Linux与云计算——第二阶段Linux服务器架设
第七章:网站WEB服务器架设—用户目录虚拟主机和SSL
启用userdir
启用userdir, 用户可以创建自己的网站
[1] 配置httpd.
[root@client ~]# vi /etc/httpd/conf.d/userdir.conf
# line 17: 注释掉
#UserDir disabled
# line 24: 去掉注释
UserDir public_html
# line 31 – 35 修改
<Directory "/home/*/public_html">
AllowOverride All
Options None
Require method GET POST OPTIONS
</Directory>
[root@client ~]# systemctl restart httpd
[2] 创建一个测试页面
[jeffrey@server ~]$ mkdir public_html
[jeffrey@server ~]$ chmod 711 /home/jeffrey
[jeffrey@server ~]$ chmod 755 /home/jeffrey/public_html
[jeffrey@server ~]$ vi ./public_html/index.html
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
UserDir Test Page
</div>
</body>
</html>
虚拟主机
配置Virtual Hostings来使用多个主机名.
[1]配置Virtual Hostings.
[root@client ~]# vi /etc/httpd/conf.d/vhost.conf
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName www.example.com
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /home/jeffrey/public_html
ServerName www.virtual.host
</VirtualHost>
[root@client ~]# systemctl restart httpd
[2] 创建一个测试页面.
[root@server ~]# vim /home/jeffrey/public_html/virtual.php
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Virtual Host Test Page
</div>
</body>
</html>
配置SSL
配置SSL来建立安全加密连接.
[1] 创建密钥
[root@server certs]# make server.key
umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 > server.key
Generating RSA private key, 2048 bit long modulus
.......................+++
....+++
e is 65537 (0x10001)
Enter pass phrase:
Verifying - Enter pass phrase:
[root@server certs]# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:
writing RSA key
[root@server certs]# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:
writing RSA key
[root@server certs]# make server.csr
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:SHA
Locality Name (eg, city) [Default City]:XIAN
Organization Name (eg, company) [Default Company Ltd]:Ruiyung
Organizational Unit Name (eg, section) []:Tech
Common Name (eg, your name or your server's hostname) []:server.example.com
Email Address []:zhangw@ruiyung.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@server certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650
Signature ok
subject=/C=CN/ST=SHA/L=XIAN/O=Ruiyung/OU=Tech/CN=server.example.com/emailAddress=zhangw@ruiyung.com
Getting Private key
[2] 配置 SSL.
[root@client ~]# yum -y install mod_ssl
[root@client ~]# vi /etc/httpd/conf.d/ssl.conf
# line 59: 去掉注释
DocumentRoot "/var/www/html"
# line 60: 去掉注释并进行修改
ServerName www.example.com:443
# line 100: 修改为第一步中创建的证书
SSLCertificateFile /etc/pki/tls/certs/server.crt
# line 107: 修改为第一步中创建的密钥
SSLCertificateKeyFile /etc/pki/tls/certs/server.key
[root@client ~]# systemctl restart httpd
[3] 如果开启了防火墙,放行HTTPS服务. HTTPS使用443/TCP.
[root@server ~]# firewall-cmd --add-service=https --permanent
[root@server ~]# firewall-cmd --reload