Apache 安装与配置(2)

虚拟主机

·   NameVirtualHost 192.168.1.253:80

·   <VirtualHost 192.168.1.253:80>   

·       ServerAdmin webmaster@linux.com.cn.

·       DocumentRoot /var/www/linux.com.cn

·       ServerName www.linux.com.cn   

·       ErrorLog logs/linux.com.cn-error_log

·       CustomLog logs/linux.com.cn-access_log common

·   </VirtualHost>

·   <VirtualHost 192.168.1.253:80>

·       ServerAdmin webmaster@cisco.com.cn

·       DocumentRoot /var/www/cisco.com.cn

·       ServerName www.cisco.com.cn

·       ErrorLog logs/cisco.com.cn-error_log

·       CustomLog logs/cisco.com.cn-access_log common

·   </VirtualHost>

·   include conf/vh.com

·   vi /etc/httpd/conf/httpd.conf

·   ab -c 50 -n 100 http://www.linux.com.cn/index.html

SSL加密安全

·   vi /etc/httpd/conf.d/ssl.conf

·       LoadModule ssl_module modules/mod_ssl.so

·       Listen 443

·       SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

·       SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt

·       SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

·   证书申请

·       mkdir ca cd ca

·       第一步，创建key和request:

·       openssl req -new > new.cert.csr

·       第二步，从key中删除passphrase(可选):

·       openssl rsa -in privkey.pem -out new.cert.key

·       第三步，把request转换成signed sert:

·       openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 1825

·       第四步，把cert和key文件拷贝到适当的位置。

·       cp new.cert.cert /etc/httpd/conf/ssl.crt/server.crt

·       cp new.cert.key /etc/httpd/conf/ssl.key/server.key

·       /usr/sbin/apachectl restartssl

·       /usr/sbin/apachectl configtest

·   SSL虚拟主机

·       <VirtualHost 192.168.1.253:443>

·       SSLEngine on

·       SSLCipherSuiteALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

·       SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt

·       SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

·       servername www.linux.com.cn

·       DocumentRoot "/var/www/linux.com.cn"

·       <Directory "/var/www/linux.com.cn">

·       options indexes followsymlinks

·       allowoverride none

·       allow from all

·       </Directory>

·       serveradmin webmaster@linux.com.cn

 

·       servername www.cisco.com.cn

·       DocumentRoot "/var/www/cisco.com.cn"

·       <Directory "/var/www/cisco.com.cn">

·       options indexes followsymlinks

·       allowoverride none

·       allow from all

·       </Directory>

·       serveradmin webmaster@cisco.com.cn

·       </VirtualHost>

 

·       include conf/sslvh.conf

·       /usr/sbin/apachectl restartssl

·       /usr/sbin/apachectl configtest