httpd
1:配置三种不同风格的虚拟主机
虚拟主机:一个网站就是一个虚拟主机
虚拟主机有三类:
相同IP不同端口
不同IP相同端口
相同IP相同端口不同域名
[root@localhost ~]# dnf -y install httpd //下载httpd服务
[root@localhost html]# systemctl stop firewalld.service //临时关闭防火墙
[root@localhost ~]# cd /var/www/html/ //进入httpd站点文件目录
[root@localhost html]# echo hello world >>index.html //设定默认主页,默认主页名字必须为index.html
[root@localhost html]# ls
index.html
[root@localhost html]# systemctl restart httpd //重启httpd服务
[root@localhost html]# curl http://192.168.226.139 //测试访问
hello world
[root@localhost html]# mkdir ceshi //创建设置虚拟主机所需要的页面
[root@localhost html]# mkdir host
[root@localhost html]# echo hello mirrors > ceshi/index.html
[root@localhost html]# echo hello notils > host/index.html
[root@localhost ~]# find / -name httpd-vhosts.conf //查找虚拟主机模板
/usr/share/doc/httpd/httpd-vhosts.conf
[root@localhost ~]# mv /usr/share/doc/httpd/httpd-vhosts.conf /etc/httpd/conf.d/ //将其拷贝到配置文件中
[root@localhost ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf //配置虚拟主机为同ip不同端口
<VirtualHost *:80>
DocumentRoot "/var/www/html/ceshi"
ServerName www.ceshi.com
ErrorLog "/var/log/httpd/ceshi_log"
CustomLog "/var/log/httpd/ceshi_log" common
</VirtualHost>
Listen 81
<VirtualHost *:81>
DocumentRoot "/var/www/html/host"
ServerName www.host.com
ErrorLog "/var/log/httpd/host_log"
CustomLog "/var/log/httpd/host_log" common
</VirtualHost>
[root@localhost html]# httpd -t //检测编写的语法是否正确
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
Syntax OK
[root@localhost html]# vim /etc/httpd/conf/httpd.conf //上面报错进入配置文件将下面一行注释去掉即可
ServerName www.example.com:80
[root@localhost html]# httpd -t
Syntax OK
[root@localhost html]# systemctl restart httpd //重启服务
[root@localhost html]# curl http://192.168.226.139:80 //测试访问
hello mirrors
[root@localhost html]# curl http://192.168.226.139:81
hello notils
[root@localhost html]# vim /etc/httpd/conf.d/httpd-vhosts.conf //修改配置文件做不同ip同端口虚拟主机
<VirtualHost 192.168.226.139:80>
DocumentRoot "/var/www/html/ceshi"
ServerName www.ceshi.com
ErrorLog "/var/log/httpd/ceshi_log"
CustomLog "/var/log/httpd/ceshi_log" common
</VirtualHost>
<VirtualHost 192.168.226.140:80>
DocumentRoot "/var/www/html/host"
ServerName www.host.com
ErrorLog "/var/log/httpd/host_log"
CustomLog "/var/log/httpd/host_log" common
</VirtualHost>
[root@localhost html]# httpd -t //检查语法是否有问题
Syntax OK
[root@localhost ~]# ip addr add 192.168.226.140 dev ens33 //添加IP地址
[root@localhost ~]# ip a
inet 192.168.226.140/32 scope global ens33
[root@localhost ~]# systemctl restart httpd.service //重启服务
[root@localhost ~]# curl http://192.168.226.139 //测试
hello mirrors
[root@localhost ~]# curl http://192.168.226.140
hello notils
[root@localhost ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf //编辑配置文件做同ip同端口不同域名虚拟主机配置
<VirtualHost 192.168.226.139:80>
DocumentRoot "/var/www/html/ceshi"
ServerName www.ceshi.com
ErrorLog "/var/log/httpd/ceshi_log"
CustomLog "/var/log/httpd/ceshi_log" common
</VirtualHost>
<VirtualHost 192.168.226.139:80>
DocumentRoot "/var/www/html/host"
ServerName www.host.com
ErrorLog "/var/log/httpd/host_log"
CustomLog "/var/log/httpd/host_log" common
</VirtualHost>
[root@localhost ~]# systemctl restart httpd.service
//Windows主机需要进
C:\Windows\System32\drivers\etc
修改hosts配置文件添加以下
192.168.226.139 www.ceshi.com www.host.com
添加时需要将文件拖入桌面做修改再拖回去,不然会提示没权限
2:https配置
[root@localhost ~]# yum -y install mod_ssl //下载ssl模块
[root@localhost conf.modules.d]# cd /etc/httpd/conf.modules.d/ //进入模块配置文件可以看见我们的配置文件存在
[root@localhost conf.modules.d]# ls
00-base.conf 00-dav.conf 00-lua.conf 00-mpm.conf 00-optional.conf 00-proxy.conf 00-ssl.conf 00-systemd.conf 01-cgi.conf 10-h2.conf 10-proxy_h2.conf README
[root@localhost ~]# mkdir /etc/pki/CA
[root@localhost ~]# cd /etc/pki/CA/
[root@localhost CA]# mkdir private
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048) //生成密钥,括号必须要
Generating RSA private key, 2048 bit long modulus (2 primes)
..................................+++++
..............................+++++
e is 65537 (0x010001)
[root@localhost CA]# openssl rsa -in private/cakey.pem -pubout //提取公钥
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NAk+48uqvIjPS+Z4d3I
XG1Q8VYFgONPRt+BhzeOuoeUlD1WELtuHWl/fThdNHZWGOqTatVgaupgRMNfXsJB
DajSaS85nfPOJRtb6eg5IUm4GXS/hFMSsbD0rvTcbKUTeBLfp/MLy/CIvbUQ6L5h
jj1LuBf4cHA3zqu6PfZXd6DztD3oSSHz+WNIVpkrGroVUbUUIzUqzYgpzMj4GZ02
Up3dHIUt0Fs8Ichc+0Sdqh9U2n/QG7o/TzQvlqbCA1vimKhsLymnrr9EWE5+t7z5
bO38YwEakAsldFLh6SJfEQIBvyGSsmFyYvIjdXGvtCCHeegxl3x1wFzqwKlmNinW
5wIDAQAB
-----END PUBLIC KEY-----
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 //生成自签署证书
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:xx
Common Name (eg, your name or your server's hostname) []:nian
Email Address []:
[root@localhost CA]# openssl x509 -text -in cacert.pem
Certificate:
[root@localhost CA]# mkdir certs newcerts crl
[root@localhost CA]# touch index.txt && echo 01 > serial
[root@localhost CA]#
[root@localhost CA]# cd /etc/httpd && mkdir ssl && cd ssl //客户端(例如httpd服务器)生成密钥
[root@localhost ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
......................................................................................+++++
.............................................................................................+++++
e is 65537 (0x010001)
[root@localhost ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr // 客户端生成证书签署请求
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:xx
Common Name (eg, your name or your server's hostname) []:nian
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@localhost ssl]# openssl ca -in /root/httpd.csr -out httpd.crt -days 365 //CA签署客户端提交上来的证书
[root@localhost ssl]# ls
httpd.crt httpd.csr httpd.key
[root@localhost conf.d]# vim ssl.conf //修改配置文件
DocumentRoot "/var/www/html/ceshi"
ServerName www.ceshi.com:443
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
SSLCertificateFile /etc/httpd/ssl/httpd.crt
[root@localhost conf.d]# systemctl restart httpd //重启服务
测试