Bowen directory
a visit Httpd service control
1, the client address restriction
2, user authorization restrictions
Second, build a virtual Web Host
Third, configure virtual hosting based on
four configuration-based virtual host IP addresses
five configuration is based on port numbers Web Hosting
First, the access control service Httpd
In order to better control access to the site resources. You can add access authorization for a particular Web site directories. Divided into client address restrictions, and user authorization restrictions, both access control methods are applied to the area within the range of directory httpd.conf configuration file.
1, the client address restriction
By Require configuration item, you can decide whether to allow the client access based on the host name or IP address of the host. In <Location> master configuration file httpd server, <Directory>, <Files>, the <Limit> Require configuration section can be used to control the client configuration item access. Form of address can be an IP address, network address, host name and domain name, represents any address using the name "all". Restriction policy common format is as follows:
- Require all granted: Permits access to all hosts.
- Require all denied: refused access to all hosts.
- Require local: represent only the local host access.
- Require [not] host <hostname or domain name list>: Indicates allow or deny access to specified hosts or domain.
- Require [not] ip <IP address or network segment list>: represents allow or deny access to specify the IP address or segment.
Or is the relationship between the configuration statements require the definition of restriction policy, with no more than not, that is a require any configuration statements can access, if that is not require configuration statement without, and appeared not require configuration with the statement, the relationship between the statement is, that while meeting all require configuration statements can access.
Specific configuration is as follows:
make a policy only allows for the host ip address 192.168.100.101 can access the contents of / usr / local / httpd / htdocs directory page, the strategy is as follows (enter the site after the main configuration file httpd.conf, at the end of input line mode / Directory, press the eNTER key to find the corresponding position):
<Directory "/usr/local/httpd/htdocs">
................ <!--省略部分内容-->
Require ip 192.168.100.101 <!--仅允许192.168.100.101的主机访问网站服务-->
</Directory>Configuration is complete restart the service, 192.168.100.101 client can be visited.
Conversely, when the need to use "denial only" restriction policies, and flexible use Require Require not configure the policy statement is set to refuse, prohibit only part of the host access. To placed <RequireALL> </ RequireALL> vessel, and assign the appropriate restriction policy in the container in use not block access.
Specific configuration is as follows:
<Directory "/usr/local/httpd/htdocs">
................ <!--省略部分内容-->
<RequireAll>
Require all granted
Require not ip 192.168.100.0/24 192.168.200.0/24 <!--拒绝100.0/24和200.0/24网段访问,允许其他任何主机访问-->
</RequireAll>
</Directory>You can also limit the following ways:
<Directory "/usr/local/httpd/htdocs">
................ <!--省略部分内容-->
Deny from 192.168.100.0/24 192.168.200.0/24 <!--拒绝100.0/24和200.0/24网段访问,允许其他任何主机访问-->
</Directory>2, user authorization restrictions
User-based access control authentication and authorization contains two processes is Apache allows you to specify a user using a user name and password to access a way that a particular resource. httpd server supports Digest Authentication (Digest) and basic authentication (Basic) in two ways. Use digest authentication, then you need to add "--enable-auth-digest" option before compiling http, but not all browsers support digest authentication, it is not recommended; and Basic Authentication is the basic function of the httpd service does not need special preconfigured options.
1) Create a user authentication data file
[root@centos01 ~]# /usr/local/httpd/bin/htpasswd -c /usr/local/httpd/htdocs/.password admin <!--#使用
htpasswd工具创建用户,该用户与系统用户无关,.password文件以.开头,表示为隐藏目录,该
目录默认不存在,所以要加-c选项,在以后需要添加用户时,不能加-c选项,
否则会覆盖原来的内容-->
New password: <!--输入密码-->
Re-type new password: <!--确认密码-->
Adding password for user admin <!--提示添加成功-->See if user adds:
[root@localhost httpd]# cd /usr/local/httpd/ <!--切换至网站安装根目录-->
[root@localhost httpd]# cat conf/.password
admin:oVc8B0TaIVv0s <!--用户admin的信息-->2) Modify the main Apache configuration file to load authentication
[root@centos01 ~]# vi /usr/local/httpd/conf/httpd.conf <!--编辑主配置文件-->
....... <!--此处省略部分内容-->
AuthName "Default" <!--定义访问域的名字-->
AuthType Basic <!--基本身份验证-->
AuthuserFile /usr/local/httpd/htdocs/.password <!--验证数据库位置-->
Require valid-user <!--经过账户密码验证的合法账户可以访问-->
</Directory>3) Restart apache service
[root @ centos01 ~] # systemctl restart httpd <-! Restart the httpd service ->
Client Access will prompt box appears, enter the account password to access, and to note that, when a user access authorization and access control and set the host, host access control settings take precedence effect. So during user licensing restrictions, you need to delete them require statement. Otherwise, the user access authorization will not take effect.
Second, build a virtual Web host
Virtual Web hosting refers to the run on the same server multiple Web sites, each site does not actually occupy the entire independent server, it is called a "virtual" Web host. Can make full use of hardware resources by virtual server Web hosting service, thus greatly reducing site construction and operating costs. Httpd can use to build virtual host server very easily, only need to run a httpd service will be able to simultaneously support a large number of Web sites. httpd web hosting support including what type of three types:
- Based domain: Use a different domain name for each virtual host, but its corresponding IP address is the same. This is the most widely used virtual Web host type.
Based domain: Use a different domain name for each virtual host, but its corresponding IP address is the same. This is the most widely used virtual Web host type.- Based on the IP address: Use a different domain name for each virtual host, and their corresponding IP address is not the same. This approach requires a server with multiple network interfaces, so the application is not very extensive.
- For each virtual host to use a different domain name, IP address to distinguish between different sites content, but uses a different TCP port number, so users need to specify the port number to access while browsing different virtual sites: Port-based.
Third, configure name-based virtual hosting
DNS build their own, if you can not understand the reference Bowen: CentOS7 simple set up DNS service
the following is not a detailed explanation.
1, provide for the virtual host domain name resolution
[root@centos01 ~]# vi /etc/named.conf <!--编辑主配置文件-->
options {
listen-on port 53 { 192.168.100.10;};
directory "/var/named";
allow-query { 192.168.100.0/24; };
};
zone "bdqn.com" IN {
type master;
file "bdqn.com.zone";
};
zone "benet.com" IN {
type master;
file "benet.com.zone";
};
[root@centos01 ~]# vi /var/named/bdqn.com.zone <!--编辑bdqn.com正向解析区域-->
$TTL 86400
@ SOA bdqn.com. root.bdqn.com(
2019081610
1H
15M
1W
1D
)
@ NS centos01.bdqn.com.
centos01 A 192.168.100.10
www A 192.168.100.10
[root@centos01 ~]# cp /var/named/bdqn.com.zone /var/named/benet.com.zone
[root@centos01 ~]# vi /var/named/benet.com.zone <!--编辑benet.com正向解析区域-->
TTL 86400
@ SOA benet.com. root.benet.com(
2019081610
1H
15M
1W
1D
)
@ NS centos01.benet.com.
centos01 A 192.168.100.10
www A 192.168.100.102, edit card
[root@centos01 ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens32 <!--编辑网卡-->
…… <!—省略部分内容-->
DNS1=192.168.100.10 <!--添加DNS-->
[root@centos01 ~]# systemctl restart network <!--重启网卡服务-->
[root@centos01 ~]# systemctl restart named <!--重启DNS服务-->3, the client resolve the domain name
4, the virtual machine is ready to Web documents
Ready to host websites and web documents directory for each virtual web. For testing purposes, separately for each virtual web hosts offer contains different page file:
[root@centos01 ~]# mkdir -p /var/www/
[root@centos01 ~]# mkdir -p /var/www/bdqn.com
[root@centos01 ~]# mkdir -p /var/www/benet.com
[root@centos01 ~]# echo "www.bdqn.com" > /var/www/bdqn.com/index.html
[root@centos01 ~]# echo "www.benet.com" > /var/www/benet.com/index.html5, modify the primary virtual host configuration file support
[root@centos01 ~]# vi /usr/local/httpd/conf/httpd.conf <!--编辑主配置文件-->
390 # Virtual hosts
391 Include conf/extra/httpd-vhosts.conf <!--删除该行前面的#号-->6, modify the virtual host access
[root@centos01 ~]# vim /usr/local/httpd/conf/extra/httpd-vhosts.conf <!--创建独立的配置文件-->
NameVirtualHost 192.168.100.10:8 <!--虚拟主机监听的IP地址,默认是*表示监听所有-->
<Directory "/var/www/"> <!--虚拟站点根目录-->
order deny,allow <!--先拒绝后允许访问-->
allow from all <!--允许所有人访问-->
</Directory>7, configure name-based virtual hosting
[root@centos01 ~]# vim /usr/local/httpd/conf/extra/httpd-vhosts.conf
NamevirtualHost www.bdqn.com:80 <!--监听域名-->
NamevirtualHost www.benet.com:80 <!--监听域名-->
<Directory "/var/www/">
order deny,allow
allow from all
</Directory>
<VirtualHost 192.168.100.10:80> <!--虚拟主机IP地址和端口号-->
DocumentRoot "/var/www/bdqn.com/" <!--网站根目录位置-->
ServerName www.bdqn.com <!--网站域名-->
ErrorLog "logs/www.bdqn.com.error_log" <!--错误日志-->
CustomLog "logs/www.bdqn.com.access_log" common <!--访问日志-->
</VirtualHost>
<VirtualHost 192.168.100.10:80> <!--参考以上注释-->
DocumentRoot "/var/www/benet.com/"
ServerName www.benet.com
ErrorLog "logs/www.benet.com.error_log"
CustomLog "logs/www.benet.com.access_log" common
</VirtualHost>
[root@centos01 ~]# systemctl restart httpd <!--重启httpd服务-->8, client access authentication
Fourth, the virtual host configuration based on IP addresses
1, a new copy of the card
[root@centos01 ~]# cp /etc/sysconfig/network-scripts/ifcfg-ens32 /etc/sysconfig/network-scripts/ifcfg-ens32:1
[root@centos01 network-scripts]# vim ifcfg-ens32:1 <!--编辑32:1网卡-->
...... <!--此处省略部分内容-->
NAME=ens32:1 <!--修改名字-->
DEVICE=ens32:1 <!--修改名字-->
ONBOOT=yes
IPADDR=192.168.100.20 <!--编辑IP地址-->
NATEMASK=255.255.255.0
DNS1=192.168.100.10 <!--添加DNS-->
[root@centos01 ~]# systemctl restart network <!--重启网卡服务-->2, configure the virtual host based on IP address
[root@centos01 ~]# vim /usr/local/httpd/conf/extra/httpd-vhosts.conf <!--创建独立配置文件-->
NamevirtualHost www.bdqn.com:80
NamevirtualHost www.benet.com:80
<Directory "/var/www/">
order deny,allow
allow from all
</Directory>
<VirtualHost 192.168.100.10:80> <!--bdqn.com是192.168.100.10-->
DocumentRoot "/var/www/bdqn.com/"
ServerName www.bdqn.com
ErrorLog "logs/www.bdqn.com.error_log"
CustomLog "logs/www.bdqn.com.access_log" common
</VirtualHost>
<VirtualHost 192.168.100.20:80> <!--benet.com是192.168.100.20-->
DocumentRoot "/var/www/benet.com/"
ServerName www.benet.com
ErrorLog "logs/www.benet.com.error_log"
CustomLog "logs/www.benet.com.access_log" common
</VirtualHost>
[root@centos01 ~]# systemctl restart httpd <!--重启Httpd服务-->3, client access authentication
5, configuration-based virtual host port numbers
1, the main configuration file modified Apache
[root@centos01 ~]# vi /usr/local/httpd/conf/httpd.conf <!-编辑主配置文件-->
40 Listen 80
41 Listen 8080 <!--添加8080端口号-->2, configure port-based virtual hosts
[root@centos01 ~]# vim /usr/local/httpd/conf/extra/httpd-vhosts.conf <!--创建独立配置文件-->
NamevirtualHost www.bdqn.com:80
NamevirtualHost www.benet.com:80
<Directory "/var/www/">
order deny,allow
allow from all
</Directory>
<VirtualHost 192.168.100.10:80> <!--bdqn.com是80端口-->
DocumentRoot "/var/www/bdqn.com/"
ServerName www.bdqn.com
ErrorLog "logs/www.bdqn.com.error_log"
CustomLog "logs/www.bdqn.com.access_log" common
</VirtualHost>
<VirtualHost 192.168.100.10:8080> <!--benet.com是8080端口-->
DocumentRoot "/var/www/benet.com/"
ServerName www.benet.com
ErrorLog "logs/www.benet.com.error_log"
CustomLog "logs/www.benet.com.access_log" common
</VirtualHost>
[root@centos01 ~]# systemctl restart httpd <!--重启httpd服务-->3, client access authentication
------ This concludes the article, thanks for reading ------