虚拟Web主机
在同一台物理服务器中运行多个Web站点,其中每一一个站点并不独立占用一台真正的计算机。
httpd支持的虚拟主机类型
基于域名的虚拟主机
基于IP地址的虚拟主机
基于端口的虚拟主机
构建虚拟主机------基于域名
(1)安装bind、httpd服务。
(2)进入named服务的主配置文件,将下图两个位置改为“any”。
[root@localhost ~]# vim /etc/named.conf
(3)进入named服务的区域配置文件,添加两个域名的区域信息。
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "aaa.com" IN {
type master;
file "aaa.com.zone";
allow-update { none; };
};
zone "bbb.com" IN {
type master;
file "bbb.com.zone";
allow-update { none; };
};
(4)进入“/var/named/”目录,保留权限复制一份“named.localhost”区域数据配置文件,命名为“aaa.com.zone”,然后对其进行修改。
[root@localhost ~]# cd /var/named/
[root@localhost named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@localhost named]# cp -p named.localhost aaa.com.zone
[root@localhost named]#
[root@localhost named]# vim aaa.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
www IN A 192.168.52.133
(5)再保留权限复制一份“aaa.com.zone”文件,命名为“bbb.com.zone”,不用进行修改。然后开启named服务,关闭防火墙和增强性安全功能。
[root@localhost named]# cp -p aaa.com.zone bbb.com.zone
[root@localhost named]# systemctl start named
[root@localhost named]#
[root@localhost named]# systemctl stop firewalld.service
[root@localhost named]# setenforce 0
[root@localhost named]#
(6)再开一台win10虚拟机,将其DNS服务器的IP地址,设置为刚才Linux系统的IP地址。
(7)用win10主机去测试DNS服务能否解析,解析成功。
(8)进入“/etc/httpd/conf”目录,创建一个“extra/”目录,然后进入“extra/”目录,用vim编辑器,新建一个配置文件“vhost.conf”,在配置文件里输入以下内容。
[root@localhost named]# cd /etc/httpd/conf
[root@localhost conf]# ls
httpd.conf magic
[root@localhost conf]# mkdir extra
[root@localhost conf]# ls
extra httpd.conf magic
[root@localhost conf]# cd extra/
[root@localhost extra]# vim vhost.conf
DocumentRoot "/var/www/html/aaa/"
ServerName www.aaa.com
ErrorLog "logs/www.aaa.com.error_log"
CustomLog "logs/www.aaa.com.access_log" common
Require all granted
DocumentRoot "/var/www/html/bbb/"
ServerName www.bbb.com
ErrorLog "logs/www.bbb.com.error_log"
CustomLog "logs/www.bbb.com.access_log" common
Require all granted
(9)进入“/var/www/html/”创建两个目录“aaa/”、“bbb/”。
[root@localhost extra]#
[root@localhost extra]# cd /var/www/html/
[root@localhost html]# ls
[root@localhost html]# mkdir aaa bbb
[root@localhost html]# ls
aaa bbb
[root@localhost html]#
(10)进入“aaa/”目录,新建一个站点首页文件,内容如下:
[root@localhost html]# cd aaa
[root@localhost aaa]# ls
[root@localhost aaa]# vim index.html
this is aaa web
(11)进入“bbb/”目录,新建一个站点首页文件,内容如下:
[root@localhost aaa]# cd ../bbb
[root@localhost bbb]# ls
[root@localhost bbb]# vim index.html
this is bbb web
(12)进入httpd服务的主配置文件,在末行将我们新建的配置文件写进主配置文件,然后启动httpd服务。
[root@localhost bbb]# vim /etc/httpd/conf/httpd.conf
Include conf/extra/vhost.conf
[root@localhost bbb]# systemctl start httpd
[root@localhost bbb]#
(13)用win10 主机去分别访问两个域名,都能访问成功。
构建虚拟主机------基于端口
(1)在上一个实验的基础上,进入配置文件“vhost.conf”,添加一个“www.aaa.com”域名的8080端口。
[root@localhost bbb]# vim /etc/httpd/conf/extra/vhost.conf
DocumentRoot "/var/www/html/aaa/"
ServerName www.aaa.com
ErrorLog "logs/www.aaa.com.error_log"
CustomLog "logs/www.aaa.com.access_log" common
Require all granted
DocumentRoot "/var/www/html/bbb/"
ServerName www.bbb.com
ErrorLog "logs/www.bbb.com.error_log"
CustomLog "logs/www.bbb.com.access_log" common
Require all granted
DocumentRoot "/var/www/html/aaa02/"
ServerName www.aaa.com
ErrorLog "logs/www.aaa02.com.error_log"
CustomLog "logs/www.aaa02.com.access_log" common
Require all granted
(2)进入“/var/www/html”目录,新建一个“aaa02”目录,进入“aaa02”目录,新建一个站点首页文件,内容如下:
[root@localhost bbb]# cd ../
[root@localhost html]# mkdir aaa02
[root@localhost html]# cd aaa02/
[root@localhost aaa02]# vim index.html
this is aaa02 web
(3)进入httpd服务主配置文件,添加监听端口,同时将IPv6的端口的监听注销。重启httpd服务。
[root@localhost aaa02]# vim /etc/httpd/conf/httpd.conf
Listen 192.168.52.133:80
Listen 192.168.52.133:8080
#Listen 80
[root@localhost aaa02]# systemctl restart httpd
[root@localhost aaa02]#
(4)再次用win10主机访问两个端口不同的域名,访问成功。
构建虚拟主机------基于IP
(1)给Linux主机添加一块网卡,查看IP地址。
(2)进入配置文件“vhost.conf”,进行如下输入:
[root@localhost aaa02]# vim /etc/httpd/conf/extra/vhost.conf
DocumentRoot "/var/www/html/aaa/"
ErrorLog "logs/www.aaa.com.error_log"
CustomLog "logs/www.aaa.com.access_log" common
Require all granted
DocumentRoot "/var/www/html/aaa02/"
ErrorLog "logs/www.aaa02.com.error_log"
CustomLog "logs/www.aaa02.com.access_log" common
Require all granted
(3)分别对“aaa”站点与“aaa02”站点的主页文件进行如下修改:
[root@localhost aaa02]# cd ../aaa
[root@localhost aaa]# vim index.html
this is 133 aaa web
[root@localhost aaa]# cd ../aaa02
[root@localhost aaa02]# vim index.html
this is 139 aaa02 web
(4)进入httpd主配置文件,进行端口的添加与注释。然后重启httpd服务。
[root@localhost aaa02]# vim /etc/httpd/conf/httpd.conf
Listen 192.168.52.133:80
Listen 192.168.52.139:80
#Listen 192.168.52.133:8080
#Listen 80
[root@localhost aaa02]# systemctl restart httpd
[root@localhost aaa02]#
(5)用win10主机去访问两个不同IP地址的站点,访问成功。但是只能用IP地址访问,一般情况访问网站用的是域名,接下来我们进行域名访问不同IP地址站点的配置。
(6)首先在配置文件“vhost.conf”中添加,域名“ServerName”。
[root@localhost aaa02]# vim /etc/httpd/conf/extra/vhost.conf
DocumentRoot "/var/www/html/aaa/"
ServerName www.aaa.com
ErrorLog "logs/www.aaa.com.error_log"
CustomLog "logs/www.aaa.com.access_log" common
Require all granted
DocumentRoot "/var/www/html/aaa02/"
ServerName www.aaa02.com
ErrorLog "logs/www.aaa02.com.error_log"
CustomLog "logs/www.aaa02.com.access_log" common
Require all granted
(7)进入named服务的区域配置文件中,添加一个“aaa02”的区域信息。
[root@localhost aaa02]# vim /etc/named.rfc1912.zones
zone "aaa.com" IN {
type master;
file "aaa.com.zone";
allow-update { none; };
};
zone "aaa02.com" IN {
type master;
file "aaa02.com.zone";
allow-update { none; };
};
(8)进入“/var/named/”目录,保留权限复制一份“aaa.com.zone”文件,命名为“aaa02.com.zone”,同时对其进行如下修改:
[root@localhost aaa02]# cd /var/named/
[root@localhost named]# ls
aaa.com.zone data named.ca named.localhost slaves
bbb.com.zone dynamic named.empty named.loopback
[root@localhost named]# cp -p aaa.com.zone aaa02.com.zone
[root@localhost named]# vim aaa02.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
www IN A 192.168.52.139
(9)再次用win10主机,通过域名去访问两个不同IP地址的站点,访问成功。
访问权限控制
(1)查看win10主机的IP地址。
(2)在配置文件“vhost.conf”中添加拒绝win10主机访问,“www.aaa.com”域名规则。然后重启服务
[root@localhost ~]# vim /etc/httpd/conf/extra/vhost.conf
DocumentRoot "/var/www/html/aaa/"
ServerName www.aaa.com
ErrorLog "logs/www.aaa.com.error_log"
CustomLog "logs/www.aaa.com.access_log" common
Require not ip 192.168.52.129
Require all granted
DocumentRoot "/var/www/html/aaa02/"
ServerName www.aaa02.com
ErrorLog "logs/www.aaa02.com.error_log"
CustomLog "logs/www.aaa02.com.access_log" common
Require all granted
[root@localhost ~]# systemctl restart httpd
(3)清除win10主机浏览器的历史记录,然后分别访问两个域名。此时“www.aaa.com”域名已经访问不到首页了,只能看到Apache默认的页面。
(4)用“htpasswd”命令创建用户认证数据库,“-c”选项是用来创建文件“passwd”的,如果文件已经存在就不用加。
[root@localhost ~]# cd /etc/httpd/conf
[root@localhost conf]# ls
extra httpd.conf magic
[root@localhost conf]#
[root@localhost conf]# htpasswd -c /etc/httpd/conf/passwd test01
New password:
Re-type new password:
Adding password for user test01
[root@localhost conf]# htpasswd /etc/httpd/conf/passwd test02
New password:
Re-type new password:
Adding password for user test02
[root@localhost conf]# cat passwd
test01:$apr1$72w08g5z$26fEl6Yqym/nPi08lhrYj/
test02:$apr1$1sZRVmZ/$Qs2BrdK/SJoZwRe1sIXUQ/
[root@localhost conf]#
(5)在配置文件“vhost.conf”中,给“www.aaa02.com”域名添加身份验证访问规则,然后重启服务。
[root@localhost conf]# vim extra/vhost.conf
DocumentRoot "/var/www/html/aaa/"
ServerName www.aaa.com
ErrorLog "logs/www.aaa.com.error_log"
CustomLog "logs/www.aaa.com.access_log" common
Require not ip 192.168.52.129
Require all granted
DocumentRoot "/var/www/html/aaa02/"
ServerName www.aaa02.com
ErrorLog "logs/www.aaa02.com.error_log"
CustomLog "logs/www.aaa02.com.access_log" common
AuthName "DocumentRoot"
AuthType Basic
AuthUserFile /etc/httpd/conf/passwd
Require valid-user
[root@localhost conf]# systemctl restart httpd
[root@localhost conf]#
(6)清除win10主机的浏览器缓存,然后再次访问“www.aaa02.com”域名,结果弹出身份验证。输入用户和密码后访问成功。
