Shulou(Shulou.com)06/01 Report--

Implemented with httpd-2.2 and httpd-2.4, respectively

1. Establish a httpd service, which requires:

(1) provide two name-based virtual hosts www1. Www2; has separate error log and access log.

(2) provide status information through the / server-status of www1, and only tom users are allowed to access

(3) www2 does not allow any host in the 192.168.0.0and24 network to access.

Preparation process

Prepare three virtual machines, one for CentOS 7 to implement httpd-2.4 CentOS 6 to implement httpd-2.2 and the other to provide CA certification and testing service requirements

Shut down the iptables selinux of three virtual machines first

Three machines yum install mod_ssl

CentOS 6 ip 172.16.55.6

CentOS 7 ip 172.16.55.7

CA plus Test ip 172.16.55.11

The first question

=

The httpd service available on CentOS 6 is version 2.2

Install httpd-2.2

Yum install-y httpd

Modify the configuration file to add a virtual hostname

Vim/etc/httpd/conf/httpd.conf

Under the 990 line

NameVirtualHost172.16.55.6:80

Add virtual host profile and log file information

Vim/etc/httpd/conf.d/www1.conf

ServerName www1.magedu.com

DocumentRoot / data/vhosts/www1

ErrorLog logs/www1-error_log

CustomLog logs/www1-access_log combined

Vim / etc/httpd/conf.d/www2.conf

ServerName www2.magedu.com

DocumentRoot / data/vhosts/www2

ErrorLog logs/www2-error_log

CustomLog logs/www2-access_log combined

In creating website information

Mkdir / data/vhosts/www {1,2}

Vim / data/vhosts/www1/index.html

11111

Vim / data/chosts/www2/index.html

22222

Modify hosts configuration file and add domain name resolution

Vim / etc/hosts

Add 172.16.55.6 www1.magedu.com www2.magedu.com

Grammar check

Httpd-t

Checking whether the port is open and the service is started

Ss-ntl

Ps aux

Restart the service, and then check in the browser to see if 172.16.55.7 can resolve

The httpd service available on CentOS 7 is version 2.4

Install httpd-2.4

Yum install-y httpd

View the configuration file, but do not need to add a virtual hostname

Add virtual host profile and log file information

Vim/etc/httpd/conf.d/www1.conf

ServerName www1.magedu.com

DocumentRoot / data/vhosts/www1

ErrorLog logs/www1-error_log

CustomLoglogs/www1-access_log combined

Options None

AllowOverride None

Require all granted

Vim / etc/httpd/conf.d/www2.conf

ServerName www2.magedu.com

DocumentRoot / data/vhosts/www2

ErrorLog logs/www2-error_log

CustomLoglogs/www2-access_log combined

Options None

AllowOverride None

Require all granted

In creating website information

Mkdir / data/vhosts/www {1,2}

Vim / data/vhosts/www1/index.html

11111

Vim / data/chosts/www2/index.html

22222

Modify hosts configuration file and add domain name resolution

Vim / etc/hosts

Add 172.16.55.7 www1.magedu.com www2.magedu.com

Grammar check

Httpd-t

Checking whether the port is open and the service is started

Ss-ntl

Ps aux

Restart the service, and then check in the browser to see if 172.16.55.7 can resolve

Second question

= =

On CentOS 6 with ip 172.16.55.6

First add a virtual user of tom

Htpasswd-c-m / etc/httpd/conf/.htpasswdtom

Modify the configuration file of the virtual host www1

Vim / etc/httpd/conf.d/www1.conf

ServerName www1.magedu.com

DocumentRoot / data/vhosts/www1

ErrorLog logs/www1-error_log

CustomLog logs/www1-access_log combined

SetHandler server-status

AuthType basic

AuthName "For tom"

AuthUserFile "/ etc/httpd/conf/.htpasswd"

Require user tom

After the syntax check is correct, reload the service configuration

Httpd-t

Service httpd reload

Enter 172.16.55.6/server-status in the browser

As shown in the figure below, you can only access it by entering the account password of the account tom.

On CentOS 7 with ip 172.16.55.7

First add a virtual user of tom

Htpasswd-c-m / etc/httpd/conf/.htpasswdtom

Modify the configuration file of the virtual host www1

Add directly at the end

SetHandler server-status

AuthType basic

AuthName "For tom"

AuthUserFile "/ etc/httpd/conf/.htpasswd"

Require user tom

After the syntax check is correct, reload the service configuration

Httpd-t

Service httpd reload

Enter 172.16.55.7/server-status in the browser

As shown in the figure, it can only be accessed by entering the account password of the account tom.

Question 2: 3 questions

Do this operation on CentOS6 first.

Www2 does not allow access to any host in the 192.168.0.0and24 network.

Edit the configuration file of www2 directly

Vim / etc/httpd/conf.d/www2.conf

Just add a piece of code later.

ServerName www1.magedu.com

DocumentRoot / data/vhosts/www1

OptionsNone

AllowOverride None

Order deny,allow

Denyfrom 192.16.0.0/24

Same operation on CentOS 7

The third da question

= 172.16.55.11 =

First create the public key and issue the CA certificate

Yum install-y mod_ssl

Cd / etc/pki/CA

(umask 07710 OpenSSL genrsa-outprivate/cakey.pem 2048)

Openssl req-new-x509-keyprivate/cakey.pem-out cacert.pem

-

Country Name (2 letter code) [XX]: CN

State or Province Name (full name) []: beijing

Locality Name (eg, city) [DefaultCity]: beijing

Organization Name (eg, company) [DefaultCompany Ltd]: magedu

Organizational Unit Name (eg, section) []: ops

Common Name (eg, your name or your server'shostname) []: ca.magedu.com

Email Address []: magedu@admin.com

Create a supplementary file

Touch index.txt

Echo 01 > serial

Then create the private key on CentOS 6

Mkdir-pv / etc/httpd/ssl

Cd / etc/httpd/ssl/

(umask 077; openssl genrsa-outhttpd.key 1024)

Openssl req-new-key httpd.key-out httpd.csr

Country Name (2 letter code) [XX]: CN

State or Province Name (full name) []: beijing

Locality Name (eg, city) [DefaultCity]: beijing

Organization Name (eg, company) [DefaultCompany Ltd]: magedu

Organizational Unit Name (eg, section) []: ops

Common Name (eg, your name or yourserver's hostname) []: www2.magedu.com

Email Address []: www2@admin.com

Scp 172.16.55.11:/tmp

Then issue the certificate after switching to 172.16.55.11 CA

Cd / etc/pki/CA

Openssl ca-in / tmp/httpd.csr-out/etc/pki/CA/certs/httpd.crt

Using configuration from / etc/pki/tls/openssl.cnf

Check that the request matches thesignature

Signature ok

Certificate Details:

Serial Number: 1 (0x1)

Validity

Not Before: Jul 24 04:54:15 2016GMT

Not After: Jul 24 04:54:15 2017GMT

Subject:

CountryName = CN

StateOrProvinceName = beijing

OrganizationName = magedu

OrganizationalUnitName = ops

CommonName = www2.magedu.com

EmailAddress = www2@admin.com

X509v3 extensions:

X509v3 Basic Constraints:

CA:FALSE

Netscape Comment:

OpenSSL Generated Certificate

X509v3 Subject Key Identifier:

2B:D6:FF:8B:84:2D:33:FD:48:8A:EC:A5:80:63:67:46:F5:D5:54:12

X509v3 Authority Key Identifier:

Keyid:F2:32:D8:C5:E6:D9:04:B8:46:38:8D:D7:32:2B:E6:D5:90:56:3D:A1

Certificate is to be certified until Jul24 04:54:15 2017 GMT (2017 days)

Sign the certificate? [y/n]: y

1 out of 1 certificate requestscertified, commit? [y/n] y

Write out database with 1 new entries

Data Base Updated

Return the signed certificate to the requestor.

Scp / certs/httpd.crt 172.16.55.6:/etc/httpd/ssl/

Modify the ssl configuration file on the CentOS that goes back to 172.16.55.6

Vim / etc/httpd/conf.d/ssl.conf

DocumentRoot "/ data/vhosts/www2"

ServerName www2.magedu.com:443

SSLCertificateFile / etc/httpd/ssl/httpd.crt

SSLCertificateKeyFile / etc/httpd/ssl/httpd.key

Then check the syntax and reload the service

Httpd-t

Servicereload httpd

The operation process above CentOS 7 is basically the same as that of 6.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.