2.4基于VirtualHost构建安全的http服务

目录:
一、CentOS6使用httpd-2.2基于域名构建httpd服务
二、centos7使用httpd2.4基于域名构建httpd服务
三、centos6编译安装httpd-2.4基于域名构建httpd服务


一、centos6使用httpd-2.2基于域名构建httpd服务:
1、安装http服务:
yum -y install httpd2、编辑主配置文件开启Name VirtualHost
NameVirtualHost 192.168.1.100:803、创建DocumentRoot及编辑网页内容
[root@linuxidc ~]# mkdir -p /data/vhost/www1
[root@linuxidc ~]# mkdir -p /data/vhost/www2

[root@linuxidc www1]# echo "www1" >index.html
[root@linuxidc www2]# echo "www2" >index.html4、建立基于www1域名的虚拟主机
要求:
##定义访问日志和错误日志
##定义192.168.1.0网段禁止访问
##访问www1.magedu.com/server-status输出状态页面,并且仅root用户可以访问
具体配置如下:
[root@linuxidc ~]# vim /etc/httpd/conf.d/vhost1.conf

<VirtualHost 192.168.1.100:80>
  DocumentRoot /data/vhost/www1
  ServerName www1.magedu.com
  CustomLog /var/log/httpd/www1/aceess_log common 
  ErrorLog /var/log/httpd/www1/err_log##日志文件路径需要自己创建即可,否则启服务失败
 
    <Directory "/data/vhost/www1">
            options None
            AllowOverride None
            Order allow,deny
            deny from 192.168.1.0 ###现在192.168.1.0网段中的任何主机都不可访问www1 
    </Directory>     


    <Location /server-status> ###设置访问www1.magedu.com/server-status的状态信息
            SetHandler server-status
            Order allow,deny
            Allow from 192.168.1
           
            AuthType Basic
            AuthName "admin"
            AuthUserFile "/etc/httpd/conf/.htpasswd"###用户认证文件
            Require valid-user
    </Location>


</VirtualHost>         

[root@linuxidc conf]# htpasswd -c -m /etc/httpd/.htpasswd aa ##建立认证用户
ok重启或重加载测试

5、建立基于www2域名的虚拟主机
要求:
###定义访问日志和错误日志
###访问此站点为https安全站点
具体配置如下:
<VirtualHost 192.168.1.100:80>
  DocumentRoot /data/vhost/www2
  ServerName www2.magedu.com
  ErrorLog /var/log/httpd/www2/error_log  ##定义错误日志
  CustomLog /var/log/httpd/www2/access_log common ##定义访问日志
</VirtualHost>将此站点构建成HTTPS安全访问:
建立CA:
1)生成私钥文件:
[root@linuxidc tls]# (umask 077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)2)生成自签证书
[root@linuxidc CA]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3655
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:magedu.com
Organizational Unit Name (eg, section) []:yunwei
Common Name (eg, your name or your server's hostname) []:linuxidc       
Email Address []:admin@163.com 3)为CA提供文件
[root@linuxidc CA]# touch {serial,index.txt}
[root@linuxidc CA]# echo 01 > serial

http服务器进行配置如下:
1)生成私钥
[root@linuxidc ~]# mkdir /etc/httpd/ssl
[root@linuxidc ~]# cd /etc/httpd/ssl
[root@linuxidc ssl]# (umask 077; openssl genrsa -out /etc/httpd/ssl/httpd.key 2048)2)生成证书请求:
[root@linuxidc ssl]# openssl req -new -key /etc/httpd/ssl/httpd.key -out /etc/httpd/ssl/httpd.csr -days 365
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:magedu.com
Organizational Unit Name (eg, section) []:yunwei
Common Name (eg, your name or your server's hostname) []:linuxidc
Email Address []:admin@163.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:     
An optional company name []:3)将此请求证书传给CA签署
[root@linuxidc ssl]# scp httpd.csr 192.168.1.100:/tmp4)CA签署证书并发给请求者
[root@linuxidc tmp]# openssl ca -in /tmp/httpd.csr -out /etc/pki/CA/certs/httpd.crt -days 365[root@linuxidc certs]# scp httpd.crt root@192.168.1.100:/etc/httpd/ssl/5)http要支持ssl就需要安装mod_ssl模块
[root@linuxidc ~]# yum -y install mod_ssl6)配置/etc/httpd/conf.d/ssl.conf文件
<VirtualHost 192.168.1.100:443>
DocumentRoot "/data/vhost/www2"
ServerName www2.magedu.com

SSLCertificateFile /etc/httpd/ssl/httpd.crt

SSLCertificateKeyFile /etc/httpd/ssl/httpd.key7)重启服务测试即可
[root@linuxidc ~]# httpd -t
Syntax OK
[root@linuxidc ~]# service httpd reload
Reloading httpd:

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/a6322c230e509dc52d6a800fb4d5adea.html