Configuring host-name-based virtual hosts
1. Configure DNS First
DNS Installation
Yum Install bind*-y
Open firewall
Iptables-a input-p TCP--dport 53-j ACCEPT
Iptables-a input-p UDP--dport 53-j ACCEPT
Iptables-a input-p TCP--sport 53-j ACCEPT
Iptables-a input-p UDP--sport 53-j ACCEPT
Service Iptables Save
Service Iptables Restart
Copy configuration file
Cp-a/etc/named*/var/named/chroot/etc/
Cp-a/var/named/d*/var/named/named.*/var/named/slaves//var/named/chroot/var/named/
cd/var/named/chroot/etc/
Vim named.conf
Options {
Listen-on Port 53 {127.0.0.1;}; #127.0.0.1 change to any
Listen-on-v6 Port 53 {:: 1;};
Directory "/var/named";
Dump-file "/var/named/data/cache_dump.db";
Statistics-file "/var/named/data/named_stats.txt";
Memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query {localhost;}; # localhost; change to any
recursion Yes;
Dnssec-enable Yes;
Dnssec-validation Yes;
/* Path to ISC DLV key */
Bindkeys-file "/etc/named.iscdlv.key";
Managed-keys-directory "/var/named/dynamic";
};
Logging {
Channel Default_debug {
File "Data/named.run";
Severity dynamic;
};
};
Zone "." in {
Type hint;
File "named.ca";
};
#创建三个站点hhj. CC, baidu.com, google.com
Zone "hhj.cc" {
Type master;
File "Aa.zone";
};
Zone "Baidu.com" {
Type master;
File "Bb.zone";
};
Zone "google.com" {
Type master;
File "Cc.zone";
};
Include "/etc/named.rfc1912.zones";
Include "/etc/named.root.key";
Cd/var/named/chroot/var/named
Cp-a Named.localhost Aa.zone
Vim Aa.zone
$TTL 1D
@ in SOA node1.hhj.cc. Root (
11; Serial
1D; Refresh
1H; Retry
1W; Expire
3H); Minimum
NS node1.hhj.cc.
Node1 A 192.168.1.104
www A 192.168.1.104
Cp-a Named.localhost Bb.zone
Vim Aa.zone
$TTL 1D
@ in SOA node1.baidu.com. Root (
11; Serial
1D; Refresh
1H; Retry
1W; Expire
3H); Minimum
NS node1.baidu.com.
Node1 A 192.168.1.104
www A 192.168.1.104
Cp-a Named.localhost Bb.zone
Vim Cc.zone
$TTL 1D
@ in SOA node1.goole.com. Root (
11; Serial
1D; Refresh
1H; Retry
1W; Expire
3H); Minimum
NS node1.google.com.
Node1 A 192.168.1.104
www A 192.168.1.104
Create a Rndc.key file
Rndc-confgen-r/dev/urandom-a
Restart Service
Service named restart
2. Configure the virtual host
Vim/etc/httpd/conf/httpd.conf
#NameVirtualHost *:80 before the comment is removed
<virtualhost *:81>
Documentroot/baidu
ServerName www.baidu.com
</VirtualHost>
<virtualhost *:81>
Documentroot/google
ServerName www.google.com
</VirtualHost>
Restart HTTPD Service
Service httpd Restart
Modify Context
chcon-r–reference=/var/www/html/baidu//google/
HTTPS Encryption Configuration
1. Installing the Mod_ssl module
Yum Install Mod_ssl-y
View/etc/httpd/conf.d/after installation
[[Email protected] ~] #ls/etc/httpd/conf.d/
Open configuration file
[Email protected] ~]# vim/etc/httpd/conf.d/ssl.conf
LoadModule ssl_module modules/mod_ssl.so #加载mod_ssl. So module
Listen 443 #监听端口默认443
Sslengine on #是开启SSL引擎
SSLCERTIFICATEFILE/ETC/PKI/TLS/CERTS/LOCALHOST.CRT #证书路径
Sslcertificatekeyfile/etc/pki/tls/private/localhost.key #私钥路径
Enter the/etc/pki/tls/certs/directory
[Email protected] ~]# cd/etc/pki/tls/certs/
[[email protected] certs]# ls
CA-BUNDLE.CRT ca-bundle.trust.crt localhost.crt Make-dummy-cert Makefile Renew-dummy-cert
Use OpenSSL command to make keys and certificate files :
Generate the Ca.key key:
# OpenSSL genrsa-des3-out Ca.key-rand rand.dat 1024
To create a CA.CRT certificate:
# OpenSSL req-new-x509-days 365-key ca.key-out ca.crt
[email protected] certs]# make AA.CRT #制作数据签名
Umask 77; \
/usr/bin/openssl genrsa-aes128 2048 > Aa.key
Generating RSA private key, 2048 bit long modulus
................................+++
...............................+++
E is 65537 (0x10001)
Enter Pass phrase: #输入密码
Verifying-enter Pass phrase: #输入密码
Umask 77; \
/usr/bin/openssl req-utf8-new-key aa.key-x509-days 365-out aa.crt-set_serial 0
Enter Pass phrase for Aa.key: #输入密码
You is about-to is asked to-enter information that'll be incorporated
into your certificate request.
What's about-to-enter is called a distinguished Name or a DN.
There is quite a few fields but can leave some blank
For some fields there would be a default value,
If you enter '. ', the field would be a left blank.
-----
Country Name (2 letter code) [XX]:CN
State or province name (full name) []:SC
Locality Name (eg, city) [Default CITY]:CD
Organization Name (eg, company) [Default company LTD]:HHJ
Organizational Unit Name (eg, section) []:hhj1984
Common name (eg, your name or your server ' s hostname) []:RHCC
Email Address []:
[[email protected] certs]# ls
AA.CRT aa.key ca-bundle.crt ca-bundle.trust.crt localhost.crt make-dummy-cert Makefile Renew-dummy-cert
AA.CRT to generate the certificate, Aa.key is the private key
Take a document to a designated place
[email protected] certs]# CP AA.CRT aa.key/etc/httpd/conf/
Configuring the/ETC/HTTPD/CONF.D/SSL.CONF certificate and private key path
Vim/etc/httpd/conf.d/ssl.conf
SSLCERTIFICATEFILE/ETC/HTTPD/CONF/AA.CRT #证书路径
Sslcertificatekeyfile/etc/httpd/conf/aa.key #私钥路径
[Email protected] certs]# service httpd restart #重启后就可以用HTTPS访问了
2. use a digital signature only for one site
[Email protected] ~]# vim/etc/httpd/conf.d/ssl.conf
Sslengine off #关闭SSL引擎
Put the configuration directly under the virtual host
<virtualhost *:443> #改为443
Documentroot/baidu
ServerName www.baidu.com
Sslengine on
SSLCERTIFICATEFILE/ETC/PKI/TLS/CERTS/LOCALHOST.CRT #证书路径
Sslcertificatekeyfile/etc/pki/tls/private/localhost.key #私钥路径
</VirtualHost>
and restart httpd.
forcing users to use HTTPS to access site methods
in the /httpd.conf Modify
Vim/etc/httpd/conf/httpd.conf
<virtualhost 192.168.1.104:443>
Documentroot/var/www/html
ServerName www.hhj1984.cc
Serveralias www.hhj1984.cc. *.hhj1984.cc
Sslengine on
Sslcertificatefile/etc/httpd/conf/ca.crt
Sslcertificatekeyfile/etc/httpd/conf/ca.key
</VirtualHost>
<directory "/var/www/html" > #站点所在目录
Options Indexes FollowSymLinks
AllowOverride all #要求找. htacess configuration file
Order Allow,deny
Allow from all
</Directory>
Modified under/var/www/html. Htacess is not created #站点所在目录
<ifmodule mod_rewrite.c>
Rewriteengine on
Rewritecond%{http_host} ^www.hhj1984.cc$ [NC]
Rewriterule ^ (. *)? $ https://www.hhj1984.cc/$1 [r=301,l]
Rewritecond%{server_port}!^443$
Rewriterule ^ (. *)? $ https://www.hhj1984.cc/$1 [r=301,l]
</IfModule>
~
~
Configure host name-based virtual host and httpd encrypted SSL configuration and HTTPS forced jump