码迷,mamicode.com
首页 > Web开发 > 详细

http指令以及https的练习

时间:2016-07-19 11:17:58      阅读:316      评论:0      收藏:0      [点我收藏+]

标签:http指令和https

分别使用httpd-2.2和httpd-2.4实现

1、建立httpd服务,要求:

(1) 提供两个基于名称的虚拟主机www1, www2;有单独的错误日志和访问日志; 

(2) 通过www1的/server-status提供状态信息,且仅允许tom用户访问;

(3) www2不允许192.168.0.0/24网络中任意主机访问;

2、为上面的第2个虚拟主机提供https服务;


1.httpd-2.2-----环境CentOS6.7

  主配置文件

#vim /etc/httpd/conf/httpd.conf

NameVirtualHost 172.16.8.100:80

LoadModule status_module modules/mod_status.so

www1配置文件

#vim /etc/httpd/conf.d/www1.conf

<VirtualHost 172.16.8.100:80>

   DocumentRoot /data/www1

   ServerName www1.marvel.com

   ErrorLog logs/www1-error_log

   CustomLog logs/www1-access_log combined

   <Location /server-status>

       SetHandler server-status

       options none

       allowoverride none

       AuthName "status"

       AuthType basic

       AuthUserFile "/etc/httpd/www1_passwd"

       Require user tom

  </Location>

</VirtualHost>

 

www2配置文件

#vim /etc/httpd/conf.d/www2.conf

<VirtualHost 172.16.8.100:80>

    DocumentRoot /data/www2

    ServerName www2.marvel.com

    ErrorLog logs/www2-error_log

    CustomLog logs/www2-access_log combined

   <directory "/data/www2">

       options none

       allowoverride none

       order allow,deny

       allow from all

   </directory>

</VirtualHost>

为www2配置https

#yum install mod_ssl

#httpd -M //查看是否启用ssl模块,如果未启用,在主配置文件或ssl.conf文件加入LoadModule ssl_module modules/mod_ssl.so即可

为服务器申请数字证书;

测试:通过私建CA发证书

(a) 创建私有CA 

(umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem 1024)

openssl req -new -x509 -key /etc/pki/CA/private/ca.key -out /etc/pki/CA/crl/cacert.pem

echo 01 > serial

touch index.txt

(b) 在服务器创建证书签署请求 172.16.8.100

(umask 077;openssl genrsa -out /etc/pki/tls/private/httpd.key 1024)

openssl req -new -key /etc/pki/tls/private/httpd.key -out /etc/pki/tls/httpd.csr

scp /etc/pki/tls/httpd.csr 172.16.8.101:/tmp

Attention:在安装了mod_ssl,在这个文件中为ssl提供了配置文件ssl.conf,其中规定了私钥和公钥的存放位置

(c) CA签证

openssl ca -in /tmp/httpd.csr -out /tmp/httpd/crt

scp /tmp/httpd.crt 172.16.8.100:/etc/pki/tls/certs/httpd.crt

#vim /etc/httpd/conf.d/ssl.conf

<VirtualHost 172.16.8.100:443>

...

servername www2.marvel.com

DocumentRoot "/data/www2"

SSLCertificateFile /etc/pki/tls/certs/httpd.crt

SSLCertificateKeyFile /etc/pki/tls/private/httpd.key

...

</VirtualHost>


2.http-2.4--环境Centos7.1

1.加载status模块

在/etc/httpd/conf.modules.d/00-base.conf中,加入或取消注释下面一行

LoadModule status_module modules/mod_status.so

2.编辑虚拟主机www1的配置文件,httpd-2.4不再需要NameVirtualHost指令了

#vim /etc/httpd/conf.d/www1.conf

<virtualhost 172.16.8.102:80>

        servername www1.marvel.com

        documentroot "/data/www1"

        errorlog    logs/www1-error_log

        customlog   logs/www1-access_log combined

        <Location /server-status>

                SetHandler server-status

                options none

                allowoverride none

                AuthName "staus"

                AuthType basic

                AuthUserFile "/data/www1/.www1_passwd"

                require user tom

        </Location>

        <directory "/data/www1">

                <RequireAll>

                        Require all granted

                        Require not ip 192.168.0.0/24

                </RequireAll>

        </directory>

</virtualhost>

3.编辑www2配置文件

#vim /etc/httpd/conf.d/www2.conf

<virtualhost 172.16.8.102:80>

        servername www2.marvel.com

        documentroot "/data/www2"

        errorlog    logs/www2-error_log

        customlog   logs/www2-access_log combined

        <directory "/data/www2">

                Require all granted

        </directory>

</virtualhost>

4.为www2提供https

安装mod_ssl模块

#yum install mod_ssl

安装mod_ssl会自动生成/etc/httpd/conf.modules.d/00-ssl.conf,其中包含加载模块的指令

LoadModule ssl_module modules/mod_ssl.so

为服务器申请数字证书;

测试:通过私建CA发证书

(a) 创建私有CA 

(umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem 1024)

openssl req -new -x509 -key /etc/pki/CA/private/ca.key -out /etc/pki/CA/crl/cacert.pem

echo 01 > serial

touch index.txt

(b) 在服务器创建证书签署请求 172.16.8.102

(umask 077;openssl genrsa -out /etc/pki/tls/private/httpd.key 1024)

openssl req -new -key /etc/pki/tls/private/httpd.key -out /etc/pki/tls/httpd.csr

scp /etc/pki/tls/httpd.csr 172.16.8.101:/tmp

Attention:在安装了mod_ssl,在这个文件中为ssl提供了配置文件ssl.conf,其中规定了私钥和公钥的存放位置

(c) CA签证

openssl ca -in /tmp/httpd.csr -out /tmp/httpd/crt

scp /tmp/httpd.crt 172.16.8.102:/etc/pki/tls/certs/httpd.crt  

#vim /etc/httpd/conf.d/ssl.conf

<VirtualHost 172.16.8.100:443>

...

servername www2.marvel.com

DocumentRoot "/data/www2"

<directory "/data/www2">

        require all granted

</directory>

SSLCertificateFile /etc/pki/tls/certs/httpd.crt

SSLCertificateKeyFile /etc/pki/tls/private/httpd.key

...

</VirtualHost>                                      

 


http指令以及https的练习

标签:http指令和https

原文地址:http://bloodhero.blog.51cto.com/4496010/1827588

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!