HTTP main applications

Source: Internet
Author: User

CentOS6 mainly use the http2.2 version, CentOS7 using the http2.4 version, there is a difference between the two versions, 2.2 of the event module is in the test phase, 2.4 of the event module can be used normally, 2.2 does not support dynamic loading module, and 2.4 supports dynamic Loading and unloading module;


Using CentOS6.7 to establish HTTPD services, the main functions are:

① set up two virtual host www1,www2, with a separate error log and access log;

② can view status information through WWW1 's server-status, but only link users can access it;

③WWW2 set access scope, allow other hosts to access, but do not allow 192.168.1.0/24IP address access;

④ provides HTTPS service for WWW2;

First set up two virtual hosts, under/etc/httpd/conf.d/Create two pieces of virtual host files, vhosts-www1.conf and

Vhosts-www2.conf

650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M00/9F/5E/wKioL1mb0HzRNa_NAAAjBgo6_HA767.jpg-wh_500x0-wm_ 3-wmp_4-s_2152980162.jpg "title=" qq20170822143414.jpg "alt=" Wkiol1mb0hzrna_naaajbgo6_ha767.jpg-wh_50 "/>

Main configuration of the script profile vhosts-www1.conf

such as Docmentroot,servername,errorlog,customlog and set its server-status access rights, only allow link user access, create its root file system under/MYWEB/VHOSTS/WWW1;

Chip configuration file vhosts-www1.conf

650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M02/00/AF/wKiom1mb1VWzmhw3AAA_G1GEB7k633.jpg-wh_500x0-wm_ 3-wmp_4-s_3981410801.jpg "title=" qq20170822145458.jpg "alt=" Wkiom1mb1vwzmhw3aaa_g1geb7k633.jpg-wh_50 "/>

Create WWW1, error log, access log for the corresponding directory path, use the HTPASSWD command to create a virtual user key;

The-c option is only required when creating a virtual user file for the first time, and the-m option indicates encryption using the MD5 one-way encryption algorithm;

650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M02/9F/5F/wKioL1mb1iOzjI90AABIrbLfiiA377.jpg-wh_500x0-wm_ 3-wmp_4-s_2127519042.jpg "title=" qq20170822145826.jpg "alt=" Wkiol1mb1iozji90aabirblfiia377.jpg-wh_50 "/>


WWW1 Running results:

Home

650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M02/9F/5F/wKioL1mb1q-T1dHRAAASuRLpyNk243.jpg-wh_500x0-wm_ 3-wmp_4-s_921368834.jpg "title=" qq20170822150031.jpg "alt=" Wkiol1mb1q-t1dhraaasurlpynk243.jpg-wh_50 "/>

Server-status:

650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M01/00/AF/wKiom1mb1u7DEtsBAABBmoSvOQs731.jpg-wh_500x0-wm_ 3-wmp_4-s_3630513216.jpg "title=" qq20170822150143.jpg "alt=" Wkiom1mb1u7detsbaabbmosvoqs731.jpg-wh_50 "/>


Main configuration of the script profile vhosts-www2.conf:

650) this.width=650; "Src=" https://s5.51cto.com/wyfs02/M00/00/B0/wKiom1mb4YmRe4NwAAA-i1d_cKI261.jpg-wh_500x0-wm_ 3-wmp_4-s_396002702.jpg "title=" qq20170822154700.jpg "alt=" Wkiom1mb4ymre4nwaaa-i1d_cki261.jpg-wh_50 "/>

Set the order permission to test with Telnet

Such as:

650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M00/9F/60/wKioL1mb4fCx7Q2rAABNxMk30FM967.jpg-wh_500x0-wm_ 3-wmp_4-s_862364313.jpg "title=" qq20170822154853.jpg "alt=" Wkiol1mb4fcx7q2raabnxmk30fm967.jpg-wh_50 "/>

650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M00/00/B0/wKiom1mb4iDQD1pZAABVv41BW4c353.jpg-wh_500x0-wm_ 3-wmp_4-s_2985798979.jpg "title=" qq20170822154924.jpg "alt=" Wkiom1mb4idqd1pzaabvv41bw4c353.jpg-wh_50 "/>

WWW2 Running results:

650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M02/9F/61/wKioL1mb6k7xcDU1AAATDUf68x4594.jpg-wh_500x0-wm_ 3-wmp_4-s_1395768412.jpg "title=" qq20170822162409.jpg "alt=" Wkiol1mb6k7xcdu1aaatduf68x4594.jpg-wh_50 "/>

To access by using a domain name, you need to add a record of that domain name to the hosts configuration file under Windows.

Such as:

172.16.72.4 www.wujunqi2.com


To set up an HTTPS service for a WWW2 virtual host:

The private key is generated first at the client and its request certificate:

650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M02/00/B4/wKiom1mb_0SCKcEGAACG5tz94hg361.jpg-wh_500x0-wm_ 3-wmp_4-s_2709827161.jpg "title=" qq20170822175346.jpg "alt=" Wkiom1mb_0sckcegaacg5tz94hg361.jpg-wh_50 "/>

650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M02/9F/64/wKioL1mb_5nSh6PpAABj0b9AxYc796.jpg-wh_500x0-wm_ 3-wmp_4-s_3226994824.jpg "title=" qq20170822175524.jpg "alt=" Wkiol1mb_5nsh6ppaabj0b9axyc796.jpg-wh_50 "/>

Use SCP to send client request certificates to a private CA:

650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M01/9F/64/wKioL1mb_9KA2xHrAAAfcwtsvBQ167.jpg-wh_500x0-wm_ 3-wmp_4-s_2182214352.jpg "title=" qq20170822175611.jpg "alt=" Wkiol1mb_9ka2xhraaafcwtsvbq167.jpg-wh_50 "/>

Install MOD_SSL, use yum install Mod_ssl

Mod_ssl is a prerequisite for HTTPS use

To build a private CA:

Place the private key and the public key under the specified path

Private key:/etc/pki/ca/private/cakey.pem

Public key:/etc/pki/ca/cacert.pem

Create two private CAs required configuration files under/etc/pki/ca

echo > Serial

Touch Index.txt

650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M00/9F/64/wKioL1mcAaSzsB62AAA0ncXptZY732.jpg-wh_500x0-wm_ 3-wmp_4-s_3089699713.jpg "title=" qq20170822180351.jpg "alt=" Wkiol1mcaaszsb62aaa0ncxptzy732.jpg-wh_50 "/>


650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M00/9F/64/wKioL1mcAi2gSDUHAABov5VOHUo312.jpg-wh_500x0-wm_ 3-wmp_4-s_2430241693.jpg "title=" qq20170822180558.jpg "alt=" Wkiol1mcai2gsduhaabov5vohuo312.jpg-wh_50 "/>


To send the generated client certificate to the client using SCP

650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M01/9F/64/wKioL1mcAorBmyGzAAAtNbZcSI8284.jpg-wh_500x0-wm_ 3-wmp_4-s_1335798757.jpg "title=" qq20170822180750.jpg "alt=" Wkiol1mcaorbmygzaaatnbzcsi8284.jpg-wh_50 "/>

Client:

650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M02/05/B9/wKiom1mqk7eRmPXCAAAbScc_-qQ363.jpg-wh_500x0-wm_ 3-wmp_4-s_2803277552.jpg "title=" qq20170902191832.jpg "alt=" Wkiom1mqk7ermpxcaaabscc_-qq363.jpg-wh_50 "/>

Place the public key of the server-side private CA everywhere under local windows and import it into the certificate file in the browser

such as: Google

650) this.width=650; "Src=" https://s5.51cto.com/wyfs02/M01/A4/6A/wKioL1mqlD6DPx01AADZ8-BkoX8201.jpg-wh_500x0-wm_ 3-wmp_4-s_595276395.jpg "title=" qq20170902192125.jpg "alt=" Wkiol1mqld6dpx01aadz8-bkox8201.jpg-wh_50 "/>

Client under/etc/httpd/conf.d/ssl.conf

650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M01/05/B9/wKiom1mqlKOzT5LnAABeTe7d0EM982.jpg-wh_500x0-wm_ 3-wmp_4-s_2855975810.jpg "title=" qq20170902192243.jpg "alt=" Wkiom1mqlkozt5lnaabete7d0em982.jpg-wh_50 "/>

Set the client's private key and the certificate storage path after authentication, respectively, with the instruction Sslcertificatekeyfile and

Sslcertificatefile;

HTTPS Settings results:

650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M00/A4/6A/wKioL1mqlYfyUWx6AAAlUu_scGA911.jpg-wh_500x0-wm_ 3-wmp_4-s_618176730.jpg "title=" qq20170902192650.jpg "alt=" Wkiol1mqlyfyuwx6aaaluu_scga911.jpg-wh_50 "/>

Using CentOS7.0 to establish HTTPD services, the main functions are:

① set up two virtual host www1,www2, with a separate error log and access log;

② can view status information through WWW1 's server-status, but only link users can access it;

③WWW2 set access scope, allow other hosts to access, but do not allow 192.168.1.0/24IP address access;

④ provides HTTPS service for WWW2;

Create a slice profile vhosts-www1.conf and vhosts-www2.conf under Centos7/etc/httpd/conf.d

Vhosts-www1.conf:

650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M00/9F/66/wKioL1mcHzPDQZZ6AABRdG1qdBg611.jpg-wh_500x0-wm_ 3-wmp_4-s_417812908.jpg "title=" qq20170822201010.jpg "alt=" Wkiol1mchzpdqzz6aabrdg1qdbg611.jpg-wh_50 "/>

CentOS7 's httpd is version 2.4, this version of the tablet configuration file is roughly the same, the difference is that CentOS6.7 for the scope of access if not specified by default is all, and CentOS7 for the scope of access is not specified by default is not, so that all the IP can not access the page;

Require all granted: All IP can be accessed;

Require all denied: None of the IP can be accessed;

Setting the server state access rights is the same as CentOS6;

Create the root directory and include the Web file in the root directory;

650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M00/9F/66/wKioL1mcImqAbix7AAANR2C5v9s006.jpg-wh_500x0-wm_ 3-wmp_4-s_63973399.jpg "title=" qq20170822201819.jpg "alt=" Wkiol1mcimqabix7aaanr2c5v9s006.jpg-wh_50 "/>

Create the error log and access the log directory:

650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M02/00/B6/wKiom1mcIqvhJ6GzAAATsGhJ5QM663.jpg-wh_500x0-wm_ 3-wmp_4-s_2724604214.jpg "title=" qq20170822202453.jpg "alt=" Wkiom1mciqvhj6gzaaatsghj5qm663.jpg-wh_50 "/>


To overload the httpd configuration file:

Systemctl Reload Httpd.service

WWW1 Running results:

Home

650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M01/9F/66/wKioL1mcIvyhSyE8AAARujeLljg168.jpg-wh_500x0-wm_ 3-wmp_4-s_4136131979.jpg "title=" qq20170822202621.jpg "alt=" Wkiol1mcivyhsye8aaarujelljg168.jpg-wh_50 "/>

Server-status

650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M00/00/B6/wKiom1mcI3nwd6_PAABAF5H0jsA421.jpg-wh_500x0-wm_ 3-wmp_4-s_3661478244.jpg "title=" qq20170822202819.jpg "alt=" Wkiom1mci3nwd6_paabaf5h0jsa421.jpg-wh_50 "/>

650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M01/00/B6/wKiom1mcI6TDzXZvAACVgIKDOkQ282.jpg-wh_500x0-wm_ 3-wmp_4-s_3616857874.jpg "title=" qq20170822202856.jpg "alt=" Wkiom1mci6tdzxzvaacvgikdokq282.jpg-wh_50 "/>


Vhosts-www2.conf:

650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M01/9F/67/wKioL1mcKzbg49pgAABDovXxlRI092.jpg-wh_500x0-wm_ 3-wmp_4-s_1318430604.jpg "title=" qq20170822210129.jpg "alt=" Wkiol1mckzbg49pgaabdovxxlri092.jpg-wh_50 "/>

At the same time control the host access and rejection, you need to place it in <RequireAll></RequireAll> settings;

To create the root directory and the log directory:

650) this.width=650; "Src=" https://s5.51cto.com/wyfs02/M00/9F/67/wKioL1mcK77hNS4aAAAj1fz0L_0644.jpg-wh_500x0-wm_ 3-wmp_4-s_2424540888.jpg "title=" qq20170822210347.jpg "alt=" Wkiol1mck77hns4aaaaj1fz0l_0644.jpg-wh_50 "/>

HTTPD-T Verify that the syntax is correct:

650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M02/9F/67/wKioL1mcK--TVbnpAAAw8csHoYU624.jpg-wh_500x0-wm_ 3-wmp_4-s_963855226.jpg "title=" qq20170822210434.jpg "alt=" Wkiol1mck--tvbnpaaaw8cshoyu624.jpg-wh_50 "/>

To overload the httpd configuration file:

Systemctl Reload Httpd.service


WWW2 Running results:

650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M00/9F/67/wKioL1mcLILw17hLAAAVd2VDQog506.jpg-wh_500x0-wm_ 3-wmp_4-s_2208068327.jpg "title=" qq20170822210658.jpg "alt=" Wkiol1mclilw17hlaaavd2vdqog506.jpg-wh_50 "/>


WWW2 Set https:

To create a private CA:

650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M00/A4/6B/wKioL1mqr9Txg2gRAABneJol_sQ577.jpg-wh_500x0-wm_ 3-wmp_4-s_1518612829.jpg "title=" qq20170902211855.jpg "alt=" Wkiol1mqr9txg2graabnejol_sq577.jpg-wh_50 "/>

650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M02/05/BA/wKiom1mqsBLALoyxAABzI-IRgnc206.jpg-wh_500x0-wm_ 3-wmp_4-s_1650353923.jpg "title=" qq20170902211942.jpg "alt=" Wkiom1mqsblaloyxaabzi-irgnc206.jpg-wh_50 "/>

Client Configuration:

Yum Install httpd

Yum Install Mod_ssl

Vim/etc/httpd/conf.d/ssl.conf

650) this.width=650; "Src=" https://s5.51cto.com/wyfs02/M01/A4/6B/wKioL1mqsGaiIbjVAAA6uXZi-TQ347.jpg-wh_500x0-wm_ 3-wmp_4-s_3541616132.jpg "title=" qq20170902212135.jpg "alt=" Wkiol1mqsgaiibjvaaa6uxzi-tq347.jpg-wh_50 "/>

Mkdir-p/MYWEB/VHOSTS/WWW2

Create a index.html file under this directory;

Configure the client's private key and generate a certificate request file

650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M01/A4/6B/wKioL1mqsO2Sx9Q6AABVjSk02vs086.jpg-wh_500x0-wm_ 3-wmp_4-s_442877557.jpg "title=" qq20170902212349.jpg "alt=" Wkiol1mqso2sx9q6aabvjsk02vs086.jpg-wh_50 "/>

650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M02/05/BA/wKiom1mqsTvDH59LAABip6AYCSg109.jpg-wh_500x0-wm_ 3-wmp_4-s_3424475599.jpg "title=" qq20170902212435.jpg "alt=" Wkiom1mqstvdh59laabip6aycsg109.jpg-wh_50 "/>


Send the HTTPD.CSR file to the server side to generate the certificate

650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M02/A4/6B/wKioL1mqsVTBFRxnAABDyuY6g5U863.jpg-wh_500x0-wm_ 3-wmp_4-s_3031184184.jpg "title=" qq20170902212532.jpg "alt=" Wkiol1mqsvtbfrxnaabdyuy6g5u863.jpg-wh_50 "/>


The certificate is sent to the client and the server-side CA public key is placed under windows and imported into the certificate of the browser to be accessed;

Client:

650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M02/05/BA/wKiom1mqscWDvmZJAAAUamSEx1s310.jpg-wh_500x0-wm_ 3-wmp_4-s_3369177735.jpg "title=" qq20170902212656.jpg "alt=" Wkiom1mqscwdvmzjaaauamsex1s310.jpg-wh_50 "/>

Browser:

650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M01/A4/6B/wKioL1mqscWxYOg1AAArG4FSn9I286.jpg-wh_500x0-wm_ 3-wmp_4-s_2784645692.jpg "title=" qq20170902212724.jpg "alt=" Wkiol1mqscwxyog1aaarg4fsn9i286.jpg-wh_50 "/>

HTTP main applications

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.