构建虚拟主机
一共支持三种虚拟主机类型
企业常用的是第一种基于域名的虚拟主机
基于IP地址的虚拟主机,一台物理主机上需要两个网卡
基于端口的虚拟主机
构建虚拟主机之基于域名
环境需求:一台linux作为DNS和web服务器,一台WIN10客户端作为测试
在我们的Linux先装两个 软件包
[root@localhost ~]# yum install bind httpd -y
已安装:
bind.x86_64 32:9.11.4-9.P2.el7 httpd.x86_64 0:2.4.6-90.el7.centos
作为依赖被安装:
apr.x86_64 0:1.4.8-5.el7
apr-util.x86_64 0:1.5.2-6.el7
bind-export-libs.x86_64 32:9.11.4-9.P2.el7
httpd-tools.x86_64 0:2.4.6-90.el7.centos
mailcap.noarch 0:2.1.41-2.el7
作为依赖被升级:
bind-libs.x86_64 32:9.11.4-9.P2.el7
bind-libs-lite.x86_64 32:9.11.4-9.P2.el7
bind-license.noarch 32:9.11.4-9.P2.el7
bind-utils.x86_64 32:9.11.4-9.P2.el7
dhclient.x86_64 12:4.2.5-77.el7.centos
dhcp-common.x86_64 12:4.2.5-77.el7.centos
dhcp-libs.x86_64 12:4.2.5-77.el7.centos
配置DNS主配置文件
需要改两处
[root@localhost ~]# vim /etc/named.conf
options {
listen-on port 53 { any; }; //监听所有地址
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; //允许其他所有主机可以进行解析
配置DNS区域配置文件
我们加入两个需要解析的域名区域配置
在正向解析上复制5行
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "accp.com" IN { //你需要解析的域名
type master;
file "accp.com.zone"; //区域数据配置文件
allow-update { none; };
};
zone "kgc" IN {
type master;
file "kgc.com.zone";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
配置DNS区域数据配置文件
[root@localhost ~]# cd /var/named/
[root@localhost named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@localhost named]# cp -p named.localhost accp.com.zone //把模板复制到数据区域配置文件中
[root@localhost named]# vim accp.com.zone //配置
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
www IN A 192.168.136.136 //添加域名解析的地址
[root@localhost named]# cp -p accp.com.zone kgc.com.zone
//这个只要复制过来不需要过来,我们是基于不同的域名解析
开启服务
[root@localhost named]# systemctl stop firewalld.service
[root@localhost named]# setenforce 0
[root@localhost named]# systemctl start named
到win10客户端去测试能不能解析到地址
添加虚拟主机子配置文件,不要写在主配置文件中,系统加载会变慢。
[root@localhost named]# cd /etc/httpd/
[root@localhost httpd]# ls
conf conf.d conf.modules.d logs modules run
[root@localhost httpd]# cd conf
[root@localhost conf]# ls
httpd.conf magic
[root@localhost conf]# mkdir extra //创建一个扩展的文件夹,里面放入子配置文件,方便我们以后管理
[root@localhost conf]# ls
extra httpd.conf magic
[root@localhost conf]# cd extra/
配置子配置文件
[root@localhost extra]# vim vhost.conf
//标签虚拟主机 ,*代表所有网络
DocumentRoot "/var/www/html/accp/" //指定站点
ServerName www.accp.com //定义域名
ErrorLog "logs/www.accp.com.error_log" //网址要有日志文件,错误日志文件
Customlog "logs/www.accp.com.access_log" common //访问日志文件
//站点需要设置权限,让所有网络能访问这个网页
Require all granted
//结尾标签
DocumentRoot "/var/www/html/kgc/"
ServerName www.kgc.com
ErrorLog "logs/www.kgc.com.error_log"
Customlog "logs/www.kgc.com.access_log" common
Require all granted
~
在站点下创建两个默认网页
[root@localhost httpd]# cd /var/www/html
[root@localhost html]# mkdier accp kgc //创建两个站点目录
[root@localhost html]# mkdir accp kgc
[root@localhost html]# ls
accp kgc
[root@localhost html]# cd accp
[root@localhost accp]# vim index.html //编辑网页写入内容
h1>this is accp web
[root@localhost accp]# cd ../kgc/
[root@localhost kgc]# vim index.html
this is kgc web
在主配置文件中调用子配置文件
[root@localhost kgc]# cd /etc/httpd/
[root@localhost httpd]# cd conf
[root@localhost conf]# ls
extra httpd.conf magic
[root@localhost conf]# vim httpd.conf
#Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf
Include conf/extra/vhost.conf //调用子配置文件
启用web服务,并去win10客户端去测试能不能基于不同域名获得网页
虚拟主机之基于端口
子配置文件中在创建一个基于端口的虚拟主机
[root@localhost conf]# cd extra/
[root@localhost extra]# vim vhost.conf
22 //端口加上8080
23 DocumentRoot "/var/www/html/kgc.port/"
24 ServerName www.kgc.port.com
25 ErrorLog "logs/www.kgc.port.com.error_log"
26 Customlog "logs/www.kgc.port.com.access_log" common
27
28 Require all granted
29
30
到站点目录下,做一个端口的默认网页
[root@localhost extra]# cd /var/www/html/
[root@localhost html]# ls
accp kgc
[root@localhost html]# mkdir kgc.port
[root@localhost html]# cd kgc.port/
[root@localhost kgc.port]# vim index.html
this is kgc.port web
~
在主配置文件中开启加入个监听地址
[root@localhost kgc.port]# vim /etc/httpd/conf/httpd.conf
Listen 192.168.136.136:80
Listen 192.168.136.136:8080
#Listen 80
开启服务,查看端口有没有被提供出来
[root@localhost kgc.port]# systemctl restart httpd
[root@localhost kgc.port]# netstat -ntap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 192.168.136.136:8080 0.0.0.0:* LISTEN 59009/httpd
tcp 0 0 192.168.136.136:80 0.0.0.0:* LISTEN
用客户端win10测试基于端口的不同访问网页
80端口还是原来的网页
虚拟主机之基于IP
添加一块网卡
[root@localhost ~]# ifconfig
ens33: flags=4163 mtu 1500
inet 192.168.136.136 netmask 255.255.255.0 broadcast 192.168.136.255
inet6 fe80::e3c7:14af:6e4d:7216 prefixlen 64 scopeid 0x20
ether 00:0c:29:c9:dd:05 txqueuelen 1000 (Ethernet)
RX packets 101 bytes 10639 (10.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 113 bytes 12291 (12.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens36: flags=4163 mtu 1500
inet 192.168.136.138 netmask 255.255.255.0 broadcast 192.168.136.255
inet6 fe80::658e:4c2d:2273:9cf5 prefixlen 64 scopeid 0x20
ether 00:0c:29:c9:dd:0f txqueuelen 1000 (Ethernet)
RX packets 108 bytes 14566 (14.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 42 bytes 5695 (5.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
到子配置文件中开始配置
[root@localhost ~]# cd /etc/httpd/conf/extra/
[root@localhost extra]# ls
vhost.conf
[root@localhost extra]# vim vhost.conf
//“*”改成第二块网卡的地址
2 DocumentRoot "/var/www/html/accp/"
3 ErrorLog "logs/www.accp.com.error_log"
4 Customlog "logs/www.accp.com.access_log" common
5
6 Require all granted
7
8
9
10
11 //改成第一块网卡的地址
12 DocumentRoot "/var/www/html/accp02/" //重新在站点下写一个网页
13 ErrorLog "logs/www.accp02.com.error_log"
14 Customlog "logs/www.accp02.com.access_log" common
15
16 Require all granted
17
18
19
到站点下创建一个网页内容
[root@localhost extra]# cd /var/www/html/
[root@localhost html]# mkdir accp02
[root@localhost html]# cd accp02
[root@localhost accp02]# vim index.html
this is 136 accp02 web
~
~
~
[root@localhost accp02]# vim ../accp/index.html
this is 128 accp web
~
~
~
在主配置文件中增加监听138的地址,开启服务
#prevent Apache from glomming onto all bound IP addresses.
Listen 192.168.136.136:80
Listen 192.168.136.138:80
#Listen 192.168.136.136:8080
#Listen 80
[root@localhost extra]# systemctl status httpd
去客户端测试一下,记得我们之前给客户端指定的dns解析地址弄到自动获取,不然你的客户端无法上网,无法访问网址
Aapache访问权限控制(客户机权限控制)
到子配置文件,也叫容器,当中做客户机访问权限控制,像当于黑白名单,这个容器,系统的所有命令都会去实现,不会像ACL访问控制列表从上到下逐条匹配识别命令。
[root@localhost ~]# cd /etc/httpd/conf/extra/
[root@localhost extra]# ls
vhost.conf
[root@localhost extra]# vim vhost.conf
DocumentRoot "/var/www/html/accp/"
ErrorLog "logs/www.accp.com.error_log"
Customlog "logs/www.accp.com.access_log" common
//要加入子容器的标签
Require not ip 192.168.136.137 //拒绝这个地址访问,也可以拒绝网段比如 Require not ip 192.168.136.0/24
Require all granted
//结尾标签
[root@localhost extra]# systemctl restart httpd //重启服务
到客户端去测试一下
因为做了访问控制所以,只能访问web服务的默认网站
用户登录访问控制
[root@localhost extra]# cd /etc/httpd/conf
[root@localhost conf]# htpasswd -c /etc/httpd/conf/pwd chen01 //创建一个chen01用户,放在路径底下,起个名字pwd. htpasswd:用YUM安装直接可以使用,如果手工编译安装,要把这个命令加到/usr/local/bin系统识别的命令底下。
New password: //输入你的密码
Re-type new password: //重复输入
Adding password for user chen01
[root@localhost conf]# ls
extra httpd.conf magic pwd
[root@localhost conf]# cat pwd
chen01:$apr1$lOLJMVUo$EZ7qupc1bHN3k38OUw/1F.
[root@localhost conf]# htpasswd /etc/httpd/conf/pwd chen02 //如果这个目录已存在,就不要加-c了
New password:
Re-type new password:
Adding password for user chen02
[root@localhost conf]# cat pwd
chen01:$apr1$lOLJMVUo$EZ7qupc1bHN3k38OUw/1F.
chen02:$apr1$5cbb6tpU$mt5EZG/8y7qXhyi1Pz2Lk1
[root@localhost conf]#
添加到容器当中指定某个IP用户登录访问控制
[root@localhost extra]# vim vhost.conf
DocumentRoot "/var/www/html/accp02/"
ErrorLog "logs/www.accp02.com.error_log"
Customlog "logs/www.accp02.com.access_log" common
AuthName "DocumentRoot" //声明信息
AuthType Basic //验证类型为基本验证
AuthUserFile /etc/httpd/conf/pwd //验证文件,目录位置
Require valid-user //授权给用户登录
[root@localhost extra]# systemctl restart httpd