[email protected] conf]# mkdir -pv/var/www/virt{1,2}

[[email protected] www]# echo "www1">> /var/www/virt1/index.html

[[email protected] www]# echo "www2" >>/var/www/virt2/index.html

创建tom用户文件：

[[email protected] conf]# htpasswd -cm/etc/httpd/conf/.htpasswd tom

[[email protected] conf]# httpd -t

Syntax OK

[[email protected] conf]# service httpd restart

客户端测试：

[[email protected] ~]# cat /etc/hosts

172.16.251.164        www1.a.com   www2.a.com

[[email protected] ~]# curl http://www1.a.com

www1

[[email protected] ~]# curl http://www2.a.com

www2

[[email protected] conf.d]# ll /var/log/httpd/

-rw-r--r--. 1 root root 11465 7月  17 12:33 www1-access_log

-rw-r--r--. 1 root root  3517 7月  17 12:33 www1-error_log

-rw-r--r--. 1 root root  2306 7月  17 10:25 www2-access_log

-rw-r--r--. 1 root root  1142 7月  17 10:17 www2-error_log

[[email protected] ~]# links http://www1.a.com/server-status

提供https服务：

1.建立私有CA

[[email protected] CA]# (umask 077; openssl genrsa-out private/cakey.pem 2048)

[[email protected] CA]# openssl req -new -x509 -keyprivate/cakey.pem -out cacert.pem

Country Name (2 letter code) [XX]:CN  
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:ym
Organizational Unit Name (eg, section) []:Ops      
Common Name (eg, your name or your server‘s hostname) []:www2.a.com
Email Address []:[email protected]

[[email protected] CA]# touch index.txt

[[email protected] CA]# echo 01 > serial

2.申请证书：

[[email protected] CA]# mkdir -pv /etc/httpd/ssl

[[email protected] ssl]# (umask 077; openssl genrsa-out httpd.key 1024)

[[email protected] ssl]#  openssl req -new -key httpd.key -outhttpd.csr

Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:ym
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server‘s hostname) []:www2.a.com
Email Address []:[email protected]

[[email protected] ssl]# cp httpd.csr /testdir/

3.CA签发证书，并将证书发送请求者

[[email protected] ssl]# openssl ca -in/tmp/httpd.csr -out /etc/pki/CA/certs/httpd.crt

[[email protected] ssl]# cp/etc/pki/CA/certs/httpd.crt /etc/httpd/ssl/

4.安装mod_ssl模块

[[email protected] conf.d]# httpd -M | grep ssl

[[email protected] conf.d]# yum -y install mod_ssl

[[email protected] conf.d]# rpm -ql mod_ssl

[[email protected] conf.d]# vim/etc/httpd/conf.d/ssl.conf

<VirtualHost 192.168.1.200:443>

DocumentRoot "/var/www/virt2"

ServerName www2.a.com:443

SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key

[[email protected] conf.d]# service httpd restart

[[email protected] conf.d]# ss -tnl

LISTEN    0      128                          :::443

客户端测试：https：//172.16.251.164:443