httpd高级配置
本帖最后由 高兴的地瓜 于 2011-3-3 10:03 编辑
一、虚拟主机配置
1、基于ip
要求:通过192.168.32.31可以访问/var/www/html目录内容,通过192.168.32.32可以访问/var/www/virt目录内容
#vi /etc/httpd/conf/httpd.conf
<VirtualHost 192.168.32.31:80>
ServerAdmin netsword@kvm.com
DocumentRoot /var/www/html
ServerName 192.168.32.31:80
ErrorLog logs/dummy-host.kvm.com-error_log
CustomLog logs/dummy-host.kvm.com-access_log common
</VirtualHost>
<VirtualHost 192.168.32.32:80>
ServerAdmin netsword@kvm.com
DocumentRoot /var/www/virt
ServerName 192.168.32.32:80
ErrorLog logs/dummy-host.kvm.com-error_log
CustomLog logs/dummy-host.kvm.com-access_log common
</VirtualHost>
2、基于端口
要求:通过192.168.32.31的80端口可以访问/var/www/html目录内容,通过192.168.32.31的8080端口可以访问/var/www/virt目录内容
#vi /etc/httpd/conf/httpd.conf
Listen 80 #此端口配置文件默认就有
Listen 8080 #手动添加此端口
<VirtualHost 192.168.32.31:80>
ServerAdmin netsword@kvm.com
DocumentRoot /var/www/html
ServerName 192.168.32.31:80
ErrorLog logs/dummy-host.kvm.com-error_log
CustomLog logs/dummy-host.kvm.com-access_log common
</VirtualHost>
<VirtualHost 192.168.32.31:8080>
ServerAdmin netsword@kvm.com
DocumentRoot /var/www/virt
ServerName 192.168.32.31:8080
ErrorLog logs/dummy-host.kvm.com-error_log
CustomLog logs/dummy-host.kvm.com-access_log common
</VirtualHost>
3、基于主机头
要求:通过station1.kvm.com可以访问/var/www/html目录内容,通过www.kvm.com可以访问/var/www/virt目录内容(注意要求DNS服务器上有这两个网站解析)
#vi /etc/httpd/conf/httpd.conf
NameVirtualHost 192.168.32.31:80 #要求必须由此行,此行表示打开主机头虚拟主机
<VirtualHost 192.168.32.31:80>
ServerAdmin netsword@kvm.com
DocumentRoot /var/www/html
ServerName station1.kvm.com
ErrorLog logs/dummy-host.kvm.com-error_log
CustomLog logs/dummy-host.kvm.com-access_log common
</VirtualHost>
<VirtualHost 192.168.32.31:80>
ServerAdmin netsword@kvm.com
DocumentRoot /var/www/virt
ServerName www.kvm.com
ErrorLog logs/dummy-host.kvm.com-error_log
CustomLog logs/dummy-host.kvm.com-access_log common
</VirtualHost>
二、多种用户认证方式配置
1、使用htpsswd工作生成的密码文件认证用户来源
# htpasswd -cm /etc/httpd/.webusers netsword
# htpasswd -m /etc/httpd/.webusers netswordster
# htpasswd -m /etc/httpd/.webusers zhxy
# htpasswd -m /etc/httpd/.webusers zxy
# vi /etc/httpd/.webgroup#给用户分组
net:netsword netswordster
zh:zhxy zxy
# -c:表示创建密码文件
# -m:增加用户到密码文件
# -D:从密码文件中删除用户
#
# vi /etc/htttpd/conf/httpd.conf
<VirtualHost 192.168.32.31:80>
ServerAdmin netsword@kvm.com
DocumentRoot /var/www/html
ServerName station1.kvm.com
<Directory /var/www/html>
AuthName TestAdmin #提示信息
AuthType basic #基本身份认证,即基于密码文件的身份认证
AuthUserFile /etc/httpd/.webusers
Require valid-user
#有此行所有用户均可访问;如无此行,则后面net组内用户可访问
AuthGroupFile /etc/httpd/.webgroup #可访问用户为net组中用户
Require Group net
#valid-user:表所有密码文件中的用户均可访问此目录,也可为Require netsword则表示只有密码文件中netsword账户可以访问此目录
</Directory>
ErrorLog logs/dummy-host.kvm.com-error_log
CustomLog logs/dummy-host.kvm.com-access_log common
</VirtualHost>
2、使用MySQL数据库认证用户来源
安装mysql及httpd中mysql认证模块
# yum install mysql-server.i386
# yum install mysql-devel.i386
# yum install mod_auth_mysql.i386
# service mysqld start
# chkconfig mysql on
创建认证用户和认证组
# mysqladmin -u root password redhat
# mysql -uroot -predhat
Welcome to the MySQL monitor.Commands end with ; or \g.
Your MySQL connection id is 131
Server version: 5.0.77 Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> create database apacheusers;
mysql> use apacheusers;
mysql> create table user (name char(25),pwd char(25), primary key (name));
mysql> create table grp (uname char(25),gname char(25),primary key (uname,gname));
mysql> grant select on apacheusers.user to apacheuser@localhost identified by 'redhat';
mysql> grant select on apacheusers.grp to apacheuser@localhost identified by 'redhat';
mysql> insert into user (name,pwd) values ('netsword','111');
mysql> insert into user (name,pwd) values ('netswordster','111');
mysql> insert into user (name,pwd) values ('zhxy','222');
mysql> insert into user (name,pwd) values ('zxy','222');
mysql> insert into grp (uname,gname) values ('netsword','net');
mysql> insert into grp (uname,gname) values ('netswordster','net');
mysql> insert into grp (uname,gname) values ('zhxy','zh');
mysql> insert into grp (uname,gname) values ('zxy','zh');
修改配置文件,开启mysql认证
# vi /etc/httpd/conf/httpd.conf
NameVirtualHost 192.168.32.31:80
<VirtualHost 192.168.32.31:80>
ServerAdmin netsword@kvm.com
DocumentRoot /var/www/html
ServerName station1.kvm.com
<Directory /var/www/html>
AuthName TestAdmin
AuthType basic
AuthMySQLEnable on
AuthMySQLUser apacheuser
AuthMySQLPassword redhat
AuthMySQLDB apacheusers
AuthMySQLUserTable user
AuthMySQLNameField name
AuthMySQLPasswordField pwd
Require valid-user
AuthMySQLGroupTable grp
AuthMySQLGroupField gname
Require Group net
</Directory>
ErrorLog logs/dummy-host.kvm.com-error_log
CustomLog logs/dummy-host.kvm.com-access_log common
</VirtualHost>
三、HTTPS配置
1、自颁发证书
#yum install mod_ssl.i386
#mkdir /etc/httpd/.sslkey
#openssl genrsa -out /etc/httpd/.sslkey/server.key 1024
#openssl req -new -x509 -key /etc/httpd/.sslkey/server.key -out /etc/httpd/.sslkey/server.cert #生成密钥对
#chmod -R 400 /etc/httpd/.sslkey #保证证书安全
#vi /etc/httpd/conf/httpd.conf
<VirtualHost 192.168.32.31:443>
ServerAdmin webmaster@dummy-host.kvm.com
DocumentRoot /var/www/virt
ServerName www.kvm.com
SSLEngine on #开启ssl认证
SSLCertificateFile /etc/httpd/.sslkey/server.crt #证书文件
SSLCertificateKeyFile /etc/httpd/.sslkey/server.key#密钥文件
</VirtualHost>
页:
[1]