Shulou(Shulou.com)06/02 Report--

Preparation work: install httpd in Centos7, use yum installation or self-compiled installation, it is recommended to use yum installation, fast and convenient.

Turn off the firewall and selinux.

Provides two name-based virtual hosts www1. Www2; has separate error log and access log.

First set up the virtual host www1

a. Create a configuration file that belongs to the virtual host in the secondary profile directory / etc/httpd/conf.d/ of httpd

~] # vim / etc/httpd/conf.d/vhosts-www1.conf DocumentRoot "/ myweb/vhosts/www1" ServerName www.link1.com ErrorLog "/ myweb/vhosts/www1/logs/error_log" CustomLog "/ myweb/vhosts/www1/logs/access_log" combined AllowOverride None Options None Require all granted

b. After creating the configuration file, create the document root directory and log directory

~] # mkdir / myweb/vhosts/www1/logs-pv

c. Create and write something to index.html in the document root directory, and add 192.168.127.128 www.link1.com to the HOST file in the local C:\ Windows\ System32\ drivers\ etc directory.

Reload the configuration file

Systemctl reload httpd.service

Then open it with a local browser, and the results are as follows:

Check the access log / myweb/vhosts/www1/logs/access_log, which is as follows:

192.168.127.1-[29/Aug/2017:15:40:00 + 0800] "GET / sky/ HTTP/1.1" 1319 "-" Mozilla/5.0 (Windows NT 10.0; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0 "

The status code is 200 and the request is successful.

The establishment process of virtual host www2 is no different from that of www1, except that the relevant name is changed. Finally, the virtual host is tested with a browser. The results are as follows:

two。 access control

a. Status information is provided through / server-status of www1, and only link users are allowed to access

A Mui 1. The configuration file for modifying www1 is as follows:

DocumentRoot "/ myweb/vhosts/www1" ServerName www.link1.com ErrorLog "/ myweb/vhosts/www1/logs/error_log" CustomLog "/ myweb/vhosts/www1/logs/access_log" combined AllowOverride None Options None AuthType basic AuthName "Please input user and password to login,only link has permission to accessory!" AuthUserFile / etc/httpd/users/.htpasswd Require user link

A Murray 2. Create a virtual user using the htpasswd command

~] # mkdir / etc/httpd/users~] # htpasswd-c-m / etc/httpd/users/.htpasswd link~] # htpasswd-m / etc/httpd/users/.htpasswd link1

A Murray 3. Reload the configuration file and open the browser for input. The following occurs:

When entering the link user and password:

When entering the link1 user and password:

Because only link users are allowed to log in:

So far, it is required to be realized.

B.www2 does not allow access to any host in the 192.168.127.0ax 24 network.

From the previous view of the access log, you can see that the ip address of this host is 192.168.127.1.

Then let's modify the configuration file of www2 as follows:

DocumentRoot "/ myweb/vhosts/www2" ServerName www.link2.com ErrorLog "/ myweb/vhosts/www2/logs/error_log" CustomLog "/ myweb/vhosts/www2/logs/access_log" combined AllowOverride None Options None Require all granted Require not ip 192.168.127.0

Visit as follows before modification:

After modification, the visit is as follows:

At this point, the required function is realized.

3. Provide https services for the above www2 virtual hosts

Create a private CA, and then issue a self-signed certificate for this server.

a. Create a private CA

A Mui 1. Create a private CA private key file

~] # (umask 077; openssl genrsa-out / etc/pki/CA/private/cakey.pem 4096)

A Murray 2. Generate self-signed certificate

~] # openssl req-new-x509-key / etc/pki/CA/private/cakey.pem-out / etc/pki/CA/cacert.pem-days 3653

A Murray 3. Layout of directory-level files and text files necessary to meet CA

~] # touch / etc/pki/CA/index.txt~] # echo 01 > / etc/pki/CA/serial

b. Provide certificates for the server

BMY 1. Create a private key file for the server

~] # mkdir / etc/httpd/conf/ssl~] # cd / etc/httpd/conf/sslssl] # (umask 077; openssl genrsa-out httpd.key 4096)

BMY 2. Generate a certificate request file

Ssl] # openssl req-new-key httpd.key-out httpd.csr-days 3653

BMY 3. Certificate issued by CA: done on the server where CA is located

Ssl] # openssl ca-in httpd.csr-out httpd.crt-days 365

At this point, the certificate is issued.

c. Install the mod_ssl module

Yum-y install mod_ssl

Some of the contents of modifying the configuration file of ssl are as follows:

SSLCertificateFile / etc/httpd/conf/ssl/httpd.crt AllowOverride None Options None Require all grantedDocumentRoot "/ myweb/vhosts/ssl" ServerName www.link2.comSSLCertificateKeyFile / etc/httpd/conf/ssl/httpd.key

Then create the / myweb/vhosts/ssl directory

~] # mkdir / myweb/vhosts/ssl~] # echo "welcome to https://www.link2.com" > > / myweb/vhosts/ssl/index.html

Then restart the service.

Unencrypted access is as follows:

Https visits are as follows:

Because the certificate is issued by ourselves, at the beginning of the visit, we will say that the certificate is untrusted or risky, just add an exception.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.