修改http并授权访问配置文件
文章目录
- 修改http并授权访问配置文件
- 配置相同IP虚拟主机不同端口
- 不同IP相同端口
- 相同IP不同域名的相同端口
[root@150 ~]# dnf -y install httpd [root@150 ~]# ss -antl State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 128 0.0.0.0:111 0.0.0.0:* LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 [::]:111 [::]:* LISTEN 0 128 *:80 *:* LISTEN 0 128 [::]:22 [::]:* [root@150 ~]#systemctl stop firewalld [root@150 ~]# cd /var/www/html/ [root@150 html]# ls 斗地主.zip [root@150 html]# unzip 斗地主.zip [root@150 html]# ls 'HTML5 canvas移动端斗地主小游戏 斗地主.zip [root@150 html]# rm -rf 斗地主.zip [root@150 html]# mv 'HTML5 canvas移动端斗地主小游戏'/ doudizhu [root@150 html]# ls doudizhu [root@150 html]# [root@150 html]# cd doudizhu/ [root@150 doudizhu]# ls DJDDZ.js img index.html JControls.js Prototype.js ResourceData.js [root@150 doudizhu]# 
[root@150 doudizhu]# cd [root@150 ~]# cd /etc/httpd/ [root@150 httpd]# ls conf conf.d conf.modules.d logs modules run state [root@150 httpd]# cd conf [root@150 conf]# ls httpd.conf magic [root@150 conf]# vim httpd.conf 98 ServerName www.example.com:80 162 <Directory "/var/www/html/doudizhu"> 163 <RequireAll> 164 Require not ip 192.168.89.150 165 Require all granted 166 </RequireAll> 167 </Directory> 168 [root@150 conf]# httpd -t Syntax OK [root@150 conf]# [root@150 conf]# systemctl restart httpd
[root@150 conf]# vim httpd.conf
162 <Directory "/var/www/html/doudizhu">
163 <RequireAll>
164 Require ip 192.168.89.150
165 </RequireAll>
166 </Directory>
167
[root@150 conf]# httpd -t
Syntax OK
[root@150 conf]#
配置相同IP不同端口的虚拟主机
[root@150 www]# cd /var/www/html/
[root@150 html]# ls
doudizhu 坦克.zip
[root@150 html]# unzip 坦克.zip
[root@150 html]# ls
Battle_City doudizhu 坦克.zip
[root@150 html]# rm -rf 坦克.zip
[root@150 html]# mv Battle_City/ tanke
[root@150 html]# ls
doudizhu tanke
[root@150 html]#[root@150 ~]# cd /etc/httpd/conf.d/
[root@150 conf.d]# find / -name *vhosts.conf
/root/httpd-2.4.54/docs/conf/extra/httpd-vhosts.conf
/usr/share/doc/httpd/httpd-vhosts.conf
/usr/local/apache/conf/extra/httpd-vhosts.conf
/usr/local/apache/conf/original/extra/httpd-vhosts.conf
[root@150 conf.d]# cp /usr/share/doc/httpd/httpd-vhosts.conf /etc/httpd/conf.d/
[root@150 conf.d]# vim /usr/share/doc/httpd
httpd/ httpd-tools/
[root@150 conf.d]# vim /usr/share/doc/httpd
httpd/ httpd-tools/
[root@150 conf.d]# vim /usr/share/doc/httpd/httpd-vhosts.conf
23 <VirtualHost *:80>
24 DocumentRoot "/var/www/html/doudizhu"
25 ServerName www.doudizhu1.com
26 ErrorLog "/var/log/httpd/www.doudizhu1.com-error_log"
27 CustomLog "/var/log/httpd/www.doudizhu1.com-access_log" common
28 </VirtualHost>
29
30 Listen 81
31 <VirtualHost *:81>
32 DocumentRoot "/var/www/html/tanke"
33 ServerName www.tanke1.com
34 ErrorLog "/var/log/httpd/www.tanke1.com-error_log"
35 CustomLog "/var/log/httpd/www.tanke1.com-access_log" common
36 </VirtualHost>
[root@150 conf.d]# httpd -t
Syntax OK
[root@150 conf.d]# systemctl restart httpd
[root@150 conf.d]#
[root@150 conf.d]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:81 *:*
LISTEN 0 128 [::]:22 [::]:*
不同IP相同端口
[root@150 conf.d]# vim httpd-vhosts.conf
23 <VirtualHost 192.168.89.150:80>
24 DocumentRoot "/var/www/html/doudizhu"
25 ServerName www.doudizhu1.com
26 ErrorLog "/var/log/httpd/www.doudizhu1.com-error_log"
27 CustomLog "/var/log/httpd/www.doudizhu1.com-access_log" common
28 </VirtualHost>
29
30 Listen 80
31 <VirtualHost 192.168.89.152:80>
32 DocumentRoot "/var/www/html/tanke"
33 ServerName www.tanke1.com
34 ErrorLog "/var/log/httpd/www.tanke1.com-error_log"
35 CustomLog "/var/log/httpd/www.tanke1.com-access_log" common
36 </VirtualHost>
[root@150 conf.d]# httpd -t
Syntax OK
[root@150 conf.d]# systemctl restart httpd
[root@150 ~]#ip add addr 192.168.89.152/24 dev ens36
[root@150 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:6b:60:21 brd ff:ff:ff:ff:ff:ff
inet 192.168.89.150/24 brd 192.168.89.255 scope global dynamic noprefixroute ens33
valid_lft 1333sec preferred_lft 1333sec
inet6 fe80::20c:29ff:fe6b:6021/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens36: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:6b:60:2b brd ff:ff:ff:ff:ff:ff
inet 192.168.200.0/31 scope global noprefixroute ens36
valid_lft forever preferred_lft forever
inet 192.168.89.152/24 brd 192.168.89.255 scope global dynamic noprefixroute ens36
valid_lft 1558sec preferred_lft 1558sec
inet6 fe80::20c:29ff:fe6b:602b/64 scope link
valid_lft forever preferred_lft forever
[root@150 ~]#
相同IP相同端口不同域名
[root@150 conf.d]# vim httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/var/www/html/doudizhu"
ServerName www.doudizhu1.com
ErrorLog "/var/log/httpd/www.doudizhu1.com-error_log"
CustomLog "/var/log/httpd/www.doudizhu1.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/var/www/html/tanke"
ServerName www.tanke1.com
ErrorLog "/var/log/httpd/www.tanke1.com-error_log"
CustomLog "/var/log/httpd/www.tanke1.com-access_log" common
</VirtualHost>
[root@150 conf.d]# httpd -t
Syntax OK
[root@150 conf.d]# systemctl restart httpd
[root@150 ~]# yum -y install mod_ssl
[root@150 ~]#
[root@150 ~]# cd /etc/httpd/conf.modules.d/
[root@150 conf.modules.d]# ls
00-base.conf 00-mpm.conf 00-ssl.conf 10-h2.conf
00-dav.conf 00-optional.conf 00-systemd.conf 10-proxy_h2.conf
00-lua.conf 00-proxy.conf 01-cgi.conf README
[root@150 conf.modules.d]# cat 00-ssl.conf
LoadModule ssl_module modules/mod_ssl.so
[root@150 conf.modules.d]#
[root@150 conf.modules.d]# cd /etc/httpd/conf.d/
[root@150 conf.d]# vim ssl.conf
1#
2# When we also provide SSL we have to listen to the
3# standard HTTPS port in addition.
4#
5 Listen 443 https
[root@150 conf.d]# systemctl restart httpd
[root@150 conf.d]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:443 *:*
[root@150 conf.d]# httpd -M |grep ssl
ssl_module (shared)
[root@150 conf.d]# cd
[root@150 ~]# mkdir /etc/pki/CA
[root@150 ~]# cd /etc/pki/CA/
[root@150 CA]# mkdir private
[root@150 CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
......+++++
...+++++
e is 65537 (0x010001)
[root@150 CA]# openssl rsa -in private/cakey.pem -pubout
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2DE/dHPdVWHrBMH/Gx3
2HrnrklcYsOys0Xw63nKJIKJhrBXfVrKq/1+hK9JP3ReGy634aFMAX8UxASFaGTk
v65JOtIyigxfGVwoOGB8f3X40wwjzeO/wYLg6hPW9Iyni3Ck/S4Bb1p/m08TqRC6
oqP1/L/c8xWjHJ0bdvKyuik51dpBqXPH9BYtgndT+6r4iHg3M0oVy1Ed6QmHpXxa
0cXzjmUzrfevoLx9tJuUJiIr6oLb82AwklKLw1EPhR97oN3CRMA3IosgvHTstcyR
DBOohKz+6oKfb1VhQVcdb9MwtvtAdrWLX+5RKDoqdBVBe8YO2Y/44Esh5mWEvWkx
KQIDAQAB
-----END PUBLIC KEY-----
[root@150 CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 36 5
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:peixun
Common Name (eg, your name or your server's hostname) []:www.tanke1.com Email Address []:123@.com [root@150 CA]# ls cacert.pem private [root@150 CA]# mkdir certs newcerts crl [root@150 CA]# ls cacert.pem certs crl newcerts private [root@150 CA]# touch index.txt && echo 01 > serial [root@150 CA]# ls cacert.pem certs crl index.txt newcerts private serial [root@150 CA]# cd /etc/httpd && mkdir ssl && cd ssl [root@150 ssl]# (umask 077;openssl genrsa -out httpd.key 2048) Generating RSA private key, 2048 bit long modulus (2 primes) ..................................................................................... ..................................+++++ .............................................................................+++++ e is 65537 (0x010001) [root@150 ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr Ignoring -days; not generating a certificate You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:cn State or Province Name (full name) []:hb Locality Name (eg, city) [Default City]:wh Organization Name (eg, company) [Default Company Ltd]:runtime Organizational Unit Name (eg, section) []:peixun Common Name (eg, your name or your server's hostname) []:www.tanke1.com
Email Address []:123@.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@150 ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Jul 21 14:24:09 2022 GMT
Not After : Jul 21 14:24:09 2023 GMT
Subject:
countryName = cn
stateOrProvinceName = hb
organizationName = runtime
organizationalUnitName = peixun
commonName = www.tanke1.com
emailAddress = 123@.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
F7:66:DE:CA:76:46:1E:4A:FF:75:1B:E4:E7:EA:89:08:6A:77:EF:D6
X509v3 Authority Key Identifier:
keyid:4E:06:B4:6C:4C:85:09:2A:16:02:EC:96:4B:4A:D9:7B:26:AE:6C:DE
Certificate is to be certified until Jul 21 14:24:09 2023 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@150 ssl]# ls
httpd.crt httpd.csr httpd.key
[root@150 ssl]# cd /etc/httpd/conf.d/
[root@150 conf.d]# ls
autoindex.conf httpd-vhosts.conf README ssl.conf userdir.conf welcome.conf
[root@150 conf.d]# vim ssl.conf
42 # General setup for the virtual host, inherited from global configuration
43 DocumentRoot "/var/www/html/tanke"
44 ServerName www.tanke1.com:443
85 SSLCertificateFile /etc/httpd/ssl/httpd.crt
93 SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
[root@150 conf.d]# httpd -t
Syntax OK
[root@150 conf.d]# systemctl restart httpd
[root@150 conf.d]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:443 *:*
[root@150 conf.d]#