使用httpd-2.2和httpd-2.4实现指定httpd服务

使用httpd-2.2和httpd-2.4实现指定httpd服务

分别使用7实现CentOS 6 实现另一台提供颁发CA认证和测试服务要求先关闭三台虚拟机的iptables selinux三台机器yum安装mod_ssl

CentOS 6 ip 172.16.55.6

CentOS 7 ip 172.16.55.7

CA方加测试 ip 172.16.55.11

第一小题

=========================

CentOS 6上提供的install-y 172.16.55.6:80>

ServerName /data/vhosts/logs/logs/combined

vim /etc/172.16.55.6:80>

ServerName /data/vhosts/logs/logs/combined

在创建网站信息

mkdir /data/vhosts//data/vhosts//data/chosts//etc/hosts

添加 172.16.55.6 -ntl

ps aux

重启服务，然后在浏览器中检查172.16.55.7是否能解析

CentOS 7上提供的install-y 172.16.55.7:80>

ServerName /data/vhosts/logs/combined

vim /etc/172.16.55.6:80>

ServerName /data/vhosts/logs/combined

在创建网站信息

mkdir /data/vhosts//data/vhosts//data/chosts//etc/hosts

添加 172.16.55.7 -ntl

ps aux

重启服务，然后在浏览器中检查172.16.55.7是否能解析

第二题

============================

ip为172.16.55.6的CentOS 6上

先添加一个tom的虚拟用户

htpasswd -c -m /etc//etc/172.16.55.6:80>

ServerName /data/vhosts/logs/logs/combined

    SetHandler server-status    AuthType basic    AuthName "For tom"    AuthUserFile "/etc/ Require user tom

语法检查后无误后，重载服务配置

-t                              service reload

在浏览器这种输入172.16.55.6/server-status

如下图，只有输入账户tom的账户密码才可访问

ip为172.16.55.7的CentOS 7上

先添加一个tom的虚拟用户

htpasswd -c -m /etc//server-status>    SetHandler server-status    AuthType basic    AuthName "For tom"    AuthUserFile "/etc/ Require user tom

语法检查后无误后，重载服务配置

-t                              service reload

在浏览器这种输入172.16.55.7/server-status

如图，只有输入账户tom的账户密码才可访问

第二题3小问

先在CentOS6上面做该操作

/etc/172.16.55.6:80>

ServerName /data/vhosts//data/vhosts/ AllowOverride None    Order deny,allow

Denyfrom 192.16.0.0/24    

CentOS 7 上操作相同

第三da题

=====172.16.55.11=====

先创建公钥，颁发CA证书

yum install -y mod_ssl

cd /etc/pki/CA

(umask 077;openssl genrsa -outprivate/cakey.pem 2048)

openssl req -new -x509 -keyprivate/cakey.pem -out cacert.pem

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name)[]:beijing

Locality Name (eg, city) [DefaultCity]:beijing

Organization Name (eg, company) [DefaultCompany Ltd]:magedu

Organizational Unit Name (eg, section)[]:ops

Common Name (eg, your name or your server'shostname) []:ca.magedu.com

Email Address []:magedu@admin.com

创建补充文件

touch index.txt

echo 01> serial

然后在CentOS 6 上创建私钥

mkdir -pv /etc//etc/077; openssl genrsa -out1024)

openssl req -new -key -out Name (2 letter code) [XX]:CN

State or Province Name (full name)[]:beijing

Locality Name (eg, city) [DefaultCity]:beijing

Organization Name (eg, company) [DefaultCompany Ltd]:magedu

Organizational Unit Name (eg, section)[]:ops

Common Name (eg, your name or yourserver's hostname) []:Address []:172.16.55.11:/tmp

然后在切换到172.16.55.11 CA上面签发证书

cd /etc/pki/CA

openssl ca -in /tmp/-out/etc/pki/CA/certs/configuration from /etc/pki/tls/openssl.cnf

Check that the request matches thesignature

Signature ok

Certificate Details:

Serial Number: 1 (0x1)

Validity

Not Before: Jul 24 04:54:15 2016GMT

Not After : Jul 24 04:54:15 2017GMT

Subject:

countryName               = CN

stateOrProvinceName       = beijing

organizationName          = magedu

organizationalUnitName    = ops

commonName                = = extensions:

X509v3 Basic Constraints:

CA:FALSE

Netscape Comment:

OpenSSL Generated Certificate

X509v3 Subject Key Identifier:

2B:D6:FF:8B:84:2D:33:FD:48:8A:EC:A5:80:63:67:46:F5:D5:54:12

X509v3 Authority Key Identifier:

keyid:F2:32:D8:C5:E6:D9:04:B8:46:38:8D:D7:32:2B:E6:D5:90:56:3D:A1

Certificate is to be certified until Jul24 04:54:15 2017 GMT (365 days)

Sign the certificate? [y/n]:y

1 out of 1 certificate requestscertified, commit? [y/n]y

Write out database with 1 new entries

Data Base Updated

把签署好的证书发还给请求者。scp /certs/172.16.55.6:/etc//etc/_default_:443>

DocumentRoot "/data/vhosts//etc//etc/7 上面的操作过程和6的基本一致

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。