测试目标:

三个虚拟主机,要求如下

vhost1: phpMyAdmin, 同时提供https服务;

vhost2: wordpress

配置过程:

一、配置vhost1

1、首先配置vhost1,先搭建私有CA

在172.16.20.242上搭建私有CA:
(1) 创建私钥,公钥无需处理
[root@ca ~]# cd /etc/pki/CA/
[root@ca CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
.....+++
.......+++
e is 65537 (0x10001)(2) 生成自签证书,填写相关证书信息
[root@ca CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
.....+++
.......+++
e is 65537 (0x10001)
[root@ca CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3655
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Hubei
Locality Name (eg, city) [Default City]:Hubei
Organization Name (eg, company) [Default Company Ltd]:Gump Ltd
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:ca.gump.com
Email Address []:caadmin@gump.com
[root@ca CA]#
// 需要注意的是,证书格式必须为pem格式(3)创建签署证书环境
[root@ca CA]# touch /etc/pki/CA/index.txt
[root@ca CA]# touch /etc/pki/CA/serial
[root@ca CA]# echo 01 > /etc/pki/CA/serial

2、在web主机上生成证书请求,并发送证书请求到CA主机

在172.16.20.244生成证书请求:
(1)生成密钥,并保存到应用此证书的服务的配置文件目录下
[root@web ~]#  mkdir /etc/httpd/ssl
[root@web ~]#  cd /etc/httpd/ssl
[root@web ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus
..........+++
....................................................................+++
e is 65537 (0x10001)
[root@web ssl]# ls
httpd.key(2) 生成证书签署请求,填写相关信息需要注意的是,除了主机地址和邮箱地址,其它需要保持一致
[root@web ssl]# openssl req -new -key httpd.key -out httpd.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Hubei
Locality Name (eg, city) [Default City]:Hubei
Organization Name (eg, company) [Default Company Ltd]:Gump Ltd
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:web.gump.com
Email Address []:webadmin@gump.comPlease enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@web ssl]# ls
httpd.csr  httpd.key
[root@web ssl]# scp httpd.csr root@172.16.20.242:/tmp/
root@172.16.20.242's password:
httpd.csr                                                          100% 1050     1.0KB/s   00:00
[root@web ssl]#

3、签署证书请求,将证书请求发送回web主机

(1)签署证书请求
[root@ca CA]# openssl ca -in /tmp/httpd.csr -out /tmp/web.gump.com.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:Serial Number: 1 (0x1)ValidityNot Before: Aug 23 10:55:56 2017 GMTNot After : Aug 23 10:55:56 2018 GMTSubject:countryName               = CNstateOrProvinceName       = HubeiorganizationName          = Gump LtdorganizationalUnitName    = OpscommonName                = web.gump.comemailAddress              = webadmin@gump.comX509v3 extensions:X509v3 Basic Constraints: CA:FALSENetscape Comment: OpenSSL Generated CertificateX509v3 Subject Key Identifier: 7A:D2:B5:60:3D:13:27:33:C4:F5:02:DC:AC:44:BB:0F:F9:32:00:71X509v3 Authority Key Identifier: keyid:5A:9A:54:2F:9C:91:3E:D6:BE:CC:22:68:50:C6:83:EB:23:AD:AC:AFCertificate is to be certified until Aug 23 10:55:56 2018 GMT (365 days)
Sign the certificate? [y/n]:y1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@ca CA]#
(2)将证书传回请求者
[root@ca CA]# scp /tmp/web.gump.com.crt root@172.16.20.244:/etc/httpd/ssl
The authenticity of host '172.16.20.244 (172.16.20.244)' can't be established.
RSA key fingerprint is 5a:10:33:a2:bf:5b:06:82:25:01:fb:c2:74:93:34:95.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.20.244' (RSA) to the list of known hosts.
root@172.16.20.244's password:
web.gump.com.crt                                                   100% 4595     4.5KB/s   00:00
[root@ca CA]#

4、配置httpd支持使用ssl

(1)查看当前web主机是否已安装mod_ssl模块,如果没有安装,则必须先安装mod_ssl模块
(2)配置ssl配置文件
[root@web ssl]# vim /etc/httpd/conf.d/ssl.conf
修改如下选项:
<VirtuaHost 172.16.20.244:443>
// 因为ssl会话是基于IP地址建立的,若有多个IP地址,则需指定地址,若只有一个地址,则无需修
改,保持"*"即可;
DocumentRoot "/www/htdocs"
// 此目录为虚拟主机vhost1的中心目录,即网页文件存放位置
ServerName web.gump.com:443
// 当前主机名
ErrorLog /logs/pma_error_log
// 错误日志存放位置
Transferlog logs/pma_access_log
// 访问日志存放目录
SSLCertificateFile /etc/httpd/ssl/web.gump.com.crt
// 服务器证书存放目录
SSlCertificateKeyFile /etc/httpd/ssl/httpd.key
// 证书私钥存放目录
(3)配置phpMyadmin网页文件
[root@localhost  ~]#    mkdir -pv /www/htdocs/vhosts{1,2,3}
[root@localhost ~]#  unzip phpMyAdmin-4.0.10.20-all-languages.zip
[root@localhost ~]#  cp phpMyAdmin-4.0.10.20-all-languages /www/htdocs/vhosts1/
[root@localhost  ~]#    ln -sv phpMyAdmin-4.0.10.20-all-languages pma
(4)配置httpd.conf
[root@localhost conf]# vim httpd.conf
ServerName Localhost:80
DocumentRoot "/www/htdocs"
<Directory "/www/htdocs">
// Directory 指定的目录要和DocumentRoot一致
(5)配置虚拟主机配置文件
[root@localhost ~]#  vim /etc/httpd/conf.d/httpd-vhost1.conf
<VirtualHost 172.16.20.244:80>ServerAdmin web.gump.comDocumentRoot "/www/htdocs"<Directory "/www/htdocs/vhosts1/pma">Options NoneAllowOverride NoneRequire all granted</Directory>
</VirtualHost>
[root@localhost ~]#   systemctl reload httpd.service

查看配置效果

二、配置虚拟主机2

1、配置虚拟主机2的配置文件
[root@localhost ~]#   vim /etc/httpd/conf.d/httpd-vhost2.conf
<VirtualHost 172.16.20.245:80>ServerAdmin web2.gump.comDocumentRoot "/www/htdocs"<Directory "/www/htdocs/vhosts2">Options NoneAllowOverride NoneRequire all granted</Directory>
</VirtualHost>
2、为虚拟主机2配置IP地址
由于是虚拟机,没有多张网卡使用ip命令添加地址达到多IP效果
[root@localhost ~]#   ip addr add 172.16.20.245/24 dev ens33
[root@localhost ~]#   ip addr show dev ens33
[root@localhost ~]# ip add show dev ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:0c:29:44:e2:e3 brd ff:ff:ff:ff:ff:ffinet 172.16.20.244/24 brd 172.16.20.255 scope global ens33valid_lft forever preferred_lft foreverinet 172.16.20.245/24 scope global secondary ens33valid_lft forever preferred_lft foreverinet6 fe80::d846:2237:6188:97fe/64 scope link tentative dadfailed valid_lft forever preferred_lft foreverinet6 fe80::a0de:8503:69c8:5595/64 scope link tentative dadfailed valid_lft forever preferred_lft foreverinet6 fe80::9a1a:88f0:c9cf:41bd/64 scope link tentative dadfailed valid_lft forever preferred_lft forever
3、配置虚拟主机2的网页文件
[root@localhost ~]#  unzip wordpress-4.7.4-zh_CH.zip
[root@localhost ~]#  cp wordpress /www/htdocs/vhosts2/
4、配置虚拟主机2的wordpress的配置文件
[root@localhost ~]# mysql
MariaDB [(none)]> CREATE DATABASE mydb1;
MariaDB [(none)]> exit
// 连接wordpress必须要配置正确的数据库及用户名密码,所以需要实现创建好数据库
[root@localhost ~]#   cd /www/htdocs/vhost2/wordpress
[root@localhost ~]#   cp wp-config-sample.php wp-config.php
[root@localhost ~]#   vim wp-config.php
define('DB_NAME','mydb1');  // 数据库为事先创建好的mydb1
define('DB_USER','root');   // 用户名为root
define('DB_PASSWORD','');   // root密码默认为空

5、查看配置效果

写的比较潦草,如有遗漏错误和争议之处,欢迎大家的批评指正和讨论,谢谢。

转载于:https://blog.51cto.com/11367661/2047992

httpd.2.4虚拟主机配置测试相关推荐

  1. apache-详细配置文件介绍+多种方式虚拟主机配置

    grep -v "#" /etc/httpd/conf/httpd.conf ServerTokens OS    返回Server :Apache/2.0.41(unix) se ...

  2. Ubuntu 下apache2 虚拟主机配置

    一.安装: ubuntu 及debian 下的apahce 有点特别,如果使用apt-get 方式安装( apt-get install apache2 ) 则安装目录默认在 /etc/apache2 ...

  3. Apache源码安装和虚拟主机配置

    源码安装Apache 1.上传Apache源码安装所需软件包 2.安装: 安装顺序 apr->apr-util->pcre->httpd 安装编译环境 yum -y install ...

  4. Apache虚拟主机配置详解

    Apache虚拟主机配置详解 1.配置环境说明 系统环境:CentOS7 Apache环境:编译安装的httpd-2.4.7 系统限制:关闭了防火墙和selinux hosts文件中配置以下域名解析 ...

  5. Apache基于域名、端口、IP的虚拟主机配置(Centos 6.5)

    虚拟主机:部署多个站点,每个站点,希望用不同的域名和站点目录,或者是不同的端口,不同的ip,需要虚拟主机功能.一句话,一个http服务要配置多个站点,就需要虚拟主机. 虚拟主机分类:基于域名.基于端口 ...

  6. linux apache部署php,Linux下apache虚拟主机配置多版本php同时运行 | 系统运维

    学习本教程须掌握: 1.Linux下指定版本编译安装LAMP 2.Linux下Apache虚拟主机配置 3.CentOS 7.x编译安装Nginx1.10.3+MySQL5.7.16+PHP5.2 5 ...

  7. 手把手教你,嘴对嘴传达----Apache虚拟主机配置与应用

    文章目录 一.Apache虚拟主机 1.虚拟web主机概述 2.httpd支持的虚拟主机类型 3.添加虚拟主机配置格式 4.生产环境中虚拟主机概述 二.构建虚拟主机–基于域名实例演示 1.下载需要的软 ...

  8. linux下安装iasp以及apache多站点虚拟主机配置

                      安装配置 1.     linux下安装iasp 1.1需要准备的的安装包: httpd-2.0.59.tar.gz(最好选该版本,2.2版本在安装配置完后启动出错 ...

  9. 本地lamp虚拟服务器,LAMP环境下虚拟主机配置(基于域名)

    在之前LAMP环境下虚拟主机配置(基于IP) 继续做这个基于域名的虚拟主机配置,只需要修改之前的配置内容即可. 一.首先修改一下apache的配置文件 首先修改一下配置文件中的#NameVirtual ...

最新文章

  1. CFtpFileFind FindFile卡住的问题
  2. Zend Optimizer 相关报错收集
  3. SystemVerilog——任务和函数(Tasks and Functions)[转]
  4. 解决:build_attrs() takes at most 2 arguments (3 given)
  5. 第57课 鸡兔同笼-2021.10.12
  6. 百度地图demo基础组件演示
  7. [转]Error: SQL BPA command line has encountered a problem and needs to close
  8. Netty 服务 接收新数据
  9. 数据结构和算法———P6 线性表
  10. PHP字符串相关函数
  11. 直播系统源码,直播平台系统源码
  12. 阿里云产品介绍(一):云服务器ECS
  13. 会员功能竞品分析(一):唯品会、京东、苏宁易购
  14. 通过scheme协议启动app
  15. 寻找亚马逊测评师邮箱_关于亚马逊测评一些普及
  16. “熊猫烧香”主犯:毒王?黑客英雄?
  17. 31 家企业入选阿里云首期云原生加速器,共建云原生行业新生态
  18. TFmini Plus 开关量输出说明
  19. 字符串转json对象
  20. cmos全局曝光算法_CMOS技术 | 行业应用(1)

热门文章

  1. C++中static_cast/const_cast/dynamic_cast/reinterpret_cast的区别和使用
  2. 正向最大匹配算法 python代码_中文分词算法之最大正向匹配算法(Python版)
  3. python os open_Python3 os.open() 方法
  4. python字符串类库_Python 常用类库
  5. python 读取excel文件 效率 时间 格式_python读取Excel文件中的时间数据
  6. java异常类 Object类
  7. python实现简单的http服务器_Python实现简单HTTP服务器(二)
  8. iOS开发业界毒瘤 Hook
  9. HTML5跳转页面并传值以及localStorage的用法
  10. 一位老码农的分享:一线程序员该如何面对「中年危机」?