企业常用Centos 7.4 --虚拟主机基于域名,端口,IP,Apache访问控制

85407718 2019-10-23

企业常用Centos 7.4 --虚拟主机基于域名,端口,IP,Apache访问控制

构建虚拟主机

企业常用Centos 7.4 --虚拟主机基于域名,端口,IP,Apache访问控制

一共支持三种虚拟主机类型
企业常用的是第一种基于域名的虚拟主机
基于IP地址的虚拟主机,一台物理主机上需要两个网卡
基于端口的虚拟主机

构建虚拟主机之基于域名

环境需求:一台linux作为DNS和web服务器,一台WIN10客户端作为测试

在我们的Linux先装两个 软件包

[ ~]# yum install bind httpd -y
已安装:
  bind.x86_64 32:9.11.4-9.P2.el7       httpd.x86_64 0:2.4.6-90.el7.centos      

作为依赖被安装:
  apr.x86_64 0:1.4.8-5.el7                                                      
  apr-util.x86_64 0:1.5.2-6.el7                                                 
  bind-export-libs.x86_64 32:9.11.4-9.P2.el7                                    
  httpd-tools.x86_64 0:2.4.6-90.el7.centos                                      
  mailcap.noarch 0:2.1.41-2.el7                                                 

作为依赖被升级:
  bind-libs.x86_64 32:9.11.4-9.P2.el7                                           
  bind-libs-lite.x86_64 32:9.11.4-9.P2.el7                                      
  bind-license.noarch 32:9.11.4-9.P2.el7                                        
  bind-utils.x86_64 32:9.11.4-9.P2.el7                                          
  dhclient.x86_64 12:4.2.5-77.el7.centos                                        
  dhcp-common.x86_64 12:4.2.5-77.el7.centos                                     
  dhcp-libs.x86_64 12:4.2.5-77.el7.centos

配置DNS主配置文件

需要改两处
[ ~]# vim /etc/named.conf 
options {
        listen-on port 53 { any; };    //监听所有地址
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { any; };   //允许其他所有主机可以进行解析

配置DNS区域配置文件

我们加入两个需要解析的域名区域配置
在正向解析上复制5行
[ ~]# vim /etc/named.rfc1912.zones 
zone "accp.com" IN {    //你需要解析的域名
        type master;
        file "accp.com.zone";    //区域数据配置文件
        allow-update { none; };
};

zone "kgc" IN {
        type master;
        file "kgc.com.zone";
        allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {

配置DNS区域数据配置文件

[ ~]# cd /var/named/
[ named]# ls
data  dynamic  named.ca  named.empty  named.localhost  named.loopback  slaves
 [ named]# cp -p named.localhost accp.com.zone  //把模板复制到数据区域配置文件中
[ named]# vim accp.com.zone  //配置

$TTL 1D
@       IN SOA  @ rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      @
        A       127.0.0.1
www IN  A       192.168.136.136  //添加域名解析的地址

[ named]# cp -p accp.com.zone kgc.com.zone  
 //这个只要复制过来不需要过来,我们是基于不同的域名解析

开启服务

[ named]# systemctl stop firewalld.service
[ named]# setenforce 0
[ named]# systemctl start named

到win10客户端去测试能不能解析到地址

企业常用Centos 7.4 --虚拟主机基于域名,端口,IP,Apache访问控制

企业常用Centos 7.4 --虚拟主机基于域名,端口,IP,Apache访问控制

添加虚拟主机子配置文件,不要写在主配置文件中,系统加载会变慢。

[ named]# cd /etc/httpd/
[ httpd]# ls
conf  conf.d  conf.modules.d  logs  modules  run
[ httpd]# cd conf
[ conf]# ls
httpd.conf  magic
[ conf]# mkdir extra    //创建一个扩展的文件夹,里面放入子配置文件,方便我们以后管理
[ conf]# ls
extra  httpd.conf  magic
[ conf]# cd extra/

配置子配置文件

[ extra]# vim vhost.conf
<VirtualHost *:80>  //标签虚拟主机 ,*代表所有网络
  DocumentRoot "/var/www/html/accp/"  //指定站点
  ServerName www.accp.com  //定义域名
  ErrorLog "logs/www.accp.com.error_log"  //网址要有日志文件,错误日志文件
  Customlog "logs/www.accp.com.access_log" common  //访问日志文件
  <Directory "/var/www/html">  //站点需要设置权限,让所有网络能访问这个网页
        Require all granted
  </Directory>
</VirtualHost>  //结尾标签

<VirtualHost *:80>
  DocumentRoot "/var/www/html/kgc/"
  ServerName www.kgc.com
  ErrorLog "logs/www.kgc.com.error_log"
  Customlog "logs/www.kgc.com.access_log" common
  <Directory "/var/www/html">
        Require all granted
  </Directory>
</VirtualHost>
~

在站点下创建两个默认网页

[ httpd]# cd /var/www/html
[ html]# mkdier accp kgc  //创建两个站点目录
[ html]# mkdir accp kgc
[ html]# ls
accp  kgc
[ html]# cd accp
[ accp]# vim index.html  //编辑网页写入内容

h1>this is accp web</h1>
[ accp]# cd ../kgc/
[ kgc]# vim index.html

<h1>this is kgc web</h1>

在主配置文件中调用子配置文件

[ kgc]# cd /etc/httpd/
[ httpd]# cd conf
[ conf]# ls
extra  httpd.conf  magic
[ conf]# vim httpd.conf

#Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf
Include conf/extra/vhost.conf   //调用子配置文件

启用web服务,并去win10客户端去测试能不能基于不同域名获得网页

企业常用Centos 7.4 --虚拟主机基于域名,端口,IP,Apache访问控制
企业常用Centos 7.4 --虚拟主机基于域名,端口,IP,Apache访问控制

虚拟主机之基于端口

子配置文件中在创建一个基于端口的虚拟主机

[ conf]# cd extra/
[ extra]# vim vhost.conf 

 22 <VirtualHost *:8080>  //端口加上8080
 23   DocumentRoot "/var/www/html/kgc.port/"
 24   ServerName www.kgc.port.com
 25   ErrorLog "logs/www.kgc.port.com.error_log"
 26   Customlog "logs/www.kgc.port.com.access_log" common
 27   <Directory "/var/www/html">
 28         Require all granted
 29   </Directory>
 30 </VirtualHost>

到站点目录下,做一个端口的默认网页

[ extra]# cd /var/www/html/
[ html]# ls
accp  kgc
[ html]# mkdir kgc.port
[ html]# cd kgc.port/
[ kgc.port]# vim index.html

<h1>this is kgc.port web</h1>
~

在主配置文件中开启加入个监听地址

[ kgc.port]# vim /etc/httpd/conf/httpd.conf 

Listen 192.168.136.136:80
Listen 192.168.136.136:8080
#Listen 80

开启服务,查看端口有没有被提供出来

[ kgc.port]# systemctl restart httpd
[ kgc.port]# netstat -ntap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd           
tcp        0      0 192.168.136.136:8080    0.0.0.0:*               LISTEN      59009/httpd         
tcp        0      0 192.168.136.136:80      0.0.0.0:*               LISTEN

用客户端win10测试基于端口的不同访问网页

企业常用Centos 7.4 --虚拟主机基于域名,端口,IP,Apache访问控制

80端口还是原来的网页

企业常用Centos 7.4 --虚拟主机基于域名,端口,IP,Apache访问控制

虚拟主机之基于IP

添加一块网卡

企业常用Centos 7.4 --虚拟主机基于域名,端口,IP,Apache访问控制

[ ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.136.136  netmask 255.255.255.0  broadcast 192.168.136.255
        inet6 fe80::e3c7:14af:6e4d:7216  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:c9:dd:05  txqueuelen 1000  (Ethernet)
        RX packets 101  bytes 10639 (10.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 113  bytes 12291 (12.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens36: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.136.138  netmask 255.255.255.0  broadcast 192.168.136.255
        inet6 fe80::658e:4c2d:2273:9cf5  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:c9:dd:0f  txqueuelen 1000  (Ethernet)
        RX packets 108  bytes 14566 (14.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 42  bytes 5695 (5.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

到子配置文件中开始配置

[ ~]# cd /etc/httpd/conf/extra/
[ extra]# ls
vhost.conf
[ extra]# vim vhost.conf

企业常用Centos 7.4 --虚拟主机基于域名,端口,IP,Apache访问控制

<VirtualHost 192.168.136.138:80>  //“*”改成第二块网卡的地址
  DocumentRoot "/var/www/html/accp/"
  ErrorLog "logs/www.accp.com.error_log"
  Customlog "logs/www.accp.com.access_log" common
  <Directory "/var/www/html">
        Require all granted
  </Directory>
</VirtualHost>
 
 
<VirtualHost 192.168.136.136:80>  //改成第一块网卡的地址
  DocumentRoot "/var/www/html/accp02/"  //重新在站点下写一个网页
  ErrorLog "logs/www.accp02.com.error_log"
  Customlog "logs/www.accp02.com.access_log" common
  <Directory "/var/www/html">
        Require all granted
  </Directory>
</VirtualHost>

到站点下创建一个网页内容

[ extra]# cd /var/www/html/
[ html]# mkdir accp02
[ html]# cd accp02
[ accp02]# vim index.html

<h1>this is 136 accp02 web</h1>
~                                                                                
~                                                                                
~                               

[ accp02]# vim ../accp/index.html 
<h1>this is 128 accp web</h1>
~                                                                                
~                                                                                
~

在主配置文件中增加监听138的地址,开启服务

#prevent Apache from glomming onto all bound IP addresses.
Listen 192.168.136.136:80
Listen 192.168.136.138:80
#Listen 192.168.136.136:8080
#Listen 80

[ extra]# systemctl status httpd

去客户端测试一下,记得我们之前给客户端指定的dns解析地址弄到自动获取,不然你的客户端无法上网,无法访问网址

企业常用Centos 7.4 --虚拟主机基于域名,端口,IP,Apache访问控制企业常用Centos 7.4 --虚拟主机基于域名,端口,IP,Apache访问控制

Aapache访问权限控制(客户机权限控制)

企业常用Centos 7.4 --虚拟主机基于域名,端口,IP,Apache访问控制

到子配置文件,也叫容器,当中做客户机访问权限控制,像当于黑白名单,这个容器,系统的所有命令都会去实现,不会像ACL访问控制列表从上到下逐条匹配识别命令。

[ ~]# cd /etc/httpd/conf/extra/
[ extra]# ls
vhost.conf
[ extra]# vim vhost.conf 

<VirtualHost 192.168.136.138:80>
  DocumentRoot "/var/www/html/accp/"
  ErrorLog "logs/www.accp.com.error_log"
  Customlog "logs/www.accp.com.access_log" common
  <Directory "/var/www/html">
        <RequireAll>   //要加入子容器的标签
          Require not ip 192.168.136.137  //拒绝这个地址访问,也可以拒绝网段比如 Require not ip 192.168.136.0/24
          Require all granted
        </RequireAll>  //结尾标签
  </Directory>
</VirtualHost>
[ extra]# systemctl restart httpd  //重启服务

到客户端去测试一下

因为做了访问控制所以,只能访问web服务的默认网站

企业常用Centos 7.4 --虚拟主机基于域名,端口,IP,Apache访问控制

用户登录访问控制

[ extra]# cd /etc/httpd/conf  
[ conf]# htpasswd -c /etc/httpd/conf/pwd chen01 //创建一个chen01用户,放在路径底下,起个名字pwd. htpasswd:用YUM安装直接可以使用,如果手工编译安装,要把这个命令加到/usr/local/bin系统识别的命令底下。
New password:   //输入你的密码
Re-type new password:   //重复输入
Adding password for user chen01
[ conf]# ls
extra  httpd.conf  magic  pwd
[ conf]# cat pwd
chen01:$apr1$lOLJMVUo$EZ7qupc1bHN3k38OUw/1F.
[ conf]# htpasswd /etc/httpd/conf/pwd chen02  //如果这个目录已存在,就不要加-c了
New password: 
Re-type new password: 
Adding password for user chen02
[ conf]# cat pwd
chen01:$apr1$lOLJMVUo$EZ7qupc1bHN3k38OUw/1F.
chen02:$apr1$5cbb6tpU$mt5EZG/8y7qXhyi1Pz2Lk1
[ conf]#

添加到容器当中指定某个IP用户登录访问控制

[ extra]# vim vhost.conf 

<VirtualHost 192.168.136.136:80>
  DocumentRoot "/var/www/html/accp02/"
  ErrorLog "logs/www.accp02.com.error_log"
  Customlog "logs/www.accp02.com.access_log" common
  <Directory "/var/www/html">
        AuthName "DocumentRoot"  //声明信息
        AuthType Basic  //验证类型为基本验证
        AuthUserFile /etc/httpd/conf/pwd //验证文件,目录位置
        Require valid-user  //授权给用户登录
  </Directory>
</VirtualHost>
[ extra]# systemctl restart httpd

去客户机测试一下用户登录访问控制

企业常用Centos 7.4 --虚拟主机基于域名,端口,IP,Apache访问控制企业常用Centos 7.4 --虚拟主机基于域名,端口,IP,Apache访问控制

以上就是我们所有的内容了,谢谢大家收看

相关推荐

ChinaWin / 0评论 2013-07-29