Apache虛擬主機:
一台WEB服務器發布單個網站會非常浪費資源,所以一台WEB服務器上會發布多個網站,
在一台服務器上發布多網站,也稱之為部署多個虛擬主機,WEB虛擬主機配置方法有三種:
基於單IP多個Socket端口;
基於多IP地址一個端口;
基於單IP一個端口不同域名。
Apache WEB服務器安裝:
1)安裝apr:
[root@localhost src]# wget http://archive.apache.org/dist/apr/apr-1.5.2.tar.gz
[root@localhost src]# tar xf apr-1.5.2.tar.gz
[root@localhost src]# cd apr-1.5.2
[root@localhost apr-1.5.2]# ./configure --prefix=/usr/local/apr
[root@localhost apr-1.5.2]# make && make install
2)安裝apr-util:
[root@localhost src]# wget http://archive.apache.org/dist/apr/apr-util-1.5.4.tar.gz
[root@localhost src]# tar xf apr-util-1.5.4.tar.gz
[root@localhost src]# cd apr-util-1.5.4
[root@localhost apr-util-1.5.4]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
[root@localhost apr-util-1.5.4]# make && make install
3)編譯httpd-2.4:
[root@localhost src]# yum -y install pcre-devel openssl-devel libevent-devel
[root@localhost src]# wget http://archive.apache.org/dist/httpd/httpd-2.4.10.tar.bz2
[root@localhost src]# tar xf httpd-2.4.10.tar.bz2
[root@localhost src]# cd httpd-2.4.10
[root@localhost httpd-2.4.10]# ./configure --prefix=/usr/local/apache --enable-so --enable-ssl --enable-rewrite --enable-defalte --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork --with-pcre --with-zlib --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/
[root@localhost httpd-2.4.10]# make && make install
4)啟動httpd:
[root@localhost ~]# echo 'export PATH=/usr/local/apache/bin:$PATH' > /etc/profile.d/httpd.sh
[root@localhost ~]# source /etc/profile.d/httpd.sh
基於一個端口不同域名配置:
1)創建虛擬主機配置文件httpd-vhosts.conf,該文件默認已存在,只需去掉httpd.conf主配置文件中#號即可
[root@localhost ~]# vim /usr/local/apache/conf/httpd.conf
2)配置虛擬主機:
[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf
<VirtualHost *:80> #監聽所有網卡的80端口 DocumentRoot "/usr/local/apache/htdocs/www1" #虛擬主機發布目錄 ServerName www.a.com #虛擬主機完整域名 ErrorLog "logs/www.a.com-error_log" #錯誤日志路徑 CustomLog "logs/www.a.com-access_log" common #訪問日志路徑 <Location /server-status> #提供狀態信息,且僅允許tom用戶訪問 SetHandler server-status AuthType basic AuthName "Fortom" AuthUserFile "/usr/local/apache/conf/.htpasswd" Require user tom </Location> </VirtualHost> <VirtualHost *:80> DocumentRoot "/usr/local/apache/htdocs/www2" ServerName www.b.com ErrorLog "logs/www.b.com-error_log" CustomLog "logs/www.b.com-access_log" combined <Directory "/usr/local/apache/htdocs/www2"> #設置www2目錄權限,不允許192.168.2.0網段任意主機訪問 Options None AllowOverride None Order deny,allow Deny from 192.168.2.0/24 </Directory> </VirtualHost>
3)創建虛擬主機發布目錄:
[root@localhost ~]# mkdir -p /usr/local/apache/htdocs/{www1,www2}
[root@localhost ~]# echo '<h1>www.a.com Pages</h1>' > /usr/local/apache/htdocs/www1/index.html
[root@localhost ~]# echo '<h1>www.b.com Pages</h1>' > /usr/local/apache/htdocs/www2/index.html
4)創建tom用戶:
[root@localhost ~]# htpasswd -cm /usr/local/apache/conf/.htpasswd tom
[root@localhost ~]# apachectl restart
5)測試虛擬主機:
修改客戶端hosts文件,域名能夠解析到服務器ip
6)測試server-status:
7)測試www2訪問權限:
https加密配置:
建立私有CA:
生成私鑰:
[root@localhost CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048)
#生成自簽證書:
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:ym
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:www.a.com
Email Address []:admin@a.com
#提供輔助文件:
[root@localhost CA]# touch index.txt
[root@localhost CA]# echo 01 >serial
#生成私鑰:
[root@localhost CA]# mkdir /usr/local/apache/ssl
[root@localhost CA]# cd /usr/local/apache/ssl
[root@localhost ssl]# (umask 077; openssl genrsa -out httpd.key 1024)
#生成證書請求:
[root@localhost ssl]# openssl req -new -key httpd.key -out httpd.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:ym
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:www.a.com
Email Address []:admin@a.com
#CA簽發證書:
[root@localhost ssl]# ls
httpd.csr httpd.key
[root@localhost ssl]# openssl ca -in httpd.csr -out httpd.crt
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Nov 3 12:05:53 2017 GMT
Not After : Nov 3 12:05:53 2018 GMT
Subject:
countryName = CN
stateOrProvinceName = bj
organizationName = ym
organizationalUnitName = Ops
commonName = www.a.com
emailAddress = admin@a.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
47:68:63:A8:C4:51:9E:E5:33:7A:CD:AF:72:8E:F9:C0:A1:01:92:D2
X509v3 Authority Key Identifier:
keyid:76:96:79:13:59:48:85:EC:D6:FE:4D:C5:2D:29:24:E3:A9:24:6C:3D
修改配置文件,啟用SSL模塊:
[root@localhost ssl]# vim /usr/local/apache/conf/httpd.conf
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
SSL配置:
[root@localhost ssl]# vim /usr/local/apache/conf/extra/httpd-ssl.conf
Listen 443
<VirtualHost _default_:443>
DocumentRoot "/usr/local/apache/htdocs/www1"
ServerName www.a.com:443
SSLCertificateFile /usr/local/apache/ssl/httpd.crt
SSLCertificateKeyFile /usr/local/apache/ssl/httpd.key
<Directory "/usr/local/apache/htdocs/www1">
SSLOptions +StdEnvVars
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
https訪問:
