本文介绍了如何在Apache httpd服务器上配置虚拟主机,包括相同IP不同端口、不同IP相同端口和相同IP相同端口不同域名的设置方法。此外,还详细讲解了启用SSL模块的步骤,包括安装SSL模块、生成证书、配置https,并提供了配置和检查的详细流程。
虚拟主机:
1.虚拟主机有三类:
1.1相同IP不同端口
1.准备工作
[root@192 ~]# find / -name *vhosts.conf
/etc/httpd24/extra/httpd-vhosts.conf
/etc/httpd24/original/extra/httpd-vhosts.conf
/root/httpd-2.4.54/docs/conf/extra/httpd-vhosts.conf
/usr/share/doc/httpd/httpd-vhosts.conf
[root@192 ~]# cd /etc/httpd
[root@192 httpd]# cd conf.d
[root@192 conf.d]# cp /usr/share/doc/httpd/httpd-vhosts.conf .
[root@192 conf.d]# ls
autoindex.conf httpd-vhosts.conf README userdir.conf welcome.conf
[root@192 conf.d]#
2.配置文件
[root@192 conf.d]# vim httpd-vhosts.conf
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost *:80>
DocumentRoot "/var/www/html/feiji"
ServerName www.feiji.com
ErrorLog "/var/log/httpd/www.feiji.com-error_log"
CustomLog "/var/log/httpd/www.feiji.com-access_log" common
</VirtualHost>
Listen 81
<VirtualHost *:81>
DocumentRoot "/var/www/html/tanke"
ServerName www.tanke.com
ErrorLog "/var/log/httpd/www.tanke.com-error_log"
CustomLog "/var/log/httpd/www.tanke.com-access_log" common
</VirtualHost>
3.配置完成后在/var/www/html/下加入两个游戏安装包
[root@192 conf.d]# cd /var/www/html/
[root@192 html]# ls
index.html run
[root@192 html]#
[root@192 html]# ls
feijiedazhan.zip index.html run 坦克.zip
4.上传好之后解压两个压缩包
[root@192 html]# unzip feijiedazhan.zip
[root@192 html]# ls
feijiedazhan.zip HTML5全民飞机大战小游戏 index.html run 坦克.zip
[root@192 html]# rm -rf feijiedazhan.zip
[root@192 html]# mv HTML5全民飞机大战小游戏 feiji
[root@192 html]# ls
feiji index.html run 坦克.zip
[root@192 html]#
[root@192 html]# ls
Battle_City feiji index.html run 坦克.zip
[root@192 html]# rm -rf 坦克.zip
[root@192 html]# mv Battle_City tanke
[root@192 html]# ls
feiji index.html run tanke
[root@192 html]#
5.都解压完成后检查一下配置文件有没有问题,然后开启服务
[root@192 html]# httpd -t
Syntax OK
[root@192 html]# systemctl restart httpd
[root@192 html]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:81 *:*
LISTEN 0 128 [::]:22 [::]:*
[root@192 html]#
6.访问一下刚刚解压好的文件网站
1.2不同IP相同端口
1.配置相同端口
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost 192.168.223.141:80>
DocumentRoot "/var/www/html/feiji"
ServerName www.feiji.com
ErrorLog "/var/log/httpd/www.feiji.com-error_log"
CustomLog "/var/log/httpd/www.feiji.com-access_log" common
</VirtualHost>
<VirtualHost 192.168.223.140:80>
DocumentRoot "/var/www/html/tanke"
ServerName www.tanke.com
ErrorLog "/var/log/httpd/www.tanke.com-error_log"
CustomLog "/var/log/httpd/www.tanke.com-access_log" common
</VirtualHost>
2.配置一个临时IP给第二个80端口
[root@192 conf.d]# ip addr add 192.168.223.140/24 dev ens33
[root@192 conf.d]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:c1:8f:69 brd ff:ff:ff:ff:ff:ff
inet 192.168.223.141/24 brd 192.168.223.255 scope global dynamic noprefixroute ens33
valid_lft 2291sec preferred_lft 2291sec
inet 192.168.223.140/24 scope global secondary ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fec1:8f69/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@192 conf.d]#
3.检查语法有没有错误,然后在重启一下
[root@192 conf.d]# httpd -t
Syntax OK
[root@192 conf.d]# systemctl restart httpd
[root@192 conf.d]#
4.查看结果
1.3相同IP相同端口不同域名
1.配置文件
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost *:80>
DocumentRoot "/var/www/html/feiji"
ServerName www.feiji.com
ErrorLog "/var/log/httpd/www.feiji.com-error_log"
CustomLog "/var/log/httpd/www.feiji.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/var/www/html/tanke"
ServerName www.tanke.com
ErrorLog "/var/log/httpd/www.tanke.com-error_log"
CustomLog "/var/log/httpd/www.tanke.com-access_log" common
</VirtualHost>
2.在本机做一个域名映射,让相同IP相同端口网站能访问
2.修改属主属组
[root@192 html]# chown -R apache.apache feiji
[root@192 html]# chown -R apache.apache tanke
[root@192 html]# ll
total 4
drwxr-xr-x. 5 apache apache 56 Apr 17 2020 feiji
-rw-r--r--. 1 root root 6 Jul 21 23:39 index.html
drwxr-xr-x. 2 root root 20 Jul 21 22:43 run
drwxr-xr-x. 6 apache apache 72 Sep 24 2015 tanke
[root@192 html]#
3.ssl模块
1.安装模块
[root@192 ~]# dnf -y install mod_ssl*
Last metadata expiration check: 1:29:32 ago on Sat 23 Jul 2022 04:30:45 PM CST.
Dependencies resolved.
=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
mod_ssl x86_64 1:2.4.37-43.module_el8.5.0+1022+b541f3b1 AppStream 136 k
Transaction Summary
=============================================================================
Install 1 Package
Total download size: 136 k
Installed size: 266 k
Downloading Packages:
mod_ssl-2.4.37-43.module_el8.5.0+1022+b541f3 285 kB/s | 136 kB 00:00
-----------------------------------------------------------------------------
Total 284 kB/s | 136 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : mod_ssl-1:2.4.37-43.module_el8.5.0+1022+b541f3b1. 1/1
Running scriptlet: mod_ssl-1:2.4.37-43.module_el8.5.0+1022+b541f3b1. 1/1
Verifying : mod_ssl-1:2.4.37-43.module_el8.5.0+1022+b541f3b1. 1/1
Installed:
mod_ssl-1:2.4.37-43.module_el8.5.0+1022+b541f3b1.x86_64
Complete!
[root@192 ~]#
2.重启服务,查看端口
[root@192 ~]# systemctl restart httpd
[root@192 ~]# httpd -t
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.223.141. Set the 'ServerName' directive globally to suppress this message
Syntax OK
[root@192 ~]#
[root@192 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:443 *:*
[root@192 ~]#
3.1配置https步骤:
openssl实现私有CA:
- CA的配置文件:/etc/pki/tls/openssl.cnf
CA生成一对密钥
[root@192 ~]# cd /etc/pki/
[root@192 pki]# ls
ca-trust java nssdb pesign pesign-rh-test rpm-gpg rsyslog tls
[root@192 pki]# mkdir CA
[root@192 pki]# cd CA/
[root@192 CA]# pwd
/etc/pki/CA
[root@192 CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
genrsa: Can't open "private/cakey.pem" for writing, No such file or directory
[root@192 CA]# mkdir private
[root@192 CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
................................................+++++
..........................................+++++
e is 65537 (0x010001)
[root@192 CA]# cd private/
[root@192 private]# ls
cakey.pem
[root@192 private]#
2.CA生成自签署证书
[root@192 CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:peixun
Common Name (eg, your name or your server's hostname) []:www.tanke.com
Email Address []:1@2.com
[root@192 CA]#
[root@192 CA]# mkdir certs newcerts crl
[root@192 CA]# touch index.txt && echo 01 > serial
[root@192 CA]# ls
cacert.pem certs crl index.txt newcerts private serial
[root@192 CA]# cat serial
01
[root@192 CA]#
3.客户端(例如httpd服务器)生成密钥
[root@192 CA]# cd /etc/httpd && mkdir ssl && cd ssl
[root@192 ssl]# pwd
/etc/httpd/ssl
[root@192 ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
................................................................+++++
..+++++
e is 65537 (0x010001)
[root@192 ssl]# ls
httpd.key
[root@192 ssl]#
4.客户端生成证书签署请求
[root@192 ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:peixun
Common Name (eg, your name or your server's hostname) []:www.tanke.com
Email Address []:1@2.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@192 ssl]#
5.CA签署客户端提交上来的证书
[root@192 ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Jul 23 10:22:58 2022 GMT
Not After : Jul 23 10:22:58 2023 GMT
Subject:
countryName = cn
stateOrProvinceName = hb
organizationName = runtime
organizationalUnitName = peixun
commonName = www.tanke.com
emailAddress = 1@2.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
D4:C4:C6:E4:3B:48:2F:82:9F:00:E5:5C:EE:99:B0:A2:EE:30:5F:04
X509v3 Authority Key Identifier:
keyid:98:E5:AE:3C:ED:4C:EB:B8:86:66:EF:C2:0D:44:59:AF:41:AB:7C:45
Certificate is to be certified until Jul 23 10:22:58 2023 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@192 ssl]#
[root@192 ssl]# ls
httpd.crt httpd.csr httpd.key
[root@192 ssl]#
6.指定证书
# require an ECC certificate which can also be configured in
# parallel.
SSLCertificateFile /etc/httpd/ssl/httpd.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
# ECC keys, when in use, can also be configured in parallel
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
<VirtualHost _default_:443>
# General setup for the virtual host, inherited from global configuration
DocumentRoot "/var/www/html/tanke"
ServerName www.tanke.com:443
//把注释去掉
7.检查语法并重启
[root@192 conf.d]# httpd -t
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.223.141. Set the 'ServerName' directive globally to suppress this message
Syntax OK
[root@192 conf.d]# systemctl restart httpd
[root@192 conf.d]#
[root@192 conf.d]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:443 *:*
[root@192 conf.d]#
7.查看效果
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-g8sozNDX-1658572456902)(./1658572149351.png)]](https://i-blog.csdnimg.cn/blog_migrate/5bd17f93d5368d762215ddf3e087016f.png)
扫一扫
606
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
