Apache虚拟主机:

一台WEB服务器发布单个网站会非常浪费资源,所以一台WEB服务器上会发布多个网站,

在一台服务器上发布多网站,也称之为部署多个虚拟主机,WEB虚拟主机配置方法有三种:

基于单IP多个Socket端口;

基于多IP地址一个端口;

基于单IP一个端口不同域名。

Apache WEB服务器安装:

1)安装apr:

[root@localhost src]# wget http://archive.apache.org/dist/apr/apr-1.5.2.tar.gz
[root@localhost src]# tar xf apr-1.5.2.tar.gz
[root@localhost src]# cd apr-1.5.2
[root@localhost apr-1.5.2]# ./configure --prefix=/usr/local/apr
[root@localhost apr-1.5.2]# make && make install

2)安装apr-util:

[root@localhost src]# wget http://archive.apache.org/dist/apr/apr-util-1.5.4.tar.gz
[root@localhost src]# tar xf apr-util-1.5.4.tar.gz 
[root@localhost src]# cd apr-util-1.5.4
[root@localhost apr-util-1.5.4]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
[root@localhost apr-util-1.5.4]# make && make install

3)编译httpd-2.4:

[root@localhost src]# yum -y install pcre-devel openssl-devel libevent-devel
[root@localhost src]# wget http://archive.apache.org/dist/httpd/httpd-2.4.10.tar.bz2
[root@localhost src]# tar xf httpd-2.4.10.tar.bz2
[root@localhost src]# cd httpd-2.4.10
[root@localhost httpd-2.4.10]# ./configure --prefix=/usr/local/apache --enable-so --enable-ssl --enable-rewrite --enable-defalte --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork --with-pcre --with-zlib --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/
[root@localhost httpd-2.4.10]# make && make install

4)启动httpd:

[root@localhost ~]# echo 'export PATH=/usr/local/apache/bin:$PATH' > /etc/profile.d/httpd.sh
[root@localhost ~]# source /etc/profile.d/httpd.sh

基于一个端口不同域名配置:

1)创建虚拟主机配置文件httpd-vhosts.conf,该文件默认已存在,只需去掉httpd.conf主配置文件中#号即可

[root@localhost ~]# vim /usr/local/apache/conf/httpd.conf

2)配置虚拟主机:

[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>						#监听所有网卡的80端口

    DocumentRoot "/usr/local/apache/htdocs/www1"		#虚拟主机发布目录

    ServerName www.a.com					#虚拟主机完整域名    ErrorLog "logs/www.a.com-error_log"			#错误日志路径

    CustomLog "logs/www.a.com-access_log" common		#访问日志路径

    <Location /server-status>				#提供状态信息,且仅允许tom用户访问

        SetHandler server-status

        AuthType basic

        AuthName "Fortom"

        AuthUserFile "/usr/local/apache/conf/.htpasswd"

        Require user tom

    </Location>

</VirtualHost>

<VirtualHost *:80>

    DocumentRoot "/usr/local/apache/htdocs/www2"

    ServerName www.b.com

    ErrorLog "logs/www.b.com-error_log"

    CustomLog "logs/www.b.com-access_log" combined

    <Directory "/usr/local/apache/htdocs/www2">		#设置www2目录权限,不允许192.168.2.0网段任意主机访问

        Options None

        AllowOverride None

        Order deny,allow

        Deny from 192.168.2.0/24

    </Directory>

</VirtualHost>

3)创建虚拟主机发布目录:

[root@localhost ~]# mkdir -p /usr/local/apache/htdocs/{www1,www2}
[root@localhost ~]# echo
'<h1>www.a.com Pages</h1>' >
/usr/local/apache/htdocs/www1/index.html
[root@localhost ~]# echo
'<h1>www.b.com Pages</h1>' >
/usr/local/apache/htdocs/www2/index.html

4)创建tom用户:
[root@localhost
~]# htpasswd -cm /usr/local/apache/conf/.htpasswd tom
[root@localhost ~]#
apachectl restart

5)测试虚拟主机:

修改客户端hosts文件,域名能够解析到服务器ip

6)测试server-status:

7)测试www2访问权限:

https加密配置:

建立私有CA:

生成私钥:

[root@localhost CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048)
#生成自签证书:

[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:ym
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:www.a.com
Email Address []:admin@a.com
#提供辅助文件:
[root@localhost CA]# touch index.txt
[root@localhost CA]# echo 01 >serial
#生成私钥:
[root@localhost CA]# mkdir /usr/local/apache/ssl
[root@localhost CA]# cd /usr/local/apache/ssl
[root@localhost ssl]# (umask 077; openssl genrsa -out httpd.key 1024)
#生成证书请求:

[root@localhost ssl]# openssl req -new -key httpd.key -out httpd.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:ym
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:www.a.com
Email Address []:admin@a.com
#CA签发证书:
[root@localhost ssl]# ls
httpd.csr  httpd.key
[root@localhost ssl]# openssl ca -in httpd.csr -out httpd.crt
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Nov  3 12:05:53 2017 GMT
            Not After : Nov  3 12:05:53 2018 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = bj
            organizationName          = ym
            organizationalUnitName    = Ops
            commonName                = www.a.com
            emailAddress              = admin@a.com
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                47:68:63:A8:C4:51:9E:E5:33:7A:CD:AF:72:8E:F9:C0:A1:01:92:D2
            X509v3 Authority Key Identifier: 
                keyid:76:96:79:13:59:48:85:EC:D6:FE:4D:C5:2D:29:24:E3:A9:24:6C:3D

修改配置文件,启用SSL模块:

[root@localhost ssl]# vim /usr/local/apache/conf/httpd.conf

LoadModule ssl_module modules/mod_ssl.so

Include conf/extra/httpd-ssl.conf

SSL配置:

[root@localhost ssl]# vim /usr/local/apache/conf/extra/httpd-ssl.conf 
Listen 443
<VirtualHost _default_:443>
    DocumentRoot "/usr/local/apache/htdocs/www1"
    ServerName www.a.com:443
    SSLCertificateFile /usr/local/apache/ssl/httpd.crt
    SSLCertificateKeyFile /usr/local/apache/ssl/httpd.key
    <Directory "/usr/local/apache/htdocs/www1">
        SSLOptions +StdEnvVars
        AllowOverride None
        Require all granted
    </Directory>
</VirtualHost>

https访问:

centos7-httpd虚拟主机的更多相关文章

  1. CentOS7配置httpd虚拟主机

    本实验旨在CentOS7系统中,httpd-2.4配置两台虚拟主机,主要有以下要求: (1) 提供两个基于名称的虚拟主机: www1.stuX.com,页面文件目录为/web/vhosts/www1: ...

  2. httpd 虚拟主机建立之访问机制及其日志定义

    注:关闭防火墙,selinux VirtualHost定义: 基于IP地址VirtualHost: 编辑httpd.conf文件: #DocumentRoot "/web/html" ...

  3. httpd虚拟主机、站点访问控制、基于用户的访问控制、持久链接等应用配置实例

    httpd配置内容 httpd2.2 配置文件: /etc/httpd/conf/httpd.conf /etc/httpd/conf.d/*.conf 服务脚本: /etc/rc.d/init.d/ ...

  4. 配置httpd虚拟主机

    轻松配置httpd的虚拟主机 httpd使用VirtualHost指令进行虚拟主机的定义.支持三种虚拟主机:基于ip,基于端口和基于名称.其中基于端口的虚拟主机在httpd的术语上(例如官方手册)也属 ...

  5. 简述站点访问控制、基于用户的访问控制、httpd虚拟主机、持久链接等应用配置实例

    1 站点访问控制 可基于两种机制指明对哪些资源进行何种访问控制: 文件系统路径 URL路径 注意: 从上到下匹配,匹配到一个就立即执行 如果没有子目录的访问控制,但是有父目录的访问控制,则子目录继承父 ...

  6. httpd虚拟主机起不来!!

    前几天在公司,练习负载均衡配置.在配置虚拟主机的web服务(apache) ,创建好虚拟主机的配置文件 ss -tnl  查看监控端口80已起来,通过本地浏览器访问一直显示默认的欢迎页... 一个下午 ...

  7. Centos7 nginx 虚拟主机、反向代理服务器及负载均衡,多台主机分离php-fpm实验,之强化篇,部署zabbix为例

    一.简介 1.由于zabbix是php得,所有lnmp环境这里测试用的上一个实验环境,请查看https://www.cnblogs.com/zhangxingeng/p/10330735.html : ...

  8. http 高级配置 虚拟主机,https 编译安装

    目录 http 高级配置 虚拟主机,https 编译安装 http 重定向 https HSTS HSTS preload list http 自带的工具程序 httpd的压力测试工具 实现状态页 反 ...

  9. Apache虚拟主机&伪静态配置

    Apache基本操作 安装:yum install httpd 启动:systemctl start httpd 查看进程:ps -ef | grep httpd 查看端口:sudo netstat ...

  10. tomcat部署虚拟主机-搭建两个应用以及httpd和Nginx的反向代理

    实验环境:CentOS7 前提:已经安装好tomcat,未安装请查看http://www.cnblogs.com/wzhuo/p/7111135.html: 目的:基于主机名访问两个应用: [root ...

随机推荐

  1. window.onerror 捕捉所有的前端error

    //[捕捉所有前端error] window.onerror = function (errormessage, url, line, column, error) { console.log(&qu ...

  2. 计蒜课/ 微软大楼设计方案/中等(xjb)

    题目链接:https://nanti.jisuanke.com/t/15772 题意:中文题诶- 思路:对于坐标为p1(x1, y1), p2(x2, y2) 的两个核心, 其中 x1 <= x ...

  3. 51nod1102(单调栈/预处理)

    题目链接:https://www.51nod.com/onlineJudge/questionCode.html#!problemId=1102 题意:中文题诶- 思路:单调栈/预处理 (这篇博客就不 ...

  4. IT兄弟连 JavaWeb教程 过滤器与监听器经典面试题

    1.谈谈你对Servlet过滤器的理解 过滤器是Servlet2.3规范中定义的一种小型的.可插入的Web组件.用来拦截Servlet容器的请求和响应过程,以便查看.提取客户端和服务器之间正在交换的数 ...

  5. jQuery EasyUI/TopJUI创建日期时间输入框

    jQuery EasyUI/TopJUI创建日期时间输入框 日期时间输入框组件 HTML 和日期输入框类似,日期时间输入框允许用户选择日期和指定的时间并按照指定的输出格式显示.相比日期输入框,它在下拉 ...

  6. discuz 3.x ssrf分析

    discuz 3.x版本ssrf漏洞分析 漏洞促发点\souce\module\forum\forum_ajax.php 最后看到了这里 ***$_GET['action']='downremotei ...

  7. [软件工程基础]2017.11.05 第九次 Scrum 会议

    具体事项 项目交接燃尽图 每人工作内容 成员 已完成的工作 计划完成的工作 工作中遇到的困难 游心 #10 搭建可用的开发测试环境:#9 阅读分析 PhyLab 后端代码与文档:#8 掌握 Larav ...

  8. TYVJ P2032 「Poetize9」升降梯上 spfa最短路

    %%%暴搜出奇迹%%%@SiriusRen 其实我刚开始题读错了,才导致我写图论... spfa跑最短路,开一个node记录状态(pair当然滋磁):所在楼层和槽的位置 以层数为1,槽在0的位置 为初 ...

  9. yii2.0下,JqPaginator与load实现无刷新翻页

    JqPaginator下载地址http://jqpaginator.keenwon.com/ 控制器部分: <?php namespace backend\controllers; use co ...

  10. Ubuntu里let's encrypt通配符证书的自动续期更新

    环境与需求: Ubuntu云服务器上,已经做好了ssl证书的免费申请,但是证书的期限是3个月,3个月到期后必须重新申请或者更新.由于k8s集群里的服务一直在使用证书,每三个月人工更新太麻烦,所以想要配 ...