zoukankan      html  css  js  c++  java

  • centos7-httpd虚拟主机

    Apache虚拟主机:

    一台WEB服务器发布单个网站会非常浪费资源,所以一台WEB服务器上会发布多个网站,

    在一台服务器上发布多网站,也称之为部署多个虚拟主机,WEB虚拟主机配置方法有三种:

        基于单IP多个Socket端口;

        基于多IP地址一个端口;

        基于单IP一个端口不同域名。

    Apache WEB服务器安装:

    1)安装apr:

    [root@localhost src]# wget http://archive.apache.org/dist/apr/apr-1.5.2.tar.gz
    [root@localhost src]# tar xf apr-1.5.2.tar.gz
    [root@localhost src]# cd apr-1.5.2
    [root@localhost apr-1.5.2]# ./configure --prefix=/usr/local/apr
    [root@localhost apr-1.5.2]# make && make install

    2)安装apr-util:

    [root@localhost src]# wget http://archive.apache.org/dist/apr/apr-util-1.5.4.tar.gz
    [root@localhost src]# tar xf apr-util-1.5.4.tar.gz 
    [root@localhost src]# cd apr-util-1.5.4
    [root@localhost apr-util-1.5.4]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
    [root@localhost apr-util-1.5.4]# make && make install

    3)编译httpd-2.4:

    [root@localhost src]# yum -y install pcre-devel openssl-devel libevent-devel
    [root@localhost src]# wget http://archive.apache.org/dist/httpd/httpd-2.4.10.tar.bz2
    [root@localhost src]# tar xf httpd-2.4.10.tar.bz2
    [root@localhost src]# cd httpd-2.4.10
    [root@localhost httpd-2.4.10]# ./configure --prefix=/usr/local/apache --enable-so --enable-ssl --enable-rewrite --enable-defalte --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork --with-pcre --with-zlib --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/
    [root@localhost httpd-2.4.10]# make && make install

    4)启动httpd:

    [root@localhost ~]# echo 'export PATH=/usr/local/apache/bin:$PATH' > /etc/profile.d/httpd.sh
    [root@localhost ~]# source /etc/profile.d/httpd.sh

    基于一个端口不同域名配置:

    1)创建虚拟主机配置文件httpd-vhosts.conf,该文件默认已存在,只需去掉httpd.conf主配置文件中#号即可

    [root@localhost ~]# vim /usr/local/apache/conf/httpd.conf

    2)配置虚拟主机:

    [root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf
    <VirtualHost *:80>						#监听所有网卡的80端口
    DocumentRoot "/usr/local/apache/htdocs/www1"		#虚拟主机发布目录
    ServerName www.a.com					#虚拟主机完整域名
    ErrorLog "logs/www.a.com-error_log"			#错误日志路径
    CustomLog "logs/www.a.com-access_log" common		#访问日志路径
    <Location /server-status>				#提供状态信息,且仅允许tom用户访问
        SetHandler server-status
        AuthType basic
        AuthName "Fortom"
        AuthUserFile "/usr/local/apache/conf/.htpasswd"
        Require user tom
    </Location>
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/www2"
    ServerName www.b.com
    ErrorLog "logs/www.b.com-error_log"
    CustomLog "logs/www.b.com-access_log" combined
    <Directory "/usr/local/apache/htdocs/www2">		#设置www2目录权限,不允许192.168.2.0网段任意主机访问
        Options None
        AllowOverride None
        Order deny,allow
        Deny from 192.168.2.0/24
    </Directory>
</VirtualHost>

    3)创建虚拟主机发布目录:

    [root@localhost ~]# mkdir -p /usr/local/apache/htdocs/{www1,www2}
    [root@localhost ~]# echo '<h1>www.a.com Pages</h1>' > /usr/local/apache/htdocs/www1/index.html
    [root@localhost ~]# echo '<h1>www.b.com Pages</h1>' > /usr/local/apache/htdocs/www2/index.html

    4)创建tom用户:
    [root@localhost ~]# htpasswd -cm /usr/local/apache/conf/.htpasswd tom
    [root@localhost ~]# apachectl restart

     5)测试虚拟主机:

    修改客户端hosts文件,域名能够解析到服务器ip

    6)测试server-status:

    7)测试www2访问权限:

    https加密配置:

    建立私有CA:

    生成私钥:

    [root@localhost CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048)
    #生成自签证书:

    [root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [XX]:CN
    State or Province Name (full name) []:bj
    Locality Name (eg, city) [Default City]:bj
    Organization Name (eg, company) [Default Company Ltd]:ym
    Organizational Unit Name (eg, section) []:Ops
    Common Name (eg, your name or your server's hostname) []:www.a.com
    Email Address []:admin@a.com
    #提供辅助文件:
    [root@localhost CA]# touch index.txt
    [root@localhost CA]# echo 01 >serial
    #生成私钥:
    [root@localhost CA]# mkdir /usr/local/apache/ssl
    [root@localhost CA]# cd /usr/local/apache/ssl
    [root@localhost ssl]# (umask 077; openssl genrsa -out httpd.key 1024)
    #生成证书请求:

    [root@localhost ssl]# openssl req -new -key httpd.key -out httpd.csr
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [XX]:CN
    State or Province Name (full name) []:bj
    Locality Name (eg, city) [Default City]:bj
    Organization Name (eg, company) [Default Company Ltd]:ym
    Organizational Unit Name (eg, section) []:Ops
    Common Name (eg, your name or your server's hostname) []:www.a.com
    Email Address []:admin@a.com
    #CA签发证书:
    [root@localhost ssl]# ls
    httpd.csr  httpd.key
    [root@localhost ssl]# openssl ca -in httpd.csr -out httpd.crt
    Using configuration from /etc/pki/tls/openssl.cnf
    Check that the request matches the signature
    Signature ok
    Certificate Details:
            Serial Number: 1 (0x1)
            Validity
                Not Before: Nov  3 12:05:53 2017 GMT
                Not After : Nov  3 12:05:53 2018 GMT
            Subject:
                countryName               = CN
                stateOrProvinceName       = bj
                organizationName          = ym
                organizationalUnitName    = Ops
                commonName                = www.a.com
                emailAddress              = admin@a.com
            X509v3 extensions:
                X509v3 Basic Constraints: 
                    CA:FALSE
                Netscape Comment: 
                    OpenSSL Generated Certificate
                X509v3 Subject Key Identifier: 
                    47:68:63:A8:C4:51:9E:E5:33:7A:CD:AF:72:8E:F9:C0:A1:01:92:D2
                X509v3 Authority Key Identifier: 
                    keyid:76:96:79:13:59:48:85:EC:D6:FE:4D:C5:2D:29:24:E3:A9:24:6C:3D

    修改配置文件,启用SSL模块:

    [root@localhost ssl]# vim /usr/local/apache/conf/httpd.conf

    LoadModule ssl_module modules/mod_ssl.so

    Include conf/extra/httpd-ssl.conf

    SSL配置:

    [root@localhost ssl]# vim /usr/local/apache/conf/extra/httpd-ssl.conf 
    Listen 443
    <VirtualHost _default_:443>
        DocumentRoot "/usr/local/apache/htdocs/www1"
        ServerName www.a.com:443
        SSLCertificateFile /usr/local/apache/ssl/httpd.crt
        SSLCertificateKeyFile /usr/local/apache/ssl/httpd.key
        <Directory "/usr/local/apache/htdocs/www1">
            SSLOptions +StdEnvVars
            AllowOverride None
            Require all granted
        </Directory>
    </VirtualHost>

    https访问:

     
  • 相关阅读:
    git使用教程PDF版
    Everything(一款用于检索硬盘文件的工具)
    Animate.css(一款有意思的CSS3动画库)
    bootstrap3中container与container_fluid的区别
    河北省重大技术需求征集系统设计(七稿)第九天
    河北省重大技术需求征集系统设计(七稿)第八天
    河北省重大技术需求征集系统设计(七稿)第七天
    河北省重大技术需求征集系统设计(七稿)第六天
    河北省重大技术需求征集系统设计(七稿)第五天
    河北省重大技术需求征集系统设计(七稿)第四天
  • 原文地址:https://www.cnblogs.com/yuezhimi/p/7978162.html
Copyright © 2011-2022 走看看