运维学习之Apache的配置、访问控制、虚拟主机和加密访问https
2017-08-16 00:40
866 查看
apache
一、安装Apache服务
yum install httpd -y
systemctl start httpd
systemctl stop firewalld
systemctl enable httpd
systemctl disable firewalld
二、apache信息
1.apache的默认发布文件
index.html
在默认发布文件内写入要展示的内容,在浏览器中输入本机http://172.25.254.126可以看到内容
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/5ffc81883490e46a3930cd98263f46bb.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/3e647f297fe1d24af4647c8e884342d3.png)
2.apache的配置文件
/etc/httpd/conf/httpd.conf
/etc/httpd/conf.d/*.conf
3.apache的默认发布目录
/var/www/html
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/2dd5e5fb3be5f107ef0bd2d92f2f015b.png)
4.apache的默认端口
80
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/78e542134925b2e52d30846ede2e8182.png)
三、apache的基本配置
1.修改默认发布文件
vim /etc/httpd/conf/httpd.conf
164 DirectoryIndex westos.html
systemctl restart httpd
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/a77fb2dce1c9a7cd29a94f2c6d77418d.png)
2.修改默认发布目录
##当selinux是disable状态
vim /etc/httpd/conf/httpd.conf
120 DocumentRoot "/westos/www/test"
<Directory "/westos/www/test">
Require all granted
</Directory>
systemctl restart httpd
##当selinux是enforcing状态
vim /etc/httpd/conf/httpd.conf
120 DocumentRoot "/westos/www/test"
<Directory "/westos/www/test">
Require all granted
</Directory>
systemctl restart httpd
semanage fcontext -a -t httpd_sys_content_t '/westos(/.*)?'
restorecon -RvvF /westos
修改/westos/html/westos文件内容
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/21a963bf38168c64a25d953aeba4ec68.png)
因为selinux为enforcing,需要修改新建目录的安全上下文,再刷新配置
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/a1bb4a71972f120c6fde5f20f7119b24.png)
重启服务后访问到westos目录
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/3be35e495477f9c17fb50e16860f33ea.png)
3.apache的访问控制
##设定ip的访问
vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/admin"> ##允许所有人访问admin目录但是拒绝250主机
Order Allow,Deny
Allow from All
Deny from 172.25.254.250
</Directory>
order行按顺序执行,前者优先级大于后者
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/d9ceb249f6bf9118e46f4e1d70117294.png)
<Directory "/var/www/html/admin"> ##只允许250主机访问admin目录
Order Deny,Allow
Allow from 172.25.254.250
Deny from All
</Directory>
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/1a51bd52d92ece39e36a1d488d44d347.png)
##设定用户的访问
htpasswd -m /etc/httpd/accessuser admin
vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/admin">
AuthUserFile /etc/httpd/accessuser ##用户认证文件
AuthName "Please input your name and password !!" ##用户认证提示信息
AuthType basic ##认证类型
Require valid-user ##认证用户,认证文件中所有用户都可以通过
[Require user admin] ##只允许认证文件中admin用户访问,二写一
</Directory>
生成用户认证密匙
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/4f7167e216460b894aa2912255c02bfe.png)
编辑配置文件如下
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/09d5a133c920475680348c0fa1ccffe0.png)
设定admin用户可以登陆
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/5bf7009ac2992e9837a4b49863904266.png)
设定admin1用户不能登陆
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/5e06fd574d31b20fbe0130152b397d5f.png)
admin1不能登陆
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/818faf5bbc8d27061bef20a0859ee0d9.png)
4.apache语言支持
php html cgi
html语言默认支持
php语言
vim index.php
<?php
phpinfo();
?>
yum install php -y
systemctl restart httpd
安装php
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/e14ed9285ace49c19abc6ee45db464bd.png)
在默认发布目录下添加index.php文件,写入以下测试内容
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/49bf007de8d02bcfddba5eec26fb576d.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/557821b3b5412eec6ff7881ce1272398.png)
测试成功!
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/4eb97482771cdd8e8c92224ec0565442.png)
cgi语言
mkdir /var/www/html/cgi
vim index.cgi
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print `date`;
vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/cgi">
Options +ExecCGI
AddHandler cgi-script .cgi
</Directory>
systemctl restart httpd
cgi的发布文件编辑
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/e3a05419a0e0a8a72385a455dab5d3fa.png)
给index.cgi加上可执行权限
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/db00edfbdb09609d64fc901196e19839.png)
修改default.conf文件
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/c63d5c160e7325222954d6a3328732d9.png)
修改安全上下文
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/45b593d21c7a46149f5f3ffe59ba081a.png)
测试成功!
四、apache的虚拟主机
1.定义
可以让我们的一台apache服务器在被访问不同域名的时候显示不同的主页
2.建立测试页
mkdir virtual/money.westos.com/html -p
mkdir virtual/news.westos.com/html -p
echo "money.westos.com's page" >virtual/money.westos.com/html/index.html
echo "news.westos.com's page" >virtual/news.westos.com/html/index.html
创建news.westos.com和sports.westos.com目录,编辑两个发布文件如下
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/adbb74413775ecf46ec2cf98e6371667.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/98335cce6b8f2c3cbd21a1a319a9e4de.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/3170a22e72aa616602b2e3590d67216f.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/75853b023bc9d85cfdddecf361ebfb44.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/d43518bb1c4eb81eb7fde2129f0c6f0d.png)
3.配置
vim /etc/httpd/conf.d/default.conf ##位指定域名的访问都访问default
<Virtualhost _default_:80> ##虚拟主机开启的端口
DocumentRoot "/var/www/html" ##虚拟主机的默认发布目录
CustomLog "logs/default.log" combined ##虚拟主机日志
</Virtualhost>
vim /etc/httpd/conf.d/news.conf ##指定域名news.westos.com的访问到指定默认发布目录中
<Virtualhost *:80>
ServerName "news.westos.com"
DocumentRoot "/var/www/virtual/news.westos.com/html"
CustomLog "logs/news.log" combined
</Virtualhost>
<Directory "/var/www/virtual/news.westos.com/html"> ##默认发布目录的访问授权
Require all granted
</Directory>
建立default.conf news.conf sports.conf三个文件作为访问文件
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/f93868d98fc580a6ddba6b85efb4dbaa.png)
default.conf中的文件内容
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/c8de7fb45505126ee1cab2178e5a6aec.png)
news.conf中的文件内容
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/b780a9a11de93a6600865750d492a953.png)
sports.conf中的文件内容
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/d2de03cd6bfea1a64ca286bba4db55a2.png)
重启服务,在26主机中的/etc/hosts配置文件中写入本地解析如下
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/add2565e725595b553e39734c7dbf449.png)
4.测试
在浏览器所在主机中
vim /etc/hosts
172.25.254.100 www.westos.com news.westos.com
测试结果如下
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/19c3b6007dad9ab7a8fee4a60b56bc41.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/c581d5b7415d37ab438b3d831009c721.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/884f606fb1bbdfc45f65e345851640b4.png)
五、网页加密访问https
1.https定义
Hyper text transfer protocol over Secure socker layer
通过ssl
2.配置
yum install mod_ssl -y
yum install crypto-utils -y
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/7bead32914cd1ecf0132f88bc5a58b50.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/f1ede1ee0c54141b3c20819e6173999d.png)
genkey www.westos.com
/etc/pki/tls/private/www.westos.com.key
/etc/pki/tls/certs/www.westos.com.crt
genkey www.westos.com 生成证书
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/f6c9ebe233f673cf8b5ffdf992369390.png)
填写信息
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/480b9e517ed5adcb024b6b0869ec2a8c.png)
选择不发送证书信息
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/240a93231a86f588898d3f648da61251.png)
不加密密钥
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/77b7ed51682739ef7bfa6fcd217894ab.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/6605eca1fb49776a4effaf51c5587b7c.png)
证书文件生成,检查http端口443,确定防火墙可以通过端口
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/822faddf7a940c25b87cdde33291a25b.png)
测试,证书信息变为自己设定的内容
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/5deb15548b68c2cb9dfc8334067944df.png)
vim /etc/httpd/conf.d/login.conf
<Virtualhost *:443>
ServerName "login.westos.com"
DocumentRoot "/var/www/virtual/login.westos.com/html"
CustomLog "logs/login.log" combined
SSLEngine on ##开始https功能
SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt #证书
SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key ##密钥
</Virtualhost>
<Directory "/var/www/virtual/login.westos.com/html">
Require all granted
</Directory>
<Virtualhost *:80> ##网页重写实现自动访问https
ServerName login.westos.com
RewriteEngine on
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
</Virtualhost>
##########################################################################
## ##
## ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301] ##
## ##
## ^(/.*)$ 客户主机在地址栏中写入的所有字符,不包含换行符 ##
## https:// 定向成为的访问协议 ##
## %{HTTP_HOST} 客户请求主机 ##
## $1 $1的值就表示^(/.*)$的值 ##
## [redirect=301] 临时重定向 302永久重定向 ##
## ##
##########################################################################
配置文件中添加生成的证书和密钥,配置各项和http加密访问有关的项
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/0ce337547b5f803d2aeb3a6adea80440.png)
创建新的发布文件
mkdir /var/www/virtual/login.westos.com/html -p
vim /var/www/virtual/login.westos.com/html/index.html
systemctl restart httpd
测试:
在客户主机中添加解析
vim /etc/hosts
172.25.254.100 login.westos.com
在真机本地解析中加入login.westos.com
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/b8ffb44c2d89d39008ba90ca33ba971e.png)
访问http://login.westos.com 会自动跳转到
https://login.westos.com 实现网页数据加密传输
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/7936824e1e2f7d02b27dca913294e712.png)
六、搭建简易论坛(安装包法)
安装所需的mariadb数据库,安装php插件,安装Apache,安装php-mysql服务
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/f849127b97d70ada76bee867e9943214.png)
解压压缩包到/var/www/html下
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/dceddad181e5de10b155f2908948d299.png)
修改readme文件中要求的文件权限为777,开启数据库服务
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/7b1727abbfdfe4942d7c01160b373a73.png)
在浏览器中输入172.25.254.126/upload/install进入安装服务
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/ca2a8c8f879a574f0ca5edf9f3c58e48.png)
检测全部通过
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/7eed17b3ac1641b466a02ef4352cae29.png)
填写信息
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/0aebe6cd6296fd669616f408f4df8a88.png)
论坛安装成功,可以用管理员身份进入论坛
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/da0d72748a72a3d573287d49bf96f5e6.png)
一、安装Apache服务
yum install httpd -y
systemctl start httpd
systemctl stop firewalld
systemctl enable httpd
systemctl disable firewalld
二、apache信息
1.apache的默认发布文件
index.html
在默认发布文件内写入要展示的内容,在浏览器中输入本机http://172.25.254.126可以看到内容
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/5ffc81883490e46a3930cd98263f46bb.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/3e647f297fe1d24af4647c8e884342d3.png)
2.apache的配置文件
/etc/httpd/conf/httpd.conf
/etc/httpd/conf.d/*.conf
3.apache的默认发布目录
/var/www/html
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/2dd5e5fb3be5f107ef0bd2d92f2f015b.png)
4.apache的默认端口
80
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/78e542134925b2e52d30846ede2e8182.png)
三、apache的基本配置
1.修改默认发布文件
vim /etc/httpd/conf/httpd.conf
164 DirectoryIndex westos.html
systemctl restart httpd
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/a77fb2dce1c9a7cd29a94f2c6d77418d.png)
2.修改默认发布目录
##当selinux是disable状态
vim /etc/httpd/conf/httpd.conf
120 DocumentRoot "/westos/www/test"
<Directory "/westos/www/test">
Require all granted
</Directory>
systemctl restart httpd
##当selinux是enforcing状态
vim /etc/httpd/conf/httpd.conf
120 DocumentRoot "/westos/www/test"
<Directory "/westos/www/test">
Require all granted
</Directory>
systemctl restart httpd
semanage fcontext -a -t httpd_sys_content_t '/westos(/.*)?'
restorecon -RvvF /westos
修改/westos/html/westos文件内容
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/21a963bf38168c64a25d953aeba4ec68.png)
因为selinux为enforcing,需要修改新建目录的安全上下文,再刷新配置
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/a1bb4a71972f120c6fde5f20f7119b24.png)
重启服务后访问到westos目录
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/3be35e495477f9c17fb50e16860f33ea.png)
3.apache的访问控制
##设定ip的访问
vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/admin"> ##允许所有人访问admin目录但是拒绝250主机
Order Allow,Deny
Allow from All
Deny from 172.25.254.250
</Directory>
order行按顺序执行,前者优先级大于后者
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/d9ceb249f6bf9118e46f4e1d70117294.png)
<Directory "/var/www/html/admin"> ##只允许250主机访问admin目录
Order Deny,Allow
Allow from 172.25.254.250
Deny from All
</Directory>
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/1a51bd52d92ece39e36a1d488d44d347.png)
##设定用户的访问
htpasswd -m /etc/httpd/accessuser admin
vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/admin">
AuthUserFile /etc/httpd/accessuser ##用户认证文件
AuthName "Please input your name and password !!" ##用户认证提示信息
AuthType basic ##认证类型
Require valid-user ##认证用户,认证文件中所有用户都可以通过
[Require user admin] ##只允许认证文件中admin用户访问,二写一
</Directory>
生成用户认证密匙
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/4f7167e216460b894aa2912255c02bfe.png)
编辑配置文件如下
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/09d5a133c920475680348c0fa1ccffe0.png)
设定admin用户可以登陆
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/5bf7009ac2992e9837a4b49863904266.png)
设定admin1用户不能登陆
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/5e06fd574d31b20fbe0130152b397d5f.png)
admin1不能登陆
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/818faf5bbc8d27061bef20a0859ee0d9.png)
4.apache语言支持
php html cgi
html语言默认支持
php语言
vim index.php
<?php
phpinfo();
?>
yum install php -y
systemctl restart httpd
安装php
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/e14ed9285ace49c19abc6ee45db464bd.png)
在默认发布目录下添加index.php文件,写入以下测试内容
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/49bf007de8d02bcfddba5eec26fb576d.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/557821b3b5412eec6ff7881ce1272398.png)
测试成功!
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/4eb97482771cdd8e8c92224ec0565442.png)
cgi语言
mkdir /var/www/html/cgi
vim index.cgi
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print `date`;
vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/cgi">
Options +ExecCGI
AddHandler cgi-script .cgi
</Directory>
systemctl restart httpd
cgi的发布文件编辑
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/e3a05419a0e0a8a72385a455dab5d3fa.png)
给index.cgi加上可执行权限
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/db00edfbdb09609d64fc901196e19839.png)
修改default.conf文件
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/c63d5c160e7325222954d6a3328732d9.png)
修改安全上下文
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/45b593d21c7a46149f5f3ffe59ba081a.png)
测试成功!
四、apache的虚拟主机
1.定义
可以让我们的一台apache服务器在被访问不同域名的时候显示不同的主页
2.建立测试页
mkdir virtual/money.westos.com/html -p
mkdir virtual/news.westos.com/html -p
echo "money.westos.com's page" >virtual/money.westos.com/html/index.html
echo "news.westos.com's page" >virtual/news.westos.com/html/index.html
创建news.westos.com和sports.westos.com目录,编辑两个发布文件如下
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/adbb74413775ecf46ec2cf98e6371667.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/98335cce6b8f2c3cbd21a1a319a9e4de.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/3170a22e72aa616602b2e3590d67216f.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/75853b023bc9d85cfdddecf361ebfb44.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/d43518bb1c4eb81eb7fde2129f0c6f0d.png)
3.配置
vim /etc/httpd/conf.d/default.conf ##位指定域名的访问都访问default
<Virtualhost _default_:80> ##虚拟主机开启的端口
DocumentRoot "/var/www/html" ##虚拟主机的默认发布目录
CustomLog "logs/default.log" combined ##虚拟主机日志
</Virtualhost>
vim /etc/httpd/conf.d/news.conf ##指定域名news.westos.com的访问到指定默认发布目录中
<Virtualhost *:80>
ServerName "news.westos.com"
DocumentRoot "/var/www/virtual/news.westos.com/html"
CustomLog "logs/news.log" combined
</Virtualhost>
<Directory "/var/www/virtual/news.westos.com/html"> ##默认发布目录的访问授权
Require all granted
</Directory>
建立default.conf news.conf sports.conf三个文件作为访问文件
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/f93868d98fc580a6ddba6b85efb4dbaa.png)
default.conf中的文件内容
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/c8de7fb45505126ee1cab2178e5a6aec.png)
news.conf中的文件内容
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/b780a9a11de93a6600865750d492a953.png)
sports.conf中的文件内容
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/d2de03cd6bfea1a64ca286bba4db55a2.png)
重启服务,在26主机中的/etc/hosts配置文件中写入本地解析如下
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/add2565e725595b553e39734c7dbf449.png)
4.测试
在浏览器所在主机中
vim /etc/hosts
172.25.254.100 www.westos.com news.westos.com
测试结果如下
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/19c3b6007dad9ab7a8fee4a60b56bc41.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/c581d5b7415d37ab438b3d831009c721.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/884f606fb1bbdfc45f65e345851640b4.png)
五、网页加密访问https
1.https定义
Hyper text transfer protocol over Secure socker layer
通过ssl
2.配置
yum install mod_ssl -y
yum install crypto-utils -y
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/7bead32914cd1ecf0132f88bc5a58b50.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/f1ede1ee0c54141b3c20819e6173999d.png)
genkey www.westos.com
/etc/pki/tls/private/www.westos.com.key
/etc/pki/tls/certs/www.westos.com.crt
genkey www.westos.com 生成证书
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/f6c9ebe233f673cf8b5ffdf992369390.png)
填写信息
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/480b9e517ed5adcb024b6b0869ec2a8c.png)
选择不发送证书信息
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/240a93231a86f588898d3f648da61251.png)
不加密密钥
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/77b7ed51682739ef7bfa6fcd217894ab.png)
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/6605eca1fb49776a4effaf51c5587b7c.png)
证书文件生成,检查http端口443,确定防火墙可以通过端口
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/822faddf7a940c25b87cdde33291a25b.png)
测试,证书信息变为自己设定的内容
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/5deb15548b68c2cb9dfc8334067944df.png)
vim /etc/httpd/conf.d/login.conf
<Virtualhost *:443>
ServerName "login.westos.com"
DocumentRoot "/var/www/virtual/login.westos.com/html"
CustomLog "logs/login.log" combined
SSLEngine on ##开始https功能
SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt #证书
SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key ##密钥
</Virtualhost>
<Directory "/var/www/virtual/login.westos.com/html">
Require all granted
</Directory>
<Virtualhost *:80> ##网页重写实现自动访问https
ServerName login.westos.com
RewriteEngine on
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
</Virtualhost>
##########################################################################
## ##
## ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301] ##
## ##
## ^(/.*)$ 客户主机在地址栏中写入的所有字符,不包含换行符 ##
## https:// 定向成为的访问协议 ##
## %{HTTP_HOST} 客户请求主机 ##
## $1 $1的值就表示^(/.*)$的值 ##
## [redirect=301] 临时重定向 302永久重定向 ##
## ##
##########################################################################
配置文件中添加生成的证书和密钥,配置各项和http加密访问有关的项
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/0ce337547b5f803d2aeb3a6adea80440.png)
创建新的发布文件
mkdir /var/www/virtual/login.westos.com/html -p
vim /var/www/virtual/login.westos.com/html/index.html
systemctl restart httpd
测试:
在客户主机中添加解析
vim /etc/hosts
172.25.254.100 login.westos.com
在真机本地解析中加入login.westos.com
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/b8ffb44c2d89d39008ba90ca33ba971e.png)
访问http://login.westos.com 会自动跳转到
https://login.westos.com 实现网页数据加密传输
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/7936824e1e2f7d02b27dca913294e712.png)
六、搭建简易论坛(安装包法)
安装所需的mariadb数据库,安装php插件,安装Apache,安装php-mysql服务
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/f849127b97d70ada76bee867e9943214.png)
解压压缩包到/var/www/html下
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/dceddad181e5de10b155f2908948d299.png)
修改readme文件中要求的文件权限为777,开启数据库服务
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/7b1727abbfdfe4942d7c01160b373a73.png)
在浏览器中输入172.25.254.126/upload/install进入安装服务
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/ca2a8c8f879a574f0ca5edf9f3c58e48.png)
检测全部通过
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/7eed17b3ac1641b466a02ef4352cae29.png)
填写信息
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/0aebe6cd6296fd669616f408f4df8a88.png)
论坛安装成功,可以用管理员身份进入论坛
![](https://oscdn.geek-share.com/Uploads/Images/Content/201708/16/da0d72748a72a3d573287d49bf96f5e6.png)
相关文章推荐
- Linux运维笔记-文档总结-Apache基本配置的介绍和语言支持,虚拟主机,访问控制的实现
- linux系统之apache基本配置及语言支持及虚拟主机 访问控制
- httpd服务之虚拟主机、访问控制、https配置
- 韩顺平PHP学习视频笔记整理029apache服务器使用及配置④ apache虚拟主机 web访问时序图
- Nginx作为WEB服务相关配置(性能优化,网络连接,访问控制,虚拟主机,https等等)
- httpd服务之虚拟主机、访问控制、https配置详解
- httpd高级配置(虚拟主机,https,访问控制)
- apache的访问控制和虚拟主机的配置
- **HTTP配置文件详解(访问控制、虚拟主机、DEFLATE、HTTPS配置)**
- apache配置支持虚拟主机(通过端口访问)
- Linux运维实战之Apache服务器的高级配置(虚拟主机、status)
- https服务器的配置(二)配置apache虚拟主机
- apache中使用mod_gnutls模块实现多个SSL站点配置(多个HTTPS协议的虚拟主机)
- 基于 Apache 在本地配置多个虚拟主机,实现本地多站点访问
- Apache的虚拟主机配置和网页加密
- apache的虚拟主机配置和指定目录的访问描述(
- httpd配置虚拟主机及访问控制
- www服务的高级配置(用户验证,访问控制,虚拟主机等)
- RHEL6.3配置Apache服务器(3) 虚拟目录及基于客户端地址的访问控制
- Apache 配置多端口 多虚拟主机 局域网访问