web网站服务:
Apache著名的开源Web服务软件,由ASF自由软件基金负责维护操作
官方站点:http://httpd.apache.org/
http://www.netcraft.com/ 对各种Web软件的市场份额做了详细的统计
实验需求:
1、建立httpd服务,要求:
(1) 提供两个基于名称的虚拟主机www1, www2;有单独的错误日志和访问日志
(2) 通过www1的/server-status提供状态信息,且仅允许tom用户访问
(3) www2不允许192.168.0.0/24网络中任意主机访问
2、为上面的第2个虚拟主机提供https服务
实验环境:
Web Server: CentOS 6.7x86_64 IP:172.16.251.164
httpd-2.2.15-45.el6.centos.x86_64
客户端:CentOS 7.2x86_64 IP:172.16.251.138
实验准备:
[root@www ~]# iptables –F //关闭防火墙
[root@www ~]# setenforce 0 //关闭SeLinux
安装httpd:
[root@www ~]# yum -y install httpd
[root@www ~]# rpm -qc httpd //查看安装httpd生成的配置文件
/etc/httpd/conf.d/welcome.conf
/etc/httpd/conf/httpd.conf
/etc/httpd/conf/magic
/etc/logrotate.d/httpd
/etc/sysconfig/htcacheclean
/etc/sysconfig/httpd
[root@www ~]# service httpd start
[root@www ~]# ss –tnl
LISTEN 0 128 :::80
主配置文件:
[root@www conf]# cp -p httpd.confhttpd.conf.bak
[root@www httpd]# vim/etc/httpd/conf/httpd.conf
NameVirtualHost 172.16.251.164:80 //启用虚拟主机
创建虚拟主机www1配置文件:
[root@www ~]# vim /etc/httpd/conf.d/v1.conf
<VirtualHost 172.16.251.164:80>
DocumentRoot /var/www/virt1
ServerNamewww1.a.com
ErrorLog logs/www1-error_log
CustomLog logs/www1-access_log combined
<Location /server-status>
SetHandler server-status
AuthType basic
AuthName "Fortom"
AuthUserFile"/etc/httpd/conf/.htpasswd"
Require user tom
</Location>
</VirtualHost>
创建虚拟主机www2配置文件:
[root@www ~]# vim /etc/httpd/conf.d/v2.conf
<VirtualHost 172.16.251.164:80>
DocumentRoot /var/www/virt2
ServerNamewww2.a.com
ErrorLog logs/www2-error_log
CustomLog logs/www2-access_log combined
<Directory"/var/www/virt2">
Options None
AllowOverride None
Order deny,allow
Deny from 192.168.0.0/24
</Directory>
</VirtualHost>
创建测试站点资源:
[root@www conf]# mkdir -pv/var/www/virt{1,2}
[root@www www]# echo "www1">> /var/www/virt1/index.html
[root@www www]# echo "www2" >>/var/www/virt2/index.html
创建tom用户文件:
[root@www conf]# htpasswd -cm/etc/httpd/conf/.htpasswd tom
[root@www conf]# httpd -t
Syntax OK
[root@www conf]# service httpd restart
客户端测试:
[root@localhost ~]# cat /etc/hosts
172.16.251.164 www1.a.com www2.a.com
[root@localhost ~]# curl http://www1.a.com
www1
[root@localhost ~]# curl http://www2.a.com
www2
[root@www conf.d]# ll /var/log/httpd/
-rw-r--r--. 1 root root 11465 7月 17 12:33 www1-access_log
-rw-r--r--. 1 root root 3517 7月 17 12:33 www1-error_log
-rw-r--r--. 1 root root 2306 7月 17 10:25 www2-access_log
-rw-r--r--. 1 root root 1142 7月 17 10:17 www2-error_log
[root@localhost ~]# links http://www1.a.com/server-status
提供https服务:
1.建立私有CA
[root@www CA]# (umask 077; openssl genrsa-out private/cakey.pem 2048)
[root@www CA]# openssl req -new -x509 -keyprivate/cakey.pem -out cacert.pem
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:ym
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:www2.a.com
Email Address []:admin@a.com
[root@www CA]# touch index.txt
[root@www CA]# echo 01 > serial
2.申请证书:
[root@www CA]# mkdir -pv /etc/httpd/ssl
[root@www ssl]# (umask 077; openssl genrsa-out httpd.key 1024)
[root@www ssl]# openssl req -new -key httpd.key -outhttpd.csr
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:ym
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:www2.a.com
Email Address []:admin@acom
[root@www ssl]# cp httpd.csr /testdir/
3.CA签发证书,并将证书发送请求者
[root@www ssl]# openssl ca -in /testdir/httpd.csr -out /etc/pki/CA/certs/httpd.crt
[root@www ssl]# cp/etc/pki/CA/certs/httpd.crt /etc/httpd/ssl/
4.安装mod_ssl模块
[root@www conf.d]# httpd -M | grep ssl
[root@www conf.d]# yum -y install mod_ssl
[root@www conf.d]# rpm -ql mod_ssl
[root@www conf.d]# vim/etc/httpd/conf.d/ssl.conf
<VirtualHost 172.16.251.164:443>
DocumentRoot "/var/www/virt2"
ServerName www2.a.com:443
SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
[root@www conf.d]# service httpd restart
[root@www conf.d]# ss -tnl
LISTEN 0 128 :::443
客户端测试:https://172.16.251.164:443