配置文件:/etc/httpd/conf/httpd.conf
|
1
2
3
|
<IfModule dir_module>
DirectoryIndex index.html text.html
#此处会优先读取前面一个文件。如果index文件不存在,就读取text文件。如果都没有,显示测试页 </IfModule>
|
/etc/httpd/conf.d/*.conf conf.d目录下的所有conf文件
虚拟主机
基于主机名:
|
1
2
3
4
|
<VirtualHost *:80>
ServerName localhost.localdomain
DocumentRoot
/var/www/local
<
/VirtualHost
>
|
添加字段,控制文件访问权限:
创建2个用户(不是系统用户,是访问html的用户)
httpd-manual里面 Authentication and Authorization 中有
|
1
2
3
4
5
6
7
8
9
10
11
|
[root@localhost conf]
# htpasswd -c /etc/httpd/.htpasswd user1
New password:
Re-
type
new password:
Adding password
for
user user1
[root@localhost conf]
# htpasswd /etc/httpd/.htpasswd user2
New password:
Re-
type
new password:
Adding password
for
user user2
[root@localhost conf]
# cat /etc/httpd/.htpasswd
user1:$apr1$
/HcTzDUm
$16tL9pldhS4YV7i1E6GKU0
user2:$apr1$qTaxMLFd$1YtqCEglB1e5lNyjUbuec1
|
|
1
2
3
4
5
6
7
8
9
10
11
|
<VirtualHost *:80>
ServerName localhost.localdomain
DocumentRoot
/var/www/local
<Directory
/var/www/local
>
AuthType basic
AuthName
"Please Input Your Name&Passwd!"
AuthUserFile
/etc/httpd/
.htpasswd
Require user user1
#只有user1能访问
Require valid-user
#.htpasswd中的用户都能访问
<
/Directory
>
<
/VirtualHost
>
|
以索引的方式显示文件,并且可以显示链接文件
Mapping URLs to the Filesystem 手册中有
|
1
2
3
|
<Directory
/var/www/local/file
>
Options Indexes FollowSymlinks
<
/Directory
>
|
|
1
|
Options -Indexes -FollowSymlinks
#要关闭功能在前面加上-
|
添加IP限制
Access Control 手册
|
1
2
3
4
5
|
<Directory
/var/www/local/allow
>
Order allow,deny
##后面的优先级高!!如果allow在后面,allow的优先级高
allow from 10.42.1.0
/24
deny from 10.42.1.14
<
/Directory
>
|
https
默认端口:443
安装包:mod_ssl
ssl的配置文件
/etc/httpd/conf.d/ssl.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
Listen 443
<VirtualHost *:443>
ServerName localhost.localdomain
DocumentRoot
/var/www/ssl
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile
/etc/pki/tls/certs/localhost
.crt
#服务端的证书
SSLCertificateKeyFile
/etc/pki/tls/private/localhost
.key
#服务端的私钥
SSLCACertificateFile
/etc/pki/tls/certs/ca-bundle
.crt
#CA的证书
<
/VirtualHost
>
|
不要CA的证书,自己签名
|
1
2
3
4
5
6
|
[root@localhost certs]
# ls
ca-bundle.crt localhost.crt Makefile
ca-bundle.trust.crt
make
-dummy-cert renew-dummy-cert
[root@localhost certs]
# pwd
/etc/pki/tls/certs
[root@localhost certs]
# make chomper.crt
|
这个命令是指生成一个自签的证书,自己给自己签名。
用此种方式restart服务的时候需要输入私钥的密码。
生成一个私钥(需要输入密码),
生成一个公钥(证书)(需要输入私钥的密码)。
然后填写证书的信息(#主机名#)
|
1
2
3
4
5
6
7
8
9
10
11
|
Listen 443
SSLPassPhraseDialog
exec
:
/usr/libexec/httpd-ssl-pass-dialog
<VirtualHost *:443>
ServerName www.chomper.com
DocumentRoot
/var/www/ssl
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile
/etc/pki/tls/certs/chomper
.crt
SSLCertificateKeyFile
/etc/pki/tls/private/chomper
.key
<
/VirtualHost
>
|
安装包 mod_wsgi
|
1
2
3
4
5
|
<VirtualHost *:80>
ServerName localhost.localdomain
DocumentRoot
/var/www/ssl
WSGIScriptAlias /
/var/www/ssl/webapp
.wsgi
<
/VirtualHost
>
|
基于端口的虚拟主机:添加8899端口
|
1
2
3
4
5
|
Listen 8899
<VirtualHost *:8899>
ServerName www.chomper.com
DocumentRoot
/var/www/ssl
<
/VirtualHost
>
|
|
1
2
3
4
5
6
7
|
[root@localhost conf.d]
# semanage port -l | grep http
http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
http_cache_port_t udp 3130
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
[root@localhost conf.d]
# semanage port -a -t http_port_t -p tcp 8899
|
|
1
2
3
4
5
6
|
[root@localhost conf.d]
# semanage port -l | grep http
http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
http_cache_port_t udp 3130
http_port_t tcp 8899, 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
|
本文转自 chomperwu 51CTO博客,原文链接:http://blog.51cto.com/chomper/1696832,如需转载请自行联系原作者
