Implementation of the HTTPS virtual host for CentOS 6 under Apache

Topic:
1, establish HTTPD server, request:
provides two name-based virtual hosts:
(a) www1.buybybuy.com, page file directory is/WEB/VHOSTS/WWW1, error log is/var/log/httpd/www1.err, access log is/var/log/httpd/www1.access;
(b) www2.buybybuy.com, page file directory is/WEB/VHOSTS/WWW2, error log is/var/log/httpd/www2.err, access log is/var/log/httpd/www2.access;
(c) Establish their own home page file index.html for two virtual hosts, respectively, with their corresponding hostname;
(d) Output of httpd work status information through Www1.buybybuy.com/server-status and only allow access to the account password (status:status);

2, for the above 2nd virtual host to provide HTTPS services, so that users can secure access to this web site through HTTPS;
(1) Require the use of certificate certification, the certificate requires the use of the country (CN), State (Beijing), Cities (Beijing) and Organizations (Quintin Ltd.);
(2) Set up Department for OPS, host name is www2.buybybuy.com, email is [email protected];

===============================================================================

Preparation environment and materials:
CentOS 62 Department (one can also)
Apache 2.2
Using the domain name buybybuy.com

1. Establishing a HTTPD server

Create the desired folder:
# Mkdir-p/web/vhosts/www{1,2}

(a), (b)

Because the server comes with httpd, there is no need to install
So directly edit the httpd configuration file: httpd.conf
# vim/etc/httpd/conf/httpd.conf

Comment out:
DocumentRoot

Uncomment:
#NameVirtualHost *:80

Modify:
ServerName localhost:80

Add the following virtual host configuration at the bottom
<virtualhost *:80>
ServerAdmin [email protected]
Documentroot/web/vhosts/www1
ServerName www1.buybybuy.com
Errorlog Logs/www1.err
Customlog Logs/www1.access combined
</VirtualHost>

<Directory/web/vhosts/www1>
Options Indexes FollowSymLinks
AllowOverride All
Order Allow,deny
Allow from all
</Directory>

<virtualhost *:80>
ServerAdmin [email protected]
Documentroot/web/vhosts/www2
ServerName www2.buybybuy.com
Errorlog Logs/www2.err
Customlog Logs/www2.access combined
</VirtualHost>

<Directory/web/vhosts/www2>
Options Indexes FollowSymLinks
AllowOverride All
Order Allow,deny
Allow from all
</Directory>

When configured, it is discovered.
Apache 403 error, (Permission) denied:access to/denied problem
Checked for a lap httpd.conf and directory permissions, no problems were found.
The discovery was caused by the system initiating selinux.

Temporarily close SELinux
Setenforce 0

Permanently closed
Vim/etc/selinux/config
Modify
Selinux=enforcing
Change into
Selinux=disabled

(c)

New index.html in WWW1 and WWW2, respectively, www1.buybybuy.com and www2.buybybuy.com
# vim/web/vhosts/www1/index.html
# vim/web/vhosts/www2/index.html

(d)

Create an Access account and follow the instructions
# htpasswd-c/ETC/HTTPD/CONF.D/.HTPASSWD WebAdmin

Modify Httpd.conf, join
<Location/server-status>
AuthType Basic
AuthName "Administrator privateeee"
AuthUserFile "/ETC/HTTPD/CONF.D/.HTPASSWD"
Require user "WebAdmin"
SetHandler Server-status
Order Deny,allow
Deny from all
Allow from 192.168.3.3
</Location>

2. Set the www2.buybybuy.com to HTTPS

You need to generate a self-signed certificate using OpenSSL to ensure that OpenSSL is installed.
# Httpd-m | grep SSL
If not, install the
# yum Install mod_ssl OpenSSL

Configure the CA service on the CentOS a server, and then issue the certificate to HTTPS for the current server (CentOS B).

CentOS A:

Initialize the CA service to create the required files (/etc/pki/ca/)
# Touch Index.txt CREATE index file
# echo > Serial Create serial Number file

CA self-signed certificate
Generate private key
# (Umask 077; OpenSSL Genrsa-out/etc/pki/ca/private/cakey.pem 2048)
Generate a signing certificate with the private key
# OpenSSL Req-new-x509-key/etc/pki/ca/private/cakey.pem-days 7300-out/etc/pki/ca/cacert.pem

CentOS B:

# Mkdir/etc/httpd/ssl
# Cd/etc/httpd/ssl
Generate secret Key
# (Umask 007;openssl genrsa-out httpd.key 1024)
Generate Request File
# OpenSSL Req-new-key httpd.key-out HTTPD.CSR

Country Name (2 letter code) [XX]:CN
State or province name (full name) []:beijing
Locality Name (eg, city) [Default city]:beijing
Organization Name (eg, company) [Default company Ltd]:quintin LTD
Organizational Unit Name (eg, section) []:ops
Common name (eg, your name or your server ' s hostname) []:www2.buybybuy.com
Email Address []:[email protected]

Send the generated file to the CA server CentOS A:
# SCP HTTPD.CSR [email protected]:/tmp/

Back to CentOS A:

Signed
# OpenSSL Ca-in/tmp/httpd.csr-out/etc/pki/ca/certs/www2.buybybuy.com.crt-days 365
Return the generated CRT to CentOS B
# SCP/ETC/PKI/CA/CERTS/WWW2.BUYBYBUY.COM.CRT [Email protected]:/etc/httpd/ssl/

Back to CentOS B:

Configure the SSL configuration for HTTPD (ssl.conf):

# cd/etc/httpd/conf.d/
Backup
# CP Ssl.conf{,.bak}

Edit ssl.conf

Modify
<virtualhost _default_:443>
For
<virtualhost *:443>

DocumentRoot "/WEB/VHOSTS/WWW2"
ServerName www2.buybybuy.com

Certificate Location
Sslcertificatefile/etc/pki/tls/certs/localhost.crt
=
Sslcertificatefile/etc/httpd/ssl/www2.buybybuy.com.crt

Private key Location
Sslcertificatekeyfile/etc/pki/tls/private/localhost.key
=
Sslcertificatekeyfile/etc/httpd/ssl/httpd.key

Check configuration file syntax error after configuration:
# httpd-t

Restart httpd:
# Service httpd Restart

To see if port 443 is turned on:
Ss-tnl

Use S_client to test on CentOS a:
# OpenSSL S_client-connect 192.168.3.60:443-cafile/etc/pki/ca/cacert.pem

get/http/1.1
Host:www2.buybybuy.com

http/1.1 OK
date:wed, Oct 11:20:16 GMT
server:apache/2.2.15 (CentOS)
Last-modified:fri, Sep 13:33:02 GMT
ETag: "bf4e8-21-53db9a230598a"
Accept-ranges:bytes
Content-length:33
Connection:close
content-type:text/html; Charset=utf-8

Www2.buybybuy.com</br>
welcome!

Test success!

To go to the browser access format:
Https://www2.buybybuy.com

Implementation of the HTTPS virtual host for CentOS 6 under Apache