1. 云栖社区>
  2. PHP教程>
  3. 正文

httpd-2.2和httpd-2.4基于virtualhost构建安全的http服务

作者:用户 来源:互联网 时间:2017-12-01 20:51:18

安全httphttpd构建服务virtualhost基于2.22.4

httpd-2.2和httpd-2.4基于virtualhost构建安全的http服务 - 摘要: 本文讲的是httpd-2.2和httpd-2.4基于virtualhost构建安全的http服务,目录:一、centos6使用httpd-2.2基于域名构建httpd服务二、centos7使用httpd2.4基于域名构建httpd服务三、centos6编译安装httpd-2.4基于域名构建httpd服务一、centos6使用httpd-

目录:
一、centos6使用httpd-2.2基于域名构建httpd服务
二、centos7使用httpd2.4基于域名构建httpd服务
三、centos6编译安装httpd-2.4基于域名构建httpd服务

一、centos6使用httpd-2.2基于域名构建httpd服务:
1、安装http服务:
yum -y install httpd
2、编辑主配置文件开启Name VirtualHost
NameVirtualHost 192.168.1.100:80
3、创建DocumentRoot及编辑网页内容
[[email protected] ~]# mkdir -p /data/vhost/www1[[email protected] ~]# mkdir -p /data/vhost/www2[[email protected] www1]# echo "www1" >index.html [[email protected] www2]# echo "www2" >index.html
4、建立基于www1域名的虚拟主机
要求:
##定义访问日志和错误日志
##定义192.168.1.0网段禁止访问
##访问www1.magedu.com/server-status输出状态页面,并且仅root用户可以访问
具体配置如下:
[[email protected] ~]# vim /etc/httpd/conf.d/vhost1.conf<VirtualHost 192.168.1.100:80>DocumentRoot /data/vhost/www1ServerName www1.magedu.comCustomLog /var/log/httpd/www1/aceess_log common  ErrorLog /var/log/httpd/www1/err_log##日志文件路径需要自己创建即可,否则启服务失败 <Directory "/data/vhost/www1">options NoneAllowOverride NoneOrder allow,denydeny from 192.168.1.0 ###现在192.168.1.0网段中的任何主机都不可访问www1</Directory><Location /server-status> ###设置访问www1.magedu.com/server-status的状态信息SetHandler server-statusOrder allow,denyAllow from 192.168.1AuthType BasicAuthName "admin"AuthUserFile "/etc/httpd/conf/.htpasswd"###用户认证文件Require valid-user </Location></VirtualHost>  [[email protected] conf]# htpasswd -c -m /etc/httpd/.htpasswd aa ##建立认证用户ok重启或重加载测试


5、建立基于www2域名的虚拟主机
要求:
###定义访问日志和错误日志
###访问此站点为https安全站点
具体配置如下:
<VirtualHost 192.168.1.100:80>DocumentRoot /data/vhost/www2ServerName www2.magedu.comErrorLog /var/log/httpd/www2/error_log  ##定义错误日志CustomLog /var/log/httpd/www2/access_log common ##定义访问日志</VirtualHost>
将此站点构建成HTTPS安全访问:
建立CA:
1)生成私钥文件:
[[email protected] tls]# (umask 077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)
2)生成自签证书
[[email protected] CA]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3655Country Name (2 letter code) [XX]:CNState or Province Name (full name) []:beijingLocality Name (eg, city) [Default City]:beijingOrganization Name (eg, company) [Default Company Ltd]:magedu.comOrganizational Unit Name (eg, section) []:yunweiCommon Name (eg, your name or your server's hostname) []:bogon Email Address []:[email protected]
3)为CA提供文件
[[email protected] CA]# touch {serial,index.txt}[[email protected] CA]# echo 01 > serial


http服务器进行配置如下:
1)生成私钥
[[email protected] ~]# mkdir /etc/httpd/ssl[[email protected] ~]# cd /etc/httpd/ssl[[email protected] ssl]# (umask 077; openssl genrsa -out /etc/httpd/ssl/httpd.key 2048)
2)生成证书请求:
[[email protected] ssl]# openssl req -new -key /etc/httpd/ssl/httpd.key -out /etc/httpd/ssl/httpd.csr -days 365Country Name (2 letter code) [XX]:CNState or Province Name (full name) []:beijingLocality Name (eg, city) [Default City]:beijingOrganization Name (eg, company) [Default Company Ltd]:magedu.comOrganizational Unit Name (eg, section) []:yunweiCommon Name (eg, your name or your server's hostname) []:bogonEmail Address []:[email protected] enter the following 'extra' attributesto be sent with your certificate requestA challenge password []: An optional company name []:
3)将此请求证书传给CA签署
[[email protected] ssl]# scp httpd.csr 192.168.1.100:/tmp
4)CA签署证书并发给请求者
[[email protected] tmp]# openssl ca -in /tmp/httpd.csr -out /etc/pki/CA/certs/httpd.crt -days 365
[[email protected] certs]# scp httpd.crt [email protected]:/etc/httpd/ssl/
5)http要支持ssl就需要安装mod_ssl模块
[[email protected] ~]# yum -y install mod_ssl
6)配置/etc/httpd/conf.d/ssl.conf文件
<VirtualHost 192.168.1.100:443>DocumentRoot "/data/vhost/www2"ServerName www2.magedu.comSSLCertificateFile /etc/httpd/ssl/httpd.crtSSLCertificateKeyFile /etc/httpd/ssl/httpd.key
7)重启服务测试即可
[[email protected] ~]# httpd -t Syntax OK[[email protected] ~]# service httpd reload Reloading httpd:
------------------------------------分隔线---------------------------------------
二、centos7使用httpd2.4基于域名构建httpd服务
centos7上的httpd-2.4基本同centos6上的httpd2.2一样,所有有的地方就不详细的说明和操作了。
1、安装httpd服务

yum -y install httpd

2、创建网页及储存路径
mkdir -p /data/vhost/www{1,2}
echo "centos7 www1" > /data/vhost/www1/index.html
echo "centos7 www2" > /data/vhost/www2/index.html

3、建立虚拟主机www1并且做相应的限制等
[[email protected] ~]# vim /etc/httpd/conf.d/vhost1.conf<VirtualHost 192.168.1.104:80>DocumentRoot /data/vhost/www1ServerName www1.magedu.comCustomLog /var/log/httpd/www1/acess_log commonErrorLog  /var/log/httpd/www1/err_log<Directory "/data/vhost/www1">Options NoneAllowOverride None ##定义访问权限:  <RequireAll> Require all granted Require not ip 192.168  </RequireAll>  </Directory>####定义状态页面并且认证  <Location "/server-status">SetHandler server-statusRequire all grantedAuthType BasicAuthName "admin"AuthUserFile "/etc/httpd/.htpasswd"Require valid-user  </Location></VirtualHost>
4、建立虚拟主机www2
[[email protected] ~]# vim /etc/httpd/conf.d/vhost2.conf <VirtualHost 192.168.1.104:80>DocumentRoot /data/vhost/www2ServerName www2.magedu.comCustomLog /var/log/httpd/www2/acess_log commonErrorLog  /var/log/httpd/www2/err_log<Directory "/data/vhost/www2">Options NoneAllowOverride NoneRequire all granted</Directory></VirtualHost>
----------------------------------分隔线-----------------------------------------
三、centos6编译安装httpd-2.4基于域名构建httpd服务
由于httpd-2.4所依赖的apr和apr-until需要1.4版本以上。而centos默认自带的版本比较低,所以我们在centos6使用httpd-2.4的时候需要我们手动进行编译安装才可以:

准备工具:apr-1.4.6.tar
apr-util-1.4.1.tar
httpd-2.4.6.tar

1、安装开发包组件
[[email protected] ~]# yum -y install prce-devel
[[email protected] ~]# yum groupinstall Development tools  Server Platform Development
2、安装apr
[[email protected] ~]# tar xf apr-1.4.6.tar.bz2 [[email protected] ~]# cd apr-1.4.6[[email protected] apr-1.4.6]# ./configure --prefix=/usr/local/apr[[email protected] apr-1.4.6]# make && make install
3、安装apr-until
[[email protected] ~]# tar xf apr-util-1.4.1.tar.bz2 [[email protected] ~]# cd apr-util-1.4.1[[email protected] apr-util-1.4.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr[[email protected] apr-util-1.4.1]# make && make install
4、编译安装httpd2.4

[[email protected] ~]# tar xf httpd-2.4.6.tar.bz2[[email protected] ~]# cd httpd-2.4.6[[email protected] httpd-2.4.6]# ./configure --prefix=/usr/local/apache24 --sysconfdir=/etc/httpd24 --enable-so --enable--ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util  --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork [[email protected] ~]# make && make install
5、启动服务查查看下监听端口

[[email protected] ~]# /usr/local/apache24/bin/apachectl start[[email protected] ~]# ss -tnl StateRecv-Q Send-QLocal Address:Port  Peer Address:Port LISTEN  0128  :::53263  :::*  LISTEN  0128  :::111 :::*  LISTEN  0128*:111  *:*  LISTEN  0128  :::80  :::*
6、开启虚拟主机模块编辑配置文件去除#即可
[[email protected] ~]# vim /etc/httpd24/httpd.confInclude /etc/httpd24/extra/httpd-vhosts.conf  ##启用此项
7、配置虚拟主机
[[email protected] ~]# vim /etc/httpd24/extra/httpd-vhosts.conf<VirtualHost 192.168.1.100:80> DocumentRoot "/usr/local/apache24/htdocs/test1" ServerName test1.ma.com ErrorLog "/var/log/test1/errlog" CustomLog "/var/log/test1/acccesslog" common</VirtualHost><VirtualHost 192.168.1.100:80> DocumentRoot "/usr/local/apache24/htdocs/test2" ServerName test2.ma.com ErrorLog "/var/log/test2/errlog" CustomLog "/var/log/test2/accesslog" common</VirtualHost>
8、创建网页测试文档
[[email protected] htdocs]# pwd/usr/local/apache24/htdocs[[email protected] htdocs]# mkdir test1 test2[[email protected] htdocs]# echo "test1" > test1/index.html [[email protected] htdocs]# echo "test2" > test2/index.html
9、检查配置文件是否正确

[[email protected] ~]# apachectl -t Syntax OK
10、重启启动服务测试

[[email protected] ~]# /usr/local/apache24/bin/apachectl restart [[email protected] ~]# curl http://test1.ma.com test1[[email protected] ~]# curl http://test2.ma.com test2

以上是云栖社区小编为您精心准备的的内容,在云栖社区的博客、问答、公众号、人物、课程等栏目也有的相关内容,欢迎继续使用右上角搜索按钮进行搜索安全 , http , httpd , 构建 , 服务 , virtualhost , 基于 , 2.2 2.4 ,以便于您获取更多的相关知识。

弹性可伸缩的计算服务,助您降低 IT 成本,提升运维效率

40+云计算产品,6个月免费体验

稳定可靠、可弹性伸缩的在线数据库服务,全球最受欢迎的开源数据库之一

云服务器9.9元/月,大学必备