centos7-httpd虚拟主机
2017-12-04 17:31
375 查看
Apache虚拟主机:
一台WEB服务器发布单个网站会非常浪费资源,所以一台WEB服务器上会发布多个网站,在一台服务器上发布多网站,也称之为部署多个虚拟主机,WEB虚拟主机配置方法有三种:
基于单IP多个Socket端口;
基于多IP地址一个端口;
基于单IP一个端口不同域名。
Apache WEB服务器安装:
1)安装apr:[root@localhost src]# wget http://archive.apache.org/dist/apr/apr-1.5.2.tar.gz [root@localhost src]# tar xf apr-1.5.2.tar.gz [root@localhost src]# cd apr-1.5.2 [root@localhost apr-1.5.2]# ./configure --prefix=/usr/local/apr [root@localhost apr-1.5.2]# make && make install
2)安装apr-util:
[root@localhost src]# wget http://archive.apache.org/dist/apr/apr-util-1.5.4.tar.gz [root@localhost src]# tar xf apr-util-1.5.4.tar.gz [root@localhost src]# cd apr-util-1.5.4 [root@localhost apr-util-1.5.4]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr [root@localhost apr-util-1.5.4]# make && make install
3)编译httpd-2.4:
[root@localhost src]# yum -y install pcre-devel openssl-devel libevent-devel [root@localhost src]# wget http://archive.apache.org/dist/httpd/httpd-2.4.10.tar.bz2 [root@localhost src]# tar xf httpd-2.4.10.tar.bz2 [root@localhost src]# cd httpd-2.4.10 [root@localhost httpd-2.4.10]# ./configure --prefix=/usr/local/apache --enable-so --enable-ssl --enable-rewrite --enable-defalte --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork --with-pcre --with-zlib --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/ [root@localhost httpd-2.4.10]# make && make install
4)启动httpd:
[root@localhost ~]# echo 'export PATH=/usr/local/apache/bin:$PATH' > /etc/profile.d/httpd.sh [root@localhost ~]# source /etc/profile.d/httpd.sh
基于一个端口不同域名配置:
1)创建虚拟主机配置文件httpd-vhosts.conf,该文件默认已存在,只需去掉httpd.conf主配置文件中#号即可
[root@localhost ~]# vim /usr/local/apache/conf/httpd.conf
2)配置虚拟主机:
[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf
<VirtualHost *:80> #监听所有网卡的80端口 DocumentRoot "/usr/local/apache/htdocs/www1" #虚拟主机发布目录 ServerName www.a.com #虚拟主机完整域名 ErrorLog "logs/www.a.com-error_log" #错误日志路径 CustomLog "logs/www.a.com-access_log" common #访问日志路径 <Location /server-status> #提供状态信息,且仅允许tom用户访问 SetHandler server-status AuthType basic AuthName "Fortom" AuthUserFile "/usr/local/apache/conf/.htpasswd" Require user tom </Location> </VirtualHost> <VirtualHost *:80> DocumentRoot "/usr/local/apache/htdocs/www2" ServerName www.b.com ErrorLog "logs/www.b.com-error_log" CustomLog "logs/www.b.com-access_log" combined <Directory "/usr/local/apache/htdocs/www2"> #设置www2目录权限,不允许192.168.2.0网段任意主机访问 Options None AllowOverride None Order deny,allow Deny from 192.168.2.0/24 </Directory> </VirtualHost>
3)创建虚拟主机发布目录:
[root@localhost ~]# mkdir -p /usr/local/apache/htdocs/{www1,www2}
[root@localhost ~]# echo
'<h1>www.a.com Pages</h1>' >
/usr/local/apache/htdocs/www1/index.html
[root@localhost ~]# echo
'<h1>www.b.com Pages</h1>' >
/usr/local/apache/htdocs/www2/index.html
4)创建tom用户:
[root@localhost
~]# htpasswd -cm /usr/local/apache/conf/.htpasswd tom
[root@localhost ~]#
apachectl restart
5)测试虚拟主机:
修改客户端hosts文件,域名能够解析到服务器ip
6)测试server-status:
7)测试www2访问权限:
https加密配置:
建立私有CA:
生成私钥:
[root@localhost CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048)
#生成自签证书: [root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:bj Locality Name (eg, city) [Default City]:bj Organization Name (eg, company) [Default Company Ltd]:ym Organizational Unit Name (eg, section) []:Ops Common Name (eg, your name or your server's hostname) []:www.a.com Email Address []:admin@a.com
#提供辅助文件: [root@localhost CA]# touch index.txt [root@localhost CA]# echo 01 >serial
#生成私钥: [root@localhost CA]# mkdir /usr/local/apache/ssl [root@localhost CA]# cd /usr/local/apache/ssl [root@localhost ssl]# (umask 077; openssl genrsa -out httpd.key 1024)
#生成证书请求: [root@localhost ssl]# openssl req -new -key httpd.key -out httpd.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:bj Locality Name (eg, city) [Default City]:bj Organization Name (eg, company) [Default Company Ltd]:ym Organizational Unit Name (eg, section) []:Ops Common Name (eg, your name or your server's hostname) []:www.a.com Email Address []:admin@a.com
#CA签发证书: [root@localhost ssl]# ls httpd.csr httpd.key [root@localhost ssl]# openssl ca -in httpd.csr -out httpd.crt Using configuration from /etc/pki/tls/openssl.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Nov 3 12:05:53 2017 GMT Not After : Nov 3 12:05:53 2018 GMT Subject: countryName = CN stateOrProvinceName = bj organizationName = ym organizationalUnitName = Ops commonName = www.a.com emailAddress = admin@a.com X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 47:68:63:A8:C4:51:9E:E5:33:7A:CD:AF:72:8E:F9:C0:A1:01:92:D2 X509v3 Authority Key Identifier: keyid:76:96:79:13:59:48:85:EC:D6:FE:4D:C5:2D:29:24:E3:A9:24:6C:3D
修改配置文件,启用SSL模块:
[root@localhost ssl]# vim /usr/local/apache/conf/httpd.conf
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
SSL配置:
[root@localhost ssl]# vim /usr/local/apache/conf/extra/httpd-ssl.conf
Listen 443 <VirtualHost _default_:443> DocumentRoot "/usr/local/apache/htdocs/www1" ServerName www.a.com:443 SSLCertificateFile /usr/local/apache/ssl/httpd.crt SSLCertificateKeyFile /usr/local/apache/ssl/httpd.key <Directory "/usr/local/apache/htdocs/www1"> SSLOptions +StdEnvVars AllowOverride None Require all granted </Directory> </VirtualHost>
https访问:
相关文章推荐
- Centos6.8 httpd-2.2版本的虚拟主机配置
- CentOS 6.9配置httpd-2.2.x虚拟主机的三种方式
- CentOS学习笔记之<虚拟机能ping通同一网关的其他机器,ping不通主机>
- httpd虚拟主机配置及基于用户的访问控制
- Apache(httpd)配置-默认虚拟主机
- Apache2(httpd-2.4.23)虚拟主机的配置
- centos下为laravel框架配置nginx服务器虚拟主机
- httpd-2.2项目(虚拟主机、用户认证、私有网络安全实现)
- 华为云-Centos7.4主机Vsftpd 3.0.2版本虚拟用户配置
- linux服务器 httpd 配置基于端口的虚拟主机
- apache本地配置虚拟主机httpd-vhosts.conf常用
- CentOS 下apache基于域名的多虚拟主机配置问题-新问题
- Centos7 nginx配置基于多个IP的虚拟主机
- Apache配置虚拟主机httpd-vhosts.conf配置步骤
- httpd.conf配置详解(配置虚拟主机/用户认证)
- CentOS中增加apache虚拟主机的配置
- 如何在CentOS 6上设置Apache虚拟主机
- Apache配置httpd-vhosts虚拟主机总结及注意事项
- apache开启虚拟主机功能与httpd-vhosts.conf 配置分享
- 使用httpd(即apache)搭建多个虚拟主机和https相关的用法