以下实验在两台虚拟机中完成,PC1服务器端,IP地址为192.168.10.10; PC2为客户机端,IP地址为192.168.10.20.
1、在PC1服务器端安装apache服务
[root@PC1 ~]# yum install httpd -y
Loaded plugins: langpacks, product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
rhel7 | 4.1 kB 00:00
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.6-17.el7 will be installed
--> Processing Dependency: httpd-tools = 2.4.6-17.el7 for package: httpd-2.4.6-17.el7.x86_64
--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-17.el7.x86_64
--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-17.el7.x86_64
--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-17.el7.x86_64
--> Running transaction check
---> Package apr.x86_64 0:1.4.8-3.el7 will be installed
---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
---> Package httpd-tools.x86_64 0:2.4.6-17.el7 will be installed
---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
httpd x86_64 2.4.6-17.el7 rhel7 1.2 M
Installing for dependencies:
apr x86_64 1.4.8-3.el7 rhel7 103 k
apr-util x86_64 1.5.2-6.el7 rhel7 92 k
httpd-tools x86_64 2.4.6-17.el7 rhel7 77 k
mailcap noarch 2.1.41-2.el7 rhel7 31 k
Transaction Summary
================================================================================
Install 1 Package (+4 Dependent packages)
Total download size: 1.5 M
Installed size: 4.3 M
Downloading packages:
--------------------------------------------------------------------------------
Total 5.6 MB/s | 1.5 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : apr-1.4.8-3.el7.x86_64 1/5
Installing : apr-util-1.5.2-6.el7.x86_64 2/5
Installing : httpd-tools-2.4.6-17.el7.x86_64 3/5
Installing : mailcap-2.1.41-2.el7.noarch 4/5
Installing : httpd-2.4.6-17.el7.x86_64 5/5
rhel7/productid | 1.6 kB 00:00
Verifying : mailcap-2.1.41-2.el7.noarch 1/5
Verifying : httpd-tools-2.4.6-17.el7.x86_64 2/5
Verifying : apr-1.4.8-3.el7.x86_64 3/5
Verifying : apr-util-1.5.2-6.el7.x86_64 4/5
Verifying : httpd-2.4.6-17.el7.x86_64 5/5
Installed:
httpd.x86_64 0:2.4.6-17.el7
Dependency Installed:
apr.x86_64 0:1.4.8-3.el7 apr-util.x86_64 0:1.5.2-6.el7
httpd-tools.x86_64 0:2.4.6-17.el7 mailcap.noarch 0:2.1.41-2.el7
Complete!
2、在PC1服务器端修改配置文件,绑定IP地址和主机域名
[root@PC1 ~]# ifconfig | head -n 5
eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.10 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::20c:29ff:fe66:37f7 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:66:37:f7 txqueuelen 1000 (Ethernet)
RX packets 148 bytes 23040 (22.5 KiB)
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.10.10 www.aaaaa.com www.bbbbb.com www.ccccc.com
[root@PC1 ~]# ping -c 3 www.aaaaa.com
PING www.aaaaa.com (192.168.10.10) 56(84) bytes of data.
64 bytes from www.aaaaa.com (192.168.10.10): icmp_seq=1 ttl=64 time=0.071 ms
64 bytes from www.aaaaa.com (192.168.10.10): icmp_seq=2 ttl=64 time=0.040 ms
64 bytes from www.aaaaa.com (192.168.10.10): icmp_seq=3 ttl=64 time=0.040 ms
--- www.aaaaa.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.040/0.050/0.071/0.015 ms
[root@PC1 ~]# ping -c 3 www.bbbbb.com
PING www.aaaaa.com (192.168.10.10) 56(84) bytes of data.
64 bytes from www.aaaaa.com (192.168.10.10): icmp_seq=1 ttl=64 time=0.044 ms
64 bytes from www.aaaaa.com (192.168.10.10): icmp_seq=2 ttl=64 time=0.037 ms
64 bytes from www.aaaaa.com (192.168.10.10): icmp_seq=3 ttl=64 time=0.041 ms
--- www.aaaaa.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.037/0.040/0.044/0.007 ms
[root@PC1 ~]# ping -c 3 www.ccccc.com
PING www.aaaaa.com (192.168.10.10) 56(84) bytes of data.
64 bytes from www.aaaaa.com (192.168.10.10): icmp_seq=1 ttl=64 time=0.067 ms
64 bytes from www.aaaaa.com (192.168.10.10): icmp_seq=2 ttl=64 time=0.044 ms
64 bytes from www.aaaaa.com (192.168.10.10): icmp_seq=3 ttl=64 time=0.042 ms
--- www.aaaaa.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.042/0.051/0.067/0.011 ms
3、在PC1服务器端创建保存三个网站数据的目录以及首页内容
[root@PC1 ~]# mkdir -p /home/wwwroot/aaaaa
[root@PC1 ~]# mkdir -p /home/wwwroot/bbbbb
[root@PC1 ~]# mkdir -p /home/wwwroot/ccccc
[root@PC1 ~]# echo "here is aaaaa" > /home/wwwroot/aaaaa/index.html
[root@PC1 ~]# echo "here is bbbbb" > /home/wwwroot/bbbbb/index.html
[root@PC1 ~]# echo "here is ccccc" > /home/wwwroot/ccccc/index.html
4、在PC1服务器端修改Apache服务的主配置文件,写入三个基于主机域名的虚拟主机网站参数
[root@PC1 ~]# vim /etc/httpd/conf/httpd.conf
…………
112 #
113 <VirtualHost 192.168.10.10>
114 DocumentRoot "/home/wwwroot/aaaaa"
115 ServerName "www.aaaaa.com"
116 <Directory "/home/wwwroot/aaaaa">
117 AllowOverride None
118 Require all granted
119 </Directory>
120 </VirtualHost>
121 <VirtualHost 192.168.10.10>
122 DocumentRoot "/home/wwwroot/bbbbb"
123 ServerName "www.bbbbb.com"
124 <Directory "/home/wwwroot/bbbbb">
125 AllowOverride None
126 Require all granted
127 </Directory>
128 </VirtualHost>
129 <VirtualHost 192.168.10.10>
130 DocumentRoot "/home/wwwroot/ccccc"
131 ServerName "www.ccccc.com"
132 <Directory "/home/wwwroot/ccccc">
133 AllowOverride None
134 Require all granted
135 </Directory>
136 </VirtualHost>
137 #
…………
5、在PC1主机中重启apache服务
[root@PC1 ~]# systemctl restart httpd
[root@PC1 ~]# systemctl status httpd | head -n 5
httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled)
Active: active (running) since Thu 2020-12-17 21:59:52 CST; 12s ago
Main PID: 4385 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
6、在PC1服务器端关闭防火墙策略
[root@PC1 ~]# iptables -F
[root@PC1 ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
7、在PC1主机中修改网站数目目录及首页数据的SELinux上下文值
[root@PC1 ~]# ls -ldZ /var/www/html/
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html/
[root@PC1 ~]# ls -ldZ /home/wwwroot/aaaaa/
drwxr-xr-x. root root unconfined_u:object_r:home_root_t:s0 /home/wwwroot/aaaaa/
[root@PC1 ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/aaaaa
[root@PC1 ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/aaaaa/*
[root@PC1 ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/bbbbb
[root@PC1 ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/bbbbb/*
[root@PC1 ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/ccccc
[root@PC1 ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/ccccc/*
[root@PC1 ~]# restorecon -Rv /home/wwwroot/
restorecon reset /home/wwwroot context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_dir_t:s0
restorecon reset /home/wwwroot/aaaaa context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /home/wwwroot/aaaaa/index.html context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /home/wwwroot/bbbbb context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /home/wwwroot/bbbbb/index.html context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /home/wwwroot/ccccc context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /home/wwwroot/ccccc/index.html context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
[root@PC1 ~]# ls -ldZ /home/wwwroot/aaaaa/
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 /home/wwwroot/aaaaa/
8、在PC1服务器端修改SELinux的域服务
[root@PC1 ~]# getsebool -a | grep http
httpd_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_can_connect_ftp --> off
httpd_can_connect_ldap --> off
httpd_can_connect_mythtv --> off
httpd_can_connect_zabbix --> off
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> off
httpd_dbus_sssd --> off
httpd_dontaudit_search_dirs --> off
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> off
httpd_execmem --> off
httpd_graceful_shutdown --> on
httpd_manage_ipa --> off
httpd_mod_auth_ntlm_winbind --> off
httpd_mod_auth_pam --> off
httpd_read_user_content --> off
httpd_run_stickshift --> off
httpd_serve_cobbler_files --> off
httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_sys_script_anon_write --> off
httpd_tmp_exec --> off
httpd_tty_comm --> off
httpd_unified --> off
httpd_use_cifs --> off
httpd_use_fusefs --> off
httpd_use_gpg --> off
httpd_use_nfs --> off
httpd_use_openstack --> off
httpd_use_sasl --> off
httpd_verify_dns --> off
named_tcp_bind_http_port --> off
prosody_bind_http_port --> off
[root@PC1 ~]# setsebool -P httpd_enable_homedirs=on
[root@PC1 ~]# getsebool -a | grep http
httpd_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_can_connect_ftp --> off
httpd_can_connect_ldap --> off
httpd_can_connect_mythtv --> off
httpd_can_connect_zabbix --> off
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> off
httpd_dbus_sssd --> off
httpd_dontaudit_search_dirs --> off
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> on
httpd_execmem --> off
httpd_graceful_shutdown --> on
httpd_manage_ipa --> off
httpd_mod_auth_ntlm_winbind --> off
httpd_mod_auth_pam --> off
httpd_read_user_content --> off
httpd_run_stickshift --> off
httpd_serve_cobbler_files --> off
httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_sys_script_anon_write --> off
httpd_tmp_exec --> off
httpd_tty_comm --> off
httpd_unified --> off
httpd_use_cifs --> off
httpd_use_fusefs --> off
httpd_use_gpg --> off
httpd_use_nfs --> off
httpd_use_openstack --> off
httpd_use_sasl --> off
httpd_verify_dns --> off
named_tcp_bind_http_port --> off
prosody_bind_http_port --> off
9、在PC2客户机端测试PC1服务器端网络连通性
[root@PC2 ~]# ifconfig | head -n 3
eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.20 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::20c:29ff:fe25:bb3e prefixlen 64 scopeid 0x20<link>
[root@PC2 ~]# ping -c 3 192.168.10.10
PING 192.168.10.10 (192.168.10.10) 56(84) bytes of data.
64 bytes from 192.168.10.10: icmp_seq=1 ttl=64 time=0.281 ms
64 bytes from 192.168.10.10: icmp_seq=2 ttl=64 time=0.205 ms
64 bytes from 192.168.10.10: icmp_seq=3 ttl=64 time=0.309 ms
--- 192.168.10.10 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.205/0.265/0.309/0.043 ms
[root@PC2 ~]# ping -c 3 www.aaaaa.com
ping: unknown host www.aaaaa.com
[root@PC2 ~]# ping -c 3 www.bbbbb.com
ping: unknown host www.bbbbb.com
## 说明PC2端无法实现域名解析
10、在PC1服务器端测试基于域名的虚拟主机功能
以上实验实验只实现了基于主机域名部署多个网站在同一主机的验证(PC2客户机无法解析域名)。