溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
分別使用httpd-2.2和httpd-2.4實現
1、建立httpd服務,要求:
(1)提供兩個基于名稱的虛擬主機www1, www2;有單獨的錯誤日志和訪問日志;
(2)通過www1的/server-status提供狀態信息,且僅允許tom用戶訪問;
(3)www2不允許192.168.0.0/24網絡中任意主機訪問;
準備過程
準備三臺虛擬機,一臺CentOS 7實現httpd-2.4 CentOS 6 實現httpd-2.2 另一臺提供頒發CA認證和測試服務要求
先關閉三臺虛擬機的iptables selinux
三臺機器yum安裝mod_ssl
CentOS 6 ip 172.16.55.6
CentOS 7 ip 172.16.55.7
CA方加測試 ip 172.16.55.11
第一小題
=========================
CentOS 6上提供的httpd服務是2.2版本
安裝httpd-2.2
yum install-y httpd
修改配置文件,添加虛擬主機名
vim/etc/httpd/conf/httpd.conf
990行下
NameVirtualHost172.16.55.6:80
添加虛擬主機配置文件,并添加日志文件信息
vim/etc/httpd/conf.d/www1.conf
<VirtualHost 172.16.55.6:80>
ServerName www1.magedu.com
DocumentRoot /data/vhosts/www1
ErrorLog logs/www1-error_log
CustomLog logs/www1-access_log combined
</VirtualHost>
vim /etc/httpd/conf.d/www2.conf
<VirtualHost 172.16.55.6:80>
ServerName www2.magedu.com
DocumentRoot /data/vhosts/www2
ErrorLog logs/www2-error_log
CustomLog logs/www2-access_log combined
</VirtualHost>
在創建網站信息
mkdir /data/vhosts/www{1,2}
vim /data/vhosts/www1/index.html
11111
vim /data/chosts/www2/index.html
22222
修改hosts配置文件,添加域名解析
vim /etc/hosts
添加 172.16.55.6 www1.magedu.com www2.magedu.com
語法檢查
httpd -t
在檢查端口是否打開,服務是否啟動
ss -ntl
ps aux
重啟服務,然后在瀏覽器中檢查172.16.55.7是否能解析
CentOS 7上提供的httpd服務是2.4版本
安裝httpd-2.4
yum install-y httpd
查看配置文件,但不需要添加虛擬主機名
添加虛擬主機配置文件,并添加日志文件信息
vim/etc/httpd/conf.d/www1.conf
<VirtualHost 172.16.55.7:80>
ServerName www1.magedu.com
DocumentRoot /data/vhosts/www1
ErrorLog logs/www1-error_log
CustomLoglogs/www1-access_log combined
<Directory"/data/vhosts/www1">
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
vim /etc/httpd/conf.d/www2.conf
<VirtualHost 172.16.55.6:80>
ServerName www2.magedu.com
DocumentRoot /data/vhosts/www2
ErrorLog logs/www2-error_log
CustomLoglogs/www2-access_log combined
<Directory"/data/vhosts/www1">
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
在創建網站信息
mkdir /data/vhosts/www{1,2}
vim /data/vhosts/www1/index.html
11111
vim /data/chosts/www2/index.html
22222
修改hosts配置文件,添加域名解析
vim /etc/hosts
添加 172.16.55.7 www1.magedu.com www2.magedu.com
語法檢查
httpd -t
在檢查端口是否打開,服務是否啟動
ss -ntl
ps aux
重啟服務,然后在瀏覽器中檢查172.16.55.7是否能解析
第二題
============================
ip為172.16.55.6的CentOS 6上
先添加一個tom的虛擬用戶
htpasswd -c -m /etc/httpd/conf/.htpasswdtom
修改虛擬主機www1的配置文件
vim /etc/httpd/conf.d/www1.conf
<VirtualHost 172.16.55.6:80>
ServerName www1.magedu.com
DocumentRoot /data/vhosts/www1
ErrorLog logs/www1-error_log
CustomLog logs/www1-access_log combined
</VirtualHost>
<Location /server-status>
SetHandler server-status
AuthType basic
AuthName "For tom"
AuthUserFile "/etc/httpd/conf/.htpasswd"
Require user tom
</Location>
語法檢查后無誤后,重載服務配置
httpd -t
service httpd reload
在瀏覽器這種輸入172.16.55.6/server-status
如下圖,只有輸入賬戶tom的賬戶密碼才可訪問
ip為172.16.55.7的CentOS 7上
先添加一個tom的虛擬用戶
htpasswd -c -m /etc/httpd/conf/.htpasswdtom
修改虛擬主機www1的配置文件
在后面直接添加
<Location /server-status>
SetHandler server-status
AuthType basic
AuthName "For tom"
AuthUserFile "/etc/httpd/conf/.htpasswd"
Require user tom
</Location>
語法檢查后無誤后,重載服務配置
httpd -t
service httpd reload
在瀏覽器這種輸入172.16.55.7/server-status
如圖,只有輸入賬戶tom的賬戶密碼才可訪問
第二題3小問
先在CentOS6上面做該操作
www2不允許192.168.0.0/24網絡中任意主機訪問
直接編輯www2的配置文件
vim /etc/httpd/conf.d/www2.conf
在后面添加一段代碼即可
<VirtualHost 172.16.55.6:80>
ServerName www1.magedu.com
DocumentRoot /data/vhosts/www1
<Directory /data/vhosts/www2>
OptionsNone
AllowOverride None
Order deny,allow
Denyfrom 192.16.0.0/24
</Directory>
</VirtualHost>
CentOS 7 上操作相同
第三da題
=====172.16.55.11=====
先創建公鑰,頒發CA證書
yum install -y mod_ssl
cd /etc/pki/CA
(umask 077;openssl genrsa -outprivate/cakey.pem 2048)
openssl req -new -x509 -keyprivate/cakey.pem -out cacert.pem
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name)[]:beijing
Locality Name (eg, city) [DefaultCity]:beijing
Organization Name (eg, company) [DefaultCompany Ltd]:magedu
Organizational Unit Name (eg, section)[]:ops
Common Name (eg, your name or your server'shostname) []:ca.magedu.com
Email Address []:magedu@admin.com
創建補充文件
touch index.txt
echo 01> serial
然后在CentOS 6 上創建私鑰
mkdir -pv /etc/httpd/ssl
cd /etc/httpd/ssl/
(umask 077; openssl genrsa -outhttpd.key 1024)
openssl req -new -key httpd.key -out httpd.csr
Country Name (2 letter code) [XX]:CN
State or Province Name (full name)[]:beijing
Locality Name (eg, city) [DefaultCity]:beijing
Organization Name (eg, company) [DefaultCompany Ltd]:magedu
Organizational Unit Name (eg, section)[]:ops
Common Name (eg, your name or yourserver's hostname) []:www2.magedu.com
Email Address []:www2@admin.com
scp 172.16.55.11:/tmp
然后在切換到172.16.55.11 CA上面簽發證書
cd /etc/pki/CA
openssl ca -in /tmp/httpd.csr -out/etc/pki/CA/certs/httpd.crt
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches thesignature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Jul 24 04:54:15 2016GMT
Not After : Jul 24 04:54:15 2017GMT
Subject:
countryName = CN
stateOrProvinceName = beijing
organizationName = magedu
organizationalUnitName = ops
commonName = www2.magedu.com
emailAddress = www2@admin.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
2B:D6:FF:8B:84:2D:33:FD:48:8A:EC:A5:80:63:67:46:F5:D5:54:12
X509v3 Authority Key Identifier:
keyid:F2:32:D8:C5:E6:D9:04:B8:46:38:8D:D7:32:2B:E6:D5:90:56:3D:A1
Certificate is to be certified until Jul24 04:54:15 2017 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requestscertified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
把簽署好的證書發還給請求者。
scp /certs/httpd.crt 172.16.55.6:/etc/httpd/ssl/
在回到172.16.55.6的CentOS上面修改ssl的配置文件
vim /etc/httpd/conf.d/ssl.conf
<VirtualHost _default_:443>
DocumentRoot "/data/vhosts/www2"
ServerName www2.magedu.com:443
SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
</VirtualHost>
然后檢查語法無誤后,重載服務
httpd-t
servicereload httpd
CentOS 7 上面的操作過程和6的基本一致
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
