/etc/httpd/conf/httpd.conf 主配置文件 /etc/httpd/conf.d/ssl.conf SSL功能配置文件 /etc/httpd/conf.d/welcome.conf 默认的主页文件(如果没有index.html文件默认就是本欢迎页面) /www/var/html 默认index.html目录
主配置文件中 DocumentRoot "/var/www/html" DirectoryIndex index.html index.html.var AddDefaultCharset UTF-8
基于多IP地址的虚拟主机 <VirtualHost 192.168.1.110:80> DocumentRoot /var/www/html </VirtualHost> <VirtualHost 192.168.1.120:80> DocumentRoot /var/www/html2 </VirtualHost>
基于多域名的虚拟主机 NameVirtualHost *:80 (必须有这句话,否则不生效) <VirtualHost *:80> DocumentRoot /var/www/html ServerName www.one.com </VirtualHost> <VirtualHost *:80> DocumentRoot /var/www/html2 ServerName www.two.com </VirtualHost>
身份认证 在主配置文件中可以控制对哪些目录中的网页保护 <Directory "/var/www/html2"> AuthType Basic AuthName "what fuck do you do?" AuthUserFile /etc/httpd/userlist Require valid-user </Directory> htpasswd -c /路径/合法用户文件 合法用户名 (首次添加用户必须有选项C)
SSL 需要在“/etc/pki/tls/certs/”目录中生成公钥与私钥文件 [iyunv@localhost certs]# cd /etc/pki/tls/certs/ [iyunv@localhost certs]# make server.pem Country Name (2 letter code) [GB]:cn State or Province Name (full name) [Berkshire]:bj Locality Name (eg, city) [Newbury]:bj Organization Name (eg, company) [My Company Ltd]:vfast Organizational Unit Name (eg, section) []:shiyan Common Name (eg, your name or your server's hostname) []:www.one.com Email Address []:chaoaa^H^H@.12.com ^H^H [iyunv@localhost certs]# ll -rw-r--r-- 1 root root 441017 2010-03-12 ca-bundle.crt -rw------- 1 root root 1334 05-29 17:05 localhost.crt -rwxr-xr-x 1 root root 610 2010-03-12 make-dummy-cert -rw-r--r-- 1 root root 2240 2010-03-12 Makefile -rw------- 1 root root 2117 05-29 17:12 server.pem 并将私钥文件存储到“/etc/pki/tls/private”目录中,才能实现网站的SSL [iyunv@localhost certs]# cp server.pem /etc/pki/tls/private/ 最后需要在?“/etc/httpd/conf.d/ssl.conf”文件中指定公钥文件名称与私钥文件名称 [iyunv@localhost certs]# vi /etc/httpd/conf.d/ssl.conf 找到并去掉注释行选择要保护的网站主目录 或者域名 DocumentRoot "/var/www/html" ServerName www.one.com:443 然后在该文件中找到SSLCertficateFile行设置公钥文件的路径及名称;找到SSLCertificateKeyFile行设置私钥文件的路径及名称 # certificate can be generated using the genkey(1) command. SSLCertificateFile /etc/pki/tls/certs/server.pem
# Server Private Key: # If the key is not combined with the certificate, use this # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) SSLCertificateKeyFile /etc/pki/tls/private/server.pem
关于apache的SSL功能是使用tcp的443端口,如果需要开放该端口可以输入以下命令: iptables -I INPUT -p tcp --dport 443 -j ACCEPT
|