实例讲解httpd虚拟主机的配置以及https的配置
要求:1.建立httpd服务器,要求:
提供两个基于名称的虚拟主机:
(a)www1.stuX.com,页面文件目录为/web/vhosts/www1;错误日志
为/var/log/httpd/www1.err,访问日志为/var/log/httpd/www1.access
(b)www2.stuX.com,页面文件目录为/web/vhosts/www2;错误日志
为/var/log/httpd/www2.err,访问日志为/var/log/httpd/www2.access
(c)为两个虚拟主机建立各自的主页文件/index.html,内容分别为其对应的主机名
(d)通过www1.stuX.com/server-status输出httpd工作状态相关信息,且只允许提供账
号密码才能访问(status:status)
2.为上面的第2个虚拟主机提供https服务,使得用户可以通过https安全的访问此web站点:
(1)要求使用证书认证,证书中要求使用的国家(CN),州(Henan),城市(Zhengzhou)和组
织(MageEdu);
(2)设置部门为tech,主机名为www2.stuX.com,邮箱为admin@StuX.com
具体实现步骤:
一.
1)创建需要的目录文件
1
2
3
4
mkdir -pv /web/vhosts/www{1,2}
mkdir /var/log/httpd
cd /var/log/httpd
touch www{1,2}.{err,access}
2)建立主页文件,并分别向里面写入其对应的内容
/web/vhosts/www1/index.html内容如下:
1
<h1>www1.stuX.com</h1>
/web/vhosts/www2/index.html内容如下:
1
<h1>www2.stuX.com</h2>
3)配置/etc/httpd/conf/httpd.conf,内容如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
NameVirtualhost 192.168.1.179:80
<VirtualHost 192.168.1.179:80>
Servername www1.stuX.com
DocumentRoot "/web/vhosts/www1"
ErrorLog /var/log/httpd/www1.err
CustomLog /var/log/httpd/www1.access combined
<Directory "/web/vhosts/www1">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Location /server-status>
SetHandler server-status
Order deny,allow
Allow from all
</Location>
<Directory /server-status>
Options None
AllowOverride None
AuthType basic
AuthName "Admin Area"
AuthUserFile /etc/httpd/users/.htpasswd
require user status
</Directory>
</VirtualHost>
<VirtualHost 192.168.1.179:80>
Servername www2.stuX.com
DocumentRoot "/web/vhosts/www2"
ErrorLog /var/log/httpd/www2.err
CustomLog /var/log/httpd/www2.access combined
</VirtualHost>
二.
1)建立私有cA
1
2
3
4
5
cd /etc/pki/CA
(umask 077; openssl genrsa -out pirvate/cakey.pem 2048) #生成私有CA
openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 2655 #生成自签证书
echo 01 > serial
touch index.txt
2)为服务器生成证书
1
2
3
4
5
6
cd /etc/httpd/
mkdir certs
cd certs
(umask 077;openssl genrsa -out httpd.key 2048) #生成私钥
openssl req -new -key httpd.key -out httpd.csr -days 3655 #生成证书签署请求:
openssl ca -in httpd.csr -out httpd.crt -days 3655
(3)配置httpd使用数字证书
注意:ssl会话只能基于IP创建,这意味着如果服务器仅有一个IP,那么仅为一个虚拟主机提供https服务
1
2
3
4
5
6
7
8
yum list mod_ssl
cd ../conf.d/
vim ssl.conf
<VirtualHost _default_:443>
DocumentRoot "/www/sslhost"
ServerNmae www.magesu.com:443
SSLCertificateFile /etc/httpd/certs/httpd.crt # 证书
SSLCertificateKeyFile /etc/httpd/certs/httpd.key#秘钥
导入/etc/pki/CA/cacert.pem 改为cacert
验证: openssl s_client -connect 192.1:443
openssl s_client -connect 192.1:443 -CAfile /etc/pki/CA/cecert.pem
openssl s_client -connect www.mageu.com -CAfile /etc/pki/CA/cecert.pem
GET /index.html HTTP/1.1
Host:192.168.1.179
页:
[1]