内容
1.搭建web服务实现多个虚拟主机
2.基于主机的访问控制
3.基于用户的访问控制
1.搭建web服务实现多个虚拟主机
www.xiaoming.com
RHEL6 httpd-2.2.15 RHEL7 httpd-2.4.6-
关键配置如下:
要使用虚拟主机功能需要打开下面参数,只要将主配置文件中的选项前的#号去掉即可。
NameVirtualHost *:80
创建虚拟主机
< VirtualHost *:80>
网站根目录位置
DocumentRoot /var/www/test123.com
虚拟主机名
ServerName www.test123.com
错误日志存放位置
ErrorLog logs/test123.com-error_log
访问日志存放位置
CustomLog logs/test123.com-access_log common
< /VirtualHost>
==========
详细步骤:
[root@rhel6 conf.d]# rpm -q httpd
httpd-2.2.15-29.el6_4.x86_64
[root@rhel6 ~]# yum install -y elinks
[root@rhel6 ~]# vim /etc/httpd/conf/httpd.conf
[root@rhel6 ~]# cd /etc/httpd/conf.d
[root@rhel6 conf.d]# ls
mod_dnssd.conf README welcome.conf
[root@rhel6 conf.d]# vim test123.conf
[root@rhel6 conf.d]# mkdir /var/www/test123.com
[root@rhel6 conf.d]# echo this is www.test123.com > /var/www/test123.com/index.html
[root@rhel6 conf.d]# cp test123.conf xiaoming.conf
[root@rhel6 conf.d]# vim xiaoming.conf
[root@rhel6 conf.d]# mkdir /var/www/xiaoming.com
[root@rhel6 conf.d]# echo this is www.xiaoming.com > /var/www/xiaoming.com/index.html
[root@rhel6 conf.d]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: httpd: apr_sockaddr_info_get() failed for rhel6
httpd: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1 for ServerName
[ OK ]
[root@rhel6 conf.d]# vim /etc/hosts
[root@rhel6 conf.d]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.0.11 www.test123.com
172.25.0.11 www.xiaoming.com
[root@rhel6 conf.d]# links www.test123.com
[root@rhel6 conf.d]# links www.xiaoming.com
2.项目要求:基于主机的访问控制
允许所有主机访问www.test123.com,除了172.25.0.10这台主机
<Directory "/var/www/test123.com">
Order allow,deny
Allow from all
Deny from 172.25.0.10
</Directory>
Order参数实现主机访问控制,allow from 允许谁能访问,all代表所有主机
deny from 不允许谁访问,172.25.0.10是需要禁止访问的主机的ip地址,如果要跟多个,可以用空格分割。
注意,主机的访问控制是对目录实现的
详细步骤
[root@rhel6 conf.d]# vim test123.conf
<VirtualHost *:80>
DocumentRoot /var/www/test123.com
ServerName www.test123.com
ErrorLog logs/test123.com-error_log
CustomLog logs/test123.com-access_log common
</VirtualHost>
<Directory "/var/www/test123.com">
Order allow,deny
Allow from all
Deny from 172.25.0.10
</Directory>
[root@rhel6 conf.d]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: httpd: apr_sockaddr_info_get() failed for rhel6
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[ OK ]
1. 在网站根目录下创建子目录
2. 设定子目录的主机访问控制
3. 测试
[root@rhel6 ~]# cd /var/www
[root@rhel6 www]# ll
total 24
drwxr-xr-x. 2 root root 4096 Aug 2 2013 cgi-bin
drwxr-xr-x. 3 root root 4096 Jul 2 2015 error
drwxr-xr-x. 2 root root 4096 Sep 28 10:18 html
drwxr-xr-x. 3 root root 4096 Jul 2 2015 icons
drwxr-xr-x. 2 root root 4096 Sep 28 10:40 test123.com
drwxr-xr-x. 2 root root 4096 Sep 28 10:42 xiaoming.com
[root@rhel6 www]# cd test123.com/
[root@rhel6 test123.com]# mkdir test
[root@rhel6 test123.com]# touch test/file{1..10}
[root@rhel6 test123.com]# ll
total 8
-rw-r--r--. 1 root root 26 Sep 28 10:40 index.html
drwxr-xr-x. 2 root root 4096 Sep 28 11:30 test
[root@rhel6 conf.d]# vim test123.conf
<VirtualHost *:80>
DocumentRoot /var/www/test123.com
ServerName www.test123.com
ErrorLog logs/test123.com-error_log
CustomLog logs/test123.com-access_log common
</VirtualHost>
<Directory "/var/www/test123.com">
Order allow,deny
Allow from all
Deny from 172.25.0.10
</Directory>
*针对子目录test做的主机访问控制*
<Directory "/var/www/test123.com/test">
Options Indexes
Order allow,deny
Allow from all
</Directory>
[root@rhel6 conf.d]# service httpd reload
Reloading httpd:
测试
rhel7作为客户端进行测试
[root@rhel7 ~]# links www.test123.com
Test Page for the Apache HTTP Server on Red Hat Enterprise Linux (1/2)
Red Hat Enterprise Linux Test Page
This page is used to test the proper operation of the Apache HTTP server after it has been installed. If
you can read this page, it means that the Apache HTTP server installed at this site is working properly.
──────────────────────────────────────────────────────────────────────────────────────────────────────────
If you are a member of the general public:
The fact that you are seeing this page indicates that the website you just visited is either experiencing
problems, or is undergoing routine maintenance.
If you would like to let the a ┌──────────────────────────────────────┐ seen this page instead of the
page you expected, you should │ │ name "webmaster" and directed
to the website's domain should │ Do you really want to exit ELinks? │
│ │
For example, if you experience │ [ Yes ] [ No ] │ should send e-mail to
"webmaster@example.com". └──────────────────────────────────────┘
For information on Red Hat Enterprise Linux, please visit the Red Hat, Inc. website. The documentation for
Red Hat Enterprise Linux is available on the Red Hat, Inc. website.
──────────────────────────────────────────────────────────────────────────────────────────────────────────
If you are the website administrator:
You may now add content to the directory /var/www/html/. Note that until you do so, people visiting your
website will see this page, and not your content. To prevent this page from ever being used, follow the
instructions in the file /etc/httpd/conf.d/welcome.conf.
You are free to use the image below on web sites powered by the Apache HTTP Server:
http://www.redhat.com/ [------]
[root@rhel7 ~]# links www.test123.com/test
Index of /test
Index of /test
[ICO] Name Last modified Size Description
─────────────────────────────────────────────────────────
[DIR] Parent Directory -
[TXT] file1 28-Sep-2016 11:30 0
[TXT] file2 28-Sep-2016 11:30 0
[TXT] file3 28-Sep-2016 11:30 0
[TXT] file4 28-Sep-2016 11:30 0
[TXT] file5 28-Sep-2016 11:30 0
[TXT] file6 28-Sep-2016 11:30 0
[TXT] file7 28-Sep-
[TXT] file8 28-Sep- ┌──────────────────────────────────────┐
[TXT] file9 28-Sep- │ │
[TXT] file10 28-Sep- │ Do you really want to exit ELinks? │
────────────────────────────── │ │
│ [ Yes ] [ No ] │
Apache/2.2.15 (Red Hat) Serve └──────────────────────────────────────┘
Image http://www.test123.com/icons/blank.gif
=================================
3.项目要求,基于用户访问控制 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
对www.test123.com/test设置用户和密码jack和tom密码都是test123
1)修改配置文件,添加用户认证相关的配置
2)通过htpasswd创建用户和密码
3)重启服务
4)客户端测试
详细步骤:
[root@rhel6 ~]# vim /etc/httpd/conf.d/test123.conf
<Directory "/var/www/test123.com/test">
Options Indexes MultiViews FollowSymLinks
AllowOverride AuthConfig
#仅有网页认证 ( 账号密码 ) 可覆写 ;
AuthName "student"
#在要你输入账号与密码的对话窗口中 , 出现的『提示字符』
AuthType basic
# 认证的类型
AuthUserFile "/etc/httpd/test"
# 这个目录所使用的账号密码配置文件
Require valid-user
# 后面接可以使用的账号 , 此处是让该密码文件内的用户都能够登入
Order allow,deny
Allow from all
</Directory>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[root@rhel6 conf.d]# htpasswd -cmb /etc/httpd/test tom test123
Adding password for user tom
[root@rhel6 conf.d]# htpasswd -mb /etc/httpd/test jack test123
Adding password for user jack
[root@rhel6 conf.d]# cat /etc/httpd/test
tom:$apr1$ODWlTN5b$BspUhjoyT6RexJGv7aqaL/
jack:$apr1$kx5gyFtP$eEnmSGfSOJxzuK7g/frPd/
[root@rhel6 conf.d]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: httpd: apr_sockaddr_info_get() failed for rhel6
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[ OK ]
htpasswd 创建网页用户认证的用户名和密码工具
-c 新建保存用户名和密码的文件
-m 通过md5来加秘密
-b 将密码放在终端行中显示
第一次创建使用-c参数,当已经存在test文件时,就不需要再使用-c参数了
#注意在配置文件中通过 AuthUserFile 指定的文件一定要和你用htpasswd创建的文件名一致 "/etc/httpd/test"
综合项目:
通过APACHE搭建两个虚拟主机 www.batmanX.com www.supermanX.com
要求
1.访问网址 www.batmanX.com/justice 时需要用户认证,用户batman,密码test123可以访问
2.访问网址 www.supermanX.com 时,只允许172.25.0.10访问,其他主机都不允许