Requirements:
1. Establish a HTTPD server that requires:
provides two name-based virtual hosts:
(a) www1.stuX.com, page file directory is/web/vhosts/www1; error log
For/var/log/httpd/www1.err, the access log is/var/log/httpd/www1.access
(b) www2.stuX.com, page file directory is/web/vhosts/www2; error log
For/var/log/httpd/www2.err, the access log is/var/log/httpd/www2.access
(c) Establish their own home page file/index.html for two virtual hosts, respectively, with their respective host names
(d) Output of httpd work status information through Www1.stux.com/server-status, and only allow the provision of accounts
Code to access (Status:status)
2. Provide HTTPS services for the 2nd virtual host above, allowing users to secure access to this web site via https:
(1) Require the use of certificate certification, the country (CN), State (Henan), City (Zhengzhou) and group required to use the certificate
Weaving (mageedu);
(2) Set up the Department for Tech, the host name is www2.stuX.com, the mailbox for [email protected]
Specific implementation steps:
One.
1) Create the required directory files
mkdir-pv/web/vhosts/www{1,2} mkdir/var/log/httpd cd/var/log/httpd touch www{1,2}. {err,access}
2) Create a home page file and write its corresponding content to it separately
/web/vhosts/www1/index.html content is as follows:
/web/vhosts/www2/index.html content is as follows:
3) Configure/etc/httpd/conf/httpd.conf with the following contents:
namevirtualhost 192.168.1.179:80<virtualhost 192.168.1.179:80>servername www1.stux.comdocumentroot "/WEB/VHOSTS/WWW1" errorlog /var/log/httpd/www1.errcustomlog /var/log/ httpd/www1.access combined<directory "/WEB/VHOSTS/WWW1" >Options followsymlinksallowoverride noneorder allow,denyallow from all</directory>< location /server-status>sethandler server-statusorder deny,allowallow from all< /location><directory /server-status>options noneallowoverride noneauthtype basicauthname "Admin area" authuserfile /etc/httpd/users/.htpasswd require user status</directory></virtualhost><virtualhost 192.168.1.179:80>servername www2.stux.comdocumentroot "/WEB/VHOSTS/WWW2" errorlog /var/log/httpd/www2.errcustomlog /var/log/ Httpd/www2.access combined</virtualhost>
Two.
1) Establish a private CA
Cd/etc/pki/ca (umask 077; OpenSSL genrsa-out pirvate/cakey.pem 2048) #生成私有CA OpenSSL Req-new-x509-key private/cakey.p Em-out cacert.pem-days 2655 #生成自签证书 echo > Serial Touch Index.txt
2) generate a certificate for the server
Cd/etc/httpd/mkdir certscd certs (umask 077;openssl genrsa-out httpd.key 2048) #生成私钥 OpenSSL Req-new-key httpd.key-out Httpd.csr-days 3655 #生成证书签署请求: OpenSSL ca-in httpd.csr-out httpd.crt-days 3655
(3) Configuring HTTPD to use digital certificates
Note: SSL sessions can only be created based on IP, which means that if the server has only one IP, the HTTPS service is provided for only one virtual host
Yum List mod_ssl CD. /conf.d/vim ssl.conf <virtualhost _default_:443> documentroot "/www/sslhost" ServerNmae www.magesu.com:443 SSLC ERTIFICATEFILE/ETC/HTTPD/CERTS/HTTPD.CRT # certificate sslcertificatekeyfile/etc/httpd/certs/httpd.key# secret key
Import/ETC/PKI/CA/CACERT.PEM Change to CACert
Verification: OpenSSL S_client-connect 192.1:443
OpenSSL S_client-connect 192.1:443-cafile/etc/pki/ca/cecert.pem
OpenSSL S_client-connect Www.mageu.com-CAfile/etc/pki/CA/cecert.pem
Get/index.html http/1.1
host:192.168.1.179
This article is from the "Lifelong Learning" blog, please be sure to keep this source http://chickengg.blog.51cto.com/10402610/1676277
Examples explain the configuration of httpd virtual host and the configuration of HTTPS