Web service httpd-2.2 based on domain name virtual host

Web website Service:

Apache the famous open source Web Service software, maintenance operations by the ASF Free Software Fund

Official site: http://httpd.apache.org/

http://www.netcraft.com/ for various Web detailed statistics on the market share of the software

Lab Requirements:

1, the establishment of HTTPD services, requirements:
(1) Provide two name-based virtual host WWW1, WWW2; there are separate error logs and access logs
(2) Provide status information via WWW1 's/server-status and only allow Tom users to access
(3) WWW2 does not allow access to any host in the 192.168.0.0/24 network
2. Provide HTTPS service for the 2nd virtual host above

Lab Environment:

Web Server:centos 6.7x86_64 ip:172.16.251.164

Httpd-2.2.15-45.el6.centos.x86_64

Client: CentOS 7.2x86_64 ip:172.16.251.138

Experiment Preparation:

[[email protected] ~]# iptables–f//Turn off firewall

[[email protected] ~]# Setenforce 0//Turn off SELinux

Install httpd:

[Email protected] ~]# yum-y install httpd

[[email protected] ~]# RPM-QC httpd//View installation httpd generated configuration file

/etc/httpd/conf.d/welcome.conf

/etc/httpd/conf/httpd.conf

/etc/httpd/conf/magic

/etc/logrotate.d/httpd

/etc/sysconfig/htcacheclean

/etc/sysconfig/httpd

[[Email protected] ~]# service httpd start

[Email protected] ~]# SS–TNL

LISTEN 0 128::: 80

Master configuration file:

[Email protected] conf]# cp-p Httpd.confhttpd.conf.bak

[Email protected] httpd]# vim/etc/httpd/conf/httpd.conf

Namevirtualhost 172.16.251.164:80//Enable virtual host

To create a virtual host WWW1 configuration file:

[Email protected] ~]# vim/etc/httpd/conf.d/v1.conf

<virtualhost 172.16.251.164:80>

Documentroot/var/www/virt1

Servernamewww1.a.com

Errorlog Logs/www1-error_log
Customlog Logs/www1-access_log combined

<Location/server-status>

SetHandler Server-status

AuthType Basic

AuthName "Fortom"

AuthUserFile "/ETC/HTTPD/CONF/.HTPASSWD"

Require User Tom

</Location>

</VirtualHost>

To create a virtual host WWW2 configuration file:

[Email protected] ~]# vim/etc/httpd/conf.d/v2.conf

<virtualhost 172.16.251.164:80>

Documentroot/var/www/virt2

Servernamewww2.a.com

Errorlog Logs/www2-error_log
Customlog Logs/www2-access_log combined

<directory "/var/www/virt2" >

Options None

AllowOverride None

Order Deny,allow

Deny from 192.168.0.0/24

</Directory>

</VirtualHost>

To create a test site resource:

[[email protected] conf]# mkdir-pv/var/www/virt{1,2}

[Email protected] www]# echo "WWW1" >>/var/www/virt1/index.html

[Email protected] www]# echo "WWW2" >>/var/www/virt2/index.html

To create a Tom user file:

[Email protected] conf]# htpasswd-cm/etc/httpd/conf/.htpasswd Tom

[Email protected] conf]# httpd-t

Syntax OK

[Email protected] conf]# service httpd restart

Client testing:

[Email protected] ~]# cat/etc/hosts

172.16.251.164 www1.a.com www2.a.com

[Email protected] ~]# Curl http://www1.a.com

Www1

[Email protected] ~]# Curl http://www2.a.com

Www2

[Email protected] conf.d]# ll/var/log/httpd/

-rw-r--r--. 1 root root 11465 July 12:33 www1-access_log

-rw-r--r--. 1 root root 3517 July 12:33 www1-error_log

-rw-r--r--. 1 root root 2306 July 10:25 www2-access_log

-rw-r--r--. 1 root root 1142 July 10:17 Www2-error_log

[Email protected] ~]# links http://www1.a.com/server-status

650) this.width=650; "title=" spx3.jpg "style=" Float:none "src=" http://s5.51cto.com/wyfs02/M00/84/4F/ Wkiom1emklete08kaafmunfdprq831.jpg-wh_500x0-wm_3-wmp_4-s_3678655018.jpg "alt=" Wkiom1emklete08kaafmunfdprq831.jpg-wh_50 "/>

650) this.width=650; "title=" spx2.jpg "style=" Float:none "src=" http://s5.51cto.com/wyfs02/M01/84/4F/ Wkiol1emkljbyvjdaajuzwhwkrc998.jpg-wh_500x0-wm_3-wmp_4-s_1746693026.jpg "alt=" Wkiol1emkljbyvjdaajuzwhwkrc998.jpg-wh_50 "/>

Provide HTTPS services:

1. Establish a private CA

[[Email protected] ca]# (umask 077; OpenSSL genrsa-out Private/cakey.pem 2048)

[email protected] ca]# OpenSSL req-new-x509-keyprivate/cakey.pem-out Cacert.pem

Country Name (2 letter code) [XX]:CN
State or province name (full name) []:BJ
Locality Name (eg, city) [Default CITY]:BJ
Organization Name (eg, company) [Default company Ltd]:ym
Organizational Unit Name (eg, section) []:ops
Common name (eg, your name or your server ' s hostname) []:www2.a.com
Email Address []:[email protected]

[email protected] ca]# Touch index.txt

[Email protected] ca]# echo > serial

2. Certificate of application:

[Email protected] ca]# Mkdir-pv/etc/httpd/ssl

[[Email protected] ssl]# (umask 077; OpenSSL genrsa-out httpd.key 1024)

[email protected] ssl]# OpenSSL Req-new-key HTTPD.KEY-OUTHTTPD.CSR

Country Name (2 letter code) [XX]:CN
State or province name (full name) []:BJ
Locality Name (eg, city) [Default CITY]:BJ
Organization Name (eg, company) [Default company Ltd]:ym
Organizational Unit Name (eg, section) []:ops
Common name (eg, your name or your server ' s hostname) []:www2.a.com
Email Address []:[email protected]

[email protected] ssl]# CP httpd.csr/testdir/

3.CA issue the certificate and send the certificate to the requestor

[email protected] ssl]# OpenSSL CA-IN/TMP/HTTPD.CSR-OUT/ETC/PKI/CA/CERTS/HTTPD.CRT

[Email protected] ssl]# cp/etc/pki/ca/certs/httpd.crt/etc/httpd/ssl/

4. Installing the Mod_ssl module

[Email protected] conf.d]# Httpd-m | grep SSL

[Email protected] conf.d]# yum-y install Mod_ssl

[Email protected] conf.d]# RPM-QL mod_ssl

[Email protected] conf.d]# vim/etc/httpd/conf.d/ssl.conf

<virtualhost 192.168.1.200:443>

DocumentRoot "/var/www/virt2"

ServerName www2.a.com:443

Sslcertificatefile/etc/httpd/ssl/httpd.crt
Sslcertificatekeyfile/etc/httpd/ssl/httpd.key

[Email protected] conf.d]# service httpd restart

[Email protected] conf.d]# SS-TNL

LISTEN 0 128::: 443

Client Testing: HTTPS : //172.16.251.164:443

Web service httpd-2.2 based on domain name virtual host