RH254-第二十四节-Apache服务的配置

Apache基本配置

服务的基本的介绍

安装apache软件包:
yum install -y httpd httpd-manual
启动apache服务:
systemctl start httpd ; systemctl enable httpd
查看监听端口:80端口
ss -antlp |grep httpd
LISTEN 0 128 :::80 :::* users:((“httpd”,4039,4),(“httpd”,4027,4),(“httpd”,4026,4),(“httpd”,4025,4),(“httpd”,4024,4),(“httpd”,4023,4),(“httpd”,4022,4))

服务的基本配置

Apache主配置文件: /etc/httpd/conf/httpd.conf
ServerRoot “/etc/httpd” 用于指定Apache的运行目录
Listen 80 监听端口
User apache 运行apache程序的用户和组
Group apache
ServerAdmin root@localhost 管理员邮箱
DocumentRoot “/var/www/html” 网页文件的存放目录

发布目录的和主页的配置

[root@server23 ~]# mkdir /apache/html -p
[root@server23 ~]# cat >/apache/html/apache.thml<

ip访问限制

[root@server23 ~]# vim /etc/httpd/conf/httpd.conf
[root@server23 html]# systemctl restart httpd

只允许23主机访问，其他主机不可以访问
测试：在23主机和223主机分别打开浏览器访问172.25.254.223

事实验证了我们的设定，下面的为23主机，上面的223主机不可以访问。
[root@server23 html]# vim /etc/httpd/conf/httpd.conf
[root@server23 html]# systemctl restart httpd

23主机不可以访问，其他的主机可以
测试：

23主机不可以访问到设定的主页，223可以访问

用户访问的配置

[root@server23 httpd]# htpasswd -cm auth peter
New password:
Re-type new password:
Adding password for user peter
[root@server23 httpd]# htpasswd -m auth leo
New password:
Re-type new password:
Adding password for user leo
[root@server23 httpd]# cat auth
peter:apr1EBV7K7nK1q.zxfATD0jItpkzTvLaQ.leo:apr17vOu7//HNeDPaxsxRlPCZsAIugntM/
[root@server23 httpd]# vim conf/httpd.conf

[root@server23 httpd]# systemctl restart httpd
测试：

只有leo可以看到welcome。。。字样，peter进步去也看不到。

虚拟主机配置

[root@foundation23 www]# mkdir -p /apache/html
[root@foundation23 www]# cp /var/www/html/index.html html/
[root@foundation23 www]# cat html/index.html

welcomt to apache web server !

[root@foundation23 www]# ls -lZd /var/www/html/
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html/
[root@foundation23 www]# semanage fcontext -a -t httpd_sys_content_t ‘/apache/html(/.*)?’
[root@foundation23 www]# restorecon -RvvF /apache/html/
restorecon reset /apache/html context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0
[root@foundation23 www]# vim /etc/httpd/conf/httpd.conf

[root@foundation23 apache]# mkdir peter/news.peter.com -p
[root@foundation23 apache]# mkdir peter/music.peter.com
[root@foundation23 apache]# cat /back/peter/news.peter.com/index.html

welcomt to news.peter.com home page !

[root@foundation23 apache]# cat /back/peter/news.peter.com/index.html > /apache/peter/news.peter.com/index.html
[root@foundation23 apache]# cat /back/peter/music.peter.com/index.html > /apache/peter/music.peter.com/index.html[root@foundation23 apache]# cd /etc/httpd/conf.d
[root@foundation23 conf.d]# cat /back/news.conf

Apache语言支持

默认支持php语言，html文本语言和cgi脚本语言
Php语言：
[root@server23 ~]# yum install php
Loaded plugins: langpacks
Resolving Dependencies
–> Running transaction check
—> Package php.x86_64 0:5.4.16-21.el7 will be installed
…….
[root@server23 ~]# vim /apache/html/apache.php

[root@server23 ~]# vim /etc/httpd/conf/httpd.conf

[root@server23 ~]# systemctl restart httpd
[root@server23 ~]# firefox

Cgi脚本语言：
[root@server23 html]# vim /etc/httpd/conf/httpd.conf

[root@server23 ~]mkdir /apache/html/cgi
[root@server23 ~]cat > apache/html/cgi/apache.cgi<

https 加密

1.https定义
Hyper text transfer protocol over Secure socker layer
通过ssl

2.配置
yum install mod_ssl -y
yum install crypto-utils -y
genkey www.westos.com
/etc/pki/tls/private/www.westos.com.key
/etc/pki/tls/certs/www.westos.com.crt
vim /etc/httpd/conf.d/login.conf

<Virtualhost *:443>        ServerName "login.westos.com"        DocumentRoot "/var/www/virtual/login.westos.com/html"        CustomLog "logs/login.log" combined        SSLEngine on    ##开始https功能        SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt    #证书        SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key ##密钥</Virtualhost><Directory "/var/www/virtual/login.westos.com/html">        Require all granted</Directory><Virtualhost *:80>  ##网页重写实现自动访问https        ServerName login.westos.com        RewriteEngine on        RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]</Virtualhost>

^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]                                                                                         ^(/.*)$        客户主机在地址栏中写入的所有字符，不包含换行符         https://    定向成为的访问协议                                       %{HTTP_HOST}    客户请求主机                                      $1$1的值就表示^(/.*)$的值                                       [redirect=301]  临时重定向 302永久重定向                          

#

mkdir /var/www/virtual/login.westos.com/html -p
vim /var/www/virtual/login.westos.com/html/index.html
systemctl restart httpd

测试：
在客户主机中添加解析
vim /etc/hosts
172.25.254.100 login.westos.com

访问http://login.westos.com 会自动跳转到
https://login.westos.com 实现网页数据加密传输