配置虚拟主机和https
2024-05-10 05:58:16
配置虚拟主机和
文章目录
- 配置虚拟主机和
- httpd常用配置
- 配置虚拟主机
- 配置https
httpd常用配置
- 切换使用MPM(编辑/etc/httpd/conf.modules.d/00-mpm.conf文件):
//LoadModule mpm_NAME_module modules/mod_mpm_NAME.so
//NAME有三种,分别是:preforkeventworker//默认是event把他注释掉,取消prefork的注释
[root@zjq ~]# cd /etc/httpd/conf.modules.d/
[root@zjq conf.modules.d]# pwd
/etc/httpd/conf.modules.d
[root@zjq conf.modules.d]# ls
00-base.conf 00-lua.conf 00-optional.conf 00-systemd.conf 10-h2.conf README
00-dav.conf 00-mpm.conf 00-proxy.conf 01-cgi.conf 10-proxy_h2.conf
[root@zjq conf.modules.d]# vim 00-mpm.conf LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
访问控制法则:
| 法则 | 功能 |
|---|---|
| Require all granted | 允许所有主机访问 |
| Require all deny | 拒绝所有主机访问 |
| Require ip IPADDR | 授权指定来源地址的主机访问 |
| Require not ip IPADDR | 拒绝指定来源地址的主机访问 |
| Require host HOSTNAME | 授权指定来源主机名的主机访问 |
| Require not host HOSTNAME | 拒绝指定来源主机名的主机访问 |
| IPADDR的类型 | HOSTNAME的类型 |
|---|---|
| IP:192.168.1.1 Network/mask:192.168.1.0/255.255.255.0 Network/Length:192.168.1.0/24 Net:192.168 | FQDN:特定主机的全名 DOMAIN:指定域内的所有主机 |
注意:httpd-2.4版本默认是拒绝所有主机访问的,所以安装以后必须做显示授权访问
示例:
<Directory /var/www/html/www><RequireAll>Require not ip addressRequire all granted</RequireAll>
</Directory>
配置虚拟主机
虚拟主机有三类:
- 相同IP不同端口
- 不同IP相同端口
- 相同IP相同端口不同域名
//设置主机名
[root@zjq ~]# vim /etc/httpd/conf/httpd.conf
......
ServerAdmin root@localhost#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
ServerName www.example.com:80 //取消此行前面的#号
......
- 配置虚拟主机
//查看虚拟主机配置文件,复制到/etc/httpd/conf.d目录下
[root@zjq ~]# find / -name *vhosts.conf
/usr/share/doc/httpd/httpd-vhosts.conf
[root@zjq ~]# cp /usr/share/doc/httpd/httpd-vhosts.conf /etc/httpd/conf.d/
[root@zjq ~]# ls /etc/httpd/conf.d
autoindex.conf httpd-vhosts.conf README userdir.conf welcome.conf
//将下载好的源码包解压
[root@zjq ~]# cd /var/www/html/
[root@zjq html]# ls
zhuawawaji.zip 斗地主.zip
[root@zjq html]# unzip zhuawawaji.zip
[root@zjq html]# unzip 斗地主.zip
[root@zjq html]# ls
'HTML5 canvas移动端斗地主小游戏' jQuery抓娃娃机游戏代码 zhuawawaji.zip 斗地主.zip
[root@zjq html]# mv 'HTML5 canvas移动端斗地主小游戏' doudizhu
[root@zjq html]# mv jQuery抓娃娃机游戏代码 zhualz
[root@zjq html]# ls
doudizhu zhualz
[root@zjq html]# httpd -t //检查语法
Syntax OK
[root@zjq html]# systemctl restart httpd.service //重启httpd
[root@zjq html]# ss -antl //查看端口是否存在
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:81 *:*
LISTEN 0 128 [::]:22 [::]:*
- 相同IP不同端口
[root@zjq ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf
[root@zjq ~]# tail -15 /etc/httpd/conf.d/httpd-vhosts.conf
#
<VirtualHost *:80>DocumentRoot "/var/www/html/zhualz"ServerName www.zhualz.comErrorLog "/var/log/httpd/www.zhualz.com-error_log"CustomLog "/var/log/httpd/zhualz.com-access_log" common
</VirtualHost>Listen 81
<VirtualHost *:81>DocumentRoot "/var/www/html/doudizhu"ServerName www.doudizhu.comErrorLog "/var/log/httpd/doudizhu.com-error_log"CustomLog "/var/log/httpd/doudizhu.com-access_log" common
</VirtualHost>
测试访问
- 不同IP相同端口
//临时添加一张网卡
[root@zjq ~]# ip addr add 192.168.159.160/24 dev ens33
[root@zjq ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:0c:29:79:5f:8d brd ff:ff:ff:ff:ff:ffinet 192.168.159.158/24 brd 192.168.159.255 scope global dynamic noprefixroute ens33valid_lft 938sec preferred_lft 938secinet 192.168.159.160/24 scope global secondary ens33valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe79:5f8d/64 scope link noprefixroute valid_lft forever preferred_lft forever//修改虚拟主机配置文件,修改不同ip同一端口
[root@zjq ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf
[root@zjq ~]# tail -14 /etc/httpd/conf.d/httpd-vhosts.conf
#
<VirtualHost 192.168.159.158:80>DocumentRoot "/var/www/html/zhualz"ServerName www.zhualz.comErrorLog "/var/log/httpd/www.zhualz.com-error_log"CustomLog "/var/log/httpd/zhualz.com-access_log" common
</VirtualHost><VirtualHost 192.168.159.160:80>DocumentRoot "/var/www/html/doudizhu"ServerName www.doudizhu.comErrorLog "/var/log/httpd/doudizhu.com-error_log"CustomLog "/var/log/httpd/doudizhu.com-access_log" common
</VirtualHost>
[root@zjq ~]# httpd -t
Syntax OK
[root@zjq ~]# systemctl restart httpd.service
测试访问
- 相同IP相同端口不同域名
[root@zjq ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf
[root@zjq ~]# tail -13 /etc/httpd/conf.d/httpd-vhosts.conf
<VirtualHost *:80>DocumentRoot "/var/www/html/zhualz"ServerName www.zhualz.comErrorLog "/var/log/httpd/www.zhualz.com-error_log"CustomLog "/var/log/httpd/zhualz.com-access_log" common
</VirtualHost><VirtualHost *:80>DocumentRoot "/var/www/html/doudizhu"ServerName www.doudizhu.comErrorLog "/var/log/httpd/doudizhu.com-error_log"CustomLog "/var/log/httpd/doudizhu.com-access_log" common
</VirtualHost>
[root@zjq ~]# httpd -t
Syntax OK
[root@zjq ~]# systemctl restart httpd
//在windows中C:\windows/system32/drivers/etc/hosts下做域名映射
//先把hosts文件拖到桌面修改在拖回去
测试访问
配置https
//下载mod_ssl模块
[root@zjq ~]# yum -y install mod_ssl
[root@zjq ~]# systemctl restart httpd
[root@zjq ~]# httpd -t
Syntax OK
[root@zjq ~]# httpd -M | grep sslssl_module (shared)//查看端口是否生成
[root@zjq ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:443 *:* //进入/etc/pki创建CA目录,再进去CA
[root@zjq ~]# cd /etc/pki/
[root@zjq pki]# mkdir CA
[root@zjq pki]# ls
CA ca-trust java rpm-gpg rsyslog tls
[root@zjq pki]# cd CA/
[root@zjq CA]# //在CA目录下创建private私有目录
[root@zjq CA]# mkdir private
[root@zjq CA]# ls
private//生成密钥
[root@zjq CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
...........................+++++
..................................+++++
e is 65537 (0x010001)
[root@zjq CA]# //生成自签署证书
[root@zjq CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:nh
Organizational Unit Name (eg, section) []:ss
Common Name (eg, your name or your server's hostname) []:www.zhualz.com
Email Address []:1@2.com
[root@zjq CA]#
[root@zjq CA]# mkdir certs newcerts crl //创建3个目录
[root@zjq CA]# touch index.txt && echo 01 > serial //创建文件//生成密钥
[root@zjq CA]# cd /etc/httpd && mkdir ssl && cd ssl
[root@zjq ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
............................+++++
................+++++
e is 65537 (0x010001)
[root@zjq ssl]# //生成证书签署请求,选项和之前设置的一样
[root@zjq ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
............................+++++
................+++++
e is 65537 (0x010001)
[root@zjq ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:nh
Organizational Unit Name (eg, section) []:ss
Common Name (eg, your name or your server's hostname) []:www.zhualz.com
Email Address []:1@2.comPlease enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@zjq ssl]# //CA签署提交上来的证书,选项全选择y
[root@zjq ssl]# openssl ca -in /etc/httpd/ssl/httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:Serial Number: 1 (0x1)ValidityNot Before: Jul 22 07:53:25 2022 GMTNot After : Jul 22 07:53:25 2023 GMTSubject:countryName = cnstateOrProvinceName = hborganizationName = nhorganizationalUnitName = sscommonName = www.zhualz.comemailAddress = 1@2.comX509v3 extensions:X509v3 Basic Constraints: CA:FALSENetscape Comment: OpenSSL Generated CertificateX509v3 Subject Key Identifier: 22:B9:7F:67:50:A9:78:BE:E2:02:D5:C6:64:51:80:FA:9A:D2:E7:87X509v3 Authority Key Identifier: keyid:C6:8B:86:C2:CF:E1:0A:66:C6:C4:23:58:84:4B:AB:1E:B4:46:1F:AECertificate is to be certified until Jul 22 07:53:25 2023 GMT (365 days)
Sign the certificate? [y/n]:y1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@zjq ssl]# //修改ssl配置文件
<VirtualHost _default_:443># General setup for the virtual host, inherited from global configuration
DocumentRoot "/var/www/html/zhualz" //取消注释修改路径
ServerName www.zhualz.com:443 //取消注释修改域名地址SSLCertificateFile /etc/httpd/ssl/httpd.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
# ECC keys, when in use, can also be configured in parallel
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
[root@zjq conf.d]# httpd -t
Syntax OK
[root@zjq conf.d]# systemctl restart httpd
登录测试
配置虚拟主机和https相关推荐
- httpd-2.4.9.tar.bz2的编译安装配置以及CGI、虚拟主机、https、mod_deflate、mod_status的实现。...
Apache-2.4.9增加了一些新特新,编译安装Apache之前先要准备好安装环境即各种开发包组的安装这里我们就不一一介绍, Apache-2.4会依赖更高版本的apr.apr-util ...
- windows下apache配置虚拟主机的两个方法
windows下apache配置虚拟主机方法一: 对httpd.conf进行设置: 1.注释以下三行 #ServerAdmin #ServerName #DocumentRoot 2.去掉mod_pr ...
- 解决Apache配置虚拟主机时出现403错误的问题
1.用文本编辑器打开Apache中的httpd.conf,搜索httpd-vhosts.conf,找到"#Include conf/extra/httpd-vhosts.conf" ...
- 宝塔服务器搞成虚拟主机,宝塔面板怎么配置虚拟主机
宝塔面板怎么配置虚拟主机?宝塔面板是不能配置虚拟主机的,宝塔面板是一款服务器运维管理面板,如果是云服务器的话可以借助宝塔来管理维护,而虚拟主机不能,其实也不需要. 虚拟主机是从服务器中划分出来,仅带有 ...
- Apache配置虚拟主机,全部指向一个目录
配置虚拟主机的时候,全部指向了一个目录,解决方法是在httpd.conf中添加: NameVirtualHost *:80 转载于:https://www.cnblogs.com/Skrillex/p ...
- javaweb学习总结十七(web应用组织结构、web.xml作用以及配置虚拟主机搭建网站)
一:web应用组织结构 1:web应用组成结构 2:安装web组成机构手动创建一个web应用程序目录 a:在webapps下创建目录web b:在web目录下创建html.jsp.css.js.WEB ...
- Apache 配置虚拟主机
因产品上线,并且我们只有一台服务器,所以不能在服务器上测试迭代,当然喽,如果有多台的话,可以一台当测试机 ,一台当正式机. 我在做的时候其实一开始并没有先想到 wamp 是IIS 在这折腾了3 个小 ...
- Nginx1.0.9配置虚拟主机
Nginx1.0.9配置虚拟主机<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office&quo ...
- phpweb2.0 开发实战 ----- 配置虚拟主机
配置虚拟主机 apache:同一个IP不同的主机 一.加载:LoadModule rewrite_module modules/mod_rewrite.so, 去掉前面的#号.启动重写模块 二.修改文 ...
最新文章
- 20160531-20160607springmvc入门
- Openstack组件实现原理 — Nova 体系结构
- SteamVR 工具包VRTK实例解析
- 逆向工程核心原理学习笔记(三):检索API方法
- webgis从基础到开发实践_开源WebGIS教程系列——11.1 GISLite 的开发背景与设计
- JS实现监控微信小程序
- 谷歌紧急修复已遭利用的新 0day
- cmd下dir后导入oracle数据库,Oracle在dos命令下导出导入
- SQL语句优化技术分析 整理他人的
- Win10,Office2016及以上图标异常解决方案
- 给大家推荐一款冰点文档下载器(免登陆,免积分)下载百度,豆丁,畅享网,mbalib,hp009,mab.book118文库文档
- git clone 的--single-branch和--depth参数
- 贝叶斯决策类条件概率密度估计:最大似然和贝叶斯参数估计
- python利用四个坐标点对图片目标区域最小外接矩形进行裁剪
- python爬虫 | 爬取巨潮资讯上的上市公司招股说明书
- GPRS远程开关 1 综述
- 【直播回顾】战码先锋首期8节直播完美落幕,下期敬请期待!
- AcWing120防线 经典题二分+前缀和+等差数列
- python:感知型对象和简单型对象
- 杰迅CMS全国分站系统