1)编辑配置文件设置如下:
<VirtualHost 192.168.1.100:80>
DocumentRoot "/web/vhosts/www1"
ServerName www1.a1.com
ErrorLog "/var/log/httpd/www1.err"
CustomLog "/var/log/httpd/www1.access" common
</VirtualHost>
<VirtualHost 192.168.1.100:8080>
DocumentRoot "/web/vhosts/www2"
ServerName www2.a2.com
ErrorLog "/var/log/httpd/www2.err"
CustomLog "/var/log/httpd/www2.access" common
</VirtualHost>
2)设置监听地址
Listen 80
Listen 8080
3)检查然后重新加载服务,测试
3、基于FQDN的virtualhost
1)开启虚拟主机域名
NameVirtualHost 192.168.1.100:80
2)编辑配置文件设置如下:
<VirtualHost 192.168.1.100:80>
DocumentRoot "/web/vhosts/www1"
ServerName www1.a1.com
ErrorLog "/var/log/httpd/www1.err"
CustomLog "/var/log/httpd/www1.access" common
</VirtualHost>
<VirtualHost 192.168.1.100:80>
DocumentRoot "/web/vhosts/www2"
ServerName www2.a2.com
ErrorLog "/var/log/httpd/www2.err"
CustomLog "/var/log/httpd/www2.access" common
</VirtualHost>
3)解析域名,此处我就用hosts文件来解析了
[root@linuxidc ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.0.1 server.magelinux.com server
192.168.1.100 www1.a1.com
192.168.1.100 www2.a2.com
4)检查加载服务,测试即可
四、httpd-2.2的基于https的安全访问
###CA服务器上操作:
1)生成密钥对密钥对
[root@linuxidc CA]# (umak 077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)
2)生成自签证书
[root@linuxidc CA]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3655
Country Name (2 letter code) [XX]:CN ##国家
State or Province Name (full name) []:beijing ##省
Locality Name (eg, city) [Default City]:beijin ##市
Organization Name (eg, company) [Default Company Ltd]:magedu.com #公司名称
Organizational Unit Name (eg, section) []:yunwei ##部门
Common Name (eg, your name or your server's hostname) []:linuxidc ##ca域名
Email Address []:admin@163.com #邮箱
3)为CA提供所需目录及文件
[root@linuxidc CA]# touch {serial,index.txt}
[root@linuxidc CA]# echo 01 > serial
###httpd服务器上操作:
1)生成密钥
[root@linuxidc ~]# mkdir /etc/httpd/ssl
[root@linuxidc ~]# cd /etc/httpd/ssl/
[root@linuxidc ssl]# (umask 077;openssl genrsa -out /etc/httpd/)
conf/ conf.d/ logs/ modules/ run/ ssl/
[root@linuxidc ssl]# (umask 077;openssl genrsa -out /etc/httpd/ssl/httpd.key 2048)
2)生成证书签署请求
[root@linuxidc ssl]# openssl req -new -key /etc/httpd/ssl/httpd.key -out /etc/httpd/ssl/httpd.csr -days 365
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijin
Organization Name (eg, company) [Default Company Ltd]:magedu.com
Organizational Unit Name (eg, section) []:yunwei
Common Name (eg, your name or your server's hostname) []:linuxidc
Email Address []:admin@163.com
3)在CA上签署证书,并将证书方式给请求者
[root@linuxidc tmp]# openssl ca -in /tmp/httpd.csr -out /etc/pki/CA/certs/httpd.crt -days 365
[root@linuxidc certs]# scp httpd.crt root@192.168.1.100:/etc/httpd/ssl
4)httpd要支持SSL需要安装mod_ssl模块
[root@linuxidc ~]# yum -y install mod_ssl
5)配置/etc/httpd/conf.d/ssl.conf
<VirtualHost 192.168.1.100:443> ##此行IP地址需要按照你自己需求更改
DocumentRoot "/web/vhosts/www1"
ServerName
SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key ##证书私钥
6)检查配置文件,重新加载,测试即可
[root@linuxidc ssl]# httpd -t
Syntax OK
[root@linuxidc ssl]# service httpd reload
Reloading httpd: