Httpd-2.2 and httpd-2.4 Build Secure http service based on VirtualHost
Directory:
I. CentOS6 use httpd-2.2 to build httpd service based on Domain Name
Ii. centos7 use httpd2.4 to build httpd services based on domain names
3. centos6 compile and install httpd-2.4 build httpd service based on Domain Name
I. centos6 use httpd-2.2 to build httpd service based on Domain Name:
1. Install the http service:
Yum-y install httpd2. Edit the main configuration file to enable Name VirtualHost
NameVirtualHost 192.168.1.100: 803 create DocumentRoot and edit webpage content
[Root @ bkjia ~] # Mkdir-p/data/vhost/www1
[Root @ bkjia ~] # Mkdir-p/data/vhost/www2
[Root @ bkjia www1] # echo "www1"> index.html
[Root @ bkjia www2] # echo "www2"> index.html 4. Create a VM Based on the www1 Domain Name
Requirements:
# Define access logs and error logs
# Define access prohibited from the 192.168.1.0 CIDR Block
# Access the www1.magedu.com/server-statusoutput status page, and only accessible to rootusers
The specific configuration is as follows:
[Root @ bkjia ~] # Vim/etc/httpd/conf. d/vhost1.conf
<VirtualHost 192.168.1.100: 80>
DocumentRoot/data/vhost/www1
ServerName www1.magedu.com
CustomLog/var/log/httpd/www1/aceess_log common
ErrorLog/var/log/httpd/www1/err_log # create the log file path by yourself. Otherwise, the service fails to be started.
<Directory "/data/vhost/www1">
Options None
AllowOverride None
Order allow, deny
Deny from 192.168.1.0 ### no host in the current 192.168.1.0 segment can access www1
</Directory>
<Location/server-status >### set the status information for accessing www1.magedu.com/server-status
SetHandler server-status
Order allow, deny
Allow from 192.168.1
AuthType Basic
AuthName "admin"
AuthUserFile "/etc/httpd/conf/. htpasswd" ### user authentication File
Require valid-user
</Location>
</VirtualHost>
[Root @ bkjia conf] # htpasswd-c-m/etc/httpd/. htpasswd aa # create an authenticated user
OK restart or reload Test
5. Create a VM Based on the www2 Domain Name
Requirements:
### Define access logs and error logs
### Access to this site is an https secure website
The specific configuration is as follows:
<VirtualHost 192.168.1.100: 80>
DocumentRoot/data/vhost/www2
ServerName www2.magedu.com
ErrorLog/var/log/httpd/www2/error_log # define error logs
CustomLog/var/log/httpd/www2/access_log common # define access logs
</VirtualHost> construct the site for HTTPS secure access:
Create CA:
1) generate the private key file:
[Root @ bkjia tls] # (umask 077; openssl genrsa-out/etc/pki/CA/private/cakey. pem 2048) 2) generate a self-signed certificate
[Root @ bkjia CA] # openssl req-new-x509-key/etc/pki/CA/private/cakey. pem-out/etc/pki/CA/cacert. pem-days 3655
Country Name (2 letter code) [XX]: CN
State or Province Name (full name) []: beijing
Locality Name (eg, city) [Default City]: beijing
Organization Name (eg, company) [Default Company Ltd]: magedu.com
Organizational Unit Name (eg, section) []: yunwei
Common Name (eg, your name or your server's hostname) []: bkjia
Email Address []: admin@163.com 3) provide files for CA
[Root @ bkjia CA] # touch metrics serial,index.txt}
[Root @ bkjia CA] # echo 01> serial
The http server is configured as follows:
1) generate a private key
[Root @ bkjia ~] # Mkdir/etc/httpd/ssl
[Root @ bkjia ~] # Cd/etc/httpd/ssl
[Root @ bkjia ssl] # (umask 077; openssl genrsa-out/etc/httpd/ssl/httpd. key 2048) 2) generate a certificate request:
[Root @ bkjia ssl] # openssl req-new-key/etc/httpd/ssl/httpd. key-out/etc/httpd/ssl/httpd. csr-days 365
Country Name (2 letter code) [XX]: CN
State or Province Name (full name) []: beijing
Locality Name (eg, city) [Default City]: beijing
Organization Name (eg, company) [Default Company Ltd]: magedu.com
Organizational Unit Name (eg, section) []: yunwei
Common Name (eg, your name or your server's hostname) []: bkjia
Email Address []: admin@163.com
Please enter the following 'extra 'attributes
To be sent with your certificate request
A challenge password []:
An optional company name []: 3) Send this request certificate to CA for signing
[Root @ bkjia ssl] # scp httpd. csr 192.168.1.100:/tmp4) CA signs the certificate and sends it to the requester
[Root @ bkjia tmp] # openssl ca-in/tmp/httpd. csr-out/etc/pki/CA/certs/httpd. crt-days 365 [root @ bkjia certs] # scp httpd. crt root@192.168.1.100:/etc/httpd/ssl/5) The mod_ssl module needs to be installed for http to support ssl
[Root @ bkjia ~] # Yum-y install mod_ssl6) configure the/etc/httpd/conf. d/ssl. conf file
<VirtualHost 192.168.1.100: 443>
DocumentRoot "/data/vhost/www2"
ServerName www2.magedu.com
SSLCertificateFile/etc/httpd/ssl/httpd. crt
SSLCertificateKeyFile/etc/httpd/ssl/httpd. key7) restart the service test.
[Root @ bkjia ~] # Httpd-t
Syntax OK
[Root @ bkjia ~] # Service httpd reload
Reloading httpd:
------------------------------------ Separation line ---------------------------------------
Ii. centos7 use httpd2.4 to build httpd services based on domain names
The httpd-2.4 on centos7 is basically the same as httpd2.2 on centos6, all the places are not detailed description and operation.
1. Install the httpd service
Yum-y install httpd
2. Create a webpage and storage path
Mkdir-p/data/vhost/www {1, 2}
Echo "centos7 www1">/data/vhost/www1/index.html
Echo "centos7 www2">/data/vhost/www2/index.html
3. Create a VM www1 and impose restrictions.
[Root @ bkjia ~] # Vim/etc/httpd/conf. d/vhost1.conf
<VirtualHost 192.168.1.104: 80>
DocumentRoot/data/vhost/www1
ServerName www1.magedu.com
CustomLog/var/log/httpd/www1/acess_log common
ErrorLog/var/log/httpd/www1/err_log
<Directory "/data/vhost/www1">
Options None
AllowOverride None
# Define access permissions:
<RequireAll>
Require all granted
Require not ip 192.168
</RequireAll>
</Directory>
#### Define the status page and authenticate
<Location "/server-status">
SetHandler server-status
Require all granted
AuthType Basic
AuthName "admin"
AuthUserFile "/etc/httpd/. htpasswd"
Require valid-user
</Location>
</VirtualHost> 4. Create a VM www2
[Root @ bkjia ~] # Vim/etc/httpd/conf. d/vhost2.conf
<VirtualHost 192.168.1.104: 80>
DocumentRoot/data/vhost/www2
ServerName www2.magedu.com
CustomLog/var/log/httpd/www2/acess_log common
ErrorLog/var/log/httpd/www2/err_log
<Directory "/data/vhost/www2">
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
-------------------------------- Separation line -----------------------------------------
3. centos6 compile and install httpd-2.4 build httpd service based on Domain Name
Because the httpd-2.4 depends on apr and apr-until requires version 1.4 or later. The default centos version is relatively low, so we use centos6 httpd-2.4 when we need to manually compile the installation can:
Preparation tools: apr-1.4.6.tar
Apr-util-1.4.1.tar
Httpd-2.4.6.tar
1. Install the Development Kit
[Root @ bkjia ~] # Yum-y install prce-devel [root @ bkjia ~] # Yum groupinstall Development tools Server Platform Development2. Install apr
[Root @ bkjia ~] # Tar xf apr-1.4.6.tar.bz2
[Root @ bkjia ~] # Cd apr-1.4.6
[Root @ bkjia apr-1.4.6] #./configure -- prefix =/usr/local/apr
[Root @ bkjia apr-1.4.6] # make & make install3, install apr-
[Root @ bkjia ~] # Tar xf apr-util-1.4.1.tar.bz2
[Root @ bkjia ~] # Cd apr-util-1.4.1
[Root @ bkjia apr-util-1.4.1] #./configure -- prefix =/usr/local/apr-util -- with-apr =/usr/local/apr
[Root @ bkjia apr-util-1.4.1] # make & make install4, compile and install httpd2.4
[Root @ bkjia ~] # Tar xf httpd-2.4.6.tar.bz2
[Root @ bkjia ~] # Cd httpd-2.4.6
[Root @ bkjia httpd-2.4.6] #./configure -- prefix =/usr/local/apache24 -- sysconfdir =
/Etc/httpd24 -- enable-so -- enable -- ssl -- enable-cgi -- enable-rewrite -- with-zlib
-- With-pcre -- with-apr =/usr/local/apr -- with-apr-util =/usr/local/apr-util
-- Enable-modules = most -- enable-mpms-shared = all -- with-mpm = prefork
[Root @ bkjia ~] # Make & make install5. Start the service and check the listening port
[Root @ bkjia ~] #/Usr/local/apache24/bin/apachectl start
[Root @ bkjia ~] # Ss-tnl
State Recv-Q Send-Q Local Address: Port Peer Address: Port
LISTEN 0 128: 53263 :::*
LISTEN 0 128: 111 :::*
LISTEN 0 128 *: 111 *:*
LISTEN 0 128: 80: * 6. Enable the VM module to edit the configuration file for removal #
[Root @ bkjia ~] # Vim/etc/httpd24/httpd. conf
Include/etc/httpd24/extra/httpd-vhosts.conf # enable this 7. Configure the VM
[Root @ bkjia ~] # Vim/etc/httpd24/extra/httpd-vhosts.conf
<VirtualHost 192.168.1.100: 80>
DocumentRoot "/usr/local/apache24/htdocs/test1"
ServerName test1.bkjia.com
ErrorLog "/var/log/test1/errlog"
CustomLog "/var/log/test1/acccesslog" common
</VirtualHost>
<VirtualHost 192.168.1.100: 80>
DocumentRoot "/usr/local/apache24/htdocs/test2"
ServerName test2.bkjia.com
ErrorLog "/var/log/test2/errlog"
CustomLog "/var/log/test2/accesslog" common
</VirtualHost> 8. Create a webpage test document
[Root @ bkjia htdocs] # pwd
/Usr/local/apache24/htdocs
[Root @ bkjia htdocs] # mkdir test1 test2
[Root @ bkjia htdocs] # echo "test1"> test1/index.html
[Root @ bkjia htdocs] # echo "test2"> test2/index.html 9. Check whether the configuration file is correct.
[Root @ bkjia ~] # Apachectl-t
Syntax OK10. Restart and start the service test.
[Root @ bkjia ~] #/Usr/local/apache24/bin/apachectl restart
[Root @ bkjia ~] # Curl http://test1.bkjia.com
Test1
[Root @ bkjia ~] # Curl http://test2.bkjia.com
Test2
This article permanently updates the link address: