使用httpd-2.2和httpd-2.4实现指定httpd服务
分別使用httpd-2.2和httpd-2.4實現
????????????? 1、建立httpd服務,要求:
???????????????????? (1)提供兩個基于名稱的虛擬主機www1, www2;有單獨的錯誤日志和訪問日志;
???????????????????? (2)通過www1的/server-status提供狀態信息,且僅允許tom用戶訪問;
???????????????????? (3)www2不允許192.168.0.0/24網絡中任意主機訪問;
?
準備過程
準備三臺虛擬機,一臺CentOS 7實現httpd-2.4 CentOS 6 實現httpd-2.2 另一臺提供頒發CA認證和測試服務要求
先關閉三臺虛擬機的iptables selinux
三臺機器yum安裝mod_ssl
?
CentOS 6 ip 172.16.55.6
CentOS 7 ip 172.16.55.7
CA方加測試 ip 172.16.55.11
?
第一小題
=========================
CentOS 6上提供的httpd服務是2.2版本
安裝httpd-2.2
yum install-y httpd
修改配置文件,添加虛擬主機名
?????? vim/etc/httpd/conf/httpd.conf
?????? 990行下
?????? NameVirtualHost172.16.55.6:80
添加虛擬主機配置文件,并添加日志文件信息
?????? vim/etc/httpd/conf.d/www1.conf
<VirtualHost 172.16.55.6:80>
???ServerName www1.magedu.com
???DocumentRoot /data/vhosts/www1
???ErrorLog logs/www1-error_log
???CustomLog logs/www1-access_log combined
</VirtualHost>
?
vim /etc/httpd/conf.d/www2.conf
<VirtualHost 172.16.55.6:80>
???ServerName www2.magedu.com
???DocumentRoot /data/vhosts/www2
???ErrorLog logs/www2-error_log
???CustomLog logs/www2-access_log combined
</VirtualHost>
?
在創建網站信息
mkdir /data/vhosts/www{1,2}
vim /data/vhosts/www1/index.html
?????? 11111
vim /data/chosts/www2/index.html
?????? 22222
?
修改hosts配置文件,添加域名解析
vim /etc/hosts
添加 172.16.55.6 www1.magedu.com www2.magedu.com
?
語法檢查
httpd -t
在檢查端口是否打開,服務是否啟動
ss -ntl
ps aux
重啟服務,然后在瀏覽器中檢查172.16.55.7是否能解析
?
?
?
CentOS 7上提供的httpd服務是2.4版本
安裝httpd-2.4
yum install-y httpd
查看配置文件,但不需要添加虛擬主機名
??????
添加虛擬主機配置文件,并添加日志文件信息
?????? vim/etc/httpd/conf.d/www1.conf
<VirtualHost 172.16.55.7:80>
???ServerName www1.magedu.com
???DocumentRoot /data/vhosts/www1
???ErrorLog logs/www1-error_log
CustomLoglogs/www1-access_log combined
<Directory"/data/vhosts/www1">
???? ?Options None
?? ?? AllowOverride None
?? ????Require all granted
?? ?</Directory>
</VirtualHost>
?
vim /etc/httpd/conf.d/www2.conf
<VirtualHost 172.16.55.6:80>
???ServerName www2.magedu.com
???DocumentRoot /data/vhosts/www2
???ErrorLog logs/www2-error_log
CustomLoglogs/www2-access_log combined
<Directory"/data/vhosts/www1">
?? ???Options None
? ??? AllowOverride None
??? ? Require all granted
???? </Directory>
</VirtualHost>
?
在創建網站信息
mkdir /data/vhosts/www{1,2}
vim /data/vhosts/www1/index.html
?????? 11111
vim /data/chosts/www2/index.html
?????? 22222
?
修改hosts配置文件,添加域名解析
vim /etc/hosts
添加 172.16.55.7 www1.magedu.com www2.magedu.com
?
語法檢查
httpd -t
在檢查端口是否打開,服務是否啟動
ss -ntl
ps aux
重啟服務,然后在瀏覽器中檢查172.16.55.7是否能解析
?
?
?
?
第二題
============================
ip為172.16.55.6的CentOS 6上
先添加一個tom的虛擬用戶
htpasswd -c -m /etc/httpd/conf/.htpasswdtom
?
修改虛擬主機www1的配置文件
vim /etc/httpd/conf.d/www1.conf
<VirtualHost 172.16.55.6:80>
???ServerName www1.magedu.com
???DocumentRoot /data/vhosts/www1
???ErrorLog logs/www1-error_log
???CustomLog logs/www1-access_log combined
</VirtualHost>
?
<Location /server-status>
?? ?SetHandler server-status
?? ?AuthType basic
?? ?AuthName "For tom"
?? ?AuthUserFile "/etc/httpd/conf/.htpasswd"
?? ?Require user tom
</Location>??
?
語法檢查后無誤后,重載服務配置
httpd -t?? ?????? ??? ??? ?????? ??? ?
service httpd reload?
?
在瀏覽器這種輸入172.16.55.6/server-status
如下圖,只有輸入賬戶tom的賬戶密碼才可訪問
?
?
ip為172.16.55.7的CentOS 7上
先添加一個tom的虛擬用戶
htpasswd -c -m /etc/httpd/conf/.htpasswdtom
?
修改虛擬主機www1的配置文件
在后面直接添加
<Location /server-status>
?? ?SetHandler server-status
?? ?AuthType basic
?? ?AuthName "For tom"
?? ?AuthUserFile "/etc/httpd/conf/.htpasswd"
?? ?Require user tom
</Location>??
?
語法檢查后無誤后,重載服務配置
httpd -t?? ?????? ??? ??? ?????? ??? ?
service httpd reload?
?
在瀏覽器這種輸入172.16.55.7/server-status
如圖,只有輸入賬戶tom的賬戶密碼才可訪問
?
?
?
第二題3小問
先在CentOS6上面做該操作
www2不允許192.168.0.0/24網絡中任意主機訪問
直接編輯www2的配置文件
vim /etc/httpd/conf.d/www2.conf
在后面添加一段代碼即可
<VirtualHost 172.16.55.6:80>
???ServerName www1.magedu.com
???DocumentRoot /data/vhosts/www1
??? <Directory /data/vhosts/www2>
?????? OptionsNone
??? ?AllowOverride None
??? Order deny,allow
Denyfrom 192.16.0.0/24
?? ?</Directory>
</VirtualHost>
?
CentOS 7 上操作相同
?
?
第三da題
=====172.16.55.11=====
先創建公鑰,頒發CA證書
yum install -y mod_ssl
cd /etc/pki/CA
(umask 077;openssl genrsa -outprivate/cakey.pem 2048)
openssl req -new -x509 -keyprivate/cakey.pem -out cacert.pem
?
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name)[]:beijing
Locality Name (eg, city) [DefaultCity]:beijing
Organization Name (eg, company) [DefaultCompany Ltd]:magedu
Organizational Unit Name (eg, section)[]:ops
Common Name (eg, your name or your server'shostname) []:ca.magedu.com
Email Address []:magedu@admin.com
?
創建補充文件
touch index.txt
echo 01> serial
?
?
然后在CentOS 6 上創建私鑰
mkdir -pv /etc/httpd/ssl
cd /etc/httpd/ssl/
(umask 077; openssl genrsa -outhttpd.key 1024)
openssl req -new -key httpd.key -out httpd.csr
?
Country Name (2 letter code) [XX]:CN
State or Province Name (full name)[]:beijing
Locality Name (eg, city) [DefaultCity]:beijing
Organization Name (eg, company) [DefaultCompany Ltd]:magedu
Organizational Unit Name (eg, section)[]:ops
Common Name (eg, your name or yourserver's hostname) []:www2.magedu.com
Email Address []:www2@admin.com
?
scp 172.16.55.11:/tmp
?
然后在切換到172.16.55.11 CA上面簽發證書
cd /etc/pki/CA
openssl ca -in /tmp/httpd.csr -out/etc/pki/CA/certs/httpd.crt
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches thesignature
Signature ok
Certificate Details:
???????Serial Number: 1 (0x1)
???????Validity
??????????? Not Before: Jul 24 04:54:15 2016GMT
??????????? Not After : Jul 24 04:54:15 2017GMT
???????Subject:
??????????? countryName?????????????? = CN
??????????? stateOrProvinceName?????? = beijing
??????????? organizationName????????? = magedu
??????????? organizationalUnitName??? = ops
??????????? commonName??????????????? = www2.magedu.com
??????????? emailAddress????????????? = www2@admin.com
???????X509v3 extensions:
??????????? X509v3 Basic Constraints:
??????????????? CA:FALSE
??????????? Netscape Comment:
??????????????? OpenSSL Generated Certificate
??????????? X509v3 Subject Key Identifier:
???????????????2B:D6:FF:8B:84:2D:33:FD:48:8A:EC:A5:80:63:67:46:F5:D5:54:12
??????????? X509v3 Authority Key Identifier:
???????????????keyid:F2:32:D8:C5:E6:D9:04:B8:46:38:8D:D7:32:2B:E6:D5:90:56:3D:A1
?
Certificate is to be certified until Jul24 04:54:15 2017 GMT (365 days)
Sign the certificate? [y/n]:y
?
?
1 out of 1 certificate requestscertified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
?
把簽署好的證書發還給請求者。
scp /certs/httpd.crt 172.16.55.6:/etc/httpd/ssl/
?
在回到172.16.55.6的CentOS上面修改ssl的配置文件
vim /etc/httpd/conf.d/ssl.conf
???<VirtualHost _default_:443>
???DocumentRoot "/data/vhosts/www2"
???ServerName www2.magedu.com:443
??
???SSLCertificateFile /etc/httpd/ssl/httpd.crt
???SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
</VirtualHost>
?
然后檢查語法無誤后,重載服務
httpd-t
servicereload httpd
?
?
?
CentOS 7 上面的操作過程和6的基本一致
轉載于:https://blog.51cto.com/fuclio/1829495
總結
以上是生活随笔為你收集整理的使用httpd-2.2和httpd-2.4实现指定httpd服务的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: Post请求和get请求乱码方式解决
- 下一篇: .html(),.text()和.val