linux APACHE

来源：互联网发布：洛天依软件下载编辑：程序博客网时间：2024/06/05 21:01

二、http服务的应用

（一）、http默认发布目录

[root@server39 ~]# yum install httpdhttpd-manual -y

[root@server39 ~]# systemctl start httpd

[root@server39 ~]# systemctl enable httpd

ln -s'/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'

[root@server39 ~]# firewall-cmd --permanent--add-service=https

success

[root@server439 ~]# firewall-cmd --permanent--add-service=http

success

[root@server39 ~]# firewall-cmd --reload

success

[root@server39 ~]# firewall-cmd --list-all

public (default, active)

interfaces: eth0

sources:

services: dhcpv6-client http https ssh

ports:

masquerade: no

forward-ports:

icmp-blocks:

rich rules:

[root@server39 ~]# netstat -antlpe | grephttp

tcp6 0 0 :::80 :::* LISTEN 0 48679 2608/httpd

[root@server439~]# netstat -antlpe | grep:80

tcp6 0 0 :::80 :::* LISTEN 0 48679 2608/httpd

[root@server39 ~]# netstat -antlpe | grep:443

[root@server39 ~]# vim/var/www/html/index.html

@@@@@

1<html>

2<title>tao bao </title>

3<h2> welcome to lvah,there are many monkey!</h2>

4</html>

@@@@@

##Servername 监听

（二）基于域名的虚拟主机==>不同的域名访问同一IP

一旦启用虚拟主机，第一个虚拟主机就是主server,因此想默认发布目录生效，将默认发布目录作为第一个虚拟主机

tcp -> http

#######server端###############

[root@server39 ~]# mkdir /var/www/westos

[root@server39 ~]# vim/etc/httpd/conf.d/www39.conf

@@@@@@

1<VirtualHost *:80>

2 ServerName server.example.com

3 DocumentRoot /var/www/html

4</VirtualHost>

6<VirtualHost *:80>

7 ServerName www.example.com

8 ServerAlias www

9 DocumentRoot /var/www/westos

10</VirtualHost>

@@@@@@

[root@server39 ~]# vim/var/www/html/index.html

@@@@@@

1<html>

2<h1>www.example.com</h1>

3</html>

@@@@@@

[root@server439 ~]# systemctl restart httpd

#######client端

[root@desktop39 ~]# vim /etc/hosts

@@@@@@

172.25.45.39 server39.example.com www.example.com wwwserver

@@@@@@

######server端

[root@server39 ~]# mkdir /www

[root@server39 ~]# vim /www/index.html

@@@@@@

<h1> /www www.example.com</h1>

@@@@@@

[root@server39 ~]# chcon -R--reference=/var/www/html /westos

[root@server39 ~]# ll -dZ /www

drwxr-xr-x. root rootsystem_u:object_r:httpd_sys_content_t:s0 /westos

[root@server45 ~]# ll -dZ /var/www/html/

drwxr-xr-x. root rootsystem_u:object_r:httpd_sys_content_t:s0 /var/www/html/

[root@server45 ~]# vim/etc/httpd/conf/httpd.conf

101 #

102 <Directory />

103 AllowOverride none

104 Require all denied

105 </Directory>

106

[root@server45 ~]# vim/etc/httpd/conf.d/www39.conf

@@@@@@

1<VirtualHost *:80>

2 ServerNameserver.example.com

3 DocumentRoot /var/www/html

4</VirtualHost>

6<VirtualHost *:80>

7 ServerName www45.example.com

8 ServerAlias www

9 DocumentRoot /westos

10</VirtualHost>

12<Directory /www>

13# options indexes

14 Require all granted

15</Directory>

@@@@@@

[root@server39 ~]# systemctl restart httpd

（四）http身份认证

######server端

[root@server45 ~]# vim/etc/httpd/conf.d/default.conf

@@@@@@

1<VirtualHost *:80>

2 ServerNameserver.example.com

3 DocumentRoot /var/www/html

4</VirtualHost>

7<Directory "/var/www/html/admin">

8 authname "adminauth"

9 authtype basic

10 authuserfile /etc/httpd/.htpasswd

11 require valid-user

12</Directory>

@@@@@@

[root@server39 ~]# mkdir/var/www/html/admin

[root@server39 ~]# vim/var/www/html/admin/index.html

@@@@@@

<html>

<h4>admin auth.example.com</h4>

</html>

@@@@@@

[root@server39 ~]# htpasswd -c/etc/httpd/.htpasswd user1 ##建立第一个user时需要加参数-c

New password:

Re-type new password:

Adding password for user user1

[root@server39 ~]# htpasswd /etc/httpd/.htpasswd user2

New password:

Re-type new password:

Adding password for user user2

[root@server39 ~]# cat /etc/httpd/.htpasswd

user1:$apr1$BVJ2Jy/J$l5HLhrYjDMkqs3wOROjU51

user2:$apr1$dUWCftaN$HFY74v8pVi2hjZlDXPS.t0

[root@server45 ~]# systemctl restart httpd

（三）基于IP的虚拟主机

三 https的应用

（一）https加密

######server端

[root@server39 ~]# yum install mod_sslcrypto-utils -y

[root@server39 ~]# systemctl restarthttpd.service

[root@server39 ~]# netstat -antlpe | grep443

tcp6 0 0 :::443 :::* LISTEN 0 107678 7630/httpd

[root@server39 ~]# /etc/pki/tls/private

[root@server39 private]# rm -frlocalhost.key

[root@server39 private]# openssl genrsa1024 >localhost.key

Generating RSA private key, 1024 bit longmodulus

...............................++++++

.............++++++

e is 65537 (0x10001)

[root@server private]# pwd

/etc/pki/tls/private

[root@server39 private]# cd/etc/pki/tls/certs/

[root@server39 certs]# make testcert

umask 77 ;

/usr/bin/openssl req -utf8 -new -key/etc/pki/tls/private/localhost.key -x509 -days 365 -out/etc/pki/tls/certs/localhost.crt -set_serial 0

You are about to be asked to enterinformation that will be incorporated

into your certificate request.

What you are about to enter is what iscalled a Distinguished Name or a DN.

There are quite a few fields but you canleave some blank

For some fields there will be a defaultvalue,

If you enter '.', the field will be leftblank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name)[]:shaanxi

Locality Name (eg, city) [DefaultCity]:xi'an

Organization Name (eg, company) [DefaultCompany Ltd]:lvah

Organizational Unit Name (eg, section)[]:gf

Common Name (eg, your name or your server'shostname) []:server39.example.com

Email Address []:root@server39.example.com

[root@server39 certs]# systemctl restarthttpd

######client端######

（二）http时重定向到https

######server端

[root@server39 ~]# vim/etc/httpd/conf.d/www39.conf

@@@@@@

1<VirtualHost *:80>

2 ServerNameserver39.example.com

3 DocumentRoot /var/www/html

4</VirtualHost>

6<VirtualHost *:80>

7 ServerName www39.example.com

8 ServerAlias www

9 DocumentRoot /www

10 rewriteengine on

11 rewriterule ^(/.*)$ https://%{HTTP_HOST}$1[redirec t=301]

12</VirtualHost>

14<Directory /www39>

15# options indexes

16 Require all granted

17</Directory>

19<VirtualHost *:443>

20 ServerName www45.example.com

21 documentroot/www45

22 SSLEngine on

23 SSLCertificateChainFile /etc/pki/tls/certs/example- ca.crt

24 SSLCertificateFile /etc/pki/tls/certs/www45.crt

25 SSLCertificateKeyFile /etc/pki/tls/private/www45.ke y

26</VirtualHost>

@@@@@@

[root@server39 ~]# cd /etc/pki/tls/certs/

[root@server39 certs]# wgethttp://172.25.254.254/pub/example-ca.crt

Saving to: ‘example-ca.crt’

100%[===============>] 1,220 --.-K/s in 0s

[root@server39 certs]# wgethttp://172.25.254.254/pub/tls/certs/www45.crt

Saving to: ‘www45.crt’

100%[===============>] 3,501 --.-K/s in 0s

[root@server39 certs]# ls

ca-bundle.crt localhost.crt renew-dummy-cert

ca-bundle.trust.crt make-dummy-cert www39.crt

[root@server39 certs]# cd /etc/pki/tls/private/

[root@server39 private]# wgethttp://172.25.254.254/pub/tls/private/www39.key

Saving to: ‘www39.key’

100%[===============>] 916 --.-K/s in 0s

[root@server39 private]# ll

total 8

-rw-r--r--. 1 root root 887 Jan 2 16:52 localhost.key

-rw-r--r--. 1 root root 916 Jan 2 22:53 www439.key

[root@server39 private]# chmod 600www39.key

[root@server39 private]# ll

total 8

-rw-r--r--. 1 root root 887 Jan 2 16:52 localhost.key

-rw-------. 1 root root 916 Jan 2 22:53 www39.key

[root@server39 private]# systemctl restarthttpd

######client端#####

[root@desktop39 ~]# wgethttp://172.25.254.254/pub/example-ca.crt

Saving to: ‘example-ca.crt’

100%[===============>] 1,220 --.-K/s in 0s

[root@desktop39 ~]# ll

total 16

-rw-------. 1 root root 8619 May 7 2014anaconda-ks.cfg

-rw-r--r--. 1 root root 1220 Jul 11 2014 example-ca.crt

[root@desktop39 ~]# curl -Iwww39.example.com

HTTP/1.1 301 Moved Permanently

Date: Sun, 03 Jan 2016 02:35:30 GMT

Server: Apache/2.4.6 (Red Hat) OpenSSL/1.0.1e-fips

Location: https://www39.example.com/

Content-Type: text/html; charset=iso-8859-1

0 0