Shulou(Shulou.com)06/02 Report--

Build a virtual host

Three types of virtual hosts are supported

The first domain name-based virtual host is commonly used by enterprises.

Virtual host based on IP address, two network cards are required on one physical host

Port-based virtual host

Domain name-based environment requirements for building a virtual host: a linux as a DNS and web server A WIN10 client is installed as a test in our Linux with two packages [root@localhost ~] # yum install bind httpd-y installed: bind.x86_64 32VV 9.11.4-9.P2.el7 httpd.x86_64 0RH 2.4.6-90.el7.centos installed as a dependency: apr.x86_64 0RV 1.4.8-5.el7 Apr-util.x86_64 0VOR 1.5.2-6.el7 bind-export-libs.x86_64 32VR 9.11.4-9.P2.el7 httpd-tools.x86_64 0RU 2.4.6-90.el7.centos Mailcap.noarch 0VOR 2.1.41-2.el7 is upgraded as a dependency: bind-libs.x86_64 32VR 9.11.4-9.P2.el7 bind-libs-lite.x86_64 32VR 9.11 .4-9.P2.el7 bind-license.noarch 32 9.P2.el7 dhclient.x86_64 9.11.4-9.P2.el7 bind-utils.x86_64 32 9.P2.el7 dhclient.x86_64 9.11.4-4.2.5-77 .el7.centos dhcp-common.x86_64 12 77.el7.centos 4.2.5-77.el7.centos dhcp-libs.x86_64 12 77.el7.centos configuration DNS main configuration file needs to be changed in two places [root@localhost ~] # vim / etc/named.conf options {listen-on port 53 {any }; / / listen to all addresses listen-on-v6 port 53 {:: 1;}; directory "/ var/named"; dump-file "/ var/named/data/cache_dump.db"; statistics-file "/ var/named/data/named_stats.txt"; memstatistics-file "/ var/named/data/named_mem_stats.txt" Recursing-file "/ var/named/data/named.recursing"; secroots-file "/ var/named/data/named.secroots"; allow-query {any;} / / allow all other hosts to parse the DNS zone configuration file We added two domain name zone configurations that need to be resolved to copy five lines [root@localhost ~] # vim / etc/named.rfc1912.zones zone "accp.com" IN {/ / the domain name type master; file "accp.com.zone" you need to resolve; / / the zone data configuration file allow-update {none }; zone "kgc" IN {type master; file "kgc.com.zone"; allow-update {none;};} Zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {configure DNS zone data configuration file [root@localhost ~] # cd / var/named/ [root@localhost named] # lsdata dynamic named.ca named.empty named.localhost named.loopback slaves [root @ localhost named] # cp-p named.localhost accp.com.zone / / copy the template to the datazone configuration file [root@localhost named] # vim accp.com.zone / / configure $TTL 1D @ IN SOA @ rname.invalid. (0; serial 1D; refresh 1H; retry 1W; expire 3H) Minimum NS @ A 127.0.0.1www IN A 192.168.136.136 / add the address for domain name resolution [root@localhost named] # cp-p accp.com.zone kgc.com.zone / / as long as you copy it, you don't need to come over. We enable the service [root@localhost named] # systemctl stop firewalld.service [root@localhost named] # setenforce 0 [root@localhost named] # systemctl start named to the win10 client to test whether the address can be resolved based on different domain name resolution.

Add the virtual host subconfiguration file, do not write in the main configuration file, the system load will be slow. [root@localhost named] # cd / etc/httpd/ [root@localhost httpd] # lsconf conf.d conf.modules.d logs modules run [root@localhost httpd] # cd conf [root@localhost conf] # lshttpd.conf magic [root@localhost conf] # mkdir extra / / create an extended folder with sub-configuration files in it It is convenient for us to manage [root@localhost conf] # lsextra httpd.conf magic [root@localhost conf] # cd extra/ configuration sub-configuration file [root@localhost extra] # vim vhost.conf / / label virtual host, * on behalf of all network DocumentRoot "/ var/www/html/accp/" / / specify site ServerName www.accp.com / / define domain name ErrorLog "logs/www.accp.com.error_log" / / URL must have log file Error log file Customlog "logs/www.accp.com.access_log" common / / access log file / / permissions are required for the site Make this page accessible to all networks Require all granted / / end tag DocumentRoot "/ var/www/html/kgc/" ServerName www.kgc.com ErrorLog "logs/www.kgc.com.error_log" Customlog "logs/www.kgc.com.access_log" common Require all granted ~ create two default pages under the site [root @ localhost httpd] # cd / var/www/html [root@localhost html] # mkdier accp kgc/ / create two site directories [root@localhost html] # mkdir accp kgc [root@localhost html] # lsaccp kgc [root@localhost html] # cd accp [root@localhost accp] # vim index.html / / Edit webpage writes H2 > this is accp web [root@localhost accp] # cd.. / kgc/ [root@localhost kgc] # vim index.htmlthis is kgc web in the main configuration file Call subprofile [root@localhost kgc] # cd / etc/httpd/ [root@localhost httpd] # cd conf [root@localhost conf] # lsextra httpd.conf magic [root@localhost conf] # vim httpd.conf#Load config files in the "/ etc/httpd/conf.d" directory in If any.IncludeOptional conf.d/*.confInclude conf/extra/vhost.conf / / call subprofile to enable web service And go to the win10 client to test whether you can get web pages based on different domain names.

In the port-based subprofile for virtual hosts, create a port-based virtual host [root@localhost conf] # cd extra/ [root@localhost extra] # vim vhost.conf 22 / / port plus 8080 23 DocumentRoot "/ var/www/html/kgc.port/" 24 ServerName www.kgc.port.com 25 ErrorLog "logs/www.kgc.port.com.error_log" 26 Customlog "logs/www.kgc.port.com.access_log "common 27 28 Require all granted 29 30 to the site directory Make a default web page for a port [root@localhost extra] # cd / var/www/html/ [root@localhost html] # lsaccp kgc [root@localhost html] # mkdir kgc.port [root@localhost html] # cd kgc.port/ [root@localhost kgc.port] # vim index.htmlthis is kgc.port web~, open and add a listening address [root@localhost kgc.port] # vim / etc/ in the main configuration file Httpd/conf/httpd.conf Listen 192.168.136.136:80Listen 192.168.136.136:8080#Listen 80 starts the service Check to see if the port is provided [root@localhost kgc.port] # systemctl restart httpd [root@localhost kgc.port] # netstat-ntapActive Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. Tcp 00 192.168.136.136 tcp 8080 0.0.0.0 LISTEN 59009/httpd tcp 00 192.168.136.136 LISTEN testing different access web pages based on port with client win10

Port 80 is still the original web page.

Add a network card to the virtual host based on IP

[root@localhost] # ifconfigens33: flags=4163 mtu 1500 inet 192.168.136.136 netmask 255.255.255.0 broadcast 192.168.136.255 inet6 fe80::e3c7:14af:6e4d:7216 prefixlen 64 scopeid 0x20 ether 00:0c:29:c9:dd:05 txqueuelen 1000 (Ethernet) RX packets 101 bytes 10639 (10.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 113 bytes 12291 (12.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0ens36: flags=4163 mtu 1500 inet 192.168.136.138 netmask 255.255.255.0 broadcast 192.168.136.255 inet6 fe80::658e:4c2d:2273:9cf5 prefixlen 64 scopeid 0x20 ether 00:0c:29:c9:dd:0f txqueuelen 1000 (Ethernet) RX packets 108 bytes 14566 (14.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 42 bytes 5695 (5695 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 start configuring [root@localhost ~] # cd / etc/httpd/conf/extra/ [root@localhost extra] # lsvhost.conf [root@localhost extra] # vim vhost.conf in the subconfiguration file

/ / "*" changed to the address of the second network card 2 DocumentRoot "/ var/www/html/accp/" 3 ErrorLog "logs/www.accp.com.error_log" 4 Customlog "logs/www.accp.com.access_log" common 5 6 Require all granted 7 8 9 10 11 / / changed to the address of the first network card 12 DocumentRoot "/ var/www/html/accp02/" / / re-standing Click to write a page 13 ErrorLog "logs/www.accp02.com.error_log" 14 Customlog "logs/www.accp02.com.access_log" common 15 16 Require all granted 17 18 19 to create a page under the site [root@localhost extra] # cd / var/www/html/ [root@localhost html] # mkdir accp02 [root@localhost html] # cd accp02 [root@localhost accp02] # vim index.htmlthis is 136 accp02 web~ ~ [root@localhost accp02] # vim.. / accp/index.html this is 128 accp web~ ~ add the address of listening 138 to the main configuration file Activate the service # prevent Apache from glomming onto all bound IP addresses.Listen 192.168.136.136:80Listen 192.168.136.138:80#Listen 192.168.136.136:8080#Listen 80 [root@localhost extra] # systemctl status httpd to test on the client. Remember that the dns resolution address specified by us for the client can be obtained automatically, otherwise your client cannot access the Internet or access the URL.

Aapache access control (client access control)

To the sub-configuration file, also known as the container, which does client access control, such as blacklist and whitelist, all commands of the system will be implemented in this container, unlike the ACL access control list matching identification commands from top to bottom. [root@localhost ~] # cd / etc/httpd/conf/extra/ [root@localhost extra] # lsvhost.conf [root@localhost extra] # vim vhost.conf DocumentRoot "/ var/www/html/accp/" ErrorLog "logs/www.accp.com.error_log" Customlog "logs/www.accp.com.access_log" common / / the label Require not ip 192.168.136.137 / / denies access to this address You can also reject the network segment, such as Require not ip 192.168.136.0, 24 Require all granted / / ending tag [root@localhost extra] # systemctl restart httpd / / restart the service to the client to test, because of the access control, you can only access the default website of the web service.

User login access control [root@localhost extra] # cd / etc/httpd/conf [root@localhost conf] # htpasswd-c / etc/httpd/conf/pwd chen01 / / create a chen01 user, put it under the path, and name it pwd. Htpasswd: you can use the YUM installation directly. If you compile and install manually, add this command to the command recognized by the / usr/local/bin system. New password: / / enter your password Re-type new password: / / re-enter Adding password for user chen01 [root@localhost conf] # lsextra httpd.conf magic pwd [root@localhost conf] # cat pwdchen01:$apr1 $lOLJMVUo$EZ7qupc1bHN3k38OUw/1F. [root@localhost conf] # htpasswd / etc/httpd/conf/pwd chen02 / / if this directory already exists Do not add-c New password: Re-type new password: Adding password for user chen02 [root@localhost conf] # cat pwdchen01:$apr1 $lOLJMVUo$EZ7qupc1bHN3k38OUw/1F.chen02:$apr1 $5cbb6tpU$mt5EZG/8y7qXhyi1Pz2Lk1 [root@localhost conf] # add to the container specify an IP user login access control [root@localhost extra] # vim vhost.conf DocumentRoot "/ var/www/html/accp02/" ErrorLog "logs/www.accp02.com.error_log" Customlog "logs/www.accp02.com.access_ Log "common AuthName" DocumentRoot "/ / declare information AuthType Basic / / validation type is basic authentication AuthUserFile / etc/httpd/conf/pwd / / verification file Directory location Require valid-user / / authorizes the user to login [root@localhost extra] # systemctl restart httpd to the client to test the user login access control

That's all we have. Thank you for watching.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.