企业常用Centos 7.4 --虚拟主机基于域名,端口,IP,Apache访问控制
构建虚拟主机
一共支持三种虚拟主机类型
企业常用的是第一种基于域名的虚拟主机
基于IP地址的虚拟主机,一台物理主机上需要两个网卡
基于端口的虚拟主机
构建虚拟主机之基于域名
环境需求:一台linux作为DNS和web服务器,一台WIN10客户端作为测试
在我们的Linux先装两个 软件包
[ ~]# yum install bind httpd -y 已安装: bind.x86_64 32:9.11.4-9.P2.el7 httpd.x86_64 0:2.4.6-90.el7.centos 作为依赖被安装: apr.x86_64 0:1.4.8-5.el7 apr-util.x86_64 0:1.5.2-6.el7 bind-export-libs.x86_64 32:9.11.4-9.P2.el7 httpd-tools.x86_64 0:2.4.6-90.el7.centos mailcap.noarch 0:2.1.41-2.el7 作为依赖被升级: bind-libs.x86_64 32:9.11.4-9.P2.el7 bind-libs-lite.x86_64 32:9.11.4-9.P2.el7 bind-license.noarch 32:9.11.4-9.P2.el7 bind-utils.x86_64 32:9.11.4-9.P2.el7 dhclient.x86_64 12:4.2.5-77.el7.centos dhcp-common.x86_64 12:4.2.5-77.el7.centos dhcp-libs.x86_64 12:4.2.5-77.el7.centos
配置DNS主配置文件
需要改两处 [ ~]# vim /etc/named.conf options { listen-on port 53 { any; }; //监听所有地址 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { any; }; //允许其他所有主机可以进行解析
配置DNS区域配置文件
我们加入两个需要解析的域名区域配置 在正向解析上复制5行 [ ~]# vim /etc/named.rfc1912.zones zone "accp.com" IN { //你需要解析的域名 type master; file "accp.com.zone"; //区域数据配置文件 allow-update { none; }; }; zone "kgc" IN { type master; file "kgc.com.zone"; allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
配置DNS区域数据配置文件
[ ~]# cd /var/named/ [ named]# ls data dynamic named.ca named.empty named.localhost named.loopback slaves [ named]# cp -p named.localhost accp.com.zone //把模板复制到数据区域配置文件中 [ named]# vim accp.com.zone //配置 $TTL 1D @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 127.0.0.1 www IN A 192.168.136.136 //添加域名解析的地址 [ named]# cp -p accp.com.zone kgc.com.zone //这个只要复制过来不需要过来,我们是基于不同的域名解析
开启服务
[ named]# systemctl stop firewalld.service [ named]# setenforce 0 [ named]# systemctl start named
到win10客户端去测试能不能解析到地址
添加虚拟主机子配置文件,不要写在主配置文件中,系统加载会变慢。
[ named]# cd /etc/httpd/ [ httpd]# ls conf conf.d conf.modules.d logs modules run [ httpd]# cd conf [ conf]# ls httpd.conf magic [ conf]# mkdir extra //创建一个扩展的文件夹,里面放入子配置文件,方便我们以后管理 [ conf]# ls extra httpd.conf magic [ conf]# cd extra/
配置子配置文件
[ extra]# vim vhost.conf <VirtualHost *:80> //标签虚拟主机 ,*代表所有网络 DocumentRoot "/var/www/html/accp/" //指定站点 ServerName www.accp.com //定义域名 ErrorLog "logs/www.accp.com.error_log" //网址要有日志文件,错误日志文件 Customlog "logs/www.accp.com.access_log" common //访问日志文件 <Directory "/var/www/html"> //站点需要设置权限,让所有网络能访问这个网页 Require all granted </Directory> </VirtualHost> //结尾标签 <VirtualHost *:80> DocumentRoot "/var/www/html/kgc/" ServerName www.kgc.com ErrorLog "logs/www.kgc.com.error_log" Customlog "logs/www.kgc.com.access_log" common <Directory "/var/www/html"> Require all granted </Directory> </VirtualHost> ~
在站点下创建两个默认网页
[ httpd]# cd /var/www/html [ html]# mkdier accp kgc //创建两个站点目录 [ html]# mkdir accp kgc [ html]# ls accp kgc [ html]# cd accp [ accp]# vim index.html //编辑网页写入内容 h1>this is accp web</h1> [ accp]# cd ../kgc/ [ kgc]# vim index.html <h1>this is kgc web</h1>
在主配置文件中调用子配置文件
[ kgc]# cd /etc/httpd/ [ httpd]# cd conf [ conf]# ls extra httpd.conf magic [ conf]# vim httpd.conf #Load config files in the "/etc/httpd/conf.d" directory, if any. IncludeOptional conf.d/*.conf Include conf/extra/vhost.conf //调用子配置文件
启用web服务,并去win10客户端去测试能不能基于不同域名获得网页
虚拟主机之基于端口
子配置文件中在创建一个基于端口的虚拟主机
[ conf]# cd extra/ [ extra]# vim vhost.conf 22 <VirtualHost *:8080> //端口加上8080 23 DocumentRoot "/var/www/html/kgc.port/" 24 ServerName www.kgc.port.com 25 ErrorLog "logs/www.kgc.port.com.error_log" 26 Customlog "logs/www.kgc.port.com.access_log" common 27 <Directory "/var/www/html"> 28 Require all granted 29 </Directory> 30 </VirtualHost>
到站点目录下,做一个端口的默认网页
[ extra]# cd /var/www/html/ [ html]# ls accp kgc [ html]# mkdir kgc.port [ html]# cd kgc.port/ [ kgc.port]# vim index.html <h1>this is kgc.port web</h1> ~
在主配置文件中开启加入个监听地址
[ kgc.port]# vim /etc/httpd/conf/httpd.conf Listen 192.168.136.136:80 Listen 192.168.136.136:8080 #Listen 80
开启服务,查看端口有没有被提供出来
[ kgc.port]# systemctl restart httpd [ kgc.port]# netstat -ntap Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd tcp 0 0 192.168.136.136:8080 0.0.0.0:* LISTEN 59009/httpd tcp 0 0 192.168.136.136:80 0.0.0.0:* LISTEN
用客户端win10测试基于端口的不同访问网页
80端口还是原来的网页
虚拟主机之基于IP
添加一块网卡
[ ~]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.136.136 netmask 255.255.255.0 broadcast 192.168.136.255 inet6 fe80::e3c7:14af:6e4d:7216 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:c9:dd:05 txqueuelen 1000 (Ethernet) RX packets 101 bytes 10639 (10.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 113 bytes 12291 (12.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens36: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.136.138 netmask 255.255.255.0 broadcast 192.168.136.255 inet6 fe80::658e:4c2d:2273:9cf5 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:c9:dd:0f txqueuelen 1000 (Ethernet) RX packets 108 bytes 14566 (14.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 42 bytes 5695 (5.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
到子配置文件中开始配置
[ ~]# cd /etc/httpd/conf/extra/ [ extra]# ls vhost.conf [ extra]# vim vhost.conf
<VirtualHost 192.168.136.138:80> //“*”改成第二块网卡的地址 DocumentRoot "/var/www/html/accp/" ErrorLog "logs/www.accp.com.error_log" Customlog "logs/www.accp.com.access_log" common <Directory "/var/www/html"> Require all granted </Directory> </VirtualHost> <VirtualHost 192.168.136.136:80> //改成第一块网卡的地址 DocumentRoot "/var/www/html/accp02/" //重新在站点下写一个网页 ErrorLog "logs/www.accp02.com.error_log" Customlog "logs/www.accp02.com.access_log" common <Directory "/var/www/html"> Require all granted </Directory> </VirtualHost>
到站点下创建一个网页内容
[ extra]# cd /var/www/html/ [ html]# mkdir accp02 [ html]# cd accp02 [ accp02]# vim index.html <h1>this is 136 accp02 web</h1> ~ ~ ~ [ accp02]# vim ../accp/index.html <h1>this is 128 accp web</h1> ~ ~ ~
在主配置文件中增加监听138的地址,开启服务
#prevent Apache from glomming onto all bound IP addresses. Listen 192.168.136.136:80 Listen 192.168.136.138:80 #Listen 192.168.136.136:8080 #Listen 80 [ extra]# systemctl status httpd
去客户端测试一下,记得我们之前给客户端指定的dns解析地址弄到自动获取,不然你的客户端无法上网,无法访问网址
Aapache访问权限控制(客户机权限控制)
到子配置文件,也叫容器,当中做客户机访问权限控制,像当于黑白名单,这个容器,系统的所有命令都会去实现,不会像ACL访问控制列表从上到下逐条匹配识别命令。
[ ~]# cd /etc/httpd/conf/extra/ [ extra]# ls vhost.conf [ extra]# vim vhost.conf <VirtualHost 192.168.136.138:80> DocumentRoot "/var/www/html/accp/" ErrorLog "logs/www.accp.com.error_log" Customlog "logs/www.accp.com.access_log" common <Directory "/var/www/html"> <RequireAll> //要加入子容器的标签 Require not ip 192.168.136.137 //拒绝这个地址访问,也可以拒绝网段比如 Require not ip 192.168.136.0/24 Require all granted </RequireAll> //结尾标签 </Directory> </VirtualHost> [ extra]# systemctl restart httpd //重启服务
到客户端去测试一下
因为做了访问控制所以,只能访问web服务的默认网站
用户登录访问控制
[ extra]# cd /etc/httpd/conf [ conf]# htpasswd -c /etc/httpd/conf/pwd chen01 //创建一个chen01用户,放在路径底下,起个名字pwd. htpasswd:用YUM安装直接可以使用,如果手工编译安装,要把这个命令加到/usr/local/bin系统识别的命令底下。 New password: //输入你的密码 Re-type new password: //重复输入 Adding password for user chen01 [ conf]# ls extra httpd.conf magic pwd [ conf]# cat pwd chen01:$apr1$lOLJMVUo$EZ7qupc1bHN3k38OUw/1F. [ conf]# htpasswd /etc/httpd/conf/pwd chen02 //如果这个目录已存在,就不要加-c了 New password: Re-type new password: Adding password for user chen02 [ conf]# cat pwd chen01:$apr1$lOLJMVUo$EZ7qupc1bHN3k38OUw/1F. chen02:$apr1$5cbb6tpU$mt5EZG/8y7qXhyi1Pz2Lk1 [ conf]#
添加到容器当中指定某个IP用户登录访问控制
[ extra]# vim vhost.conf <VirtualHost 192.168.136.136:80> DocumentRoot "/var/www/html/accp02/" ErrorLog "logs/www.accp02.com.error_log" Customlog "logs/www.accp02.com.access_log" common <Directory "/var/www/html"> AuthName "DocumentRoot" //声明信息 AuthType Basic //验证类型为基本验证 AuthUserFile /etc/httpd/conf/pwd //验证文件,目录位置 Require valid-user //授权给用户登录 </Directory> </VirtualHost> [ extra]# systemctl restart httpd
去客户机测试一下用户登录访问控制
以上就是我们所有的内容了,谢谢大家收看
相关推荐
javashixisheng 2020-06-25
SZStudy 2020-01-08
hithyc 2019-12-27
kianliu00 2019-12-14
wllinux 2019-11-25
ccschan 2019-11-20
贫农 2019-11-19
88971730 2019-11-18
yinsui 2011-03-11
讨厌什么变成什么 2019-11-04
doITwhat 2019-10-09
stoneechogx 2019-10-24
80791492 2019-09-22
海绵宝宝的欧尼 2012-09-08
hanwentan 2012-02-17
Linux 2011-07-01