CentOS6.7上搭建httpd-2.2

前端之家收集整理的这篇文章主要介绍了CentOS6.7上搭建httpd-2.2前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。


CentOS6.7上搭建httpd-2.2

1.实验需求:

1、建立httpd服务,要求:
(1) 提供两个基于名称的虚拟主机www1,www2;有单独的错误日志和访问日志;
(2) 通过www1的/server-status提供状态信息,且仅允许tom用户访问;
(3) www2不允许192.168.0.0/24网络中任意主机访问;
2、为上面的第2个虚拟主机提供https服务

2.实验环境:

Linux服务器操作系统版本:CentOS release 6.7 (Final) IP:172.16.66.60
WIN7系统客户机:IP:172.16.250.100

3.实验前提:
1)关闭防火墙和SELinux

~]# service iptables stop
~]# setenforce 0

4.实验过程:

1.提供两个基于名称的虚拟主机www1,www2;有单独的错误日志和访问日志


一、安装服务

1.yum安装httpd-2.2

~]# yum install httpd -y
~]# rpm -qa httpd
~]# rpm -ql httpd
~]# rpm -qc httpd
~]# service httpd restart
~]# chkconfig httpd on
~]# ss -lnt

二、配置虚拟主机

~]# cat /etc/httpd/conf.d/www1.conf
<VirtualHost 172.16.66.60:80>
ServerName www1.magedu.com
DocumentRoot /data/vhosts/www1
ErrorLog logs/www1-error_log
CustomLog logs/www1-access_log combined
</VirtualHost>

~]# cat /etc/httpd/conf.d/www2.conf
<VirtualHost 172.16.66.60:80>
ServerName www2.magedu.com
DocumentRoot /data/vhosts/www2
ErrorLog logs/www2-error_log
CustomLog logs/www2-access_log combined
</VirtualHost>

三、修改配置参数:

1)备份原有的配置文件
~]# cp -p httpd.conf httpd.conf.bak

2)开启虚拟主机:NameVirtualHost
~]# sed -n '990p' /etc/httpd/httpd.conf
NameVirtualHost 172.16.66.60:80

3)创建站点目录:
~]# mkdir -pv /data/vhosts/www{1,2}
~]# echo "<h1> www1.magedu.com </h1>" > /data/vhosts/www1/index.html
~]# echo "<h1> www2.magedu.com </h1>" > /data/vhosts/www2/index.html

4)添加hosts域名解析
~]# echo " 172.16.66.60 www1.magedu.com www2.magedu.com " >> /etc/hsots

四、PC端上测试内容

1)在wind7上添加域名解析:路径:C:\Windows\System32\drivers\etc\hosts
2)用记事本打开hosts添加并保存:172.16.66.60 www1.magedu.com www2.magedu.com
3)测试都正常访问



2.通过www1的/server-status提供状态信息,且仅允许tom用户访问;


一、修改配置文件

1)只允许tom用户访问/server-status;
<Location /server-status>
SetHandler server-status
AuthType basic
AuthName "For tom"
AuthUserFile "/etc/httpd/conf/.htpasswd"
Require user tom
</Location>

2)创建虚拟用户tom文件
~]# htpasswd -c -m /etc/httpd/conf/.htpasswd tom

3)检查语法并重载配置文件
~]# httpd -t
~]# service httpd reload

二、在PC机浏览器中测试:

1)输入 http://172.16.66.60/server-status 需要用户tom认证才能访问

3、为上面的第2个虚拟主机提供https服务;

工作目录:/etc/pki/CA/


1)生成私钥
CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048)

2)生成自签证书
CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.',the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg,city) [Default City]:Beijing
Organization Name (eg,company) [Default Company Ltd]:liyang
Organizational Unit Name (eg,section) []:0ps
Common Name (eg,your name or your server's hostname) []:www2.magedu.com
Email Address []:magedu@com


3)提供辅助文件
CA]# touch index.txt
CA]# echo 01 > serial 序列号


二、节点申请证书

1)生成私钥

~]# mkdir -pv /etc/httpd/ssl
ssl]# (umask 077; openssl genrsa -out httpd.key 1024)


2)生成证书签署请求:
ssl]# openssl req -new -key httpd.key -out httpd.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg,your name or your server's hostname) []:www2.magedu.com
Email Address []:magedu@com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

3)把请求发给CA
ssl]# cp httpd.csr /tmp/


三、CA签发证书 1)签署证书~]# openssl ca -in /tmp/httpd.csr -out /etc/pki/CA/certs/httpd.crtUsing configuration from /etc/pki/tls/openssl.cnfCheck that the request matches the signatureSignature okCertificate Details: Serial Number: 1 (0x1) Validity Not Before: Jul 12 13:01:20 2016 GMT Not After : Jul 12 13:01:20 2017 GMT Subject: countryName = CN stateOrProvinceName = Beijing organizationName = liyang organizationalUnitName = 0ps commonName = www2.magedu.com emailAddress = magedu@com X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: F6:C2:E3:DC:3F:D9:50:39:52:43:35:BF:99:BC:FF:5E:26:EB:9E:29 X509v3 Authority Key Identifier: keyid:15:71:78:70:3E:9B:23:64:A0:37:DE:91:1E:6B:73:F6:AD:3C:A7:A7Certificate is to be certified until Jul 12 13:01:20 2017 GMT (365 days)Sign the certificate? [y/n]:y1 out of 1 certificate requests certified,commit? [y/n]yWrite out database with 1 new entriesData Base Updated 2)把签署好的证书发还给请求者。~]# cp /etc/pki/CA/certs/httpd.crt /etc/httpd/ssl/注意:本次私建CA在一台机器完成。四、配置httpd支持使用ssl,及使用的证书 1)yum安装mod_ssl模块~]# httpd -M | grep ssl ~]# yum install mod_ssl -y~]# rpm -ql mod_ssl/etc/httpd/conf.d/ssl.conf/usr/lib64/httpd/modules/mod_ssl.so 2)修改配置文件~]# cat /etc/httpd/conf.d/ssl.conf <VirtualHost _default_:443> DocumentRoot "/data/vhosts/www2" ServerName www2.magedu.com:443 ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log SSLProtocol all -SSLv2 SSLCertificateFile /etc/httpd/ssl/httpd.crt SSLCertificateKeyFile /etc/httpd/ssl/httpd.key </VirtualHost> 五、测试结果: 1)在PC机浏览器中测试:https://www2.magedu.com 通过443端口访问 2)在PC机浏览器中测试:http://www2.magedu.com 通过80端口访问

猜你在找的CentOS相关文章