Blog jobs: Using httpd-2.2 and httpd-2.4 respectively
1, the establishment of HTTPD services, requirements:
(1) provide two name-based virtual host WWW1, WWW2; there are separate error logs and access logs;
(2) Provide status information through WWW1 's/server-status, and only allow Tom user access;
(3) WWW2 does not allow access to any host in the 192.168.0.0/24 network;
2, for the above 2nd virtual host to provide HTTPS services;
Prerequisite Preparation:
172.16.1.1 Test httpd-2.4, this is the CENTOS7 system.
172.16.1.2 Test httpd-2.2, this is the CENTOS6 system.
172.16.1.3 as a CA server, distributing certificates to two other hosts
Temporarily close SELinux and iptables
Generate private key CA server's own private key, ready to make a root certificate for itself
[Email protected] ~]# CD/ETC/PKI/CA [Email protected] ca]# (umask 077;openssl genrsa 2048 > Private/cakey.pem Cakey.pem's own private key for the CA service |
# #因为这里是建立私有CA, The same institution, state, province, organization, so in order to follow up to give yourself a visa convenience, here need to modify
[Email protected] ca]# VIM/ETC/PKI/TLS/OPENSSL.CNF Country Name_default = CN Stateorprovincename_default = Beijing Locatityname_default = Shangdi 0.organizationname_default = M19 organizationunitname = Jishu |
Generate a self-visa certificate (Root CA)
[email protected] ca]# OpenSSL req-new-x509/etc/pki/ca/private/cakey.pem-days 3650-out/etc/pki/ca/cacert.pem
Common name (eg, your name or your server ' s hostname) []:haizei.zou.com need to define its own hostname here, preferably with hostname or domain name that can be resolved |
Prepare the database for the CA server and other files
[[email protected] ca]# mkdir-p/etc/pki/ca/{certs,crl,newcerts} [[email protected] ca]# Touch/etc/pki/ca/{serial,index.txt} [Email protected] ca]# echo 001 >/etc/pki/ca/serial |
httpd2.2 base above (CENTOS6)
Generate your own private key and certificate file, and pass it to the root server for authentication
[Email protected] www2]# MKDIR/ETC/HTTPD/CONF/.SSH [Email protected] www2]# CD/ETC/HTTPD/CONF/.SSH [email protected]. ssh]# (umask 077;openssl genrsa 4096 > Http.key) [email protected]. ssh]# OpenSSL req-new-key http.key-out HTTPD.CSR |
Issue a certificate with the server and send the certificate back
[[Email protected]~]# OpenSSL ca-in/tmp/httpd.csr-out/etc/pki/ca/certs/httpd.crt-days 365 [Email protected]~]# scp/etc/pki/ca/certs/httpd.crt [email protected]:/etc/httpd/conf/.ssh |
Modify the Master profile to support FQDN-based host names
[[Email protected]~]# vim/etc/httpd/conf/httpd.conf Namevirtualhost 172.16.1.2:80 |
Configuring HTTPD to support SSL
~]# yum-y Install Mod_ssl |
Configuring settings for virtual Part host 2 processes
[Email protected] www2]# vim/etc/httpd/conf/ssl.conf <virtualhost _default_:443> ServerName www2.zou.com Documentroot/data/vhosts/www2 Errorlog Logs/ssl_www2-error_log LogLevel warn Transferlog Logs/ssl_www2_access_log Sslcertificatefile/etc/httpd/conf/.ssh/httpd.crt Sslcertificatekeyfile/etc/httpd/conf/.ssh/http.key </VirtualHost> <Directory/data/vhosts/www2> Options None AllowOverride None Order Deny,allow Deny from 192.168.0.0/24 </Directory> |
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/84/2E/wKiom1eHkjKBW3FLAAAhGm_kNgs923.png "style=" float: none; "title=" 07-14-005.png "alt=" Wkiom1ehkjkbw3flaaahgm_kngs923.png "/>
Configuring settings for Virtual Host 1
[Email protected] www2]# vim/etc/httpd/conf.d/www1.conf <virtualhost 172.16.1.2:80> ServerName www1.zou.com Documentroot/data/vhosts/www1 Errorlog Logs/www1-error_log LogLevel warn Customlog Logs/www1-access_log combined
<Directory/data/vhosts/www1> Options None AllowOverride None Order Allow,deny Allow from all </Directory> </VirtualHost> <Location/server-status> SetHandler Server-status Order Deny,allow Allow from all AuthType Basic AuthName "Server-stauts" Authbasicprovider file AuthUserFile "/ETC/HTTPD/CONF/.HTPASSWD" Require User Tom </Location> |
Preparing for Tom's user certification
[Email protected] www2]# htpasswd-c-m/etc/httpd/conf/.htpasswd Tom |
Restart Service
~]# Service httpd Restart
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/84/2D/wKioL1eHkjOD0bWFAABRtEOygQc980.png "title=" 07-14-006.png "style=" Float:none; "alt=" Wkiol1ehkjod0bwfaabrteoygqc980.png "/>
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/84/2E/wKiom1eHkjSQeq8TAAB0F52HCtM887.png "title=" 07-14-007.png "style=" Float:none; "alt=" Wkiom1ehkjsqeq8taab0f52hctm887.png "/>
httpd2.4 (on CENTOS7 version)
Generate your own private key and certificate file, and pass it to the root server for authentication
[Email protected] www2]# MKDIR/ETC/HTTPD/CONF/.SSH
[Email protected] www2]# CD/ETC/HTTPD/CONF/.SSH
[email protected]. ssh]# (umask 077;openssl genrsa 4096 > Http.key)
[email protected]. ssh]# OpenSSL req-new-key http.key-out HTTPD.CSR
Common name (eg, your name or your server ' s hostname) []:www2.zou.com
[email protected]. ssh]# SCP HTTPD.CSR [email protected]:/mnt
Issue a certificate with the server and send the certificate back
[email protected] ~]# OpenSSL CA-IN/MNT/HTTPD.CSR-OUT/ETC/PKI/CA/CERTS/HTTPD002.CRT
[Email protected] ~]# SCP/ETC/PKI/CA/CERTS/HTTPD002.CRT [email protected]:/etc/httpd/conf/.ssh
Go back to the Web server.
[Email protected] ~]# CD/ETC/HTTPD/CONF/.SSH;CP httpd002.crt httpd.crt
Installing an HTTP module that supports SSL
[email protected] ~]# Yum install mod_ssl-y
Configuring a virtual Host 1
[Email protected] ~]# vim/etc/httpd/conf.d/ssl.conf
<virtualhost _default_:443> ServerName www2.zou.com Documentroot/data/vhosts/www2 Errorlog Logs/ssl_www2-error_log LogLevel warn Transferlog Logs/ssl_www2_access_log Sslcertificatefile/etc/httpd/conf/.ssh/httpd.crt Sslcertificatekeyfile/etc/httpd/conf/.ssh/http.key </VirtualHost> <Directory/data/vhosts/www2> <RequireAll> Require all granted Require not IP 192.168.0.0/24 </RequireAll> </Directory> |
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/84/2E/wKiom1eHoBqwbpGXAAAlC-2jLz0463.png "style=" float: none; "title=" 07-14-009.png "alt=" Wkiom1ehobqwbpgxaaalc-2jlz0463.png "/>
Set up a WWW1 virtual host
[Email protected] ~]# vim/etc/httpd/conf.d/www1.conf <virtualhost 172.16.1.1:80> ServerName www1.zou.com Documentroot/data/vhosts/www1 Errorlog Logs/www1-error_log LogLevel warn Customlog Logs/www1-access_log combined
<Directory/data/vhosts/www1> <RequireAll> Require all granted </RequireAll> </Directory> </VirtualHost> <Location/server-status> SetHandler Server-status <RequireAll> Require all granted AuthType Basic AuthName "Server-stauts" Authbasicprovider file AuthUserFile "/ETC/HTTPD/CONF/.HTPASSWD" Require User Tom </RequireAll> </Location>
|
New Authentication Login User Tom
[Email protected] vhosts]# htpasswd-c-m/etc/httpd/conf/.htpasswd Tom
Reload Service
[email protected]. ssh]# Systemctl Reload httpd
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/84/2D/wKioL1eHoBqCrG3kAAB0g8rrUVI127.png "title=" 07-14-008.png "style=" Float:none; "alt=" Wkiol1ehobqcrg3kaab0g8rruvi127.png "/>
This article is from the "Arctic Linux" blog, be sure to keep this source http://941012521.blog.51cto.com/9253690/1826532
HTTPS Blog Jobs