httpd虚拟主机三种模式配置与https配置

于 2022-07-22 11:00:49 发布
阅读量601 收藏
点赞数
文章标签: https linux centos
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_45211528/article/details/125927382
版权

httpd

文章目录

1:配置三种不同风格的虚拟主机

虚拟主机:一个网站就是一个虚拟主机
虚拟主机有三类:

相同IP不同端口
不同IP相同端口
相同IP相同端口不同域名

[root@localhost ~]# dnf -y install httpd  //下载httpd服务


[root@localhost html]# systemctl stop firewalld.service  //临时关闭防火墙
[root@localhost ~]# cd /var/www/html/   //进入httpd站点文件目录
[root@localhost html]# echo hello world >>index.html  //设定默认主页,默认主页名字必须为index.html
[root@localhost html]# ls
index.html
[root@localhost html]# systemctl restart httpd  //重启httpd服务
[root@localhost html]# curl http://192.168.226.139  //测试访问
hello world
[root@localhost html]# mkdir ceshi   //创建设置虚拟主机所需要的页面
[root@localhost html]# mkdir host
[root@localhost html]# echo hello mirrors > ceshi/index.html
[root@localhost html]# echo hello notils > host/index.html

[root@localhost ~]# find / -name httpd-vhosts.conf  //查找虚拟主机模板
/usr/share/doc/httpd/httpd-vhosts.conf
[root@localhost ~]# mv /usr/share/doc/httpd/httpd-vhosts.conf /etc/httpd/conf.d/  //将其拷贝到配置文件中
[root@localhost ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf  //配置虚拟主机为同ip不同端口
<VirtualHost *:80>
    DocumentRoot "/var/www/html/ceshi"
    ServerName www.ceshi.com
    ErrorLog "/var/log/httpd/ceshi_log"
    CustomLog "/var/log/httpd/ceshi_log" common
</VirtualHost>

Listen 81
<VirtualHost *:81>
    DocumentRoot "/var/www/html/host"
    ServerName www.host.com
    ErrorLog "/var/log/httpd/host_log"
    CustomLog "/var/log/httpd/host_log" common
</VirtualHost>

[root@localhost html]# httpd -t //检测编写的语法是否正确
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message  
Syntax OK
[root@localhost html]# vim   /etc/httpd/conf/httpd.conf  //上面报错进入配置文件将下面一行注释去掉即可
ServerName www.example.com:80
[root@localhost html]# httpd -t
Syntax OK
[root@localhost html]# systemctl restart httpd  //重启服务
[root@localhost html]# curl http://192.168.226.139:80  //测试访问
hello mirrors
[root@localhost html]# curl http://192.168.226.139:81
hello notils

[root@localhost html]# vim /etc/httpd/conf.d/httpd-vhosts.conf  //修改配置文件做不同ip同端口虚拟主机


<VirtualHost 192.168.226.139:80>
    DocumentRoot "/var/www/html/ceshi"
    ServerName www.ceshi.com
    ErrorLog "/var/log/httpd/ceshi_log"
    CustomLog "/var/log/httpd/ceshi_log" common
</VirtualHost>

<VirtualHost 192.168.226.140:80>
    DocumentRoot "/var/www/html/host"
    ServerName www.host.com
    ErrorLog "/var/log/httpd/host_log"
    CustomLog "/var/log/httpd/host_log" common
</VirtualHost>

[root@localhost html]# httpd -t //检查语法是否有问题
Syntax OK
[root@localhost ~]# ip addr add 192.168.226.140 dev ens33  //添加IP地址 
[root@localhost ~]# ip a
    inet 192.168.226.140/32 scope global ens33
[root@localhost ~]# systemctl restart httpd.service  //重启服务
[root@localhost ~]# curl http://192.168.226.139  //测试
hello mirrors
[root@localhost ~]# curl http://192.168.226.140
hello notils
[root@localhost ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf //编辑配置文件做同ip同端口不同域名虚拟主机配置 
<VirtualHost 192.168.226.139:80>
    DocumentRoot "/var/www/html/ceshi"
    ServerName www.ceshi.com
    ErrorLog "/var/log/httpd/ceshi_log"
    CustomLog "/var/log/httpd/ceshi_log" common
</VirtualHost>

<VirtualHost 192.168.226.139:80>
    DocumentRoot "/var/www/html/host"
    ServerName www.host.com
    ErrorLog "/var/log/httpd/host_log"
    CustomLog "/var/log/httpd/host_log" common
</VirtualHost>

[root@localhost ~]# systemctl restart httpd.service 


//Windows主机需要进
C:\Windows\System32\drivers\etc
修改hosts配置文件添加以下
192.168.226.139 www.ceshi.com www.host.com

添加时需要将文件拖入桌面做修改再拖回去,不然会提示没权限

2:https配置


[root@localhost ~]# yum -y install mod_ssl  //下载ssl模块
[root@localhost conf.modules.d]# cd /etc/httpd/conf.modules.d/ //进入模块配置文件可以看见我们的配置文件存在
[root@localhost conf.modules.d]# ls
00-base.conf  00-dav.conf  00-lua.conf  00-mpm.conf  00-optional.conf  00-proxy.conf  00-ssl.conf  00-systemd.conf  01-cgi.conf  10-h2.conf  10-proxy_h2.conf  README
[root@localhost ~]# mkdir /etc/pki/CA
[root@localhost ~]# cd /etc/pki/CA/
[root@localhost CA]# mkdir private  
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)   //生成密钥,括号必须要
Generating RSA private key, 2048 bit long modulus (2 primes)
..................................+++++
..............................+++++
e is 65537 (0x010001)
[root@localhost CA]# openssl rsa -in private/cakey.pem -pubout  	//提取公钥
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NAk+48uqvIjPS+Z4d3I
XG1Q8VYFgONPRt+BhzeOuoeUlD1WELtuHWl/fThdNHZWGOqTatVgaupgRMNfXsJB
DajSaS85nfPOJRtb6eg5IUm4GXS/hFMSsbD0rvTcbKUTeBLfp/MLy/CIvbUQ6L5h
jj1LuBf4cHA3zqu6PfZXd6DztD3oSSHz+WNIVpkrGroVUbUUIzUqzYgpzMj4GZ02
Up3dHIUt0Fs8Ichc+0Sdqh9U2n/QG7o/TzQvlqbCA1vimKhsLymnrr9EWE5+t7z5
bO38YwEakAsldFLh6SJfEQIBvyGSsmFyYvIjdXGvtCCHeegxl3x1wFzqwKlmNinW
5wIDAQAB
-----END PUBLIC KEY-----
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365   //生成自签署证书
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:xx
Common Name (eg, your name or your server's hostname) []:nian
Email Address []:
[root@localhost CA]# openssl x509 -text -in cacert.pem
Certificate:
[root@localhost CA]# mkdir certs newcerts crl
[root@localhost CA]# touch index.txt && echo 01 > serial
[root@localhost CA]# 
[root@localhost CA]# cd /etc/httpd && mkdir ssl && cd ssl  		//客户端(例如httpd服务器)生成密钥
[root@localhost ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
......................................................................................+++++
.............................................................................................+++++
e is 65537 (0x010001)
[root@localhost ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr  // 客户端生成证书签署请求
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:xx
Common Name (eg, your name or your server's hostname) []:nian
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

[root@localhost ssl]# openssl ca -in /root/httpd.csr -out httpd.crt -days 365   	//CA签署客户端提交上来的证书


[root@localhost ssl]# ls
httpd.crt  httpd.csr  httpd.key
[root@localhost conf.d]# vim ssl.conf   //修改配置文件
DocumentRoot "/var/www/html/ceshi"
ServerName www.ceshi.com:443
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
SSLCertificateFile /etc/httpd/ssl/httpd.crt
[root@localhost conf.d]# systemctl restart httpd //重启服务

测试
在这里插入图片描述

年下瓤
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值