2.2 常用配置选项及VirtualHost(4)

1)编辑配置文件设置如下:
<VirtualHost 192.168.1.100:80>
    DocumentRoot "/web/vhosts/www1"
    ServerName www1.a1.com
    ErrorLog "/var/log/httpd/www1.err"
    CustomLog "/var/log/httpd/www1.access" common
</VirtualHost>
 
<VirtualHost 192.168.1.100:8080>
    DocumentRoot "/web/vhosts/www2"
    ServerName www2.a2.com
    ErrorLog "/var/log/httpd/www2.err"
    CustomLog "/var/log/httpd/www2.access" common
</VirtualHost>

2)设置监听地址
Listen 80
Listen 8080

3)检查然后重新加载服务,测试

3、基于FQDN的virtualhost
1)开启虚拟主机域名
NameVirtualHost 192.168.1.100:80

2)编辑配置文件设置如下:
<VirtualHost 192.168.1.100:80>
    DocumentRoot "/web/vhosts/www1"
    ServerName www1.a1.com
    ErrorLog "/var/log/httpd/www1.err"
    CustomLog "/var/log/httpd/www1.access" common
</VirtualHost>
 
<VirtualHost 192.168.1.100:80>
    DocumentRoot "/web/vhosts/www2"
    ServerName www2.a2.com
    ErrorLog "/var/log/httpd/www2.err"
    CustomLog "/var/log/httpd/www2.access" common
</VirtualHost>

3)解析域名,此处我就用hosts文件来解析了
[root@linuxidc ~]# vim /etc/hosts
127.0.0.1  localhost localhost.localdomain localhost4 localhost4.localdomain4
::1        localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.0.1  server.magelinux.com server
192.168.1.100  www1.a1.com
192.168.1.100  www2.a2.com

4)检查加载服务,测试即可


四、httpd-2.2的基于https的安全访问
###CA服务器上操作:
1)生成密钥对密钥对
[root@linuxidc CA]# (umak 077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)

2)生成自签证书
[root@linuxidc CA]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3655
 
Country Name (2 letter code) [XX]:CN ##国家
State or Province Name (full name) []:beijing ##省
Locality Name (eg, city) [Default City]:beijin  ##市
Organization Name (eg, company) [Default Company Ltd]:magedu.com  #公司名称
Organizational Unit Name (eg, section) []:yunwei  ##部门
Common Name (eg, your name or your server's hostname) []:linuxidc ##ca域名
Email Address []:admin@163.com #邮箱

3)为CA提供所需目录及文件
[root@linuxidc CA]# touch {serial,index.txt}
[root@linuxidc CA]# echo 01 > serial

###httpd服务器上操作:
1)生成密钥
 [root@linuxidc ~]# mkdir /etc/httpd/ssl
[root@linuxidc ~]# cd /etc/httpd/ssl/
[root@linuxidc ssl]# (umask 077;openssl genrsa -out /etc/httpd/)
conf/    conf.d/  logs/    modules/ run/    ssl/     
[root@linuxidc ssl]# (umask 077;openssl genrsa -out /etc/httpd/ssl/httpd.key 2048)

2)生成证书签署请求
[root@linuxidc ssl]# openssl req -new -key /etc/httpd/ssl/httpd.key -out /etc/httpd/ssl/httpd.csr -days 365
 
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijin
Organization Name (eg, company) [Default Company Ltd]:magedu.com
Organizational Unit Name (eg, section) []:yunwei
Common Name (eg, your name or your server's hostname) []:linuxidc
Email Address []:admin@163.com

3)在CA上签署证书,并将证书方式给请求者
[root@linuxidc tmp]# openssl ca -in /tmp/httpd.csr -out /etc/pki/CA/certs/httpd.crt -days 365
[root@linuxidc certs]# scp httpd.crt root@192.168.1.100:/etc/httpd/ssl

4)httpd要支持SSL需要安装mod_ssl模块
[root@linuxidc ~]# yum -y install mod_ssl

5)配置/etc/httpd/conf.d/ssl.conf
<VirtualHost 192.168.1.100:443> ##此行IP地址需要按照你自己需求更改
DocumentRoot "/web/vhosts/www1"
ServerName 
 
SSLCertificateFile /etc/httpd/ssl/httpd.crt 
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key  ##证书私钥

6)检查配置文件,重新加载,测试即可
[root@linuxidc ssl]# httpd -t 
Syntax OK
[root@linuxidc ssl]# service httpd reload 
Reloading httpd:

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/53b0d8afbeb0698fc699cf781df5c594.html