httpd.2.4 Virtual Host Configuration test

Test target:

Three virtual hosts, as required

Vhost1:phpmyadmin, while providing HTTPS services;

Vhost2:wordpress

Configuration process:

First, configure the Vhost1

1, first configure the Vhost1, first build a private CA

Build a private CA on 172.16.20.242: (1)   Create private key, public key does not need to be processed [[Email protected] ~]# cd /etc/pki/ca/[[email  protected] CA]#  (umask 077;openssl genrsa -out private/cakey.pem 2048 )  generating rsa private key, 2048 bit long modulus.....+++.......+++e  is 65537  (0x10001) (2)   generate self-visa, fill in the relevant certificate information [[email protected] ca]#  (umask  077;openssl genrsa -out private/cakey.pem 2048) Generating rsa private key,  2048 bit long modulus.....+++.......+++e is 65537  (0x10001) [[email  Protected] ca]# openssl req -new -x509 -key private/cakey.pem -out  cacert.pem -days 3655you are about to be asked to enter  information that will be incorporatedinto your certificate request. what you are  about to enter is what is called a distinguished name or  a dn. there are quite a few fields but you can leave some  blankfor some fields there will be a default value,if you  enter  '. ',  the field will be left blank.-----country name  (2  letter code)  [XX]:CNState or Province Name  (full name)  []: hubeilocality name  (eg, city)  [Default City]:HubeiOrganization Name  (eg,  company)  [Default Company Ltd]:Gump LtdOrganizational Unit Name  (eg,  section)  []:Ops   Common Name  (eg, your name or your  server ' S hostname)  []:ca.gump.comemail address []:[email protected][[email  protected] ca]# //  Note that the certificate format must be created for the PEM format (3) To sign the certificate environment [[email protected] ca]# touch /etc/pki/ca/ index.txt[[email protected] ca]# touch /etc/pki/ca/serial[[email protected] ca]#  echo 01 > /etc/pki/ca/serial

2, generate a certificate request on the web host, and send a certificate request to the CA host

Generate a certificate request in 172.16.20.244: (1) generate the key and save it to the profile directory of the service where this certificate is applied [[email protected] ~]#  mkdir /etc/ httpd/ssl[[email protected] ~]#  cd /etc/httpd/ssl[[email protected] ssl]#   (umask 077;openssl genrsa -out httpd.key 2048) generating rsa private  key, 2048 bit long modulus..........+++ ....................................................................+++e is 65537  (0x10001) [[ Email protected] ssl]# lshttpd.key (2)   Generate certificate signing request, fill in the relevant information needs to be noted, in addition to the host address and email address, other needs to be consistent [[email  protected] ssl]# openssl req -new -key httpd.key -out  Httpd.csryou are about to be asked to enter information that  will be incorporatedinto your certificate request. What you are about to enter is what is called a distInguished name or a dn. there are quite a few fields but you can leave some  blankfor some fields there will be a default value,if you  enter  '. ',  the field will be left blank.-----country name  (2  letter code)  [XX]:CNState or Province Name  (full name)  []: hubeilocality name  (eg, city)  [Default City]:HubeiOrganization Name  (eg,  company)  [Default Company Ltd]:Gump LtdOrganizational Unit Name  (eg,  section)  []:OpsCommon Name  (Eg, your name or your server ' s  hostname)  []:web.gump.comemail address []:[email protected]please enter the  following  ' Extra '  attributesto be sent with your certificate&Nbsp;requesta challenge password []:an optional company name []:[[email  protected] ssl]# lshttpd.csr  httpd.key[[email protected] ssl]# scp  httpd.csr [email protected]:/tmp/[email protected] ' s password: httpd.csr                                                              100% 1050     1.0KB/s   00:00     [[email protected] ssl]#

3, signing a certificate request, sending a certificate request back to the web host

(1) signing a certificate request [[email protected] ca]# openssl ca -in /tmp/httpd.csr -out / Tmp/web.gump.com.crt -days 365using configuration from /etc/pki/tls/openssl.cnfcheck  that the request matches the signaturesignature okcertificate details :        serial number: 1  (0x1)          validity            not  Before: Aug 23 10:55:56 2017 GMT             Not After : Aug 23 10:55:56 2018 GMT         Subject:             countryName                = cn            stateorprovincename        = Hubei             organizationname          = gump ltd             organizationalunitname    =  Ops            commonName                 = web.gump.com             emailAddress               = [email protected]         X509v3 extensions:             x509v3 basic constraintS:                 CA: false            netscape comment:                  OpenSSL  generated certificate            x509v3  subject key identifier:                  7A:D2:B5:60:3D:13:27:33:C4:F5:02:DC:AC:44:BB:0F:F9:32:00:71             X509v3 Authority Key Identifier:                  keyid:5a:9a :54:2f:9c:91:3e:d6:be:cc:22:68:50:c6:83:eb:23:ad:ac:afcertificate is to be certified  Until aug 23 10:55:56 2018 gmt  (365 days) sign the certificate? [y/n]:y1 out of  1 certificate requests certified, commit? [y/n]ywrite out database  with 1 new entriesData Base Updated[[email protected] CA]#  (2) Pass the certificate back to the requestor [[email protected] ca]# scp /tmp/web.gump.com.crt [email protected]:/ etc/httpd/sslthe authenticity of host  ' 172.16.20.244  (172.16.20.244) '  can ' t  be established. rsa key fingerprint is 5a:10:33:a2:bf:5b:06:82:25:01:fb:c2:74:93:34:95.are you  sure you want to continue connecting  (yes/no)?  yeswarning: permanently  added  ' 172.16.20.244 '   (RSA)  to the list of known hosts. [email protected] ' s password: web.gump.com.crt                                                      100% 4595     4.5KB/s   00:00     [[email protected] ca]#

4, configuring HTTPD support using SSL

(1) To see if the Mod_ssl module is installed on the current web host, if it is not installed, you must first install the Mod_ssl module (2) To configure the SSL configuration file [[email protected] ssl]# vim  /etc/httpd/conf.d/ssl.conf Modify the following options:<virtuahost 172.16.20.244:443>//  because SSL sessions are based on IP addresses, if there are multiple IP addresses, You need to specify the address, if there is only one address, there is no need to modify, keep "*";documentroot  "/www/htdocs"//  This directory is the central directory of the virtual host vhost1, that is, the Web page file storage location servername  web.gump.com:443//  current hostname errorlog /logs/pma_error_log//  error log storage location Transferlog logs/pma_ access_log//  Access log storage directory sslcertificatefile /etc/httpd/ssl/web.gump.com.crt//  Server certificate store directory sslcertificatekeyfile /etc/httpd/ssl/httpd.key//  certificate private key Store directory (3) Configure phpMyAdmin Web page file [[email  protected]  ~]#    mkdir -pv /www/htdocs/vhosts{1,2,3}[[email  protected] ~]#  unzip phpmyadmin-4.0.10.20-all-languages.zip[[email protected] ~ ]#  cp phpmyadmin-4.0.10.20-all-languages /www/htdocs/vhosts1/[[email protected]   ~]#    ln&nbsP;-SV&NBSP;PHPMYADMIN-4.0.10.20-ALL-LANGUAGES&NBSP;PMA (4) Configure httpd.conf[[email protected] conf]#  vim httpd.confservername localhost:80documentroot  "/www/htdocs" <Directory  "/www/htdocs" > // Directory  Specify the directory to be consistent with DocumentRoot (5) Configure the virtual host profile [[email protected] ~]#   vim /etc/httpd/conf.d/httpd-vhost1.conf<VirtualHost 172.16.20.244:80>   serveradmin web.gump.com  documentroot  "/www/htdocs"   <Directory  "/www/ HTDOCS/VHOSTS1/PMA ">    Options None    AllowOverride  none    require all granted  </directory></virtualhost>[[ Email protected] ~]#   systemctl reload httpd.service

View Configuration Effects

Second, configure the virtual host 2

1. Configure the configuration file for virtual host 2 [[email protected] ~]#   vim /etc/httpd/conf.d/httpd-vhost2.conf <virtualhost 172.16.20.245:80>  serveradmin web2.gump.com  documentroot   "/www/htdocs"   <Directory  "/www/htdocs/vhosts2" >    options  none    allowoverride none    require all granted &NBSP;&NBSP;&LT;/DIRECTORY&GT;&LT;/VIRTUALHOST&GT;2, configuring IP addresses for virtual host 2 because it is a virtual machine, there is no multi-net card to add addresses with IP commands to achieve multiple IP effects [[email  Protected] ~]#   ip addr add 172.16.20.245/24 dev ens33[[email  protected] ~]#   ip addr show dev ens33[[email protected]  ~]# ip add show dev ens332: ens33: <broadcast,multicast,up,lower_ up> mtu 1500 qdisc pfifo_fast state up qlen 1000     link/ether 00:0c:29:44:e2:e3 brd ff:ff:ff:ff:ff:ff    inet 172.16.20.244/24 brd  172.16.20.255 scope global ens33       valid_lft  forever preferred_lft forever    inet 172.16.20.245/24 scope  global secondary ens33       valid_lft forever  PREFERRED_LFT&NBSP;FOREVER&NBSP;&NBSP;&NBSP;&NBSP;INET6&NBSP;FE80::d 846:2237:6188:97fe/64 scope link  tentative dadfailed        valid_lft forever  Preferred_lft forever    inet6 fe80::a0de:8503:69c8:5595/64 scope link  tentative dadfailed        valid_lft forever  Preferred_lft forever    inet6 fe80::9a1a:88f0:c9cf:41bd/64 scope link  tentative dadfailed &nbSp;      valid_lft forever preferred_lft forever3, configuring Web page files for virtual host 2 [[ email protected] ~]#  unzip wordpress-4.7.4-zh_ch.zip[[email protected] ~]# &NBSP;&NBSP;CP&NBSP;WORDPRESS&NBSP;/WWW/HTDOCS/VHOSTS2/4, configuring the WordPress configuration file for virtual host 2 [[email protected] ~] # mysqlmariadb [(None)]> create database mydb1; mariadb [(none)]> exit//  connection WordPress must be configured with the correct database and user name password, so you need to implement a database creation [[email protected]  ~]#   cd /www/htdocs/vhost2/wordpress[[email protected] ~]#    cp wp-config-sample.php wp-config.php[[email protected] ~]#   vim  wp-config.phpdefine (' db_name ', ' mydb1 ');  //  database for pre-created mydb1define (' Db_user ', ' root ');    //  User name Rootdefine (' Db_password ', ');    // root password default is empty

5. View Configuration Effects

Write the more scribbled, if there are missing errors and controversies, welcome everyone's criticism and discussion, thank you.

httpd.2.4 Virtual Host Configuration test