httpd-2.2和httpd-2.4基于virtualhost构建安全的http服务
目录:一、centos6使用httpd-2.2基于域名构建httpd服务
二、centos7使用httpd2.4基于域名构建httpd服务
三、centos6编译安装httpd-2.4基于域名构建httpd服务
一、centos6使用httpd-2.2基于域名构建httpd服务:
1、安装http服务:
1
yum -y install httpd
2、编辑主配置文件开启Name VirtualHost
1
NameVirtualHost 192.168.1.100:80
3、创建DocumentRoot及编辑网页内容
1
2
3
4
5
# mkdir -p /data/vhost/www1
# mkdir -p /data/vhost/www2
# echo "www1" >index.html
# echo "www2" >index.html
4、建立基于www1域名的虚拟主机
要求:
##定义访问日志和错误日志
##定义192.168.1.0网段禁止访问
##访问www1.magedu.com/server-status输出状态页面,并且仅root用户可以访问
具体配置如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# vim /etc/httpd/conf.d/vhost1.conf
<VirtualHost 192.168.1.100:80>
DocumentRoot /data/vhost/www1
ServerName www1.magedu.com
CustomLog /var/log/httpd/www1/aceess_log common
ErrorLog /var/log/httpd/www1/err_log##日志文件路径需要自己创建即可,否则启服务失败
<Directory "/data/vhost/www1">
options None
AllowOverride None
Order allow,deny
deny from 192.168.1.0 ###现在192.168.1.0网段中的任何主机都不可访问www1
</Directory>
<Location /server-status> ###设置访问www1.magedu.com/server-status的状态信息
SetHandler server-status
Order allow,deny
Allow from 192.168.1
AuthType Basic
AuthName "admin"
AuthUserFile "/etc/httpd/conf/.htpasswd"###用户认证文件
Require valid-user
</Location>
</VirtualHost>
# htpasswd -c -m /etc/httpd/.htpasswd aa ##建立认证用户
ok重启或重加载测试
5、建立基于www2域名的虚拟主机
要求:
###定义访问日志和错误日志
###访问此站点为https安全站点
具体配置如下:
1
2
3
4
5
6
<VirtualHost 192.168.1.100:80>
DocumentRoot /data/vhost/www2
ServerName www2.magedu.com
ErrorLog /var/log/httpd/www2/error_log##定义错误日志
CustomLog /var/log/httpd/www2/access_log common ##定义访问日志
</VirtualHost>
将此站点构建成HTTPS安全访问:
建立CA:
1)生成私钥文件:
1
# (umask 077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)
2)生成自签证书
1
2
3
4
5
6
7
8
# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3655
Country Name (2 letter code) :CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) :beijing
Organization Name (eg, company) :magedu.com
Organizational Unit Name (eg, section) []:yunwei
Common Name (eg, your name or your server's hostname) []:bogon
Email Address []:admin@163.com
3)为CA提供文件
1
2
# touch {serial,index.txt}
# echo 01 > serial
http服务器进行配置如下:
1)生成私钥
1
2
3
# mkdir /etc/httpd/ssl
# cd /etc/httpd/ssl
# (umask 077; openssl genrsa -out /etc/httpd/ssl/httpd.key 2048)
2)生成证书请求:
1
2
3
4
5
6
7
8
9
10
11
12
13
# openssl req -new -key /etc/httpd/ssl/httpd.key -out /etc/httpd/ssl/httpd.csr -days 365
Country Name (2 letter code) :CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) :beijing
Organization Name (eg, company) :magedu.com
Organizational Unit Name (eg, section) []:yunwei
Common Name (eg, your name or your server's hostname) []:bogon
Email Address []:admin@163.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
3)将此请求证书传给CA签署
1
# scp httpd.csr 192.168.1.100:/tmp
4)CA签署证书并发给请求者
1
# openssl ca -in /tmp/httpd.csr -out /etc/pki/CA/certs/httpd.crt -days 365
1
# scp httpd.crt root@192.168.1.100:/etc/httpd/ssl/
5)http要支持ssl就需要安装mod_ssl模块
1
# yum -y install mod_ssl
6)配置/etc/httpd/conf.d/ssl.conf文件
1
2
3
4
5
6
7
<VirtualHost 192.168.1.100:443>
DocumentRoot "/data/vhost/www2"
ServerName www2.magedu.com
SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
7)重启服务测试即可
1
2
3
4
# httpd -t
Syntax OK
# service httpd reload
Reloading httpd:
------------------------------------分隔线---------------------------------------
二、centos7使用httpd2.4基于域名构建httpd服务
centos7上的httpd-2.4基本同centos6上的httpd2.2一样,所有有的地方就不详细的说明和操作了。
1、安装httpd服务
yum-y install httpd
2、创建网页及储存路径
mkdir -p /data/vhost/www{1,2}
echo "centos7 www1" > /data/vhost/www1/index.html
echo "centos7 www2" > /data/vhost/www2/index.html
3、建立虚拟主机www1并且做相应的限制等
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# vim /etc/httpd/conf.d/vhost1.conf
<VirtualHost 192.168.1.104:80>
DocumentRoot /data/vhost/www1
ServerName www1.magedu.com
CustomLog /var/log/httpd/www1/acess_log common
ErrorLog/var/log/httpd/www1/err_log
<Directory "/data/vhost/www1">
Options None
AllowOverride None
##定义访问权限:
<RequireAll>
Require all granted
Require not ip 192.168
</RequireAll>
</Directory>
####定义状态页面并且认证
<Location "/server-status">
SetHandler server-status
Require all granted
AuthType Basic
AuthName "admin"
AuthUserFile "/etc/httpd/.htpasswd"
Require valid-user
</Location>
</VirtualHost>
4、建立虚拟主机www2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
# vim /etc/httpd/conf.d/vhost2.conf
<VirtualHost 192.168.1.104:80>
DocumentRoot /data/vhost/www2
ServerName www2.magedu.com
CustomLog /var/log/httpd/www2/acess_log common
ErrorLog/var/log/httpd/www2/err_log
<Directory "/data/vhost/www2">
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
----------------------------------分隔线-----------------------------------------
三、centos6编译安装httpd-2.4基于域名构建httpd服务
由于httpd-2.4所依赖的apr和apr-until需要1.4版本以上。而centos默认自带的版本比较低,所以我们在centos6使用httpd-2.4的时候需要我们手动进行编译安装才可以:
准备工具:apr-1.4.6.tar
apr-util-1.4.1.tar
httpd-2.4.6.tar
1、安装开发包组件
1
# yum -y install prce-devel
1
# yum groupinstall Development toolsServer Platform Development
2、安装apr
1
2
3
4
# tar xf apr-1.4.6.tar.bz2
# cd apr-1.4.6
# ./configure --prefix=/usr/local/apr
# make && make install
3、安装apr-until
1
2
3
4
# tar xf apr-util-1.4.1.tar.bz2
# cd apr-util-1.4.1
# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
# make && make install
4、编译安装httpd2.4
1
2
3
4
5
6
7
8
# tar xf httpd-2.4.6.tar.bz2
# cd httpd-2.4.6
# ./configure --prefix=/usr/local/apache24 --sysconfdir=
/etc/httpd24 --enable-so --enable--ssl --enable-cgi --enable-rewrite --with-zlib
--with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util
--enable-modules=most --enable-mpms-shared=all --with-mpm=prefork
# make && make install
5、启动服务查查看下监听端口
1
2
3
4
5
6
7
# /usr/local/apache24/bin/apachectl start
# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :::53263 :::*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 *:111 *:*
LISTEN 0 128 :::80 :::*
6、开启虚拟主机模块编辑配置文件去除#即可
1
2
# vim /etc/httpd24/httpd.conf
Include /etc/httpd24/extra/httpd-vhosts.conf##启用此项
7、配置虚拟主机
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# vim /etc/httpd24/extra/httpd-vhosts.conf
<VirtualHost 192.168.1.100:80>
DocumentRoot "/usr/local/apache24/htdocs/test1"
ServerName test1.ma.com
ErrorLog "/var/log/test1/errlog"
CustomLog "/var/log/test1/acccesslog" common
</VirtualHost>
<VirtualHost 192.168.1.100:80>
DocumentRoot "/usr/local/apache24/htdocs/test2"
ServerName test2.ma.com
ErrorLog "/var/log/test2/errlog"
CustomLog "/var/log/test2/accesslog" common
</VirtualHost>
8、创建网页测试文档
1
2
3
4
5
# pwd
/usr/local/apache24/htdocs
# mkdir test1 test2
# echo "test1" > test1/index.html
# echo "test2" > test2/index.html
9、检查配置文件是否正确
1
2
# apachectl -t
Syntax OK
10、重启启动服务测试
1
2
3
4
5
6
# /usr/local/apache24/bin/apachectl restart
# curl http://test1.ma.com
test1
# curl http://test2.ma.com
test2
页:
[1]