#定义某个目录的访问属性
Options Indexes
AllowOverride none
Order allow,deny
Allow from 172.16
order allow,deny
allow 172.16.0.0/16
#Location 的生效次序在Directory之后!支持正则表达式!
order allow,deny
allow 172.16.0.0/16
# ~表示匹配正则表达式
order allow,deny
allow 172.16.0.0/16
#定义某个文件的访问属性,File的优先级低于Directory但是高于Location,支持正则表达式
.gif
.jpg
.jpeg
.png
Require user gentoo
#限定8种http协议的方法
8种http协议方法:
GET
POST
HEAD
PUT
DELETE
OPTIONS
TRACE
CONNECTION
CGI:
web-->perl
perl-->perl
ScriptAlias /cgi-bin/ "/var/www/cgi-bin" #定义脚本的别名
vim XX.sh
#!/bin/bash
#
cat EOF
Connect-Type text/html
EOF
https:
SSl/TLS
SSl仅支持基于IP进行划分!
rpm ,http
httpd这个rpm软件包仅支持最基本的功能若想使用其他功能则需要安装其他扩展的软件包例如mod_ssl
SSl会话建立过程:
首先客户端发起ssl会话请求,然后交互ssl会话加密方式,然后服务器端发送证书给客户端验证ssl过程,客户端用双方都支持的一种加密算法然后用服务器端的公钥加密发给服务器端,然后客户端服务器端就有加密ssl会话了,然后服务器端把客户端请求的页面回送给客户端
[root@stu33 ~]#yum install mod_ssl
[root@stu33 ~]# rpm -ql mod_ssl
/etc/httpd/conf.d/ssl.conf
/usr/lib/httpd/modules/mod_ssl.so
/var/cache/mod_ssl
/var/cache/mod_ssl/scache.dir
/var/cache/mod_ssl/scache.pag
/var/cache/mod_ssl/scache.sem
[root@stu33 ~]#vim /etc/httpd/conf.d/ssl.conf
AddType application/x-x509-ca-cert .crt #证书
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key #私钥存放位置
未启用ssl会话浏览器对话框只能输入http://xxxxxx
启用ssl会话的必须输入:https://xxxxx
为http建立CA证书:
(只能为虚拟主机里面的一个虚拟主机建立ssl会话)
一、vim /etc/httpd/conf.d/ssl.conf
DocumentRoot "/var/www/html/vhosts/test"
ServerName www.test.net
[root@stu33 ~]# cd /etc/pki/CA/
[root@stu33 CA]# vim ../tls/openssl.cnf
[ CA_default ]
dir = /etc/pki/CA
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = CN
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Henan
localityName = Locality Name (eg, city)
localityName_default = ZZ
0.organizationName = Organization Name (eg, company)
0.organizationName_default = magedu.com
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default =Tech
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
emailAddress_default = [email protected]
# SET-ex3 = SET extension number 3
[root@stu33 CA]# ls
private
[root@stu33 CA]# (umask 077; openssl genrsa 1024 > private/cakey.pem)
Generating RSA private key, 1024 bit long modulus
.....................++++++
....................++++++
e is 65537 (0x10001)
[root@stu33 CA]# ll private/
total 8
-rw------- 1 root root 887 Mar 9 21:26 cakey.pem
[root@stu33 CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [Henan]:
Locality Name (eg, city) [ZZ]:
Organization Name (eg, company) [magedu.com]:
Organizational Unit Name (eg, section) [Tech]:
Common Name (eg, your name or your server's hostname) []:ca.magedu.com #此行必须写,因为一会浏览器中会验证CA 的颁发机构就是这个主机ca.magedu.com
Email Address [[email protected]]:
[root@stu33 CA]# ls
cacert.pem private
[root@stu33 CA]# mkdir newcerts certs crl
[root@stu33 CA]# touch index.txt
[root@stu33 CA]# echo 01 > serial
[root@stu33 CA]# ls
cacert.pem certs crl index.txt newcerts private serial
[root@stu33 CA]# echo 01 > crlnumber
[root@stu33 CA]# ll
total 60
-rw-r--r-- 1 root root 1273 Mar 9 21:29 cacert.pem
drwxr-xr-x 2 root root 4096 Mar 9 21:31 certs
drwxr-xr-x 2 root root 4096 Mar 9 21:31 crl
-rw-r--r-- 1 root root 3 Mar 9 21:32 crlnumber
-rw-r--r-- 1 root root 0 Mar 9 21:31 index.txt
drwxr-xr-x 2 root root 4096 Mar 9 21:31 newcerts
drwx------ 2 root root 4096 Mar 9 21:26 private
-rw-r--r-- 1 root root 3 Mar 9 21:31 serial
[root@stu33 CA]# cd /etc/httpd/conf
[root@stu33 conf]# ls
htpasswd httpd.conf magic
[root@stu33 conf]# mkdir ssl
[root@stu33 conf]# ls
htpasswd httpd.conf magic ssl
[root@stu33 ssl]#cd /ssl
[root@stu33 ssl]# openssl req -new -key httpd.key -out httpd.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [Henan]:
Locality Name (eg, city) [ZZ]:
Organization Name (eg, company) [magedu.com]:
Organizational Unit Name (eg, section) [Tech]:
Common Name (eg, your name or your server's hostname) []:www.test.net #此行为为你所要颁发的主机,为www.test.net颁发CA证书
Email Address [[email protected]]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@stu33 ssl]# openssl ca -in httpd.csr
。。。。。。。。。。。。。。。
[root@stu33 ssl]# ls
httpd.csr httpd.key
[root@stu33 conf.d]# vim ssl.conf
SSLCertificateFile /etc/httpd/conf/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl/httpd.key
#私钥配置文件 读取位置
AllowOverride none
Order allow,deny
Allow from 172.16
order allow,deny
allow 172.16.0.0/16
#Location 的生效次序在Directory之后!支持正则表达式!
order allow,deny
allow 172.16.0.0/16
# ~表示匹配正则表达式
order allow,deny
allow 172.16.0.0/16
#定义某个文件的访问属性,File的优先级低于Directory但是高于Location,支持正则表达式
.gif
.jpg
.jpeg
.png
Require user gentoo
#限定8种http协议的方法
8种http协议方法:
GET
POST
HEAD
PUT
DELETE
OPTIONS
TRACE
CONNECTION
CGI:
web-->perl
perl-->perl
ScriptAlias /cgi-bin/ "/var/www/cgi-bin" #定义脚本的别名
vim XX.sh
#!/bin/bash
#
cat EOF
Connect-Type text/html
`date`
$(echo "how are you?")
EOF
https:
SSl/TLS
SSl仅支持基于IP进行划分!
rpm ,http
httpd这个rpm软件包仅支持最基本的功能若想使用其他功能则需要安装其他扩展的软件包例如mod_ssl
SSl会话建立过程:
首先客户端发起ssl会话请求,然后交互ssl会话加密方式,然后服务器端发送证书给客户端验证ssl过程,客户端用双方都支持的一种加密算法然后用服务器端的公钥加密发给服务器端,然后客户端服务器端就有加密ssl会话了,然后服务器端把客户端请求的页面回送给客户端
[root@stu33 ~]#yum install mod_ssl
[root@stu33 ~]# rpm -ql mod_ssl
/etc/httpd/conf.d/ssl.conf
/usr/lib/httpd/modules/mod_ssl.so
/var/cache/mod_ssl
/var/cache/mod_ssl/scache.dir
/var/cache/mod_ssl/scache.pag
/var/cache/mod_ssl/scache.sem
[root@stu33 ~]#vim /etc/httpd/conf.d/ssl.conf
AddType application/x-x509-ca-cert .crt #证书
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key #私钥存放位置
未启用ssl会话浏览器对话框只能输入http://xxxxxx
启用ssl会话的必须输入:https://xxxxx
为http建立CA证书:
(只能为虚拟主机里面的一个虚拟主机建立ssl会话)
一、vim /etc/httpd/conf.d/ssl.conf
DocumentRoot "/var/www/html/vhosts/test"
ServerName www.test.net
[root@stu33 ~]# cd /etc/pki/CA/
[root@stu33 CA]# vim ../tls/openssl.cnf
[ CA_default ]
dir = /etc/pki/CA
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = CN
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Henan
localityName = Locality Name (eg, city)
localityName_default = ZZ
0.organizationName = Organization Name (eg, company)
0.organizationName_default = magedu.com
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default =Tech
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
emailAddress_default = [email protected]
# SET-ex3 = SET extension number 3
[root@stu33 CA]# ls
private
[root@stu33 CA]# (umask 077; openssl genrsa 1024 > private/cakey.pem)
Generating RSA private key, 1024 bit long modulus
.....................++++++
....................++++++
e is 65537 (0x10001)
[root@stu33 CA]# ll private/
total 8
-rw------- 1 root root 887 Mar 9 21:26 cakey.pem
[root@stu33 CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [Henan]:
Locality Name (eg, city) [ZZ]:
Organization Name (eg, company) [magedu.com]:
Organizational Unit Name (eg, section) [Tech]:
Common Name (eg, your name or your server's hostname) []:ca.magedu.com #此行必须写,因为一会浏览器中会验证CA 的颁发机构就是这个主机ca.magedu.com
Email Address [[email protected]]:
[root@stu33 CA]# ls
cacert.pem private
[root@stu33 CA]# mkdir newcerts certs crl
[root@stu33 CA]# touch index.txt
[root@stu33 CA]# echo 01 > serial
[root@stu33 CA]# ls
cacert.pem certs crl index.txt newcerts private serial
[root@stu33 CA]# echo 01 > crlnumber
[root@stu33 CA]# ll
total 60
-rw-r--r-- 1 root root 1273 Mar 9 21:29 cacert.pem
drwxr-xr-x 2 root root 4096 Mar 9 21:31 certs
drwxr-xr-x 2 root root 4096 Mar 9 21:31 crl
-rw-r--r-- 1 root root 3 Mar 9 21:32 crlnumber
-rw-r--r-- 1 root root 0 Mar 9 21:31 index.txt
drwxr-xr-x 2 root root 4096 Mar 9 21:31 newcerts
drwx------ 2 root root 4096 Mar 9 21:26 private
-rw-r--r-- 1 root root 3 Mar 9 21:31 serial
[root@stu33 CA]# cd /etc/httpd/conf
[root@stu33 conf]# ls
htpasswd httpd.conf magic
[root@stu33 conf]# mkdir ssl
[root@stu33 conf]# ls
htpasswd httpd.conf magic ssl
[root@stu33 ssl]#cd /ssl
[root@stu33 ssl]# openssl req -new -key httpd.key -out httpd.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [Henan]:
Locality Name (eg, city) [ZZ]:
Organization Name (eg, company) [magedu.com]:
Organizational Unit Name (eg, section) [Tech]:
Common Name (eg, your name or your server's hostname) []:www.test.net #此行为为你所要颁发的主机,为www.test.net颁发CA证书
Email Address [[email protected]]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@stu33 ssl]# openssl ca -in httpd.csr
。。。。。。。。。。。。。。。
[root@stu33 ssl]# ls
httpd.csr httpd.key
[root@stu33 conf.d]# vim ssl.conf
SSLCertificateFile /etc/httpd/conf/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl/httpd.key
#私钥配置文件 读取位置
[root@stu33 conf.d]# service httpd start
======================================================================
WordPress:博客建站工具:
linux中php和mysql建立博客站点
wordpress-3.0.4-zh_CN.zip
安装软件包:
#mkdir /vhosts/wordpress
#vim /etc/httpd/conf/http.conf
DocumentRoot "/var/www/html/vhosts/wordpress"
ServerName wordpress.magedu.com
。。。。。。#建立一个虚拟主机站点
#wordpress-3.0.4.zip —-> unzip wordpress-3.0.4.zip 解压缩到/vhosts/wordpress
#配置文件为wp-config.php
#vim wp-config.php
define('DB_NAME', 'wordpress');
define('DB_USER', 'wp');
define('DB_PASSWORD', '102721');
define('DB_HOST', 'localhost');
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
#添加数据库mysql 账户和密码和数据库
mysql>GRANT ALL PRIVILEGES ON wordpress.* TO [email protected] IDENTIFIED BY ‘12345’
#还可以创建用户root 172.16.33.1和授权给他
#[email protected] IDENTIFIED BY ‘12345’创建新用户并赋予密码12345
# 然后在浏览器中输入wordpress.magedu.com 就可以安装了,对应httpd.conf中的servername即可!
==================================================
建立论坛:chinaunix
discuz
phpwind
phpbb
linux中php和mysql建立博客站点
wordpress-3.0.4-zh_CN.zip
安装软件包:
#mkdir /vhosts/wordpress
#vim /etc/httpd/conf/http.conf
DocumentRoot "/var/www/html/vhosts/wordpress"
ServerName wordpress.magedu.com
#wordpress-3.0.4.zip —-> unzip wordpress-3.0.4.zip 解压缩到/vhosts/wordpress
#配置文件为wp-config.php
#vim wp-config.php
define('DB_NAME', 'wordpress');
define('DB_USER', 'wp');
define('DB_PASSWORD', '102721');
define('DB_HOST', 'localhost');
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
#添加数据库mysql 账户和密码和数据库
mysql>GRANT ALL PRIVILEGES ON wordpress.* TO [email protected] IDENTIFIED BY ‘12345’
#还可以创建用户root 172.16.33.1和授权给他
#[email protected] IDENTIFIED BY ‘12345’创建新用户并赋予密码12345
# 然后在浏览器中输入wordpress.magedu.com 就可以安装了,对应httpd.conf中的servername即可!
==================================================
建立论坛:chinaunix
discuz
phpwind
phpbb