apache超文本传输协议
############################
####apache超文本传输协议####
############################
一.Apache的安装
yum install httpd -y
systemctl start httpd
systemctl stop firewalld
systemctl enable httpd
systemctl disable firewalld
二.Apache基本配置
1.apache的默认发布文件
Index.html
2.apache的配置文件
/etc/httpd/conf/httpd.conf
/etc/httpd/conf.d/*.conf
3.apache的默认发布目录
/var/www/html
4.apache的默认端口
80
三.Apache的基本配置
1.修改默认发布文件
mkdir /westos/www/test -p
vim /westos/www/test/westos.html
<h1>westos’s page</h1>
Vim /etc/httpd/conf/httpd.conf
164 DirectoryIndex westos.html
systemctl restart httpd
2.修改默认发布目录
##当selinux是disable状态
vim /etc/httpd/conf/httpd.conf
120 DocumentRoot “/westos/www/test”
<Directory> "/westos/www/test">
Require all granted
</Directory>
systemctl restart httpd
##当selinux是enforcing状态
Vim /etc/httpd/conf/httpd.conf
120 DocumentRoot “/westos/www/test”
<Directory> "/westos/www/test">
Require all granted
</Directory>
systemctl restart httpd
semanage fcontext -a -t httpa_sys_content_t ‘/westos(/.*)?’ ##修改安全上下文
restorecon -RvvF /westos
3.apache的访问控制
cd /var/www/html
mkdir admin
cd admin
vim index.html
cat index.html
<h1>admin’s page </h1>
vim /etc/httpd/conf/httpd.conf
<Directory> "/var/www/html/admin"> ##只拒绝200主机访问admin目录
Order Allow,Deny
Alloe from All
Deny from 172.25.254.200
</Directory>
<Directory> "/var/www/html/admin"> ##只允许200主机访问
Order Deny,Allow ##谁在前先读谁,一般allow在前
Alloe from 172.25.254.200
Deny from All
</Directory>
##设定用户的访问
[[email protected] ~]# cd /etc/httpd
[[email protected] httpd]# htpasswd -cm /etc/httpd/accessuer admin ##建立用户
New password:
Re-type new password:
Adding password for user admin
[[email protected] httpd]# cat /etc/httpd/accessuer
admin:$apr1$q0dFzYxd$CzGP2oOjCFYivTCoOoXat.
[[email protected] httpd]# htpasswd -m /etc/httpd/accessuer tom ##二次建立用-m,否则会覆盖第一次用户信息
New password:
Re-type new password:
Adding password for user tom
[[email protected] httpd]# cat /etc/httpd/accessuer ##用户及密码
admin:$apr1$q0dFzYxd$CzGP2oOjCFYivTCoOoXat.
tom:$apr1$A9Bp2KxM$xijFhQUQPFXWZOGZPAUUe.
vim /etc/httpd/conf/httpd.conf
<Directory> "/var/www/html/admin">
AuthUserFile /etc/httpd/accessuser ##用户认证文件
AuthName "Please input yourname and passwd!!" ##用户认证提示信息
AuthType basic ##认证类型
Require valid-user ##认证用户,认证文件中所有用户都可以访问
[Require user admin] ##只允许认证文件中的admin用户访问
</Directory>
systemctl restart httpd
4.apache语言支持
Php html cgi
Html为默认支持语言
Php语言
[[email protected] ~]# cd /var/www/html
[[email protected] html]# vim index.php
[[email protected] html]# cat index.php
<?php
phpinfo();
?>
Yum install php -y
Vim /etc/httpd/conf/httpd.conf
177 DirectoryIndex index.php file index.html
Systemctl reatart httpd
测试:浏览器输入172.25.254.100/index.php可看到php测试页
Cgi
通用网关接口(CGI)是网站上放置动态内容的最简单的方法。CGI脚本可用于许多目的,但是谨慎控制使用哪个CGI脚本以及允许谁添加和运行这些脚本十分重要。编写质量差的CGI脚本可能为外部攻击者提供了破坏网站及其内容安全性的途径。因此,在Web服务器级别和SELinux策略级别,都存在用于限制CGI脚本使用的设置。
[[email protected] html]# ls
admin cgi index.php myadmin
[[email protected] html]# vim index.cgi
[[email protected] html]# vim /etc/httpd/conf/httpd.conf
[[email protected] html]# getenforce
Disabled
[[email protected] html]# chmod +x index.cgi
[[email protected] html]# systemctl restart httpd
测试:浏览器输入172.25.254.100/cgi/index.cgi
显示 Wed May 17 08:17:06 EDT 2017
四.Apache的虚拟主机
1.定义
可以让我们的一台apache服务器在被访问不同域名的时候显示不同的主页。
2.建立测试页
[[email protected] ~]# cd /var/www/
[[email protected] www]# mkdir virtual
[[email protected] www]# ls
cgi-bin html virtual
[[email protected] www]# mkdir virtual/news.westos.com -p
[[email protected] www]# mkdir virtual/money.westos.com -p
[[email protected] www]# mkdir -p virtual/money.westos.com/html
[[email protected] www]# mkdir -p virtual/news.westos.com/html
[[email protected] www]# echo "money.westos.com's page" >virtual/money.westos.com/html/index.html
[[email protected] www]# echo "news.westos.com's page" >virtual/news.westos.com/html/index.html
3.配置
[[email protected] www]# cd /etc/httpd/conf.d
[[email protected] conf.d]# vim default.conf ##指定域名的访问都访问defaults
<Virtualhost _default_:80> ##虚拟主机开启的端口
DocumentRoot "/var/www/html" ##虚拟主机的默认发布目录
CustomLog "logs/default.log" combined ##虚拟主机的日志
</Virtualhost>
[[email protected] conf.d]# vim news.conf ##指定域名news.westos.com的访问到指定默认发布目录中
<Virtualhost *:80>
ServerName "news.westos.com"
DocumentRoot "/var/www/virtual/news.westos.com/html"
CustomLog "logs/news.log" combined
</Virtualhost>
<Directory "/var/www/virtual/news.westos.com/html"> ##默认发布目录的访问授权
Require all granted
</Directory>
[[email protected] conf.d]# cp news.conf money.conf
[[email protected] conf.d]# vim money.conf
[[email protected] conf.d]# systemctl restart httpd
4.测试
在浏览器所在主机
vim /etc/hosts
172.25.254.100 www.westos.com news.westos.com money.westos.com
输入http://news.westos.com/ 显示news.Westos.com’s page
输入http://money.westos.com/ 显示money.Westos.com’s page
五.ssl加密的超文本传输协议https
1.https定义
Hyper text transfer protocol over Secure socker layer,通过ssl
2.配置
yum install mod_ssl -y
yum install crypto-utils -y
[[email protected] conf.d]# genkey www.westos.com ##对该域名进行加密
/etc/pki/tls/private/www.westos.com.key
/etc/pki/tls/certs/www.westos.com.crt
[[email protected] conf.d]# vim ssl.conf ##加密文件
Vim /etc/httpd/conf.d/login.conf
<Virtualhost *:443>
ServerName "login.westos.com"
DocumentRoot "/var/www/virtual/login.westos.com/html"
CustomLog "logs/login.log" combined
SSLEngine on ##开始https功能
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
</Virtualhost>
<Directory "/var/www/virtual/login.westos.com/html">
Require all granted
</Directory>
<Virtualhost *:80> ##网页重写实现自动访问https
ServerName "login.westos.com"
RewriteEngine on
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
</Virtualhost>
#^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
#^(/.*)$ 客户主机在地址栏写入的所有字符
#https:// 定向成为的访问协议
#%{HTTP_HOST} 客户请求主机
#$1 $1的值就表示 ^(/.*)$的值
#[redirect=301] 临时重定向 302永久重定向
[[email protected] conf.d]# mkdir /var/www/virtual/login.westos.com/html -p
[[email protected] conf.d]# vim /var/www/virtual/login.westos.com/html/index.html
<h1>login.westos.com's page </h1>
Systemctl restart httpd
3.测试:
在客户端主机添加解析
Vim /etc/hosts
172.25.254.100 login.westos.com
浏览器访问login.westos.com会自动调转到
https://login.westos.com 实现网页数据加密传输