配置http和https
修改http配置文件并授权访问
文章目录
- 修改http配置文件并授权访问
- 配置相同IP不同端口的虚拟主机
- 不同IP相同端口
- 相同IP相同端口不同域名
[root@150 ~]# dnf -y install httpd
[root@150 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
[root@150 ~]#systemctl stop firewalld
[root@150 ~]# cd /var/www/html/
将斗地主压缩包上传到/var/www/html/中
[root@150 html]# ls
斗地主.zip
[root@150 html]# unzip 斗地主.zip
[root@150 html]# ls
'HTML5 canvas移动端斗地主小游戏' 斗地主.zip
[root@150 html]# rm -rf 斗地主.zip
[root@150 html]# mv 'HTML5 canvas移动端斗地主小游戏'/ doudizhu
[root@150 html]# ls
doudizhu
[root@150 html]#
[root@150 html]# cd doudizhu/
[root@150 doudizhu]# ls
DJDDZ.js img index.html JControls.js Prototype.js ResourceData.js
[root@150 doudizhu]#
在网页中访问该游戏目录
访问成功后开始授权访问,在httpd配置文件中修改配置,只拒绝192.168.89.150访问,允许其他ip访问
[root@150 doudizhu]# cd
[root@150 ~]# cd /etc/httpd/
[root@150 httpd]# ls
conf conf.d conf.modules.d logs modules run state
[root@150 httpd]# cd conf
[root@150 conf]# ls
httpd.conf magic
[root@150 conf]# vim httpd.conf
98 ServerName www.example.com:80
162 <Directory "/var/www/html/doudizhu">
163 <RequireAll>
164 Require not ip 192.168.89.150
165 Require all granted
166 </RequireAll>
167 </Directory>
168
[root@150 conf]# httpd -t
Syntax OK
[root@150 conf]#
[root@150 conf]# systemctl restart httpd
在物理机中能够访问到
只允许192.168.89.150访问,其他全部拒绝
[root@150 conf]# vim httpd.conf
162 <Directory "/var/www/html/doudizhu">
163 <RequireAll>
164 Require ip 192.168.89.150
165 </RequireAll>
166 </Directory>
167
[root@150 conf]# httpd -t
Syntax OK
[root@150 conf]#
此时物理机无法访问
配置相同IP不同端口的虚拟主机
再次添加新游戏,并修改配置文件中的端口号为不同端口
[root@150 www]# cd /var/www/html/
[root@150 html]# ls
doudizhu 坦克.zip
[root@150 html]# unzip 坦克.zip
[root@150 html]# ls
Battle_City doudizhu 坦克.zip
[root@150 html]# rm -rf 坦克.zip
[root@150 html]# mv Battle_City/ tanke
[root@150 html]# ls
doudizhu tanke
[root@150 html]#[root@150 ~]# cd /etc/httpd/conf.d/
[root@150 conf.d]# find / -name *vhosts.conf
/root/httpd-2.4.54/docs/conf/extra/httpd-vhosts.conf
/usr/share/doc/httpd/httpd-vhosts.conf
/usr/local/apache/conf/extra/httpd-vhosts.conf
/usr/local/apache/conf/original/extra/httpd-vhosts.conf
[root@150 conf.d]# cp /usr/share/doc/httpd/httpd-vhosts.conf /etc/httpd/conf.d/
[root@150 conf.d]# vim /usr/share/doc/httpd
httpd/ httpd-tools/
[root@150 conf.d]# vim /usr/share/doc/httpd
httpd/ httpd-tools/
[root@150 conf.d]# vim /usr/share/doc/httpd/httpd-vhosts.conf
23 <VirtualHost *:80>
24 DocumentRoot "/var/www/html/doudizhu"
25 ServerName www.doudizhu1.com
26 ErrorLog "/var/log/httpd/www.doudizhu1.com-error_log"
27 CustomLog "/var/log/httpd/www.doudizhu1.com-access_log" common
28 </VirtualHost>
29
30 Listen 81
31 <VirtualHost *:81>
32 DocumentRoot "/var/www/html/tanke"
33 ServerName www.tanke1.com
34 ErrorLog "/var/log/httpd/www.tanke1.com-error_log"
35 CustomLog "/var/log/httpd/www.tanke1.com-access_log" common
36 </VirtualHost>
[root@150 conf.d]# httpd -t
Syntax OK
[root@150 conf.d]# systemctl restart httpd
[root@150 conf.d]#
[root@150 conf.d]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:81 *:*
LISTEN 0 128 [::]:22 [::]:*
此时访问相同IP的不同端口
不同IP相同端口
访问不同ip的相同端口
[root@150 conf.d]# vim httpd-vhosts.conf
23 <VirtualHost 192.168.89.150:80>
24 DocumentRoot "/var/www/html/doudizhu"
25 ServerName www.doudizhu1.com
26 ErrorLog "/var/log/httpd/www.doudizhu1.com-error_log"
27 CustomLog "/var/log/httpd/www.doudizhu1.com-access_log" common
28 </VirtualHost>
29
30 Listen 80
31 <VirtualHost 192.168.89.152:80>
32 DocumentRoot "/var/www/html/tanke"
33 ServerName www.tanke1.com
34 ErrorLog "/var/log/httpd/www.tanke1.com-error_log"
35 CustomLog "/var/log/httpd/www.tanke1.com-access_log" common
36 </VirtualHost>
[root@150 conf.d]# httpd -t
Syntax OK
[root@150 conf.d]# systemctl restart httpd
[root@150 ~]#ip add addr 192.168.89.152/24 dev ens36
[root@150 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:6b:60:21 brd ff:ff:ff:ff:ff:ff
inet 192.168.89.150/24 brd 192.168.89.255 scope global dynamic noprefixroute ens33
valid_lft 1333sec preferred_lft 1333sec
inet6 fe80::20c:29ff:fe6b:6021/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens36: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:6b:60:2b brd ff:ff:ff:ff:ff:ff
inet 192.168.200.0/31 scope global noprefixroute ens36
valid_lft forever preferred_lft forever
inet 192.168.89.152/24 brd 192.168.89.255 scope global dynamic noprefixroute ens36
valid_lft 1558sec preferred_lft 1558sec
inet6 fe80::20c:29ff:fe6b:602b/64 scope link
valid_lft forever preferred_lft forever
[root@150 ~]#
用不同的IP访问,默认端口为80
相同IP相同端口不同域名
将两个IP和端口保持一致
[root@150 conf.d]# vim httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/var/www/html/doudizhu"
ServerName www.doudizhu1.com
ErrorLog "/var/log/httpd/www.doudizhu1.com-error_log"
CustomLog "/var/log/httpd/www.doudizhu1.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/var/www/html/tanke"
ServerName www.tanke1.com
ErrorLog "/var/log/httpd/www.tanke1.com-error_log"
CustomLog "/var/log/httpd/www.tanke1.com-access_log" common
</VirtualHost>
[root@150 conf.d]# httpd -t
Syntax OK
[root@150 conf.d]# systemctl restart httpd
在电脑c盘下修改配置文件 :
c : /windows /system32/dervers/etc/hosts一定要把hosts文件拖到桌面进行修改,修改完后再拖回c盘
然后访问所修改的域名
继续修改配置文件
[root@150 ~]# yum -y install mod_ssl
[root@150 ~]#
[root@150 ~]# cd /etc/httpd/conf.modules.d/
[root@150 conf.modules.d]# ls
00-base.conf 00-mpm.conf 00-ssl.conf 10-h2.conf
00-dav.conf 00-optional.conf 00-systemd.conf 10-proxy_h2.conf
00-lua.conf 00-proxy.conf 01-cgi.conf README
[root@150 conf.modules.d]# cat 00-ssl.conf
LoadModule ssl_module modules/mod_ssl.so
[root@150 conf.modules.d]#
[root@150 conf.modules.d]# cd /etc/httpd/conf.d/
[root@150 conf.d]# vim ssl.conf
1#
2# When we also provide SSL we have to listen to the
3# standard HTTPS port in addition.
4#
5 Listen 443 https
[root@150 conf.d]# systemctl restart httpd
[root@150 conf.d]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:443 *:*
[root@150 conf.d]# httpd -M |grep ssl
ssl_module (shared)
[root@150 conf.d]# cd
[root@150 ~]# mkdir /etc/pki/CA
[root@150 ~]# cd /etc/pki/CA/
[root@150 CA]# mkdir private
[root@150 CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
......+++++
...+++++
e is 65537 (0x010001)
[root@150 CA]# openssl rsa -in private/cakey.pem -pubout
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2DE/dHPdVWHrBMH/Gx3
2HrnrklcYsOys0Xw63nKJIKJhrBXfVrKq/1+hK9JP3ReGy634aFMAX8UxASFaGTk
v65JOtIyigxfGVwoOGB8f3X40wwjzeO/wYLg6hPW9Iyni3Ck/S4Bb1p/m08TqRC6
oqP1/L/c8xWjHJ0bdvKyuik51dpBqXPH9BYtgndT+6r4iHg3M0oVy1Ed6QmHpXxa
0cXzjmUzrfevoLx9tJuUJiIr6oLb82AwklKLw1EPhR97oN3CRMA3IosgvHTstcyR
DBOohKz+6oKfb1VhQVcdb9MwtvtAdrWLX+5RKDoqdBVBe8YO2Y/44Esh5mWEvWkx
KQIDAQAB
-----END PUBLIC KEY-----
[root@150 CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 36 5
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:peixun
Common Name (eg, your name or your server's hostname) []:www.tanke1.com
Email Address []:[email protected]
[root@150 CA]# ls
cacert.pem private
[root@150 CA]# mkdir certs newcerts crl
[root@150 CA]# ls
cacert.pem certs crl newcerts private
[root@150 CA]# touch index.txt && echo 01 > serial
[root@150 CA]# ls
cacert.pem certs crl index.txt newcerts private serial
[root@150 CA]# cd /etc/httpd && mkdir ssl && cd ssl
[root@150 ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
..................................................................................... ..................................+++++
.............................................................................+++++
e is 65537 (0x010001)
[root@150 ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:peixun
Common Name (eg, your name or your server's hostname) []:www.tanke1.com
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@150 ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Jul 21 14:24:09 2022 GMT
Not After : Jul 21 14:24:09 2023 GMT
Subject:
countryName = cn
stateOrProvinceName = hb
organizationName = runtime
organizationalUnitName = peixun
commonName = www.tanke1.com
emailAddress = 123@.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
F7:66:DE:CA:76:46:1E:4A:FF:75:1B:E4:E7:EA:89:08:6A:77:EF:D6
X509v3 Authority Key Identifier:
keyid:4E:06:B4:6C:4C:85:09:2A:16:02:EC:96:4B:4A:D9:7B:26:AE:6C:DE
Certificate is to be certified until Jul 21 14:24:09 2023 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@150 ssl]# ls
httpd.crt httpd.csr httpd.key
[root@150 ssl]# cd /etc/httpd/conf.d/
[root@150 conf.d]# ls
autoindex.conf httpd-vhosts.conf README ssl.conf userdir.conf welcome.conf
[root@150 conf.d]# vim ssl.conf
42 # General setup for the virtual host, inherited from global configuration
43 DocumentRoot "/var/www/html/tanke"
44 ServerName www.tanke1.com:443
85 SSLCertificateFile /etc/httpd/ssl/httpd.crt
93 SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
[root@150 conf.d]# httpd -t
Syntax OK
[root@150 conf.d]# systemctl restart httpd
[root@150 conf.d]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:443 *:*
[root@150 conf.d]#
使用https访问域名
