三种不同风格的虚拟主机

啊风z

已于 2022-07-23 20:52:45 修改

阅读量269

点赞数

文章标签： linux

于 2022-07-23 18:51:29 首次发布

本文链接：https://blog.csdn.net/m0_67900916/article/details/125951313

版权

三种虚拟主机与https

文章目录

三种虚拟主机与https

httpd常用配置

切换使用MPM（编辑/etc/httpd/conf.modules.d/00-mpm.conf文件）：

//LoadModule mpm_NAME_module modules/mod_mpm_NAME.so
//NAME有三种，分别是：
    prefork
    event
    worker


[root@zwl ~]# cd /etc/httpd/conf.modules.d/
[root@zwl conf.modules.d]# ls
00-base.conf  00-optional.conf  01-cgi.conf
00-dav.conf   00-proxy.conf     10-h2.conf
00-lua.conf   00-ssl.conf       10-proxy_h2.conf
00-mpm.conf   00-systemd.conf   README
[root@zwl conf.modules.d]# vim 00-mpm.conf 
# See: http://httpd.apache.org/docs/2.4/mod/prefork.html
#
# NOTE: If enabling prefork, the httpd_graceful_shutdown SELinux
# boolean should be enabled, to allow graceful stop/shutdown.
#
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so

访问控制法则：

法则	功能
Require all granted	允许所有主机访问
Require all deny	拒绝所有主机访问
Require ip IPADDR	授权指定来源地址的主机访问
Require not ip IPADDR	拒绝指定来源地址的主机访问
Require host HOSTNAME	授权指定来源主机名的主机访问
Require not host HOSTNAME	拒绝指定来源主机名的主机访问

IPADDR的类型	HOSTNAME的类型
IP：192.168.1.1 Network/mask：192.168.1.0/255.255.255.0 Network/Length：192.168.1.0/24 Net：192.168	FQDN：特定主机的全名 DOMAIN：指定域内的所有主机

注意：httpd-2.4版本默认是拒绝所有主机访问的，所以安装以后必须做显示授权访问

示例：

<Directory /var/www/html/www>
    <RequireAll>
        Require not ip 192.168.159.168
        Require all granted
    </RequireAll>
</Directory>

虚拟主机：
虚拟主机有三类：

相同IP不同端口
不同IP相同端口
相同IP相同端口不同域名

//相同IP不同端口

//设置主机名
[root@zwl ~]# vim /etc/httpd/conf/httpd.conf
ServerName www.example.com:80     //取消此行前面的#号
[root@zwl ~]# find / -name *vhosts.conf
/etc/httpd24/extra/httpd-vhosts.conf
/etc/httpd24/original/extra/httpd-vhosts.conf
/usr/share/doc/httpd/httpd-vhosts.conf
/usr/local/src/httpd-2.4.54/docs/conf/extra/httpd-vhosts.conf
[root@zwl ~]# cp /usr/share/doc/httpd/httpd-vhosts.conf /etc/httpd/conf.d/
[root@zwl ~]# ls /etc/httpd/conf.d/
README          httpd-vhosts.conf  userdir.conf
autoindex.conf  ssl.conf           welcome.conf
[root@zwl ~]# 
[root@zwl html]# ls
zhuawawaji.zip  坦克.zip
[root@zwl html]# unzip zhuawawaji.zip    //解压
[root@zwl html]# unzip 坦克.zip           //解压
[root@zwl html]# mv Battle_City tanke
[root@zwl html]# mv jQuery抓娃娃机游戏代码  zhuawawa
[root@zwl html]# ls
tanke  zhuawawa  zhuawawaji.zip  坦克.zip
[root@zwl html]# rm -rf zhuawawaji.zip 
[root@zwl html]# rm -rf 坦克.zip 
[root@zwl html]# ls
tanke  zhuawawa
[root@zwl html]# vim /etc/httpd/conf.d/httpd-vhosts.conf     //在配置文件的最后加上如下内容
[root@zwl html]# cat /etc/httpd/conf.d/httpd-vhosts.conf 
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost *:80> 
    DocumentRoot "/var/www/html/zhuawawa"
    ServerName www.zhuawawa.com 
    ErrorLog "/var/log/httpd/www.zhuawawa.com-error_log"
    CustomLog "/var/log/httpd/www.zhuawawa.com-access_log" common
</VirtualHost>

Listen 81
<VirtualHost *:81>
    DocumentRoot "/var/www/html/tanke"
    ServerName www.tanke.com      
    ErrorLog "/var/log/httpd/www.tankecom-error_log"
    CustomLog "/var/log/httpd/www.tanke.com-access_log" common
</VirtualHost>
[root@zwl html]# 
[root@zwl html]# httpd -t
Syntax OK
[root@zwl html]# systemctl start httpd
[root@zwl html]# ss -antl
State          Recv-Q         Send-Q                   Local Address:Port                   Peer Address:Port         Process         
LISTEN         0              128                            0.0.0.0:22                          0.0.0.0:*                            
LISTEN         0              128                               [::]:22                             [::]:*                            
LISTEN         0              128                                  *:443                               *:*                            
LISTEN         0              128                                  *:80                                *:*                            
LISTEN         0              128                                  *:81                                *:*

80端口
在这里插入图片描述

81端口
在这里插入图片描述

//不同IP相同端口

//添加一个临时网卡
[root@zwl ~]# ip addr add 192.168.159.169/24 dev ens33
[root@zwl ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:7f:6e:ed brd ff:ff:ff:ff:ff:ff
    inet 192.168.159.168/24 brd 192.168.159.255 scope global dynamic noprefixroute ens33
       valid_lft 1048sec preferred_lft 1048sec
    inet 192.168.159.169/24 scope global secondary ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe7f:6eed/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@zwl ~]# 
//在配置文件的最后加上如下内容
[root@zwl ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf 
[root@zwl ~]# httpd -t
Syntax OK
[root@zwl ~]# systemctl restart httpd
[root@zwl ~]# cat /etc/httpd/conf.d/httpd-vhosts.conf 
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost 192.168.159.168:80> 
    DocumentRoot "/var/www/html/zhuawawa"
    ServerName www.zhuawawa.com 
    ErrorLog "/var/log/httpd/www.zhuawawa.com-error_log"
    CustomLog "/var/log/httpd/www.zhuawawa.com-access_log" common
</VirtualHost>


<VirtualHost 192.168.159.169:80>
    DocumentRoot "/var/www/html/tanke"
    ServerName www.tanke.com      
    ErrorLog "/var/log/httpd/www.tankecom-error_log"
    CustomLog "/var/log/httpd/www.tanke.com-access_log" common
</VirtualHost>
[root@zwl ~]#

在这里插入图片描述

//相同IP相同端口不同域名

[root@zwl html]# vim /etc/httpd/conf.d/httpd-vhosts.conf 
[root@zwl html]# httpd -t
Syntax OK
[root@zwl html]# systemctl restart httpd
[root@zwl html]# cat /etc/httpd/conf.d/httpd-vhosts.conf 
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost 192.168.159.168:80> 
    DocumentRoot "/var/www/html/zhuawawa"
    ServerName www.zhuawawa.com 
    ErrorLog "/var/log/httpd/www.zhuawawa.com-error_log"
    CustomLog "/var/log/httpd/zhuawawa.com-access_log" common
</VirtualHost>


<VirtualHost 192.168.159.168:80>
    DocumentRoot "/var/www/html/tanke"
    ServerName www.tanke.com      
    ErrorLog "/var/log/httpd/www.tanke.com-error_log"
    CustomLog "/var/log/httpd/tanke.com-access_log" common
</VirtualHost>
[root@zwl html]#

C:\Windows\System32\drivers\etc //windowsNFS解析域名地址 ,在这里面添加自定义域名

在这里插入图片描述

配置https

https（全称：Hyper Text Transfer Protocol over SecureSocket Layer），是以安全为目标的 http 通道，在 http 的基础上通过传输加密和身份认证保证了传输过程的安全性。

1.生成证书

实现私有CA：

CA的配置文件：/etc/pki/tls/openssl.cnf

//CA生成一对密钥
root@zwl ~]# cd /etc/pki/
[root@zwl pki]# mkdir CA
[root@zwl pki]# cd CA/
[root@zwl CA]# mkdir private
[root@zwl CA]# (umask 077;openssl genrsa -out private/cakey.pem 204
Generating RSA private key, 2048 bit long modulus (2 primes)
...................................................................+
....+++++
e is 65537 (0x010001)

//CA生成自签署证书
[root@zwl CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:rt
Organizational Unit Name (eg, section) []:xy
Common Name (eg, your name or your server's hostname) []:www.tanke.com
Email Address []:1@2.com
[root@zwl CA]# mkdir certs newcerts crl
[root@zwl CA]# touch index.txt && echo 01 > serial

//客户端生成密钥
[root@zwl CA]# cd /etc/httpd && mkdir ssl && cd ssl
[root@zwl ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
...............................+++++
.........................................................+++++
e is 65537 (0x010001)

//客户端生成证书签署请求
//跟上述的CA生成的自签证书填写信息须一致
[root@zwl ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:rt
Organizational Unit Name (eg, section) []:xy
Common Name (eg, your name or your server's hostname) []:www.tanke.com
Email Address []:1@2.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

//CA签署客户端提交上来的证书
[root@zwl ssl]# openssl ca -in /etc/httpd/ssl/httpd.csr -out httpd.crt -days 365
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
[root@zwl ssl]# ls
httpd.crt  httpd.csr  httpd.key

2.配置ssl

//安装ssl模块
[root@zwl ~]# dnf -y install mod_ssl
[root@zwl ~]# systemctl restart httpd
[root@zwl ~]# vim /etc/httpd/conf.d/ssl.conf 
DocumentRoot "/var/www/html/fj"
ServerName www.yf.com:443
SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
//检查语法，重启服务
[root@zwl ~]# apachectl -t
Syntax OK
[root@zwl ~]# systemctl restart httpd