虚拟主机:
虚拟主机有三类:
- 相同IP不同端口
- 不同IP相同端口
- 相同IP相同端口不同域名
1.配置两台虚拟主机,设置不同端口号
[root@xk conf]# vim httpd.conf
#virtual host 1 # 虚拟主机1的配置
<VirtualHost 192.168.154.128:80>
ServerName www.wangqing.com
DocumentRoot "/var/www/html/www"
ErrorLog "/var/log/httpd/www/error_log"
CustomLog "/var/log/httpd/www/access_log" combined
<Directory /var/www/html/www>
<RequireAll>
Require all granted
Require not ip 192.168.1
</RequireAll>
</Directory>
</VirtualHost>
# virtual host 2 # 虚拟主机2的配置
<VirtualHost 192.168.154.129:8080>
ServerName blog.wangqing.com
DocumentRoot "/var/www/html/blog"
ErrorLog "/var/log/httpd/blog/error_log"
CustomLog "/var/log/httpd/blog/access_log" combined
<Directory /var/www/html/blog>
<RequireAll>
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
创建www和blog的目录
[root@xk ~]# mkdir -p /var/www/html{www,blog}
修改属主属组
[root@xk ~]# chown -R apache.apache /var/www/html/
[root@xk ~]# ll /var/www/html/
total 0
drwxr-xr-x 2 apache apache 6 Dec 27 01:57 blog
drwxr-xr-x 2 apache apache 6 Dec 27 01:57 www
创建网站
[root@xk ~]# echo 'www test' > /var/www/html/www/index.html
[root@xk ~]# echo 'blog test' > /var/www/html/blog/index.html
[root@xk ~]# mkdir -p /var/log/httpd/{blog,www}
检查配置文件
[root@xk ~]# httpd -t
Syntax OK
重启并查看
[root@xk ~]# systemctl restart httpd
[root@xk ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
在文件里面listen8080监听
Listen 80
Listen 8080
重启并查看
[root@xk conf]# systemctl restart httpd
[root@xk conf]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:8080 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
访问
[root@xk ~]# curl http://192.168.154.128:80
www test
[root@xk ~]# curl http://192.168.154.128:8080
blog test
2.相同端口号不同ip
删掉文件监听的8080,将主机2的IP改为192.168.154.129:8080,临时创建该ip
# virtual host 2 # 虚拟主机2的配置
<VirtualHost 192.168.154.129:80>
ServerName blog.wangqing.com
DocumentRoot "/var/www/html/blog"
ErrorLog "/var/log/httpd/blog/error_log"
CustomLog "/var/log/httpd/blog/access_log" combined
<Directory /var/www/html/blog>
<RequireAll>
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
[root@xk ~]# ip addr add 192.168.154.129/24 dev ens160
[root@xk ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:51:05:b0 brd ff:ff:ff:ff:ff:ff
inet 192.168.154.128/24 brd 192.168.154.255 scope global dynamic noprefixroute ens160
valid_lft 1104sec preferred_lft 1104sec
inet 192.168.154.129/24 scope global secondary ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe51:5b0/64 scope link noprefixroute
valid_lft forever preferred_lft forever
重启再次访问查看结果
[root@xk conf]# systemctl restart httpd
[root@xk conf]# curl http://192.168.154.128:80
www test
[root@xk conf]# curl http://192.168.154.129:80
blog test
3.相同ip,域名不同
将两台主机ip都设置为192.168.154.128:80,重启用域名访问
[root@xk conf]# vim httpd.conf
#virtual host 1 # 虚拟主机1的配置
<VirtualHost 192.168.154.128:80>
ServerName www.wangqing.com
DocumentRoot "/var/www/html/www"
ErrorLog "/var/log/httpd/www/error_log"
CustomLog "/var/log/httpd/www/access_log" combined
<Directory /var/www/html/www>
<RequireAll>
Require all granted
Require not ip 192.168.1
</RequireAll>
</Directory>
</VirtualHost>
# virtual host 2 # 虚拟主机2的配置
<VirtualHost 192.168.154.128:80>
ServerName blog.wangqing.com
DocumentRoot "/var/www/html/blog"
ErrorLog "/var/log/httpd/blog/error_log"
CustomLog "/var/log/httpd/blog/access_log" combined
<Directory /var/www/html/blog>
<RequireAll>
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
在客户机上验证
1.修改hosts文件
~ cat /etc/hosts
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
118.31.33.0 zabbix.forevercq.com
0.0.0.0 account.jetbrains.com
//添加以下2行
192.168.154.128 www.wangqing.com
192.168.154.128 blog.wangqing.com
用命令生成个人证书
创建CA的目录
[root@xk ~]# mkdir /etc/pki/CA
[root@xk ~]# cd /etc/pki/CA
[root@xk CA]# pwd
/etc/pki/CA
创建private的目录
[root@xk ~]# mkdir -p /etc/pki/CA/private
生成密钥
[root@xk CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
..+++++
........................+++++
e is 65537 (0x010001)
[root@xk CA]# ls
private
[root@xk CA]# ll private/
total 4
-rw------- 1 root root 1675 Dec 27 03:39 cakey.pem
查看公钥
[root@xk CA]# openssl rsa -in private/cakey.pem -pubout
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGLX8iGOch0Y7GBCZtZZ
lXwON2MB6l6U+5Zd1pocaPyZ4CGGRWeh0ufw83/Ic3kAz8+m/+hn3/dHw0DZURHh
oZzzx+rlnpggJV1FxL5D8TV2Vw8o/XTzw9yHJJ/Gb2yquR8BfjqL0IQG/QyeLgTl
AzNJxpJEWaBb7ifp6sOv1JrybgcKy6YlGhXH4ZQwQBoT2A/jzfM7vyhIQjxlmmdh
xIlXunnVaA8X9gBLcnB05YvXCjGqulzffUIxoAPw0NwhYFj8b3FNeruKf/51aSEs
pJgphQpUBT0pyESNnEy5wiBnwsdi+U67vGVYzb9DjmZgQc3I/LbJdX4iMvXNK3y+
zQIDAQAB
-----END PUBLIC KEY-----
CA生成自签署证书
[root@xk CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:runtime
Common Name (eg, your name or your server's hostname) []:www.wangqing.com
Email Address []:1@2.com
[root@xk CA]# mkdir certs newcerts crl
[root@xk CA]# touch index.txt && echo 01 > serial
进入conf创建一个ssl的目录
[root@xk apache]# cd conf/
[root@xk conf]# ls
extra httpd.conf magic mime.types original
[root@xk conf]# mkdir ssl
[root@xk conf]# pwd
/usr/local/apache/conf
客户端生成密钥
/usr/local/apache/conf
[root@xk conf]# cd ssl/
[root@xk ssl]# ls
[root@xk ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
........+++++
..........+++++
e is 65537 (0x010001)
[root@xk ssl]# ls
httpd.key
[root@xk ssl]#
证书签署请求
[root@xk ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:runtime
Common Name (eg, your name or your server's hostname) []:www.wangqing.com
Email Address []:1@2.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
CA签署客户端提交上来的证书
[root@xk ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Dec 26 22:17:43 2022 GMT
Not After : Dec 26 22:17:43 2023 GMT
Subject:
countryName = CN
stateOrProvinceName = HB
organizationName = runtime
organizationalUnitName = runtime
commonName = www.wangqing.com
emailAddress = 1@2.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
6E:AE:A0:4F:C9:FE:52:E8:9A:47:22:14:5E:85:0B:75:70:34:0F:C1
X509v3 Authority Key Identifier:
keyid:F0:B2:FB:18:18:96:C4:92:64:5A:71:A4:01:FA:23:E1:0A:79:AC:1B
Certificate is to be certified until Dec 26 22:17:43 2023 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@xk ssl]# ls
httpd.crt httpd.csr httpd.key
[root@xk ssl]#
配置文件
[root@xk conf]# vim extra/httpd-vhosts.conf
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/usr/local/apachehth/htdocs/www.wangqing.com"
ServerName www.wangqing.com
ErrorLog "logs/www.wangqing.com-error_log"
CustomLog "logs/www.wangqing.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host2.example.com
DocumentRoot "/usr/local/apache/htdocs/blog.wangqing.com"
ServerName blog.wangqing.com
ErrorLog "logs/blog.wangqing.com-error_log"
CustomLog "logs/blog.wangqing.com-access_log" common
</VirtualHost>
删除两台主机配置的文件并且取消注释
# Virtual hosts
Include conf/extra/httpd-vhosts.conf
创建blog.wangqing.com和www.wangqing.com两个目录
[root@xk conf]# mkdir -p /usr/local/apache/htdocs/{blog.wangqing.com,www.wangqing.com}
[root@xk conf]# ls /usr/local/apache/htdocs/
blog.wangqing.com index.html www.wangqing.com
[root@xk conf]# mv /var/www/html/www/* /usr/local/apache/htdocs/www.wangqing.com/
[root@xk conf]# mv /var/www/html/blog/* /usr/local/apache/htdocs/blog.wangqing.com/
访问发现已成功