Httpd-2.4實現2個虛擬主機:要求如下
a.
1.提供兩個基於名稱的虛擬主機www1,www2;有單獨的錯誤日誌和訪問日誌;
1.通過www1的/server-status提供httpd狀態信息,且僅允許tom用戶訪問;
2.www2不允許192.168.0.0/24網段的任意主機訪問;
b.爲上面的第2個虛擬主機提供https服務。
實現步驟:
1.創建兩個虛擬主機www1,www2的配置文件/etc/httpd/conf.d/vhostwww1.conf,/etc/httpd/conf.d/vhostwww2.conf,根目錄/var/www/html/www1,/var/www/html/www2及首頁文件indexwww1.html,indexwww2.html
[root@www ~]# mkdir /var/www/html/www{1,2}
[root@www ~]# echo www1 > /var/www/html/www1/indexwww1.html
[root@www ~]# echo www2 > /var/www/html/www1/indexwww2.html
虛擬主機www1的配置文件內容:
[root@localhost ~]# cat /etc/httpd/conf.d/vhostwww1.conf
<VirtualHost 172.16.254.79:80>
ServerName www1
DocumentRoot /var/www/html/www1
ErrorLog logs/www1_error_log
CustomLog logs/www1_access_log combined
<Location /server-status>
SetHandler server-status
AuthType Basic
AuthName "httpd-2.4 status page"
AuthUserFile /etc/httpd/user/.htpasswd
Require user tom
</Location>
<Directory /var/www/html/wwww1>
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
創建虛擬用戶tom
mkdir /etc/httpd/user
htpasswd -m -c /etc/httpd/user/.htpasswd tom-----輸入兩個密碼即可
虛擬主機www2的配置文件內容:
[root@localhost ~]# cat /etc/httpd/conf.d/vhostwww2.conf
<VirtualHost 172.16.254.79:80>
ServerName www2
DocumentRoot /var/www/html/www2
ErrorLog logs/www2_error_log
CustomLog logs/www2_access_log combined
<Directory /var/www/html/www2>
Options None
AllowOverride None
<RequireAll>
Require not ip 192.168.0.0/24
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
虛擬主機www2的https的實現:
Yum -y install mod_ssl
搭建私有CA 實驗環境:一臺centos7.2的主機即當CA,又是www2虛擬站點
CA服務端配置:
[root@localhost ~]# cd /etc/pki/CA
[root@localhost CA]# touch index.txt
[root@localhost CA]# echo 01 > serial
創建私鑰:
[root@localhost CA]# (umask 066;openssl genrsa -out private/cakey.pem 1024)
創建自簽證書:
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -days 3650 -out cacert.pem
www2虛擬站點生成私鑰:
[root@localhost CA]# (umask 066;openssl genrsa -out /etc/httpd/ssl/httpd.key 1024)
生成證書申請文件:
[root@localhost CA]# openssl req -new -key /etc/httpd/ssl/httpd.key -days 365 -out /etc/httpd/ssl/httpd.csr
CA服務器給www2頒發證書:
[root@localhos CA]# openssl ca -in /etc/httpd/ssl/httpd.csr -out /etc/pki/CA/newcerts/httpd.crt -days 365
[root@localhost CA]# cp /etc/pki/CA/newcerts/httpd.crt /etc/httpd/ssl/
配置mod_ssl提供給httpd2.4的配置文件:
Vim /etc/httpd/conf.d/ssl.conf
LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost 172.16.254.79:443>
DocumentRoot "/var/www/html/www2"
ServerName www2:443
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
SSLCertificateFile /etc/httpd/ssl/httpd.crt
</VirtualHost>
Service httpd reload ---- 重載服務
www2 證書測試:
Vim /etc/hosts
172.16.251.237 www1 www2
1. Openssl s_client -connect www2:443 -CAfile /etc/pki/CA/cacert.crt
2. 把CA的證書,導入到瀏覽器中,然後訪問
https://www2/indexwww2.html