F5负载均衡硬件服务商;
lvs虚拟服务器开源软件负载均衡;
disxuz开源论坛。
虚拟主机
http服务
#yum -y install httpd
#cd /etc/httpd/conf.d
注释Documuroot 根路径映射
注释servername
#cp /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf .
//帮助文档
-----------------------------------------------------
不同域名,相同ip
#vim httpd-vhosts.conf
<VirtualHost 172.25.0.11:80>
DocumentRoot "/var/www/html"
ServerName server0.example.com
</VirtualHost>
<VirtualHost 172.25.0.11:80>
DocumentRoot "/var/www/virtual"
ServerName www0.example.com
</VirtualHost>
<VirtualHost 172.25.0.11:80>
DocumentRoot "/www"
ServerName webapp0.example.com
</VirtualHost>
<Directory "/www">
AllowOverride None
Require all granted
</Directory>
#mkdir /var/www/virtual
#cd /var/www/virtual
#vim index.html
#mkdir /www
#cd /www
#vim index.html
#cd /var/www/html
#vim index.html
#semanage fcontext -a -t semanage fcontext -a -t httpd_sys_content_t '/www(/.*)?'
#restorecon -vFR /www
#httpd -t
#systemctl restart httpd.service
#systemctl stop firewalld.service
----------------------------------------------------
不同端口,相同ip
#vim httpd-vhosts.conf
<VirtualHost 172.25.0.11:80>
DocumentRoot "/var/www/html"
ServerName server0.example.com
</VirtualHost>
-----------------------
Listen 808
<VirtualHost 172.25.0.11:808>
DocumentRoot "/var/www/virtual"
ServerName www0.example.com
</VirtualHost>
-----------------------
Listen 8088
<VirtualHost 172.25.0.11:8088>
DocumentRoot "/www"
ServerName webapp0.example.com
</VirtualHost>
-----------------------
<Directory "/www">
AllowOverride None
Require all granted
</Directory>
#semanage port -l | grep http
#semanage port -a -t http_port_t -p tcp 808
#semanage port -a -t http_port_t -p tcp 8088
#httpd -t
#systemctl restart httpd.service
#netstat -ntlp
-----------------------------------------------------
不同ip
#nmcli con modify 'System eth0' ipv4.method manual ipv4.addresses '172.25.0.11/24 172.25.0.254'
#vim /etc/sysconfig/network-scripts/ifcfg-eth0
IPADDR0=172.25.0.11
PREFIX0=24
IPADDR1=172.25.0.15
PREFIX1=24
IPADDR2=172.25.0.16
PREFIX2=24
#systemctl restart NetworkManager
#ip addr show
#vim httpd-vhosts.conf
<VirtualHost 172.25.0.11:80>
DocumentRoot "/var/www/html"
ServerName server0.example.com
</VirtualHost>
<VirtualHost 172.25.0.15:80>
DocumentRoot "/var/www/virtual"
ServerName www0.example.com
</VirtualHost>
<VirtualHost 172.25.0.16:80>
DocumentRoot "/www"
ServerName webapp0.example.com
</VirtualHost>
<Directory "/www">
AllowOverride None
Require all granted
</Directory>
#httpd -t
#systemctl restart httpd.service
Python页面
WSGI接口(动态页面)
#yum -y install mod_wsgi
#vim /etc/httpd/conf.d/httpd-vhosts.conf
Listen 8989
<VirtualHost 172.25.0.11:8989>
DocumentRoot "/var/www/html"
ServerName server0.example.com
WSGIScriptAlias / /var/www/html/webapp.wsgi
//根路径映射
</VirtualHost>
#semanage port -a -t http_port_t -p tcp 8989
#cd /var/www/html
#wget http://172.25.254.254/content/RHCE/web/webapp.wsgi
#httpd -t
#systemctl restart httpd.service
#netstat -ntlp
加密认证
私key→生成csr→提交CA→颁发crt公钥
1、CA生成私cakey.pem→公cacert.pem
2、server:生成私httpd.key→公httpd.csr;
公钥提交给CA,CA将cakey.pem+httpd.csr打包颁发证书httpd.crt
3、将httpd.crt下载到浏览器
SSL(CA证书配置https:443)
#yum -y install mod_ssl
#vim /etc/httpd/conf.d/ssl.conf
DocumentRoot "/var/www/html"
ServerName server0.example.com:443
......
SSLCertificateFile /etc/pki/tls/certs/server0.crt
SSLCertificateKeyFile /etc/pki/tls/private/server0.key
#cd /etc/pki/tls/certs
#wget http://172.25.254.254/pub/tls/certs/serverX.crt
#cd /etc/pki/tls/private
#wget http://172.25.254.254/pub/tls/private/serverX.key
#httpd -t
#systemctl restart httpd.service
#netstat -ntlp
########################################
CA(自签名证书)
#cd /etc/pki/CA/
#(umask 077;openssl genrsa -out private/cakey.pem 2048)
//生成CA私钥
#openssl req -new -x509 -key private/cakey.pem -out cacert.pem
//生成CA公钥
#touch serial index.txt
#echo 01 > serial //编号
##################################
httpd(server)
#yum -y install httpd mod_ssl
#cd /etc/httpd
#mkdir ssl
#(umask 077;openssl genrsa -out httpd.key 1024)
//生成server的私钥(只给内权限700)
#openssl req -new -key httpd.key -out httpd.csr
//根据私钥生成server公钥
#openssl ca -in httpd.csr -out httpd.crt
//向CA申请颁发证书
#vim /etc/httpd/conf.d/ssl.conf
DocumentRoot "/var/www/html"
ServerName server0.example.com:443
......
SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
#httpd -t
#systemctl restart httpd.service
#systemctl stop firewalld.service
网站登录认证
Auth(用户认证:明文)
#vim /etc/httpd/conf.d/http-vhosts.conf
<VirtualHost 172.25.0.11:80>
DocumentRoot "/var/www/html"
ServerName server0.example.com
</VirtualHost>
<Directory "/var/www/html">
Options none
AllowOverride None // AllowOverride Authconfig
* AuthType basic
* AuthName "sdlfljksdflkjsdjljsdf" //名字
* AuthUserFile /etc/httpd/.htpasswd //用户密码
* Require valid-user //描述信息
</Directory>
//带*是修改主配文件
#htpasswd -cm /etc/httpd/.htpasswd wode
#htpasswd -m /etc/httpd/.htpasswd dewo
#httpd -t 检查语法
#systemctl restart httpd.service博客搭建
LAMP+wordpress
#yum -y install httpd php php-mysql mariadb-server
#vim /etc/httpd/conf/httpd.conf
ServerName server0.example.com:80
DicectoryIndex index.html index.php
#systemctl restart httpd.service
#systemctl stop firewalld.service
#systemctl start mariadb.service
#mysql_secure_installtion
#mysql
>create database aaa;
>grant all on aaa.* to aaa@localhost identified by 'redhat';
>grant all on aaa.* to aaa@127.0.0.1 identified by 'redhat';
>flush privileges;
#wget http://172.25.254.254/content/ruanjian/wordpress-4.7.4-zh_CN.tar.gz
#tar -xf wordpress-4.7.4-zh_CN.tar.gz
#cp -r wordpress /var/www/html/.
#cd /var/www/html/wordpress
#cp wp-config-sample.php wp-config.php
"DB-NAME" aaa
"DB-USER" aaa
"DB-passwd" redhatnginx企业级应用
指向第三方epel库可以yum安装nginx
Nginx服务
#yum -y install gcc
#wget http://172.25.254.254/content/ruanjian/httpd-2.4.12.tar.gz
#tar xf nginx-1.7.11.tar.gz
#cd nginx-1.7.11/
#yum -y install pcre-devel openssl-devel(开发包)
#useradd -r -s /sbin/nologin nginx (添加用户)
#./configure --prefix=/usr/local/nginx --conf-path=/etc/nginx/nginx.conf --with-http_ssl_module --user=nginx --group=nginx
#make
#make install
#/usr/local/nginx/sbin/nginx -t
#/usr/local/nginx/sbin/nginx
#/usr/local/nginx/sbin/nginx -s stop|reload
#############虚拟主机搭建########
#vim /etc/nginx/nginx.conf
http {
server {
listen 80;
server_name server0.example.com;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name www0.example.com;
root virtual;
index index.html;
}
//在erro后,连住写入
#cd /usr/local/nginx
#mkdir virtual
#cd virtual
#vim index.html
#/usr/local/nginx/sbin/nginx -t
#/usr/local/nginx/sbin/nginx -s reload
#netstat -ntlp
##########反向代理#########
//主机轮换,减少负载;一台Nginx两台httpd;
//可以开发Nginx的80,httpd8080,将httpd反向代理给Nginx;防止暴露80口内容;
Nginx Server:
-------------
#vim /etc/nginx/nginx.conf
################连续添加在http中
upstream aaa {
# ip_hash; //固定主机访问
server 172.25.0.10:80;
server 172.25.7.11:80;
}
server {
listen 80;
server_name server0.example.com;
location / {
root html;
index index.html index.htm;
proxy_pass http://aaa;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
httpd1:(172.25.0.10)
--------------------
#yum -y install httpd
#systemctl stop firewalld.service
#vim /var/www/html/index.html
#systemctl start httpd.service
httpd2:172.25.6.11
------------------
#yum -y install httpd
#systemctl stop firewalld.service
#vim /var/www/html/index.html
#systemctl start httpd.service
测试:
-----------
#firefox
httpd://172.25.0.11
SSL:
#vim /etc/nginx/nginx.conf
server {
listen 443 ssl;
server_name server0.example.com;
ssl_certificate /etc/nginx/ssl/server0.crt;
ssl_certificate_key /etc/nginx/ssl/server0.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
#mkdir /etc/nginx/ssl
#cd /etc/nginx/ssl
#wget http://172.25.254.254/pub/tls/certs/serverX.crt
#wget http://172.25.254.254/pub/tls/certs/serverX.crt
#/usr/local/nginx/sbin/nginx -t
#/usr/local/nginx/sbin/nginx -s reload
#netstat -ntlp
扫一扫
3233
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
