centos7-httpd虚拟主机

Apache虚拟主机：

一台WEB服务器发布单个网站会非常浪费资源，所以一台WEB服务器上会发布多个网站，

在一台服务器上发布多网站，也称之为部署多个虚拟主机，WEB虚拟主机配置方法有三种：

基于单IP多个Socket端口；

基于多IP地址一个端口；

基于单IP一个端口不同域名。

Apache WEB服务器安装：

1）安装apr：

[root@localhost src]# wget http://archive.apache.org/dist/apr/apr-1.5.2.tar.gz [root@localhost src]# tar xf apr-1.5.2.tar.gz
[root@localhost src]# cd apr-1.5.2
[root@localhost apr-1.5.2]# ./configure --prefix=/usr/local/apr
[root@localhost apr-1.5.2]# make && make install

2)安装apr-util：

[root@localhost src]# wget http://archive.apache.org/dist/apr/apr-util-1.5.4.tar.gz [root@localhost src]# tar xf apr-util-1.5.4.tar.gz
[root@localhost src]# cd apr-util-1.5.4
[root@localhost apr-util-1.5.4]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
[root@localhost apr-util-1.5.4]# make && make install

3）编译httpd-2.4：

[root@localhost src]# yum -y install pcre-devel openssl-devel libevent-devel
[root@localhost src]# wget http://archive.apache.org/dist/httpd/httpd-2.4.10.tar.bz2 [root@localhost src]# tar xf httpd-2.4.10.tar.bz2
[root@localhost src]# cd httpd-2.4.10
[root@localhost httpd-2.4.10]# ./configure --prefix=/usr/local/apache --enable-so --enable-ssl --enable-rewrite --enable-defalte --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork --with-pcre --with-zlib --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/
[root@localhost httpd-2.4.10]# make && make install

4）启动httpd：

[root@localhost ~]# echo 'export PATH=/usr/local/apache/bin:$PATH' > /etc/profile.d/httpd.sh
[root@localhost ~]# source /etc/profile.d/httpd.sh

基于一个端口不同域名配置：

1）创建虚拟主机配置文件httpd-vhosts.conf，该文件默认已存在，只需去掉httpd.conf主配置文件中#号即可

[root@localhost ~]# vim /usr/local/apache/conf/httpd.conf

2)配置虚拟主机：

[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf

<VirtualHost *:80>						#监听所有网卡的80端口
DocumentRoot "/usr/local/apache/htdocs/www1"		#虚拟主机发布目录
ServerName www.a.com					#虚拟主机完整域名
ErrorLog "logs/www.a.com-error_log"			#错误日志路径
CustomLog "logs/www.a.com-access_log" common		#访问日志路径
<Location /server-status>				#提供状态信息，且仅允许tom用户访问
SetHandler server-status
AuthType basic
AuthName "Fortom"
AuthUserFile "/usr/local/apache/conf/.htpasswd"
Require user tom
</Location>
</VirtualHost>

<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/www2"
ServerName www.b.com
ErrorLog "logs/www.b.com-error_log"
CustomLog "logs/www.b.com-access_log" combined
<Directory "/usr/local/apache/htdocs/www2">		#设置www2目录权限，不允许192.168.2.0网段任意主机访问
Options None
AllowOverride None
Order deny,allow
Deny from 192.168.2.0/24
</Directory>
</VirtualHost>

3）创建虚拟主机发布目录：

[root@localhost ~]# mkdir -p /usr/local/apache/htdocs/{www1,www2}
[root@localhost ~]# echo
'<h1>www.a.com Pages</h1>' >
/usr/local/apache/htdocs/www1/index.html
[root@localhost ~]# echo
'<h1>www.b.com Pages</h1>' >
/usr/local/apache/htdocs/www2/index.html

4）创建tom用户：
[root@localhost
~]# htpasswd -cm /usr/local/apache/conf/.htpasswd tom
[root@localhost ~]#
apachectl restart

5）测试虚拟主机：

修改客户端hosts文件，域名能够解析到服务器ip



6）测试server-status：



7）测试www2访问权限：



https加密配置：

建立私有CA：

生成私钥：

[root@localhost CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048)

#生成自签证书：

[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:ym
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:www.a.com
Email Address []:admin@a.com

#提供辅助文件：
[root@localhost CA]# touch index.txt
[root@localhost CA]# echo 01 >serial

#生成私钥：
[root@localhost CA]# mkdir /usr/local/apache/ssl
[root@localhost CA]# cd /usr/local/apache/ssl
[root@localhost ssl]# (umask 077; openssl genrsa -out httpd.key 1024)

#生成证书请求：

[root@localhost ssl]# openssl req -new -key httpd.key -out httpd.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:ym
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:www.a.com
Email Address []:admin@a.com

#CA签发证书：
[root@localhost ssl]# ls
httpd.csr  httpd.key
[root@localhost ssl]# openssl ca -in httpd.csr -out httpd.crt
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Nov  3 12:05:53 2017 GMT
Not After : Nov  3 12:05:53 2018 GMT
Subject:
countryName               = CN
stateOrProvinceName       = bj
organizationName          = ym
organizationalUnitName    = Ops
commonName                = www.a.com
emailAddress              = admin@a.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
47:68:63:A8:C4:51:9E:E5:33:7A:CD:AF:72:8E:F9:C0:A1:01:92:D2
X509v3 Authority Key Identifier:
keyid:76:96:79:13:59:48:85:EC:D6:FE:4D:C5:2D:29:24:E3:A9:24:6C:3D

修改配置文件，启用SSL模块：

[root@localhost ssl]# vim /usr/local/apache/conf/httpd.conf

LoadModule ssl_module modules/mod_ssl.so

Include conf/extra/httpd-ssl.conf

SSL配置：

[root@localhost ssl]# vim /usr/local/apache/conf/extra/httpd-ssl.conf

Listen 443
<VirtualHost _default_:443>
DocumentRoot "/usr/local/apache/htdocs/www1"
ServerName www.a.com:443
SSLCertificateFile /usr/local/apache/ssl/httpd.crt
SSLCertificateKeyFile /usr/local/apache/ssl/httpd.key
<Directory "/usr/local/apache/htdocs/www1">
SSLOptions +StdEnvVars
AllowOverride None
Require all granted
</Directory>
</VirtualHost>

https访问：