HTTP實驗:分別使用httpd-2.2和httpd-2.4實現
阿新 • • 發佈:2018-12-01
1. 需求描述
1、建立httpd服務,要求: (1) 提供兩個基於名稱的虛擬主機: www1.stuX.com,頁面檔案目錄為/web/vhosts/www1;錯誤日誌為/var/log/httpd/www1/error_log,訪問日誌為/var/log/httpd/www1/access_log; www2.stuX.com,頁面檔案目錄為/web/vhosts/www2;錯誤日誌為/var/log/httpd/www2/error_log,訪問日誌為/var/log/httpd/www2/access_log; (2) 通過www1.stuX.com/server-status輸出其狀態資訊,且要求只允許提供賬號的使用者訪問; (3) www1不允許192.168.1.0/24網路中的主機訪問; 2、為上面的第2個虛擬主機提供https服務,使得使用者可以通過https安全的訪問此web站點; (1) 要求使用證書認證,證書中要求使用國家(CN),州(Beijing),城市(Beijing),組織為(MageEdu); (2) 設定部門為Ops, 主機名為www2.stuX.com;
2. 使用apache 2.4.6實現
2.1. 編譯安裝apache 2.4.6
2.2. /usr/local/apache2/httpd.conf配置
ServerRoot "/usr/local/apache2" Listen 0.0.0.0:80 LoadModule authn_file_module modules/mod_authn_file.so LoadModule authn_core_module modules/mod_authn_core.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_user_module modules/mod_authz_user.so LoadModule authz_core_module modules/mod_authz_core.so LoadModule access_compat_module modules/mod_access_compat.so LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule socache_shmcb_module modules/mod_socache_shmcb.so LoadModule reqtimeout_module modules/mod_reqtimeout.so LoadModule filter_module modules/mod_filter.so LoadModule mime_module modules/mod_mime.so LoadModule log_config_module modules/mod_log_config.so LoadModule env_module modules/mod_env.so LoadModule headers_module modules/mod_headers.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule version_module modules/mod_version.so LoadModule ssl_module modules/mod_ssl.so LoadModule mpm_worker_module modules/mod_mpm_worker.so LoadModule unixd_module modules/mod_unixd.so LoadModule status_module modules/mod_status.so LoadModule autoindex_module modules/mod_autoindex.so LoadModule dir_module modules/mod_dir.so LoadModule alias_module modules/mod_alias.so <IfModule unixd_module> </IfModule> <VirtualHost 10.207.51.53:80> ServerName www1.stuX.com DocumentRoot "/web/vhosts/www1" <Location /server-status> SetHandler server-status AuthType Basic AuthName "Admin Area, Please enter username and passwd" AuthUserFile "/web/vhosts/www1-passwd" Require user Allen Barry </Location> <Directory /web/vhosts/www1> Options Indexes AllowOverride None <Requireall> Require not ip 192.168.1.0/24 Require all granted </Requireall> </Directory> ErrorLog /var/log/httpd/www1/error_log CustomLog /var/log/httpd/www1/access_log combined </VirtualHost> DocumentRoot "/usr/local/apache2/htdocs" <IfModule dir_module> DirectoryIndex index.html </IfModule> LogLevel warn <IfModule log_config_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> CustomLog "logs/access_log" common </IfModule> Include /etc/httpd/extra/httpd-mpm.conf Include /etc/httpd/extra/httpd-ssl.conf
2.3. /usr/local/apache2/extra/httpd-ssl.conf配置
Listen 443 https SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 <VirtualHost _default_:443> DocumentRoot "/web/vhosts/www2" ServerName www2.stuX.com:443 ErrorLog "/var/log/httpd/www2/ssl/error_log" TransferLog "/var/log/httpd/www2/ssl/access_log" <Directory /web/vhosts/www2> Options Indexes AllowOverride None Require all granted </Directory> SSLEngine on SSLCertificateFile "/web/vhosts/certificate/stuX.httpd.crt" SSLCertificateKeyFile "/etc/pki/CA/private/private.key" CustomLog "/var/log/httpd/www2/ssl/access_log" \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost>
2.4. 測試效果