Apache虚拟目录用户认证基于端口/IP/域名的虚拟主机SSL

Posted liang-yao

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Apache虚拟目录用户认证基于端口/IP/域名的虚拟主机SSL相关的知识,希望对你有一定的参考价值。

环境配置:

配置DNS以便域名解析

  1. 安装Bind软件包。

yum install -y bind

 

2. 修改Bind配置文件。

vim /etc/named.conf

listen-on port 53 { 192.168.200.101; };

allow-query { any; };

 

vim /etc/named.rfc1912.zones

zone "a.com" IN {

type master;

file "a.com.localhost";

allow-update { none; };

};

  

3. 修改Bind区域文件。

cd /var/named/

cp -p named.localhost a.com.loaclhost

 

vim a.com.loaclhost

$TTL 1D

@       IN SOA  a.com. rname.invalid. (

0       ; serial

1D      ; refresh

1H      ; retry

1W      ; expire

3H )    ; minimum

NS      dns.a.com.

dns     A       192.168.200.101

www     A       192.168.200.102

m       A       192.168.200.102

  

4. Bind服务器语法检查,启动Bind服务。

named-checkconf /etc/named.conf

named-checkconf /etc/named.rfc1912.zones

named-checkzone a.com /var/named/a.com.localhost

systemctl start named

systemctl enable named

 

WEB服务器安装apache软件包。

yum install -y httpd httpd-devel

虚拟目录

  1. 虚拟目录配置。

vim /etc/httpd/conf/httpd.conf

95 ServerName www.a.com:80

 

vim /etc/httpd/conf.d/vhost.conf

alias /vshare "/var/www/share"

<directory "/var/www/share">

allowoverride none

options includesnoexec

order allow,deny

allow from all

</directory>

 

2. 创建站点目录,配置默认文档

 

mkdir /var/www/share/

echo "share" > /var/www/share/index.html

chown apache:apache /var/www/share/

3. apache语法检测,启动apache服务

httpd -t

systemctl start httpd

4. 客户端dns设置为192.168.200.101,然后访问www.a.com/vshare

技术分享图片

用户认证

  1. 虚拟目录配置。

vim /etc/httpd/conf.d/vhost.conf

alias /vhome "/var/www/home"

<directory "/var/www/home">

authtype basic

authname "enter user and password"

authuserfile /etc/httpd/users-password

require valid-user

options Includesnoexec

allowOverride none

order allow,deny

allow from all

</directory>

 

2. 创建站点目录,配置默认文档

mkdir /var/www/home/

echo "home" >/var/www/home/index.html

chown apache:apache /var/www/home

3. 创建用户认证

htpasswd -c /etc/httpd/users-password user123

htpasswd /etc/httpd/users-password user456     #第二次创建不加-c

4. apache语法检测,启动apache服务

httpd -t

systemctl restart httpd

5. 客户端dns设置为192.168.200.101,然后访问www.a.com/vhome

技术分享图片

技术分享图片

基于端口的虚拟主机

  1. 虚拟目录配置。

vim /etc/httpd/conf/httpd.conf

97 ServerName www.a.com:80

42 listen 80

listen 8888

listen 9999

 

vim /etc/httpd/conf.d/vhost.conf

<virtualhost www.a.com:8888>

servername www.a.com:8888

serveradmin [email protected]

documentroot /var/www/port8888

errorlog logs/port8888/error.log

customlog logs/port8888/access.log combined

</virtualhost>

 

<virtualhost www.a.com:9999>

servername www.a.com:9999

serveradmin [email protected]

documentroot /var/www/port9999

errorlog logs/port9999/error.log

customlog logs/port9999/access.log combined

</virtualhost>

 

mkdir /var/www/port8888

mkdir /var/www/port9999

mkdir /etc/httpd/logs/port8888

mkdir /etc/httpd/logs/port9999

chown -R apache:apache /var/www/port*

chown -R apache:apache /etc/httpd/logs/port*

echo "port8888" > /var/www/port8888/index.html

echo "port9999" > /var/www/port9999/index.html

3. apache语法检测,启动apache服务

httpd -t

systemctl restart httpd

技术分享图片

技术分享图片

基于IP的虚拟主机

多配置一个IP地址用于测试

ifconfig ens32:0 192.168.200.202/24

ip addr

2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

inet 192.168.200.102/24 brd 192.168.200.255 scope global ens32

inet 192.168.200.202/24 brd 192.168.200.255 scope global secondary ens32:0

 

vim /etc/httpd/conf.d/vhost.conf

<virtualhost 192.168.200.102:80>

servername 192.168.200.102:80

serveradmin [email protected]

documentroot /var/www/102

errorlog logs/102/error.log

customlog logs/102/access.log combined

</virtualhost>

 

<virtualhost 192.168.200.202:80>

servername 192.168.200.202:80

serveradmin [email protected]

documentroot /var/www/202

errorlog logs/202/error.log

customlog logs/202/access.log combined

</virtualhost>

 

mkdir /var/www/102

mkdir /var/www/202

mkdir /etc/httpd/logs/102

mkdir /etc/httpd/logs/202

chown -R apache:apache /var/www/*02

chown -R apache:apache /etc/httpd/logs/*02

echo "102" > /var/www/102/index.html

echo "202" > /var/www/202/index.html

apache语法检测,启动apache服务

httpd -t

systemctl restart httpd

技术分享图片

技术分享图片

基于域名的虚拟主机

  1. 虚拟目录配置。

vim /etc/httpd/conf/httpd.conf

97 ServerName a.com:80

 

vim /etc/httpd/conf.d/vhost.conf

<virtualhost www.a.com:80>

servername www.a.com:80

serveradmin [email protected]

documentroot /var/www/www

errorlog logs/www/error.log

customlog logs/www/access.log combined

</virtualhost>

 

<virtualhost m.a.com:80>

servername m.a.com:80

serveradmin [email protected]

documentroot /var/www/m

errorlog logs/m/error.log

customlog logs/m/access.log combined

</virtualhost>

 

mkdir /var/www/www

mkdir /var/www/m

mkdir /etc/httpd/logs/www

mkdir /etc/httpd/logs/m

chown -R apache:apache /var/www/www

chown -R apache:apache /var/www/m

chown -R apache:apache /etc/httpd/logs/www

chown -R apache:apache /etc/httpd/logs/m

echo "www" > /var/www/www/index.html

echo "m" > /var/www/m/index.html

apache语法检测,启动apache服务

httpd -t

systemctl restart httpd

技术分享图片

技术分享图片

基于SSL的web站点配置。

yum install -y mod_ssl openssl openssl-devel

cd /etc/pki/tls/private

openssl genrsa 1024 > www.a.com.key

cd ../certs/

openssl req -new -x509 -days 365 -key ../private/www.a.com.key -out www.a.com.crt

Country Name (2 letter code) [GB]: 输入国家地区代码,如中国的 CN

State or Province Name (full name) [Berkshire]: 地区省份

Locality Name (eg, city) [Newbury]: 城市名称

Organization Name (eg, company) [My Company Ltd]: 公司名称

Organizational Unit Name (eg, section) []: 部门名称

Common Name (eg, your name or your server’s hostname) []: 申请证书域名

Email Address []: 电子邮箱

vim /etc/httpd/conf.d/ssl.conf

59 DocumentRoot "/var/www/ssl"
60 ServerName www.a.com:443

100 SSLCertificateFile /etc/pki/tls/certs/www.a.com.crt

107 SSLCertificateKeyFile /etc/pki/tls/private/www.a.com.key

  

mkdir /var/www/ssl

chown -R apache:apache /var/www/ssl/

echo "1 2 3 4 5" > /var/www/ssl/index.html

 

apache语法检测,启动apache服务

httpd -t

systemctl restart httpd

技术分享图片

技术分享图片

 


以上是关于Apache虚拟目录用户认证基于端口/IP/域名的虚拟主机SSL的主要内容,如果未能解决你的问题,请参考以下文章

Apache基于域名端口IP的虚拟主机配置(Centos 6.5)

Apache配置与应用

Apache虚拟目录和多端口多主机名配置

Apache的虚拟主机

Apache虚拟主机配置

Apache虚拟主机配置