基於httpd-2.2配置虛擬主機web站點，並提供https服務（二）

時間 2019-11-25

標籤基於 httpd 2.2 配置虛擬主機 web 站點提供 https 服務欄目 HTML 简体版

原文原文鏈接

使用httpd-2.2和httpd-2.4實現html

> 1.創建httpd服務，要求：web

> 1) 提供兩個基於名稱的虛擬主機www1, www2；要求每一個虛擬主機都有單獨的錯誤日誌和訪問日誌； vim

> 2) 經過www1的/server-status提供狀態信息，且僅容許172.16.0.1主機訪問；服務器

> 3) www2不容許192.168.1.0/24網絡中任意主機訪問；網絡

> 2.爲上面的第2)個虛擬主機提供https服務。dom

> ide

使用httpd-2.2實現基於主機名的虛擬主機服務，並提供https服務：測試

1.準備：（1）在VMwareWorkstation平臺下的CentOS6.9一枚；（2）真實機客戶端一個；ui

2.環境：（1）CentOS6.9系統中安裝httpd應用程序並啓動httpd服務；（2）關閉防火牆；（3）設置SELinux；spa

（1） [root@chenliang ~]# yum -y install httpd

[root@chenliang ~]# service httpd start

正在啓動 httpd：

（2） [root@chenliang ~]# iptables -F

（3） [root@chenliang ~]# setenforce 0

3.操做步驟：

[root@chenliang ~]# cd /etc/httpd/conf

[root@chenliang conf]# vim httpd.conf

NameVirtualHost 172.16.69.1:80 //在httpd.conf配置文件中添加這一行，IP地址要和下面設置的虛擬機文件保持一致

[root@chenliang conf]# cd ../conf.d //在配置虛擬主機時，咱們在/etc/httpd/conf.d片斷配置文件中設置

[root@chenliang conf.d]# ls

manual.conf mod_dnssd.conf README ssl.conf welcome.conf

[root@chenliang conf.d]# vim www1.conf //設置虛擬主機www1

> <VirtualHost 172.16.69.1:80> //這裏的IP地址和端口號要和主配置文件/etc/httpd/conf/httpd.conf中的虛擬機配置設置的IP一致

> DocumentRoot /var/www/www1 //www1站點的資源路徑映射

> ServerName www1.cl.com //這就是基於主機名設置虛擬主機

> ErrorLog logs/www1-error_log //每一個虛擬主機都有單獨的錯誤日誌

> CustomLog logs/www1-access_log combined //每一個虛擬主機都有單獨訪問日誌

> <Location /server-status>

> SetHandler server-status

> Order deny,allow

> Deny from all

> Allow from 172.16.0.1 //經過www1的/server-status提供狀態信息，且僅容許172.16.0.1主機訪問

> </Location>

> </VirtualHost>

[root@chenliang conf.d]# vim www2.conf

> <VirtualHost 172.16.69.1:80> // 這裏的IP地址和端口號要和主配置文件/etc/httpd/conf/httpd.conf中的虛擬機配置設置的IP一致

> DocumentRoot /var/www/www2 //www2站點的資源路徑映射

> ServerName www2.cl.com

> ErrorLog logs/www2-error_log //每一個虛擬主機都有單獨的錯誤日誌

> CustomLog logs/www2-access_log combined //每一個虛擬主機都有單獨訪問日誌

> <Directory "/var/www/www2">

> Options None

> AllowOverride None

> Order deny,allow

> Deny from 192.168.1.0/24 //www2不容許192.168.1.0/24網絡中任意主機訪問

> </Directory>

> </VirtualHost>

[root@chenliang conf.d]# mkdir -pv /var/www/www{1,2} //爲web站點的資源提供路徑映射

mkdir: 已建立目錄 "/var/www/www1"

mkdir: 已建立目錄 "/var/www/www2"

[root@chenliang conf.d]# echo "WWW1's web site~~" >> //var/www/www1/index.html //建立web站點首頁文件並添加內容

[root@chenliang conf.d]# echo "WWW2's web site~~" >> //var/www/www2/index.html

[root@chenliang conf.d]# httpd -t //檢查編寫的虛擬主機語法有沒有錯誤

httpd: apr_sockaddr_info_get() failed for chenliang

httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName

Syntax OK //語法OK

[root@chenliang conf.d]# service httpd restart //在每一次配置好httpd服務後要從新啓動服務

中止 httpd： [肯定]

正在啓動 httpd：httpd: apr_sockaddr_info_get() failed for chenliang

httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName

[肯定]

4.測試：

建立的虛擬主機web站點：

打開主機的真實主機進行測試，首先更改一下系統C盤下\Windows\System32\drivers\etc\hosts文件，在最下面添加配置的虛擬主機web站點：172.16.69.1 www1.cl.com www2.cl.com

結果：

5.提供https服務：

1）創建私有CA：

建立CA的私鑰文件：

[root@chenliang CA]# (umask 077; openssl genrsa -out private/cakey.pem 4096)

Generating RSA private key, 4096 bit long modulus

......................................................++

e is 65537 (0x10001)

生成自簽證書：

[root@chenliang CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:HeBei

Locality Name (eg, city) [Default City]:Handan

Organization Name (eg, company) [Default Company Ltd]:CL

Organizational Unit Name (eg, section) []:Tech

Common Name (eg, your name or your server's hostname) []:chenliang

Email Address []:

[root@chenliang CA]# ls //查看建立的證書文件

cacert.pem certs crl newcerts private

[root@chenliang CA]# touch /etc/pki/CA/index.txt //完善CA所必需目錄級文件要求和文本文件級文件要求

[root@chenliang CA]# echo 01 > /etc/pki/CA/serial

2）建立https站點：{有個前提要安裝httpd模塊列表中的mod_ssl模塊}

[root@chenliang ~]# mkdir /etc/httpd/ssl

[root@chenliang ~]# cd /etc/httpd/ssl

[root@chenliang ssl]# (umask 077;openssl genrsa -out httpd.key 4096)

Generating RSA private key, 4096 bit long modulus

.....................................................................................++

.......................................................................................................................................................................................................................................................................................................................................................................................................................................................++

e is 65537 (0x10001)

[root@chenliang ssl]# openssl req -new -key httpd.key -out httpd.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:HeBei

Locality Name (eg, city) [Default City]:Handan