httpd-2.2 and httpd-2.4 versions enable the ability to manage file and user rights and the https of Web pages

Source: Internet
Author: User

Implemented using httpd-2.2 and httpd-2.4, respectively

1. Establish httpd service, request:

1) provide two name-based virtual host WWW1, WWW2; there are separate error logs and access logs;

2) Provide status information through WWW1 's/server-status, and only allow link user access;

3) WWW2 does not allow access to any host in the 192.168.1.0/24 network;

2. Provide HTTPS services for the 2nd virtual host above;


First install the httpd-2.2 version of the CentOS6.7 in the

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M00/05/A0/wKiom1mor2ahBUlGAAAITzFEBxI371.png "title=" 1.png "alt=" Wkiom1mor2ahbulgaaaitzfebxi371.png "/>

Install the httpd-2.4 version in CentOS 7.2

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M00/05/A0/wKiom1mor5CTRIDiAAAH5-q5uGE075.png "title=" 2.png "alt=" Wkiom1mor5ctridiaaah5-q5uge075.png "/>


In order to avoid the unknown error due to the modification of the master configuration file, the configuration file of the virtual host can be placed in the/etc/httpd/conf.d/directory, so that the HTTPD service will load the configuration file of this directory during startup, and avoid unnecessary trouble.

Create the following directories before the virtual host configuration file:

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M01/A4/51/wKioL1mor52SJJKGAAAwUh8mEFo437.png "title=" 3.png "alt=" Wkiol1mor52sjjkgaaawuh8mefo437.png "/>

Create the virtualhost.conf file in the/etc/httpd/conf.d/directory and configure the following:

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M02/05/A0/wKiom1mor82AzDdSAAAwnVIJavw821.png "title=" 4.png "alt=" Wkiom1mor82azddsaaawnvijavw821.png "/>

Create a index.html home file under the root directory of each virtual host

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M02/05/A0/wKiom1mor-vA_M80AAATQVTO85g367.png "title=" 5.png "alt=" Wkiom1mor-va_m80aaatqvto85g367.png "/>

After the configuration is complete, verify that the configuration file has errors and is displayed correctly.

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M02/A4/51/wKioL1mor_LSt7-xAAAGAQOtkR8461.png "title=" 6.png "alt=" Wkiol1mor_lst7-xaaagaqotkr8461.png "/>

Restart the httpd server to ensure proper service

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M00/05/A0/wKiom1mosCGAQ0A5AACqU4iLRKQ706.png "title=" 7.png "alt=" Wkiom1moscgaq0a5aacqu4ilrkq706.png "/>

Modify the/etc/hosts file to add the following:

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M00/05/A0/wKiom1mosEOA56IZAAAQPYw0nIE028.png "title=" 8.png "alt=" Wkiom1moseoa56izaaaqpyw0nie028.png "/>

Verify that the server virtual host is configured correctly with the Curl command

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M00/A4/51/wKioL1mosETRMPUsAAANNAs-u_s223.png "title=" 9.png "alt=" Wkiol1mosetrmpusaaannas-u_s223.png "/>

Show Success! Let's see if the server has a log

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M02/05/A0/wKiom1mosHLBQ6MmAABt4Q1WgyA290.png "title=" 10. PNG "alt=" Wkiom1moshlbq6mmaabt4q1wgya290.png "/>

The server side generated the log, the first problem is completed, the following we are looking at the second question.

Provides status information through WWW1 's/server-status and allows only link users to access

Server-status/etc/httpd/conf/httpd.conf more than 900 lines in the main configuration file

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M00/05/A0/wKiom1mosJCBhZb7AAARz8wu7L4397.png "title=" 11. PNG "alt=" Wkiom1mosjcbhzb7aaarz8wu7l4397.png "/>

Copy this code into the created virtualhost.conf file.

This link user, is built with the tool inside the HTTPD program, only allowed to log on to the Web page, is dedicated to the virtual users of this service. This tool is the HTPASSWD command.

Our husband is a user called link, and by the way, create a user named qHD:

Link's account password is link

qHD's account password is QHD

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M02/05/A0/wKiom1mosKqg19TCAAApqsLsK94247.png "title=" 12. PNG "alt=" Wkiom1moskqg19tcaaapqslsk94247.png "/>

After creating a good account, the virtualhost.conf file is modified as follows:

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M00/A4/51/wKioL1mosKyB0tMYAABJtINL-lE792.png "title=" 13. PNG "alt=" Wkiol1moskyb0tmyaabjtinl-le792.png "/>

First verify that the main page of the WWW1 is normal

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M01/A4/51/wKioL1mosMTRCLJIAAAh54GbUPg577.png "title=" 14. PNG "alt=" Wkiol1mosmtrcljiaaah54gbupg577.png "/>

No problem, then verify the/server-status page

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M02/05/A0/wKiom1mosPSDIaRwAABs7T7DAh0781.png "title=" 15. PNG "alt=" Wkiom1mospsdiarwaabs7t7dah0781.png "/>

First Use QHD account verification, because the authentication does not allow QHD account access, so always prompt to log on this page, that is trying to link

The account verification is successful and the status page is displayed

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M00/A4/51/wKioL1mosPWyJK8-AAD643VuktQ668.png "title=" 16. PNG "alt=" Wkiol1mospwyjk8-aad643vuktq668.png "/>

Here is the third small question:

The problem is that the virtual host WWW2 does not allow any host access in the 192.168.1.0/24 network, and the configuration file needs to be modified:

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M01/05/A0/wKiom1mosSSRJ5ZAAABazKubPzg236.png "title=" 17. PNG "alt=" Wkiom1mosssrj5zaaabazkubpzg236.png "/>

Modify the WWW2 configuration parameters in the virtual host, and after the modification is complete, restart the httpd service

Log in to the 192.168.1.0 host and test it with the Curl command:

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M01/A4/51/wKioL1mosSiS_5jZAAAjVJkGYpE242.png "title=" 18. PNG "alt=" Wkiol1mossis_5jzaaajvjkgype242.png "/>

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M02/05/A0/wKiom1mosVLyeoeVAAAesICrXSs072.png "title=" 19. PNG "alt=" Wkiom1mosvlyeoevaaaesicrxss072.png "/>

To the virtual host www1.link.com, can access, but for www2.link.com, HTTP message head information, Response message Status code 403, prohibit the client access!

So, to this first problem is done, the following is the second question of operation.

To provide HTTPS services for virtual host www2.link.com, the httpd service needs to mount a mod_ssl module, which is not installed by default. Here's how to install:

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M02/A4/51/wKioL1mosVrguVo9AABVBT6BqO8589.png "title=" 20. PNG "alt=" Wkiol1mosvrguvo9aabvbt6bqo8589.png "/>

After the installation is complete, you can see that this module is already in the/ETC/HTTPD/CONF.D directory, generating a ssl.conf configuration file

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M01/A4/51/wKioL1mosXLz-MvnAAAXCcI_N-Y979.png "title=" 21. PNG "alt=" Wkiol1mosxlz-mvnaaaxcci_n-y979.png "/>

The following procedure is to build a private CA, and the server requests a certificate from the CA:

Create the necessary files and generate the CA agency private key:

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M02/A4/51/wKioL1mosYvCYLkNAAAu0VBtRds775.png "title=" 22. PNG "alt=" Wkiol1mosyvcylknaaau0vbtrds775.png "/>

Generate self-signed certificates

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M00/05/A0/wKiom1mosbjAMr8sAABe8ow-XfM550.png "title=" 23. PNG "alt=" Wkiom1mosbjamr8saabe8ow-xfm550.png "/>

To this private CA to build a basic completion, the following server began to request a certificate:

Create a private key file on the Web server side and generate a request certificate

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M02/05/A0/wKiom1mosdiRi8omAACTwjoqQ9M182.png "title=" 24. PNG "alt=" Wkiom1mosdiri8omaactwjoqq9m182.png "/>

Send a Web server-generated certificate to the CA server

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M01/A4/51/wKioL1mosd_gPvg6AAAXFh9GpcI624.png "title=" 25. PNG "alt=" Wkiol1mosd_gpvg6aaaxfh9gpci624.png "/>

CA Sign Certificate:

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M00/05/A0/wKiom1mosgvBt1zSAAAQvBPdOVI489.png "title=" 26. PNG "alt=" Wkiom1mosgvbt1zsaaaqvbpdovi489.png "/>

Send this certificate to another virtual host and modify the SSL configuration file/etc/httpd/conf.d/ssl.conf

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M00/A4/51/wKioL1mosg3jhRLiAAAJ017GYtw195.png "title=" 27. PNG "alt=" Wkiol1mosg3jhrliaaaj017gytw195.png "/>

The following items will be modified:

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M02/A4/51/wKioL1mosiTCTDH6AAATNKTUesY924.png "title=" 28. PNG "alt=" Wkiol1mositctdh6aaatnktuesy924.png "/>

Verify that the modified file has a syntax error and reload the configuration:

Test whether the HTTPS service of the virtual host WWW2 can be accessed normally

The certificate cannot be verified because the CA's certificate has not yet been imported into the browser

We can send the CA certificate to the test machine and test it with the CA certificate, as follows

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M01/05/A0/wKiom1moslLhf72tAAAJDhil1v8825.png "title=" 29. PNG "alt=" Wkiom1mosllhf72taaajdhil1v8825.png "/>

The certificate that displays the results for the virtual host WWW2 is validated and displayed.


This article is from the "12657170" blog, please be sure to keep this source http://12667170.blog.51cto.com/12657170/1961595

httpd-2.2 and httpd-2.4 versions enable the ability to manage file and user rights and the https of Web pages

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.