溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
<Directory "/var/www/html">
Options None
AllowOverride None
AuthType Basic
AuthName "String"
AuthUserFile "/etc/httpd/conf/.httpdpasswd"
AuthGroupFile "/etc/httpd/conf/.grp"
<RequireAll>
Require ip 172.20
Require user ops1
</RequireAll>
</Directory>基于用戶組進行控制:
<Directory "/var/www/html">
Options None
AllowOverride None
AuthType Basic
AuthName "String"
AuthUserFile "/etc/httpd/conf/.httpdpasswd"
AuthGroupFile "/etc/httpd/conf/.grp"
<RequireAll>
Require ip 172.20
Require group ops
</RequireAll>
</Directory> (2)提供賬號和密碼存儲(文本文件)
使用專用命令完成此類文件的創建及用戶管理
htpasswd [options] /PATH/TO/HTTPD_PASSWD_FILE username
-c:自動創建此處指定的文件,因此,僅應該在此文件不存在時使用;
-m:md5格式加密
-s: sha格式加密
-D:刪除指定用戶
-b:批模式添加用戶 [root@localhost conf]# htpasswd -bc /etc/httpd/conf/.httppasswd ops1 123456
Adding password for user ops1
[root@localhost conf]# vim /etc/httpd/conf/.grp
ops:ops1 ops2(3)重啟測試:[root@localhost conf.d]# systemctl restart httpd
2.虛擬主機的配置
(1)基于IP地址的虛擬主機
[root@localhost /]# mkdir /data/html/{a,b} -pv
mkdir: created directory ‘/data/html’
mkdir: created directory ‘/data/html/a’
mkdir: created directory ‘/data/html/b’
[root@localhost /]# vim /data/html/a/index.html
<h2>hello a</h2>
[root@localhost /]# vim /data/html/b/index.html
<h2>hello b</h2>
[root@localhost conf.d]# vim vhost_ip.conf
<VirtualHost 172.20.10.4:80>
ServerName www.a.com
DocumentRoot "/data/html/a/"
<Directory "/data/html/a/">
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
<VirtualHost 172.20.10.7:80>
ServerName www.b.com
DocumentRoot "/data/html/b/"
<Directory "/data/html/b/">
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>(2)基于端口的虛擬主機:
[root@localhost conf.d]# vim vhost_ip.conf
Listen 8080
<VirtualHost 172.20.10.4:80>
ServerName www.a.com
DocumentRoot "/data/html/a/"
<Directory "/data/html/a/">
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
<VirtualHost 172.20.10.4:8080>
ServerName www.b.com
DocumentRoot "/data/html/b/"
<Directory "/data/html/b/">
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>(3)基于FQDN的虛擬主機:
[root@localhost conf.d]# vim vhost_ip.conf
<VirtualHost 172.20.10.4:80>
ServerName www.a.com
DocumentRoot "/data/html/a/"
<Directory "/data/html/a/">
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
<VirtualHost 172.20.10.4:80>
ServerName www.b.com
DocumentRoot "/data/html/b/"
<Directory "/data/html/b/">
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>注意:如果是httpd-2.2,則使用基于FQDN的虛擬主機時,需要事先使用如下指令:NameVirtualHost IP:PORT
3.實現https[root@localhost conf.d]# yum install -y mod_ssl
(1)構建私有CA:
生成私鑰;
~]# (umask 077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 4096)
生成自簽證書;
~]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3655
-new:生成新證書簽署請求;
-x509:生成自簽格式證書,專用于創建私有CA時;
-key:生成請求時用到的私有文件路徑;
-out:生成的請求文件路徑;如果自簽操作將直接生成簽署過的證書;
-days:證書的有效時長,單位是day;
為CA提供所需的目錄及文件;
~]# mkdir -pv /etc/pki/CA/{certs,crl,newcerts}
~]# touch /etc/pki/CA/{serial,index.txt}
~]# echo 01 > /etc/pki/CA/serial(2)要用到證書進行安全通信的服務器,需要向CA請求簽署證書
用到證書的主機生成私鑰;
~]# mkdir /etc/httpd/ssl
~]# cd /etc/httpd/ssl
~]# (umask 077; openssl genrsa -out /etc/httpd/ssl/httpd.key 2048)
生成證書簽署請求
~]# openssl req -new -key /etc/httpd/ssl/httpd.key -out /etc/httpd/ssl/httpd.csr -days 365
在CA主機上簽署證書;
~]# openssl ca -in /etc/httpd/ssl/httpd.csr -out /etc/pki/CA/certs/httpd.crt -days 365[root@localhost /]# vim /etc/httpd/conf.d/ssl.conf
DocumentRoot "/data/html/b/"
ServerName www.b.com:443
SSLCertificateFile /etc/httpd/ssl/httpd.csr
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
<Directory "/data/html/b/">
Options None
AllowOverride None
Require all granted
</Directory>免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
