###httpd
测试步骤:
第一步下载httpd服务,开启服务和暂时关闭防火墙
[root@localhost ~]# yum -y install httpd
Failed to set locale, defaulting to C.UTF-8
Last metadata expiration check: 0:52:58 ago on Thu Jul 21 16:00:04 2022.
Dependencies resolved.
================================================================================================================
Package Architecture Version Repository Size
================================================================================================================
Installing:
httpd x86_64 2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1 appstream 1.4 M
Installing dependencies:
apr x86_64 1.6.3-12.el8 appstream 129 k
apr-util x86_64 1.6.1-6.el8 appstream 105 k
centos-logos-httpd noarch 85.8-2.el8 appstream 75 k
httpd-filesystem noarch 2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1 appstream 41 k
httpd-tools x86_64 2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1 appstream 108 k
mod_http2 x86_64 1.15.7-5.module_el8.6.0+1111+ce6f4ceb appstream 155 k
Installing weak dependencies:
apr-util-bdb x86_64 1.6.1-6.el8 appstream 25 k
apr-util-openssl x86_64 1.6.1-6.el8 appstream 27 k
Enabling module streams:
httpd 2.4
Transaction Summary
================================================================================================================
Install 9 Packages
Total download size: 2.1 M
Installed size: 5.6 M
Downloading Packages:
(1/9): apr-util-bdb-1.6.1-6.el8.x86_64.rpm 21 kB/s | 25 kB 00:01
(2/9): apr-util-openssl-1.6.1-6.el8.x86_64.rpm 19 kB/s | 27 kB 00:01
(3/9): apr-util-1.6.1-6.el8.x86_64.rpm 41 kB/s | 105 kB 00:02
(4/9): apr-1.6.3-12.el8.x86_64.rpm 37 kB/s | 129 kB 00:03
(5/9): httpd-filesystem-2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.noarch.rpm 36 kB/s | 41 kB 00:01
(6/9): httpd-tools-2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.x86_64.rpm 20 kB/s | 108 kB 00:05
(7/9): centos-logos-httpd-85.8-2.el8.noarch.rpm 8.3 kB/s | 75 kB 00:08
(8/9): mod_http2-1.15.7-5.module_el8.6.0+1111+ce6f4ceb.x86_64.rpm 31 kB/s | 155 kB 00:04
(9/9): httpd-2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.x86_64.rpm 22 kB/s | 1.4 MB 01:05
----------------------------------------------------------------------------------------------------------------
Total 30 kB/s | 2.1 MB 01:09
CentOS Stream 8 - AppStream 1.6 MB/s | 1.6 kB 00:00
Importing GPG key 0x8483C65D:
Userid : "CentOS (CentOS Official Signing Key) <security@centos.org>"
Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : apr-1.6.3-12.el8.x86_64 1/9
Running scriptlet: apr-1.6.3-12.el8.x86_64 1/9
Installing : apr-util-bdb-1.6.1-6.el8.x86_64 2/9
Installing : apr-util-openssl-1.6.1-6.el8.x86_64 3/9
Installing : apr-util-1.6.1-6.el8.x86_64 4/9
Running scriptlet: apr-util-1.6.1-6.el8.x86_64 4/9
Installing : httpd-tools-2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.x86_64 5/9
Running scriptlet: httpd-filesystem-2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.noarch 6/9
Installing : httpd-filesystem-2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.noarch 6/9
Installing : centos-logos-httpd-85.8-2.el8.noarch 7/9
Installing : mod_http2-1.15.7-5.module_el8.6.0+1111+ce6f4ceb.x86_64 8/9
Installing : httpd-2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.x86_64 9/9
Running scriptlet: httpd-2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.x86_64 9/9
Verifying : apr-1.6.3-12.el8.x86_64 1/9
Verifying : apr-util-1.6.1-6.el8.x86_64 2/9
Verifying : apr-util-bdb-1.6.1-6.el8.x86_64 3/9
Verifying : apr-util-openssl-1.6.1-6.el8.x86_64 4/9
Verifying : centos-logos-httpd-85.8-2.el8.noarch 5/9
Verifying : httpd-2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.x86_64 6/9
Verifying : httpd-filesystem-2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.noarch 7/9
Verifying : httpd-tools-2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.x86_64 8/9
Verifying : mod_http2-1.15.7-5.module_el8.6.0+1111+ce6f4ceb.x86_64 9/9
Installed:
apr-1.6.3-12.el8.x86_64
apr-util-1.6.1-6.el8.x86_64
apr-util-bdb-1.6.1-6.el8.x86_64
apr-util-openssl-1.6.1-6.el8.x86_64
centos-logos-httpd-85.8-2.el8.noarch
httpd-2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.x86_64
httpd-filesystem-2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.noarch
httpd-tools-2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.x86_64
mod_http2-1.15.7-5.module_el8.6.0+1111+ce6f4ceb.x86_64
Complete!
[root@localhost html]# systemctl stop firewalld
[root@localhost html]# systemctl restart httpd
第二步进入到 /var/www/html目录,更改首页访问内容为”hello“然后进入浏览器进行访问
[root@localhost ~]# cd /var/www/html
[root@localhost html]# ls
[root@localhost html]# echo "hello" > index.html
[root@localhost html]# ls
index.html
第三步解压tanke安装包,把youxi目录的tanke转移到/var/www/html/下面进行演示
[root@localhost youxi]# unzip tanke.zip
[root@localhost youxi]# ls
Battle_City
[root@localhost youxi]# mv Battle_City tanke
[root@localhost youxi]# ls
tanke
[root@localhost youxi]# mv tanke /var/www/html/
[root@localhost youxi]# cd /var/www/html/
[root@localhost html]# ls
index.html tanke youxi
[root@localhost html]# ls
index.html tanke
[root@localhost html]# cd tanke/
[root@localhost tanke]# ls
audio css images index.html js
进入浏览器进行访问IP后面接tanke
虚拟主机有三类:
相同IP不同端口
进入etc/httpd/目录找到conf.d配置文件进入配置文下,利用find / -name *vhosts.conf 来进行查找这个路径然后cp到本目录下面
[root@localhost tanke]# cd /etc/httpd/
[root@localhost httpd]# ls
conf conf.d conf.modules.d logs modules run state
[root@localhost httpd]# cd conf.d/
[root@localhost conf.d]# ls
README autoindex.conf userdir.conf welcome.conf
[root@localhost conf.d]# pwd
/etc/httpd/conf.d
[root@localhost conf.d]# find / -name *vhosts.conf
find: '/proc/678052': No such file or directory
find: '/proc/678075': No such file or directory
find: '/run/user/1000/gvfs': Permission denied
/usr/share/doc/httpd/httpd-vhosts.conf
[root@localhost conf.d]# cp /usr/share/doc/httpd/httpd-vhosts.conf .
[root@localhost conf.d]# ls
README autoindex.conf httpd-vhosts.conf userdir.conf welcome.conf
[root@localhost conf.d]#
###进入配置文件把一些无关紧要的东西删除
###编辑目录
[root@localhost conf.d]# httpd -t
AH00112: Warning: DocumentRoot [/var/www/dummy-host2.example.com] does not exist
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
Syntax OK
[root@localhost conf.d]# systemctl restart httpd
[root@localhost conf.d]#
利用IP访问查看
利用上面测试feiji安装包拉进去然后解压
不同IP相同端口
[root@localhost conf.d]# ip addr add 192.168.181.158/24 dev ens33
[root@localhost conf.d]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:08:71:10 brd ff:ff:ff:ff:ff:ff
inet 192.168.181.159/24 brd 192.168.181.255 scope global dynamic noprefixroute ens33
valid_lft 1318sec preferred_lft 1318sec
inet 192.168.181.158/24 scope global secondary ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe08:7110/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:40:02:68 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
[root@localhost conf.d]# vim httpd-vhosts.conf
[root@localhost conf.d]# httpd -t
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
Syntax OK
[root@localhost conf.d]# systemctl restart httpd
[root@localhost conf.d]#
###相同IP相同端口不同域名
[root@localhost conf.d]# vim httpd-vhosts.conf
[root@localhost conf.d]# httpd -t
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
Syntax OK
[root@localhost conf.d]# systemctl restart httpd
[root@localhost conf.d]#
###相同IP相同端口不同域名
[root@localhost conf.d]# vim httpd-vhosts.conf
[root@localhost conf.d]# httpd -t
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
Syntax OK
[root@localhost conf.d]# systemctl restart httpd
[root@localhost conf.d]#
去电脑计算机修改system32/drivers/etc/hosts 把这个文件拖到桌面上利用记事本打开添加最后两行东西
测试192.168.181.1/24网段无法访问tanke
[root@localhost conf.d]# vim httpd-vhosts.conf
[root@localhost conf.d]# httpd -t
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
Syntax OK
[root@localhost conf.d]# systemctl restart httpd
[root@localhost conf.d]#
##//创建网页目录并修改属主属组
[root@localhost conf.d]# cd /var/www/html
[root@localhost ~]# cd /var/www/html/
[root@localhost html]# ls
feiji index.html tanke
[root@localhost html]# mkdir www blog
[root@localhost html]# ll
total 4
drwxr-xr-x. 2 root root 6 Jul 21 21:44 blog
drwxr-xr-x. 5 root root 56 Apr 17 2020 feiji
-rw-r--r--. 1 root root 6 Jul 21 17:52 index.html
drwxr-xr-x. 6 root root 72 Sep 24 2015 tanke
drwxr-xr-x. 2 root root 6 Jul 21 21:44 www
[root@localhost html]# chown -R apache.apache blog
[root@localhost html]# chown -R apache.apache www
[root@localhost html]# ll
total 4
drwxr-xr-x. 2 apache apache 6 Jul 21 21:44 blog
drwxr-xr-x. 5 root root 56 Apr 17 2020 feiji
-rw-r--r--. 1 root root 6 Jul 21 17:52 index.html
drwxr-xr-x. 6 root root 72 Sep 24 2015 tanke
drwxr-xr-x. 2 apache apache 6 Jul 21 21:44 www
//创建网页
[root@localhost html]# pwd
/var/www/html
[root@localhost html]# ls
blog feiji index.html tanke www
[root@localhost html]# echo 'hello welcome to visit www' > www/index.html
[root@localhost html]# echo 'hello welcome to visit blog' > blog/index.html
//创建相应网页的日志目录
root@localhost ~]# mkdir /var/log/httpd/{www,blog}
[root@localhost ~]# ll /var/log/httpd/
total 52
-rw-r--r--. 1 root root 7443 Jul 21 18:37 access_log
drwxr-xr-x. 2 root root 6 Jul 21 21:46 blog
-rw-r--r--. 1 root root 0 Jul 21 19:00 dummy-host2.example.com-access_log
-rw-r--r--. 1 root root 0 Jul 21 19:00 dummy-host2.example.com-error_log
-rw-r--r--. 1 root root 16293 Jul 21 21:33 error_log
drwxr-xr-x. 2 root root 6 Jul 21 21:46 www
-rw-r--r--. 1 root root 4176 Jul 21 20:00 www.feiji1.com-access_log
-rw-r--r--. 1 root root 0 Jul 21 19:15 www.feiji1.com-error_log
-rw-r--r--. 1 root root 13892 Jul 21 21:34 www.tanke1.com-access_log
-rw-r--r--. 1 root root 1464 Jul 21 21:33 www.tanke1.com-error_log
//启动服务并查看是否有80端口
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
下载模块
[root@localhost httpd]# yum -y install mod_ssl
Failed to set locale, defaulting to C.UTF-8
Last metadata expiration check: 2:40:03 ago on Thu Jul 21 19:13:21 2022.
Dependencies resolved.
================================================================================================================
Package Architecture Version Repository Size
================================================================================================================
Installing:
mod_ssl x86_64 1:2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1 appstream 137 k
Transaction Summary
================================================================================================================
Install 1 Package
Total download size: 137 k
Installed size: 266 k
Downloading Packages:
mod_ssl-2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.x86_64.rpm 258 kB/s | 137 kB 00:00
----------------------------------------------------------------------------------------------------------------
Total 65 kB/s | 137 kB 00:02
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : mod_ssl-1:2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.x86_64 1/1
Running scriptlet: mod_ssl-1:2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.x86_64 1/1
Verifying : mod_ssl-1:2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.x86_64 1/1
Installed:
mod_ssl-1:2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.x86_64
Complete!
查看这个文件有没有这个模块内容如果有证明成功了
[root@localhost conf.modules.d]# vim 00-ssl.conf
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
LISTEN 0 128 *:443 *:*
[root@localhost ~]#
CA生成一对密钥
[root@localhost ~]# cd /etc/pki/CA
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
genrsa: Can't open "private/cakey.pem" for writing, No such file or directory
[root@localhost CA]# mkdir private
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
......................+++++
.......................................................................................................................................+++++
e is 65537 (0x010001)
[root@localhost CA]# cd private/
[root@localhost private]# ls
cakey.pem
[root@localhost private]#
CA生成自签署证书
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ch
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:jxrt
Organizational Unit Name (eg, section) []:peixun
Common Name (eg, your name or your server's hostname) []:www.feiji1.com
Email Address []:1@2.com
[root@localhost CA]# ls
cacert.pem private
[root@localhost CA]# openssl x509 -text -in cacert.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
37:bf:2a:05:17:2c:ff:2a:7d:2b:90:8e:c0:64:b8:ed:f8:42:2b:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = ch, ST = hb, L = wh, O = jxrt, OU = peixun, CN = www.feiji1.com, emailAddress = 1@2.com
Validity
Not Before: Jul 21 14:14:06 2022 GMT
Not After : Jul 21 14:14:06 2023 GMT
Subject: C = ch, ST = hb, L = wh, O = jxrt, OU = peixun, CN = www.feiji1.com, emailAddress = 1@2.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
[root@localhost CA]# mkdir certs netwcerts crl
[root@localhost CA]# ls
cacert.pem certs crl netwcerts private
[root@localhost CA]# touch index.txt && echo 01 > serial
[root@localhost CA]#
客户端(例如httpd服务器)生成密钥
[root@localhost CA]# cd /etc/httpd && mkdir ssl && cd ssl
[root@localhost ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
...+++++
.............................................................................................................................+++++
e is 65537 (0x010001)
[root@localhost ssl]#
客户端生成证书签署请求
[root@localhost ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ch
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:jxrt
Organizational Unit Name (eg, section) []:peixun
Common Name (eg, your name or your server's hostname) []:www.feiji1.com
Email Address []:1@2.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
CA签署客户端提交上来的证书
[root@localhost ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Jul 21 14:56:00 2022 GMT
Not After : Jul 21 14:56:00 2023 GMT
Subject:
countryName = cn
stateOrProvinceName = hb
organizationName = runtime
organizationalUnitName = peixun
commonName = www.aaa.com
emailAddress = 1@2.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
32:26:37:52:CD:8E:05:A8:1F:63:EF:BC:CF:A7:20:7F:26:96:ED:38
X509v3 Authority Key Identifier:
keyid:A2:69:EE:9B:29:00:AD:EA:96:7B:BE:57:4E:3C:11:ED:01:D2:47:91
Certificate is to be certified until Jul 21 14:56:00 2023 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@localhost ssl]# ls
httpd.crt httpd.csr httpd.key