本文共 3682 字,大约阅读时间需要 12 分钟。
配置文件:/etc/httpd/conf/httpd.conf
| 1 2 3 | <IfModule dir_module> DirectoryIndex index.html text.html #此处会优先读取前面一个文件。如果index文件不存在,就读取text文件。如果都没有,显示测试页 </IfModule> |
/etc/httpd/conf.d/*.conf conf.d目录下的所有conf文件
虚拟主机
基于主机名:
| 1 2 3 4 | <VirtualHost *:80> ServerName localhost.localdomain DocumentRoot /var/www/local < /VirtualHost > |
添加字段,控制文件访问权限:
创建2个用户(不是系统用户,是访问html的用户)
httpd-manual里面 Authentication and Authorization 中有
| 1 2 3 4 5 6 7 8 9 10 11 | [root@localhost conf] # htpasswd -c /etc/httpd/.htpasswd user1 New password: Re- type new password: Adding password for user user1 [root@localhost conf] # htpasswd /etc/httpd/.htpasswd user2 New password: Re- type new password: Adding password for user user2 [root@localhost conf] # cat /etc/httpd/.htpasswd user1:$apr1$ /HcTzDUm $16tL9pldhS4YV7i1E6GKU0 user2:$apr1$qTaxMLFd$1YtqCEglB1e5lNyjUbuec1 |
| 1 2 3 4 5 6 7 8 9 10 11 | <VirtualHost *:80> ServerName localhost.localdomain DocumentRoot /var/www/local <Directory /var/www/local > AuthType basic AuthName "Please Input Your Name&Passwd!" AuthUserFile /etc/httpd/ .htpasswd Require user user1 #只有user1能访问 Require valid-user #.htpasswd中的用户都能访问 < /Directory > < /VirtualHost > |
以索引的方式显示文件,并且可以显示链接文件
Mapping URLs to the Filesystem 手册中有
| 1 2 3 | <Directory /var/www/local/file > Options Indexes FollowSymlinks < /Directory > |
| 1 | Options -Indexes -FollowSymlinks #要关闭功能在前面加上- |
添加IP限制
Access Control 手册
| 1 2 3 4 5 | <Directory /var/www/local/allow > Order allow,deny ##后面的优先级高!!如果allow在后面,allow的优先级高 allow from 10.42.1.0 /24 deny from 10.42.1.14 < /Directory > |
https
默认端口:443
安装包:mod_ssl
ssl的配置文件
/etc/httpd/conf.d/ssl.conf
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 | Listen 443 <VirtualHost *:443> ServerName localhost.localdomain DocumentRoot /var/www/ssl SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLCertificateFile /etc/pki/tls/certs/localhost .crt #服务端的证书 SSLCertificateKeyFile /etc/pki/tls/private/localhost .key #服务端的私钥 SSLCACertificateFile /etc/pki/tls/certs/ca-bundle .crt #CA的证书 < /VirtualHost > |
不要CA的证书,自己签名
| 1 2 3 4 5 6 | [root@localhost certs] # ls ca-bundle.crt localhost.crt Makefile ca-bundle.trust.crt make -dummy-cert renew-dummy-cert [root@localhost certs] # pwd /etc/pki/tls/certs [root@localhost certs] # make chomper.crt |
这个命令是指生成一个自签的证书,自己给自己签名。
用此种方式restart服务的时候需要输入私钥的密码。
生成一个私钥(需要输入密码),
生成一个公钥(证书)(需要输入私钥的密码)。
然后填写证书的信息(#主机名#)
| 1 2 3 4 5 6 7 8 9 10 11 | Listen 443 SSLPassPhraseDialog exec : /usr/libexec/httpd-ssl-pass-dialog <VirtualHost *:443> ServerName www.chomper.com DocumentRoot /var/www/ssl SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLCertificateFile /etc/pki/tls/certs/chomper .crt SSLCertificateKeyFile /etc/pki/tls/private/chomper .key < /VirtualHost > |
安装包 mod_wsgi
| 1 2 3 4 5 | <VirtualHost *:80> ServerName localhost.localdomain DocumentRoot /var/www/ssl WSGIScriptAlias / /var/www/ssl/webapp .wsgi < /VirtualHost > |
基于端口的虚拟主机:添加8899端口
| 1 2 3 4 5 | Listen 8899 <VirtualHost *:8899> ServerName www.chomper.com DocumentRoot /var/www/ssl < /VirtualHost > |
| 1 2 3 4 5 6 7 | [root@localhost conf.d] # semanage port -l | grep http http_cache_port_t tcp 8080, 8118, 8123, 10001-10010 http_cache_port_t udp 3130 http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000 pegasus_http_port_t tcp 5988 pegasus_https_port_t tcp 5989 [root@localhost conf.d] # semanage port -a -t http_port_t -p tcp 8899 |
| 1 2 3 4 5 6 | [root@localhost conf.d] # semanage port -l | grep http http_cache_port_t tcp 8080, 8118, 8123, 10001-10010 http_cache_port_t udp 3130 http_port_t tcp 8899, 80, 81, 443, 488, 8008, 8009, 8443, 9000 pegasus_http_port_t tcp 5988 pegasus_https_port_t tcp 5989 |
本文转自 chomperwu 51CTO博客,原文链接:http://blog.51cto.com/chomper/1696832,如需转载请自行联系原作者