apache服务

##########

##apache##

##########

 

#1.apache

企业中常用的web服务，用来提供http：//超文本传输协议

#2.apache的安装部署

yum intall httpd -y

yum install httpd-manual -y  安装使用手册

systemctl start httpd

systemctl enable httpd       开机自启动

systemctl stop firewalld

systemctl disable firewalld  开机不启动

 

测试 http：//172.25.254.244

     http：//172.25.254.244/manual

ctrl+shift+delete  清空浏览器缓存

 

 

#3.apache的基础信息

主配置目录：/etc/httpd/conf

主配置文件：/etc/httpd/conf/http.conf

子配置目录：/etc/httpd/conf.d/

子配置文件：/etc/httpd/conf.d/*.conf

默认发布目录：/var/www/html

默认发布文件：/var/www/html/index.html

默认安全上下文：httpd_sys_content_t

程序开启默认用户：apache

apache日志：/etc/httpd/logs/*

 

修改默认端口：

vim /etc/httpd/conf/httpd.conf

43 listen 8080  修改默认端口为8080

修改默认发布文件：

默认发布文件就是访问apache时没有指定文件名称时默认访问的文件

这个文件可以指定多个，顺序访问

 

vim /etc/httpd/conf/httpd.conf

164 DirectoryIndex index.html test.html

 

修改默认发布目录

120 DocumentRoot “/www/html”

121 <Directory "/www">

122         Require all granted

123</Directory>

 

semanage fcontext -a -t httpd_sys_content_t'/www(/.*)?'

storecon -RvvF /www/

 

#apache的虚拟主机

# vim /var/www/html/index.html     查看到的默认站点内容

<h1>默认发布目录</h1>

 

 mkdir /var/www/virtual/linux.westos.com/html -p 创建每个站点能分别看到目录

 mkdir /var/www/virtual/c.westos.com/html -p

 

# vim /var/www/virtual/linux.westos.com/html/index.html 查看到的各自站点的各自内容

 <h1>linux.westos.com</h1>

 

# vim /var/www/virtual/c.westos.com/html/index.html  查看到的各自站点的各自内容

 <h1>c.westos.com</h1>

 

cd /etc/httpd/conf.d  切换到子配置目录

vim /etc/httpd/conf.d/default.conf

<VirtualHost _default_:80>

     DocumentRoot "/var/www/html"

     CustomLog "logs/www.westos.com.log" combined

</VirtualHost>

vim /etc/httpd/conf.d/linux.conf

<VirtualHost *:80>

     ServerName linux.westos.com

     DocumentRoot "/var/www/virtual/linux.westos.com/html/"

     CustomLog "logs/linux.westos.com.logs" combined

</VirtualHost>

<Directory "/var/www/virtual/linux.westos.com/html/">

     Require all granted

</Directory>

vim /etc/httpd/conf.d/c.conf

<VirtualHost *:80>

     ServerName c.westos.com

     DocumentRoot "/var/www/virtual/c.westos.com/html/"

     CustomLog "logs/c.westos.com.logs" combined

</VirtualHost>

<Directory "/var/www/virtual/c.westos.com/html/">

     Require all granted

</Directory>

 

测试：

在测试主机中做好本地解析

vim /etc/hosts

172.25.254.244 zzf.westos.com linux.westos.com www.westos.com

 

#内部的访问控制

1.针对于主机的访问控制

vim /etc/httpd/conf.d/default

添加内容到配置文件

<Directory "/var/www/html/test">

        Order deny,allow   顺序读取，后读取的内容覆盖前读取的内容

        Allow from all

        Deny from 172.25.254.136

</Directory>

如果拒绝网段Deny from 172.25.254.0/24

 

[root@localhost conf.d]# mkdir /var/www/html/test

[root@localhost conf.d]# cd /var/www/html/

[root@localhost html]# ls

index.html  test

[root@localhost html]# cd test/

[root@localhost test]# vim index.html

/var/www/html/test/

[root@localhost test]# systemctl restart httpd.service

在浏览器中访问可以看到

列表读取过程中后读取的东西要覆盖先读取的重复部分

 

 

2.用户的方式访问控制

vim /etc/httpd/conf.d/default

添加内容到配置文件

<Directory "/var/www/html/admin">

        AuthUserFile /etc/httpd/userpass              用户文件

        AuthName "Please input your name and passwd"  你在输入密码前能看到的内容

        AuthType basic                                一般类型

        Require user admin                           允许admin这一个用户

</Directory>

 

所有有效用户 Require valid-user

[root@localhost test]# htpasswd -cm /etc/httpd/userpass admin

New password:

Re-type new password:

Adding password for user admin

[root@localhost test]# htpasswd -m /etc/httpd/userpass admin1 第二次创建用户不能加c否则将覆盖前一个用户

New password:

Re-type new password:

Adding password for user admin1

[root@localhost test]# mkdir /var/www/html/admin

[root@localhost test]# vim /var/www/html/admin/index.html

默认发布目录

[root@localhost test]# systemctl restart httpd.service

在浏览器中访问要求输入密码才能看到

 

 

##apache支持的语言

1.html

2.php

 

vim /var/www/html/index.php

<?php

    phpinfo();

?>

 

yum install php -y

systemctl restart httpd

测试

172.25.254.244/index.php

如果想要默认访问此目录修改配置文件顺序

 

3.cgi

mkdir -p /var/www/html/cgi  建立目录

 

semanage fcontext -a -t httpd_sys_script_exec_t '/var/www/html/cgi(/.*)?'

restorecon -RvvF /var/www/html/cgi/

vim /var/www/html/cgi/index.cgi  cgi脚本

#!/usr/bin/perl

print "Content-type: text/html\n\n";

print `date`;

 

 chmod +x /var/www/html/cgi/index.cgi

/var/www/html/cgi/index.cgi  执行脚本看是否正确

 

vim /etc/httpd/conf.d/defatul.conf   修改配置文件                                                

 <Directory "/var/www/html/cgi">

        Options +ExecCGI            

        AddHandler cgi-script .cgi

</Directory>

 

##7.https

#为了保护客户在使用网站时信息不被破解

ss -antlupe | grep 443

yum install mod_ssl -y

yum install crypto-utils -y

genkey www.westos.com

next

选1024

next

 

no

next

修改信息

next

 

 

vim ssl.conf

 

101 SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt

109 SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key

systemctl restart httpd

 

在浏览器中访问https：//172.25.254.244

继续

接受

查看

 

 

##8设定https网页的跳转

vim /var/www/virtual/login.westos.com/html/index.html

<h1>login.westos.com</h1>

登陆浏览器可以看到的内容

 

vim /etc/httpd/conf.d/login.conf

写入脚本

<VirtualHost *:443>

      ServerName login.westos.com                         在地址栏输入的内容

      DocumentRoot /var/www/virtual/login.westos.com/html 可以看到的默认路径

      Customlog "logs/login.logs" combined                日志产生的位置

      SSLEngine on

      SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key

      SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt

</VirtualHost>

#只写前部分脚本在浏览器地址栏只能输入https：//`````才能看到内容

<VirtualHost *:80>

      ServerName login.westos.com  

      RewriteEngine on

      RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]

</VirtualHost>

#写上后半部分可以自动跳转到https

重启服务

^(/.*)$           浏览器地址栏输入的所有内容

%{HTTP_HOST}$1    http：//后面跟的东西

[redirect=301]    暂时生效 302永久生效