dns + apache基於域名的虛擬主機 + htaccess + ssl

一.搭建一個簡單web即dns服務器
10.10.54.61
[root@gyf  html]# vim /etc/named.conf
options {
        listen-on port 53 {any; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     {any; };
        recursion yes;
    

zone "." IN {
        type hint;
        file "named.ca";
};
zone "ssr.com" IN {
        type master;
        file "named.ssr.com";
     

};
zone "54.10.10.in-addr.arpa" IN {
        type master;
        file "named.10.10.54";
       
[root@gyf  html]# /etc/init.d/named restart
                             

[root@gyf  named]# vim /var/named/named.ssr.com

$TTL 86400
@       IN      SOA     ssr.com. root (
                                2014010802
                                1H
                                2M
                                1W
                                1D
                                        );

@                IN     NS              ssr.com.
ssr.com.         IN     A               10.10.54.61
@                IN     MX      3       master.ssr.com   #郵箱服務器
master.ssr.com.  IN     A               10.10.54.61
slaver           IN     A               10.10.54.64
svn              IN     A               10.10.54.64
ftp              IN     CNAME           master.ssr.com.
www.ssr.com.    IN      CNAME            ssr.com

[root@gyf  named]# vim /var/named/named.10.10.54

$TTL 86400
@       IN      SOA     ssr.com. root (
                                2014010802
                                1H
                                2M
                                1W
                                1D
                                        );
@                IN     NS              ssr.com.
61              IN      PTR             ssr.com.
61              IN      PTR             master.ssr.com.
61              IN      PTR             ftp.ssr.com.
64              IN      PTR             slaver.ssr.com.
64              IN      PTR             svn.ssr.com.
61               IN     PTR              www.ssr.com.
//在本機上解析測試
[root@gyf  ~]# dig ssr.com @127.0.0.1
[root@gyf  ~]# dig -x 10.10.54.61 @127.0.0.1

//在ubantu10.10.54.60修改解析服務器爲10.10.54.61
vim /etc/resolv.conf
nameserver 10.10.54.61

php

二:apache基於域名的虛擬主機+htaccess密碼認證html

10.10.54.61
多個域名對應一個ip或多個ip
多個域名對應一個ip能夠用cname
[root@gyf named]# vim /var/named/named.ssr.com
www.ssr.com.    IN      CNAME            ssr.com.
hr              IN      CNAME            ssr.com.
bbs             IN      CNAME            ssr.com.

[root@gyf named]# vim /var/named/named.10.10.54

61               IN      PTR             www.ssr.com.
61               IN      PRT             hr.ssr.com.
61               IN      PRT             bbs.ssr.com.

2.修改配置文件,添加虛擬主機
[root@gyf named]# mkdir /var/www/hr
[root@gyf named]# mkdir /var/www/bbs

[root@gyf named]# vim /etc/httpd/conf/httpd.conf
NameVirtualHost *:80 ---基於域名的虛擬主機,須要開啓此參數

#基於密碼認證的網頁
:416  <Files ~ "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</Files>
#add file
<Directory "/var/www/html">
    AllowOverride  AuthConfig
    Order allow,deny
    Allow from all
</Directory>
<Directory "/var/www/hr">
    AllowOverride  AuthConfig
    Order allow,deny
    Allow from all
</Directory>
<Directory "/var/www/bbs">
    AllowOverride  AuthConfig
    Order allow,deny
    Allow from all
</Directory>


<VirtualHost *:80>
    ServerAdmin guoyf.ssr.com
    DocumentRoot /var/www/html
    ServerName www.ssr.com
    ErrorLog logs/www-error_log
    CustomLog logs/www-access_log common
</VirtualHost>
<VirtualHost *:80>
    ServerAdmin guoyf.ssr.com
    DocumentRoot /var/www/hr
    ServerName hr.ssr.com
    ErrorLog logs/hr-error_log
    CustomLog logs/hr-access_log common
</VirtualHost>
<VirtualHost *:80>
    ServerAdmin guoyf.ssr.com
    DocumentRoot /var/www/bbs
    ServerName bbs.ssr.com
    ErrorLog logs/bbs-error_log
    CustomLog logs/bbs-access_log common
</VirtualHost>
[root@gyf hr]# /etc/init.d/httpd restart


3.建網頁
[root@gyf hr]# vim /var/www/html/index.html
<html>
<h1 style=color:red align="center"> welcome to ssr!</h1>
</html>
#爲網頁創建.htaccess文件
[root@gyf hr]# vim /var/www/html/.htaccess
AuthName "htaccess auth"
AuthType Basic
AuthUserFile /etc/httpd/conf/users
Require valid-user


[root@gyf hr]# vim /var/www/hr/index.html
<html>
<h1 style=color:red align="center"> welcome to hr!</h1>
</html>
[root@gyf hr]# vim /var/www/hr/.htaccess
AuthName "htaccess auth"
AuthType Basic
AuthUserFile /etc/httpd/conf/users
Require valid-user


[root@gyf hr]# vim /var/www/bbs/index.html
<html>
<h1 style=color:red align="center"> welcome to bbs!</h1>
</html>
[root@gyf hr]# vim /var/www/bbs/.htaccess
AuthName "htaccess auth"
AuthType Basic
AuthUserFile /etc/httpd/conf/users
Require valid-user
#建立用戶
[root@gyf bbs]# htpasswd -c /etc/httpd/conf/users gyf
New password:
Re-type new password:
4.在ubantu10.10.54.60修改解析服務器爲10.10.54.61
vim /etc/resolv.conf
nameserver 10.10.54.61
或者
gyf@gyf:~$ sudo vim /etc/hosts
10.10.54.61   www.ssr.com
10.10.54.62   hr.ssr.com
10.10.054.63  bbs.ssr.com
5.測試
在10.10.54.60 網址中輸入www.ssr.com
在10.10.54.60 網址中輸入10.10.54.61  
#多個域名對應一個ip,輸入ip時 出現第一個/etc/httpd/conf/httpd.conf 中網頁


6.測試工具

[root@gyf hr]# ab -n 10000 -c 50 http://www.ssr.com/index.htmlmysql


三.apache 延伸 基於ssl加密網頁

1.install mod_ssl
[root@gyf conf]# mkdir /etc/httpd/conf/.ssl
[root@gyf conf]#  cd /etc/httpd/conf/.ssl
[root@gyf .ssl]#  yum list|grep mod_ssl
mod_ssl.x86_64                        1:2.2.15-26.el6.centos           Packages
[root@s01 .ssl]# yum install mod_ssl.x86_64
#mod_ssl提供的apache配置文件
[root@gyf conf.d]# vim /etc/httpd/conf.d/ssl.conf
系統提供的私鑰文件,用來製做證書
[root@gyf conf.d]# vim /etc/pki/tls/private/localhost.key
#系統提供的加密過得證書文件
[root@gyf conf.d]# vim /etc/pki/tls/certs/localhost.crt

#下載 mod_ssl source code,get sign.sh
[root@gyf soft]# wget http://www.modssl.org/source/mod_ssl-2.8.31-1.3.41.tar.gz
[root@gyf soft]# cp /soft/mod_ssl-2.8.31-1.3.41/pkg.contrib/sign.sh /etc/httpd/conf/.ssl/
/conf/.ssl/

2.建立CA證書

//建立rsa私用密鑰
[root@gyf soft]# cd /etc/httpd/conf/.ssl/

[root@gyf .ssl]#  openssl genrsa -des3 -out ca.key 1024
Generating RSA private key, 1024 bit long modulus
.++++++
............++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key:                    .... caca              
Verifying - Enter pass phrase for ca.key:        ....caca    

//查看ca.key密鑰內容
[root@gyf .ssl]# openssl rsa -noout -text -in ca.key

Enter pass phrase for ca.key:                    ....caca


//利用CA的RSA密鑰建立一個自簽署的CA證書
[root@s01 .ssl]# openssl req -new -x509 -days 3650  -key ca.key -out ca.crt
Enter pass phrase for ca.key:
must type in 4 to 8191 characters
Enter pass phrase for ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hn
Locality Name (eg, city) [Default City]:ly
Organization Name (eg, company) [Default Company Ltd]:ssr
Organizational Unit Name (eg, section) []:ssr
Common Name (eg, your name or your server's hostname) []:sw
Email Address []:guoyf@ssr.com

3.建立服務器證書籤署請求

//建立一個RSA私用密鑰
[root@gyf .ssl]# openssl genrsa -des3 -out server.key 1024

Generating RSA private key, 1024 bit long modulus
............++++++
...++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:   .....123456
Verifying - Enter pass phrase for server.key:    ......123456
[root@s01 .ssl]# ll
total 12
-rw-r--r-- 1 root root  985 3月   5 23:58 ca.crt
-rw-r--r-- 1 root root  951 3月   5 23:54 ca.key
-rw-r--r-- 1 root root  963 3月   6 01:41 server.key
-rwxr-xr-x 1 root root 1784 3月   6 01:21 sign.sh

//利用server.key產生證書籤署請求CSR
[root@gyf .ssl]# openssl req -new -key server.key -out server.csr

Enter pass phrase for server.key:         .....123456
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hn
Locality Name (eg, city) [Default City]:ly
Organization Name (eg, company) [Default Company Ltd]:ssr
Organizational Unit Name (eg, section) []:ssr
Common Name (eg, your name or your server's hostname) []:sw
Email Address []:guoyf@ssr.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:


//簽署證書
[root@gyf .ssl]# ./sign.sh server.csr

CA signing: server.csr -> server.crt:
Using configuration from ca.config
Enter pass phrase for ./ca.key:  .....caca
140559083972424:error:28069065:lib(40):UI_set_result:result too small:ui_lib.c:869:You must type in 4 to 8191 characters
Enter pass phrase for ./ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'cn'
stateOrProvinceName   :ASN.1 12:'hn'
localityName          :ASN.1 12:'ly'
organizationName      :ASN.1 12:'ssr'
organizationalUnitName:ASN.1 12:'ssr'
commonName            :ASN.1 12:'ssr'
emailAddress          :IA5STRING:'yangry@ssr.com'
Certificate is to be certified until Mar  6 02:09:01 2015 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: OK

[root@gyf .ssl]# ll
total 40
-rw-r--r-- 1 root root  985 3月   5 23:58 ca.crt
drwxr-xr-x 2 root root 4096 3月   6 01:46 ca.db.certs
-rw-r--r-- 1 root root   91 3月   6 01:46 ca.db.index
-rw-r--r-- 1 root root   21 3月   6 01:46 ca.db.index.attr
-rw-r--r-- 1 root root    3 3月   6 01:46 ca.db.serial
-rw-r--r-- 1 root root  951 3月   5 23:54 ca.key
-rw-r--r-- 1 root root 2529 3月   6 01:46 server.crt
-rw-r--r-- 1 root root  660 3月   6 01:44 server.csr
-rw-r--r-- 1 root root  963 3月   6 01:41 server.key
-rwxr-xr-x 1 root root 1784 3月   6 01:21 sign.sh

#移除證書籤署請求
[root@gyf .ssl]# rm -f server.csr
#修改簽好的服務器端證書爲用戶只讀權限
[root@gyf .ssl]# chmod 400 server.crt



4.產生client端的我的證書

[root@gyf .ssl]# openssl pkcs12 -export -in server.crt -inkey server.key  -out client.p12 -name "public"
Enter pass phrase for server.key:  ......123456
Enter Export Password:              ......123
Verifying - Enter Export Password:  ......123

[root@gyf .ssl]# ll
total 40
-rw-r--r-- 1 root root  985 3月   5 23:58 ca.crt
drwxr-xr-x 2 root root 4096 3月   6 01:46 ca.db.certs
-rw-r--r-- 1 root root   91 3月   6 01:46 ca.db.index
-rw-r--r-- 1 root root   21 3月   6 01:46 ca.db.index.attr
-rw-r--r-- 1 root root    3 3月   6 01:46 ca.db.serial
-rw-r--r-- 1 root root  951 3月   5 23:54 ca.key
-rw-r--r-- 1 root root 1666 3月   6 01:53 client.p12
-r-------- 1 root root 2529 3月   6 01:46 server.crt
-rw-r--r-- 1 root root  963 3月   6 01:41 server.key
-rwxr-xr-x 1 root root 1784 3月   6 01:21 sign.sh



5.編輯/etc/http/conf.d/ssl.conf

[root@gyf .ssl]# vim /etc/httpd/conf.d/ssl.conf


:12     LoadModule ssl_module modules/mod_ssl.so    ---confirm
:18     Listen 443                                  ---confirm


:74  <VirtualHost _default_:443>
ServerAdmin yangry@ssr.com
DocumentRoot /var/www/bbs
ServerName bbs.ssr.com
ErrorLog logs/bbs-error_log
CustomLog logs/bbs-access_log common
SSLCertificateFile /etc/httpd/conf/.ssl/server.crt
SSLCertificateKeyFile /etc/httpd/conf/.ssl/server.key    
</VirtualHost>

[root@gyf .ssl]# /etc/init.d/httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd: Apache/2.2.15 mod_ssl/2.2.15 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server bbs.ssr.com:443 (RSA)
Enter pass phrase:   .......123456

OK: Pass Phrase Dialog successful.
                                                           [  OK  ]
在ubuntu在輸入
https://bbs.ssr.com/


四,搭建bbs論壇linux+apache+mysql+php
mysql主要的文件:
安裝目錄文件
配置文件
數據目錄文件
啓動服務文件

###RPM軟件包安裝mysql10.10.54.61
[root@tech2 ~]# yum install -y mysql.x86_64 mysql-server.x86_64 mysql-libs.x86_64 mysql-devel.x86_64

#有mysql用戶和用戶組
[root@tech2 ~]# cat /etc/passwd|grep mysql
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
[root@tech2 ~]# id mysql
uid=27(mysql) gid=27(mysql) groups=27(mysql)
#修改環境變量
vim /etc/profile.d/mysql.sh
PATH=/usr/bin:$PATH
export PATH
shell>source /etc/profile.d/mysql.sh
#建立目錄
mkdir -p /data/mysql級聯建立數據目錄
chown  -R mysql.mysql /var/lib/mysql
chown -R mysql.mysql /data/mysql
#修改配置文件
[root@gyf mysql]# vim /etc/my.cnf
[mysqld]
datadir = /data/mysql
[root@gyf mysql]# /etc/init.d/mysqld start


#安裝php
yum install php.x86_64 php-cli.x86_64 php-common.x86_64 php-gd.x86_64 php-mysql.x86_64 php-pear.noarch
#在http配置文件中添加php首頁
[root@gyf upload]# vim /etc/httpd/conf/httpd.conf
DirectoryIndex index.php
user apache  ...... 注意用戶是apache
#把Discuz_X3.0_SC_UTF8.zip 論壇文件在bbs下解壓
[root@gyf soft]# yum list |grep unzip
unzip.x86_64                          6.0-1.el6                        @Packages
[root@gyf soft]# yum install unzip.x86_64
[root@gyf soft]# cd /var/www/bbs/
unzip Discuz_X3.0_SC_UTF8.zip
[root@gyf bbs]# ls
Discuz_X3.0_SC_UTF8.zip  readme  upload  utility
#upload下放的是網頁
[root@gyf upload]# ls  
admin.php  connect.php      forum.php  member.php  search.php  uc_server
api        cp.php           group.php  misc.php    source      userapp.php
api.php    crossdomain.xml  home.php   plugin.php  static
archiver   data             index.php  portal.php  template
config     favicon.ico      install    robots.txt  uc_client
#測試
在ubuntu10.10.54.60下輸入http://bbs.ssr.com/upload
#修改bbs下的全部用戶和用戶組爲apache
[root@gyf upload]# chown apache.apache -R /var/www/bbs

root@mysql 05:58>grant all on *.* to 'root'@'10.10.54.61' identified by 'aaa12345';
root@mysql 05:59>flush privileges;linux

相關文章
相關標籤/搜索