标签:httpd x86 虚拟主机 10 配置 64 https root localhost
三种虚拟主机的配置&&https配置
配置之前的操作
1、先安装apache
2、
[root@localhost ~]# vim /etc/httpd24/httpd.conf
ServerName www.example.com:80
(找到这一行将前面的#删除)
[root@localhost ~]# vim /etc/profile.d/httpd.sh
[root@localhost ~]# source /etc/profile.d/httpd.sh
[root@localhost ~]# cat /etc/profile.d/httpd.sh
export PATH=/usr/local/apache/bin:$PATH
[root@localhost ~]# apachectl restart
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
httpd not running, trying to start
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.147.10
NETMASK=255.255.255.0
GATEWAY=192.168.147.2
DNS1=114.114.114.114
IPADDR1=192.168.147.20
NETMSAK=255.255.255.0
添加一个IP=192.168.147.20
[root@localhost ~]# systemctl restart NetworkManager
[root@localhost network-scripts]# ifdown ens33;ifup ens33
相同ip不同端口
[root@localhost ~]# vim /etc/httpd24/httpd.conf
# Virtual hosts
Include /etc/httpd24/extra/httpd-vhosts.conf
(将这一行前面的#删除)
[root@localhost httpd24]# ls //可以发现有了httpd.conf这个文件
extra httpd.conf magic mime.types original
[root@localhost httpd24]# ls extra/
httpd-autoindex.conf httpd-languages.conf httpd-ssl.conf
httpd-dav.conf httpd-manual.conf httpd-userdir.conf
httpd-default.conf httpd-mpm.conf httpd-vhosts.conf
httpd-info.conf httpd-multilang-errordoc.conf proxy-html.conf
[root@localhost ~]# cd /usr/local/apache/htdocs/
[root@localhost htdocs]# ls
index.html
[root@localhost htdocs]# rm -rf index.html
[root@localhost htdocs]# ls
[root@localhost htdocs]# mkdir yh1 yh2 //创建两个文件夹
[root@localhost htdocs]# ls
yh1 yh2
[root@localhost htdocs]# ls //在源码之家下载两个源码,并安装到htdocs这个文件夹里。(下载解压到本地,然后拖到这个文件夹里就可以了)
CSS3卡通猫咪动画代码 HTML5圣诞老人过悬崖小游戏 yh1 yh2
[root@localhost htdocs]# cd CSS3卡通猫咪动画代码/
[root@localhost CSS3卡通猫咪动画代码]# mv * ../yh1 //将这个源码移动到yh1里
[root@localhost CSS3卡通猫咪动画代码]# cd ..
[root@localhost htdocs]# cd yh1
[root@localhost yh1]# ls
css index.html
[root@localhost yh1]# cd ..
[root@localhost htdocs]# ls
CSS3卡通猫咪动画代码 HTML5圣诞老人过悬崖小游戏 yh1 yh2
[root@localhost htdocs]# cd HTML5圣诞老人过悬崖小游戏/
[root@localhost HTML5圣诞老人过悬崖小游戏]# mv * ../yh2 //将这个源码移动到yh2里
[root@localhost HTML5圣诞老人过悬崖小游戏]# cd ..
[root@localhost htdocs]# cd yh2
[root@localhost yh2]# ls
css index.html js
[root@localhost ~]# systemctl stop firewalld //关闭防火墙
访问外网
[root@localhost ~]# cd /etc/httpd24/
[root@localhost httpd24]# vim httpd.conf
修改配置文件
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/yh1"
ServerName yh1.example.com
ErrorLog "logs/yh1.example.com-error_log"
CustomLog "logs/yh1.example.com-access_log" common
</VirtualHost>
加一个端口并监听它
listen 81
<VirtualHost *:81>
DocumentRoot "/usr/local/apache/htdocs/yh2"
ServerName yh2.example.com
ErrorLog "logs/yh2.example.com-error_log"
CustomLog "logs/yh2.example.com-access_log" common
</VirtualHos>
[root@localhost httpd24]# apachectl restart //重启服务
[root@localhost httpd24]# ss -antl //查看端口是否启动
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:81 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
查看效果
搜索192.168.147.10(默认端口号为80)
搜索192.168.147.10:81(端口80)
不同IP相同端口
修改配置文件
[root@localhost httpd24]# vim extra/httpd-vhosts.conf
<VirtualHost 192.168.147.10:80>
DocumentRoot "/usr/local/apache/htdocs/yh1"
ServerName yh1.example.com
ErrorLog "logs/yh1.example.com-error_log"
CustomLog "logs/yh1.example.com-access_log" common
</VirtualHost>
//这里的IP是上文在ens33网卡里创建的一个文件
<VirtualHost 192.168.147.20:80>
DocumentRoot "/usr/local/apache/htdocs/yh2"
ServerName yh2.example.com
ErrorLog "logs/yh2.example.com-error_log"
CustomLog "logs/yh2.example.com-access_log" common
</VirtualHost>
查看效果
相同IP相同端口不同域名
修改配置文件
[root@localhost httpd24]# vim extra/httpd-vhosts.conf
<VirtualHost *:80> //去掉ip
DocumentRoot "/usr/local/apache/htdocs/yh1"
ServerName yh1.example.com
ErrorLog "logs/yh1.example.com-error_log"
CustomLog "logs/yh1.example.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/yh2"
ServerName yh2.example.com
ErrorLog "logs/yh2.example.com-error_log"
CustomLog "logs/yh2.example.com-access_log" common
</VirtualHost>
找到c:\windows\system32\drivers\etc\hosts
拖到桌面上以管理员身份(会提示是否以管理员身份运行点击是)用写字板打开这个文件
写入:
192.168.147.10 yh1.example.com yh2.example.com
写完保存后拖回c:\windows\system32\drivers\etc\hosts目录
查看效果
三种虚拟主机的配置已完毕
https配置
生成证书
[root@localhost ~]# cd /etc/httpd24/
[root@localhost httpd24]# ls
extra httpd.conf magic mime.types original
[root@localhost httpd24]# ls extra/
httpd-autoindex.conf httpd-languages.conf httpd-ssl.conf
httpd-dav.conf httpd-manual.conf httpd-userdir.conf
httpd-default.conf httpd-mpm.conf httpd-vhosts.conf
httpd-info.conf httpd-multilang-errordoc.conf proxy-html.conf
[root@localhost httpd24]# rpm -qa|grep mod_ssl //没有过滤到mod_ssl,所以安装一个
[root@localhost httpd24]# dnf -y install mod_ssl
上次元数据过期检查:6:20:16 前,执行于 2021年04月27日 星期二 15时58分05秒。
依赖关系解决。
======================================================================================
软件包 架构 版本 仓库 大小
======================================================================================
安装:
mod_ssl x86_64 1:2.4.37-30.module_el8.3.0+462+ba287492.0.1 appstream 133 k
安装依赖关系:
apr x86_64 1.6.3-11.el8 appstream 125 k
apr-util x86_64 1.6.1-6.el8 appstream 105 k
centos-logos-httpd
noarch 82.0-2.el8 appstream 78 k
httpd x86_64 2.4.37-30.module_el8.3.0+462+ba287492.0.1 appstream 1.7 M
httpd-filesystem noarch 2.4.37-30.module_el8.3.0+462+ba287492.0.1 appstream 37 k
httpd-tools x86_64 2.4.37-30.module_el8.3.0+462+ba287492.0.1 appstream 104 k
mod_http2 x86_64 1.15.7-2.module_el8.3.0+477+498bb568 appstream 154 k
安装弱的依赖:
apr-util-bdb x86_64 1.6.1-6.el8 appstream 25 k
apr-util-openssl x86_64 1.6.1-6.el8 appstream 27 k
启用模块流:
httpd 2.4
事务概要
======================================================================================
安装 10 软件包
总下载:2.4 M
安装大小:6.3 M
下载软件包:
(1/10): apr-util-bdb-1.6.1-6.el8.x86_64.rpm 212 kB/s | 25 kB 00:00
(2/10): apr-util-1.6.1-6.el8.x86_64.rpm 901 kB/s | 105 kB 00:00
(3/10): apr-1.6.3-11.el8.x86_64.rpm 1.0 MB/s | 125 kB 00:00
(4/10): apr-util-openssl-1.6.1-6.el8.x86_64.rpm 1.2 MB/s | 27 kB 00:00
(5/10): centos-logos-httpd-82.0-2.el8.noarch.rpm 1.2 MB/s | 78 kB 00:00
(6/10): httpd-filesystem-2.4.37-30.module_el8.3.0+462 618 kB/s | 37 kB 00:00
(7/10): httpd-2.4.37-30.module_el8.3.0+462+ba287492.0 14 MB/s | 1.7 MB 00:00
(8/10): httpd-tools-2.4.37-30.module_el8.3.0+462+ba28 1.7 MB/s | 104 kB 00:00
(9/10): mod_http2-1.15.7-2.module_el8.3.0+477+498bb56 3.7 MB/s | 154 kB 00:00
(10/10): mod_ssl-2.4.37-30.module_el8.3.0+462+ba28749 8.2 MB/s | 133 kB 00:00
--------------------------------------------------------------------------------------
总计 2.2 MB/s | 2.4 MB 00:01
运行事务检查
事务检查成功。
运行事务测试
事务测试成功。
运行事务
准备中 : 1/1
安装 : apr-1.6.3-11.el8.x86_64 1/10
运行脚本: apr-1.6.3-11.el8.x86_64 1/10
安装 : apr-util-bdb-1.6.1-6.el8.x86_64 2/10
安装 : apr-util-openssl-1.6.1-6.el8.x86_64 3/10
安装 : apr-util-1.6.1-6.el8.x86_64 4/10
运行脚本: apr-util-1.6.1-6.el8.x86_64 4/10
运行脚本: httpd-filesystem-2.4.37-30.module_el8.3.0+462+ba287492.0.1.noarch 5/10
安装 : httpd-filesystem-2.4.37-30.module_el8.3.0+462+ba287492.0.1.noarch 5/10
安装 : httpd-tools-2.4.37-30.module_el8.3.0+462+ba287492.0.1.x86_64 6/10
安装 : centos-logos-httpd-82.0-2.el8.noarch 7/10
安装 : mod_http2-1.15.7-2.module_el8.3.0+477+498bb568.x86_64 8/10
安装 : httpd-2.4.37-30.module_el8.3.0+462+ba287492.0.1.x86_64 9/10
运行脚本: httpd-2.4.37-30.module_el8.3.0+462+ba287492.0.1.x86_64 9/10
安装 : mod_ssl-1:2.4.37-30.module_el8.3.0+462+ba287492.0.1.x86_64 10/10
运行脚本: httpd-2.4.37-30.module_el8.3.0+462+ba287492.0.1.x86_64 10/10
运行脚本: mod_ssl-1:2.4.37-30.module_el8.3.0+462+ba287492.0.1.x86_64 10/10
验证 : apr-1.6.3-11.el8.x86_64 1/10
验证 : apr-util-1.6.1-6.el8.x86_64 2/10
验证 : apr-util-bdb-1.6.1-6.el8.x86_64 3/10
验证 : apr-util-openssl-1.6.1-6.el8.x86_64 4/10
验证 : centos-logos-httpd-82.0-2.el8.noarch 5/10
验证 : httpd-2.4.37-30.module_el8.3.0+462+ba287492.0.1.x86_64 6/10
验证 : httpd-filesystem-2.4.37-30.module_el8.3.0+462+ba287492.0.1.noarch 7/10
验证 : httpd-tools-2.4.37-30.module_el8.3.0+462+ba287492.0.1.x86_64 8/10
验证 : mod_http2-1.15.7-2.module_el8.3.0+477+498bb568.x86_64 9/10
验证 : mod_ssl-1:2.4.37-30.module_el8.3.0+462+ba287492.0.1.x86_64 10/10
Installed products updated.
已安装:
apr-1.6.3-11.el8.x86_64
apr-util-1.6.1-6.el8.x86_64
apr-util-bdb-1.6.1-6.el8.x86_64
apr-util-openssl-1.6.1-6.el8.x86_64
centos-logos-httpd-82.0-2.el8.noarch
httpd-2.4.37-30.module_el8.3.0+462+ba287492.0.1.x86_64
httpd-filesystem-2.4.37-30.module_el8.3.0+462+ba287492.0.1.noarch
httpd-tools-2.4.37-30.module_el8.3.0+462+ba287492.0.1.x86_64
mod_http2-1.15.7-2.module_el8.3.0+477+498bb568.x86_64
mod_ssl-1:2.4.37-30.module_el8.3.0+462+ba287492.0.1.x86_64
完毕!
修改配置文件
[root@localhost extra]# vim httpd-ssl.conf
# General setup for the virtual host
DocumentRoot "/usr/local/apache/htdocs/yh1"
ServerName www.example.com:443
ErrorLog "/usr/local/apache/logs/yh1_error_log"
TransferLog "/usr/local/apache/logs/yh1_access_log"
SSLCertificateFile "/etc/httpd24/httpd.crt"
#SSLCertificateFile "/etc/httpd24/server-dsa.crt"
#SSLCertificateFile "/etc/httpd24/server-ecc.crt"
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
# ECC keys, when in use, can also be configured in parallel
SSLCertificateKeyFile "/etc/httpd24/httpd.key"
#SSLCertificateKeyFile "/etc/httpd24/server-dsa.key"
#SSLCertificateKeyFile "/etc/httpd24/server-ecc.key"
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
[root@localhost extra]# vim ../httpd.conf
把下列两行的注释取消掉
LoadModule ssl_module modules/mod_ssl.so
Include /etc/httpd24/extra/httpd-ssl.conf
[root@localhost extra]# apachectl -t //检查是否有语法错误我
AH00526: Syntax error on line 92 of /etc/httpd24/extra/httpd-ssl.conf:
SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?). //表示第92行有问题
[root@localhost extra]# vim +92 /etc/httpd24/extra/httpd-ssl.conf //进去把92行和93行注释掉
[root@localhost extra]# apachectl -t
AH00526: Syntax error on line 143 of /etc/httpd24/extra/httpd-ssl.conf:
SSLCertificateFile: file '/etc/httpd24/httpd.crt' does not exist or is empty
//CA生成一对密钥
[root@localhost extra]# cd /etc/pki/CA
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
genrsa: Can't open "private/cakey.pem" for writing, No such file or directory
[root@localhost CA]# mkdir private
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
......+++++
.....................................+++++
e is 65537 (0x010001)
CA生成自签署证书
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:jxrt
Organizational Unit Name (eg, section) []:jxrt
Common Name (eg, your name or your server's hostname) []:yh1.example.com
Email Address []:122@qq.com
[root@localhost CA]# mkdir certs newcerts crl
[root@localhost CA]# touch index.txt && echo 01 > serial
[root@localhost CA]# ls
cacert.pem certs crl index.txt newcerts private serial
//在一个空目录opt下面生成密钥
[root@localhost ~]# cd /opt/
[root@localhost opt]# ls
[root@localhost opt]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
................................................+++++
............+++++
e is 65537 (0x010001)
//客户端生成证书签署请求,内容要与上面的一致
[root@localhost opt]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:jxrt
Organizational Unit Name (eg, section) []:jxrt
Common Name (eg, your name or your server's hostname) []:yh1.example.com
Email Address []:122@qq.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@localhost opt]#
//CA签署客户端提交上来的证书
[root@localhost opt]# openssl ca -in httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Apr 27 14:46:44 2021 GMT
Not After : Apr 27 14:46:44 2022 GMT
Subject:
countryName = CN
stateOrProvinceName = HB
organizationName = jxrt
organizationalUnitName = jxrt
commonName = yh1.example.com
emailAddress = 122@qq.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
4D:30:60:81:E2:EF:AA:4E:21:4D:43:A5:8C:B2:69:35:C1:D7:F6:F0
X509v3 Authority Key Identifier:
keyid:71:E1:F4:32:4A:C9:ED:68:CE:6C:CB:99:30:59:26:38:49:04:6D:FD
Certificate is to be certified until Apr 27 14:46:44 2022 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@localhost opt]# ls
httpd.crt httpd.csr httpd.key
[root@localhost opt]# mv httpd.crt httpd.key /etc/httpd24/
[root@localhost opt]# cd
[root@localhost ~]# cd /etc/httpd24/
[root@localhost httpd24]# ls
extra httpd.conf httpd.crt httpd.key magic mime.types original
[root@localhost httpd24]# apachectl restart
[root@localhost httpd24]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
LISTEN 0 128 *:443 *:*
查看效果
证书配置完成
标签:httpd,x86,虚拟主机,10,配置,64,https,root,localhost 来源: https://blog.csdn.net/itxiaoyu_lang/article/details/116203896
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。