Build httpd-2.2 on CentOS6.7

Source: Internet
Author: User


Build httpd-2.2 on CentOS6.7

1. Experimental Requirements:

1, the establishment of HTTPD services, requirements:
(1) Provide two name-based virtual host WWW1, WWW2; there are separate error logs and access logs;
(2) Provide status information through WWW1 's/server-status, and only allow Tom user access;
(3) WWW2 does not allow access to any host in the 192.168.0.0/24 network;
2. Provide HTTPS service for the 2nd virtual host above

2. Experimental environment:

Linux Server OS version: CentOS release 6.7 (Final) ip:172.16.66.60
WIN7 System client: ip:172.16.250.100

3. Experimental Prerequisites:
1) Turn off firewall and SELinux

~]# Service Iptables Stop
~]# Setenforce 0

4. Experimental process:

1. Provide two name-based virtual host WWW1, WWW2; there are separate error logs and access logs


First, installation Services

1.yum Mounting httpd-2.2

~]# Yum Install httpd-y
~]# Rpm-qa httpd
~]# RPM-QL httpd
~]# RPM-QC httpd
~]# Service httpd Restart
~]# Chkconfig httpd on
~]# SS-LNT

Second, configure the virtual host

~]# cat/etc/httpd/conf.d/www1.conf
<virtualhost 172.16.66.60:80>
ServerName www1.magedu.com
Documentroot/data/vhosts/www1
Errorlog Logs/www1-error_log
Customlog Logs/www1-access_log combined
</VirtualHost>

~]# cat/etc/httpd/conf.d/www2.conf
<virtualhost 172.16.66.60:80>
ServerName www2.magedu.com
Documentroot/data/vhosts/www2
Errorlog Logs/www2-error_log
Customlog Logs/www2-access_log combined
</VirtualHost>

Third, modify the configuration parameters:

1) Back up the original configuration file
~]# cp-p httpd.conf Httpd.conf.bak

2) Turn on the virtual host: Namevirtualhost
~]# sed-n ' 990p '/etc/httpd/httpd.conf
Namevirtualhost 172.16.66.60:80

3) Create the Site directory:
~]# mkdir-pv/data/vhosts/www{1,2}
~]# echo "~]# echo "
4) Add hosts domain name resolution
~]# echo "172.16.66.60 www1.magedu.com www2.magedu.com" >>/etc/hsots

Iv. test content on PC side

1) Add domain name resolution on Wind7: path: C:\Windows\System32\drivers\etc\hosts
2) Open the hosts with Notepad add and save: 172.16.66.60 www1.magedu.com www2.magedu.com
3) test is normally accessed



2. Provide status information through WWW1 's/server-status, and only allow Tom user access;


First, modify the configuration file:

1) Only Tom users are allowed to access/server-status;
<Location/server-status>
SetHandler Server-status
AuthType Basic
AuthName "for Tom"
AuthUserFile "/ETC/HTTPD/CONF/.HTPASSWD"
Require User Tom
</Location>

2) Create a virtual user Tom file
~]# htpasswd-c-m/etc/httpd/conf/.htpasswd Tom

3) Check the syntax and reload the configuration file
~]# httpd-t
~]# Service httpd Reload

Second, in the PC browser test:

1) input http://172.16.66.60/server-status requires user Tom Authentication to access

3, for the above 2nd virtual host to provide HTTPS services;

Working directory:/etc/pki/ca/


1) Generate private key
ca]# (umask 077; OpenSSL genrsa-out Private/cakey.pem 2048)

2) Generate self-signed certificate
ca]# OpenSSL Req-new-x509-key private/cakey.pem-out Cacert.pem

You is about-to is asked to-enter information that'll be incorporated
into your certificate request.
What's about-to-enter is called a distinguished Name or a DN.
There is quite a few fields but can leave some blank
For some fields there would be a default value,
If you enter '. ', the field would be a left blank.
-----
Country Name (2 letter code) [XX]:CN
State or province name (full name) []:beijing
Locality Name (eg, city) [Default city]:beijing
Organization Name (eg, company) [Default company Ltd]:liyang
Organizational Unit Name (eg, section) []:0ps
Common name (eg, your name or your server ' s hostname) []:www2.magedu.com
Email Address []:[email protected]


3) provide supporting documents
ca]# Touch Index.txt
ca]# echo > Serial serial number


Second, the node application certificate

1) Generate private key

~]# Mkdir-pv/etc/httpd/ssl
ssl]# (umask 077; OpenSSL genrsa-out httpd.key 1024)


2) Generate Certificate signing request:
ssl]# OpenSSL Req-new-key httpd.key-out HTTPD.CSR
You is about-to is asked to-enter information that'll be incorporated
into your certificate request.
What's about-to-enter is called a distinguished Name or a DN.
There is quite a few fields but can leave some blank
For some fields there would be a default value,
If you enter '. ', the field would be a left blank.
-----
Country Name (2 letter code) [XX]:CN
State or province name (full name) []:beijing
Locality Name (eg, city) [Default city]:beijing
Organization Name (eg, company) [Default company Ltd]:liyang
Organizational Unit Name (eg, section) []:0ps
Common name (eg, your name or your server ' s hostname) []:www2.magedu.com
Email Address []:[email protected]

Please enter the following ' extra ' attributes
To is sent with your certificate request
A Challenge Password []:
An optional company name []:

3) Send the request to the CA
ssl]# CP httpd.csr/tmp/


Third, CA issued certificate

1) Signing certificate
~]# OpenSSL CA-IN/TMP/HTTPD.CSR-OUT/ETC/PKI/CA/CERTS/HTTPD.CRT
Using Configuration From/etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature OK
Certificate Details:
Serial number:1 (0x1)
Validity
Not Before:jul 13:01:20 GMT
Not After:jul 13:01:20 GMT
Subject:
CountryName = CN
Stateorprovincename = Beijing
OrganizationName = Liyang
Organizationalunitname = 0ps
CommonName = www2.magedu.com
EmailAddress = [email protected]
X509v3 Extensions:
X509v3 Basic Constraints:
Ca:false
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
F6:c2:e3:dc:3f:d9:50:39:52:43:35:bf:99:bc:ff:5e:26:eb:9e:29
X509v3 Authority Key Identifier:
Keyid:15:71:78:70:3e:9b:23:64:a0:37:de:91:1e:6b:73:f6:ad:3c:a7:a7

Certificate is to be certified until Jul 13:01:20 GMT (365 days)
Sign the certificate? [Y/n]:y
1 out of 1 certificate requests certified, commit? [Y/n]y
Write out database with 1 new entries
Data Base Updated


2) Send the signed certificate back to the requestor.
~]# cp/etc/pki/ca/certs/httpd.crt/etc/httpd/ssl/


Note: This privately built CA is completed on a single machine.


Iv. configuring HTTPD to support the use of SSL, and the use of certificates

1) Yum Install mod_ssl module
~]# Httpd-m | grep SSL
~]# Yum Install mod_ssl-y
~]# RPM-QL Mod_ssl
/etc/httpd/conf.d/ssl.conf
/usr/lib64/httpd/modules/mod_ssl.so

2) Modify the configuration file
~]# cat/etc/httpd/conf.d/ssl.conf
<virtualhost _default_:443>
DocumentRoot "/DATA/VHOSTS/WWW2"
ServerName www2.magedu.com:443
Errorlog Logs/ssl_error_log
Transferlog Logs/ssl_access_log
Sslprotocol All-sslv2
Sslcertificatefile/etc/httpd/ssl/httpd.crt
Sslcertificatekeyfile/etc/httpd/ssl/httpd.key
</VirtualHost>

V. Test results:
1) test in PC Browser: https://www2.magedu.com access via 443 port
2) test in PC Browser: http://www2.magedu.com access via 80 port


This article is from the "8752057" blog, please be sure to keep this source http://yang90.blog.51cto.com/8752057/1826601

Build httpd-2.2 on CentOS6.7

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.