配置基於主機名的虛擬主機

1、先配置DNS

DNS 安裝

yum install bind* -y

開戶防火墻

iptables -A INPUT -p tcp --dport 53 -j ACCEPT

iptables -A INPUT -p udp --dport 53 -j ACCEPT

iptables -A INPUT -p tcp --sport 53 -j ACCEPT

iptables -A INPUT -p udp --sport 53 -j ACCEPT

service iptables save

service iptables restart

拷貝配置文件

cp -a /etc/named* /var/named/chroot/etc/

cp -a /var/named/d* /var/named/named.* /var/named/slaves/ /var/named/chroot/var/named/

cd /var/named/chroot/etc/

vim named.conf

options {

listen-on port 53 { 127.0.0.1; }; #127.0.0.1改成any

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { localhost; }; # localhost;改成any

recursion yes;

dnssec-enable yes;

dnssec-validation yes;

/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

};

zone "." IN {

type hint;

file "named.ca";

};

#創建三個站點hhj.cc, baidu.com, google.com

zone "hhj.cc" {

type master;

file "aa.zone";

};

zone "baidu.com" {

type master;

file "bb.zone";

};

zone "google.com" {

type master;

file "cc.zone";

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

cd /var/named/chroot/var/named

cp -a named.localhost aa.zone

vim aa.zone

$TTL 1D

@ IN SOA node1.hhj.cc. root (

11 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS node1.hhj.cc.

node1 A 192.168.1.104

www A 192.168.1.104

cp -a named.localhost bb.zone

vim aa.zone

$TTL 1D

@ IN SOA node1.baidu.com. root (

11 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS node1.baidu.com.

node1 A 192.168.1.104

www A 192.168.1.104

cp -a named.localhost bb.zone

vim cc.zone

$TTL 1D

@ IN SOA node1.goole.com. root (

11 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS node1.google.com.

node1 A 192.168.1.104

www A 192.168.1.104

建立一個rndc.key文件

rndc-confgen -r /dev/urandom -a

重啟服務

service named restart

2、配置虛擬主機

vim /etc/httpd/conf/httpd.conf

#NameVirtualHost *:80前的註釋去掉

<VirtualHost *:81>

DocumentRoot /baidu

ServerName www.baidu.com

</VirtualHost>

<VirtualHost *:81>

DocumentRoot /google

ServerName www.google.com

</VirtualHost>

重啟httpd服務

service httpd restart

修改上下文

chcon -R –reference=/var/www/html /baidu/ /google/

HTTPS加密配置

1、 安裝mod_ssl模塊

yum install mod_ssl -y

安裝完後查看/etc/httpd/conf.d/

[root@hhj1984 ~]#ls /etc/httpd/conf.d/

打開配置文件

[root@hhj1984 ~]# vim /etc/httpd/conf.d/ssl.conf

LoadModule ssl_module modules/mod_ssl.so #加載mod_ssl.so模塊

Listen 443 #監聽端口默認443

SSLEngine on #是開啟SSL引擎

SSLCertificateFile /etc/pki/tls/certs/localhost.crt #證書路徑

SSLCertificateKeyFile /etc/pki/tls/private/localhost.key #私鑰路徑

進入/etc/pki/tls/certs/目錄

[root@hhj1984 ~]# cd /etc/pki/tls/certs/

[root@hhj1984 certs]# ls

ca-bundle.crt ca-bundle.trust.crt localhost.crt make-dummy-cert Makefile renew-dummy-cert

使用openssl命令制作密鑰和證書文件:

生成ca.key密鑰:

# openssl genrsa -des3 -out ca.key -rand rand.dat 1024

創建ca.crt證書：

# openssl req -new -x509 -days 365 -key ca.key -out ca.crt

[root@hhj1984 certs]# make aa.crt #制作數據簽名

umask 77 ; \

/usr/bin/openssl genrsa -aes128 2048 > aa.key

Generating RSA private key, 2048 bit long modulus

................................+++

...............................+++

e is 65537 (0x10001)

Enter pass phrase: #輸入密碼

Verifying - Enter pass phrase: #輸入密碼

umask 77 ; \

/usr/bin/openssl req -utf8 -new -key aa.key -x509 -days 365 -out aa.crt -set_serial 0

Enter pass phrase for aa.key: #輸入密碼

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.‘, the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:SC

Locality Name (eg, city) [Default City]:CD

Organization Name (eg, company) [Default Company Ltd]:HHJ

Organizational Unit Name (eg, section) []:HHJ1984

Common Name (eg, your name or your server‘s hostname) []:RHCC

Email Address []:

[root@hhj1984 certs]# ls

aa.crt aa.key ca-bundle.crt ca-bundle.trust.crt localhost.crt make-dummy-cert Makefile renew-dummy-cert

aa.crt 為生成證書，aa.key為私鑰

將文件考到指定地方

[root@hhj1984 certs]# cp aa.crt aa.key /etc/httpd/conf/

配置/etc/httpd/conf.d/ssl.conf證書與私鑰路徑

vim /etc/httpd/conf.d/ssl.conf

SSLCertificateFile /etc/httpd/conf/aa.crt #證書路徑

SSLCertificateKeyFile /etc/httpd/conf/aa.key #私鑰路徑

[root@hhj1984 certs]# service httpd restart #重啟後就可以用HTTPS訪問了

2、將數字簽名只給某一個站點使用

[root@hhj1984 ~]# vim /etc/httpd/conf.d/ssl.conf

SSLEngine off #關閉SSL引擎

直接將配置放入虛擬主機下

<VirtualHost *:443> #改為443

DocumentRoot /baidu

ServerName www.baidu.com

SSLEngine on

SSLCertificateFile /etc/pki/tls/certs/localhost.crt #證書路徑

SSLCertificateKeyFile /etc/pki/tls/private/localhost.key #私鑰路徑

</VirtualHost>

再重啟httpd

強制用戶使用https來訪問網站方法

在/httpd.conf修改

vim /etc/httpd/conf/httpd.conf

<VirtualHost 192.168.1.104:443>

DocumentRoot /var/www/html

ServerName www.hhj1984.cc

ServerAlias www.hhj1984.cc. *.hhj1984.cc

SSLEngine on

SSLCertificateFile /etc/httpd/conf/ca.crt

SSLCertificateKeyFile /etc/httpd/conf/ca.key

</VirtualHost>

<Directory "/var/www/html"> #站點所在目錄

Options Indexes FollowSymLinks

AllowOverride All #要求找.htacess配置文件

Order allow,deny

Allow from all

</Directory>

在/var/www/html下修改. htacess 沒有則創建 #站點所在目錄

<IfModule mod_rewrite.c>

RewriteEngine on

Rewritecond %{http_host} ^www.hhj1984.cc$ [nc]

RewriteRule ^(.*)?$ https://www.hhj1984.cc/$1 [R=301,L]

RewriteCond %{SERVER_PORT} !^443$

RewriteRule ^(.*)?$ https://www.hhj1984.cc/$1 [R=301,L]

</IfModule>

~

~

配置基於主機名的虛擬主機及HTTPD 加密SSL配置以及HTTPS強制跳轉