准备工作:在Centos7中安装httpd,使用yum安装或自己编译安装,建议使用yum安装,快捷又方便。
关闭防火墙及selinux。
提供两个基于名称的虚拟主机www1, www2;有单独的错误日志和访问日志;
先建立虚拟主机www1
a.在httpd的辅助配置文件目录/etc/httpd/conf.d/中创建属于虚拟主机自己的配置文件
~]# vim /etc/httpd/conf.d/vhosts-www1.conf<VirtualHost 192.168.127.128:80> DocumentRoot "/myweb/vhosts/www1" ServerName www.link1.com ErrorLog "/myweb/vhosts/www1/logs/error_log" CustomLog "/myweb/vhosts/www1/logs/access_log" combined</VirtualHost><Directory "/myweb/vhosts/www1"> AllowOverride None Options None Require all granted</Directory>
b.创建好配置文件后,再创建文档根目录及日志目录
~]# mkdir /myweb/vhosts/www1/logs -pv
c.创建并向文档根目录下的index.html写点东西,并在本机的C:\Windows\System32\drivers\etc目录下的HOST文件中添加192.168.127.128 www.link1.com。
重新载入配置文件
systemctl reload httpd.service
然后用本地浏览器打开,结果如下:
650) this.width=650;" src="https://s1.51cto.com/wyfs02/M01/A4/4A/wKioL1mnxxOy62MhAAA_HF2_Nos662.jpg-wh_500x0-wm_3-wmp_4-s_3474665312.jpg" title="360截图20170829160225228.jpg" alt="wKioL1mnxxOy62MhAAA_HF2_Nos662.jpg-wh_50" />
查看访问日志/myweb/vhosts/www1/logs/access_log,内容如下:
192.168.127.1 - - [29/Aug/2017:15:40:00 +0800] "GET /sky/ HTTP/1.1" 200 1319 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0"
状态码为200,请求成功。
虚拟主机www2的建立过程与www1的没有差别,只不过把相关名称改了就行,最后用浏览器测试,结果如下:650) this.width=650;" src="https://s2.51cto.com/wyfs02/M02/05/99/wKiom1mnybWBoyddAAA7OwbcWg8430.jpg-wh_500x0-wm_3-wmp_4-s_4135152778.jpg" title="360截图20170829160157758.jpg" alt="wKiom1mnybWBoyddAAA7OwbcWg8430.jpg-wh_50" />
2.访问控制
a.通过www1的/server-status提供状态信息,且仅允许link用户访问;
a-1.修改www1的配置文件如下:
<VirtualHost 192.168.127.128:80> DocumentRoot "/myweb/vhosts/www1" ServerName www.link1.com ErrorLog "/myweb/vhosts/www1/logs/error_log" CustomLog "/myweb/vhosts/www1/logs/access_log" combined</VirtualHost><Directory "/myweb/vhosts/www1"> AllowOverride None Options None AuthType basic AuthName "Please input user and password to login,only link has permission to access!!" AuthUserFile /etc/httpd/users/.htpasswd Require user link</Directory>
a-2.使用htpasswd命令创建虚拟用户
~]# mkdir /etc/httpd/users~]# htpasswd -c -m /etc/httpd/users/.htpasswd link~]# htpasswd -m /etc/httpd/users/.htpasswd link1
a-3.重新载入配置文件,打开浏览器输入就会出现以下情况:
650) this.width=650;" src="https://s5.51cto.com/wyfs02/M01/05/9A/wKiom1mn03aT2MLXAAIBhN0oI7I299.jpg-wh_500x0-wm_3-wmp_4-s_1651760900.jpg" title="360截图20170831171019759.jpg" alt="wKiom1mn03aT2MLXAAIBhN0oI7I299.jpg-wh_50" />
当输入link用户及密码后:
650) this.width=650;" src="https://s4.51cto.com/wyfs02/M02/A4/4B/wKioL1mn08nDQaN2AACdRoG3ruU344.jpg-wh_500x0-wm_3-wmp_4-s_3734496783.jpg" title="360截图20170831171149133.jpg" alt="wKioL1mn08nDQaN2AACdRoG3ruU344.jpg-wh_50" />
650) this.width=650;" src="https://s4.51cto.com/wyfs02/M01/A4/4B/wKioL1mn0-7Qx4n6AACNDwVbSDk641.jpg-wh_500x0-wm_3-wmp_4-s_1204800773.jpg" title="360截图20170831171207883.jpg" alt="wKioL1mn0-7Qx4n6AACNDwVbSDk641.jpg-wh_50" />
当输入link1用户及密码时:
650) this.width=650;" src="https://s3.51cto.com/wyfs02/M00/05/9A/wKiom1mn1FHAI0qJAACgDQuwGp0919.jpg-wh_500x0-wm_3-wmp_4-s_2238281029.jpg" title="360截图20170831171242451.jpg" alt="wKiom1mn1FHAI0qJAACgDQuwGp0919.jpg-wh_50" />
650) this.width=650;" src="https://s4.51cto.com/wyfs02/M00/A4/4B/wKioL1mn1G2gzLRuAAFE4DTLo5g269.jpg-wh_500x0-wm_3-wmp_4-s_4211956908.jpg" title="360截图20170831171335165.jpg" alt="wKioL1mn1G2gzLRuAAFE4DTLo5g269.jpg-wh_50" />
因为只允许link用户登录:
650) this.width=650;" src="https://s4.51cto.com/wyfs02/M00/05/9A/wKiom1mn1QrA2btiAAA58OedfeY417.jpg-wh_500x0-wm_3-wmp_4-s_2922775774.jpg" title="360截图20170831171111894.jpg" alt="wKiom1mn1QrA2btiAAA58OedfeY417.jpg-wh_50" />
至此,要求实现。
b.www2不允许192.168.127.0/24 网络中任意主机访问;
从之前查看访问日志中看到本主机的ip地址为192.168.127.1。
那我们就将www2的配置文件修改如下:
<VirtualHost 192.168.127.128:80> DocumentRoot "/myweb/vhosts/www2" ServerName www.link2.com ErrorLog "/myweb/vhosts/www2/logs/error_log" CustomLog "/myweb/vhosts/www2/logs/access_log" combined<Directory "/myweb/vhosts/www2"> AllowOverride None Options None <RequireAll> Require all granted Require not ip 192.168.127.0/24 </RequireAll></Directory></VirtualHost>
修改之前访问如下:
650) this.width=650;" src="https://s3.51cto.com/wyfs02/M00/A4/4D/wKioL1mn7-aQB8CHAABqbUz7C6c893.jpg-wh_500x0-wm_3-wmp_4-s_2925449766.jpg" title="360截图20170831183959892.jpg" alt="wKioL1mn7-aQB8CHAABqbUz7C6c893.jpg-wh_50" />
修改之后访问如下:
650) this.width=650;" src="https://s4.51cto.com/wyfs02/M01/A4/4D/wKioL1mn8COxXUgAAABWDqMdaX4141.jpg-wh_500x0-wm_3-wmp_4-s_1513024017.jpg" title="360截图20170831184359531.jpg" alt="wKioL1mn8COxXUgAAABWDqMdaX4141.jpg-wh_50" />
至此,所要求的功能实现。
3.为上面的www2虚拟主机提供https服务
创建私有CA,然后再为本服务器颁发自签证书。
a.创建私有CA
a-1.创建私有CA私钥文件
~]# (umask 077 ; openssl genrsa -out /etc/pki/CA/private/cakey.pem 4096)
a-2.生成自签证书
~]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3653
a-3.满足CA所必须的目录级文件和文本文件的布局
~]# touch /etc/pki/CA/index.txt~]# echo 01 > /etc/pki/CA/serial
b.为服务器提供证书
b-1.创建服务器的私钥文件
~]# mkdir /etc/httpd/conf/ssl~]# cd /etc/httpd/conf/sslssl]# (umask 077 ; openssl genrsa -out httpd.key 4096)
b-2.生成证书请求文件
ssl]# openssl req -new -key httpd.key -out httpd.csr -days 3653
b-3.由CA签发证书:在CA所在的服务器上完成
ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
至此证书颁发完成。
c.安装mod_ssl模块
yum -y install mod_ssl
修改ssl的配置文件的部分内容如下:
SSLCertificateFile /etc/httpd/conf/ssl/httpd.crt<directory "/myweb/vhosts/ssl"> AllowOverride None Options None Require all granted</Directory>DocumentRoot "/myweb/vhosts/ssl"ServerName www.link2.comSSLCertificateKeyFile /etc/httpd/conf/ssl/httpd.key
然后再创建/myweb/vhosts/ssl目录
~]# mkdir /myweb/vhosts/ssl~]# echo "welcome to https://www.link2.com" >> /myweb/vhosts/ssl/index.html
然后重启服务。
不加密的访问如下:
650) this.width=650;" src="https://s5.51cto.com/wyfs02/M01/A4/4D/wKioL1mn9wGy4KhyAABqbUz7C6c253.jpg-wh_500x0-wm_3-wmp_4-s_1435647821.jpg" title="360截图20170831183959892.jpg" alt="wKioL1mn9wGy4KhyAABqbUz7C6c253.jpg-wh_50" />
https访问如下:
650) this.width=650;" src="https://s5.51cto.com/wyfs02/M01/A4/4D/wKioL1mn98nRovZRAAA4mLMgUGk322.jpg-wh_500x0-wm_3-wmp_4-s_1766040925.jpg" title="360截图20170831194901196.jpg" alt="wKioL1mn98nRovZRAAA4mLMgUGk322.jpg-wh_50" />
因为该证书是我们自己颁发的,所以刚开始访问时会说证书不受信任或有风险,添加例外就行了。
httpd-2.4实现虚拟主机、访问控制及https功能
原文地址:http://liangqunzhi.blog.51cto.com/10674929/1961507