content
1. Set up web services to implement multiple virtual hosts
2. Host-based access control
3. User-based access control
1. Set up web services to implement multiple virtual hosts
www.xiaoming.com
RHEL6 httpd-2.2.15 RHEL7 httpd-2.4.6-
The key configurations are as follows:
To use the virtual host feature, you need to turn on the following parameters, simply remove the #before the option in the main configuration file.
NameVirtualHost *:80
Create Virtual Host
< VirtualHost *:80>
Site Root Location
DocumentRoot /var/www/test123.com
Virtual Host Name
ServerName www.test123.com
Error log storage location
ErrorLog logs/test123.com-error_log
Access log storage location
CustomLog logs/test123.com-access_log common
< /VirtualHost>==========
Detailed steps:
[root@rhel6 conf.d]# rpm -q httpd
httpd-2.2.15-29.el6_4.x86_64
[root@rhel6 ~]# yum install -y elinks
[root@rhel6 ~]# vim /etc/httpd/conf/httpd.conf
[root@rhel6 ~]# cd /etc/httpd/conf.d
[root@rhel6 conf.d]# ls
mod_dnssd.conf README welcome.conf
[root@rhel6 conf.d]# vim test123.conf
[root@rhel6 conf.d]# mkdir /var/www/test123.com
[root@rhel6 conf.d]# echo this is www.test123.com > /var/www/test123.com/index.html
[root@rhel6 conf.d]# cp test123.conf xiaoming.conf
[root@rhel6 conf.d]# vim xiaoming.conf
[root@rhel6 conf.d]# mkdir /var/www/xiaoming.com
[root@rhel6 conf.d]# echo this is www.xiaoming.com > /var/www/xiaoming.com/index.html
[root@rhel6 conf.d]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: httpd: apr_sockaddr_info_get() failed for rhel6
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[ OK ]
[root@rhel6 conf.d]# vim /etc/hosts
[root@rhel6 conf.d]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.0.11 www.test123.com
172.25.0.11 www.xiaoming.com
[root@rhel6 conf.d]# links www.test123.com
[root@rhel6 conf.d]# links www.xiaoming.com
2. Project requirements: Host-based access control
Allow all hosts to access www.test123.com except 172.25.0.10
<Directory "/var/www/test123.com">
Order allow,deny
Allow from all
Deny from 172.25.0.10
</Directory>The Order parameter implements host access control, allows front allows who can access, all represents all hosts
deny from does not allow access to anyone. 172.25.0.10 is the ip address of a host that needs to be disabled. If you want to follow more than one host, you can split it with spaces.
Note that host access control is implemented for directories
Detailed steps
[root@rhel6 conf.d]# vim test123.conf
<VirtualHost *:80>
DocumentRoot /var/www/test123.com
ServerName www.test123.com
ErrorLog logs/test123.com-error_log
CustomLog logs/test123.com-access_log common
</VirtualHost>
<Directory "/var/www/test123.com">
Order allow,deny
Allow from all
Deny from 172.25.0.10
</Directory>[root@rhel6 conf.d]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: httpd: apr_sockaddr_info_get() failed for rhel6
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[ OK ]1. Create a subdirectory at the root of the site
2. Set host access control for subdirectories
3. Testing
[root@rhel6 ~]# cd /var/www
[root@rhel6 www]# ll
total 24
drwxr-xr-x. 2 root root 4096 Aug 2 2013 cgi-bin
drwxr-xr-x. 3 root root 4096 Jul 2 2015 error
drwxr-xr-x. 2 root root 4096 Sep 28 10:18 html
drwxr-xr-x. 3 root root 4096 Jul 2 2015 icons
drwxr-xr-x. 2 root root 4096 Sep 28 10:40 test123.com
drwxr-xr-x. 2 root root 4096 Sep 28 10:42 xiaoming.com
[root@rhel6 www]# cd test123.com/
[root@rhel6 test123.com]# mkdir test
[root@rhel6 test123.com]# touch test/file{1..10}
[root@rhel6 test123.com]# ll
total 8
-rw-r--r--. 1 root root 26 Sep 28 10:40 index.html
drwxr-xr-x. 2 root root 4096 Sep 28 11:30 test
[root@rhel6 conf.d]# vim test123.conf
<VirtualHost *:80>
DocumentRoot /var/www/test123.com
ServerName www.test123.com
ErrorLog logs/test123.com-error_log
CustomLog logs/test123.com-access_log common
</VirtualHost>
<Directory "/var/www/test123.com">
Order allow,deny
Allow from all
Deny from 172.25.0.10
</Directory>
*For subdirectories test Host access control done*
<Directory "/var/www/test123.com/test">
Options Indexes
Order allow,deny
Allow from all
</Directory>
[root@rhel6 conf.d]# service httpd reload
Reloading httpd: test
rhel7 is tested as a client
[root@rhel7 ~]# links www.test123.com
Test Page for the Apache HTTP Server on Red Hat Enterprise Linux (1/2)
Red Hat Enterprise Linux Test Page
This page is used to test the proper operation of the Apache HTTP server after it has been installed. If
you can read this page, it means that the Apache HTTP server installed at this site is working properly.
──────────────────────────────────────────────────────────────────────────────────────────────────────────
If you are a member of the general public:
The fact that you are seeing this page indicates that the website you just visited is either experiencing
problems, or is undergoing routine maintenance.
If you would like to let the a ┌──────────────────────────────────────┐ seen this page instead of the
page you expected, you should │ │ name "webmaster" and directed
to the website's domain should │ Do you really want to exit ELinks? │
│ │
For example, if you experience │ [ Yes ] [ No ] │ should send e-mail to
"webmaster@example.com". └──────────────────────────────────────┘
For information on Red Hat Enterprise Linux, please visit the Red Hat, Inc. website. The documentation for
Red Hat Enterprise Linux is available on the Red Hat, Inc. website.
──────────────────────────────────────────────────────────────────────────────────────────────────────────
If you are the website administrator:
You may now add content to the directory /var/www/html/. Note that until you do so, people visiting your
website will see this page, and not your content. To prevent this page from ever being used, follow the
instructions in the file /etc/httpd/conf.d/welcome.conf.
You are free to use the image below on web sites powered by the Apache HTTP Server:
http://www.redhat.com/ [------]
[root@rhel7 ~]# links www.test123.com/test
Index of /test
Index of /test
[ICO] Name Last modified Size Description
─────────────────────────────────────────────────────────
[DIR] Parent Directory -
[TXT] file1 28-Sep-2016 11:30 0
[TXT] file2 28-Sep-2016 11:30 0
[TXT] file3 28-Sep-2016 11:30 0
[TXT] file4 28-Sep-2016 11:30 0
[TXT] file5 28-Sep-2016 11:30 0
[TXT] file6 28-Sep-2016 11:30 0
[TXT] file7 28-Sep-
[TXT] file8 28-Sep- ┌──────────────────────────────────────┐
[TXT] file9 28-Sep- │ │
[TXT] file10 28-Sep- │ Do you really want to exit ELinks? │
────────────────────────────── │ │
│ [ Yes ] [ No ] │
Apache/2.2.15 (Red Hat) Serve └──────────────────────────────────────┘
Image http://www.test123.com/icons/blank.gif =================================
3. Project requirements, based on user access control ~~~~~~~~~~~~~~~~~~~~~~~~~~
Set user and password jack and tom passwords for www.test123.com/test are both test123
1) Modify the configuration file to add user authentication related configurations
2) Create user and password through htpasswd
3) Restart Services
4) Client testing
Detailed steps:
[root@rhel6 ~]# vim /etc/httpd/conf.d/test123.conf
<Directory "/var/www/test123.com/test">
Options Indexes MultiViews FollowSymLinks
AllowOverride AuthConfig
#Only web authentication (account password) can be overridden;
AuthName "student"
#The Prompt Character appears in the dialog window where you are asked to enter your account number and password
AuthType basic
# Type of authentication
AuthUserFile "/etc/httpd/test"
# Account password profile used by this directory
Require valid-user
# Following is the available account, where users in the password file can log in
Order allow,deny
Allow from all
</Directory>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[root@rhel6 conf.d]# htpasswd -cmb /etc/httpd/test tom test123
Adding password for user tom
[root@rhel6 conf.d]# htpasswd -mb /etc/httpd/test jack test123
Adding password for user jack
[root@rhel6 conf.d]# cat /etc/httpd/test
tom:$apr1$ODWlTN5b$BspUhjoyT6RexJGv7aqaL/
jack:$apr1$kx5gyFtP$eEnmSGfSOJxzuK7g/frPd/
[root@rhel6 conf.d]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: httpd: apr_sockaddr_info_get() failed for rhel6
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[ OK ]htpasswd Create Web User Authenticated User Name and Password Tool
-c Create a new file to save the username and password
-m adds secrets via md5
-b Display the password in the terminal line
The first time you create a use-c parameter, you no longer need to use the-c parameter when a test file already exists
#Note that the file specified in the configuration file through AuthUserFile must match the file name you created with htpasswd'/etc/httpd/test'Comprehensive projects:
Set up two virtual hosts via APACHE www.batmanX.com www.supermanX.com
Requirement
1. User authentication is required when accessing the web address www.batmanX.com/justice. User batman, password test123 can be accessed
2.When accessing the web address www.supermanX.com, only 172.25.0.10 is allowed, and no other hosts are allowed