Web website Service:
Apache the famous open source Web Service software, maintenance operations by the ASF Free Software Fund
Official site: http://httpd.apache.org/
http://www.netcraft.com/ for various Web detailed statistics on the market share of the software
Lab Requirements:
1, the establishment of HTTPD services, requirements:
(1) Provide two name-based virtual host WWW1, WWW2; there are separate error logs and access logs
(2) Provide status information via WWW1 's/server-status and only allow Tom users to access
(3) WWW2 does not allow access to any host in the 192.168.0.0/24 network
2. Provide HTTPS service for the 2nd virtual host above
Lab Environment:
Web Server:centos 6.7x86_64 ip:172.16.251.164
Httpd-2.2.15-45.el6.centos.x86_64
Client: CentOS 7.2x86_64 ip:172.16.251.138
Experiment Preparation:
[[email protected] ~]# iptables–f//Turn off firewall
[[email protected] ~]# Setenforce 0//Turn off SELinux
Install httpd:
[Email protected] ~]# yum-y install httpd
[[email protected] ~]# RPM-QC httpd//View installation httpd generated configuration file
/etc/httpd/conf.d/welcome.conf
/etc/httpd/conf/httpd.conf
/etc/httpd/conf/magic
/etc/logrotate.d/httpd
/etc/sysconfig/htcacheclean
/etc/sysconfig/httpd
[[Email protected] ~]# service httpd start
[Email protected] ~]# SS–TNL
LISTEN 0 128::: 80
Master configuration file:
[Email protected] conf]# cp-p Httpd.confhttpd.conf.bak
[Email protected] httpd]# vim/etc/httpd/conf/httpd.conf
Namevirtualhost 172.16.251.164:80//Enable virtual host
To create a virtual host WWW1 configuration file:
[Email protected] ~]# vim/etc/httpd/conf.d/v1.conf
<virtualhost 172.16.251.164:80>
Documentroot/var/www/virt1
Servernamewww1.a.com
Errorlog Logs/www1-error_log
Customlog Logs/www1-access_log combined
<Location/server-status>
SetHandler Server-status
AuthType Basic
AuthName "Fortom"
AuthUserFile "/ETC/HTTPD/CONF/.HTPASSWD"
Require User Tom
</Location>
</VirtualHost>
To create a virtual host WWW2 configuration file:
[Email protected] ~]# vim/etc/httpd/conf.d/v2.conf
<virtualhost 172.16.251.164:80>
Documentroot/var/www/virt2
Servernamewww2.a.com
Errorlog Logs/www2-error_log
Customlog Logs/www2-access_log combined
<directory "/var/www/virt2" >
Options None
AllowOverride None
Order Deny,allow
Deny from 192.168.0.0/24
</Directory>
</VirtualHost>
To create a test site resource:
[[email protected] conf]# mkdir-pv/var/www/virt{1,2}
[Email protected] www]# echo "WWW1" >>/var/www/virt1/index.html
[Email protected] www]# echo "WWW2" >>/var/www/virt2/index.html
To create a Tom user file:
[Email protected] conf]# htpasswd-cm/etc/httpd/conf/.htpasswd Tom
[Email protected] conf]# httpd-t
Syntax OK
[Email protected] conf]# service httpd restart
Client testing:
[Email protected] ~]# cat/etc/hosts
172.16.251.164 www1.a.com www2.a.com
[Email protected] ~]# Curl http://www1.a.com
Www1
[Email protected] ~]# Curl http://www2.a.com
Www2
[Email protected] conf.d]# ll/var/log/httpd/
-rw-r--r--. 1 root root 11465 July 12:33 www1-access_log
-rw-r--r--. 1 root root 3517 July 12:33 www1-error_log
-rw-r--r--. 1 root root 2306 July 10:25 www2-access_log
-rw-r--r--. 1 root root 1142 July 10:17 Www2-error_log
[Email protected] ~]# links http://www1.a.com/server-status
650) this.width=650; "title=" spx3.jpg "style=" Float:none "src=" http://s5.51cto.com/wyfs02/M00/84/4F/ Wkiom1emklete08kaafmunfdprq831.jpg-wh_500x0-wm_3-wmp_4-s_3678655018.jpg "alt=" Wkiom1emklete08kaafmunfdprq831.jpg-wh_50 "/>
650) this.width=650; "title=" spx2.jpg "style=" Float:none "src=" http://s5.51cto.com/wyfs02/M01/84/4F/ Wkiol1emkljbyvjdaajuzwhwkrc998.jpg-wh_500x0-wm_3-wmp_4-s_1746693026.jpg "alt=" Wkiol1emkljbyvjdaajuzwhwkrc998.jpg-wh_50 "/>
Provide HTTPS services:
1. Establish a private CA
[[Email protected] ca]# (umask 077; OpenSSL genrsa-out Private/cakey.pem 2048)
[email protected] ca]# OpenSSL req-new-x509-keyprivate/cakey.pem-out Cacert.pem
Country Name (2 letter code) [XX]:CN
State or province name (full name) []:BJ
Locality Name (eg, city) [Default CITY]:BJ
Organization Name (eg, company) [Default company Ltd]:ym
Organizational Unit Name (eg, section) []:ops
Common name (eg, your name or your server ' s hostname) []:www2.a.com
Email Address []:[email protected]
[email protected] ca]# Touch index.txt
[Email protected] ca]# echo > serial
2. Certificate of application:
[Email protected] ca]# Mkdir-pv/etc/httpd/ssl
[[Email protected] ssl]# (umask 077; OpenSSL genrsa-out httpd.key 1024)
[email protected] ssl]# OpenSSL Req-new-key HTTPD.KEY-OUTHTTPD.CSR
Country Name (2 letter code) [XX]:CN
State or province name (full name) []:BJ
Locality Name (eg, city) [Default CITY]:BJ
Organization Name (eg, company) [Default company Ltd]:ym
Organizational Unit Name (eg, section) []:ops
Common name (eg, your name or your server ' s hostname) []:www2.a.com
Email Address []:[email protected]
[email protected] ssl]# CP httpd.csr/testdir/
3.CA issue the certificate and send the certificate to the requestor
[email protected] ssl]# OpenSSL CA-IN/TMP/HTTPD.CSR-OUT/ETC/PKI/CA/CERTS/HTTPD.CRT
[Email protected] ssl]# cp/etc/pki/ca/certs/httpd.crt/etc/httpd/ssl/
4. Installing the Mod_ssl module
[Email protected] conf.d]# Httpd-m | grep SSL
[Email protected] conf.d]# yum-y install Mod_ssl
[Email protected] conf.d]# RPM-QL mod_ssl
[Email protected] conf.d]# vim/etc/httpd/conf.d/ssl.conf
<virtualhost 192.168.1.200:443>
DocumentRoot "/var/www/virt2"
ServerName www2.a.com:443
Sslcertificatefile/etc/httpd/ssl/httpd.crt
Sslcertificatekeyfile/etc/httpd/ssl/httpd.key
[Email protected] conf.d]# service httpd restart
[Email protected] conf.d]# SS-TNL
LISTEN 0 128::: 443
Client Testing: HTTPS : //172.16.251.164:443
Web service httpd-2.2 based on domain name virtual host