目录:
一、CentOS6使用httpd-2.2基于域名构建httpd服务
二、centos7使用httpd2.4基于域名构建httpd服务
三、centos6编译安装httpd-2.4基于域名构建httpd服务
一、centos6使用httpd-2.2基于域名构建httpd服务:
1、安装http服务:
yum -y install httpd2、编辑主配置文件开启Name VirtualHost
NameVirtualHost 192.168.1.100:803、创建DocumentRoot及编辑网页内容
[root@linuxidc ~]# mkdir -p /data/vhost/www1
[root@linuxidc ~]# mkdir -p /data/vhost/www2
[root@linuxidc www1]# echo "www1" >index.html
[root@linuxidc www2]# echo "www2" >index.html4、建立基于www1域名的虚拟主机
要求:
##定义访问日志和错误日志
##定义192.168.1.0网段禁止访问
##访问www1.magedu.com/server-status输出状态页面,并且仅root用户可以访问
具体配置如下:
[root@linuxidc ~]# vim /etc/httpd/conf.d/vhost1.conf
<VirtualHost 192.168.1.100:80>
DocumentRoot /data/vhost/www1
ServerName www1.magedu.com
CustomLog /var/log/httpd/www1/aceess_log common
ErrorLog /var/log/httpd/www1/err_log##日志文件路径需要自己创建即可,否则启服务失败
<Directory "/data/vhost/www1">
options None
AllowOverride None
Order allow,deny
deny from 192.168.1.0 ###现在192.168.1.0网段中的任何主机都不可访问www1
</Directory>
<Location /server-status> ###设置访问www1.magedu.com/server-status的状态信息
SetHandler server-status
Order allow,deny
Allow from 192.168.1
AuthType Basic
AuthName "admin"
AuthUserFile "/etc/httpd/conf/.htpasswd"###用户认证文件
Require valid-user
</Location>
</VirtualHost>
[root@linuxidc conf]# htpasswd -c -m /etc/httpd/.htpasswd aa ##建立认证用户
ok重启或重加载测试
5、建立基于www2域名的虚拟主机
要求:
###定义访问日志和错误日志
###访问此站点为https安全站点
具体配置如下:
<VirtualHost 192.168.1.100:80>
DocumentRoot /data/vhost/www2
ServerName www2.magedu.com
ErrorLog /var/log/httpd/www2/error_log ##定义错误日志
CustomLog /var/log/httpd/www2/access_log common ##定义访问日志
</VirtualHost>将此站点构建成HTTPS安全访问:
建立CA:
1)生成私钥文件:
[root@linuxidc tls]# (umask 077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)2)生成自签证书
[root@linuxidc CA]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3655
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:magedu.com
Organizational Unit Name (eg, section) []:yunwei
Common Name (eg, your name or your server's hostname) []:linuxidc
Email Address []:admin@163.com 3)为CA提供文件
[root@linuxidc CA]# touch {serial,index.txt}
[root@linuxidc CA]# echo 01 > serial
http服务器进行配置如下:
1)生成私钥
[root@linuxidc ~]# mkdir /etc/httpd/ssl
[root@linuxidc ~]# cd /etc/httpd/ssl
[root@linuxidc ssl]# (umask 077; openssl genrsa -out /etc/httpd/ssl/httpd.key 2048)2)生成证书请求:
[root@linuxidc ssl]# openssl req -new -key /etc/httpd/ssl/httpd.key -out /etc/httpd/ssl/httpd.csr -days 365
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:magedu.com
Organizational Unit Name (eg, section) []:yunwei
Common Name (eg, your name or your server's hostname) []:linuxidc
Email Address []:admin@163.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:3)将此请求证书传给CA签署
[root@linuxidc ssl]# scp httpd.csr 192.168.1.100:/tmp4)CA签署证书并发给请求者
[root@linuxidc tmp]# openssl ca -in /tmp/httpd.csr -out /etc/pki/CA/certs/httpd.crt -days 365[root@linuxidc certs]# scp httpd.crt root@192.168.1.100:/etc/httpd/ssl/5)http要支持ssl就需要安装mod_ssl模块
[root@linuxidc ~]# yum -y install mod_ssl6)配置/etc/httpd/conf.d/ssl.conf文件
<VirtualHost 192.168.1.100:443>
DocumentRoot "/data/vhost/www2"
ServerName www2.magedu.com
SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key7)重启服务测试即可
[root@linuxidc ~]# httpd -t
Syntax OK
[root@linuxidc ~]# service httpd reload
Reloading httpd: