Linux与云计算——第二阶段Linux服务器架设 第七章：网站WEB服务器架设—用户目录虚拟主机和SSL

[b]Linux与云计算——第二阶段Linux服务器架设[/b]

第七章：网站WEB服务器架设—用户目录虚拟主机和SSL

启用userdir

启用userdir, 用户可以创建自己的网站

[1] 配置httpd.

[root@client ~]# vi /etc/httpd/conf.d/userdir.conf# line 17: 注释掉#UserDir disabled# line 24: 去掉注释UserDir public_html# line 31 – 35 修改<Directory "/home/*/public_html"> AllowOverride All Options None Require method GET POST OPTIONS</Directory>[root@client ~]# systemctl restart httpd

[2] 创建一个测试页面

[jeffrey@server ~]$ mkdir public_html [jeffrey@server ~]$ chmod 711 /home/jeffrey [jeffrey@server ~]$ chmod 755 /home/jeffrey/public_html [jeffrey@server ~]$ vi ./public_html/index.html <html><body><div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">UserDir Test Page</div></body></html>

虚拟主机

配置Virtual Hostings来使用多个主机名.

[1]配置Virtual Hostings.

[root@client ~]# vi /etc/httpd/conf.d/vhost.conf<VirtualHost *:80> DocumentRoot /var/www/html ServerName www.example.com</VirtualHost><VirtualHost *:80> DocumentRoot /home/jeffrey/public_html ServerName www.virtual.host</VirtualHost>[root@client ~]# systemctl restart httpd

[2] 创建一个测试页面.

[root@server ~]# vim /home/jeffrey/public_html/virtual.php <html><body><div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">Virtual Host Test Page</div></body></html>

配置SSL

配置SSL来建立安全加密连接.

[1] 创建密钥

[root@server certs]# make server.keyumask 77 ; \/usr/bin/openssl genrsa -aes128 2048 > server.keyGenerating RSA private key, 2048 bit long modulus.......................+++....+++e is 65537 (0x10001)Enter pass phrase:Verifying - Enter pass phrase:[root@server certs]# openssl rsa -in server.key -out server.keyEnter pass phrase for server.key:writing RSA key[root@server certs]# openssl rsa -in server.key -out server.keyEnter pass phrase for server.key:writing RSA key[root@server certs]# make server.csr umask 77 ; \/usr/bin/openssl req -utf8 -new -key server.key -out server.csrYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----
Country Name (2 letter code) [XX]:CNState or Province Name (full name) []:SHALocality Name (eg, city) [Default City]:XIANOrganization Name (eg, company) [Default Company Ltd]:RuiyungOrganizational Unit Name (eg, section) []:TechCommon Name (eg, your name or your server's hostname) []:server.example.comEmail Address []:zhangw@ruiyung.com Please enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:An optional company name []:[root@server certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650Signature oksubject=/C=CN/ST=SHA/L=XIAN/O=Ruiyung/OU=Tech/CN=server.example.com/emailAddress=zhangw@ruiyung.comGetting Private key

[2] 配置 SSL.

[root@client ~]# yum -y install mod_ssl[root@client ~]# vi /etc/httpd/conf.d/ssl.conf# line 59: 去掉注释DocumentRoot "/var/www/html"# line 60: 去掉注释并进行修改ServerName www.example.com:443# line 100: 修改为第一步中创建的证书SSLCertificateFile /etc/pki/tls/certs/server.crt# line 107: 修改为第一步中创建的密钥SSLCertificateKeyFile /etc/pki/tls/certs/server.key[root@client ~]# systemctl restart httpd

[3] 如果开启了防火墙，放行HTTPS服务. HTTPS使用443/TCP.

[root@server ~]# firewall-cmd --add-service=https --permanent [root@server ~]# firewall-cmd --reload

[4] 在客户机上进行验证.