虚拟主机的设置
现在是设置Apache处理一些虚拟主机的时间了。由于Apache提供的灵活性,虚拟主机可很简单地做到。首先你需要一个DNS服务器把虚拟主机的域名指向web服务器的IP地址。在DNS使用一个CNAME记录把 your_virtual_domain.com指向服务器的IP。其次你需要修改Apache的配置文件httpd.conf以增加新的虚拟域名。记住,这只是一个很基本的例子,你有勇气读一下Apache的指令。
让我们看一个 httpd.conf 的例子。
httpd.conf 片断
#--------------------------------------------------------#
# VIRTUAL HOST SECTION NON-SSL
#--------------------------------------------------------#
# VirtualHost directive allows you to specify another virtual
# domain on your server. Most Apache options can be specified
# within this section.
# Mail to this address on errors
ServerAdmin webmaster@domain1.com
# Where documents are kept in the virtual domain
# this is an absolute path. So you may want to put
# in a location where the owner can get to it.
DocumentRoot /home/vhosts/domain1.com/www/
# Since we will use PHP to create basically
# all our file we put a directive to the Index file.
DirectoryIndex index.php
# Name of the server
ServerName www.domain1.com
# Log files Relative to ServerRoot option
ErrorLog logs/domain1.com-error_log
TransferLog logs/domain1.com-access_log
RefererLog logs/domain1.com-referer_log
AgentLog logs/domain1.com-agent_log
# Use CGI scripts in this domain. In the next case you
# can see that it does not have CGI scripts. Please
# read up on the security issues relating to CGI-scripting.
ScriptAlias /cgi-bin/ /var/www/cgi-bin/domain1.com/
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
# This is another domain. Note that you could host
# multiple domains this way...
# Mail to this address on errors
ServerAdmin webmaster@domain2.com
# Where documents are kept in the virtual domain
DocumentRoot /virtual/domain2.com/www/html
# Name of the server
ServerName www.domain2.com
# Log files Relative to ServerRoot option
ErrorLog logs/domain2.com-error_log
TransferLog logs/domain2.com-access_log
RefererLog logs/domain2.com-referer_log
AgentLog logs/domain2.com-agent_log
# No CGI's for this host
# End: virtual host section
|
使用上述例子在你的服务器上创建你自己的虚拟主机。如果你想从Apache网站上阅读每一条指令,它的网址是:http://www.apache.org。
SSL虚拟主机
创建SSL虚拟主机类似非SSL。除了你需要指定另外的指令,还有,你需要增加一个DNS记录并且修改 httpd.conf。这里有一个例子。
#--------------------------------------------#
# SSL Virtual Host Context
#--------------------------------------------#
# General setup for the virtual host
DocumentRoot /usr/local/apache/htdocs
ServerAdmin webmaster@securedomain1.com
ServerName www.securedomain1.com
ErrorLoglogs/domain1.com-error_log
TransferLog logs/domain1.com-transfer_log
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A test
# certificate can be generated with `make certificate' under
# built time. Keep in mind that if you've both a RSA and a DSA
# certificate you can configure both in parallel (to also allow
# the use of DSA ciphers, etc.)
# Note that I keep my certificate files located in a central
# location. You could change this if you are an ISP, or ASP.
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog /usr/local/apache/logs/ssl_request_log
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b"
|
记住你有很多指令可以指定。我们将在另一篇有关配置Apache的文章中讨论,本文只是一个入门性指南。
生成证书
这是如何生成证书的按部就班的描述。
为你的Apache服务器创建一个RSA私用密钥(被Triple-DES加密并且进行PEM格式化):
# openssl genrsa -des3 -out server.key 1024
|
请在安全的地方备份这个server.key文件。记住你输入的通行短语(pass phrase)!你可以通过下面的命令看到这个RSA私用密钥的细节。
如果您对本文有任何疑问或者建议,请到讨论区发表您的意见:
>>
论坛入口 <<
上一篇:
用SSL构建一个安全的Apache
下一篇:
在Linux上搭建WEB服务器:基本概念、PHP
【文章评论】
【收藏本文】
【推荐好友】
【打印本文】
【我要投稿】 【论坛讨论】
