http httpd achieve a simple function

Enterprise 2019-10-20 19:18:50 views: null
  1. httpd achieve user access control:
    (1) define the security domain
    controlled based on the individual user:
    <Directory "/var/www/html">
    Options None
    AllowOverride None
    AuthType Basic
    AuthName "String"
    AuthUserFile "/etc/httpd/conf/.httpdpasswd"
    AuthGroupFile "/etc/httpd/conf/.grp"
<RequireAll>
   Require ip 172.20
   Require user ops1
</RequireAll>
</Directory>

    Controlled based user group:

    <Directory "/var/www/html">
Options None
AllowOverride None
AuthType Basic
AuthName "String"
AuthUserFile "/etc/httpd/conf/.httpdpasswd"
AuthGroupFile "/etc/httpd/conf/.grp"
<RequireAll>
   Require ip 172.20
   Require  group ops
</RequireAll>
</Directory>

(2) provide account and password store (text file)
to use specific commands to complete the creation of such files and user management

htpasswd  [options]   /PATH/TO/HTTPD_PASSWD_FILE  username 
    -c:自动创建此处指定的文件,因此,仅应该在此文件不存在时使用;
    -m:md5格式加密
    -s: sha格式加密
    -D:删除指定用户
    -b:批模式添加用户 
[root@localhost conf]# htpasswd -bc  /etc/httpd/conf/.httppasswd ops1 123456
Adding password for user ops1
[root@localhost conf]# vim /etc/httpd/conf/.grp
ops:ops1 ops2

(3) Restart test:
[root@localhost conf.d]# systemctl restart httpd
http httpd achieve a simple function
2. virtual host configuration
(1) based on the IP address of the virtual host

[root@localhost /]# mkdir /data/html/{a,b} -pv
mkdir: created directory ‘/data/html’
mkdir: created directory ‘/data/html/a’
mkdir: created directory ‘/data/html/b’
[root@localhost /]# vim /data/html/a/index.html
<h1>hello a</h1>
[root@localhost /]# vim /data/html/b/index.html
<h1>hello b</h1>
[root@localhost conf.d]# vim vhost_ip.conf 
<VirtualHost 172.20.10.4:80>
    ServerName www.a.com
    DocumentRoot "/data/html/a/"
    <Directory "/data/html/a/">
        Options None
        AllowOverride None
        Require all granted
    </Directory>
</VirtualHost>
<VirtualHost 172.20.10.7:80>
    ServerName www.b.com
    DocumentRoot "/data/html/b/"
    <Directory "/data/html/b/">
        Options None
        AllowOverride None
        Require all granted
    </Directory>
</VirtualHost>

(2) based on the virtual host ports:

[root@localhost conf.d]# vim vhost_ip.conf 
Listen 8080
<VirtualHost 172.20.10.4:80>
    ServerName www.a.com
    DocumentRoot "/data/html/a/"
    <Directory "/data/html/a/">
        Options None
        AllowOverride None
        Require all granted
    </Directory>
</VirtualHost>
<VirtualHost 172.20.10.4:8080>
    ServerName www.b.com
    DocumentRoot "/data/html/b/"
    <Directory "/data/html/b/">
        Options None
        AllowOverride None
        Require all granted
    </Directory>
</VirtualHost>

(3) based on the FQDN of the virtual hosts:

[root@localhost conf.d]# vim vhost_ip.conf 
<VirtualHost 172.20.10.4:80>
    ServerName www.a.com
    DocumentRoot "/data/html/a/"
    <Directory "/data/html/a/">
        Options None
        AllowOverride None
        Require all granted
    </Directory>
</VirtualHost>
<VirtualHost 172.20.10.4:80>
    ServerName www.b.com
    DocumentRoot "/data/html/b/"
    <Directory "/data/html/b/">
        Options None
        AllowOverride None
        Require all granted
    </Directory>
</VirtualHost>

Note: FQDN based virtual host, if required in advance using the following instructions are httpd-2.2, is used: NameVirtualHost IP: PORT

3. To achieve HTTPS
[root@localhost conf.d]# yum install -y mod_ssl
(1) to build a private CA:

生成私钥;
~]# (umask 077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 4096)
生成自签证书;
~]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3655
-new:生成新证书签署请求;
-x509:生成自签格式证书,专用于创建私有CA时;
-key:生成请求时用到的私有文件路径;
-out:生成的请求文件路径;如果自签操作将直接生成签署过的证书;
-days:证书的有效时长,单位是day;
为CA提供所需的目录及文件;
~]# mkdir  -pv  /etc/pki/CA/{certs,crl,newcerts}
~]# touch  /etc/pki/CA/{serial,index.txt}
~]# echo  01 > /etc/pki/CA/serial

(2) server to use certificates for secure communication, you need to request CA-signed certificate

用到证书的主机生成私钥;
~]# mkdir  /etc/httpd/ssl 
~]# cd  /etc/httpd/ssl
~]# (umask  077; openssl  genrsa -out  /etc/httpd/ssl/httpd.key  2048)
生成证书签署请求
~]# openssl  req  -new  -key  /etc/httpd/ssl/httpd.key  -out /etc/httpd/ssl/httpd.csr  -days  365
在CA主机上签署证书;
~]# openssl ca  -in  /etc/httpd/ssl/httpd.csr  -out  /etc/pki/CA/certs/httpd.crt  -days  365
[root@localhost /]# vim /etc/httpd/conf.d/ssl.conf 
DocumentRoot "/data/html/b/"
ServerName www.b.com:443
SSLCertificateFile /etc/httpd/ssl/httpd.csr
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
<Directory "/data/html/b/">
    Options None
    AllowOverride None
    Require all granted
</Directory>

Guess you like

Origin blog.51cto.com/14418331/2443997
Recommended
Face Wall Intelligence releases the Eurux-8x22B open source large model - it can be called the "science champion"
Kaiyuan Daily | Google supports Hongmeng to take over; open source Rabbit R1; Android phones supported by Docker; Microsoft’s anxiety and ambition; Haier Electric shuts down the open platform
Ranking
Jianzhi offer interview questions 68-II. The nearest common ancestor of a binary tree (recursive)
jQuery Mobile development 1-UI components
Summary of Kotlin function knowledge
[ZZ] The Naked Truth About Anisotropic Filtering
Diagnosis: record a recovery of abnormal CRASH storage caused the database to be unable to be opened normally
Redis introduction and Linux installation Redis
Experiment 2 Introduction to switches
glances open source command-line system monitoring tools introduced
Use of selector
vue3 handwriting a carousel picture
Daily
More
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)

Code World

© 2018 codetd.com