介绍Apache
1.apache
企业中常用的web服务,用来提供http://(超文本传输协议)2. apache的安装部署
yum install httpd -yyum install httpd-manual
systemctl start httpd
systemctl enable httpd
systemctl stop firewalld
systemctl disable firewalld
测试 :
http://172.25.254.100
http://172.25.254.100/manual3.apache的基础信息
主配置目录: /etc/httpd/conf主配置文件: /etc/httpd/conf/http.conf
子配置目录: /etc/httpd/conf.d/
子配置文件: /etc/httpd/conf.d/*.conf
默认发布目录: /var/www/html
默认发布文件: index.html
默认端口: 80
默认安全上下文: httpd_sys_content_t
注:晴空浏览器缓存
Ctrl+Shift+Delete
1)修改默认端口:
>>vim /etc/http/conf/httpd.conf43 Listen 8080 ##修改默认端口为8080
>>systemctl restart httpd.service
>>ss -anutple | grep httpd
修改后网址访问为
http://172.25.254.218:8080
2)修改默认发布文件:
默认发布文件就是访问apache时没有指定文件名称时默认访问的文件
这个文件可以指定多个,有先后顺序
>>vim /etc/httpd/conf/httpd.conf
164 DirectoryIndex index.html test.html
3)修改默认发布目录:
>>vim /etc/httpd/conf/httpd.conf
120 DocumentRoot "/www/html"
121 <Directory "/www/html">
122 Require all granted
123 </Directory>
>>semanage fcontext -a -t httpd_sys_content_t '/www(/.*)?'
>>restorecon -RvvF /www/
注:其目录 /www/html 及其中的发布文件需要自己动手建立
命令如下:>mkdir /www/html -p
>vim /www/html/index.html
<h1> index.html FROM /www/html </h1>
其内容可自定义,基本要求符合html语言语法
下面操作实验中,其出现的未知目录都要自己一一建立,即不再说明
4. Apache的虚拟主机
>>vim /etc/httpd/conf.d/adefault.conf
<VirtualHost _default_:80>DocumentRoot "/var/www/html"
CustomLog "logs/www.westos.com.logs" combined
</VirtualHost>
注:logs默认在/etc/httpd
>>vim /etc/httpd/conf.d/linux.conf
<VirtualHost *:80>
ServerName linux.westos.com ##指定站点名称
DocumentRoot "/var/www/virtual/linux.westos.com/html/" ##站点默认发布目录
CustomLog "logs/linux.westos.com.logs" combined ##站点日志, combined表示四种日志的集合
</VirtualHost>
<Directory "/var/www/virtual/linux.westos.com/html/">
Require all granted
</Directory>
>>vim /etc/httpd/conf.d/c.conf
<VirtualHost *:80>
ServerName c.westos.com
DocumentRoot "/var/www/virtual/c.westos.com/html/"
CustomLog "logs/c.westos.com.logs" combined
</VirtualHost>
<Directory "/var/www/virtual/c.westos.com/html/">
Require all granted
</Directory>
测试:
在测试主机中做好本地解析
vim /etc/hosts
172.25.254.218 c.westos.com www.westos.com linux.westos.com westos.com
5. Apache内部的访问控制
1)针对主机的访问控制>>vim /etc/httpd/conf.d/adefault.conf
在之前内容的基础后加上以下内容即可,互不影响
<Directory "/var/www/html/test">
Order deny,allow ##列表读取顺序,后读取的列表会覆盖先读取内容重复的部分
Allow from 172.25.254.18
Deny from all
</Directory>
2)用户方式的访问
htpasswd -cm /etc/httpd/userpass admin
htpasswd -cm /etc/httpd/userpass admin1
注:
-cm 表示新建用户覆盖当前用户-m 表示在当前用基础上新加用户
>>vim /etc/httpd/conf.d/adfault.conf
<Directory "/var/www/html/admin">
AuthUserFile /etc/httpd/userpass
AuthName "please input your name and passwd"
AuthType basic
#Require user admin ##表示仅admin用户有效
Require valid-user ##表示其userpass中的所有用户均有效
</Directory>
>>mkdir /var/www/html/admin
>>vim /var/www/html/admin/index.html
<h1> 看见你很开心,嘻嘻嘻 ... </h1>
注:其index.html内容可自定义
6. Apache支持的语言
1)html 默认支持2)php 默认不支持
>>vim /var/www/html/index.php
<?php
phpinfo();
?>
>>yum install php -y
>>systemctl restart httpd
测试:
http://172.25.254.218/index.php
3)cgi 默认支持
>>mkdir /var/www/html/cgi
>>semanage fcontext -a -t httpd_sys_script_exec_t '/var/www/html/cgi(/.*)?'
>>restorecon -RvvF /var/www/html/cgi/
>>vim /var/www/html/cgi/index.cgi
#!/usr/bin/perl
print "content-type: text/html\n\n";
print `date`; #注`date` 其符号为两个反引号
>>chmod +x /var/www/htm l/cgi/index.cgi
>>/var/www/html/cgi/index.cgi #执行下脚本确保脚本运行正常
>>vim /etc/httpd/conf.d/adefault.conf
20 <Directory "/var/www/html/cgi">
21 Options +ExecCGI
22 AddHandler cgi-script .cgi
23 </Directory>
测试:
http://172.25.254.118/cgi/index.cgi
7.https
http为超文本传输协议,其协议以明文方式发送,信息易泄露。故不适合传输信用卡号,密码支付等信息。为解决此缺陷有了https协议https为安全套接字层超文本传输协议。在http基础上加入了SSL协议,SSL依靠证书来验证服务器的身份,并为浏览器和服务器之间的通信加密
>>yum install mod_ssl -y
>>ss -anutple | grep 443
>>yum install crypto-utils -y
>>genkey www.Sunshine.com
- ..
- output will be written to /etc/pki/tls/certs/www.Sunshine.com.crt
- output key written to /etc/pki/tls/private/www.Sunshine.com.key
- ...
>>vim /etc/httpd/conf.d/ssl.conf
101 SSLCertificateFile /etc/pki/tls/certs/www.Sunshine.com.crt
108 SSLCertificateKeyFile /etc/pki/tls/private/www.Sunshine.com.key
>>systemctl restart httpd
测试:
*获取证书*
点击Add Exception...后如下显示
点击view,查看网址认证信息
点击close,返回上一页
点击左下角 Confirm Security Exeception,成功获取证书后如下显示
8.设定https虚拟主机并设定网页重写
>>ss -anutple | grep 443tcp LISTEN 0 128 :::443 :::* users:(("httpd",4517,6),("httpd",4500,6),("httpd",4499,6),("httpd",4498,6),("httpd",4497,6),("httpd",4496,6),("httpd",4495,6)) ino:108443 sk:ffff88003bf81800 <->
>>mkdir /var/www/virtual/login.westos.com/html/
>>vim mkdir /var/www/virtual/login.westos.com/html/index.html
<h1> login.westos.com's Page </h1>
>>vim /etc/httpd/conf.d/login.conf
<VirtualHost *:443>
ServerName login.westos.com
DocumentRoot /var/www/virtual/login.westos.com/html/
CustomLog "logs/login.logs" combined
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/www.Sunshine.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.Sunshine.com.key
</VirtualHost>
<Directory "/var/www/virtual/login.westos.com/html/">
Require all granted
</Directory>
<VirtualHost *:80>
ServerName login.westos.com
RewriteEngine On
RewriteRule ^(/.*)$ https://${HTTP_HOST}$1 [redirect=301]
<VirtualHost>
注:
^(/.*)$ ##客户在浏览器地址栏中输入的所有内容
https:// ##强制客户加密访问
%{HTTP_HOST} ##客户请求主机
$1 ##$1表示^(/.*)$的值
[redirect=301] ##临时重写 302永久转换