httpd

  • httpd已关闭评论
  • 19 次浏览
  • A+
所属分类:linux技术
摘要

访问端口
这是用yum下载的httpd80端口:

81端口:
250:

252:
在电脑桌面我的电脑里面搜索C:WindowsSystem32driversetc这个路径修改hosts文件

添加后保存hosts文件


httpd


curl命令

[root@lnh ~]# curl -o myblog.html http://blog.51cto.com/itchentao   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current                                  Dload  Upload   Total   Spent    Left  Speed   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--    100   312  100   312    0     0   1937      0 --:--:-- --:--:-- --:--:--  1937 [root@lnh ~]# ls anaconda-ks.cfg  myblog.html //通过curl下载文件 

httpd命令

[root@lnh ~]# dnf -y install httpd CentOS-8.5.2111 - Base - mirrors.aliyun.com 117 kB/s | 3.9 kB     00:00     CentOS-8.5.2111 - Extras - mirrors.aliyun.c  73 kB/s | 1.5 kB     00:00     CentOS-8.5.2111 - AppStream - mirrors.aliyu 200 kB/s | 4.3 kB     00:00     Dependencies resolved. ============================================================================  Package      Arch   Version                                Repo       Size ================================================================= ..... //下载httpd [root@lnh ~]# httpd -l Compiled in modules:   core.c   mod_so.c   http_core.c //查看静态编译的模块,列出核心中编译了哪些模块,它不会列出使用LoadModule指令动态加载的模块 [root@lnh ~]# httpd -M AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::20c:29ff:fe05:f428. Set the 'ServerName' directive globally to suppress this message Loaded Modules:  core_module (static)  so_module (static)  http_module (static)  access_compat_module (shared)  actions_module (shared)  alias_module (shared)  allowmethods_module (shared)  auth_basic_module (shared)  auth_digest_module (shared)  authn_anon_module (shared) //输出一个已经启用的模块列表,包括静态编译在服务,器中的模块和作为DSO动态加载的模块 [root@lnh ~]# httpd -v Server version: Apache/2.4.37 (centos) Server built:   Nov 12 2021 04:57:27 //显示httpd的版本,然后退出 [root@lnh ~]# httpd -V Server version: Apache/2.4.37 (centos) Server built:   Nov 12 2021 04:57:27 Server's Module Magic Number: 20120211:83 Server loaded:  APR 1.6.3, APR-UTIL 1.6.1 Compiled using: APR 1.6.3, APR-UTIL 1.6.1 Architecture:   64-bit Server MPM:     event   threaded:     yes (fixed thread count)     forked:     yes (variable process count) Server compiled with....  -D APR_HAS_SENDFILE  -D APR_HAS_MMAP  -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)  -D APR_USE_SYSVSEM_SERIALIZE  -D APR_USE_PTHREAD_SERIALIZE  -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT  -D APR_HAS_OTHER_CHILD  -D AP_HAVE_RELIABLE_PIPED_LOGS  -D DYNAMIC_MODULE_LIMIT=256  -D HTTPD_ROOT="/etc/httpd"  -D SUEXEC_BIN="/usr/sbin/suexec"  -D DEFAULT_PIDLOG="run/httpd.pid"  -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"  -D DEFAULT_ERRORLOG="logs/error_log"  -D AP_TYPES_CONFIG_FILE="conf/mime.types"  -D SERVER_CONFIG_FILE="conf/httpd.conf" //显示httpd和apr/apr-util的版本和编译参数,然后退出 [root@lnh ~]# httpd -X AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::20c:29ff:fe05:f428. Set the 'ServerName' directive globally to suppress this message //以调试模式运行httpd。仅启动一个工作进程,并且,服务器不与控制台脱离 

编译安装httpd-2.4.45

安装编译工具和开发工具包

[root@lnh ~]# dnf -y groupinstall "Development Tools"  .....   urw-base35-bookman-fonts-20170801-10.el8.noarch                               urw-base35-d050000l-fonts-20170801-10.el8.noarch                              urw-base35-fonts-common-20170801-10.el8.noarch                                urw-base35-nimbus-mono-ps-fonts-20170801-10.el8.noarch                        urw-base35-nimbus-sans-fonts-20170801-10.el8.noarch                           urw-base35-standard-symbols-ps-fonts-20170801-10.el8.noarch                   valgrind-1:3.17.0-5.el8.x86_64                                                xml-common-0.6.3-50.el8.noarch                                                xorg-x11-fonts-ISO8859-1-100dpi-7.5-19.el8.noarch                             xz-devel-5.2.4-3.el8.x86_64                                                   zlib-devel-1.2.11-17.el8.x86_64                                              Complete! [root@lnh ~]# dnf -y install openssl-devel pcre-devel expat-devel libtool libxml2-devel .... Installed:   cmake-filesystem-3.20.2-4.el8.x86_64                                         expat-devel-2.2.5-4.el8.x86_64                                               keyutils-libs-devel-1.5.10-9.el8.x86_64                                      krb5-devel-1.18.2-14.el8.x86_64                                              libcom_err-devel-1.45.6-2.el8.x86_64                                         libkadm5-1.18.2-14.el8.x86_64                                                libselinux-devel-2.9-5.el8.x86_64                                            libsepol-devel-2.9-3.el8.x86_64                                              libverto-devel-0.3.0-5.el8.x86_64                                            libxml2-devel-2.9.7-9.el8_4.2.x86_64                                         openssl-devel-1:1.1.1k-5.el8_5.x86_64                                        pcre-cpp-8.42-6.el8.x86_64                                                   pcre-devel-8.42-6.el8.x86_64                                                 pcre-utf16-8.42-6.el8.x86_64                                                 pcre-utf32-8.42-6.el8.x86_64                                                 pcre2-devel-10.32-2.el8.x86_64                                               pcre2-utf16-10.32-2.el8.x86_64                                               pcre2-utf32-10.32-2.el8.x86_64                                              Complete! [root@lnh ~]# useradd -rMs /sbin/nologin apache [root@lnh ~]# id apache uid=48(apache) gid=48(apache) groups=48(apache) //创建一个系统用户,用来管理Apache进程 

安装apr,apr-util,httpd三个源码包

[root@lnh ~]# dnf -y install wget //安装wget [root@lnh ~]# cd /usr/local/src/ [root@lnh src]# wget https://mirrors.aliyun.com/apache/httpd/httpd-2.4.54.tar.gz --2022-07-21 21:04:23--  https://mirrors.aliyun.com/apache/httpd/httpd-2.4.54.tar.gz Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 119.96.204.210, 119.96.204.211, 119.96.138.214, ... Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|119.96.204.210|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 9743277 (9.3M) [application/octet-stream] Saving to: ‘httpd-2.4.54.tar.gz’  httpd-2.4.54.tar.g 100%[================>]   9.29M  12.6MB/s    in 0.7s      2022-07-21 21:04:24 (12.6 MB/s) - ‘httpd-2.4.54.tar.gz’ saved [9743277/9743277] [root@lnh src]# wget https://mirrors.aliyun.com/apache/apr/apr-1.7.0.tar.gz --2022-07-21 21:05:08--  https://mirrors.aliyun.com/apache/apr/apr-1.7.0.tar.gz Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 119.96.204.210, 119.96.204.211, 119.96.138.214, ... Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|119.96.204.210|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 1093896 (1.0M) [application/octet-stream] Saving to: ‘apr-1.7.0.tar.gz’  apr-1.7.0.tar.gz   100%[================>]   1.04M  --.-KB/s    in 0.07s     2022-07-21 21:05:08 (14.0 MB/s) - ‘apr-1.7.0.tar.gz’ saved [1093896/1093896]  [root@lnh src]# wget https://mirrors.aliyun.com/apache/apr/apr-util-1.6.1.tar.gz --2022-07-21 21:05:36--  https://mirrors.aliyun.com/apache/apr/apr-util-1.6.1.tar.gz Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 119.96.204.210, 119.96.204.211, 119.96.138.214, ... Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|119.96.204.210|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 554301 (541K) [application/octet-stream] Saving to: ‘apr-util-1.6.1.tar.gz’  apr-util-1.6.1.tar 100%[================>] 541.31K  --.-KB/s    in 0.08s     2022-07-21 21:05:36 (6.40 MB/s) - ‘apr-util-1.6.1.tar.gz’ saved [554301/554301] [root@lnh src]# ls apr-1.7.0.tar.gz  apr-util-1.6.1.tar.gz  httpd-2.4.54.tar.gz //查看 

安装apr

[root@lnh src]# tar -xf apr-1.7.0.tar.gz  [root@lnh src]# cd apr-1.7.0/ [root@lnh apr-1.7.0]# vim configure      cfgfile=${ofile}T     trap "$RM "$cfgfile"; exit 1" 1 2 15 #    $RM "$cfgfile"      //将此行加上注释,或者删除此行 [root@lnh apr-1.7.0]# ./configure --prefix=/usr/local/apr .... config.status: creating Makefile config.status: creating include/apr.h config.status: creating build/apr_rules.mk config.status: creating build/pkg/pkginfo config.status: creating apr-1-config config.status: creating apr.pc config.status: creating test/Makefile config.status: creating test/internal/Makefile config.status: creating include/arch/unix/apr_private.h config.status: executing libtool commands config.status: executing default commands [root@lnh apr-1.7.0]# make && make install .... for f in make_exports.awk make_var_export.awk; do      /usr/bin/install -c -m 644 /usr/local/src/apr-1.7.0/build/${f} /usr/local/apr/build-1;  done /usr/bin/install -c -m 644 build/apr_rules.out /usr/local/apr/build-1/apr_rules.mk /usr/bin/install -c -m 755 apr-config.out /usr/local/apr/bin/apr-1-config [root@lnh apr-1.7.0]# ls /usr/local/apr/ bin  build-1  include  lib 

安装apr-util

[root@lnh apr-1.7.0]# cd .. [root@lnh src]# tar -xf apr-util-1.6.1.tar.gz  [root@lnh src]# cd apr-util-1.6.1/ [root@lnh apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr/ .... config.status: creating build/pkg/pkginfo config.status: creating apr-util.pc config.status: creating apu-1-config config.status: creating include/private/apu_select_dbm.h config.status: creating include/apr_ldap.h config.status: creating include/apu.h config.status: creating include/apu_want.h config.status: creating test/Makefile config.status: creating include/private/apu_config.h config.status: executing default commands [root@lnh apr-util-1.6.1]# make && make install .... See any operating system documentation about shared libraries for more information, such as the ld(1) and ld.so(8) manual pages. ---------------------------------------------------------------------- /usr/bin/install -c -m 644 aprutil.exp /usr/local/apr-util/lib /usr/bin/install -c -m 755 apu-config.out /usr/local/apr-util/bin/apu-1-config [root@lnh apr-util-1.6.1]# ls /usr/local/apr-util/ bin  include  lib 

安装httpd

[root@lnh apr-util-1.6.1]# cd .. [root@lnh src]# tar -xf httpd-2.4.54.tar.gz  [root@lnh src]# cd httpd-2.4.54/ [root@lnh httpd-2.4.54]# ./configure --prefix=/usr/local/apache --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/ --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork ....  Server Version: 2.4.54     Install prefix: /usr/local/apache     C compiler:     gcc     CFLAGS:          -g -O2 -pthread       CPPFLAGS:        -DLINUX -D_REENTRANT -D_GNU_SOURCE       LDFLAGS:                LIBS:                  C preprocessor: gcc -E //动态共享库 //ssl加密 //通用网关接口,主要为了动态网页 //url重写 //zlib压缩 //正则表达式的库文件,不指定路径自动寻找 //安装most模块 //启用mpm所有支持模式 //使用prefork模式:一个请求,一个线程;反应快,不支持高并发,消耗大量内存 [root@lnh httpd-2.4.54]# make && make install .... mkdir /usr/local/apache/build Installing man pages and online manual mkdir /usr/local/apache/man mkdir /usr/local/apache/man/man1 mkdir /usr/local/apache/man/man8 mkdir /usr/local/apache/manual make[1]: Leaving directory '/usr/local/src/httpd-2.4.54' [root@lnh httpd-2.4.54]# ls /usr/local/apache/ bin    cgi-bin  error   icons    logs  manual build  conf     htdocs  include  man   modules 

配置环境变量

[root@lnh ~]# echo 'export PATH=/usr/local/apache/bin:$PATH' >/etc/profile.d/apache.sh [root@lnh ~]# source /etc/profile.d/apache.sh  //使配置生效 [root@lnh ~]# which apachectl     //查看 /usr/local/apache/bin/apachectl [root@lnh ~]# ln -s /usr/local/apache/include/ /usr/include/apache         // 做个软链接,映射个头文件 [root@lnh ~]#  ll /usr/include/ |grep apache lrwxrwxrwx.  1 root root     26 Jul 21 21:38 apache -> /usr/local/apache/include/ [root@lnh ~]# ll /usr/include/apache lrwxrwxrwx. 1 root root 26 Jul 21 21:38 /usr/include/apache -> /usr/local/apache/include/ [root@lnh ~]# vim /etc/man_db.conf    //将apache的man生效 #MANDATORY_MANPATH                      /usr/src/pvm3/man # MANDATORY_MANPATH                       /usr/man MANDATORY_MANPATH                       /usr/share/man MANDATORY_MANPATH                       /usr/local/share/man MANDATORY_MANPATH                       /usr/local/apache/man //添加这一行 

关闭防火墙,开启服务

[root@lnh ~]# systemctl stop firewalld.service  [root@lnh ~]# setenforce 0 [root@lnh ~]# apachectl start AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::20c:29ff:fe05:f428%ens33. Set the 'ServerName' directive globally to suppress this message [root@lnh ~]# ss -antl State   Recv-Q  Send-Q   Local Address:Port     Peer Address:Port  Process   LISTEN  0       128            0.0.0.0:22            0.0.0.0:*               LISTEN  0       128                  *:80                  *:*               LISTEN  0       128               [::]:22               [::]:*               [root@lnh ~]# ss -anltup |grep httpd tcp   LISTEN 0      128                *:80              *:*    users:(("httpd",pid=62729,fd=4),("httpd",pid=62728,fd=4),("httpd",pid=62727,fd=4),("httpd",pid=62726,fd=4),("httpd",pid=62725,fd=4),("httpd",pid=62724,fd=4)) 

访问端口
httpd

设置开机自启

[root@lnh ~]# cd /usr/lib/systemd/system [root@lnh system]# cp sshd.service httpd.service cp: overwrite 'httpd.service'?  [root@lnh system]# vim httpd.service [Unit] Description=httpd server daemon After=network.target sshd-keygen.target   [Service] Type=forking ExecStart=/usr/local/apache/bin/apachectl ExecStop=/usr/local/apache/bin/apachectl stop ExecReload=/bin/kill -HUP $MAINPID  [Install] WantedBy=multi-user.target [root@lnh system]# systemctl daemon-reload //此处要确保80端口关闭 [root@lnh ~]# systemctl start httpd.service  [root@lnh ~]# systemctl status httpd.service  ● httpd.service - httpd server daemon    Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor p>    Active: active (running) since Thu 2022-07-21 23:18:31 CST; 2s ago   Process: 63436 ExecStart=/usr/local/apache/bin/apachectl (code=exited, sta>  Main PID: 63439 (httpd)     Tasks: 6 (limit: 12221)    Memory: 5.7M    CGroup: /system.slice/httpd.service            ├─63439 /usr/local/apache/bin/httpd            ├─63440 /usr/local/apache/bin/httpd            ├─63441 /usr/local/apache/bin/httpd            ├─63442 /usr/local/apache/bin/httpd            ├─63443 /usr/local/apache/bin/httpd            └─63444 /usr/local/apache/bin/httpd  Jul 21 23:18:31 lnh systemd[1]: Starting httpd server daemon... Jul 21 23:18:31 lnh systemd[1]: Started httpd server daemon. [root@lnh ~]# systemctl stop httpd.service  [root@lnh ~]# systemctl status httpd.service  ● httpd.service - httpd server daemon    Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor p>    Active: inactive (dead)  Jul 21 23:03:00 lnh httpd[63206]: no listening sockets available, shutting d> Jul 21 23:03:00 lnh httpd[63206]: AH00015: Unable to open logs Jul 21 23:03:00 lnh systemd[1]: httpd.service: Main process exited, code=exi> Jul 21 23:03:00 lnh systemd[1]: httpd.service: Failed with result 'exit-code> Jul 21 23:03:00 lnh systemd[1]: Failed to start The Apache HTTP Server. Jul 21 23:18:31 lnh systemd[1]: Starting httpd server daemon... Jul 21 23:18:31 lnh systemd[1]: Started httpd server daemon. Jul 21 23:19:01 lnh systemd[1]: Stopping httpd server daemon... Jul 21 23:19:01 lnh systemd[1]: httpd.service: Succeeded. Jul 21 23:19:01 lnh systemd[1]: Stopped httpd server daemon. [root@lnh ~]# systemctl disable httpd.service  //取消开机自启 

httpd配置三种虚拟主机

这是用yum下载的httpd

相同IP不同端口

[root@lnh ~]# find / -name *vhosts.conf   //在根目录下面找虚拟主机的模板配置文件 /usr/share/doc/httpd/httpd-vhosts.conf [root@lnh ~]# cd /etc/httpd/ [root@lnh httpd]# ls conf(主配置文件)  conf.d(辅助配置文件)  conf.modules.d(辅助配置文件,以模块配置文件为主)  logs  modules  run  state [root@lnh httpd]# cd conf.d/ [root@lnh conf.d]# ls autoindex.conf  README  userdir.conf  welcome.conf [root@lnh conf.d]# cp /usr/share/doc/httpd/httpd-vhosts.conf . //将模板配置文件复制到当前目录 [root@lnh conf.d]# ls  autoindex.conf  httpd-vhosts.conf  README  userdir.conf  welcome.conf [root@lnh conf.d]# vim httpd-vhosts.conf  <VirtualHost *:80>     DocumentRoot "/var/www/html/zhuawawa"  //网站的根目录(yum默认安装的)     ServerName www.zhuawawa.com   //域名     ErrorLog "/var/log/httpd/www.zhuawawa.com-error_log" //错误日志     CustomLog "/var/log/httpd/www.zhuawawa.com-access_log" common </VirtualHost>  //访问日志  Listen 81   //因为没有所以添加一个 <VirtualHost *:81>  *//表示相同ip     DocumentRoot "/var/www/html/tanke"     ServerName www.tanke.com     ErrorLog "/var/log/httpd/www.tanke.com-error_log"     CustomLog "/var/log/httpd/www.tanke.com-access_log" common </VirtualHost> 虚拟主机示例 服务的邮箱 网站的根目录(yum默认安装的) 域名 域名的别名 错误日志 访问日志 [root@lnh conf.d]# cd .. [root@lnh httpd]# ls conf  conf.d  conf.modules.d  logs  modules  run  state [root@lnh httpd]# cd conf [root@lnh conf]# ls httpd.conf  magic [root@lnh conf]# vim httpd.conf  DocumentRoot "/var/www/html" //yum安装的主配置文件默认网站的根目录 [root@lnh conf]# cd .. [root@lnh httpd]# ls conf  conf.d  conf.modules.d  logs  modules  run  state [root@lnh httpd]# cd conf.d [root@lnh conf.d]# ls autoindex.conf  httpd-vhosts.conf  README  userdir.conf  welcome.conf [root@lnh html]# mkdir zhuawawa [root@lnh html]# mkdir tanke [root@lnh html]# ls tanke  zhuawawa [root@lnh html]# cd zhuawawa/ [root@lnh zhuawawa]# rz  [root@lnh zhuawawa]# dnf -y install zip [root@lnh zhuawawa]# unzip zhuawawaji.zip [root@lnh zhuawawa]# ls jQuery抓娃娃机游戏代码  zhuawawaji.zip [root@lnh zhuawawa]# mv jQuery抓娃娃机游戏代码/* . [root@lnh zhuawawa]# ls images  img  index.html  jQuery抓娃娃机游戏代码  js  zhuawawaji.zip [root@lnh zhuawawa]# rm -rf zhuawawaji.zip  [root@lnh zhuawawa]# ls images  img  index.html  jQuery抓娃娃机游戏代码  js [root@lnh zhuawawa]# cd .. [root@lnh html]# cd tanke/ [root@lnh tanke]# rz  [root@lnh tanke]# ls 坦克.zip [root@lnh tanke]# ls Battle_City  坦克.zip [root@lnh tanke]# mv Battle_City/* . [root@lnh tanke]# ls audio  Battle_City  css  images  index.html  js  坦克.zip [root@lnh tanke]# rm -rf 坦克.zip  [root@lnh tanke]# ls audio  Battle_City  css  images  index.html  js [root@lnh html]# httpd -t AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::20c:29ff:fe05:f428. Set the 'ServerName' directive globally to suppress this message Syntax OK //如果闲出现的太繁杂可以作下面的修改 [root@lnh conf]# vim httpd.conf  //在主配置文件里面修改 ServerName www.example.com:80   //取消注释 [root@lnh html]# httpd -t Syntax OK   //配置文件没有问题 [root@lnh html]# systemctl restart httpd.service //重启服务 [root@lnh html]# ss -antl    //查看端口 State     Recv-Q    Send-Q       Local Address:Port       Peer Address:Port   Process    LISTEN    0         128                0.0.0.0:22              0.0.0.0:*                 LISTEN    0         128                   [::]:22                 [::]:*                 LISTEN    0         128                      *:80                    *:*                 LISTEN    0         128                      *:81                    *:*     [root@lnh html]# systemctl stop firewalld.service  [root@lnh html]# setenforce 0 //关闭防火墙   

80端口:
httpd
81端口:
httpd

不同IP相同端口

[root@lnh ~]# ip addr add 192.168.222.252/24 dev ens33  [root@lnh ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo        valid_lft forever preferred_lft forever     inet6 ::1/128 scope host         valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000     link/ether 00:0c:29:05:f4:28 brd ff:ff:ff:ff:ff:ff     inet 192.168.222.250/24 brd 192.168.222.255 scope global noprefixroute ens33        valid_lft forever preferred_lft forever     inet 192.168.222.252/24 scope global secondary ens33        valid_lft forever preferred_lft forever     inet6 fe80::20c:29ff:fe05:f428/64 scope link         valid_lft forever preferred_lft forever //添加一个临时的同网段ip [root@lnh ~]# cd /etc/httpd/ [root@lnh httpd]# ls conf  conf.d  conf.modules.d  logs  modules  run  state [root@lnh httpd]# cd conf.d/ [root@lnh conf.d]# ls autoindex.conf  httpd-vhosts.conf  README  userdir.conf  welcome.conf [root@lnh conf.d]# vim httpd-vhosts.conf  <VirtualHost 192.168.222.250:80>     DocumentRoot "/var/www/html/zhuawawa"     ServerName www.zhuawawa.com     ErrorLog "/var/log/httpd/www.zhuawawa.com-error_log"     CustomLog "/var/log/httpd/www.zhuawawa.com-access_log" common </VirtualHost>  <VirtualHost  192.168.222.252:80>           DocumentRoot "/var/www/html/tanke"     ServerName www.tanke.com     ErrorLog "/var/log/httpd/www.tanke.com-error_log"     CustomLog "/var/log/httpd/www.tanke.com-access_log" common </VirtualHost> //更改ip 同端口 [root@lnh conf.d]# httpd -t Syntax OK //检查配置是否有啥子问题 [root@lnh conf.d]# systemctl restart httpd.service  //重启服务 

250:
httpd
252:
httpd

相同IP相同端口不同域名

在电脑桌面我的电脑里面搜索C:WindowsSystem32driversetc这个路径修改hosts文件
httpd
添加后保存hosts文件

[root@lnh conf.d]# vim httpd-vhosts.conf  <VirtualHost 192.168.222.250:80>     DocumentRoot "/var/www/html/zhuawawa"     ServerName www.zhuawawa.com     ErrorLog "/var/log/httpd/www.zhuawawa.com-error_log"     CustomLog "/var/log/httpd/www.zhuawawa.com-access_log" common </VirtualHost>  <VirtualHost  192.168.222.250:80>     DocumentRoot "/var/www/html/tanke"     ServerName www.tanke.com     ErrorLog "/var/log/httpd/www.tanke.com-error_log"     CustomLog "/var/log/httpd/www.tanke.com-access_log" common </VirtualHost> [root@lnh conf.d]# httpd -t Syntax OK //检查配置 [root@lnh conf.d]# systemctl restart httpd.service //重启服务  

www.zhuawawa.com:
httpd
www.tanke.com:
httpd

配置拒绝指定ip访问

[root@lnh conf.d]# vim httpd-vhosts.conf  <VirtualHost 192.168.222.250:80>     DocumentRoot "/var/www/html/zhuawawa"     ServerName www.zhuawawa.com     ErrorLog "/var/log/httpd/www.zhuawawa.com-error_log"     CustomLog "/var/log/httpd/www.zhuawawa.com-access_log" common <Directory /var/www/html/zhuawawa>     //拒绝访问的网站     <RequireAll>         Require  ip 192.168.222.250  //添加拒绝访问的ip          Require all granted     </RequireAll> </Directory> </VirtualHost> <VirtualHost  192.168.222.250:80>     DocumentRoot "/var/www/html/tanke"     ServerName www.tanke.com     ErrorLog "/var/log/httpd/www.tanke.com-error_log"     CustomLog "/var/log/httpd/www.tanke.com-access_log" common </VirtualHost> [root@lnh conf.d]# httpd -t Syntax OK [root@lnh conf.d]# systemctl restart httpd.service  

192.168.222.250:
httpd
www.zhuawawa.com:
httpd
www.tanke.com:
httpd

ssl

CA生成一对密钥

[root@lnh ~]# dnf -y install mod_ssl [root@lnh ~]# systemctl restart httpd.service  [root@lnh ~]# httpd -M |grep ssl  ssl_module (shared) [root@lnh ~]# ss -antl State     Recv-Q    Send-Q       Local Address:Port       Peer Address:Port   Process    LISTEN    0         128                0.0.0.0:22              0.0.0.0:*                 LISTEN    0         128                   [::]:22                 [::]:*                 LISTEN    0         128                      *:443                   *:*                 LISTEN    0         128                      *:80                    *:*  

启用模块:编辑/etc/httpd/conf.modules.d/00-base.conf文件,添加下面这行,如果已经有了但是注释了,则取消注释即可

[root@lnh ~]# vim /etc/httpd/conf.modules.d/00-base.conf LoadModule ssl_module modules/mod_ssl.so [root@lnh ~]# cd /etc/pki/ [root@lnh pki]# ls ca-trust  consumer  entitlement  java  product  product-default  rpm-gpg  rsyslog  tls [root@lnh pki]# mkdir CA [root@lnh pki]# cd CA/ [root@lnh CA]# pwd /etc/pki/CA [root@lnh CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048) //生成密钥,括号必须要 genrsa: Can't open "private/cakey.pem" for writing, No such file or directory   //没有private这个目录 [root@lnh CA]# mkdir private   //创建目录 [root@lnh CA]# ls private [root@lnh CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)  //生成密钥,括号必须要 Generating RSA private key, 2048 bit long modulus (2 primes) .............+++++ ....................................................................................................+++++ e is 65537 (0x010001) [root@lnh CA]# cd private/ [root@lnh private]# ls cakey.pem //这里面就是秘钥 [root@lnh private]# cd .. [root@lnh CA]# pwd /etc/pki/CA [root@lnh CA]# ls private [root@lnh CA]# openssl rsa -in private/cakey.pem -pubout writing RSA key -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAytGtkYX/kizIGjBflTyZ ZRhOX85EgHo/HLub0YvURuZzmtuASKyf54K4OJzfUzXYPsPOPIuNKElbDYhflxaI oKNyLDhkjZ60DVPHzGLFVg3CGOim7zrqF14HwCM27ZmV3b6ngnaLAIDfftDmrF33 J2J33NW3/yM6Fbpz7zrAa81W518wHYy7UjvUPhD5Z83EYvOpWAKJLMswl2B3RcCU xTCWoQ7InD0JOHj0xj97Onj3l4PtHQqcfUK+FQoiAV9OfCfr/w536wzNXZeSbSLS eN5LeFjGuy0qbF1qZuwJYQWQ2GNRQIi1De88XWJoew1E3z8dCoHzSo/dFNeo0ItY DQIDAQAB -----END PUBLIC KEY----- //提取秘钥查看 

CA生成自签署证书

[root@lnh CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365   //成自签署证书 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:cn    //国家 State or Province Name (full name) []:hb   //省份 Locality Name (eg, city) [Default City]:wh  //城市 Organization Name (eg, company) [Default Company Ltd]:runtime //公司 Organizational Unit Name (eg, section) []:peixun  //部门 Common Name (eg, your name or your server's hostname) []:www.zhuawawa.com    //域名,只是暂时写一个,后面也可以访问其他的 Email Address []:1@2.com  //邮箱 [root@lnh CA]# openssl x509 -text -in cacert.pem //读出cacert.pem证书的内容 [root@lnh CA]# mkdir certs newcerts crl  //创建目录 [root@lnh CA]# touch index.txt && echo 01 > serial    //创建文件 [root@lnh CA]# ls cacert.pem  certs  crl  index.txt  newcerts  private  serial [root@lnh CA]# cat serial  01                //查看 

客户端(例如httpd服务器)生成密钥

生成的秘钥想给哪个用哪个就是客户端

[root@lnh CA]# cd /etc/httpd && mkdir ssl && cd ssl [root@lnh ssl]# pwd /etc/httpd/ssl [root@lnh ssl]# (umask 077;openssl genrsa -out httpd.key 2048) Generating RSA private key, 2048 bit long modulus (2 primes) ......................+++++ ...........................+++++ e is 65537 (0x010001) [root@lnh ssl]# ls httpd.key 

客户端生成证书签署请求

[root@lnh ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr Ignoring -days; not generating a certificate You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:cn State or Province Name (full name) []:hb Locality Name (eg, city) [Default City]:wh Organization Name (eg, company) [Default Company Ltd]:runtime Organizational Unit Name (eg, section) []:peixun Common Name (eg, your name or your server's hostname) []:www.zhuawawa.com      Email Address []:1@2.com  Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: //签署证书 

客户端把证书签署请求文件发送给CA

我这里是一台机子做的使用不用操作
scp httpd.csr root@CA端IP:/root

CA签署客户端提交上来的证书

[root@lnh ssl]# openssl ca -in /etc/httpd/ssl/httpd.csr -out httpd.crt -days 365 ([root@lnh ssl]# openssl ca -in ./httpd.csr -out httpd.crt -days 365 )//当前目录下 ([root@lnh ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365 )//当前这个路径下 Using configuration from /etc/pki/tls/openssl.cnf Check that the request matches the signature Signature ok Certificate Details:         Serial Number: 1 (0x1)         Validity             Not Before: Jul 24 08:13:02 2022 GMT             Not After : Jul 24 08:13:02 2023 GMT         Subject:             countryName               = cn             stateOrProvinceName       = hb             organizationName          = runtime             organizationalUnitName    = peixun             commonName                = www.zhuawawa.com             emailAddress              = 1@2.com         X509v3 extensions:             X509v3 Basic Constraints:                  CA:FALSE             Netscape Comment:                  OpenSSL Generated Certificate             X509v3 Subject Key Identifier:                  65:A6:53:8F:B4:F5:2F:1B:BD:B0:5F:0F:FA:E8:B2:5B:EC:61:18:AF             X509v3 Authority Key Identifier:                  keyid:7E:29:4C:F8:13:87:53:16:46:98:2B:E6:A0:9D:42:1D:68:27:00:10  Certificate is to be certified until Jul 24 08:13:02 2023 GMT (365 days) Sign the certificate? [y/n]:y   1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated [root@lnh ssl]# ls httpd.crt  httpd.csr  httpd.key 

CA把签署好的证书httpd.crt发给客户端

scp httpd.crt root@客户端IP:/etc/httpd/ssl/

[root@lnh ssl]# pwd /etc/httpd/ssl [root@lnh ssl]# cd /etc/httpd/conf.d/ [root@lnh conf.d]# ls ''               httpd-vhosts.conf   ssl.conf       welcome.conf  autoindex.conf   README              userdir.conf [root@lnh conf.d]# vim ssl.conf  SSLCertificateFile /etc/httpd/ssl/httpd.crt  //修改路径 SSLCertificateKeyFile /etc/pki/tls/private/localhost.key//修改路径 <VirtualHost _default_:443> # General setup for the virtual host, inherited from global configuration DocumentRoot "/var/www/html/tanke"  //取消注释和指定哪个使用 ServerName www.tanke.com:443 //指定域名 [root@lnh conf.d]# httpd -t Syntax OK  //检查配置 [root@lnh conf.d]# systemctl restart httpd //重启服务 [root@lnh conf.d]# ss -antl    //查看端口 State     Recv-Q    Send-Q       Local Address:Port       Peer Address:Port   Process     LISTEN    0         128                0.0.0.0:22              0.0.0.0:*                  LISTEN    0         128                   [::]:22                 [::]:*                  LISTEN    0         128                      *:443                   *:*                  LISTEN    0         128                      *:80                    *:*        

访问
httpd
httpd
成功配置https安全加密模块

  • 版权声明:本站原创文章,于2022年7月24日15:50:04,由 发表,共 23748 字。
  • 转载请注明:httpd - 张拓的天空