[Iamaco der] Linux virtual host configuration ultimate
Linux virtual host configuration 1. Overview
A Virtual Host, also known as a Virtual server, Host space, or webpage space, is a network technology that allows multiple Host names to operate on a single server, in addition, each host name can be separated. A vm can run multiple websites or services. Virtual means that the space is extended by the physical server, and the hardware system can be based on the server group or a single server. The technology is used by Internet servers to save server hardware costs. The virtual host technology is mainly used in HTTP, FTP, EMAIL, and other services, the logic of one or all service content of a server is divided into multiple service segments, and multiple servers are displayed externally, so as to make full use of the server hardware resources. -- Explanation of virtual hosts in Wiki.
There are three methods to implement a VM: Name-based, IP-based, and Port-based ). The following describes the configuration and application scenarios of the virtual host based on apache configuration.
Note: The lab environment is CentOS release 6.3 (Final)
Ii. Practice 1. Explanation of the http configuration file
The default configuration file of httpd is/etc/httpd/conf/httpd. conf, which contains three parts:
[root@Slaver conf]# grep '\<Section\>' /etc/httpd/conf/httpd.conf -n33:### Section 1: Global Environment245:### Section 2: 'Main' server configuration977:### Section 3: Virtual Hosts[root@Slaver conf]#
1) Global Environment-Global configuration determines the Global parameters of the Apache server.
2) Main server configuration -- master service configuration, which is equivalent to Apache's default web site. If there is only one site on our server, you only need to configure it here.
3) Virtual Hosts-Virtual host. The Virtual host cannot coexist with the Main Server master Server. When the Virtual host is enabled, the Main Server cannot be used.
Configuration items related to the VM include: a) Listen: 80 specifies the listener port of apache, Which is set in the global configuration area; B) NameVirtualHost: *: 80 is set in the VM area.
2. Domain Name-based multi-site configuration
Application Scenario: Configure two sites on one host, with the domain names www.test01.com and www.test02.com respectively. The corresponding site file storage location is: /var/www/html/test01 and/var/www/html/test02.
Configurations related to this application are met:
A. modify the configuration in/etc/httpd/conf/httpd. conf.
I. Port listening is Enabled: Listen 80
Ii. Enable the VM configuration: NameVirtualHost *: 80 (remove the comment # above)
B. Add the site configuration file to/etc/httpd/conf. d /.
Note: to create a site configuration file under the/etc/httpd/conf. d directory, make sure that Include conf. d/*. conf is enabled. The content of the new configuration file is as follows:
Www. test01.conf
[root@Slaver conf.d]# cat www.test01.conf <VirtualHost *:80> DocumentRoot /var/www/html/test01 ServerName www.test01.com <Directory /var/www/html/test01> Options Indexes FollowSymLinks AllowOverride All Order Allow,Deny Allow from all </Directory></VirtualHost>[root@Slaver conf.d]#
Www. test02.conf
[root@Slaver conf.d]# cat www.test02.conf <VirtualHost *:80> DocumentRoot /var/www/html/test02 ServerName www.test02.com <Directory /var/www/html/test02> Options Indexes FollowSymLinks AllowOverride All Order Allow,Deny Allow from all </Directory></VirtualHost>[root@Slaver conf.d]#
Restart httpd: service httpd restart, and then access the domain name in the browser. Note: The machine accessed by this domain name must be able to be resolved. If it is not a public network domain name, you can configure the hosts of the Local Machine for resolution.
C. configuration item analysis
I. VirtualHost *: 80
Specify the IP address and port of the VM. *: 80 indicates that the VM responds to port 80 requests from all NICs of the host. Of course, you can also specify a specific IP address, for example, VirtualHost 192.168.17.131: 80, which will respond to the access request from 192.168.17.20.ip, at the same time in/etc/httpd/conf/httpd. the NameVirtualHost in conf must also be specified as 192.168.17.131 or *. Otherwise, the following error will be reported when httpd is started: Starting httpd: [Wed Feb 04 22:30:23 2015] [warn] NameVirtualHost 192.168.17.131: 80 has no VirtualHosts.
In simple terms, the settings of the NameVirtualHost must correspond one to one with the VirtualHost in the specific configuration file, or * to one (the NameVirtualHost is * and the other VirtualHost is the specific IP ).
Ii. Options Indexes FollowSymLinks
In Options, Indexes indicates that files in the directory are allowed to be indexed when the webpage does not exist; FollowSymLinks indicates whether to allow access to symbolic link files.
Iii. AllowOverride All
AllowOverride indicates whether the configuration is allowed to be overwritten. For example, AllowOverride None indicates that the access control file (. htaccess) in the Directory is not allowed to change the configuration here; AllowOverride All indicates that the access control file. htaccess is allowed to change the configuration here.
Iv. Order Allow, Deny
Order indicates the access control Order of the page. The following items are default options, such as Order Allow and Deny, which are Deny by default. Allow from all indicates that all users are allowed.
3. IP-based multi-site configuration
Applicable scenario: the web server has multiple NICs with multiple IP addresses. Assume there are two IP addresses, one of which is 192.168.17.128, which corresponds to the domain name www.test01.com and the other is 192.168.17.131, it corresponds to the domain name www.test02.com.
A. master server exists. 1) basic configuration
Remember to go to/etc/httpd/conf/httpd. among the three major configurations mentioned in conf, there is a master service configuration. Suppose 192.168.17.128 corresponds to the master server, and another IP192.168.17.131 is used to build two or more virtual hosts. The configuration is as follows:
Master server configuration on 192.168.17.128:
I. Listen to port 80: Listen 80
Ii. master server configuration area: ServerName www.test01.com
Iii. master server configuration area: DocumentRoot/var/www/html/test01
Configure multiple virtual hosts on 192.168.17.131:
Virtual Host Configuration: VirtualHost 192.168.17.131: 80
Add the configuration of www. test02.conf and www. test03.conf to/etc/httpd/conf. The configuration content is the same as that of "Domain Name-based multi-site configuration.
Access www.test01.com, www.test02.com, and www.test03.com in the web browser respectively, and their respective outputs are displayed.
Note: after the master server is set, all requests that are not directed at 192.168.17.131 will be servo by the master server. Requests that are submitted to 192.168.17.131 but have no Host name or Host: Header, will be www.test02.com servo (because it is in the configuration file, it is the top ).
2) test scenario
Two cases need to be tested:
1. Requests not for 192.168.17.131 will be servo by the master server
2. All requests submitted to 192.168.17.131 without a Host name or a Host: header will be servo for www.test02.com
Configure three networks for the web server, as shown in:
In the hosts file of the Local Machine, add the corresponding relationship between the following IP address and the domain name:
When you access www.test04.com, the page outputs "Welcome to access web site test01...", verifying that requests not for 192.168.17.131 will be servo by the master server.
Access http: // 192.168.17.131, and the page outputs "Welcome to access web site test02... ", verify that the request submitted to 192.168.17.131 but has no Host name or no Host: Header, will be www.test02.com servo.
B. The master server does not exist.
Application Scenario: assume that the web server has two IP addresses (192.168.17.128 and 172.20.30.40), which can be accessed both on the Intranet and on the Internet. The domain name www.test01.com points to the external address 172.20.30.40, the same internal domain name points to the internal address 192.168.17.128.
The server can be configured to provide the same content to internal and external requests. Only one VirtualHost configuration segment is required for this purpose. The server configuration is as follows:
Listen to port 80: Listen 80
Configure the VM: NameVirtualHost 192.168.17.128: 80
NameVirtualHost 172.20.30.40: 80
/Etc/httpd/conf. d/www. test01.conf configuration content:
[root@Slaver conf.d]# cat www.test01.conf <VirtualHost 192.168.17.128:80 172.20.30.40:80> DocumentRoot /var/www/html/test01 ServerName www.test01.com <Directory /var/www/html/test01> Options Indexes FollowSymLinks AllowOverride All Order Allow,Deny Allow from all </Directory></VirtualHost>[root@Slaver conf.d]#
Requests submitted from different networks will be servo by the same VirtualHost.
4. Port-based multi-site configuration
Application Scenario: enable multiple domain names to be Servo on different ports of the same IP address. For example, access site test01 via http://www.test01.com: 80 and access site test02 via http://www.test01.com: 8080. Configuration points: the same IP port is different; the same domain name has different root directories.
The specific configuration is as follows:
I. Configure http listening port 80 and port 8080: Listen: 80
Listen: 8080
Ii. Configure NameVirtualHost: NameVirtualHost 192.168.17.128: 80
NameVirtualHost 192.168.17.128: 8080
Iii. Configure/etc/httpd/conf. d/www. test01.conf as follows:
[root@Slaver conf.d]# cat www.test01.conf <VirtualHost 192.168.17.128:80> DocumentRoot /var/www/html/test01 ServerName www.test01.com <Directory /var/www/html/test01> Options Indexes FollowSymLinks AllowOverride All Order Allow,Deny Allow from all </Directory></VirtualHost><VirtualHost 192.168.17.128:8080> DocumentRoot /var/www/html/test02 ServerName www.test01.com <Directory /var/www/html/test02> Options Indexes FollowSymLinks AllowOverride All Order Allow,Deny Allow from all </Directory></VirtualHost>[root@Slaver conf.d]#
5. Only one CIDR block is allowed to access the site.
Use Cases: for a web site published to the Internet, the administrator of the background management Folder does not want users on the Internet to access the site. Only clients in the 192.168.20./ 24 network segment of the Intranet can access the site.
The configuration is as follows:
[root@Slaver conf.d]# cat www.test01.conf <VirtualHost 192.168.17.128:80> DocumentRoot /var/www/html/test01 ServerName www.test01.com ErrorLog /var/log/httpd/www.test01.err CustomLog /var/log/httpd/www.test01.access common <Directory /var/www/html/test01/administrator> Options Indexes FollowSymLinks AllowOverride All Order Allow,Deny Allow from 192.168.17.0/24 </Directory></VirtualHost>[root@Slaver conf.d]#
When an access request does not come in through this CIDR Block, the following error message is displayed:
6. Only Authenticated Users are allowed to access the site.
Use Cases: when accessing the background, users can provide user names and passwords for authentication. Only authenticated users can access the background.
The configuration file is as follows:
[root@Slaver conf.d]# cat www.test01.conf <VirtualHost 192.168.17.128:80> DocumentRoot /var/www/html/test01 ServerName www.test01.com ErrorLog /var/log/httpd/www.test01.err CustomLog /var/log/httpd/www.test01.access common <Directory /var/www/html/test01/administrator> Options Indexes FollowSymLinks AllowOverride AuthConfig AuthName "Please input username and password!" AuthType Basic AuthUserFile /etc/httpd/.htpasswd Require user houqd2012 houqd2015 Order Allow,Deny Allow from all </Directory></VirtualHost>[root@Slaver conf.d]#
The meaning of the configuration item is as follows:
AllowOverride AuthConfig # authentication mechanism
AuthName "Please input username and password !" # Prompt message displayed during authentication
AuthType Basic # User Authentication Type
AuthUserFile # account and password file of the user during authentication
Require user houqd2012 houqd2015 # Only houqd2012 and houqd2015 users can log on
The command to create a user name and password is as follows:
Htpasswd-cm/etc/httpd/. htpasswd houqd2012
Htpasswd-c/etc/httpd/. htpasswd houqd2015
-C indicates creating a new file, and-m indicates that the password is encrypted with MD5. After execution, the/etc/httpd/. htpasswd file is generated.
As follows:
Iii. Summary
During development, I encountered several VM configuration problems. I checked the problem temporarily each time and did not know about the system. I still couldn't solve the problem the next time, which wasted a lot of time, this sort of competition will be conducted in a centralized manner. We hope more friends will learn how to use virtual hosts to better serve our production environment.