练习：

1、建立httpd服务，要求：
(1)提供两个基于名称的虚拟主机：
www1.stuX.com,页面文件目录为/web/vhosts/www1 ;错误日志为/var/log/www1/error_log, 访问日志为/var/log/httpd/www1/access_log;
www2.stuX.com,页面文件目录为/web/vhosts/www2 ;错误日志为/var/log/www2/error_log, 访问日志为/var/log/httpd/www2/access_log;
(2)通过www1.stuX.com/server-status输出其状态信息且要求只允许提供账号的用户访问；
(3)www1不允许192.168.1.0/24网络中的主机访问；

2、为上面的第二个虚拟主机提供https服务，使用户可以通过https安全的访问此web站点；
(1) 要求使用证书认证，证书中要求国家(CN),州(Beijing),城市(Beijing),组织为(MageEdu);
(2)设置部门为Ops,主机名为www2.stuX.com

www1.conf

<VirtualHost *:80>
    ServerName www1.stuX.com
    DocumentRoot "/web/vhosts/www1"
    ErrorLog "/var/log/httpd/www1/error_log"
    CustomLog "/var/log/httpd/www1/access_log" combined
    <Directory "/web/vhosts/www1">
        Options None
#        Require all granted
        <Requireall>
            Require not ip 192.168.1
            Require ip 192.168
        </Requireall>
    </Directory>
    <Location /server-status>
        SetHandler server-status
        <RequireAll>
            Require ip 192.168
        </requireAll>
    </Location>
</VirtualHost>

www2.conf

<VirtualHost *:80>
    ServerName www2.stuX.com
    DocumentRoot "/web/vhosts/www2"
    ErrorLog "/var/log/httpd/www2/error_log"
    CustomLog "/var/log/httpd/www2/access_log" combined
    <Directory "/web/vhosts/www2">
        Options None
        Require all granted
    </Directory>
</VirtualHost>

ssl.conf

# General setup for the virtual host, inherited from global configuration
#DocumentRoot "/var/www/html"
#ServerName www.example.com:443
DocumentRoot "/web/vhosts/www2"
ServerName www2.stuX.com:443
<Directory "/web/vhosts/www2">
Options None
Require all granted
</Directory>

#   Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate.  If
# the certificate is encrypted, then you will be prompted for a
# pass phrase.  Note that a kill -HUP will prompt again.  A new
# certificate can be generated using the genkey(1) command.
#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /etc/httpd/ssl/httpd_crt.pem

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /etc/httpd/ssl/httpd_key.pem