Httpd-2.2 and httpd-2.4 Build Secure http service based on VirtualHost

Source: Internet
Author: User

Httpd-2.2 and httpd-2.4 Build Secure http service based on VirtualHost

Directory:
I. CentOS6 use httpd-2.2 to build httpd service based on Domain Name
Ii. centos7 use httpd2.4 to build httpd services based on domain names
3. centos6 compile and install httpd-2.4 build httpd service based on Domain Name


I. centos6 use httpd-2.2 to build httpd service based on Domain Name:
1. Install the http service:
Yum-y install httpd2. Edit the main configuration file to enable Name VirtualHost
NameVirtualHost 192.168.1.100: 803 create DocumentRoot and edit webpage content
[Root @ bkjia ~] # Mkdir-p/data/vhost/www1
[Root @ bkjia ~] # Mkdir-p/data/vhost/www2

[Root @ bkjia www1] # echo "www1"> index.html
[Root @ bkjia www2] # echo "www2"> index.html 4. Create a VM Based on the www1 Domain Name
Requirements:
# Define access logs and error logs
# Define access prohibited from the 192.168.1.0 CIDR Block
# Access the www1.magedu.com/server-statusoutput status page, and only accessible to rootusers
The specific configuration is as follows:
[Root @ bkjia ~] # Vim/etc/httpd/conf. d/vhost1.conf

<VirtualHost 192.168.1.100: 80>
DocumentRoot/data/vhost/www1
ServerName www1.magedu.com
CustomLog/var/log/httpd/www1/aceess_log common
ErrorLog/var/log/httpd/www1/err_log # create the log file path by yourself. Otherwise, the service fails to be started.

<Directory "/data/vhost/www1">
Options None
AllowOverride None
Order allow, deny
Deny from 192.168.1.0 ### no host in the current 192.168.1.0 segment can access www1
</Directory>


<Location/server-status >### set the status information for accessing www1.magedu.com/server-status
SetHandler server-status
Order allow, deny
Allow from 192.168.1

AuthType Basic
AuthName "admin"
AuthUserFile "/etc/httpd/conf/. htpasswd" ### user authentication File
Require valid-user
</Location>


</VirtualHost>

[Root @ bkjia conf] # htpasswd-c-m/etc/httpd/. htpasswd aa # create an authenticated user
OK restart or reload Test

5. Create a VM Based on the www2 Domain Name
Requirements:
### Define access logs and error logs
### Access to this site is an https secure website
The specific configuration is as follows:
<VirtualHost 192.168.1.100: 80>
DocumentRoot/data/vhost/www2
ServerName www2.magedu.com
ErrorLog/var/log/httpd/www2/error_log # define error logs
CustomLog/var/log/httpd/www2/access_log common # define access logs
</VirtualHost> construct the site for HTTPS secure access:
Create CA:
1) generate the private key file:
[Root @ bkjia tls] # (umask 077; openssl genrsa-out/etc/pki/CA/private/cakey. pem 2048) 2) generate a self-signed certificate
[Root @ bkjia CA] # openssl req-new-x509-key/etc/pki/CA/private/cakey. pem-out/etc/pki/CA/cacert. pem-days 3655
Country Name (2 letter code) [XX]: CN
State or Province Name (full name) []: beijing
Locality Name (eg, city) [Default City]: beijing
Organization Name (eg, company) [Default Company Ltd]: magedu.com
Organizational Unit Name (eg, section) []: yunwei
Common Name (eg, your name or your server's hostname) []: bkjia
Email Address []: admin@163.com 3) provide files for CA
[Root @ bkjia CA] # touch metrics serial,index.txt}
[Root @ bkjia CA] # echo 01> serial

The http server is configured as follows:
1) generate a private key
[Root @ bkjia ~] # Mkdir/etc/httpd/ssl
[Root @ bkjia ~] # Cd/etc/httpd/ssl
[Root @ bkjia ssl] # (umask 077; openssl genrsa-out/etc/httpd/ssl/httpd. key 2048) 2) generate a certificate request:
[Root @ bkjia ssl] # openssl req-new-key/etc/httpd/ssl/httpd. key-out/etc/httpd/ssl/httpd. csr-days 365
Country Name (2 letter code) [XX]: CN
State or Province Name (full name) []: beijing
Locality Name (eg, city) [Default City]: beijing
Organization Name (eg, company) [Default Company Ltd]: magedu.com
Organizational Unit Name (eg, section) []: yunwei
Common Name (eg, your name or your server's hostname) []: bkjia
Email Address []: admin@163.com

Please enter the following 'extra 'attributes
To be sent with your certificate request
A challenge password []:
An optional company name []: 3) Send this request certificate to CA for signing
[Root @ bkjia ssl] # scp httpd. csr 192.168.1.100:/tmp4) CA signs the certificate and sends it to the requester
[Root @ bkjia tmp] # openssl ca-in/tmp/httpd. csr-out/etc/pki/CA/certs/httpd. crt-days 365 [root @ bkjia certs] # scp httpd. crt root@192.168.1.100:/etc/httpd/ssl/5) The mod_ssl module needs to be installed for http to support ssl
[Root @ bkjia ~] # Yum-y install mod_ssl6) configure the/etc/httpd/conf. d/ssl. conf file
<VirtualHost 192.168.1.100: 443>
DocumentRoot "/data/vhost/www2"
ServerName www2.magedu.com

SSLCertificateFile/etc/httpd/ssl/httpd. crt

SSLCertificateKeyFile/etc/httpd/ssl/httpd. key7) restart the service test.
[Root @ bkjia ~] # Httpd-t
Syntax OK
[Root @ bkjia ~] # Service httpd reload
Reloading httpd:

------------------------------------ Separation line ---------------------------------------
Ii. centos7 use httpd2.4 to build httpd services based on domain names
The httpd-2.4 on centos7 is basically the same as httpd2.2 on centos6, all the places are not detailed description and operation.
1. Install the httpd service

Yum-y install httpd


2. Create a webpage and storage path
Mkdir-p/data/vhost/www {1, 2}
Echo "centos7 www1">/data/vhost/www1/index.html
Echo "centos7 www2">/data/vhost/www2/index.html


3. Create a VM www1 and impose restrictions.
[Root @ bkjia ~] # Vim/etc/httpd/conf. d/vhost1.conf

<VirtualHost 192.168.1.104: 80>
DocumentRoot/data/vhost/www1
ServerName www1.magedu.com
CustomLog/var/log/httpd/www1/acess_log common
ErrorLog/var/log/httpd/www1/err_log

<Directory "/data/vhost/www1">
Options None
AllowOverride None


# Define access permissions:
<RequireAll>
Require all granted
Require not ip 192.168
</RequireAll>
</Directory>

#### Define the status page and authenticate
<Location "/server-status">
SetHandler server-status
Require all granted

AuthType Basic
AuthName "admin"
AuthUserFile "/etc/httpd/. htpasswd"
Require valid-user
</Location>

</VirtualHost> 4. Create a VM www2
[Root @ bkjia ~] # Vim/etc/httpd/conf. d/vhost2.conf

<VirtualHost 192.168.1.104: 80>
DocumentRoot/data/vhost/www2
ServerName www2.magedu.com
CustomLog/var/log/httpd/www2/acess_log common
ErrorLog/var/log/httpd/www2/err_log

<Directory "/data/vhost/www2">
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>

-------------------------------- Separation line -----------------------------------------
3. centos6 compile and install httpd-2.4 build httpd service based on Domain Name
Because the httpd-2.4 depends on apr and apr-until requires version 1.4 or later. The default centos version is relatively low, so we use centos6 httpd-2.4 when we need to manually compile the installation can:


Preparation tools: apr-1.4.6.tar
Apr-util-1.4.1.tar
Httpd-2.4.6.tar

1. Install the Development Kit
[Root @ bkjia ~] # Yum-y install prce-devel [root @ bkjia ~] # Yum groupinstall Development tools Server Platform Development2. Install apr
[Root @ bkjia ~] # Tar xf apr-1.4.6.tar.bz2
[Root @ bkjia ~] # Cd apr-1.4.6
[Root @ bkjia apr-1.4.6] #./configure -- prefix =/usr/local/apr
[Root @ bkjia apr-1.4.6] # make & make install3, install apr-
[Root @ bkjia ~] # Tar xf apr-util-1.4.1.tar.bz2
[Root @ bkjia ~] # Cd apr-util-1.4.1
[Root @ bkjia apr-util-1.4.1] #./configure -- prefix =/usr/local/apr-util -- with-apr =/usr/local/apr
[Root @ bkjia apr-util-1.4.1] # make & make install4, compile and install httpd2.4

[Root @ bkjia ~] # Tar xf httpd-2.4.6.tar.bz2
[Root @ bkjia ~] # Cd httpd-2.4.6
[Root @ bkjia httpd-2.4.6] #./configure -- prefix =/usr/local/apache24 -- sysconfdir =
/Etc/httpd24 -- enable-so -- enable -- ssl -- enable-cgi -- enable-rewrite -- with-zlib
-- With-pcre -- with-apr =/usr/local/apr -- with-apr-util =/usr/local/apr-util
-- Enable-modules = most -- enable-mpms-shared = all -- with-mpm = prefork
 
[Root @ bkjia ~] # Make & make install5. Start the service and check the listening port

[Root @ bkjia ~] #/Usr/local/apache24/bin/apachectl start
[Root @ bkjia ~] # Ss-tnl
State Recv-Q Send-Q Local Address: Port Peer Address: Port
LISTEN 0 128: 53263 :::*
LISTEN 0 128: 111 :::*
LISTEN 0 128 *: 111 *:*
LISTEN 0 128: 80: * 6. Enable the VM module to edit the configuration file for removal #
[Root @ bkjia ~] # Vim/etc/httpd24/httpd. conf
Include/etc/httpd24/extra/httpd-vhosts.conf # enable this 7. Configure the VM
[Root @ bkjia ~] # Vim/etc/httpd24/extra/httpd-vhosts.conf

<VirtualHost 192.168.1.100: 80>
DocumentRoot "/usr/local/apache24/htdocs/test1"
ServerName test1.bkjia.com
ErrorLog "/var/log/test1/errlog"
CustomLog "/var/log/test1/acccesslog" common
</VirtualHost>

<VirtualHost 192.168.1.100: 80>
DocumentRoot "/usr/local/apache24/htdocs/test2"
ServerName test2.bkjia.com
ErrorLog "/var/log/test2/errlog"
CustomLog "/var/log/test2/accesslog" common
</VirtualHost> 8. Create a webpage test document
[Root @ bkjia htdocs] # pwd
/Usr/local/apache24/htdocs
[Root @ bkjia htdocs] # mkdir test1 test2
[Root @ bkjia htdocs] # echo "test1"> test1/index.html
[Root @ bkjia htdocs] # echo "test2"> test2/index.html 9. Check whether the configuration file is correct.

[Root @ bkjia ~] # Apachectl-t
Syntax OK10. Restart and start the service test.

[Root @ bkjia ~] #/Usr/local/apache24/bin/apachectl restart

[Root @ bkjia ~] # Curl http://test1.bkjia.com
Test1
[Root @ bkjia ~] # Curl http://test2.bkjia.com
Test2

This article permanently updates the link address:

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.