CentOS6 mainly use the http2.2 version, CentOS7 using the http2.4 version, there is a difference between the two versions, 2.2 of the event module is in the test phase, 2.4 of the event module can be used normally, 2.2 does not support dynamic loading module, and 2.4 supports dynamic Loading and unloading module;
Using CentOS6.7 to establish HTTPD services, the main functions are:
① set up two virtual host www1,www2, with a separate error log and access log;
② can view status information through WWW1 's server-status, but only link users can access it;
③WWW2 set access scope, allow other hosts to access, but do not allow 192.168.1.0/24IP address access;
④ provides HTTPS service for WWW2;
First set up two virtual hosts, under/etc/httpd/conf.d/Create two pieces of virtual host files, vhosts-www1.conf and
Vhosts-www2.conf
650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M00/9F/5E/wKioL1mb0HzRNa_NAAAjBgo6_HA767.jpg-wh_500x0-wm_ 3-wmp_4-s_2152980162.jpg "title=" qq20170822143414.jpg "alt=" Wkiol1mb0hzrna_naaajbgo6_ha767.jpg-wh_50 "/>
Main configuration of the script profile vhosts-www1.conf
such as Docmentroot,servername,errorlog,customlog and set its server-status access rights, only allow link user access, create its root file system under/MYWEB/VHOSTS/WWW1;
Chip configuration file vhosts-www1.conf
650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M02/00/AF/wKiom1mb1VWzmhw3AAA_G1GEB7k633.jpg-wh_500x0-wm_ 3-wmp_4-s_3981410801.jpg "title=" qq20170822145458.jpg "alt=" Wkiom1mb1vwzmhw3aaa_g1geb7k633.jpg-wh_50 "/>
Create WWW1, error log, access log for the corresponding directory path, use the HTPASSWD command to create a virtual user key;
The-c option is only required when creating a virtual user file for the first time, and the-m option indicates encryption using the MD5 one-way encryption algorithm;
650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M02/9F/5F/wKioL1mb1iOzjI90AABIrbLfiiA377.jpg-wh_500x0-wm_ 3-wmp_4-s_2127519042.jpg "title=" qq20170822145826.jpg "alt=" Wkiol1mb1iozji90aabirblfiia377.jpg-wh_50 "/>
WWW1 Running results:
Home
650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M02/9F/5F/wKioL1mb1q-T1dHRAAASuRLpyNk243.jpg-wh_500x0-wm_ 3-wmp_4-s_921368834.jpg "title=" qq20170822150031.jpg "alt=" Wkiol1mb1q-t1dhraaasurlpynk243.jpg-wh_50 "/>
Server-status:
650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M01/00/AF/wKiom1mb1u7DEtsBAABBmoSvOQs731.jpg-wh_500x0-wm_ 3-wmp_4-s_3630513216.jpg "title=" qq20170822150143.jpg "alt=" Wkiom1mb1u7detsbaabbmosvoqs731.jpg-wh_50 "/>
Main configuration of the script profile vhosts-www2.conf:
650) this.width=650; "Src=" https://s5.51cto.com/wyfs02/M00/00/B0/wKiom1mb4YmRe4NwAAA-i1d_cKI261.jpg-wh_500x0-wm_ 3-wmp_4-s_396002702.jpg "title=" qq20170822154700.jpg "alt=" Wkiom1mb4ymre4nwaaa-i1d_cki261.jpg-wh_50 "/>
Set the order permission to test with Telnet
Such as:
650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M00/9F/60/wKioL1mb4fCx7Q2rAABNxMk30FM967.jpg-wh_500x0-wm_ 3-wmp_4-s_862364313.jpg "title=" qq20170822154853.jpg "alt=" Wkiol1mb4fcx7q2raabnxmk30fm967.jpg-wh_50 "/>
650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M00/00/B0/wKiom1mb4iDQD1pZAABVv41BW4c353.jpg-wh_500x0-wm_ 3-wmp_4-s_2985798979.jpg "title=" qq20170822154924.jpg "alt=" Wkiom1mb4idqd1pzaabvv41bw4c353.jpg-wh_50 "/>
WWW2 Running results:
650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M02/9F/61/wKioL1mb6k7xcDU1AAATDUf68x4594.jpg-wh_500x0-wm_ 3-wmp_4-s_1395768412.jpg "title=" qq20170822162409.jpg "alt=" Wkiol1mb6k7xcdu1aaatduf68x4594.jpg-wh_50 "/>
To access by using a domain name, you need to add a record of that domain name to the hosts configuration file under Windows.
Such as:
172.16.72.4 www.wujunqi2.com
To set up an HTTPS service for a WWW2 virtual host:
The private key is generated first at the client and its request certificate:
650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M02/00/B4/wKiom1mb_0SCKcEGAACG5tz94hg361.jpg-wh_500x0-wm_ 3-wmp_4-s_2709827161.jpg "title=" qq20170822175346.jpg "alt=" Wkiom1mb_0sckcegaacg5tz94hg361.jpg-wh_50 "/>
650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M02/9F/64/wKioL1mb_5nSh6PpAABj0b9AxYc796.jpg-wh_500x0-wm_ 3-wmp_4-s_3226994824.jpg "title=" qq20170822175524.jpg "alt=" Wkiol1mb_5nsh6ppaabj0b9axyc796.jpg-wh_50 "/>
Use SCP to send client request certificates to a private CA:
650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M01/9F/64/wKioL1mb_9KA2xHrAAAfcwtsvBQ167.jpg-wh_500x0-wm_ 3-wmp_4-s_2182214352.jpg "title=" qq20170822175611.jpg "alt=" Wkiol1mb_9ka2xhraaafcwtsvbq167.jpg-wh_50 "/>
Install MOD_SSL, use yum install Mod_ssl
Mod_ssl is a prerequisite for HTTPS use
To build a private CA:
Place the private key and the public key under the specified path
Private key:/etc/pki/ca/private/cakey.pem
Public key:/etc/pki/ca/cacert.pem
Create two private CAs required configuration files under/etc/pki/ca
echo > Serial
Touch Index.txt
650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M00/9F/64/wKioL1mcAaSzsB62AAA0ncXptZY732.jpg-wh_500x0-wm_ 3-wmp_4-s_3089699713.jpg "title=" qq20170822180351.jpg "alt=" Wkiol1mcaaszsb62aaa0ncxptzy732.jpg-wh_50 "/>
650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M00/9F/64/wKioL1mcAi2gSDUHAABov5VOHUo312.jpg-wh_500x0-wm_ 3-wmp_4-s_2430241693.jpg "title=" qq20170822180558.jpg "alt=" Wkiol1mcai2gsduhaabov5vohuo312.jpg-wh_50 "/>
To send the generated client certificate to the client using SCP
650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M01/9F/64/wKioL1mcAorBmyGzAAAtNbZcSI8284.jpg-wh_500x0-wm_ 3-wmp_4-s_1335798757.jpg "title=" qq20170822180750.jpg "alt=" Wkiol1mcaorbmygzaaatnbzcsi8284.jpg-wh_50 "/>
Client:
650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M02/05/B9/wKiom1mqk7eRmPXCAAAbScc_-qQ363.jpg-wh_500x0-wm_ 3-wmp_4-s_2803277552.jpg "title=" qq20170902191832.jpg "alt=" Wkiom1mqk7ermpxcaaabscc_-qq363.jpg-wh_50 "/>
Place the public key of the server-side private CA everywhere under local windows and import it into the certificate file in the browser
such as: Google
650) this.width=650; "Src=" https://s5.51cto.com/wyfs02/M01/A4/6A/wKioL1mqlD6DPx01AADZ8-BkoX8201.jpg-wh_500x0-wm_ 3-wmp_4-s_595276395.jpg "title=" qq20170902192125.jpg "alt=" Wkiol1mqld6dpx01aadz8-bkox8201.jpg-wh_50 "/>
Client under/etc/httpd/conf.d/ssl.conf
650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M01/05/B9/wKiom1mqlKOzT5LnAABeTe7d0EM982.jpg-wh_500x0-wm_ 3-wmp_4-s_2855975810.jpg "title=" qq20170902192243.jpg "alt=" Wkiom1mqlkozt5lnaabete7d0em982.jpg-wh_50 "/>
Set the client's private key and the certificate storage path after authentication, respectively, with the instruction Sslcertificatekeyfile and
Sslcertificatefile;
HTTPS Settings results:
650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M00/A4/6A/wKioL1mqlYfyUWx6AAAlUu_scGA911.jpg-wh_500x0-wm_ 3-wmp_4-s_618176730.jpg "title=" qq20170902192650.jpg "alt=" Wkiol1mqlyfyuwx6aaaluu_scga911.jpg-wh_50 "/>
Using CentOS7.0 to establish HTTPD services, the main functions are:
① set up two virtual host www1,www2, with a separate error log and access log;
② can view status information through WWW1 's server-status, but only link users can access it;
③WWW2 set access scope, allow other hosts to access, but do not allow 192.168.1.0/24IP address access;
④ provides HTTPS service for WWW2;
Create a slice profile vhosts-www1.conf and vhosts-www2.conf under Centos7/etc/httpd/conf.d
Vhosts-www1.conf:
650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M00/9F/66/wKioL1mcHzPDQZZ6AABRdG1qdBg611.jpg-wh_500x0-wm_ 3-wmp_4-s_417812908.jpg "title=" qq20170822201010.jpg "alt=" Wkiol1mchzpdqzz6aabrdg1qdbg611.jpg-wh_50 "/>
CentOS7 's httpd is version 2.4, this version of the tablet configuration file is roughly the same, the difference is that CentOS6.7 for the scope of access if not specified by default is all, and CentOS7 for the scope of access is not specified by default is not, so that all the IP can not access the page;
Require all granted: All IP can be accessed;
Require all denied: None of the IP can be accessed;
Setting the server state access rights is the same as CentOS6;
Create the root directory and include the Web file in the root directory;
650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M00/9F/66/wKioL1mcImqAbix7AAANR2C5v9s006.jpg-wh_500x0-wm_ 3-wmp_4-s_63973399.jpg "title=" qq20170822201819.jpg "alt=" Wkiol1mcimqabix7aaanr2c5v9s006.jpg-wh_50 "/>
Create the error log and access the log directory:
650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M02/00/B6/wKiom1mcIqvhJ6GzAAATsGhJ5QM663.jpg-wh_500x0-wm_ 3-wmp_4-s_2724604214.jpg "title=" qq20170822202453.jpg "alt=" Wkiom1mciqvhj6gzaaatsghj5qm663.jpg-wh_50 "/>
To overload the httpd configuration file:
Systemctl Reload Httpd.service
WWW1 Running results:
Home
650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M01/9F/66/wKioL1mcIvyhSyE8AAARujeLljg168.jpg-wh_500x0-wm_ 3-wmp_4-s_4136131979.jpg "title=" qq20170822202621.jpg "alt=" Wkiol1mcivyhsye8aaarujelljg168.jpg-wh_50 "/>
Server-status
650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M00/00/B6/wKiom1mcI3nwd6_PAABAF5H0jsA421.jpg-wh_500x0-wm_ 3-wmp_4-s_3661478244.jpg "title=" qq20170822202819.jpg "alt=" Wkiom1mci3nwd6_paabaf5h0jsa421.jpg-wh_50 "/>
650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M01/00/B6/wKiom1mcI6TDzXZvAACVgIKDOkQ282.jpg-wh_500x0-wm_ 3-wmp_4-s_3616857874.jpg "title=" qq20170822202856.jpg "alt=" Wkiom1mci6tdzxzvaacvgikdokq282.jpg-wh_50 "/>
Vhosts-www2.conf:
650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M01/9F/67/wKioL1mcKzbg49pgAABDovXxlRI092.jpg-wh_500x0-wm_ 3-wmp_4-s_1318430604.jpg "title=" qq20170822210129.jpg "alt=" Wkiol1mckzbg49pgaabdovxxlri092.jpg-wh_50 "/>
At the same time control the host access and rejection, you need to place it in <RequireAll></RequireAll> settings;
To create the root directory and the log directory:
650) this.width=650; "Src=" https://s5.51cto.com/wyfs02/M00/9F/67/wKioL1mcK77hNS4aAAAj1fz0L_0644.jpg-wh_500x0-wm_ 3-wmp_4-s_2424540888.jpg "title=" qq20170822210347.jpg "alt=" Wkiol1mck77hns4aaaaj1fz0l_0644.jpg-wh_50 "/>
HTTPD-T Verify that the syntax is correct:
650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M02/9F/67/wKioL1mcK--TVbnpAAAw8csHoYU624.jpg-wh_500x0-wm_ 3-wmp_4-s_963855226.jpg "title=" qq20170822210434.jpg "alt=" Wkiol1mck--tvbnpaaaw8cshoyu624.jpg-wh_50 "/>
To overload the httpd configuration file:
Systemctl Reload Httpd.service
WWW2 Running results:
650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M00/9F/67/wKioL1mcLILw17hLAAAVd2VDQog506.jpg-wh_500x0-wm_ 3-wmp_4-s_2208068327.jpg "title=" qq20170822210658.jpg "alt=" Wkiol1mclilw17hlaaavd2vdqog506.jpg-wh_50 "/>
WWW2 Set https:
To create a private CA:
650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M00/A4/6B/wKioL1mqr9Txg2gRAABneJol_sQ577.jpg-wh_500x0-wm_ 3-wmp_4-s_1518612829.jpg "title=" qq20170902211855.jpg "alt=" Wkiol1mqr9txg2graabnejol_sq577.jpg-wh_50 "/>
650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M02/05/BA/wKiom1mqsBLALoyxAABzI-IRgnc206.jpg-wh_500x0-wm_ 3-wmp_4-s_1650353923.jpg "title=" qq20170902211942.jpg "alt=" Wkiom1mqsblaloyxaabzi-irgnc206.jpg-wh_50 "/>
Client Configuration:
Yum Install httpd
Yum Install Mod_ssl
Vim/etc/httpd/conf.d/ssl.conf
650) this.width=650; "Src=" https://s5.51cto.com/wyfs02/M01/A4/6B/wKioL1mqsGaiIbjVAAA6uXZi-TQ347.jpg-wh_500x0-wm_ 3-wmp_4-s_3541616132.jpg "title=" qq20170902212135.jpg "alt=" Wkiol1mqsgaiibjvaaa6uxzi-tq347.jpg-wh_50 "/>
Mkdir-p/MYWEB/VHOSTS/WWW2
Create a index.html file under this directory;
Configure the client's private key and generate a certificate request file
650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M01/A4/6B/wKioL1mqsO2Sx9Q6AABVjSk02vs086.jpg-wh_500x0-wm_ 3-wmp_4-s_442877557.jpg "title=" qq20170902212349.jpg "alt=" Wkiol1mqso2sx9q6aabvjsk02vs086.jpg-wh_50 "/>
650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M02/05/BA/wKiom1mqsTvDH59LAABip6AYCSg109.jpg-wh_500x0-wm_ 3-wmp_4-s_3424475599.jpg "title=" qq20170902212435.jpg "alt=" Wkiom1mqstvdh59laabip6aycsg109.jpg-wh_50 "/>
Send the HTTPD.CSR file to the server side to generate the certificate
650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M02/A4/6B/wKioL1mqsVTBFRxnAABDyuY6g5U863.jpg-wh_500x0-wm_ 3-wmp_4-s_3031184184.jpg "title=" qq20170902212532.jpg "alt=" Wkiol1mqsvtbfrxnaabdyuy6g5u863.jpg-wh_50 "/>
The certificate is sent to the client and the server-side CA public key is placed under windows and imported into the certificate of the browser to be accessed;
Client:
650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M02/05/BA/wKiom1mqscWDvmZJAAAUamSEx1s310.jpg-wh_500x0-wm_ 3-wmp_4-s_3369177735.jpg "title=" qq20170902212656.jpg "alt=" Wkiom1mqscwdvmzjaaauamsex1s310.jpg-wh_50 "/>
Browser:
650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M01/A4/6B/wKioL1mqscWxYOg1AAArG4FSn9I286.jpg-wh_500x0-wm_ 3-wmp_4-s_2784645692.jpg "title=" qq20170902212724.jpg "alt=" Wkiol1mqscwxyog1aaarg4fsn9i286.jpg-wh_50 "/>
HTTP main applications