溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

使用httpd-2.2和httpd-2.4實現(xiàn)指定httpd服務

發(fā)布時間:2020-08-07 00:01:35 來源:網(wǎng)絡 閱讀:473 作者:fuclio 欄目:網(wǎng)絡安全


分別使用httpd-2.2和httpd-2.4實現(xiàn)

              1、建立httpd服務,要求:

                     (1)提供兩個基于名稱的虛擬主機www1, www2;有單獨的錯誤日志和訪問日志;

                     (2)通過www1的/server-status提供狀態(tài)信息,且僅允許tom用戶訪問;

                     (3)www2不允許192.168.0.0/24網(wǎng)絡中任意主機訪問;

 

準備過程

  1. 準備三臺虛擬機,一臺CentOS 7實現(xiàn)httpd-2.4 CentOS 6 實現(xiàn)httpd-2.2 另一臺提供頒發(fā)CA認證和測試服務要求

  2. 先關(guān)閉三臺虛擬機的iptables selinux

  3. 三臺機器yum安裝mod_ssl

 

CentOS 6 ip 172.16.55.6

CentOS 7 ip 172.16.55.7

CA方加測試 ip 172.16.55.11

 

第一小題

=========================

CentOS 6上提供的httpd服務是2.2版本

安裝httpd-2.2

yum install-y httpd

修改配置文件,添加虛擬主機名

       vim/etc/httpd/conf/httpd.conf

       990行下

       NameVirtualHost172.16.55.6:80

添加虛擬主機配置文件,并添加日志文件信息

       vim/etc/httpd/conf.d/www1.conf

<VirtualHost 172.16.55.6:80>

   ServerName www1.magedu.com

   DocumentRoot /data/vhosts/www1

   ErrorLog logs/www1-error_log

   CustomLog logs/www1-access_log combined

</VirtualHost>

 

vim /etc/httpd/conf.d/www2.conf

<VirtualHost 172.16.55.6:80>

   ServerName www2.magedu.com

   DocumentRoot /data/vhosts/www2

   ErrorLog logs/www2-error_log

   CustomLog logs/www2-access_log combined

</VirtualHost>

 

在創(chuàng)建網(wǎng)站信息

mkdir /data/vhosts/www{1,2}

vim /data/vhosts/www1/index.html

       11111

vim /data/chosts/www2/index.html

       22222

 

修改hosts配置文件,添加域名解析

vim /etc/hosts

添加 172.16.55.6 www1.magedu.com www2.magedu.com

 

語法檢查

httpd -t

在檢查端口是否打開,服務是否啟動

ss -ntl

ps aux

重啟服務,然后在瀏覽器中檢查172.16.55.7是否能解析

 

 

 

CentOS 7上提供的httpd服務是2.4版本

安裝httpd-2.4

yum install-y httpd

查看配置文件,但不需要添加虛擬主機名

      

添加虛擬主機配置文件,并添加日志文件信息

       vim/etc/httpd/conf.d/www1.conf

<VirtualHost 172.16.55.7:80>

   ServerName www1.magedu.com

   DocumentRoot /data/vhosts/www1

   ErrorLog logs/www1-error_log

CustomLoglogs/www1-access_log combined

<Directory"/data/vhosts/www1">
      Options None
      AllowOverride None
       Require all granted
    </Directory>

</VirtualHost>

 

vim /etc/httpd/conf.d/www2.conf

<VirtualHost 172.16.55.6:80>

   ServerName www2.magedu.com

   DocumentRoot /data/vhosts/www2

   ErrorLog logs/www2-error_log

CustomLoglogs/www2-access_log combined

<Directory"/data/vhosts/www1">
      Options None
      AllowOverride None
      Require all granted
     </Directory>

</VirtualHost>

 

在創(chuàng)建網(wǎng)站信息

mkdir /data/vhosts/www{1,2}

vim /data/vhosts/www1/index.html

       11111

vim /data/chosts/www2/index.html

       22222

 

修改hosts配置文件,添加域名解析

vim /etc/hosts

添加 172.16.55.7 www1.magedu.com www2.magedu.com

 

語法檢查

httpd -t

在檢查端口是否打開,服務是否啟動

ss -ntl

ps aux

重啟服務,然后在瀏覽器中檢查172.16.55.7是否能解析

 

 

 

 

第二題

============================

ip為172.16.55.6的CentOS 6上

先添加一個tom的虛擬用戶

htpasswd -c -m /etc/httpd/conf/.htpasswdtom

 

修改虛擬主機www1的配置文件

vim /etc/httpd/conf.d/www1.conf

<VirtualHost 172.16.55.6:80>

   ServerName www1.magedu.com

   DocumentRoot /data/vhosts/www1

   ErrorLog logs/www1-error_log

   CustomLog logs/www1-access_log combined

</VirtualHost>

 

<Location /server-status>
    SetHandler server-status
    AuthType basic
    AuthName "For tom"
    AuthUserFile "/etc/httpd/conf/.htpasswd"
    Require user tom
</Location>  

 

語法檢查后無誤后,重載服務配置

httpd -t                              
service httpd reload 

 

在瀏覽器這種輸入172.16.55.6/server-status

如下圖,只有輸入賬戶tom的賬戶密碼才可訪問

使用httpd-2.2和httpd-2.4實現(xiàn)指定httpd服務

 

 

ip為172.16.55.7的CentOS 7上

先添加一個tom的虛擬用戶

htpasswd -c -m /etc/httpd/conf/.htpasswdtom

 

修改虛擬主機www1的配置文件

在后面直接添加

<Location /server-status>
    SetHandler server-status
    AuthType basic
    AuthName "For tom"
    AuthUserFile "/etc/httpd/conf/.htpasswd"
    Require user tom
</Location>  

 

語法檢查后無誤后,重載服務配置

httpd -t                              
service httpd reload 

 

在瀏覽器這種輸入172.16.55.7/server-status

如圖,只有輸入賬戶tom的賬戶密碼才可訪問

 

 

 

第二題3小問

先在CentOS6上面做該操作

www2不允許192.168.0.0/24網(wǎng)絡中任意主機訪問

直接編輯www2的配置文件

vim /etc/httpd/conf.d/www2.conf

在后面添加一段代碼即可

<VirtualHost 172.16.55.6:80>

   ServerName www1.magedu.com

   DocumentRoot /data/vhosts/www1

    <Directory /data/vhosts/www2>

       OptionsNone
     AllowOverride None
    Order deny,allow

Denyfrom 192.16.0.0/24
    </Directory>

</VirtualHost>

 

CentOS 7 上操作相同

 

 

第三da題

=====172.16.55.11=====

先創(chuàng)建公鑰,頒發(fā)CA證書

yum install -y mod_ssl

cd /etc/pki/CA

(umask 077;openssl genrsa -outprivate/cakey.pem 2048)

openssl req -new -x509 -keyprivate/cakey.pem -out cacert.pem

 

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name)[]:beijing

Locality Name (eg, city) [DefaultCity]:beijing

Organization Name (eg, company) [DefaultCompany Ltd]:magedu

Organizational Unit Name (eg, section)[]:ops

Common Name (eg, your name or your server'shostname) []:ca.magedu.com

Email Address []:magedu@admin.com

 

創(chuàng)建補充文件

touch index.txt

echo 01> serial

 

 

然后在CentOS 6 上創(chuàng)建私鑰

mkdir -pv /etc/httpd/ssl

cd /etc/httpd/ssl/

(umask 077; openssl genrsa -outhttpd.key 1024)

openssl req -new -key httpd.key -out httpd.csr

 

Country Name (2 letter code) [XX]:CN

State or Province Name (full name)[]:beijing

Locality Name (eg, city) [DefaultCity]:beijing

Organization Name (eg, company) [DefaultCompany Ltd]:magedu

Organizational Unit Name (eg, section)[]:ops

Common Name (eg, your name or yourserver's hostname) []:www2.magedu.com

Email Address []:www2@admin.com

 

scp 172.16.55.11:/tmp

 

然后在切換到172.16.55.11 CA上面簽發(fā)證書

cd /etc/pki/CA

openssl ca -in /tmp/httpd.csr -out/etc/pki/CA/certs/httpd.crt

Using configuration from /etc/pki/tls/openssl.cnf

Check that the request matches thesignature

Signature ok

Certificate Details:

       Serial Number: 1 (0x1)

       Validity

            Not Before: Jul 24 04:54:15 2016GMT

            Not After : Jul 24 04:54:15 2017GMT

       Subject:

            countryName               = CN

            stateOrProvinceName       = beijing

            organizationName          = magedu

            organizationalUnitName    = ops

            commonName                = www2.magedu.com

            emailAddress              = www2@admin.com

       X509v3 extensions:

            X509v3 Basic Constraints:

                CA:FALSE

            Netscape Comment:

                OpenSSL Generated Certificate

            X509v3 Subject Key Identifier:

               2B:D6:FF:8B:84:2D:33:FD:48:8A:EC:A5:80:63:67:46:F5:D5:54:12

            X509v3 Authority Key Identifier:

               keyid:F2:32:D8:C5:E6:D9:04:B8:46:38:8D:D7:32:2B:E6:D5:90:56:3D:A1

 

Certificate is to be certified until Jul24 04:54:15 2017 GMT (365 days)

Sign the certificate? [y/n]:y

 

 

1 out of 1 certificate requestscertified, commit? [y/n]y

Write out database with 1 new entries

Data Base Updated

 

把簽署好的證書發(fā)還給請求者。
scp /certs/httpd.crt 172.16.55.6:/etc/httpd/ssl/

 

在回到172.16.55.6的CentOS上面修改ssl的配置文件

vim /etc/httpd/conf.d/ssl.conf

   <VirtualHost _default_:443>

   DocumentRoot "/data/vhosts/www2"

   ServerName www2.magedu.com:443

  

   SSLCertificateFile /etc/httpd/ssl/httpd.crt

   SSLCertificateKeyFile /etc/httpd/ssl/httpd.key

</VirtualHost>

 

然后檢查語法無誤后,重載服務

httpd-t

servicereload httpd

 

 

使用httpd-2.2和httpd-2.4實現(xiàn)指定httpd服務

 

CentOS 7 上面的操作過程和6的基本一致


向AI問一下細節(jié)

免責聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點不代表本網(wǎng)站立場,如果涉及侵權(quán)請聯(lián)系站長郵箱:is@yisu.com進行舉報,并提供相關(guān)證據(jù),一經(jīng)查實,將立刻刪除涉嫌侵權(quán)內(nèi)容。

AI