4、建立httpd服务器(基于编译的方式进行),要求: 提供两个基于名称的虚拟主机: (a)www1.stuX.com,页面文件目录为/web/vhosts/www1;错误日志为/var/log/httpd/www1.err,访问日志为/var/log/httpd/www1.access; (b)www2.stuX.com,页面文件目录为/web/vhosts/www2;错误日志为/var/log/httpd/www2.err,访问日志为/var/log/httpd/www2.access; (c)为两个虚拟主机建立各自的主页文件index.html,内容分别为其对应的主机名; (d)通过www1.stuX.com/server-status输出httpd工作状态相关信息,且只允许提供帐号密码才能访问(status:status); 启用虚拟主机需要将中心主机禁用: 并启用:NameVirtualHost *:80 这里实验出现一点问题,在DocumentRoot中的文件路径修改的时候,Directory没有进行更改,在给出没有确定网址的时候,会跳转至系统默认的欢迎页面,这里需要注意的是:Directory在全局定义的时候对虚拟主机是不生效的,需要在虚拟主机中重新进行定义; 现在基本配置完成: <VirtualHost 172.16.0.3:80> ServerName www1.stuX.com DocumentRoot "/wanghongkai/web1/host" ErrorLog "/var/log/www1.err" CustomLog "/var/log/www1.access" common </VirtualHost> <VirtualHost 172.16.0.3:80> ServerName www2.stuX.com DocumentRoot "/wanghongkai/web2/host" ErrorLog "/var/log/www1.err" CustomLog "/var/log/www1.access" common </VirtualHost> 基于认证模式访问内置的页面server-status <VirtualHost 172.16.0.3:80> ServerName www1.stuX.com DocumentRoot "/wanghongkai/web1/host" ErrorLog "/var/log/www1.err" CustomLog "/var/log/www1.access" common <Location /server-status> AuthType Basic AuthName "only for Admin" AuthUserFile /etc/httpd/conf.d/.htpasswd SetHandler server-status Require valid-user </Location> </VirtualHost> <VirtualHost 172.16.0.3:80> ServerName www2.stuX.com DocumentRoot "/wanghongkai/web2/host" ErrorLog "/var/log/www1.err" CustomLog "/var/log/www1.access" common </VirtualHost> #<VirtualHost 172.16.0.3:80> # ServerName www1.stuX.com # DocumentRoot "/wanghongkai/web1/host" #</VirtualHost> 5、为第4题中的第2个虚拟主机提供https服务,使得用户可以通过https安全的访问此web站点; (1)要求使用证书认证,证书中要求使用的国家(CN)、州(HA)、城市(ZZ)和组织(MageEdu); (2)设置部门为Ops,主机名为www2.stuX.com,邮件为admin@stuX.com; 1,按照/etc/pki/tls/openssl.conf配置文件创建serial和index.txt文件 2,生成CA的私钥文件: [root@ns1 CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048) 3,生成公钥文件: [root@ns1 CA]# openssl req -x509 -new -key private/cakey.pem -days 7300 -out cacert.pem You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:HA Locality Name (eg, city) [Default City]:ZZ Organization Name (eg, company) [Default Company Ltd]:Magf^C [root@ns1 CA]# openssl req -x509 -new -key private/cakey.pem -days 7300 -out cacert.pem You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:HA Locality Name (eg, city) [Default City]:ZZ Organization Name (eg, company) [Default Company Ltd]:MageEdu Organizational Unit Name (eg, section) []:Ops Common Name (eg, your name or your server's hostname) []:ca.Mageud.com Email Address []:admin@magedu.com 4,进入客户端进入/etc/httpd目录下创建ssl目录生成公钥文件和私钥文件: [root@ns2 ssl]# (umask 077; openssl genrsa -out httpd.key 2048) [root@ns2 ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:HA Locality Name (eg, city) [Default City]:ZZ Organization Name (eg, company) [Default Company Ltd]:MageEdu Organizational Unit Name (eg, section) []:Ops Common Name (eg, your name or your server's hostname) []:www.stux.com Email Address []:admin@stux.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: 5,将申请发送给CA认证机构: 6,CA主机对证书进行签发: [root@ns1 CA]# openssl ca -in /tmp/httpd.csr -out /etc/pki/CA/newcerts/httpd.crt -days 365 Using configuration from /etc/pki/tls/openssl.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Sep 23 18:31:40 2016 GMT Not After : Sep 23 18:31:40 2017 GMT Subject: countryName = CN stateOrProvinceName = HA organizationName = MageEdu organizationalUnitName = Ops commonName = www.stux.com emailAddress = admin@stux.com X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 89:AA:21:62:10:CA:AE:E6:A9:08:36:88:19:DF:25:23:8E:84:C8:4B X509v3 Authority Key Identifier: keyid:75:F9:01:4A:B9:6F:7E:6B:1B:6B:BE:FC:4A:19:E6:09:44:75:CE:C6 Certificate is to be certified until Sep 23 18:31:40 2017 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated 7,将证书发还给客户端: [root@ns1 CA]# scp /etc/pki/CA/newcerts/httpd.crt root@172.16.0.4:/etc/httpd/ssl/
原创文章,作者:wostop,如若转载,请注明出处:http://www.178linux.com/51802
评论列表(1条)
请完成题目要求所有细节所要求的知识点