<span id="Label3"></p><p><p><span style="font-family:‘黑体‘, SimHei;">Experimental requirements</span><br></p></p><p><p><span style="font-family:‘黑体‘, SimHei;font-size:14px;">(1) use httpd-2.2 to build httpd service;</span><br></p></p><p><p><span style="font-family:‘黑体‘, SimHei;font-size:14px;">(2) establish two fqdn-based virtual host www1,www2; separate error logs and access logs are required;</span></p></p><p><p><span style="font-family:‘黑体‘, SimHei;font-size:14px;">(3) provide status information through WWW1 's/server-status, and only allow the user Tom to access;</span></p></p><p><p><span style="font-family:‘黑体‘, SimHei;font-size:14px;">(4) WWW2 settings prohibit any host access in the 192.168.0.0/24 network;</span></p></p><p><p><span style="font-family:‘黑体‘, SimHei;font-size:14px;">(5) provide HTTPS service for WWW2 host;</span></p></p><p><p><span style="font-family:‘黑体‘, SimHei;font-size:14px;"><br></span></p></p><p><p><span style="font-family:‘黑体‘, SimHei;font-size:16px;">Experimental process</span></p></p><p><p><span style="font-family:‘黑体‘, SimHei;font-size:14px;">httpd-2.4 Environment</span></p></p><p><p><br></p></p><p><p><span style="font-family:‘黑体‘, SimHei;font-size:14px;">Preparatory work:</span></p></p><p><p><span style="font-family:‘黑体‘, SimHei;font-size:14px;">1. Ensure that the HTTPD service is properly installed.</span></p></p><pre class="brush:bash;toolbar:false"><pre class="brush:bash;toolbar:false"># Rpm-qa Httpdhttpd-2.2.15-45.el6.centos.x86_64</pre></pre><p><p><span style="font-family:‘黑体‘, SimHei;font-size:14px;">2. httpd-2.2 Basic Configuration file</span></p></p><p><p><span style="font-family:‘黑体‘, SimHei;font-size:14px;">/etc/httpd/conf/httpd.conf: Master configuration file</span></p></p><p><p><span style="font-family:‘黑体‘, SimHei;font-size:14px;">/etc/httpd/conf.d/*.conf</span></p></p><p><p><span style="font-family:‘黑体‘, SimHei;font-size:14px;">Logs: log File</span></p></p><p><p><span style="font-family:‘黑体‘, SimHei;font-size:14px;">Modules: Module file</span></p></p><p><p><span style="font-family:‘黑体‘, SimHei;font-size:14px;">3, CentOS 6.7 system, IP address is 172.16.252.55</span></p></p><p><p><span style="font-family:‘黑体‘, SimHei;"><span style="font-size:14px;">4. Prepare a server to create a private CA and sign the CA for the virtual host</span></span></p></p><p><p><br></p></p><p><p><span style="font-family:‘黑体‘, SimHei;font-size:14px;">Experimental process:</span></p></p><p><p><span style="font-family:‘黑体‘, SimHei;font-size:14px;">1. Create a virtual host WWW1,WWW2</span></p></p><p><p><span style="font-family:‘黑体‘, SimHei;font-size:14px;">First edit the master profile/etc/httpd/conf/httpd.conf, enable Namevirtualhost<br></span></p></p><pre class="brush:bash;toolbar:false"><pre class="brush:bash;toolbar:false"># vim/etc/httpd/conf/httpd.conf Namevirtualhost 172.16.252.55:80</pre></pre><p><p> <span style="font-family: ' blackbody ', simhei;font-size:14px;"> </span> </p></p><pre class="brush:bash;toolbar:false"># vim www1.conf<virtualhost 172.16.252.55:80> ServerName www1.magedu.com documentroot /data/vhosts/www1 #指定DocumentRoot customlog logs/ www1-access_log combined #访问日志 ErrorLog logs/www1-error_log #错误日志 </VirtualHost># vim www2.conf<virtualhost 172.16.252.55:80> servername www2.magedu.com DocumentRoot /data/vhosts/www2 Customlog logs/www2-access_log combined errorlog logs/ Www2-error_log</virtualhost></pre><p><p><span style="font-family:‘黑体‘, SimHei;font-size:14px;"><br>Create the DocumentRoot directory for www1,www2, and create the Index.html test page in the directory, respectively.</span></p></p><pre class="brush:bash;toolbar:false"><pre class="brush:bash;toolbar:false"># mkdir-p/data/vhosts/www{1,2}www1]# Echo "www1.magedu.com" >> index.htmlwww2]# echo "www2.magedu.com" >> I Ndex.html</pre></pre><p><p><span style="font-family:‘黑体‘, SimHei;font-size:14px;">Use the HTTPD-T command to check that the configuration file is formatted correctly, and then start the httpd service</span></p></p><pre class="brush:bash;toolbar:false"><pre class="brush:bash;toolbar:false"># httpd-tsyntax ok# Service httpd start</pre></pre><p><p><br></p></p><p><p><span style="font-size:14px;font-family:‘黑体‘, SimHei;">Each access to the Www1.magedu.com,www2.magedu.com test virtual host is Successful.</span></p></p><pre class="brush:bash;toolbar:false"><pre class="brush:bash;toolbar:false"># Curl www1.magedu.comwww1.magedu.com# Curl www2.magedu.comwww2.magedu.com</pre></pre><p><p><span style="font-size:14px;font-family:‘黑体‘, SimHei;">2, configuration Www1/server-status provide status information, and to allow Tom access;</span></p></p><p><p><span style="font-size:14px;font-family:‘黑体‘, SimHei;">First check if the Status_module module is loaded</span></p></p><pre class="brush:bash;toolbar:false"><pre class="brush:bash;toolbar:false">#httpd-m |grep status_module status_module (shared) Syntax OK</pre></pre><p><p><span style="font-family:‘黑体‘, SimHei;font-size:14px;">Remark: LoadModule Status_module modules/mod_status.so/etc/httpd/conf/httpd.conf</span></p></p><p><p><span style="font-family:‘黑体‘, SimHei;font-size:14px;">After confirming that the Status_module module is loaded, add the following configuration to the Www1.conf:</span></p></p><pre class="brush:bash;toolbar:false"><VirtualHost 172.16.252.55:80> ServerName www1.magedu.com DocumentRoot /data/vhosts/www1 customlog logs/www1-access_log combined errorlog logs/www1-error_log <location / server-status> #server-status status information SetHandler server-status order allow,deny Allow from 172.16 # This status information allows only 172.16 network segment host Access </Location> <Directory "/data/vhosts/www1" > #用户认证, only Tom is allowed to visit Options None AllowOverride None AuthType Basic #认证类型 AuthName "auth for &NBSP;WWW1 " AuthUserFile "/ DATA/VHOSTS/WWW1/.HTPASSWD " #认证文件路径 Require user "tom" #指定可访问用户 </Directory> </VirtualHost></pre><p><p><br></p></p><p><p><span style="font-family:‘黑体‘, SimHei;font-size:14px;">Using HTPASSWD to generate user authentication files</span></p></p><pre class="brush:bash;toolbar:false"><pre class="brush:bash;toolbar:false"># HTPASSWD-C-M/DATA/VHOSTS/WWW1/.HTPASSWD Tom</pre></pre><p><p><span style="font-family:‘黑体‘, SimHei;font-size:14px;">After using HTTPD-T to check the configuration file correctly, reload httpd</span></p></p><pre class="brush:bash;toolbar:false"><pre class="brush:bash;toolbar:false"># service HTTPD Reload</pre></pre><p><p><span style="font-size:14px;font-family:‘黑体‘, SimHei;">Access Www1.magedu.com/server-status Test status information through the browser and whether the authenticated user is in effect</span></p></p><p><p>650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/84/2C/wKioL1eHYYDTYdhWAAD9Se0KvmI269.png-wh_500x0-wm_3 -wmp_4-s_2978751316.png "style=" float:none; "title=" auth. PNG "alt=" wkiol1ehyydtydhwaad9se0kvmi269.png-wh_50 "/></p></p><p><p>650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/84/2C/wKiom1eHYYDDIgcGAAE7LJoOdh8286.png-wh_500x0-wm_3 -wmp_4-s_6666679.png "style=" float:none; "title=" auth2. PNG "alt=" wkiom1ehyyddigcgaae7ljoodh8286.png-wh_50 "/></p></p><p><p><br></p></p><p><p><span style="font-size:14px;font-family:‘黑体‘, SimHei;">3, Configure the WWW2 virtual host profile www2.conf, to achieve the prohibition of 192.168.0.0/24 Network segment access</span></p></p><pre class="brush:bash;toolbar:false"><VirtualHost 172.16.252.55:80> ServerName www2.magedu.com DocumentRoot /data/vhosts/www2 customlog logs/www2-access_log combined errorlog logs/www2-error_log <directory / data/vhosts/www2> order deny,allow deny from 172.16.251.229 # allow from all </Directory> </VirtualHost></pre><p><p><span style="font-size:14px;font-family:‘黑体‘, SimHei;">After editing is complete, use httpd-t to check the reload httpd service without error</span></p></p><p><p><br></p></p><p><p><span style="font-size:14px;font-family:‘黑体‘, SimHei;">4. Provide HTTPS service for WWW2</span></p></p><p><p><span style="font-size:14px;font-family:‘黑体‘, SimHei;">Start by creating a private CA and issuing certificates to the server through a private ca, as Follows:</span></p></p><pre class="brush:bash;toolbar:false"><pre class="brush:bash;toolbar:false"># cd/etc/pki/ca/# Touch index.txt# echo "> serial" (umask 066;openssl genrsa-out Private/cakey.pem) generating RS A private key, 1024x768 bit long modulus............++++++............................................................++ ++++e is 65537 (0x10001) # OpenSSL req-new-x509-key private/cakey.pem-out Cacert.pem #自签</pre></pre><p><p><span style="font-size:14px;font-family:‘黑体‘, SimHei;">A private CA is created, a certificate signing request is created on the server where the WWW2 resides, and the CA server visa is passed above</span></p></p><pre class="brush:bash;toolbar:false"><pre class="brush:bash;toolbar:false"># mkdir/etc/httpd/ssl# (umask 066;openssl Genrsa-out/etc/httpd/ssl/httpd.key) generating RSA private key, 1024x768 bit long Modulus................++++++.++++++e is 65537 (0x10001) # OpenSSL REQ-NEW-KEY/ETC/HTTPD/SSL/HTTPD.KEY-OUT/ETC/HTTPD /SSL/HTTPD.CSR #创建证书签署请求 # SCP/ETC/HTTPD/SSL/HTTPD.CSR 172.16.251.229:/tmp/#将请求发往CA认证服务器进行签证</pre></pre><p><p><span style="font-family:‘黑体‘, SimHei;font-size:14px;">CA visa for the above request</span></p></p><pre class="brush:bash;toolbar:false"><pre class="brush:bash;toolbar:false"># OpenSSL ca-in/tmp/httpd.csr-out/etc/pki/ca/certs/httpd.crt# scp/etc/pki/ca/certs/httpd.crt 172.16.252.55:/etc/ httpd/ssl/</pre></pre><p><p><br></p></p><p><p><span style="font-family:‘黑体‘, SimHei;font-size:14px;">After a successful CA visa, configure HTTPD to support the use of ssl, and the certificate used</span></p></p><p><p><span style="font-family:‘黑体‘, SimHei;font-size:14px;">Installing the Mod_ssl module</span></p></p><pre class="brush:bash;toolbar:false"><pre class="brush:bash;toolbar:false"># yum-y Install Mod_ssl</pre></pre><p><p><span style="font-size:14px;font-family:‘黑体‘, SimHei;">Editing a configuration file/etc/httpd/conf.d/ssl.conf</span></p></p><p><p></p></p><p><p></p></p><pre class="brush:bash;toolbar:false"><pre class="brush:bash;toolbar:false">#DocumentRoot "/datdata/vhosts/www2"//specifies the DocumentRoot #ServerName www2.magedu.com:443 of the WWW2 virtual host #SSLCertificate FILE/ETC/HTTPD/SSL/HTTPD.CRT//CA certificate URL #SSLCertificateKeyFile/etc/httpd/ssl/httpd.key//private key file path</pre></pre><p><p><span style="font-size:14px;font-family:‘黑体‘, SimHei;">Restart HTTPD Service</span></p></p><p><p><br></p></p><p><p><span style="font-size:14px;font-family:‘黑体‘, SimHei;">5, test based on HTTPS access to the host, return OK is successful</span></p></p><pre class="brush:bash;toolbar:false"><pre class="brush:bash;toolbar:false"># OpenSSL S_client-connect 172.16.252.54:443-cafile/etc/pki/ca/cacert.pem Start time:1468637497 timeout:3 XX (sec) Verify return code:0 (ok)---</pre></pre><p><p><br></p></p><p><p>HTTPD Service Building of Web Foundation (i.)</p></p></span>
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
