linux系统中部署apache虚拟主机功能（基于IP地址部署多个网站）

虚拟主机功能：一台物理服务器分割为多个“虚拟的服务器”，实现一台物理服务器部署多个网站的功能。

方式：

• 基于IP地址
• 基于主机域名
• 基于端口号

以下实验完成基于IP地址的虚拟主机功能，使用两台虚拟机完成，PC1为服务器端，IP设定为3个（192.168.10.100,192.168.10.101,192.168.10.102），PC2为客户机端，IP设为1个,192.168.10.20.

1、在PC1服务器端安装apache服务

[root@PC1 ~]# yum install httpd -y Loaded plugins: langpacks, product-id, subscription-manager This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast rhel7 | 4.1 kB     00:00 Resolving Dependencies --> Running transaction check ---> Package httpd.x86_64 0:2.4.6-17.el7 will be installed --> Processing Dependency: httpd-tools = 2.4.6-17.el7 for package: httpd-2.4.6-17.el7.x86_64 --> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-17.el7.x86_64 --> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-17.el7.x86_64 --> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-17.el7.x86_64 --> Running transaction check ---> Package apr.x86_64 0:1.4.8-3.el7 will be installed ---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed ---> Package httpd-tools.x86_64 0:2.4.6-17.el7 will be installed ---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: httpd x86_64 2.4.6-17.el7            rhel7         1.2 M Installing for dependencies: apr x86_64 1.4.8-3.el7             rhel7         103 k apr-util            x86_64         1.5.2-6.el7             rhel7          92 k httpd-tools         x86_64         2.4.6-17.el7            rhel7          77 k mailcap noarch 2.1.41-2.el7            rhel7          31 k Transaction Summary ================================================================================ Install 1 Package (+4 Dependent packages) Total download size: 1.5 M Installed size: 4.3 M Downloading packages: -------------------------------------------------------------------------------- Total 6.0 MB/s | 1.5 MB  00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : apr-1.4.8-3.el7.x86_64                                       1/5 Installing : apr-util-1.5.2-6.el7.x86_64                                  2/5 Installing : httpd-tools-2.4.6-17.el7.x86_64                              3/5 Installing : mailcap-2.1.41-2.el7.noarch                                  4/5 Installing : httpd-2.4.6-17.el7.x86_64                                    5/5 rhel7/productid                                          | 1.6 kB     00:00 Verifying : mailcap-2.1.41-2.el7.noarch                                  1/5 Verifying : httpd-tools-2.4.6-17.el7.x86_64                              2/5 Verifying : apr-1.4.8-3.el7.x86_64                                       3/5 Verifying : apr-util-1.5.2-6.el7.x86_64                                  4/5 Verifying : httpd-2.4.6-17.el7.x86_64                                    5/5 Installed: httpd.x86_64 0:2.4.6-17.el7 Dependency Installed: apr.x86_64 0:1.4.8-3.el7                 apr-util.x86_64 0:1.5.2-6.el7 httpd-tools.x86_64 0:2.4.6-17.el7        mailcap.noarch 0:2.1.41-2.el7 Complete!

 

2、在PC1服务器端创建网站数据目录及网站首页数据

[root@PC1 ~]# mkdir /home/wwwroot [root@PC1 ~]# mkdir -p /home/wwwroot/100 [root@PC1 ~]# mkdir -p /home/wwwroot/101 [root@PC1 ~]# mkdir -p /home/wwwroot/102[root@PC1 ~]# echo "here is 192.168.10.100" > /home/wwwroot/100/index.html [root@PC1 ~]# echo "here is 192.168.10.101" > /home/wwwroot/101/index.html [root@PC1 ~]# echo "here is 192.168.10.102" > /home/wwwroot/102/index.html

 

3、在PC1服务器端修改apache服务的主配置文件

…………
112 # 113 <VirtualHost 192.168.10.100> 114 DocumentRoot /home/wwwroot/100 115 ServerName xxxxx 116 <Directory /home/wwwroot/100 > 117 AllowOverride None 118 Require all granted 119 </Directory> 120 </VirtualHost> 121 <VirtualHost 192.168.10.101> 122 DocumentRoot /home/wwwroot/101 123 ServerName xxxxx 124 <Directory /home/wwwroot/101 > 125 AllowOverride None 126 Require all granted 127 </Directory> 128 </VirtualHost> 129 <VirtualHost 192.168.10.102> 130 DocumentRoot /home/wwwroot/102 131 ServerName xxxxx 132 <Directory /home/wwwroot/102 > 133 AllowOverride None 134 Require all granted 135 </Directory> 136 </VirtualHost>
137 # 138 # DocumentRoot: The directory out of which you will serve your
…………

 

4、在PC1服务器端重启apache服务

[root@PC1 ~]# systemctl restart httpd [root@PC1 ~]# systemctl status httpd | head -n 5 httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled) Active: active (running) since Thu 2020-12-17 20:52:31 CST; 11s ago Main PID: 32509 (httpd) Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"

 

5、在PC1服务器端清空防火墙策略并保存服务

[root@PC1 ~]# iptables -F [root@PC1 ~]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]

 

6、在PC2端测试与PC1服务器网络的连通性

[root@PC2 network-scripts]# ifconfig | head -n 5 eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500 inet 192.168.10.20  netmask 255.255.255.0  broadcast 192.168.10.255 inet6 fe80::20c:29ff:fe25:bb3e prefixlen 64  scopeid 0x20<link> ether 00:0c:29:25:bb:3e  txqueuelen 1000 (Ethernet) RX packets 104  bytes 31812 (31.0 KiB) [root@PC2 network-scripts]# ping -c 3 192.168.10.100 PING 192.168.10.100 (192.168.10.100) 56(84) bytes of data. 64 bytes from 192.168.10.100: icmp_seq=1 ttl=64 time=0.380 ms 64 bytes from 192.168.10.100: icmp_seq=2 ttl=64 time=0.226 ms 64 bytes from 192.168.10.100: icmp_seq=3 ttl=64 time=0.257 ms --- 192.168.10.100 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 0.226/0.287/0.380/0.069 ms [root@PC2 network-scripts]# ping -c 3 192.168.10.101 PING 192.168.10.101 (192.168.10.101) 56(84) bytes of data. 64 bytes from 192.168.10.101: icmp_seq=1 ttl=64 time=0.236 ms 64 bytes from 192.168.10.101: icmp_seq=2 ttl=64 time=0.223 ms 64 bytes from 192.168.10.101: icmp_seq=3 ttl=64 time=0.218 ms --- 192.168.10.101 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms rtt min/avg/max/mdev = 0.218/0.225/0.236/0.018 ms [root@PC2 network-scripts]# ping -c 3 192.168.10.102 PING 192.168.10.102 (192.168.10.102) 56(84) bytes of data. 64 bytes from 192.168.10.102: icmp_seq=1 ttl=64 time=0.275 ms 64 bytes from 192.168.10.102: icmp_seq=2 ttl=64 time=0.223 ms 64 bytes from 192.168.10.102: icmp_seq=3 ttl=64 time=0.228 ms --- 192.168.10.102 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 0.223/0.242/0.275/0.023 ms

 

7、在PC2客户机端测试PC1基于IP地址部署的网站

 

 

8、在PC1服务器端修改网站数据目录及网站首页数据文件的SELinux上下文值

[root@PC1 ~]# ls -ldZ /var/www/html/ drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html/ [root@PC1 ~]# ls -ldZ /home/wwwroot/100/ drwxr-xr-x. root root unconfined_u:object_r:home_root_t:s0 /home/wwwroot/100/ [root@PC1 ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/100 [root@PC1 ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/100/* [root@PC1 ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/101 [root@PC1 ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/101/* [root@PC1 ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/102 [root@PC1 ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/102/* [root@PC1 ~]# restorecon -Rv /home/wwwroot/ restorecon reset /home/wwwroot context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_dir_t:s0 restorecon reset /home/wwwroot/100 context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0 restorecon reset /home/wwwroot/100/index.html context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0 restorecon reset /home/wwwroot/101 context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0 restorecon reset /home/wwwroot/101/index.html context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0 restorecon reset /home/wwwroot/102 context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0 restorecon reset /home/wwwroot/102/index.html context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0 [root@PC1 ~]# ls -ldZ /home/wwwroot/100/ drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 /home/wwwroot/100/

 

9、在PC1服务器端修改SELinux服务的域服务

[root@PC1 ~]# getsebool -a | grep http httpd_anon_write --> off httpd_builtin_scripting --> on httpd_can_check_spam --> off httpd_can_connect_ftp --> off httpd_can_connect_ldap --> off httpd_can_connect_mythtv --> off httpd_can_connect_zabbix --> off httpd_can_network_connect --> off httpd_can_network_connect_cobbler --> off httpd_can_network_connect_db --> off httpd_can_network_memcache --> off httpd_can_network_relay --> off httpd_can_sendmail --> off httpd_dbus_avahi --> off httpd_dbus_sssd --> off httpd_dontaudit_search_dirs --> off httpd_enable_cgi --> on httpd_enable_ftp_server --> off httpd_enable_homedirs --> off httpd_execmem --> off httpd_graceful_shutdown --> on httpd_manage_ipa --> off httpd_mod_auth_ntlm_winbind --> off httpd_mod_auth_pam --> off httpd_read_user_content --> off httpd_run_stickshift --> off httpd_serve_cobbler_files --> off httpd_setrlimit --> off httpd_ssi_exec --> off httpd_sys_script_anon_write --> off httpd_tmp_exec --> off httpd_tty_comm --> off httpd_unified --> off httpd_use_cifs --> off httpd_use_fusefs --> off httpd_use_gpg --> off httpd_use_nfs --> off httpd_use_openstack --> off httpd_use_sasl --> off httpd_verify_dns --> off named_tcp_bind_http_port --> off prosody_bind_http_port --> off [root@PC1 ~]# setsebool -P httpd_enable_homedirs=on [root@PC1 ~]# getsebool -a | grep http httpd_anon_write --> off httpd_builtin_scripting --> on httpd_can_check_spam --> off httpd_can_connect_ftp --> off httpd_can_connect_ldap --> off httpd_can_connect_mythtv --> off httpd_can_connect_zabbix --> off httpd_can_network_connect --> off httpd_can_network_connect_cobbler --> off httpd_can_network_connect_db --> off httpd_can_network_memcache --> off httpd_can_network_relay --> off httpd_can_sendmail --> off httpd_dbus_avahi --> off httpd_dbus_sssd --> off httpd_dontaudit_search_dirs --> off httpd_enable_cgi --> on httpd_enable_ftp_server --> off httpd_enable_homedirs --> on httpd_execmem --> off httpd_graceful_shutdown --> on httpd_manage_ipa --> off httpd_mod_auth_ntlm_winbind --> off httpd_mod_auth_pam --> off httpd_read_user_content --> off httpd_run_stickshift --> off httpd_serve_cobbler_files --> off httpd_setrlimit --> off httpd_ssi_exec --> off httpd_sys_script_anon_write --> off httpd_tmp_exec --> off httpd_tty_comm --> off httpd_unified --> off httpd_use_cifs --> off httpd_use_fusefs --> off httpd_use_gpg --> off httpd_use_nfs --> off httpd_use_openstack --> off httpd_use_sasl --> off httpd_verify_dns --> off named_tcp_bind_http_port --> off prosody_bind_http_port --> off

 

9、在PC2端测试PC1基于IP地址部署的多个网站

 

 

 

 

 

 以上实验实现了在PC1服务器端基于IP地址（虚拟主机功能）部署了三个网站。