Loading... <p style="margin-bottom:0;text-align:center"><span style="font-size: 20px">apache </span><span style="font-size: 20px">(Web服务器)</span></p> <p style="margin-bottom:0"><span style="font-size: 21px">简介:</span></p> <p style="margin-bottom:0"><span style="font-size: 14px;font-family: Calibri, sans-serif">Apache</span><span style="font-size: 14px">是世界使用排名第一的</span><span style="font-size: 14px;font-family: Calibri, sans-serif">Web</span><span style="font-size: 14px">服务器软件。它可以运行在几乎所有广泛使用的计算机平台上,由于其跨平台和安全性被广泛使用,是最流行的</span><span style="font-size: 14px;font-family: Calibri, sans-serif">Web</span><span style="font-size: 14px">服务器端软件之一。它快速、可靠并且可通过简单的</span><span style="font-size: 14px;font-family: Calibri, sans-serif">API</span><span style="font-size: 14px">扩充,将</span><span style="font-size: 14px;font-family: Calibri, sans-serif">Perl/Python</span><span style="font-size: 14px">等解释器编译到服务器中。</span><span style="font-size: 14px;font-family: Calibri, sans-serif"> </span></p> <p style="margin-bottom:0"><span style="font-size: 14px;font-family: Calibri, sans-serif"> </span></p> <p><span style="font-size: 14px;font-family: Calibri, sans-serif">Apache HTTP</span><span style="font-size: 14px">服务器是一个模块化的服务器,源于</span><span style="font-size: 14px;font-family: Calibri, sans-serif">NCSAhttpd</span><span style="font-size: 14px">服务器,经过多次修改,成为世界使用排名第一的</span><span style="font-size: 14px;font-family: Calibri, sans-serif">Web</span><span style="font-size: 14px">服务器软件。</span></p> <p><span style="font-size: 14px">它可以运行在几乎所有广泛使用的计算机平台上。</span></p> <p style="margin-bottom:0"><span style="font-size: 14px;font-family: Calibri, sans-serif">Apache</span><span style="font-size: 14px">源于</span><span style="font-size: 14px;font-family: Calibri, sans-serif">NCSAhttpd</span><span style="font-size: 14px">服务器,经过多次修改,成为世界上最流行的</span><span style="font-size: 14px;font-family: Calibri, sans-serif">Web</span><span style="font-size: 14px">服务器软件之一。</span><span style="font-size: 14px;font-family: Calibri, sans-serif">Apache</span><span style="font-size: 14px">取自“</span><span style="font-size: 14px;font-family: Calibri, sans-serif">a patchy server</span><span style="font-size: 14px">”的读音,意思是充满补丁的服务器,因为它是自由软件,所以不断有人来为它开发新的功能、新的特性、修改原来的缺陷。</span><span style="font-size: 14px;font-family: Calibri, sans-serif">Apache</span><span style="font-size: 14px">的特点是简单、速度快、性能稳定,并可做代理服务器来使用</span></p> <p style="margin-bottom:0"><span style="font-size: 14px;font-family: Calibri, sans-serif"> </span></p> <p style="margin-bottom:0"><strong>一</strong><strong><span style="font-family: Calibri, sans-serif"> http</span></strong><strong>请求处理过程</strong></p> <p style="margin-bottom:0;text-indent:35px"><span style="font-size: 14px">一次完整的</span><span style="font-size: 14px;font-family: Calibri, sans-serif">http</span><span style="font-size: 14px">请求处理过程:</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:36px;margin-bottom:0"><span style="font-size: 14px;font-family: Calibri, sans-serif">(1) </span><span style="font-size: 14px">建立或处理连接:接收请求或拒绝请求</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:36px;margin-bottom:0"><span style="font-size: 14px;font-family: Calibri, sans-serif">(2) </span><span style="font-size: 14px">接收请求:接收来自于网络的请求报文中对某资源的一次请求的过程;</span></p> <p style="margin-bottom:0"><span style="font-size: 14px;font-family: Calibri, sans-serif"> (3) </span><span style="font-size: 14px">处理请求:对请求报文进行解析,并获取请求的资源及请求方法等相关信息,根据请求报文的首部来判断用户请求的资料</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:36px;margin-bottom:0"><span style="font-size: 14px;font-family: Calibri, sans-serif">(4) </span><span style="font-size: 14px">访问资源:获取请求报文中请求的资源</span><span style="font-size: 14px">,</span><span style="font-size: 14px;font-family: Calibri, sans-serif">web</span><span style="font-size: 14px">服务器,即存放了</span><span style="font-size: 14px;font-family: Calibri, sans-serif">web</span><span style="font-size: 14px">资源的服务器,负责向请求者提供对方请求的静态资源,或动态运行后生成的资源;这些资源放置于本地文件系统某路径下,此路径通常称为</span><span style="font-size: 14px;font-family: Calibri, sans-serif">DocRoot</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:36px;margin-bottom:0"><span style="font-size: 14px;font-family: Calibri, sans-serif">(5) </span><span style="font-size: 14px">构建响应报文</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:36px;margin-bottom:0"><span style="font-size: 14px;font-family: Calibri, sans-serif">(6) </span><span style="font-size: 14px">发送响应报文,有长连接和短连接模式</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:36px;margin-bottom:0"><span style="font-size: 14px;font-family: Calibri, sans-serif">(7) </span><span style="font-size: 14px">记录日志</span></p> <p style="margin-bottom:0"><strong>二</strong><strong> </strong><strong>并发访问响应模型(</strong><strong><span style="font-family: Calibri, sans-serif">Web I/O</span></strong><strong>):</strong></p> <p style="margin-left:28px">1.<span style="font-family:宋体">单进程</span>I/O<span style="font-family:宋体">结构:启动一个进程处理用户请求,而且一次只处理一个;多个请求被串行响应;</span></p> <p style="margin-left:28px">2.<span style="font-family:宋体">多进程</span>I/O<span style="font-family:宋体">结构:并行启动多个进程,每个进程响应一个请求;</span></p> <p style="margin-left:28px">3.<span style="font-family:宋体">复用</span>I/O<span style="font-family:宋体">结构:一个进程响应</span>n<span style="font-family:宋体">个请求;</span></p> <p style="margin-left:28px"> (1)<span style="font-family:宋体">多线程模型:一个进程生成</span>N<span style="font-family:宋体">个线程,每个线程响应一个用户请求;</span></p> <p style="margin-left:28px"> (2)<span style="font-family:宋体">事件驱动:</span>event-driven</p> <p style="margin-left:28px">4<span style="font-family:宋体">复用的多进程</span>I/O<span style="font-family:宋体">结构:启动多个(</span>m<span style="font-family:宋体">)进程,每个进程响应</span>n<span style="font-family:宋体">个请求;</span></p> <p style="margin-bottom:0"><strong>三</strong><strong><span style="font-family: Calibri, sans-serif"> apache </span></strong><strong>的工作模式</strong></p> <p> 1.prefork:多进程模型,每个进程响应一个请求;</p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:64px;margin-bottom:0"><span style="font-size: 14px">一个主进程:负责生成</span><span style="font-size: 14px;font-family: Calibri, sans-serif">n</span><span style="font-size: 14px">个子进程,子进程也称为工作进程,每个子进程处理一个用户请求;即便没有用户请求,也会预先生成多个空闲进程,随时等待请求到达;最大不会超过</span><span style="font-size: 14px;font-family: Calibri, sans-serif">1024</span><span style="font-size: 14px">个;</span></p> <p> 2.worker:多线程模型,每个线程响应一个请求;</p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:56px;margin-bottom:0;text-indent:20px"><span style="font-size: 14px">一个主进程:生成多个子进程,每个子进程负责生个多个线程,每个线程响应一个请求;</span><span style="font-size: 14px;font-family: Calibri, sans-serif"> </span></p> <p> 3.event:事件驱动模型,每个线程响应n个请求;</p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:64px;margin-bottom:0;text-indent:20px"><span style="font-size: 14px">一个主进程:生成</span><span style="font-size: 14px;font-family: Calibri, sans-serif">m</span><span style="font-size: 14px">个子进程,每个进程直接响应</span><span style="font-size: 14px;font-family: Calibri, sans-serif">n</span><span style="font-size: 14px">个请求;</span></p> <p> </p> <p style="margin-bottom:0"><strong><span style="font-family: Calibri, sans-serif"> </span></strong></p> <p style="margin-bottom:0"><strong>四</strong><strong> </strong><strong>安装前准备</strong></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:28px;margin-bottom:0"><span style="font-size: 14px">说明</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:28px;margin-bottom:0"><span style="font-size: 14px">操作系统:</span><span style="font-size: 14px;font-family: Calibri, sans-serif">CentOS 6.7 64</span><span style="font-size: 14px">位</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:28px;margin-bottom:0"><span style="font-size: 14px;font-family: Calibri, sans-serif">Apache </span><span style="font-size: 14px">版本:httpd-2.2.15-47.el6.centos.3.x86_64</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:28px;margin-bottom:0"><span style="font-size: 14px">httpd</span><span style="font-size: 14px">服务器ip:192.168.1.5</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:28px;margin-bottom:0"><span style="font-size: 14px"> </span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px">1. </span><span style="font-size: 14px">配置好</span><span style="font-size: 14px;font-family: Calibri, sans-serif">IP</span><span style="font-size: 14px">、</span><span style="font-size: 14px;font-family: Calibri, sans-serif">DNS </span><span style="font-size: 14px">、网关,确保使用远程连接工具能够连接服务器</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px;font-family: Calibri, sans-serif">2. </span><span style="font-size: 14px">配置防火墙,iptables –F 清理防火墙规则或者关闭iptables</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px;font-family: Calibri, sans-serif">3. </span><span style="font-size: 14px">关闭</span><span style="font-size: 14px;font-family: Calibri, sans-serif">SELINUX,</span> <span style="font-size: 14px;font-family: Calibri, sans-serif">setenforce 0 #</span><span style="font-size: 14px">立即生效(实际是宽容模式)</span></p> <p style="margin-bottom:0"><span style="font-size: 14px;font-family: Calibri, sans-serif"> </span></p> <p style="margin-bottom:0"><strong>五</strong><strong> </strong><strong>安装配置</strong></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">1. </span><span style="font-size: 14px">安装apache,yum安装会自动解决依赖关系</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">yum -y install httpd</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">2. </span><span style="font-size: 14px">启动httpd 服务,并测试页面是否显示正常</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">service httpd start</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">如果启动报错信息是:httpd:httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain for ServerName</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">那就去主配置文件找到#ServerName www.example.com:80 ,把前面的注释去掉就可以启动不报错了.</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><img src="//cto.wang/usr/uploads/2016/07/20160703180826-72.png" title="1459301989994148.png" alt="blob.png" /></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">3. </span><span style="font-size: 14px">定义server页面文档路径,在新的路径目录下创建文件内容,重新加载服务,测试页面.</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">mkdir -pv /www/htdocs</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">vi /www/htdocs/index.html</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0;text-indent:21px"><span style="font-size: 14px">test Page</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">主配置文件修改这一行 DocumentRoot "/var/www/html"</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">vi /etc/httpd/conf/httpd.conf</span></p> <p style="margin-bottom:0;text-indent:49px"><span style="font-size: 14px">DocumentRoot "/www/htdocs" #</span><span style="font-size: 14px">修改成这样</span></p> <p style="margin-bottom:0;text-indent:21px"><span style="font-size: 14px"> service httpd reload</span></p> <p style="margin-bottom:0"> <img src="//cto.wang/usr/uploads/2016/07/20160703180826-10.png" title="1459302007548724.png" alt="blob.png" /></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">4. </span><span style="font-size: 14px">基于来源访问控制.</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">vi /etc/httpd/conf/httpd.conf</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px"></span></p> <pre class="brush:bash;toolbar:false"> <Directory "/www/htdocs"> #修改这里的路径 Order allow,deny Deny from 192.168.1.3 #找到这一行添加192.168.1.3 Allow from all</pre> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:28px;margin-bottom:0"><span style="font-size: 14px;font-family: Calibri, sans-serif"></span></p> <p style="margin-bottom:0"><span style="font-size: 14px"> service httpd reload</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><img src="//cto.wang/usr/uploads/2016/07/20160703180826-51.png" title="1459302035603616.png" alt="blob.png" /></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">5. </span><span style="font-size: 14px">设置路径别名</span></p> <p style="margin: 0px 0px 0px 24px"><span style="font-size: 14px"> cd /www/htdocs/</span></p> <p style="margin: 0px 0px 0px 28px"><span style="font-size: 14px;font-family: Calibri, sans-serif"> vi bbs/index.html</span></p> <p style="margin: 0px 0px 0px 28px"><span style="font-size: 14px;font-family: Calibri, sans-serif"> Page at /www/htdocs/bbs #</span><span style="font-size: 14px">先自己测试看看是否是显示的内容</span></p> <p style="margin: 0px 0px 0px 28px"><span style="font-size: 14px;font-family: Calibri, sans-serif"> mkdir /forum</span></p> <p style="margin: 0px 0px 0px 28px"><span style="font-size: 14px;font-family: Calibri, sans-serif"> vi /forum/index.html</span></p> <p style="margin: 0px 0px 0px 28px"><span style="font-size: 14px;font-family: Calibri, sans-serif"> Page /forum</span></p> <p style="margin: 0px 0px 0px 28px"><span style="font-size: 14px;font-family: Calibri, sans-serif"> vi /etc/httpd/conf/httpd.conf</span></p> <p style="margin: 0px 0px 0px 28px"><span style="font-size: 14px;font-family: Calibri, sans-serif"> Alias /bbs/ "/forum/"</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:28px;margin-bottom:0"><span style="font-size: 14px;font-family: Calibri, sans-serif"> </span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">service httpd reload</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><img src="//cto.wang/usr/uploads/2016/07/20160703180826-8.png" title="1459302072848629.png" alt="blob.png" /></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">6. </span><span style="font-size: 14px">基于用户访问控制</span></p> <p style="margin-bottom:0"> <span style="font-size: 14px"> </span><span style="font-size: 14px;font-family: Calibri, sans-serif">cd /www/htdocs/</span></p> <p style="margin-bottom:0;text-indent:7px"> <span style="font-size: 14px;font-family: Calibri, sans-serif">mkdir amdin</span></p> <p style="margin-bottom:0;text-indent:7px"> <span style="font-size: 14px;font-family: Calibri, sans-serif">vi admin/index.html</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:14px;margin-bottom:0;text-indent:7px"> <span style="font-size: 14px;font-family: Calibri, sans-serif">Page FOR Admin</span></p> <p style="margin-bottom:0;text-indent:7px"> <span style="font-size: 14px;font-family: Calibri, sans-serif">vi /etc/httpd/conf/httpd.conf #</span><span style="font-size: 14px">在主配置文件下添加如下几行</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:14px;margin-bottom:0"></p> <pre class="brush:bash;toolbar:false"> <Directory "/www/htdocs/admin"> Options None AllowOverride None AuthType Basic AuthName "Administator private" AuthUserFile "/etc/httpd/conf.d/.htpasswd" Require valid-user </Directory></pre> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:14px;margin-bottom:0;text-indent:7px"><span style="font-size: 14px;font-family: Calibri, sans-serif"></span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:14px;margin-bottom:0;text-indent:7px"><span style="font-size: 14px;font-family: Calibri, sans-serif"><br /></span></p> <p style="margin-bottom:0"> <span style="font-size: 14px;font-family: Calibri, sans-serif"> </span><span style="font-size: 14px">创建</span><span style="font-size: 14px;font-family: Calibri, sans-serif">2</span><span style="font-size: 14px">个用户</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:14px;margin-bottom:0"> <span style="font-size: 14px;font-family: Calibri, sans-serif">htpasswd -c -m /etc/httpd/conf.d/.htpasswd tom</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:14px;margin-bottom:0"> <span style="font-size: 14px;font-family: Calibri, sans-serif">htpasswd -m /etc/httpd/conf.d/.htpasswd jerry</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:14px;margin-bottom:0"> <span style="font-size: 14px;font-family: Calibri, sans-serif">service httpd reload</span></p> <p style="margin-bottom:0"> <img src="//cto.wang/usr/uploads/2016/07/20160703180826-82.png" title="1459302189909787.png" alt="blob.png" /></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">7. </span><span style="font-size: 14px">基于组的用户认证,基于组的认证修改的配置文件在以上的例子添加修改</span></p> <p style="margin-bottom:0;text-indent:7px"> <span style="font-size: 14px"> </span><span style="font-size: 14px;font-family: Calibri, sans-serif">vi /etc/httpd/conf/httpd.conf #</span><span style="font-size: 14px">在主配置文件下添加如下几行</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:14px;margin-bottom:0"></p> <pre class="brush:bash;toolbar:false"> <Directory "/www/htdocs/admin"> Options None AllowOverride None AuthType Basic AuthName "Administator private" AuthUserFile "/etc/httpd/conf.d/.htpasswd" AuthGroupFile "/etc/httpd/conf.d/.htgroup" Require group webadmin </Directory></pre> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:14px;margin-bottom:0;text-indent:7px"><span style="font-size: 14px;font-family: Calibri, sans-serif"></span></p> <p style="margin-bottom:0"> <span style="font-size: 14px;font-family: Calibri, sans-serif">htpasswd -m /etc/httpd/conf.d/.htpasswd obama</span></p> <p style="margin-bottom:0"> <span style="font-size: 14px">创建组添加用户</span></p> <p style="margin-bottom:0"> <span style="font-size: 14px;font-family: Calibri, sans-serif">vi /etc/httpd/conf.d/.htgroup</span></p> <p style="margin-bottom:0"> <span style="font-size: 14px;font-family: Calibri, sans-serif"> webadmin:jerry obama</span></p> <p style="margin-bottom:0"> <span style="font-size: 14px;font-family: Calibri, sans-serif"> </span></p> <p style="margin-bottom:0"> <span style="font-size: 14px;font-family: Calibri, sans-serif">service httpd reload</span></p> <p style="margin-bottom:0"> <img src="//cto.wang/usr/uploads/2016/07/20160703180826-52.png" title="1459302223967361.png" alt="blob.png" /></p> <p style="margin-bottom:0"><span style="font-size: 14px"> </span></p> <p style="margin-bottom:0"><strong>六</strong><strong> </strong><strong>虚拟主机</strong></p> <p style="margin-bottom:0"><strong><span style="font-size: 14px">注意:现在</span></strong><strong><span style="font-size: 14px;font-family: Calibri, sans-serif">httpd</span></strong><strong><span style="font-size: 14px">服务器</span></strong><strong><span style="font-size: 14px;font-family: Calibri, sans-serif">ip</span></strong><strong><span style="font-size: 14px">:</span></strong><strong><span style="font-size: 14px;font-family: Calibri, sans-serif">172.28.0.97</span></strong></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px">1. </span><span style="font-size: 14px">基于ip 的虚拟主机配置,进入主配置文件修改</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px">vi /etc/httpd/conf/httpd.conf</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px">#DocumentRoot "/var/www/html" #</span><span style="font-size: 14px">把这行注释掉</span></p> <p style="margin-left:52px"><span style="font-size: 14px"></span></p> <pre class="brush:bash;toolbar:false"> <VirtualHost 172.28.0.97:80> ServerName web1.test.com DocumentRoot "/vhosts/web1/htdocs" </VirtualHost></pre> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px"></span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px">然后创建相应的目录和内容,并重新加载配置文件和测试</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px">mkdir -pv /vhosts/{web1,web2}/htdocs</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px">vi /vhosts/web1/htdocs/index.html</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px"> Page at Web1</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px">service httpd reload</span></p> <p style="margin-bottom:0"> <img src="//cto.wang/usr/uploads/2016/07/20160703180826-20.png" title="1459302259210058.png" alt="blob.png" /></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px">2. </span><span style="font-size: 14px">基于端口的虚拟主机,在以上的例子中在多个8080端口</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px">vi /vhosts/web2/htdocs/index.html</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px"> Page at Web2</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px">vi /etc/httpd/conf/httpd.conf</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:80px;margin-bottom:0;text-indent:4px"><span style="font-size: 14px"></span></p> <pre class="brush:bash;toolbar:false"> Listen 8080 #添加这一行监听8080端口 <VirtualHost 172.28.0.97:8080> ServerName web3.magedu.com DocumentRoot "/vhosts/web2/htdocs" </VirtualHost></pre> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px"></span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px"> </span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px">httpd -t #</span><span style="font-size: 14px">测试语法错误</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px">service httpd restart</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px"><img src="//cto.wang/usr/uploads/2016/07/20160703180826-53.png" title="1459302307216274.png" alt="blob.png" /></span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px">3. </span><span style="font-size: 14px">基于名称的虚拟主机,在以上的虚拟配置上修改,并测试</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px">vi /etc/httpd/conf/httpd.conf</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px"> NameVirtualHost 172.28.0.97:80 #</span><span style="font-size: 14px">把注释去掉,表示基于主机名的虚拟主机</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><img src="//cto.wang/usr/uploads/2016/07/20160703180826-46.png" title="1459302325648689.png" alt="blob.png" /></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px">httpd -t</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px">mkdir -pv /web/vhosts/{www1,www2}</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px">vi /web/vhosts/www1/index.html</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px"> Page at www1.stu.com</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px">vi /web/vhosts/www2/index.html</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0;text-indent:28px"><span style="font-size: 14px">Page at www2.stu.com</span></p> <p style="margin-bottom:0"><span style="font-size: 14px"> </span></p> <p style="margin-bottom:0"><span style="font-size: 14px"> 在另外一台机子上可以在hosts文件中添加172.28.0.97 www1.stu.com www2.stu.com</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><img src="//cto.wang/usr/uploads/2016/07/20160703180827-75.png" title="1459302339438893.png" alt="blob.png" /></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px">4. </span><span style="font-size: 14px">通过www1.stu.com/server-status输出httpd工作状态相关信息,且只允许提供帐号密码才能访问(status:status);</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px">cd /web/vhosts/www1/</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px">mkdir admin</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px">htpasswd -c -m /etc/httpd/conf.d/.htpasswd tom</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px">vi /etc/httpd/conf/httpd.conf</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><img src="//cto.wang/usr/uploads/2016/07/20160703180827-9.png" title="1459302355789031.png" alt="blob.png" /></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><img src="//cto.wang/usr/uploads/2016/07/20160703180827-29-1.png" title="1459302365553877.png" alt="blob.png" /></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px">service httpd reload</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px"> </span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><img src="//cto.wang/usr/uploads/2016/07/20160703180827-53.png" title="1459302380598309.png" alt="blob.png" /></p> <p style="margin-bottom:0"><span style="font-size: 14px"> </span></p> <p style="margin-bottom:0"><strong>七</strong><strong> </strong><strong>为上面的第</strong><strong><span style="font-family: Calibri, sans-serif">1</span></strong><strong>个虚拟主机提供</strong><strong><span style="font-family: Calibri, sans-serif">https</span></strong><strong>服务,使得用户可以通过</strong><strong><span style="font-family: Calibri, sans-serif">https</span></strong><strong>安全的访问此</strong><strong><span style="font-family: Calibri, sans-serif">web</span></strong><strong>站点;</strong></p> <p style="margin-bottom:0"><strong><span style="font-size: 14px;font-family: Calibri, sans-serif">httpd</span></strong><strong><span style="font-size: 14px">服务器</span></strong><strong><span style="font-size: 14px;font-family: Calibri, sans-serif">ip:172.28.0.97</span></strong></p> <p style="margin-bottom:0"><strong><span style="font-size: 14px;font-family: Calibri, sans-serif">CA</span></strong><strong><span style="font-size: 14px">服务器</span></strong><strong><span style="font-size: 14px;font-family: Calibri, sans-serif">IP</span></strong><strong><span style="font-size: 14px">:</span></strong><strong><span style="font-size: 14px;font-family: Calibri, sans-serif">172.28.0.59</span></strong></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">1. </span><span style="font-size: 14px">生成密钥对 cakey.pem,并创建所需文件<span style="font-size: 14px">(在CA服务器上操作)</span></span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">cd /etc/pki/CA/</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">(umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">touch index.txt</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">echo 01 > serial</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">2. </span> <span style="font-size: 14px">开始申请CA机构的根证书,20年x509类型(在CA服务器上操作)</span></p> <p style="margin-bottom:0"><span style="font-size: 14px"> openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 7300</span></p> <p><span style="font-size: 14px"> -new: </span><span style="font-size: 14px">生成新证书签署请求;</span></p> <p style="margin-left:28px"><span style="font-size: 14px">-x509: </span><span style="font-size: 14px">专用于CA生成自签证书;</span></p> <p style="margin-left:28px"><span style="font-size: 14px">-key: </span><span style="font-size: 14px">生成请求时用到的私钥文件;</span></p> <p style="margin-left:28px"><span style="font-size: 14px">-days n</span><span style="font-size: 14px">:证书的有效期限;</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:28px;margin-bottom:0"><span style="font-size: 14px">-out /PATH/TO/SOMECERTFILE: </span><span style="font-size: 14px">证书的保存路径;</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:28px;margin-bottom:0"><img src="//cto.wang/usr/uploads/2016/07/20160703180827-69.png" title="1459302398667572.png" alt="blob.png" /></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">3. </span><span style="font-size: 14px">在httpd服务器上,生成自己的私钥key与csr证书请求</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">cd /etc/httpd/</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">mkdir ssl</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">cd ssl/</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">(umask 077;openssl genrsa -out httpd.key 1024) #</span><span style="font-size: 14px">生成自己的私钥</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">openssl req -new -key httpd.key -out httpd.csr</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><img src="//cto.wang/usr/uploads/2016/07/20160703180827-66.png" title="1459302443232009.png" alt="blob.png" /></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">4. </span> <span style="font-size: 14px">把证书传送给CA</span></p> <p style="margin-bottom:0"><span style="font-size: 14px"> scp httpd.csr </span><span style="font-size:14px">root@172.28.0.59:/tmp/</span></p> <p style="margin-bottom:0"> <img src="//cto.wang/usr/uploads/2016/07/20160703180827-49-1.png" title="1459302499287047.png" alt="blob.png" /></p> <p style="margin-bottom:0"><span style="font-size: 14px"> </span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">5. </span><span style="font-size: 14px">在CA上签署证书,并将证书发还给请求者<span style="font-size: 14px">(在CA服务器上操作)</span></span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">openssl ca -in /tmp/httpd.csr -out certs/www1.stu.com.crt -days 365</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">scp certs/www1.stu.com.crt 172.28.0.97:/etc/httpd/ssl</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><img src="//cto.wang/usr/uploads/2016/07/20160703180827-95.png" title="1459302521261040.png" alt="blob.png" /></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><img src="//cto.wang/usr/uploads/2016/07/20160703180827-95-1.png" title="1459302530628797.png" alt="blob.png" /></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px"> </span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">6. </span><span style="font-size: 14px">httpd</span><span style="font-size: 14px">要支持SSL 需要安装这个mod_ssl模块</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px"> yum -y install mod_ssl </span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px"> cd /etc/httpd/conf.d/</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px"> vi ssl.conf</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0;text-indent:4px"><span style="font-size: 14px"></span></p> <pre class="brush:bash;toolbar:false"> <VirtualHost 172.28.0.97:443> #修改这行IP DocumentRoot "/web/vhosts/www1" #注释去掉修改 ServerName www1.stu.com #注释去掉修改 # Server Certificate: SSLCertificateFile /etc/httpd/ssl/www1.stu.com.crt #修改证书文件路径 # Server Private Key: SSLCertificateKeyFile /etc/httpd/ssl/httpd.key #这个证书私钥 service httpd restart</pre> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:52px;margin-bottom:0"><span style="font-size: 14px"> </span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">7. </span><span style="font-size: 14px">测试https是否配置成功</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">在其他的机子上做测试</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><span style="font-size: 14px">openssl s_client -connect 172.28.0.97:443 -CAfile /etc/pki/CA/cacert.pem</span></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><img src="//cto.wang/usr/uploads/2016/07/20160703180827-14.png" title="1459302558213035.png" alt="blob.png" /></p> <p style="margin-top:0;margin-right:0;margin-bottom:0;margin-left:24px;margin-bottom:0"><img src="//cto.wang/usr/uploads/2016/07/20160703180827-29-2.png" title="1459302572326964.png" alt="blob.png" /></p> <p></p> 最后修改:2021 年 12 月 10 日 10 : 53 AM © 允许规范转载 赞赏 如果觉得我的文章对你有用,请随意赞赏 赞赏作者 支付宝微信