web网站服务:

Apache著名的开源Web服务软件,由ASF自由软件基金负责维护操作

官方站点:http://httpd.apache.org/

http://www.netcraft.com/ 对各种Web软件的市场份额做了详细的统计


实验需求:

1、建立httpd服务,要求:
   (1) 提供两个基于名称的虚拟主机www1, www2;有单独的错误日志和访问日志 
   (2) 通过www1的/server-status提供状态信息,且仅允许tom用户访问
   (3) www2不允许192.168.0.0/24网络中任意主机访问
2、为上面的第2个虚拟主机提供https服务


实验环境:

Web Server: CentOS 6.7x86_64          IP:172.16.251.164

         httpd-2.2.15-45.el6.centos.x86_64

客户端:CentOS 7.2x86_64                     IP:172.16.251.138


实验准备:

[root@www ~]# iptables –F                     //关闭防火墙

[root@www ~]# setenforce 0                   //关闭SeLinux


安装httpd:

[root@www ~]# yum -y install httpd

[root@www ~]# rpm -qc httpd                //查看安装httpd生成的配置文件

/etc/httpd/conf.d/welcome.conf

/etc/httpd/conf/httpd.conf

/etc/httpd/conf/magic

/etc/logrotate.d/httpd

/etc/sysconfig/htcacheclean

/etc/sysconfig/httpd

[root@www ~]# service httpd start

[root@www ~]# ss –tnl

LISTEN    0      128                          :::80


主配置文件:

[root@www conf]# cp -p httpd.confhttpd.conf.bak

[root@www httpd]# vim/etc/httpd/conf/httpd.conf

NameVirtualHost 172.16.251.164:80                 //启用虚拟主机


创建虚拟主机www1配置文件:

[root@www ~]# vim /etc/httpd/conf.d/v1.conf

<VirtualHost 172.16.251.164:80>

        DocumentRoot /var/www/virt1

ServerNamewww1.a.com

ErrorLog logs/www1-error_log
       CustomLog logs/www1-access_log combined

<Location /server-status>

    SetHandler server-status

    AuthType basic

    AuthName "Fortom"

    AuthUserFile"/etc/httpd/conf/.htpasswd"

    Require user tom

</Location>

</VirtualHost>


创建虚拟主机www2配置文件:

[root@www ~]# vim /etc/httpd/conf.d/v2.conf

<VirtualHost 172.16.251.164:80>

       DocumentRoot /var/www/virt2

ServerNamewww2.a.com

ErrorLog logs/www2-error_log
       CustomLog logs/www2-access_log combined

<Directory"/var/www/virt2">

        Options None

        AllowOverride None

        Order deny,allow

        Deny from 192.168.0.0/24

</Directory>

</VirtualHost>


创建测试站点资源:

[root@www conf]# mkdir -pv/var/www/virt{1,2}

[root@www www]# echo "www1">> /var/www/virt1/index.html

[root@www www]# echo "www2" >>/var/www/virt2/index.html


创建tom用户文件:

[root@www conf]# htpasswd -cm/etc/httpd/conf/.htpasswd tom

[root@www conf]# httpd -t

Syntax OK

[root@www conf]# service httpd restart


客户端测试:

[root@localhost ~]# cat /etc/hosts

172.16.251.164        www1.a.com   www2.a.com

[root@localhost ~]# curl http://www1.a.com

www1

[root@localhost ~]# curl http://www2.a.com

www2

[root@www conf.d]# ll /var/log/httpd/

-rw-r--r--. 1 root root 11465 7月  17 12:33 www1-access_log

-rw-r--r--. 1 root root  3517 7月  17 12:33 www1-error_log

-rw-r--r--. 1 root root  2306 7月  17 10:25 www2-access_log

-rw-r--r--. 1 root root  1142 7月  17 10:17 www2-error_log

[root@localhost ~]# links http://www1.a.com/server-status

web服务httpd-2.2基于域名虚拟主机_虚拟主机

web服务httpd-2.2基于域名虚拟主机_虚拟主机_02



提供https服务:

1.建立私有CA

[root@www CA]# (umask 077; openssl genrsa-out private/cakey.pem 2048)

[root@www CA]# openssl req -new -x509 -keyprivate/cakey.pem -out cacert.pem

Country Name (2 letter code) [XX]:CN  
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:ym
Organizational Unit Name (eg, section) []:Ops      
Common Name (eg, your name or your server's hostname) []:www2.a.com
Email Address []:admin@a.com

[root@www CA]# touch index.txt

[root@www CA]# echo 01 > serial

2.申请证书:

[root@www CA]# mkdir -pv /etc/httpd/ssl

[root@www ssl]# (umask 077; openssl genrsa-out httpd.key 1024)

[root@www ssl]#  openssl req -new -key httpd.key -outhttpd.csr

Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:ym
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:www2.a.com
Email Address []:admin@acom

[root@www ssl]# cp httpd.csr /testdir/


3.CA签发证书,并将证书发送请求者

[root@www ssl]# openssl ca -in /testdir/httpd.csr -out /etc/pki/CA/certs/httpd.crt

[root@www ssl]# cp/etc/pki/CA/certs/httpd.crt /etc/httpd/ssl/


4.安装mod_ssl模块

[root@www conf.d]# httpd -M | grep ssl

[root@www conf.d]# yum -y install mod_ssl

[root@www conf.d]# rpm -ql mod_ssl

[root@www conf.d]# vim/etc/httpd/conf.d/ssl.conf

<VirtualHost 172.16.251.164:443>

DocumentRoot "/var/www/virt2"

ServerName www2.a.com:443

SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key

[root@www conf.d]# service httpd restart

[root@www conf.d]# ss -tnl

LISTEN    0      128                          :::443


客户端测试:https//172.16.251.164:443