三种虚拟主机的配置
开启apache服务,编写环境变量
[root@localhost ~]# vim /etc/profile.d/httpd.sh
export PATH=/usr/local/apache/bin:$PATH
[root@localhost ~]# source /etc/profile.d/httpd.sh
这样的开启方式不会报错,如果没有编辑环境变量,就开启不了apache,系统就会给你推荐安装httpd,但是这样安装完之后,打开配置的网站就是默认的,即使编辑了,也还是会报错
所以就需要编辑环境变量。
[root@localhost profile.d]# apachectl start // 开启apache
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
httpd (pid 471695) already running
[root@localhost profile.d]# ss -antl //查看端口
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
这里显示的就是apache开启
[root@localhost htdocs]# mkdir site{1,2,3} //创建三个目录用来存放源码
[root@localhost htdocs]# ls
index.html site1 site2 site3
[root@localhost htdocs]# echo 'site1' > site1/index.html
[root@localhost htdocs]# echo 'site2' > site2/index.html
[root@localhost htdocs]# echo 'site3' > site3/index.html
[root@localhost htdocs]# tree
.
├── index.html
├── site1
│ └── index.html
├── site2
│ └── index.html
└── site3
└── index.html
[root@localhost htdocs]# ls
CSS3卡通圣诞树动画代码 index.html site1 site2 site3
[root@localhost htdocs]# cd CSS3卡通圣诞树动画代码
[root@localhost CSS3卡通圣诞树动画代码]# ls
css index.html
[root@localhost CSS3卡通圣诞树动画代码]# mv * ../site1
mv:是否覆盖'../site1/index.html'? y
[root@localhost CSS3卡通圣诞树动画代码]# apachectl restart
把在源码之家下载的源码添加到创建的目录中。
[root@localhost httpd24]# ls //这里的extra就是我要编辑的默认的配置文件
extra httpd.conf magic mime.types original
[root@localhost httpd24]# ls extra/
httpd-autoindex.conf httpd-languages.conf httpd-ssl.conf
httpd-dav.conf httpd-manual.conf httpd-userdir.conf
httpd-default.conf httpd-mpm.conf httpd-vhosts.conf
httpd-info.conf httpd-multilang-errordoc.conf proxy-html.conf
[root@localhost httpd24]# vim extra/httpd-vhosts.conf
[root@localhost httpd24]# cat extra/httpd-vhosts.conf
相同的IP不同的端口
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/usr/local/apache/htdocs/site1"
ServerAlias site1.example.com
ErrorLog "logs/site1.example.com-error_log"
CustomLog "logs/site1.example.com-access_log" common
</VirtualHost>
listen 81
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/usr/local/apache/htdocs/site2"
ServerAlias site1.example.com
ErrorLog "logs/site2.example.com-error_log"
CustomLog "logs/site2.example.com-access_log" common
</VirtualHost>
这里显示81端口也可以访问到我上传的这个源码
这里在网卡的配置文件里面添加了一个IP
[root@localhost httpd24]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:b5:79:e9 brd ff:ff:ff:ff:ff:ff
inet 192.168.98.66/24 brd 192.168.98.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.98.33/24 brd 192.168.98.255 scope global secondary noprefixroute ens33
不同IP相同端口
[root@localhost httpd24]# cat extra/httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/usr/local/apache/htdocs/site1"
ServerAlias site1.example.com
ErrorLog "logs/site1.example.com-error_log"
CustomLog "logs/site1.example.com-access_log" common
</VirtualHost>
可以看出。把不同的IP去访问源码的时候,也是可以访问到的
//编辑最后一个虚拟主机
[root@localhost httpd24]# vim extra/httpd-vhosts.conf
相同IP相同端口不同域名
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/usr/local/apache/htdocs/site1"
ServerAlias site1.example.com
ErrorLog "logs/site1.example.com-error_log"
CustomLog "logs/site1.example.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/usr/local/apache/htdocs/site2"
ServerAlias site1.example.com
ErrorLog "logs/site2.example.com-error_log"
CustomLog "logs/site2.example.com-access_log" common
</VirtualHost>
配置这个虚拟主机时候要注意,需要在自己的电脑上的配置文件中增加如下配置
然后尝试ping通这个网络
这里显示可以ping通,,接下来,就可以用域名访问了
配置https
- 生成证书
- 配置httpd.conf,取消一下的注释
需要安装修改这个配置文件
# General setup for the virtual host
DocumentRoot "/usr/local/apache/htdocs/site1"
ServerName www.example.com:443
ErrorLog "/usr/local/apache/logs/site1_error_log"
TransferLog "/usr/local/apache/logs/site1_access_log"
[root@localhost extra]# vim httpd-ssl.conf
SSLCertificateFile "/etc/httpd24/httpd.crt"
SSLCertificateKeyFile "/etc/httpd24/httpd.key"
[root@localhost extra]# vim ../httpd.conf
LoadModule ssl_module modules/mod_ssl.so
需要把这一行的注释取消掉```
[root@localhost extra]# vim ../httpd.conf
Include /etc/httpd24/extra/httpd-ssl.conf
[root@localhost extra]# apachectl -t
AH00526: Syntax error on line 92 of /etc/httpd24/extra/httpd-ssl.conf:
SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).
[root@localhost extra]# vim +92 /etc/httpd24/extra/httpd-ssl.conf
#SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_scache(512000)"
#SSLSessionCacheTimeout 300
会有这样的问题出现,只需要把上面两行加上注释就可以
[root@localhost ~]# mkdir /etc/pki/CA
[root@localhost ~]# cd /etc/pki/CA
[root@localhost CA]# mkdir private
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
.....................................................+++++
.............+++++
e is 65537 (0x010001)
[root@localhost CA]# ls private/
cakey.pem
在这里创建所需的目录,
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:jxrt
Organizational Unit Name (eg, section) []:jxrt
Common Name (eg, your name or your server's hostname) []:site1.example.com
Email Address []:230023@qq.com
生成证书
[root@localhost CA]# mkdir certs newcerts crl
[root@localhost CA]# touch index.txt && echo 01 > serial
[root@localhost CA]# ls
cacert.pem certs crl index.txt newcerts private serial
创建这些目录,写了一下文件
[root@localhost opt]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
..............................................................................+++++
..................................................................+++++
e is 65537 (0x010001)
[root@localhost opt]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:jxrt
Organizational Unit Name (eg, section) []:jxrt
Common Name (eg, your name or your server's hostname) []:site1.example.com
Email Address []:230023@qq.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
这里获取钥匙,信息,必须和上面保持一致
[root@localhost opt]# ls
httpd.csr httpd.key
[root@localhost opt]# ll
总用量 8
-rw-r--r--. 1 root root 1037 4月 27 09:50 httpd.csr
-rw-------. 1 root root 1675 4月 27 09:48 httpd.key
可以看出现在已经生成了钥匙。
[root@localhost opt]# openssl ca -in httpd.csr -out httpd.crt -days 365
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@localhost opt]# ls
httpd.crt httpd.csr httpd.key
[root@localhost opt]# mv httpd.crt httpd.key /etc/httpd24/
这时需要把opt下面的文件移动到/etc/下面去
[root@localhost httpd24]# ls
extra httpd.conf httpd.crt httpd.key magic mime.types original
[root@localhost httpd24]# apachectl restart
[root@localhost httpd24]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
LISTEN 0 128 *:443 *:*
配置完成后查看一下有没有443这个端口
配置完成后以https的方式去访问