基于httpd-2.2配置虚拟主机web站点,并提供https服务(二)
使用httpd-2.2和httpd-2.4实现html
> 1.创建httpd服务,要求:web
> 1) 提供两个基于名称的虚拟主机www1, www2;要求每一个虚拟主机都有单独的错误日志和访问日志; vim
> 2) 经过www1的/server-status提供状态信息,且仅容许172.16.0.1主机访问;服务器
> 3) www2不容许192.168.1.0/24网络中任意主机访问;网络
> 2.为上面的第2)个虚拟主机提供https服务。dom
> ide
使用httpd-2.2实现基于主机名的虚拟主机服务,并提供https服务:测试
1.准备:(1)在VMwareWorkstation平台下的CentOS6.9一枚;(2)真实机客户端一个;ui
2.环境:(1)CentOS6.9系统中安装httpd应用程序并启动httpd服务;(2)关闭防火墙;(3)设置SELinux;spa
(1) [root@chenliang ~]# yum -y install httpd
[root@chenliang ~]# service httpd start
正在启动 httpd:
(2) [root@chenliang ~]# iptables -F
(3) [root@chenliang ~]# setenforce 0
3.操做步骤:
[root@chenliang ~]# cd /etc/httpd/conf
[root@chenliang conf]# vim httpd.conf
NameVirtualHost 172.16.69.1:80 //在httpd.conf配置文件中添加这一行,IP地址要和下面设置的虚拟机文件保持一致
[root@chenliang conf]# cd ../conf.d //在配置虚拟主机时,咱们在/etc/httpd/conf.d片断配置文件中设置
[root@chenliang conf.d]# ls
manual.conf mod_dnssd.conf README ssl.conf welcome.conf
[root@chenliang conf.d]# vim www1.conf //设置虚拟主机www1
> <VirtualHost 172.16.69.1:80> //这里的IP地址和端口号要和主配置文件/etc/httpd/conf/httpd.conf中的虚拟机配置设置的IP一致
> DocumentRoot /var/www/www1 //www1站点的资源路径映射
> ServerName www1.cl.com //这就是基于主机名设置虚拟主机
> ErrorLog logs/www1-error_log //每一个虚拟主机都有单独的错误日志
> CustomLog logs/www1-access_log combined //每一个虚拟主机都有单独访问日志
>
> <Location /server-status>
> SetHandler server-status
> Order deny,allow
> Deny from all
> Allow from 172.16.0.1 //经过www1的/server-status提供状态信息,且仅容许172.16.0.1主机访问
> </Location>
>
> </VirtualHost>
[root@chenliang conf.d]# vim www2.conf
> <VirtualHost 172.16.69.1:80> // 这里的IP地址和端口号要和主配置文件/etc/httpd/conf/httpd.conf中的虚拟机配置设置的IP一致
> DocumentRoot /var/www/www2 //www2站点的资源路径映射
> ServerName www2.cl.com
> ErrorLog logs/www2-error_log //每一个虚拟主机都有单独的错误日志
> CustomLog logs/www2-access_log combined //每一个虚拟主机都有单独访问日志
>
> <Directory "/var/www/www2">
> Options None
> AllowOverride None
> Order deny,allow
> Deny from 192.168.1.0/24 //www2不容许192.168.1.0/24网络中任意主机访问
> </Directory>
>
> </VirtualHost>
[root@chenliang conf.d]# mkdir -pv /var/www/www{1,2} //为web站点的资源提供路径映射
mkdir: 已建立目录 "/var/www/www1"
mkdir: 已建立目录 "/var/www/www2"
[root@chenliang conf.d]# echo "WWW1's web site~~" >> //var/www/www1/index.html //建立web站点首页文件并添加内容
[root@chenliang conf.d]# echo "WWW2's web site~~" >> //var/www/www2/index.html
[root@chenliang conf.d]# httpd -t //检查编写的虚拟主机语法有没有错误
httpd: apr_sockaddr_info_get() failed for chenliang
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
Syntax OK //语法OK
[root@chenliang conf.d]# service httpd restart //在每一次配置好httpd服务后要从新启动服务
中止 httpd: [肯定]
正在启动 httpd:httpd: apr_sockaddr_info_get() failed for chenliang
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[肯定]
4.测试:
建立的虚拟主机web站点:
打开主机的真实主机进行测试,首先更改一下系统C盘下\Windows\System32\drivers\etc\hosts文件,在最下面添加配置的虚拟主机web站点:172.16.69.1 www1.cl.com www2.cl.com
结果:
5.提供https服务:
1)创建私有CA:
建立CA的私钥文件:
[root@chenliang CA]# (umask 077; openssl genrsa -out private/cakey.pem 4096)
Generating RSA private key, 4096 bit long modulus
...............................................................................................................................................................................................................++
......................................................++
e is 65537 (0x10001)
生成自签证书:
[root@chenliang CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HeBei
Locality Name (eg, city) [Default City]:Handan
Organization Name (eg, company) [Default Company Ltd]:CL
Organizational Unit Name (eg, section) []:Tech
Common Name (eg, your name or your server's hostname) []:chenliang
Email Address []:
[root@chenliang CA]# ls //查看建立的证书文件
cacert.pem certs crl newcerts private
[root@chenliang CA]# touch /etc/pki/CA/index.txt //完善CA所必需目录级文件要求和文本文件级文件要求
[root@chenliang CA]# echo 01 > /etc/pki/CA/serial
2)建立https站点:{有个前提要安装httpd模块列表中的mod_ssl模块}
[root@chenliang ~]# mkdir /etc/httpd/ssl
[root@chenliang ~]# cd /etc/httpd/ssl
[root@chenliang ssl]# (umask 077;openssl genrsa -out httpd.key 4096)
Generating RSA private key, 4096 bit long modulus
.....................................................................................++
.......................................................................................................................................................................................................................................................................................................................................................................................................................................................++
e is 65537 (0x10001)
[root@chenliang ssl]# openssl req -new -key httpd.key -out httpd.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HeBei
Locality Name (eg, city) [Default City]:Handan
Organization Name (eg, company) [Default Company Ltd]:CL
Organizational Unit Name (eg, section) []:Tech
Common Name (eg, your name or your server's hostname) []:chenliang
Email Address []:
A challenge password []:123456
An optional company name []:chenliang
将证书请求发送到CA:~]# scp httpd.csr CA_SERVER:/tmp //由于这里是建立的私有CA,因此不使用此命令,跳过
在CA上为这次请求签发证书:
[root@chenliang ssl]# cd /etc/pki/CA
[root@chenliang CA]# ls
cacert.pem certs crl index.txt newcerts private serial
[root@chenliang CA]# openssl ca -in /etc/httpd/ssl/httpd.csr -out certs/httpd.crt
[root@chenliang CA]# ls certs/
httpd.crt
在httpd服务器上,删除证书请求文件:
[root@chenliang CA]# cp certs/httpd.crt /etc/httpd/ssl/
[root@chenliang CA]# cd -
/etc/httpd/ssl
[root@chenliang ssl]# ls
httpd.crt httpd.csr httpd.key
[root@chenliang ssl]# rm -f httpd.csr
[root@chenliang ssl]# ls
httpd.crt httpd.key
在httpd服务器上配置ssl支持:
1) 保证mod_ssl模块被正确装载;若是没有,则须要单独安装:yum install -y mod_ssl
2) 配置https的虚拟主机:
[root@chenliang conf.d]# vim ssl.conf
<VirtualHost 172.16.69.1:443>
DocumentRoot "/var/www/www2"
ServerName www2.cl.com:443
SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
测试https创建是否成功:
重启服务:
[root@chenliang conf.d]# service httpd restart
中止 httpd: [肯定]
正在启动 httpd:httpd: apr_sockaddr_info_get() failed for chenliang
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[肯定]
在真实主机上(由于咱们是私有证书是不受信任的):
添加例外后:
至此,httpd-2.2基于主机名创建虚拟主机并实现web站点的https服务完成。
- 1. 基于httpd-2.4配置虚拟主机web站点,并提供https服务(一)
- 2. 10-提供apache httpd web服务-配置虚拟主机
- 3. 10-提供apache httpd web服务-配置支持TLS的虚拟主机
- 4. 基于Apache在本地配置多个虚拟主机站点
- 5. centos配置虚拟主机(站点)
- 6. Linux 配置LNMP服务器 并配置虚拟主机
- 7. Apache2.4(二) 虚拟web服务器配置
- 8. Nginx--服务部署、基于域名的虚拟主机配置
- 9. 为web站点提供https服务的步骤
- 10. Web服务基础三之Apache虚拟主机、虚拟目录配置
- 更多相关文章...
- • 网站主机提供商 - 网站主机教程
- • 电子商务网站主机 - 网站主机教程
- • Spring Cloud 微服务实战(三) - 服务注册与发现
- • IDEA下SpringBoot工程配置文件没有提示
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. Duang!超快Wi-Fi来袭
- 2. 机器学习-补充03 神经网络之**函数(Activation Function)
- 3. git上开源maven项目部署 多module maven项目(多module maven+redis+tomcat+mysql)后台部署流程学习记录
- 4. ecliple-tomcat部署maven项目方式之一
- 5. eclipse新导入的项目经常可以看到“XX cannot be resolved to a type”的报错信息
- 6. Spark RDD的依赖于DAG的工作原理
- 7. VMware安装CentOS-8教程详解
- 8. YDOOK:Java 项目 Spring 项目导入基本四大 jar 包 导入依赖,怎样在 IDEA 的项目结构中导入 jar 包 导入依赖
- 9. 简单方法使得putty(windows10上)可以免密登录树莓派
- 10. idea怎么用本地maven