Httpd implements the simple function of http 04/08 Update SLTechnology News&Howtos

Httpd implements the simple function of http

2025-04-08 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/02 Report--

Httpd implements user access control:

(1) define a security domain

Control based on a single user: Options None AllowOverride None AuthType Basic AuthName "String" AuthUserFile "/ etc/httpd/conf/.httpdpasswd" AuthGroupFile "/ etc/httpd/conf/.grp" Require ip 172.20 Require user ops1

Control based on user groups:

Options NoneAllowOverride NoneAuthType BasicAuthName "String" AuthUserFile "/ etc/httpd/conf/.httpdpasswd" AuthGroupFile "/ etc/httpd/conf/.grp" Require ip 172.20 Require group ops

(2) provide account number and password storage (text file)

Use special commands to complete the creation and user management of such files.

Htpasswd [options] / PATH/TO/HTTPD_PASSWD_FILE username-c: automatically creates the file specified here, so it should be used only if this file does not exist -m:md5 format encryption-s: sha format encryption-D: delete specified user-b: batch mode add user [root@localhost conf] # htpasswd-bc / etc/httpd/conf/.httppasswd ops1 123456Adding password for user ops1 [root@localhost conf] # vim / etc/httpd/conf/.grpops:ops1 ops2

(3) restart the test:

[root@localhost conf.d] # systemctl restart httpd

two。 Configuration of virtual host

(1) Virtual host based on IP address

[root@localhost /] # mkdir / data/html/ {a B}-pvmkdir: created directory'/ data/html'mkdir: created directory'/ data/html/a'mkdir: created directory'/ data/html/b' [root@localhost /] # vim / data/html/a/index.htmlhello a [root@localhost /] # vim / data/html/b/index.htmlhello b [root@localhost conf.d] # vim vhost_ip.conf ServerName www.a.com DocumentRoot "/ data/html/a/" Options None AllowOverride None Require all granted ServerName www.b.com DocumentRoot "/ data/html/b/" Options None AllowOverride None Require all granted

(2) Port-based virtual host:

[root@localhost conf.d] # vim vhost_ip.conf Listen 8080 ServerName www.a.com DocumentRoot "/ data/html/a/" Options None AllowOverride None Require all granted ServerName www.b.com DocumentRoot "/ data/html/b/" Options None AllowOverride None Require all granted

(3) Virtual host based on FQDN:

[root@localhost conf.d] # vim vhost_ip.conf ServerName www.a.com DocumentRoot "/ data/html/a/" Options None AllowOverride None Require all granted ServerName www.b.com DocumentRoot "/ data/html/b/" Options None AllowOverride None Require all granted

Note: in the case of httpd-2.2, when using a FQDN-based virtual host, you need to use the following instructions in advance: NameVirtualHost IP:PORT

3. Implement https

[root@localhost conf.d] # yum install-y mod_ssl

(1) build a private CA:

Generate a private key; ~] # (umask 077; openssl genrsa-out / etc/pki/CA/private/cakey.pem 4096) generate a self-signed certificate; ~] # openssl req-new-x509-key / etc/pki/CA/private/cakey.pem-out / etc/pki/CA/cacert.pem-days 3655-new: generate a new certificate signing request;-x509: generate a self-signed certificate dedicated to creating a private CA;-key: the private file path used to generate the request -out: the generated request file path; if the self-signed operation will directly generate the signed certificate;-days: the validity period of the certificate, in day;, the directories and files required for CA; ~] # mkdir-pv / etc/pki/CA/ {certs,crl,newcerts} ~] # touch / etc/pki/CA/ {serial,index.txt} ~] # echo 01 > / etc/pki/CA/serial

(2) the server that uses the certificate for secure communication needs to request the CA to sign the certificate.

The host that uses the certificate generates the private key; ~] # mkdir / etc/httpd/ssl~] # cd / etc/httpd/ssl~] # (umask 077; openssl genrsa-out / etc/httpd/ssl/httpd.key 2048) generates the certificate signing request ~] # openssl req-new-key / etc/httpd/ssl/httpd.key-out / etc/httpd/ssl/httpd.csr-days 365 sign the certificate on the CA host ~] # openssl ca-in / etc/httpd/ssl/httpd.csr-out / etc/pki/CA/certs/httpd.crt-days 365 [root@localhost /] # vim / etc/httpd/conf.d/ssl.conf DocumentRoot "/ data/html/b/" ServerName www.b.com:443SSLCertificateFile / etc/httpd/ssl/httpd.csrSSLCertificateKeyFile / etc/httpd/ssl/httpd.key Options None AllowOverride None Require all granted

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.