Linux apache

1.apache

创建实验环境：
    yum install httpd -y
    systemctl start httpd
    systemctl enable httpd
    systemctl stop firewalld
    systemctl disable firewalld

apache的主配置文件：/etc/httpd/conf/httpd.conf
ServerRoot "/etc/httpd"                 ##服务器设置的最顶层目录，包括 logs、modules等的数据都要放置在该目录下（若未声明为绝对路径时）
Listen 80                               ##服务器默认的监听接口
Include conf.d/*.conf               ##读入放置到/etc/httpd/conf.d/*.conf
User apache
Group apache                                   ##与prework、worker等模块所启动的process的属主与属组设置。（此身份关乎之后提供的网络文件是否能被浏览）
ServerAdmin root@localhost          ##可将root@localhost改为自己的email，当网站出现问题时错误信息会显示在联系邮箱之中
<Directory />
    AllowOverride none   ##不允许覆盖参数功能
    Require all denied  
< /Directory>

1.apache基本配置：
    1）修改默认发布文件
    vim /etc/httpd/conf/httpd.conf
        164 DirectoryIndexwestos.html                  ##修改默认发布文件为westos.html
    vim /var/www/html/westos.html
    systemctl restart httpd

2）修改默认发布目录
        当selinxu为disable状态
     mkdir /westos/www/test/ -p                          ##新建/westos/www/test目录
     mv /var/www/html/westos.html  /westos/www/test/         ##将原来默认发布目录里的默认发布文件移动到新建的目录中来
     vim httpd.conf
        <Directory"/westos/www/test">
        120    DocumentRoot "/westos/www/test"       ##修改默认发布目录为/westos/www/test
               Require all granted                    ##给文件进行授权
        </Directory>
     systemctl restart httpd

当selinux为enforcing状态
    semanage fcontext -a -thttpd_sys_content_t '/westos(/.*)?'
    restorecon -RvvF /westos

2.apache的访问控制
    cd /var/www/html
    mkdir admin
    ##设定ip的访问    
    vim /etc/httpd/conf/httpd.conf
     DocumentRoot "/var/www/html"
    #DocumentRoot"/westos/www/test"
        DocumentRoot"/var/www/html/admin"
        <Directory"/var/www/html/admin">       ##允许所有人访问admin目录，拒绝61主机
            Order Allow,Deny
            Allow from all
            Deny from 172.25.254.61
        </Directory>

     <Directory"/var/www/html/admin">       ##只允许61主机访问admin目录
            Order Deny,Allow
            Allow from 172.25.254.61
            Deny from all
        </Directory>
        systemctl restart httpd

    ##设定用户的访问
    htpasswd -cm /etc/httpd/accessuseradmin                        ##给admin新增密码
    vim /etc/httpd/conf/httpd.conf
        <Directory"/var/www/html/admin">
            AuthUserFile/etc/httpd/accessuser      ##用户认证文件
            AuthName "Please inputyour named and passwd"   ##用户认证提示信息
            AuthType basic                  ##认证类型
            Require valid-user              ##认证用户，认证文件中的所有用户都可以访问
            [Require user admin]                ##只有admin用户可以访问
        </Directory>
    systemctl restart httpd

输入用户及密码正确

4.apache的虚拟主机
    1）建立测试页
    cd /var/www
    mkdir -p virtual/news.westos.com/html                                          ##虚拟主机默认发布目录
    mkdir -pvirtual/money.westos.com/html
    echo"<h1>money.westos.com's page</h1>" >virtual/money.westos.com/html/index.html
    echo"<h1>news.westos.com's page</h1>" >virtual/news.westos.com/html/index.html

    2）配置
    vim /etc/httpd/conf.d/default.conf                          ##未指定域名的访问都访问default
        <Virtualhost  _default_:80>                         ##虚拟主机开启的端口
            DocumentRoot"/var/www/html"                        ##虚拟主机的默认发布目录
            CustomLog"logs/default.log" combined                   ##虚拟主机日志
        </Virtualhost>

vim /etc/httpd/conf.d/news.conf                             ##指定域名news.westos.com的访问到指定默认发布目录
        <Virtualhost *:80>
            ServerName"news.westos.com"                        ##指定域名
            DocumentRoot"/var/www/virtual/news.westos.com/html"            ##默认发布目录
            CustomLog"logs/news.log" combined                  ##日志
        </Virtualhost>
        <Directory"/var/www/virtual/news.westos.com/html">             ##默认发布目录的访问授权
            Require all granted
        </Directory>

  vim /etc/httpd/conf.d/moeny.conf                            ##指定域名money.westos.com的访问到指定默认发布目录
        <Virtualhost *:80>
            ServerName"money.westos.com"                       ##指定域名
            DocumentRoot"/var/www/virtual/money.westos.com/html"           ##默认发布目录
            CustomLog"logs/money.log" combined                 ##日志
        </Virtualhost>
        <Directory"/var/www/virtual/money.westos.com/html">                ##默认发布目录的访问授权
            Require all granted
        </Directory>

   3）测试
    在浏览器所在主机中做域名解析
    vim /etc/hosts                                      ##域名解析
    172.25.254.123 www.westos.comnews.westos.com money.westos.com

4.https加密
    1）配置
    yum install mod_ssl crypto-utils-y
          
    genkey www.westos.com
    生成的证书：/etc/pki/tls/certs/www.westos.com.crt
    生成的密钥：/etc/pki/tls/private/www.westos.com.key

Virtualhost *:443>
            ServerName"login.westos.com"
            DocumentRoot"/var/www/virtual/login.westos.com/html"
            CustomLog"logs/login.log" combined
            SSLEngine on
            SSLCertificateFile/etc/pki/tls/certs/www.westos.com.crt
            SSLCertificateKeyFile/etc/pki/tls/private/www.westos.com.key
        </Virtualhost>
        <Directory"/var/www/virtual/login.westos.com/html">
            Require all granted
        </Directory>
        <Virtualhost *:80>
            ServerNamelogin.westos.com
            RewriteEngine on
            RewriteRule ^(/.*)$https://%{HTTP_HOST}$1 [redirect=301]
        </Virtualhost>

mkdir/var/www/virtual/login.westos.com/html -p
    vim/var/www/virtual/login.westos.com/html/index.html
        <h1>login.westos.com</h1>

2）测试
    在客户主机中添加解析
    vim /etc/hosts
        172.25.254.122login.westos.com
    访问http：//login.westos.com会自动调转到https：//login.westos.com实现网页数据加密传输