本文旨在實踐httpd虛擬主機及基於用戶的訪問控制
知識儲備
虛擬主機有三種實現方案:
基於ip:
爲每個虛擬主機準備至少一個獨有ip地址;
基於port:
爲每個虛擬主機使用至少一個獨有的port;
基於FQDN:
爲每個虛擬主機使用至少一個FQDN;
注意:一般虛擬機不要與中心主機混用;因此,要使用虛擬主機,得先禁用'main'主機;
禁用方法:註釋中心主機的DocumentRoot指令即可;
基於用戶的訪問控制:
http協議認證方式2種
basic:明文
digest:消息摘要認證
本次以basic爲例進行演示。
實驗要求
實驗機器:centos6.7 x86_64
實驗軟件:httpd-2.2.15-45.el6.centos.x86_64 yum安裝
配置httpd虛擬主機
1. 配置基於ip的虛擬主機
1.1 配置要用到的ip地址
[root@web01 ~]# ip addr add 172.16.52.2/16 dev eth1 [root@web01 ~]# ip addr show eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 10 00 link/ether 00:0c:29:d2:e8:ff brd ff:ff:ff:ff:ff:ff inet 172.16.52.1/16 brd 172.16.255.255 scope global eth1 inet 172.16.52.2/16 scope global secondary eth1 inet6 fe80::20c:29ff:fed2:e8ff/64 scope link valid_lft forever preferred_lft forever
1.2 配置虛擬主機文件
配置/etc/httpd/conf.d/vhost{1,2}.conf #以.conf結尾都行
[root@web01 conf.d]# cat vhosts{1,2}.conf <VirtualHost 172.16.52.1:80> ServerName www1.magedu.com DocumentRoot "/data/vhosts/www1" CustomLog logs/www1/www1.access_log combined ErrorLog logs/www1/www1.error_log </VirtualHost> <VirtualHost 172.16.52.2:80> ServerName www2.magedu.com DocumentRoot "/data/vhosts/www2" CustomLog logs/www2/www2.access_log combined ErrorLog logs/www2/www2.error_log </VirtualHost>
注意該創建的目錄要事先創建好!
1.3 配置虛擬主機站點文件
[root@web01 conf.d]# cat /data/vhosts/www{1,2}/index.html <h1>www1 Page www1.magedu.com</h1> web2 page www2.magedu.com
1.4 檢查並重載
[root@web01 conf.d]# httpd -t Syntax OK [root@web01 conf.d]# service httpd reload Reloading httpd:
1.5 測試
[root@web01 conf.d]# curl 172.16.52.1 <h1>www1 Page www1.magedu.com</h1> [root@web01 conf.d]# curl 172.16.52.2 web2 page www2.magedu.com
2.配置基於端口的虛擬主機
2.1 確保httpd已經監聽了多個端口
[root@web01 conf.d]# grep "^Listen" /etc/httpd/conf/httpd.conf Listen 80 Listen 808
[root@web01 logs]# netstat -tnlp|grep httpd tcp 0 0 :::808 :::* LISTEN 20215/httpd tcp 0 0 :::80 :::* LISTEN 20215/httpd
2.2 配置虛擬主機文件
[root@web01 conf.d]# cat vhosts{1,2}.conf <VirtualHost 172.16.52.1:80> ServerName www1.magedu.com DocumentRoot "/data/vhosts/www1" CustomLog logs/www1/www1.access_log combined ErrorLog logs/www1/www1.error_log </VirtualHost> <VirtualHost 172.16.52.1:808> ServerName www2.magedu.com DocumentRoot "/data/vhosts/www2" CustomLog logs/www2/www2.access_log combined ErrorLog logs/www2/www2.error_log </VirtualHost>
2.3 檢查並重載
httpd -t
service httpd reload
2.4 測試
[root@web01 conf.d]# curl 172.16.52.1:80 <h1>www1 Page www1.magedu.com</h1> [root@web01 conf.d]# curl 172.16.52.1:808 web2 page www2.magedu.com
3.配置基於域名的虛擬主機
3.1 開啓NameVirtualHost
[root@web01 httpd]# grep "^NameVirtualHost" /etc/httpd/conf/httpd.conf NameVirtualHost 172.16.52.1:80
3.2 配置虛擬主機文件
[root@web01 conf.d]# cat vhosts{1,2}.conf <VirtualHost 172.16.52.1:80> ServerName www1.magedu.com DocumentRoot "/data/vhosts/www1" CustomLog logs/www1/www1.access_log combined ErrorLog logs/www1/www1.error_log </VirtualHost> <VirtualHost 172.16.52.1:80> ServerName www2.magedu.com DocumentRoot "/data/vhosts/www2" CustomLog logs/www2/www2.access_log combined ErrorLog logs/www2/www2.error_log </VirtualHost>
3.3 檢查並重載
httpd -t
service httpd reload
3.4 測試
[root@web01 httpd]# tail -2 /etc/hosts 172.16.52.1 www1.magedu.com 172.16.52.1 www2.magedu.com
[root@web01 httpd]# curl www1.magedu.com <h1>www1 Page www1.magedu.com</h1> [root@web01 httpd]# curl www2.magedu.com web2 page www2.magedu.com
基於用戶的訪問控制
1. basic基於用戶認證配置
1.1 定義安全域
[root@web01 conf]# cat ../conf.d/vhosts1.conf <VirtualHost 172.16.52.1:80> ServerName www1.magedu.com DocumentRoot "/data/vhosts/www1" CustomLog logs/www1/www1.access_log combined ErrorLog logs/www1/www1.error_log <Directory "/data/vhosts/www1"> Options None AllowOverride None AuthType Basic AuthName "For Administrators" AuthUserFile "/etc/httpd/conf/.htpasswd" Require user tom </Directory> </VirtualHost>
說明: <Directory ""> </Directory> 也可以配置在httpd.conf中
1.2 提供賬號和密碼存儲(文本文件)
[root@web01 conf]# htpasswd -c -m /etc/httpd/conf/.htpasswd tom New password: Re-type new password: Adding password for user tom [root@web01 conf]# htpasswd -m /etc/httpd/conf/.htpasswd jack New password: Re-type new password: Adding password for user jack
1.3 檢查並重載
1.4 測試
2. basic基於組賬號認證配置
2.1 定義安全域
[root@web01 ~]# vim /etc/httpd/conf.d/vhosts1.conf <VirtualHost 172.16.52.1:80> ServerName www1.magedu.com DocumentRoot "/data/vhosts/www1" CustomLog logs/www1/www1.access_log combined ErrorLog logs/www1/www1.error_log <Directory "/data/vhosts/www1"> Options None AllowOverride None AuthType Basic AuthName "For Administrators" AuthUserFile "/etc/httpd/conf/.htpasswd" AuthGroupFile "/etc/httpd/conf/.htgrp" Require group mygroup </Directory> </VirtualHost>
說明: <Directory ""> </Directory> 也可以配置在httpd.conf中
2.2 創建用戶賬號和組賬號文件
[root@web01 conf]# cat .htgrp mygroup:tom jack
2.3 檢查並重載
2.4 測試