Build httpd-2.2 on CentOS6.7
1. Experimental Requirements:
1, the establishment of HTTPD services, requirements:
(1) Provide two name-based virtual host WWW1, WWW2; there are separate error logs and access logs;
(2) Provide status information through WWW1 's/server-status, and only allow Tom user access;
(3) WWW2 does not allow access to any host in the 192.168.0.0/24 network;
2. Provide HTTPS service for the 2nd virtual host above
2. Experimental environment:
Linux Server OS version: CentOS release 6.7 (Final) ip:172.16.66.60
WIN7 System client: ip:172.16.250.100
3. Experimental Prerequisites:
1) Turn off firewall and SELinux
~]# Service Iptables Stop
~]# Setenforce 0
4. Experimental process:
1. Provide two name-based virtual host WWW1, WWW2; there are separate error logs and access logs
First, installation Services
1.yum Mounting httpd-2.2
~]# Yum Install httpd-y
~]# Rpm-qa httpd
~]# RPM-QL httpd
~]# RPM-QC httpd
~]# Service httpd Restart
~]# Chkconfig httpd on
~]# SS-LNT
Second, configure the virtual host
~]# cat/etc/httpd/conf.d/www1.conf
<virtualhost 172.16.66.60:80>
ServerName www1.magedu.com
Documentroot/data/vhosts/www1
Errorlog Logs/www1-error_log
Customlog Logs/www1-access_log combined
</VirtualHost>
~]# cat/etc/httpd/conf.d/www2.conf
<virtualhost 172.16.66.60:80>
ServerName www2.magedu.com
Documentroot/data/vhosts/www2
Errorlog Logs/www2-error_log
Customlog Logs/www2-access_log combined
</VirtualHost>
Third, modify the configuration parameters:
1) Back up the original configuration file
~]# cp-p httpd.conf Httpd.conf.bak
2) Turn on the virtual host: Namevirtualhost
~]# sed-n ' 990p '/etc/httpd/httpd.conf
Namevirtualhost 172.16.66.60:80
3) Create the Site directory:
~]# mkdir-pv/data/vhosts/www{1,2}
~]# echo "~]# echo "
4) Add hosts domain name resolution
~]# echo "172.16.66.60 www1.magedu.com www2.magedu.com" >>/etc/hsots
Iv. test content on PC side
1) Add domain name resolution on Wind7: path: C:\Windows\System32\drivers\etc\hosts
2) Open the hosts with Notepad add and save: 172.16.66.60 www1.magedu.com www2.magedu.com
3) test is normally accessed
2. Provide status information through WWW1 's/server-status, and only allow Tom user access;
First, modify the configuration file:
1) Only Tom users are allowed to access/server-status;
<Location/server-status>
SetHandler Server-status
AuthType Basic
AuthName "for Tom"
AuthUserFile "/ETC/HTTPD/CONF/.HTPASSWD"
Require User Tom
</Location>
2) Create a virtual user Tom file
~]# htpasswd-c-m/etc/httpd/conf/.htpasswd Tom
3) Check the syntax and reload the configuration file
~]# httpd-t
~]# Service httpd Reload
Second, in the PC browser test:
1) input http://172.16.66.60/server-status requires user Tom Authentication to access
3, for the above 2nd virtual host to provide HTTPS services;
Working directory:/etc/pki/ca/
1) Generate private key
ca]# (umask 077; OpenSSL genrsa-out Private/cakey.pem 2048)
2) Generate self-signed certificate
ca]# OpenSSL Req-new-x509-key private/cakey.pem-out Cacert.pem
You is about-to is asked to-enter information that'll be incorporated
into your certificate request.
What's about-to-enter is called a distinguished Name or a DN.
There is quite a few fields but can leave some blank
For some fields there would be a default value,
If you enter '. ', the field would be a left blank.
-----
Country Name (2 letter code) [XX]:CN
State or province name (full name) []:beijing
Locality Name (eg, city) [Default city]:beijing
Organization Name (eg, company) [Default company Ltd]:liyang
Organizational Unit Name (eg, section) []:0ps
Common name (eg, your name or your server ' s hostname) []:www2.magedu.com
Email Address []:[email protected]
3) provide supporting documents
ca]# Touch Index.txt
ca]# echo > Serial serial number
Second, the node application certificate
1) Generate private key
~]# Mkdir-pv/etc/httpd/ssl
ssl]# (umask 077; OpenSSL genrsa-out httpd.key 1024)
2) Generate Certificate signing request:
ssl]# OpenSSL Req-new-key httpd.key-out HTTPD.CSR
You is about-to is asked to-enter information that'll be incorporated
into your certificate request.
What's about-to-enter is called a distinguished Name or a DN.
There is quite a few fields but can leave some blank
For some fields there would be a default value,
If you enter '. ', the field would be a left blank.
-----
Country Name (2 letter code) [XX]:CN
State or province name (full name) []:beijing
Locality Name (eg, city) [Default city]:beijing
Organization Name (eg, company) [Default company Ltd]:liyang
Organizational Unit Name (eg, section) []:0ps
Common name (eg, your name or your server ' s hostname) []:www2.magedu.com
Email Address []:[email protected]
Please enter the following ' extra ' attributes
To is sent with your certificate request
A Challenge Password []:
An optional company name []:
3) Send the request to the CA
ssl]# CP httpd.csr/tmp/
Third, CA issued certificate
1) Signing certificate
~]# OpenSSL CA-IN/TMP/HTTPD.CSR-OUT/ETC/PKI/CA/CERTS/HTTPD.CRT
Using Configuration From/etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature OK
Certificate Details:
Serial number:1 (0x1)
Validity
Not Before:jul 13:01:20 GMT
Not After:jul 13:01:20 GMT
Subject:
CountryName = CN
Stateorprovincename = Beijing
OrganizationName = Liyang
Organizationalunitname = 0ps
CommonName = www2.magedu.com
EmailAddress = [email protected]
X509v3 Extensions:
X509v3 Basic Constraints:
Ca:false
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
F6:c2:e3:dc:3f:d9:50:39:52:43:35:bf:99:bc:ff:5e:26:eb:9e:29
X509v3 Authority Key Identifier:
Keyid:15:71:78:70:3e:9b:23:64:a0:37:de:91:1e:6b:73:f6:ad:3c:a7:a7
Certificate is to be certified until Jul 13:01:20 GMT (365 days)
Sign the certificate? [Y/n]:y
1 out of 1 certificate requests certified, commit? [Y/n]y
Write out database with 1 new entries
Data Base Updated
2) Send the signed certificate back to the requestor.
~]# cp/etc/pki/ca/certs/httpd.crt/etc/httpd/ssl/
Note: This privately built CA is completed on a single machine.
Iv. configuring HTTPD to support the use of SSL, and the use of certificates
1) Yum Install mod_ssl module
~]# Httpd-m | grep SSL
~]# Yum Install mod_ssl-y
~]# RPM-QL Mod_ssl
/etc/httpd/conf.d/ssl.conf
/usr/lib64/httpd/modules/mod_ssl.so
2) Modify the configuration file
~]# cat/etc/httpd/conf.d/ssl.conf
<virtualhost _default_:443>
DocumentRoot "/DATA/VHOSTS/WWW2"
ServerName www2.magedu.com:443
Errorlog Logs/ssl_error_log
Transferlog Logs/ssl_access_log
Sslprotocol All-sslv2
Sslcertificatefile/etc/httpd/ssl/httpd.crt
Sslcertificatekeyfile/etc/httpd/ssl/httpd.key
</VirtualHost>
V. Test results:
1) test in PC Browser: https://www2.magedu.com access via 443 port
2) test in PC Browser: http://www2.magedu.com access via 80 port
This article is from the "8752057" blog, please be sure to keep this source http://yang90.blog.51cto.com/8752057/1826601
Build httpd-2.2 on CentOS6.7