Examples explain the configuration of httpd virtual host and the configuration of HTTPS

Source: Internet
Author: User

Requirements:

1. Establish a HTTPD server that requires:

provides two name-based virtual hosts:

(a) www1.stuX.com, page file directory is/web/vhosts/www1; error log

For/var/log/httpd/www1.err, the access log is/var/log/httpd/www1.access

(b) www2.stuX.com, page file directory is/web/vhosts/www2; error log

For/var/log/httpd/www2.err, the access log is/var/log/httpd/www2.access

(c) Establish their own home page file/index.html for two virtual hosts, respectively, with their respective host names

(d) Output of httpd work status information through Www1.stux.com/server-status, and only allow the provision of accounts

Code to access (Status:status)

2. Provide HTTPS services for the 2nd virtual host above, allowing users to secure access to this web site via https:

(1) Require the use of certificate certification, the country (CN), State (Henan), City (Zhengzhou) and group required to use the certificate

Weaving (mageedu);

(2) Set up the Department for Tech, the host name is www2.stuX.com, the mailbox for [email protected]

Specific implementation steps:

One.

1) Create the required directory files

mkdir-pv/web/vhosts/www{1,2} mkdir/var/log/httpd cd/var/log/httpd touch www{1,2}. {err,access}

2) Create a home page file and write its corresponding content to it separately

/web/vhosts/www1/index.html content is as follows:

/web/vhosts/www2/index.html content is as follows:

3) Configure/etc/httpd/conf/httpd.conf with the following contents:

namevirtualhost 192.168.1.179:80<virtualhost 192.168.1.179:80>servername  www1.stux.comdocumentroot  "/WEB/VHOSTS/WWW1" errorlog /var/log/httpd/www1.errcustomlog /var/log/ httpd/www1.access combined<directory  "/WEB/VHOSTS/WWW1" >Options  followsymlinksallowoverride noneorder allow,denyallow from all</directory>< location /server-status>sethandler server-statusorder deny,allowallow from all< /location><directory /server-status>options noneallowoverride noneauthtype  basicauthname  "Admin area" authuserfile /etc/httpd/users/.htpasswd require user  status</directory></virtualhost><virtualhost 192.168.1.179:80>servername  www2.stux.comdocumentroot  "/WEB/VHOSTS/WWW2" errorlog /var/log/httpd/www2.errcustomlog /var/log/ Httpd/www2.access combined</virtualhost>

Two.

1) Establish a private CA

Cd/etc/pki/ca (umask 077; OpenSSL genrsa-out pirvate/cakey.pem 2048) #生成私有CA OpenSSL Req-new-x509-key private/cakey.p Em-out cacert.pem-days 2655 #生成自签证书 echo > Serial Touch Index.txt

2) generate a certificate for the server

Cd/etc/httpd/mkdir certscd certs (umask 077;openssl genrsa-out httpd.key 2048) #生成私钥 OpenSSL Req-new-key httpd.key-out Httpd.csr-days 3655 #生成证书签署请求: OpenSSL ca-in httpd.csr-out httpd.crt-days 3655

(3) Configuring HTTPD to use digital certificates

Note: SSL sessions can only be created based on IP, which means that if the server has only one IP, the HTTPS service is provided for only one virtual host

Yum List mod_ssl CD. /conf.d/vim ssl.conf <virtualhost _default_:443> documentroot "/www/sslhost" ServerNmae www.magesu.com:443 SSLC ERTIFICATEFILE/ETC/HTTPD/CERTS/HTTPD.CRT # certificate sslcertificatekeyfile/etc/httpd/certs/httpd.key# secret key

Import/ETC/PKI/CA/CACERT.PEM Change to CACert

Verification: OpenSSL S_client-connect 192.1:443

OpenSSL S_client-connect 192.1:443-cafile/etc/pki/ca/cecert.pem

OpenSSL S_client-connect Www.mageu.com-CAfile/etc/pki/CA/cecert.pem

Get/index.html http/1.1

host:192.168.1.179

This article is from the "Lifelong Learning" blog, please be sure to keep this source http://chickengg.blog.51cto.com/10402610/1676277

Examples explain the configuration of httpd virtual host and the configuration of HTTPS

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.