httpd-2.2版本安装及配置
一.httpd-2.2版本安装及配置
1.安装httpd-2.2.3
# yun -y install httpd
2.查看httpd安装生成的文件
# rpm -ql httpd | less
3.启动服务
# service httpd start
4.开机自动启动服务
# chkconfig --add httpd
# chkconfig --level 345 httpd on
5.建立测试页面
# cd /var/www/html
# vim index.html
6.httpd服务的配置文件
# cd /etc/httpd/conf/
# cp httpd.conf httpd.conf.bak
7.编辑配置文件
# vim httpd.conf
ServerTokens Major
KeepAlive On
8.修改网站根目录
DocumentRoot "/web/html"
Options none
AllowOverride None
Order deny,allow
Deny from 192.168.0.1 172.16.100.177
9.检测配置文件是否语法正确
# httpd -t
10.linux下使用纯文本浏览器
# elinks http://ip
11.限定用户访问网站
AllowOverride AuthConfig
AuthType Basic
AuthName "Restricted Files"
AuthUserFile "/etc/httpd/conf/htpasswd"
Require valid-user 或 Require user hadoop
12.建立限定用户文件
# htpasswd -c -m /etc/httpd/conf/htpasswd hadoop
# htpasswd -m /etc/httpd/conf/htpasswd tom
13.重启服务
# service httpd restart
14.在电脑浏览器上测试是否设置成功(限定用户)
15.基于组限定访问
AllowOverride AuthConfig
AuthType Basic
AuthName "Restricted Files"
AuthUserFile "/etc/httpd/conf/htpasswd"
AuthGroupFile "/etc/httpd/conf/htgroup"
Require group myusers
16.建立用户组文件
# vim /etc/httpd/conf/htgroup
myusers: hadoop tom
17.重启服务
# service httpd restart
18.htpasswd命令删除用户
# htpasswd -D hadoop
19.虚拟主机的配置
首先要注释中心主机 DocumentRoot
20.在/etc/httpd/conf.d/目录下建立虚拟机配置文件
# vim /etc/httpd/conf.d/virtual.conf
NameVirtualHost 172.16.100.1:80
ServerName www.luochen.com
DocumentRoot "/web/luochen"
CustomLog /var/log/httpd/luochen/access_log combined
Options none
AllowOverride AuthConfig
AuthType Basic
AuthName "Restricted Files"
AuthUserFile "/etc/httpd/conf/htpasswd"
Require valid-user 或 Require user hadoop
ServerName www.luo.com
DocumentRoot "/web/luo"
CustomLog /var/log/httpd/luo/access_log combined
Options none
AllowOverride None
Order deny,allow
Deny from 192.168.0.1 172.16.100.177
21.编辑windows下的hosts文件
172.16.100.1 www.luochen.com
172.16.100.1 www.luo.com
22.安装mod_ssl模块(htppd基于rpm包安装时)
# yum -y install mod_ssl
23.查看mod_ssl安装生成那些文件
# rpm -ql mod_ssl
24.自建CA (在172.16.100.10主机上)
# cd /etc/pki/CA
# (umask 077; openssl genrsa -out private/cakey.pem 2048; )
# vim /etc/pki/tls/openssl.cnf
[ req_distinguished_name ]
countryName_Default = CN
setOrProvinceName_default = HB
localityName_default = WUHAN
0.organizationName_default = COLLEGE
organizationalUnitName_default = Tech
25.# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3650
hostname ca.luochen.com
26.编辑openssl文件
dir = /etc/pki/CA
27.创建相应的目录文件
# mkdir certs newcerts crl
# touch index.txt
# echo 01 > serial
28.在httpd服务目录下创建ssl目录(在172.16.100.1主机上)
# mkdir /etc/httpd/ssl
# (umask 077; openssl genrsa 2048 > httpd.key) //生成密钥
# openssl req -new -key httpd.key -out httpd.csr //生成证书颁发请求
hostname === ServerName
# scp http.csr 172.16.100.10:/tmp //将证书颁发请求复制到服务器端
29.在172.16.100.10主机上
# openssl ca -in /tmp/httpd.csr -out /tmp/httpd.crt -daya 3650 //生成证书
# cat /etc/pki/CA/serial //显示02即成功
30.将证书复制到客户端主机上(172.16.100.1)
# scp 172.16.100.10/tmp/httpd.crt ./ //将证书复制到客户端主机上
31.删除tmp目录下所有文件
# vim rm -rf ./*
32.编辑/etc/httpd/conf.d/ssl.conf 文件(172.16.100.1)
# vim /etc/httpd/conf.d/ssl.conf
ServerName www.luochen.com
DocumentRoot "/web/www/luochen"
SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
33.重启httpd服务器
# service httpd restart
34.将CA的证书复制到windows主机上
/etc/pki/CA/cacert.pem //在172.16.100.10
35.在Windows主机上对证书进行重命名
cacert.pem cacert.crt
36.双击安装证书
37.最后在浏览器用https协议访问 验证
