httpd虚拟主机
为什么要使用虚拟主机?
虚拟主机指的是在单一的物理主机上运行多个"网站".虚拟主机主要有三种构建方式,通过虚拟主机可以让不同的站点运行在同一个服务器上而不会被用户明显的感知到.
Apache是第一个支持基于IP的虚拟主机服务
虚拟主机三种方式:
-
基于IP地址
-
基于端口号
-
基于主机名
很重要的一点:如果开启虚拟主机!中心主机应该关闭!具体方法:屏蔽主配置文件中DocumentRoot项
如果要添加虚拟主机,可以编写配置文件:
[root@localhost conf.d]# pwd /etc/httpd/conf.d [root@localhost conf.d]# ls virtual.conf virtual.conf //名字不重要
基于IP地址的虚拟主机
主要格式是VirtureHost是IP:PORT。并且,以IP为区分,及port可以一样,但是由于IP不同导致访问的结果不同。
具体格式:
<VirtualHost 172.25.254.11:80> ServerName fsx1.com ##本虚拟主机的hostname DocumentRoot "/var/www/fsx1" ##本虚拟主机默认发布目录,需要手动创建 </VirtualHost> <VirtualHost 172.25.11.11:80> ServerName fsx2.com DocumentRoot "/var/www/fsx2" </VirtualHost>
编写完成后可以使用httpd -t命令查看是否有语法错误。注意:上面两个虚拟主机域,端口相同,ip不同。当然,两个ip都的是本机上存在的ip地址
两个虚拟主机默认发布目录下的内容:
[root@localhost fsx2]# pwd /var/www/fsx2 [root@localhost fsx2]# cat index.html <h1>fsx2.com</h1> [root@localhost fsx1]# pwd /var/www/fsx1 [root@localhost fsx1]# cat index.html <h1>fsx1.com</h1>
测试:
[root@localhost fsx1]# curl 172.25.254.11 <h1>fsx1.com</h1> [root@localhost fsx1]# curl 172.25.11.11 <h1>fsx2.com</h1>
cgi是什么?,common gateway interface通用网关接口
基于port的虚拟主机
基于端口的虚拟主机,即IP相同,port不同,根据此也可以实现不同站点的单服务器虚拟化。
具体格式:
[root@localhost conf.d]# cat virtual.conf <VirtualHost 172.25.254.11:80> ServerName fsx1.com DocumentRoot "/var/www/fsx1" </VirtualHost> <VirtualHost 172.25.254.11:8080> ServerName fsx3.com DocumentRoot "/var/www/fsx3" </VirtualHost>
可以看到,两个虚拟主机域,IP相同,但是port不同。同样fsx3.com的虚拟主机也要手动创建默认发布目录。
目录内容:
[root@localhost fsx3]# cat index.html <h1>fsx3.com</h1> [root@localhost fsx3]# pwd /var/www/fsx3
测试:
[root@localhost fsx3]# curl 172.25.254.11 <h1>fsx1.com</h1> [root@localhost fsx3]# curl 172.25.254.11:8080 <h1>fsx3.com</h1>
基于主机名的虚拟主机
既然IP相同,port相同,那么同一个请求还会不会访问到不同数据呢?会的。因为完整的http请求,除了网络层(IP)和传输层(port)之外,还是用了http协议,这就可以实现基于hostname的虚拟主机。
具体方法:
[root@localhost conf.d]# cat virtual.conf NameVirtualHost 172.25.254.11:80 <VirtualHost 172.25.254.11:80> ServerName fsx1.com DocumentRoot "/var/www/fsx1" </VirtualHost> <VirtualHost 172.25.254.11:80> ServerName fsx4.com DocumentRoot "/var/www/fsx4" </VirtualHost>
可以看到,两个虚拟主机,IP端口完全一致,仅仅是ServerName不同,这也就是基于主机名的虚拟主机服务的关键点。同样,需要手动创建fsx4目录。
目录内容:
[root@localhost fsx4]# pwd /var/www/fsx4 [root@localhost fsx4]# cat index.html <h1>fsx4.com</h1>
测试:
[root@localhost fsx4]# curl fsx1.com <h1>fsx1.com</h1> [root@localhost fsx4]# curl fsx4.com <h1>fsx4.com</h1>
当然,此时需要作域名解析,一般是NS服务器做,但是也可以通过修改/etc/hosts文件来实现
关于虚拟主机其他一些配置
access日志分离
主要使用了CustomLog关键字;实现不同虚拟主机的访问日志分离的功能。如:
[root@localhost conf.d]# cat virtual.conf NameVirtualHost 172.25.254.11:80 <VirtualHost 172.25.254.11:80> ServerName fsx1.com DocumentRoot "/var/www/fsx1" CustomLog "/var/www/fsx1/logs/access_log" combined </VirtualHost> <VirtualHost 172.25.254.11:80> ServerName fsx4.com DocumentRoot "/var/www/fsx4" CustomLog "/var/www/fsx4/logs/access_log" combined </VirtualHost>
CustomLog指定了访问日志文件。
测试:
[root@localhost www]# curl fsx1.com <h1>fsx1.com</h1> [root@localhost www]# curl fsx4.com <h1>fsx4.com</h1> [root@localhost www]# cat fsx1/logs/access_log 172.25.254.11 - - [14/Aug/2018:12:56:16 +0800] "GET / HTTP/1.1" 200 18 "-" "curl/7.29.0" [root@localhost www]# cat fsx4/logs/access_log 172.25.254.11 - - [14/Aug/2018:12:56:19 +0800] "GET / HTTP/1.1" 200 18 "-" "curl/7.29.0"
黑名单、白名单
使用deny和allow可以定义黑白名单。
<VirtualHost 172.25.254.11:80> ServerName fsx4.com DocumentRoot "/var/www/fsx4" CustomLog "/var/www/fsx4/logs/access_log" combined <Directory /var/www/fsx4> Options none AllowOverride none Order deny,allow deny from 172.25.254.11 </Directory> </VirtualHost>
可以看到172.25.254.11(真机IP地址)被禁止访问fsx4的虚拟主机服务,此时可以找到资源,但是服务器拒绝提供响应服务(403状态码)
测试:
[root@localhost conf.d]# curl fsx4.com <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access / on this server.</p> </body></html>
简单认证
使用auth_basci模块可以进行简单的网页访问认证,基于用户名和密码;
[root@localhost conf.d]# cat virtual.conf NameVirtualHost 172.25.254.11:80 <VirtualHost 172.25.254.11:80> ServerName fsx1.com DocumentRoot "/var/www/fsx1" CustomLog "/var/www/fsx1/logs/access_log" combined <Directory /var/www/fsx1> Options none AllowOverride authconfig AuthType Basic AuthName "fsx config" AuthUserFile "/etc/httpd/conf.d/.user" Require valid-user </Directory> </VirtualHost>
用户名和密码被存放在/etc/httpd/conf.d/.user文件中,生成方法使用htpasswd命令。
[root@localhost conf.d]# htpasswd -m .user coco New password: Re-type new password: Adding password for user coco //如果.user文件不存在,要使用-c选项
重启服务器后,进行测试:
[root@localhost conf.d]# curl fsx1.com <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>401 Unauthorized</title> </head><body> <h1>Unauthorized</h1> <p>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.</p> </body></html> //使用curl命令,可以看到401状态码(认证提示)
location模块
location模块中可以使用SetHandler检测服务器状态。
NameVirtualHost 172.25.254.11:80 <VirtualHost 172.25.254.11:80> ServerName fsx1.com DocumentRoot "/var/www/fsx1" CustomLog "/var/www/fsx1/logs/access_log" combined <Directory /var/www/fsx1> Options none AllowOverride authconfig AuthType Basic AuthName "fsx config" AuthUserFile "/etc/httpd/conf.d/.user" Require valid-user </Directory> <Location /server-status> SetHandler server-status Order Allow,Deny Allow from all </Location> </VirtualHost>
配置成功后,可以在浏览器访问:fsx1.com/server-status监控查看服务器信息。也可以作压力测试(ab或者http_load)
[root@localhost conf.d]# ab -n 100000 -c 100 http://fsx2.com/idex.html This is ApacheBench, Version 2.3 <$Revision: 1430300 $> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Licensed to The Apache Software Foundation, http://www.apache.org/ Benchmarking fsx2.com (be patient) Completed 10000 requests Completed 20000 requests Completed 30000 requests Completed 40000 requests Completed 50000 requests Completed 60000 requests Completed 70000 requests Completed 80000 requests Completed 90000 requests Completed 100000 requests Finished 100000 requests Server Software: Apache/2.4.6 Server Hostname: fsx2.com Server Port: 80 Document Path: /idex.html Document Length: 207 bytes Concurrency Level: 100 Time taken for tests: 25.517 seconds Complete requests: 100000 Failed requests: 0 Write errors: 0 Non-2xx responses: 100000 Total transferred: 41500000 bytes HTML transferred: 20700000 bytes Requests per second: 3919.00 [#/sec] (mean) Time per request: 25.517 [ms] (mean) Time per request: 0.255 [ms] (mean, across all concurrent requests) Transfer rate: 1588.27 [Kbytes/sec] received Connection Times (ms) min mean[+/-sd] median max Connect: 0 1 1.2 1 14 Processing: 3 24 11.4 20 160 Waiting: 0 23 11.1 20 155 Total: 3 25 11.0 22 164 Percentage of the requests served within a certain time (ms) 50% 22 66% 27 75% 31 80% 33 90% 39 95% 44 98% 50 99% 54 100% 164 (longest request)
manual工具
[root@localhost conf.d]# yum list all | grep httpd-manual http://localhost/fsx7.5/repodata/repomd.xml: [Errno 14] HTTP Error 403 - Forbidden Trying other mirror. To address this issue please refer to the below knowledge base article https://access.redhat.com/solutions/69319 If above article doesn't help to resolve this issue please open a ticket with Red Hat Support. httpd-manual.noarch 2.4.6-80.el7 @fsx
下载安装后,可以直接访问:fsx2.com/manual则可以获取所有的httpd帮助。