[root@localhost ~]# cd /var/www/html/
[root@localhost html]# ls
[root@localhost html]# echo "hello" > index.html
[root@localhost html]# ls
index.html
[root@localhost html]# mkdir youxi [root@localhost html]# ll total 4 -rw-r–r–. 1 root root 6 Jul 21 21:02 index.html drwxr-xr-x. 2 root root 6 Jul 21 21:12 youxi [root@localhost html]# ls index.html youxi [root@localhost html]# cd youxi/ [root@localhost youxi]# ls [root@localhost youxi]# ls feijiedazhan.zip [root@localhost youxi]# yum -y install zip* Last metadata expiration check: 0:19:30 ago on Thu 21 Jul 2022 08:56:41 PM CST. Dependencies resolved. … Complete! [root@localhost youxi]# ls feijiedazhan.zip [root@localhost youxi]# unzip feijiedazhan.zip … [root@localhost youxi]# ls feijiedazhan.zip HTML5全民飛機(jī)大戰(zhàn)小游戲 [root@localhost youxi]# rm -rf feijiedazhan.zip [root@localhost youxi]# ls HTML5全民飛機(jī)大戰(zhàn)小游戲 [root@localhost youxi]# mv HTML5全民飛機(jī)大戰(zhàn)小游戲 feiji [root@localhost youxi]# ls feiji [root@localhost youxi]# mv feiji /var/www/html/ [root@localhost youxi]# cd [root@localhost ~]# cd /var/www/html/ [root@localhost html]# ls feiji index.html youxi [root@localhost html]# rm -rf youxi [root@localhost html]# ls feiji index.html [root@localhost html]# cd feiji/ [root@localhost feiji]# ls css img index.html js [root@localhost feiji]# cd … [root@localhost html]# ls feiji index.html [root@localhost html]# cd [root@localhost ~]# cd /etc/httpd/ [root@localhost httpd]# ls conf conf.d conf.modules.d logs modules run state [root@localhost httpd]# cd conf [root@localhost conf]# ls httpd.conf magic [root@localhost conf]# pwd /etc/httpd/conf [root@localhost conf]# ls httpd.conf magic [root@localhost conf]# vim httpd.conf [root@localhost conf]# systemctl restart httpd
虛擬主機(jī): 虛擬主機(jī)有三類:
相同IP不同端口
[root@localhost ~]# mkdir /var/www/vhost1
[root@localhost ~]# vim /var/www/vhost1/index.html
vhost1
[root@localhost ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf
Listen 80
<VirtualHost 192.168.56.166:8080>ServerAdmin root@localhost ServerName www.wyn.com ServerAlias www.wyn1.com DocumentRoot "/var/www/vhost1/" ErrorLog "/var/log/httpd/error_log" CustomLog "/var/log/httpd/access_log" combined <Directory "/var/www/vhost1/"> <RequireAll> Require all grantedRequire not ip 192.168.1.1</RequireAll></Directory>
</VirtualHost>[root@localhost ~]# mkdir /var/www/vhost2/
[root@localhost ~]# vim /var/www/vhost2/index.html
vhost2
[root@localhost ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf
Listen 8800
<VirtualHost 192.168.56.166:8800>ServerAdmin root@localhostServerName www.nyw.comServerAlias www.nyw1.comDocumentRoot "/var/www/vhost2/"ErrorLog "/var/log/httpd/error_log"CustomLog "/var/log/httpd/access_log" common <Directory "/var/www/vhost2/"><RequireAll>Require all grantedRequire not ip 192.168.1.1</RequireAll></Directory>
</VirtualHost>
[root@localhost ~]# systemctl restart httpd
注意:防火墻是否放行端口,selinux是否開放端口。
不同IP相同端口
[root@localhost ~]# ip a add 192.168.56.167/24 dev ens33
[root@localhost ~]# ip a add 192.168.56.168/24 dev ens33
[root@localhost ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf
<VirtualHost 192.168.52.156:80>DocumentRoot "/var/www/html"
</VirtualHost>
<VirtualHost 192.168.56.167:80>ServerAdmin root@localhostServerName www.wyn.comServerAlias www.wyn1.comDocumentRoot "/var/www/vhost1/"ErrorLog "/var/log/httpd/error_log"CustomLog "/var/log/httpd/access_log" combined<Directory "/var/www/vhost1/"><RequireAll>Require all grantedRequire not ip 192.168.56.134</RequireAll></Directory>
</VirtualHost><VirtualHost 192.168.56.168:80>ServerAdmin root@localhostServerName www.nyw.comServerAlias www.nyw1.comDocumentRoot "/var/www/vhost2/"ErrorLog "/var/log/httpd/error_log"CustomLog "/var/log/httpd/access_log" common<Directory "/var/www/vhost2/"><RequireAll>Require all grantedRequire not ip 192.168.56.134</RequireAll></Directory>
</VirtualHost>[root@localhost ~]# systemctl restart httpd
相同IP相同端口不同域名
[root@localhost ~]#vim /etc/httpd/conf.d/httpd-vhosts.conf
<VirtualHost 192.168.56.166:80>ServerAdmin root@localhostServerName www.wyn.comServerAlias www.wyn1.comDocumentRoot "/var/www/vhost1/"ErrorLog "/var/log/httpd/error_log"CustomLog "/var/log/httpd/access_log" combined<Directory "/var/www/vhost1/"><RequireAll>Require all grantedRequire not ip 192.168.56.134</RequireAll></Directory>
</VirtualHost><VirtualHost 192.168.56.166:80>ServerAdmin root@localhostServerName www.nyw.comServerAlias www.nyw1.comDocumentRoot "/var/www/vhost2/"ErrorLog "/var/log/httpd/error_log"CustomLog "/var/log/httpd/access_log" common<Directory "/var/www/vhost2/"><RequireAll>Require all grantedRequire not ip 192.168.56.134</RequireAll></Directory>
</VirtualHost>
[root@localhost ~]# systemctl restart httpd
[root@localhost ~]# cd /etc/httpd/conf
[root@localhost conf]# ls
httpd.conf magic
[root@localhost conf]# cd ..
[root@localhost httpd]# ls
conf conf.d conf.modules.d logs modules run state
[root@localhost httpd]# cd conf.modules.d
[root@localhost conf.modules.d]# ls
00-base.conf 00-lua.conf 00-optional.conf 00-systemd.conf 10-h2.conf README
00-dav.conf 00-mpm.conf 00-proxy.conf 01-cgi.conf 10-proxy_h2.conf
[root@localhost conf.modules.d]# cd ..
[root@localhost httpd]# ls
conf conf.d conf.modules.d logs modules run state
[root@localhost httpd]# cd conf.d/
[root@localhost conf.d]# ls
autoindex.conf README userdir.conf welcome.conf
[root@localhost conf.d]# cd ..
[root@localhost httpd]# ls
conf conf.d conf.modules.d logs modules run state
[root@localhost httpd]# cd conf.modules.d/
[root@localhost conf.modules.d]# ls
00-base.conf 00-lua.conf 00-optional.conf 00-systemd.conf 10-h2.conf README
00-dav.conf 00-mpm.conf 00-proxy.conf 01-cgi.conf 10-proxy_h2.conf
[root@localhost conf.modules.d]# yum -y install mod_ssl
Last metadata expiration check: 1:41:12 ago on Thu 21 Jul 2022 08:56:41 PM CST.
Dependencies resolved.
=================================================================================================================================Package Architecture Version Repository Size
=================================================================================================================================
Installing:mod_ssl x86_64 1:2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1 appstream 137 k
Installing dependencies:sscg x86_64 2.3.3-15.el8 appstream 49 kTransaction Summary
=================================================================================================================================
Install 2 PackagesTotal download size: 187 k
Installed size: 364 k
Downloading Packages:
(1/2): sscg-2.3.3-15.el8.x86_64.rpm 192 kB/s | 49 kB 00:00
(2/2): mod_ssl-2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.x86_64.rpm 487 kB/s | 137 kB 00:00
---------------------------------------------------------------------------------------------------------------------------------
Total 252 kB/s | 187 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transactionPreparing : 1/1 Installing : sscg-2.3.3-15.el8.x86_64 1/2 Installing : mod_ssl-1:2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.x86_64 2/2 Running scriptlet: mod_ssl-1:2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.x86_64 2/2 Verifying : mod_ssl-1:2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.x86_64 1/2 Verifying : sscg-2.3.3-15.el8.x86_64 2/2
Installed products updated.Installed:mod_ssl-1:2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1.x86_64 sscg-2.3.3-15.el8.x86_64 Complete!
[root@localhost conf.modules.d]# ls
00-base.conf 00-lua.conf 00-optional.conf 00-ssl.conf 01-cgi.conf 10-proxy_h2.conf
00-dav.conf 00-mpm.conf 00-proxy.conf 00-systemd.conf 10-h2.conf README
[root@localhost conf.modules.d]# cd ..
[root@localhost httpd]# ls
conf conf.d conf.modules.d logs modules run state
[root@localhost httpd]# cd conf.d/
[root@localhost conf.d]# ls
autoindex.conf README ssl.conf userdir.conf welcome.conf
[root@localhost conf.d]# cd ..
[root@localhost httpd]# ls
conf conf.d conf.modules.d logs modules run state
[root@localhost httpd]# cd conf.modules.d/
[root@localhost conf.modules.d]# ls
00-base.conf 00-lua.conf 00-optional.conf 00-ssl.conf 01-cgi.conf 10-proxy_h2.conf
00-dav.conf 00-mpm.conf 00-proxy.conf 00-systemd.conf 10-h2.conf README
[root@localhost conf.modules.d]# vim 00-ssl.conf
LoadModule ssl_module modules/mod_ssl.so
配置https步驟:
生成證書(參考博客linux運(yùn)維系列第6章)
[root@localhost ~]# mkdir /etc/pki/CA
[root@localhost ~]# cd /etc/pki/CA
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
genrsa: Can't open "private/cakey.pem" for writing, No such file or directory
[root@localhost CA]# mkdir private
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
...................................................................................................................................................................+++++
..........+++++
e is 65537 (0x010001)
[root@localhost CA]# openssl rsa -in private/cakey.pem -pubout
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVhvBdk08oXwZHJoQuc5
34WNgyP0ONnax4/dGFJUJNHeDirO2ozKR2/zmBxT8FGBQKvtvK1JV49DUphYA3Nj
bocDUZhUFaJ1/Zf9psMQhX78yc2m0mydx4l+N6LREBbjqsxa2NcsYumo+OpT6V+i
STCXzvJC8ITnyxkl1WRumshcSdPLfuMlWaUQX8uxzWlvVmDZBpI5mbJGtgF2fYuV
3IcUWcwJ02Ap+CuObC/mr7w3b7nveDg3lNjivFrk+iZB9/g6mpQxkeq5I0jxE4b7
5vTp76BOVixV26K8fd9PV9ogvKOgESHUVnvccxyLw1dsGbdbG3HjRQ+SYMA3D0XB
6QIDAQAB
-----END PUBLIC KEY-----
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:peixun
Common Name (eg, your name or your server's hostname) []:www.wyn.com
Email Address []:1@2.com
[root@localhost CA]# ls private/
cakey.pem
[root@localhost CA]# ls
cacert.pem private
[root@localhost CA]# openssl x509 -text -in cacert.pem
Certificate:Data:Version: 3 (0x2)Serial Number:60:68:ce:e8:0a:2a:fc:b7:7f:7f:e8:00:12:d2:5f:6b:09:23:a1:c1Signature Algorithm: sha256WithRSAEncryptionIssuer: C = cn, ST = hb, L = wh, O = Default Company Ltd, OU = peixun, CN = www.wyn.com, emailAddress = 1@2.comValidityNot Before: Jul 21 15:09:47 2022 GMTNot After : Jul 21 15:09:47 2023 GMTSubject: C = cn, ST = hb, L = wh, O = Default Company Ltd, OU = peixun, CN = www.wyn.com, emailAddress = 1@2.comSubject Public Key Info:Public Key Algorithm: rsaEncryptionRSA Public-Key: (2048 bit)Modulus:00:a5:58:6f:05:d9:34:f2:85:f0:64:72:68:42:e7:39:df:85:8d:83:23:f4:38:d9:da:c7:8f:dd:18:52:54:24:d1:de:0e:2a:ce:da:8c:ca:47:6f:f3:98:1c:53:f0:51:81:40:ab:ed:bc:ad:49:57:8f:43:52:98:58:03:73:63:6e:87:03:51:98:54:15:a2:75:fd:97:fd:a6:c3:10:85:7e:fc:c9:cd:a6:d2:6c:9d:c7:89:7e:37:a2:d1:10:16:e3:aa:cc:5a:d8:d7:2c:62:e9:a8:f8:ea:53:e9:5f:a2:49:30:97:ce:f2:42:f0:84:e7:cb:19:25:d5:64:6e:9a:c8:5c:49:d3:cb:7e:e3:25:59:a5:10:5f:cb:b1:cd:69:6f:56:60:d9:06:92:39:99:b2:46:b6:01:76:7d:8b:95:dc:87:14:59:cc:09:d3:60:29:f8:2b:8e:6c:2f:e6:af:bc:37:6f:b9:ef:78:38:37:94:d8:e2:bc:5a:e4:fa:26:41:f7:f8:3a:9a:94:31:91:ea:b9:23:48:f1:13:86:fb:e6:f4:e9:ef:a0:4e:56:2c:55:db:a2:bc:7d:df:4f:57:da:20:bc:a3:a0:11:21:d4:56:7b:dc:73:1c:8b:c3:57:6c:19:b7:5b:1b:71:e3:45:0f:92:60:c0:37:0f:45:c1:e9Exponent: 65537 (0x10001)X509v3 extensions:X509v3 Subject Key Identifier: 86:86:1D:8A:53:D5:C2:7B:50:86:C9:12:7A:C0:B6:3D:6F:71:40:05X509v3 Authority Key Identifier: keyid:86:86:1D:8A:53:D5:C2:7B:50:86:C9:12:7A:C0:B6:3D:6F:71:40:05X509v3 Basic Constraints: criticalCA:TRUESignature Algorithm: sha256WithRSAEncryption67:32:b1:1f:9d:eb:94:6c:9a:fd:7a:81:9e:f3:e9:50:6e:0e:a1:a0:28:6c:5e:7a:73:5d:78:94:c0:f4:f9:fa:77:0f:db:3a:06:df:14:20:23:a3:ff:ef:af:1f:03:29:a7:32:80:e6:05:76:fa:2c:b3:17:78:c3:7e:70:69:7e:41:03:6a:af:80:f7:6b:9b:fe:b2:55:b2:29:f6:89:36:42:89:37:e2:fd:bc:c2:29:b8:96:f7:f1:bd:78:9b:91:5d:f3:13:67:d7:4e:e7:d7:c2:dc:d2:95:4c:34:ba:bd:12:1e:47:2c:f4:c1:ac:79:91:39:d7:17:89:be:15:0a:f8:21:71:b5:73:7d:8a:54:02:2f:6f:70:ae:3f:7f:d8:17:47:16:0f:5d:2b:e4:2d:68:05:88:04:65:d3:ad:c9:90:91:d1:b2:1c:78:30:b1:d7:63:29:8b:7a:70:ea:88:f9:a8:d7:4f:bb:a8:a3:ee:a8:b4:73:56:9e:ed:86:dd:66:5e:4a:57:01:3b:5f:bb:61:1b:6e:a7:e3:99:ed:3a:44:4a:5e:9c:27:3c:9f:1b:71:56:5b:5f:b5:93:c1:46:3e:77:ec:24:b4:69:74:06:1e:b4:f3:0a:ff:d1:8e:79:1e:4f:90:96:7d:ee:88:27:30:db:0e:80:14:6d:9a:02
-----BEGIN CERTIFICATE-----
MIID6zCCAtOgAwIBAgIUYGjO6Aoq/Ld/f+gAEtJfawkjocEwDQYJKoZIhvcNAQEL
BQAwgYQxCzAJBgNVBAYTAmNuMQswCQYDVQQIDAJoYjELMAkGA1UEBwwCd2gxHDAa
BgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxDzANBgNVBAsMBnBlaXh1bjEUMBIG
A1UEAwwLd3d3Lnd5bi5jb20xFjAUBgkqhkiG9w0BCQEWBzFAMi5jb20wHhcNMjIw
NzIxMTUwOTQ3WhcNMjMwNzIxMTUwOTQ3WjCBhDELMAkGA1UEBhMCY24xCzAJBgNV
BAgMAmhiMQswCQYDVQQHDAJ3aDEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0
ZDEPMA0GA1UECwwGcGVpeHVuMRQwEgYDVQQDDAt3d3cud3luLmNvbTEWMBQGCSqG
SIb3DQEJARYHMUAyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AKVYbwXZNPKF8GRyaELnOd+FjYMj9DjZ2seP3RhSVCTR3g4qztqMykdv85gcU/BR
gUCr7bytSVePQ1KYWANzY26HA1GYVBWidf2X/abDEIV+/MnNptJsnceJfjei0RAW
46rMWtjXLGLpqPjqU+lfokkwl87yQvCE58sZJdVkbprIXEnTy37jJVmlEF/Lsc1p
b1Zg2QaSOZmyRrYBdn2LldyHFFnMCdNgKfgrjmwv5q+8N2+573g4N5TY4rxa5Pom
Qff4OpqUMZHquSNI8ROG++b06e+gTlYsVduivH3fT1faILyjoBEh1FZ73HMci8NX
bBm3Wxtx40UPkmDANw9FwekCAwEAAaNTMFEwHQYDVR0OBBYEFIaGHYpT1cJ7UIbJ
EnrAtj1vcUAFMB8GA1UdIwQYMBaAFIaGHYpT1cJ7UIbJEnrAtj1vcUAFMA8GA1Ud
EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGcysR+d65Rsmv16gZ7z6VBu
DqGgKGxeenNdeJTA9Pn6dw/bOgbfFCAjo//vrx8DKacygOYFdvossxd4w35waX5B
A2qvgPdrm/6yVbIp9ok2Qok34v28wim4lvfxvXibkV3zE2fXTufXwtzSlUw0ur0S
Hkcs9MGseZE51xeJvhUK+CFxtXN9ilQCL29wrj9/2BdHFg9dK+QtaAWIBGXTrcmQ
kdGyHHgwsddjKYt6cOqI+ajXT7uoo+6otHNWnu2G3WZeSlcBO1+7YRtup+OZ7TpE
Sl6cJzyfG3FWW1+1k8FGPnfsJLRpdAYetPMK/9GOeR5PkJZ97ognMNsOgBRtmgI=
-----END CERTIFICATE-----
[root@localhost CA]# mkdir certs newcerts crl
[root@localhost CA]# ls
cacert.pem certs crl newcerts private
[root@localhost CA]# touch index.txt && echo 01 > serial
[root@localhost CA]# ls
cacert.pem certs crl index.txt newcerts private serial
[root@localhost CA]# ls
cacert.pem certs crl index.txt newcerts private serial
[root@localhost CA]# cd /etc/httpd && mkdir ssl && cd ssl
[root@localhost ssl]# pwd
/etc/httpd/ssl
[root@localhost ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
......+++++
.................................................................................................................+++++
e is 65537 (0x010001)
[root@localhost ssl]# ls
httpd.key
[root@localhost ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:peixun
Common Name (eg, your name or your server's hostname) []:www.wyn.com
Email Address []:1@2.comPlease enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@localhost ssl]# ls
httpd.csr httpd.key
[root@localhost ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:Serial Number: 1 (0x1)ValidityNot Before: Jul 21 15:20:50 2022 GMTNot After : Jul 21 15:20:50 2023 GMTSubject:countryName = cnstateOrProvinceName = hborganizationName = Default Company LtdorganizationalUnitName = peixuncommonName = www.wyn.comemailAddress = 1@2.comX509v3 extensions:X509v3 Basic Constraints: CA:FALSENetscape Comment: OpenSSL Generated CertificateX509v3 Subject Key Identifier: 91:63:DF:19:57:4E:A3:83:90:54:DD:DE:2D:7A:AB:33:F2:A9:05:4BX509v3 Authority Key Identifier: keyid:86:86:1D:8A:53:D5:C2:7B:50:86:C9:12:7A:C0:B6:3D:6F:71:40:05Certificate is to be certified until Jul 21 15:20:50 2023 GMT (365 days)
Sign the certificate? [y/n]:y1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@localhost ssl]# ls
httpd.crt httpd.csr httpd.key
配置httpd.conf,取消以下內(nèi)容的注釋 LoadModule ssl_module modules/mod_ssl.so Include /etc/httpd24/extra/httpd-vhosts.conf Include /etc/httpd24/extra/httpd-ssl.conf
在httpd-vhosts.conf中配置虛擬主機(jī)
在httpd-ssl.conf中配置證書的位置
[root@localhost ~]# cd /etc/httpd/conf.d/
[root@localhost conf.d]# vim ssl.conf
DocumentRoot "/var/www/vhost1/"
ServerName www.wyn.com:443
......
SSLCertificateFile /etc/httpd/ssl/httpd.crt
......
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
檢查配置文件是否有語法錯誤
[root@localhost conf.d]# httpd -t
Syntax OK
啟動或重啟服務(wù)
systemctl restart httpd ss -antl State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 128 *:80 : LISTEN 0 128 *:443 :
