本文旨在实践httpd虚拟主机及基于用户的访问控制
知识储备
虚拟主机有三种实现方案:
基于ip:
为每个虚拟主机准备至少一个独有ip地址;
基于port:
为每个虚拟主机使用至少一个独有的port;
基于FQDN:
为每个虚拟主机使用至少一个FQDN;
注意:一般虚拟机不要与中心主机混用;因此,要使用虚拟主机,得先禁用‘main‘主机;
禁用方法:注释中心主机的DocumentRoot指令即可;
基于用户的访问控制:
http协议认证方式2种
basic:明文
digest:消息摘要认证
本次以basic为例进行演示。
实验要求
实验机器:centos6.7 x86_64
实验软件:httpd-2.2.15-45.el6.centos.x86_64 yum安装
配置httpd虚拟主机
1. 配置基于ip的虚拟主机
1.1 配置要用到的ip地址
[root@web01 ~]# ip addr add 172.16.52.2/16 dev eth1 [root@web01 ~]# ip addr show eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 10 00 link/ether 00:0c:29:d2:e8:ff brd ff:ff:ff:ff:ff:ff inet 172.16.52.1/16 brd 172.16.255.255 scope global eth1 inet 172.16.52.2/16 scope global secondary eth1 inet6 fe80::20c:29ff:fed2:e8ff/64 scope link valid_lft forever preferred_lft forever
1.2 配置虚拟主机文件
配置/etc/httpd/conf.d/vhost{1,2}.conf #以.conf结尾都行
[root@web01 conf.d]# cat vhosts{1,2}.conf
<VirtualHost 172.16.52.1:80>
ServerName www1.magedu.com
DocumentRoot "/data/vhosts/www1"
CustomLog logs/www1/www1.access_log combined
ErrorLog logs/www1/www1.error_log
</VirtualHost>
<VirtualHost 172.16.52.2:80>
ServerName www2.magedu.com
DocumentRoot "/data/vhosts/www2"
CustomLog logs/www2/www2.access_log combined
ErrorLog logs/www2/www2.error_log
</VirtualHost>注意该创建的目录要事先创建好!
1.3 配置虚拟主机站点文件
[root@web01 conf.d]# cat /data/vhosts/www{1,2}/index.html
<h1>www1 Page www1.magedu.com</h1>
web2 page www2.magedu.com1.4 检查并重载
[root@web01 conf.d]# httpd -t Syntax OK [root@web01 conf.d]# service httpd reload Reloading httpd:
1.5 测试
[root@web01 conf.d]# curl 172.16.52.1 <h1>www1 Page www1.magedu.com</h1> [root@web01 conf.d]# curl 172.16.52.2 web2 page www2.magedu.com
2.配置基于端口的虚拟主机
2.1 确保httpd已经监听了多个端口
[root@web01 conf.d]# grep "^Listen" /etc/httpd/conf/httpd.conf Listen 80 Listen 808
[root@web01 logs]# netstat -tnlp|grep httpd tcp 0 0 :::808 :::* LISTEN 20215/httpd tcp 0 0 :::80 :::* LISTEN 20215/httpd
2.2 配置虚拟主机文件
[root@web01 conf.d]# cat vhosts{1,2}.conf
<VirtualHost 172.16.52.1:80>
ServerName www1.magedu.com
DocumentRoot "/data/vhosts/www1"
CustomLog logs/www1/www1.access_log combined
ErrorLog logs/www1/www1.error_log
</VirtualHost>
<VirtualHost 172.16.52.1:808>
ServerName www2.magedu.com
DocumentRoot "/data/vhosts/www2"
CustomLog logs/www2/www2.access_log combined
ErrorLog logs/www2/www2.error_log
</VirtualHost>2.3 检查并重载
httpd -t
service httpd reload
2.4 测试
[root@web01 conf.d]# curl 172.16.52.1:80 <h1>www1 Page www1.magedu.com</h1> [root@web01 conf.d]# curl 172.16.52.1:808 web2 page www2.magedu.com
3.配置基于域名的虚拟主机
3.1 开启NameVirtualHost
[root@web01 httpd]# grep "^NameVirtualHost" /etc/httpd/conf/httpd.conf NameVirtualHost 172.16.52.1:80
3.2 配置虚拟主机文件
[root@web01 conf.d]# cat vhosts{1,2}.conf
<VirtualHost 172.16.52.1:80>
ServerName www1.magedu.com
DocumentRoot "/data/vhosts/www1"
CustomLog logs/www1/www1.access_log combined
ErrorLog logs/www1/www1.error_log
</VirtualHost>
<VirtualHost 172.16.52.1:80>
ServerName www2.magedu.com
DocumentRoot "/data/vhosts/www2"
CustomLog logs/www2/www2.access_log combined
ErrorLog logs/www2/www2.error_log
</VirtualHost>3.3 检查并重载
httpd -t
service httpd reload
3.4 测试
[root@web01 httpd]# tail -2 /etc/hosts 172.16.52.1 www1.magedu.com 172.16.52.1 www2.magedu.com
[root@web01 httpd]# curl www1.magedu.com <h1>www1 Page www1.magedu.com</h1> [root@web01 httpd]# curl www2.magedu.com web2 page www2.magedu.com
基于用户的访问控制
1. basic基于用户认证配置
1.1 定义安全域
[root@web01 conf]# cat ../conf.d/vhosts1.conf <VirtualHost 172.16.52.1:80> ServerName www1.magedu.com DocumentRoot "/data/vhosts/www1" CustomLog logs/www1/www1.access_log combined ErrorLog logs/www1/www1.error_log <Directory "/data/vhosts/www1"> Options None AllowOverride None AuthType Basic AuthName "For Administrators" AuthUserFile "/etc/httpd/conf/.htpasswd" Require user tom </Directory> </VirtualHost>
说明: <Directory ""> </Directory> 也可以配置在httpd.conf中
1.2 提供账号和密码存储(文本文件)
[root@web01 conf]# htpasswd -c -m /etc/httpd/conf/.htpasswd tom New password: Re-type new password: Adding password for user tom [root@web01 conf]# htpasswd -m /etc/httpd/conf/.htpasswd jack New password: Re-type new password: Adding password for user jack
1.3 检查并重载
1.4 测试
2. basic基于组账号认证配置
2.1 定义安全域
[root@web01 ~]# vim /etc/httpd/conf.d/vhosts1.conf <VirtualHost 172.16.52.1:80> ServerName www1.magedu.com DocumentRoot "/data/vhosts/www1" CustomLog logs/www1/www1.access_log combined ErrorLog logs/www1/www1.error_log <Directory "/data/vhosts/www1"> Options None AllowOverride None AuthType Basic AuthName "For Administrators" AuthUserFile "/etc/httpd/conf/.htpasswd" AuthGroupFile "/etc/httpd/conf/.htgrp" Require group mygroup </Directory> </VirtualHost>
说明: <Directory ""> </Directory> 也可以配置在httpd.conf中
2.2 创建用户账号和组账号文件
[root@web01 conf]# cat .htgrp mygroup:tom jack
2.3 检查并重载
2.4 测试
本文出自 “Hello,Linux” 博客,转载请与作者联系!
原文:http://zhangbei.blog.51cto.com/11081042/1825859