第九单元
Apache web服务
一 Apache安装
1 yum install httpd -y ###安装apache软件包###
2 systemctl start httpd ###开启服务###
3 systemctl enable httpd.service ###开机自动开启服务###
4 systemctl stop firewalld.service ###关闭防火墙###
5 systemctl disable firewalld.service ###开机自动关闭###
6 netstat -antlp | grep httpd ###查看监听端口###
二 apache基本信息
1 apache的默认发布目录
index.html
2 apache的配置文件
/etc/httpd/conf/httpd.conf ###主配置文件###
ServerRoot "/etc/httpd" ###用于指定Apache的运行目录###
Listen 80 ###监听端口###
User apache ###运行apache程序的用户和组###
Group apache
ServerAdmin root@localhost ###管理员邮箱###
DocumentRoot "/var/www/html" ###网页文件的存放目录###
<Directory "/var/www/html"> ##<Directory>语句块自定义目录权限##
Require all granted
</Directory>
ErrorLog "logs/error_log" ###错误日志存放位置###
AddDefaultCharset UTF-8 ###默认支持的语言###
IncludeOptional conf.d/*.conf ###加载其它配置文件###
DirectoryIndex index.html ###默认主页名称###
/etc/httpd/conf.d/*.conf ###子配置文件###
3 apache的默认发布目录
/var/www/html
4 apache的默认端口
80
三 apache的基本配置
1 vim /var/www/html/index.html ###编写默认文件###
内容:
<h2> hello world </h2>
2 vim /var/www/html/ westos.html ###编写默认文件###
内容:
<h2> westos linux </h2>
3 vim /etc/httpd/conf/httpd.con
168 <IfModule dir_module>
169 DirectoryIndex westos.html index.html ###默认westos.html为默认文件,如果westos.html不存在,则默认文件为index.html#####
170 </IfModule>
4 systemctl restart httpd.service ###重新启动服务###
测试:
登入 172.25.254.112 查看显示的内容是index.html还是westos.html
过程如下:
[root@mariadb mysqladmin]# cd /var/www/html/
[root@mariadb html]# ls
admin cgi MysqLadmin
[root@mariadb html]# vim index.html
[root@mariadb html]# vim westos.html
[root@mariadb html]# vim /etc/httpd/conf/httpd.conf
[root@mariadb html]# systemctl restart httpd.service
[root@mariadb html]# rm -fr westos.html
当selinux是disabled的时候:
1 mkdir /westos/www/test -p ###建立一个目录作为默认目录###
2 vim /westos/www/test/westos.html ###编写默认文件###
内容:
<h2> westos's page </h2>
3 vim /etc/httpd/conf/httpd.conf
121 DocumentRoot "/westos/www/test" ###修改默认目录###
122
123 <Directory "/westos/www/test"> ###设置默认目录访问权限####
124 Require all granted ####允许所有人访问####
125 </Directory>
4 systemctl restart httpd.service ###重启服务###
测试:
登入172.25.254.112查看内容:
过程如下:
[root@mariadb html]# mkdir /westos/www/test -p
[root@mariadb html]# vim /westos/www/test/westos.html
[root@mariadb html]# vim /etc/httpd/conf/httpd.conf
[root@mariadb html]# systemctl restart httpd.service
当selinux是enforcing状态:
在添加下面两步:
1 semanage fcontext -a -t httpd_sys_content_t '/westos(/.*)?'###修改安全上下文###
2 restorecon -RvvF /westos/ ###刷新###
3 )apache的访问控制
设定ip的访问:
1 mkdir /var/www/html/admin/
2 vim /var/www/html/admin/index.html
<h2> admin's page </h2>
3 vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/admin">
Order Allow,Deny ###允许所有人访问admin目录但只有78主机不能访问###
Allow from All
Deny from 172.25.254.78
</Directory>
<<Directory "/var/www/html/admin"> ###只允许78访问访问admin目录####
Order Deny,Allow
Allow from 172.25.254.78
Deny from All
</Directory>
3 systemctl restart httpd.service ###重启服务###
过程如下:
[root@mariadb ~]# mkdir /var/www/html/admin/
[root@mariadb ~]# vim /var/www/html/admin/index.html
[root@mariadb ~]# vim /etc/httpd/conf/httpd.conf
[root@mariadb ~]# systemctl restart httpd.service
特定用户的访问:
1 htpasswd -cm /etc/httpd/accessuser admin ###设定用户,-c指创建,-m指定名称,改命令为创建了一个用户admin,该用户信息存放在/etc/httpd/accessuser#####
2 htpasswd -m /etc/httpd/accessuser tom ###创建用户tom,第二次创建不用加-c,不然会将第一次创建的用户信息覆盖###
3 vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/admin">
AuthUserFile /etc/httpd/accessuser ###用户认证文件###
AuthName "please input your name and password !!" ###用户认证提示信息###
AuthType basic ###认证类型###
Require user tom ###认证用户,只有tom可以访问,如果是Require valid-user 则认证文件中的所有用户###
</Directory>
过程如下:
[root@mariadb ~]# vim /etc/httpd/conf/httpd.conf
[root@mariadb ~]# cd /etc/httpd/
[root@mariadb httpd]# htpasswd -cm /etc/httpd/accessuser admin
New password:
Re-type new password:
Adding password for user admin
[root@mariadb httpd]# cat /etc/httpd/accessuser
admin:$apr1$/2PFvsol$SDJa/.mb1dmWnjHzZEPu11
[root@mariadb httpd]# htpasswd -m /etc/httpd/accessuser tom
New password:
Re-type new password:
Adding password for user tom
[root@mariadb httpd]# cat /etc/httpd/accessuser
admin:$apr1$/2PFvsol$SDJa/.mb1dmWnjHzZEPu11
tom:$apr1$pZ1snUMw$Sd/oscb2DOr0j6aCTvoDB1
[root@mariadb httpd]# mkdir -p /var/www/html/admin
[root@mariadb httpd]# systemctl restart httpd.service
测试:
登入172.25.254.112/admin
4)apache语言支持
PHP html cqi
PHP语言:
1 yum install PHP -y
2 vim /var/www/html/index.PHP
<?PHP
PHPinfo();
?>
3 systemctl restart httpd.service
过程如下:
[root@mariadb html]# yum install PHP
[root@mariadb html]# vim /var/www/html/index.html
[root@mariadb html]# systemctl restart httpd.service
cgi语言:
1 yum install httpd-manual -y
2 mkdir /var/www/html/cgi
3 cd /var/www/html/cgi/
4 vim index.cgi
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print `date`;
5 chmod +x index.cgi
6 vim /etc/httpd/conf/httpd.conf
179 DirectoryIndex index.html index.cgi
135 <Directory "/var/www/html/cgi">
136 Options +ExecCGI
137 AddHandler cgi-script .cgi
138 </Directory>
[root@mariadb httpd]# yum install httpd-manual -y
[root@mariadb httpd]# systemctl restart httpd.service
[root@mariadb httpd]# mkdir /var/www/html/cgi
[root@mariadb httpd]# touch /var/www/html/cgi/index.cgi
[root@mariadb httpd]# cd /var/www/html/cgi/
[root@mariadb cgi]# vim index.cgi
[root@mariadb cgi]# chmod +x index.cgi
[root@mariadb cgi]# vim /etc/httpd/conf/httpd.conf
[root@mariadb cgi]# systemctl restart httpd.service
测试:
登入172.25.254.112/cgi
三 虚拟主机
1 ) 定义:
可以让我们的一台aoache服务器在被访问不同域名的时候显示不同的主页,虚拟主机允许您从一个httpd服务器同时为多个网站提供服务
2 )建立测试页:
cd /var/www/
mkdir virtual
mkdir virtual/news.westos.com
mkdir virtual/money.westos.com
mkdir virtual/money.westos.com/html
mkdir virtual/news.westos.com/html
echo "money.westos.com's page" > virtual/money.westos.com/html/index.html
echo "news.westos.com's page" > virtual/news.westos.com/html/index.html
3 )配置
1 cd /etc/httpd/conf.d/ ##在子配置文件里配置
2 vim default.conf ###没有指定域名的访问都访问default
<virtualhost _default_:80> ####虚拟主机开启的端口####
DocumentRoot "/var/www/html" ###虚拟主机的默认发布目录###
CustomLog "logs/default.log" combined ###虚拟主机日志###
</Virtualhost>
3 vim news.conf ###指定域名为news.westos.com的访问###
<Virtualhost *:80>
ServerName "news.westos.com" ###指定服务器名称###
DocumentRoot "/var/www/virtual/news.westos.com/html"
CustomLog "logs/news.log" combined
</Virtualhost>
<Directory "/var/www/virtual/news.westos.com/html"> ###默认发布目录访问授权#
Require all granted
</Directory>
4 vim money.conf ###指定域名为money.westos.com的访问###
<Virtualhost *:80>
ServerName "money.westos.com"
DocumentRoot "/var/www/virtual/money.westos.com/html"
CustomLog "logs/money.log" combined
</Virtualhost>
<Directory "/var/www/virtual/money.westos.com/html">
Require all granted
</Directory>
5 systemctl restart httpd.service ###重启服务###
6 在在浏览器的主机上要进行本地解析:
[root@foundation12 Desktop]# vim /etc/hosts
172.25.254.112 www.westos.com news.westos.com money.westos.com
测试:
分别登入www.westos.com , new.westos.com , money.westos.com
过程如下:
[root@server ~]# cd /var/www/ ###建立测试页###
[root@server www]# mkdir virtual
[root@server www]# ls
cgi-bin html virtual
[root@server www]# mkdir virtual/news.westos.com
[root@server www]# mkdir virtual/money.westos.com
[root@server www]# mkdir virtual/money.westos.com/html
[root@server www]# mkdir virtual/news.westos.com/html
[root@server www]# echo "money.westos.com's page" > virtual/money.westos.com/html/index.html
[root@server www]# echo "news.westos.com's page" > virtual/news.westos.com/html/index.html
[root@server conf]# cd /etc/httpd/conf.d/ ##在子配置文件里配置###
[root@server conf.d]# ls
autoindex.conf PHP.conf userdir.conf
manual.conf README welcome.conf
[root@server conf.d]# vim default.conf
[root@server conf.d]# vim news.conf
[root@server conf.d]# cp news.conf money.conf
[root@server conf.d]# vim money.conf
[root@server conf]# cd /etc/httpd/conf.d
[root@server conf.d]# ls
autoindex.conf manual.conf news.conf README welcome.conf
default.conf money.conf PHP.conf userdir.conf
[root@server conf.d]# systemctl restart httpd.service ###重启服务###
在浏览器的主机上要进行本地解析:
[root@foundation12 Desktop]# vim /etc/hosts
172.25.254.112 www.westos.com news.westos.com money.westos.com
4 )配置https
http的访问是明文的访问,https的访问是加密的访问。
https访问的监听端口是443
1 netstat -antlpe | grep httpd ###查看与httpd有关的端口有哪些##
2 yum install mod_ssl -y ###只有安装了ssl才会有443端口###
3 vim /etc/httpd/conf.d/ssl.conf ###安装号ssl后就会出现ssl.conf文件,文件内容有443端口####
4 yum install crypto-utils.x86_64 -y ###安装生成自签名证书的软件包###
5 genkey www.westos.com ###调用genkey生成证书###
--> 记录生成的证书和关联的私钥的位置
--> 选择合适的密钥大小
--> 拒绝向认证机构(CA)发送证书请求(CSR)
--> 拒绝加密私钥
--> 为服务器提供合适的身份。Common Name必须与服务器的主机全名完全匹配(注意,任何逗号都应使用前导反斜线[\]进行转义)
-->
6 vim ssl.conf
7 vim login.conf
<VirtualHost *:443> ###https的监听端口###
ServerName "login.westos.com"
DocumentRoot "/var/www/virtual/login.westos.com/html"
CustomLog "logs/login.log" combined
SSLEngine on ###开启https的功能###
SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt ###证书###
SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key ##秘钥###
</VirtualHost>
<Directory "/var/www/virtual/login.westos.com/html">
Require all granted
</Directory>
过程如下:
[root@localhost conf.d]# yum install mod_ssl.x86_64 -y
[root@localhost conf.d]# yum install crypto-utils.x86_64 -y
[root@localhost conf.d]# genkey www.westos.com
/usr/bin/keyutil -c makecert -g 512 -s "CN=www.westos.com, OU=linux, O=westos, L=xi'an, ST=Shannxi, C=CN" -v 1 -a -z /etc/pki/tls/.rand.3946 -o /etc/pki/tls/certs/www.westos.com.crt -k /etc/pki/tls/private/www.westos.com.key
cmdstr: makecert
cmd_CreateNewCert
command: makecert
keysize = 512 bits
subject = CN=www.westos.com, OU=linux, O=westos, L=xi'an, ST=Shannxi, C=CN
valid for 1 months
random seed from /etc/pki/tls/.rand.3946
output will be written to /etc/pki/tls/certs/www.westos.com.crt
output key written to /etc/pki/tls/private/www.westos.com.key
Generating key. This may take a few moments...
Made a key
Opened tmprequest for writing
/usr/bin/keyutil copying the cert pointer
Created a certificate
Wrote 486 bytes of encoded data to /etc/pki/tls/private/www.westos.com.key
Wrote the key to:
/etc/pki/tls/private/www.westos.com.key
[root@localhost conf.d]# ls
autoindex.conf money.conf README tmprequest welcome.conf
default.conf news.conf ssl.conf userdir.conf
[root@localhost conf.d]# vim ssl.conf
[1]+ Stopped vim ssl.conf
[root@localhost conf.d]# fg
vim ssl.conf
[1]+ Stopped vim ssl.conf
[root@localhost conf.d]# fg
vim ssl.conf
[root@localhost conf.d]# systemctl restart httpd.service
[root@localhost conf.d]# netstat -antlpe | grep httpd
tcp6 0 0 :::443 :::* LISTEN 0 97088 4088/httpd
tcp6 0 0 :::80 :::* LISTEN 0 97074 4088/httpd
[root@localhost conf.d]# cp -p money.conf login.conf
[root@localhost conf.d]# mkdir /var/www/virtual/login.westos.com/html -p
[root@localhost conf.d]# vim /var/www/virtual/login.westos.com/html/index.html
[root@localhost conf.d]# vim login.conf
<VirtualHost *:443> ###https的监听端口###
ServerName "login.westos.com"
DocumentRoot "/var/www/virtual/login.westos.com/html"
CustomLog "logs/login.log" combined
SSLEngine on ###开启https功能###
SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt##证书##
SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key##密钥##
</VirtualHost>
<Directory "/var/www/virtual/login.westos.com/html">
Require all granted
</Directory>
[root@localhost conf.d]# systemctl restart httpd.service
测试:登入login.westos.com
5)网页重写
1 vim login.conf
<Virtualhost *:443>
ServerName "login.westos.com"
DocumentRoot "/var/www/virtual/login.westos.com/html"
CustomLog "logs/login.log" combined
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key
</Virtualhost>
<Directory "/var/www/virtual/login.westos.com/html">
Require all granted
</Directory>
<Virtualhost *:80> ###网页重写实现自动访问https###
ServerName login.westos.com
RewriteEngine on
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
</Virtualhost>
^(/.*)$ ###客户主机在地址栏中写入的所有字符,除了换行符###
https:// ###定向成为的访问协议###
%{HTTP_HOST} ###客户请求主机###
$1 ###指^(/.*)$的值###
[redirect=301] ###301指临时重定向,302指永久重定向###
2 systemctl restart httpd.service
测试:
在客户主机中添加解析
172.25.254.112 login.westos.com
访问http://login.westos.com 会自动跳转到
https://login.westos.com