虚拟主机的类型
1.相同ip不同端口
[root@client conf]# vim httpd.conf
ServerName www.example.com:80 /取消注释
Listen 80
Listen 8080 /增加监听
#virtual host 1 # 虚拟主机1的配置
<VirtualHost 192.168.38.129:80>
ServerName www.wangqing.com
DocumentRoot "/var/www/html/www"
ErrorLog "/var/log/httpd/www/error_log"
CustomLog "/var/log/httpd/www/access_log" combined
<Directory /var/www/html/www>
<RequireAll>
Require all granted
Require not ip 192.168.1
</RequireAll>
</Directory>
</VirtualHost>
# virtual host 2 # 虚拟主机2的配置
<VirtualHost 192.168.38.129:8080>
ServerName blog.wangqing.com
DocumentRoot "/var/www/html/blog"
ErrorLog "/var/log/httpd/blog/error_log"
CustomLog "/var/log/httpd/blog/access_log" combined
<Directory /var/www/html/blog>
<RequireAll>
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
[root@client ~]# mkdir -p /var/www/html/{www,blog}
[root@client ~]# mkdir -p /var/log/httpd/{blog,www}
[root@client ~]# chown -R apache.apache /var/www/html/
[root@client ~]# ll /var/www/html/
total 0
drwxr-xr-x. 2 apache apache 6 Dec 26 22:33 blog
drwxr-xr-x. 2 apache apache 6 Dec 26 22:33 www
[root@client ~]# echo 'www test' > /var/www/html/www/index.html
[root@client ~]# echo 'blog test' > /var/www/html/blog/index.html
[root@client ~]# systemctl restart httpd
[root@client ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:8080 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
2.不同IP相同端口
[root@client conf]# vim httpd.conf
#virtual host 1 # 虚拟主机1的配置
<VirtualHost 192.168.38.129:80>
ServerName www.wangqing.com
DocumentRoot "/var/www/html/www"
ErrorLog "/var/log/httpd/www/error_log"
CustomLog "/var/log/httpd/www/access_log" combined
<Directory /var/www/html/www>
<RequireAll>
Require all granted
Require not ip 192.168.1
</RequireAll>
</Directory>
</VirtualHost>
# virtual host 2 # 虚拟主机2的配置
<VirtualHost 192.168.38.130:80>
ServerName blog.wangqing.com
DocumentRoot "/var/www/html/blog"
ErrorLog "/var/log/httpd/blog/error_log"
CustomLog "/var/log/httpd/blog/access_log" combined
<Directory /var/www/html/blog>
<RequireAll>
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
[root@client conf]# ip addr add 192.168.38.130/24 dev ens160
[root@client conf]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:9a:47:54 brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 192.168.38.129/24 brd 192.168.38.255 scope global dynamic noprefixroute ens160
valid_lft 1455sec preferred_lft 1455sec
inet 192.168.38.130/24 scope global secondary ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe9a:4754/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3.相同IP相同端口不同域名
[root@client conf]# vim httpd.conf
#virtual host 1 # 虚拟主机1的配置
<VirtualHost 192.168.38.129:80>
ServerName www.wangqing.com
DocumentRoot "/var/www/html/www"
ErrorLog "/var/log/httpd/www/error_log"
CustomLog "/var/log/httpd/www/access_log" combined
<Directory /var/www/html/www>
<RequireAll>
Require all granted
Require not ip 192.168.1
</RequireAll>
</Directory>
</VirtualHost>
# virtual host 2 # 虚拟主机2的配置
<VirtualHost 192.168.38.129:80>
ServerName blog.wangqing.com
DocumentRoot "/var/www/html/blog"
ErrorLog "/var/log/httpd/blog/error_log"
CustomLog "/var/log/httpd/blog/access_log" combined
<Directory /var/www/html/blog>
<RequireAll>
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
生成证书
[root@client ~]# mkdir /etc/pki/CA
[root@client CA]# mkdir -p /etc/pki/CA/private
[root@client CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
.......................................................................................................................................+++++
.........................................................................................................................................+++++
e is 65537 (0x010001)
[root@client CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:runtime
Common Name (eg, your name or your server's hostname) []:www.wangqing.com
Email Address []:2193441815@qq.com
[root@client CA]# ls
cacert.pem private
[root@client CA]# mkdir certs newcerts crl
[root@client CA]# touch index.txt && echo 01 > serial
[root@client conf]# mkdir ssl
[root@client conf]# cd ssl/
[root@client ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
.....................................................................................................................................+++++
.......................................................+++++
e is 65537 (0x010001)
[root@client ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:runtime
Common Name (eg, your name or your server's hostname) []:www.wangqing.com
Email Address []:2193441815@qq.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@client ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Dec 26 15:44:42 2022 GMT
Not After : Dec 26 15:44:42 2023 GMT
Subject:
countryName = CN
stateOrProvinceName = HB
organizationName = runtime
organizationalUnitName = runtime
commonName = www.wangqing.com
emailAddress = 2193441815@qq.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
18:9D:FA:3F:7C:B8:38:84:59:83:D8:7D:A1:0F:F9:8E:27:86:80:FD
X509v3 Authority Key Identifier:
keyid:85:23:27:DB:2D:6C:F6:CF:30:0F:B0:26:01:4F:EA:93:87:3A:56:ED
Certificate is to be certified until Dec 26 15:44:42 2023 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y
/n]y
Write out database with 1 new entries
Data Base Updated
[root@client ssl]# ls
httpd.crt httpd.csr httpd.key
httpds虚拟主机
[root@client conf]# vim httpd.conf
Include conf/extra/httpd-ssl.conf 取消注释
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so 取消注释
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "/usr/local/apache/htdocs/www.wangqing.com"
ServerName www.wangqing.com:443
ServerAdmin you@example.com
ErrorLog "/usr/local/apache/logs/www.wangqing.com_error_log"
TransferLog "/usr/local/apache/logs/www.wangqing.com_access_log"
SSLCertificateFile "/usr/local/apache/conf/ssl/httpd.crt"
SSLCertificateKeyFile "/usr/local/apache/conf/ssl/httpd.key"
[root@client ~]# systemctl restart httpd
[root@client ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:8080 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:443 *: