httpd虚拟主机

m0_74929221

已于 2022-12-27 09:47:45 修改

阅读量193

点赞数

文章标签：服务器网络 linux

于 2022-12-27 00:50:14 首次发布

本文链接：https://blog.csdn.net/m0_74929221/article/details/128449183

版权

虚拟主机的类型

1.相同ip不同端口

[root@client conf]# vim httpd.conf
ServerName www.example.com:80     /取消注释
Listen 80
Listen 8080    /增加监听
#virtual host 1   　　# 虚拟主机1的配置
<VirtualHost 192.168.38.129:80>
    ServerName www.wangqing.com
    DocumentRoot "/var/www/html/www"
    ErrorLog "/var/log/httpd/www/error_log"
    CustomLog "/var/log/httpd/www/access_log" combined
    <Directory /var/www/html/www>
        <RequireAll>
        Require all granted
        Require not ip 192.168.1
        </RequireAll>
    </Directory>
</VirtualHost>
# virtual host 2     # 虚拟主机2的配置
<VirtualHost 192.168.38.129:8080>
    ServerName blog.wangqing.com
    DocumentRoot "/var/www/html/blog"
    ErrorLog "/var/log/httpd/blog/error_log"
    CustomLog "/var/log/httpd/blog/access_log" combined
    <Directory /var/www/html/blog>
        <RequireAll>
        　　Require all granted
        </RequireAll>
    </Directory>
</VirtualHost>
[root@client ~]# mkdir -p /var/www/html/{www,blog}
[root@client ~]# mkdir -p /var/log/httpd/{blog,www}
[root@client ~]# chown -R apache.apache /var/www/html/
[root@client ~]# ll /var/www/html/
total 0
drwxr-xr-x. 2 apache apache 6 Dec 26 22:33 blog
drwxr-xr-x. 2 apache apache 6 Dec 26 22:33 www
[root@client ~]# echo 'www test' > /var/www/html/www/index.html
[root@client ~]# echo 'blog test' > /var/www/html/blog/index.html
[root@client ~]# systemctl restart httpd
[root@client ~]# ss -antl
State  Recv-Q Send-Q Local Address:Port Peer Address:Port                     Process                     
LISTEN 0      128          0.0.0.0:22        0.0.0.0:*                                                    
LISTEN 0      128                *:8080            *:*                                                    
LISTEN 0      128                *:80              *:*                                                    
LISTEN 0      128             [::]:22           [::]:*

2.不同IP相同端口

[root@client conf]# vim httpd.conf
#virtual host 1   　　# 虚拟主机1的配置
<VirtualHost 192.168.38.129:80>
    ServerName www.wangqing.com
    DocumentRoot "/var/www/html/www"
    ErrorLog "/var/log/httpd/www/error_log"
    CustomLog "/var/log/httpd/www/access_log" combined
    <Directory /var/www/html/www>
        <RequireAll>
                 Require all granted
                 Require not ip 192.168.1
        </RequireAll>
    </Directory>
</VirtualHost>
# virtual host 2     # 虚拟主机2的配置
<VirtualHost 192.168.38.130:80>
    ServerName blog.wangqing.com
    DocumentRoot "/var/www/html/blog"
    ErrorLog "/var/log/httpd/blog/error_log"
    CustomLog "/var/log/httpd/blog/access_log" combined
    <Directory /var/www/html/blog>
        <RequireAll>
                 Require all granted
        </RequireAll>
    </Directory>
</VirtualHost>
[root@client conf]# ip addr add 192.168.38.130/24 dev ens160
[root@client conf]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:9a:47:54 brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    inet 192.168.38.129/24 brd 192.168.38.255 scope global dynamic noprefixroute ens160
       valid_lft 1455sec preferred_lft 1455sec
    inet 192.168.38.130/24 scope global secondary ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe9a:4754/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

3.相同IP相同端口不同域名

[root@client conf]# vim httpd.conf
#virtual host 1   　　# 虚拟主机1的配置
<VirtualHost 192.168.38.129:80>
    ServerName www.wangqing.com
    DocumentRoot "/var/www/html/www"
    ErrorLog "/var/log/httpd/www/error_log"
    CustomLog "/var/log/httpd/www/access_log" combined
    <Directory /var/www/html/www>
        <RequireAll>
                 Require all granted
                 Require not ip 192.168.1
        </RequireAll>
    </Directory>
</VirtualHost>
# virtual host 2     # 虚拟主机2的配置
<VirtualHost 192.168.38.129:80>
    ServerName blog.wangqing.com
    DocumentRoot "/var/www/html/blog"
    ErrorLog "/var/log/httpd/blog/error_log"
    CustomLog "/var/log/httpd/blog/access_log" combined
    <Directory /var/www/html/blog>
        <RequireAll>
                 Require all granted
        </RequireAll>
    </Directory>
</VirtualHost>

生成证书

[root@client ~]# mkdir /etc/pki/CA
[root@client CA]# mkdir -p /etc/pki/CA/private
[root@client CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
.......................................................................................................................................+++++
.........................................................................................................................................+++++
e is 65537 (0x010001)
[root@client CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB    
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:runtime   
Common Name (eg, your name or your server's hostname) []:www.wangqing.com
Email Address []:2193441815@qq.com 
[root@client CA]# ls
cacert.pem  private
[root@client CA]# mkdir certs newcerts crl
[root@client CA]# touch index.txt && echo 01 > serial
[root@client conf]# mkdir ssl
[root@client conf]# cd ssl/
[root@client ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
.....................................................................................................................................+++++
.......................................................+++++
e is 65537 (0x010001)
[root@client ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:runtime
Common Name (eg, your name or your server's hostname) []:www.wangqing.com
Email Address []:2193441815@qq.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@client ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Dec 26 15:44:42 2022 GMT
            Not After : Dec 26 15:44:42 2023 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = HB
            organizationName          = runtime
            organizationalUnitName    = runtime
            commonName                = www.wangqing.com
            emailAddress              = 2193441815@qq.com
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                18:9D:FA:3F:7C:B8:38:84:59:83:D8:7D:A1:0F:F9:8E:27:86:80:FD
            X509v3 Authority Key Identifier: 
                keyid:85:23:27:DB:2D:6C:F6:CF:30:0F:B0:26:01:4F:EA:93:87:3A:56:ED

Certificate is to be certified until Dec 26 15:44:42 2023 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y
/n]y
Write out database with 1 new entries
Data Base Updated
[root@client ssl]# ls
httpd.crt  httpd.csr  httpd.key

httpds虚拟主机

[root@client conf]# vim httpd.conf 
Include conf/extra/httpd-ssl.conf    取消注释
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so   取消注释



<VirtualHost _default_:443>

#   General setup for the virtual host
DocumentRoot "/usr/local/apache/htdocs/www.wangqing.com"
ServerName www.wangqing.com:443
ServerAdmin you@example.com
ErrorLog "/usr/local/apache/logs/www.wangqing.com_error_log"
TransferLog "/usr/local/apache/logs/www.wangqing.com_access_log"
SSLCertificateFile "/usr/local/apache/conf/ssl/httpd.crt"
SSLCertificateKeyFile "/usr/local/apache/conf/ssl/httpd.key"
[root@client ~]# systemctl restart httpd
[root@client ~]# ss -antl
State  Recv-Q Send-Q Local Address:Port Peer Address:Port                     Process                     
LISTEN 0      128          0.0.0.0:22        0.0.0.0:*                                                    
LISTEN 0      128                *:8080            *:*                                                    
LISTEN 0      128                *:80              *:*                                                    
LISTEN 0      128             [::]:22           [::]:*                                                    
LISTEN 0      128                *:443             *: