您的位置: 首页  >  文章  >  apache服务

apache服务

分类: 文章 2024-12-27 11:59:16

实例一:

要求:

  • 从http://ldap.example.com/pub/example.html下载文件,并重命名为index.html,不要修改文件内容
  • 将文件index.html拷贝到你的DocumentRoot目录下
  • 来自于example.com的客户端可以访问该web服务器
  • 来自于my133t.org的客户端的访问会被拒绝

解答:

//安装服务

[[email protected] ~]# yum -y install httpd
Loaded plugins: langpacks, product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
xx                                                       | 4.1 kB     00:00     
Resolving Dependencies
略...
Installed:
  httpd.x86_64 0:2.4.6-17.el7                                                   

Dependency Installed:
  apr.x86_64 0:1.4.8-3.el7                 apr-util.x86_64 0:1.5.2-6.el7       
  httpd-tools.x86_64 0:2.4.6-17.el7        mailcap.noarch 0:2.1.41-2.el7       

Complete!

//进入目录,下载文件并重命名

[[email protected] ~]# cd /var/www/html/
[[email protected] html]# ls
[[email protected] html]# wget http://ldap.example.com/pub/example.html
--2019-01-17 09:01:30--  http://ldap.example.com/pub/example.html
Resolving ldap.example.com (ldap.example.com)... 172.16.30.254
Connecting to ldap.example.com (ldap.example.com)|172.16.30.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 21 [text/html]
Saving to: ‘example.html’

100%[======================================>] 21          --.-K/s   in 0s      

2019-01-17 09:01:30 (4.26 MB/s) - ‘example.html’ saved [21/21]

[[email protected] html]# mv example.html index.html
[r[email protected] html]# ls
index.html

//启动服务并设置开机自启,关闭iptables和ebtables

[[email protected] html]# systemctl start httpd
[[email protected] html]# systemctl enable httpd.service 
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
[[email protected] html]# systemctl mask iptables.service ebtables.service 
ln -s '/dev/null' '/etc/systemd/system/iptables.service'
ln -s '/dev/null' '/etc/systemd/system/ebtables.service'
[[email protected] html]# systemctl stop iptables ebtables
[[email protected] html]#

//过滤http服务,并设置防火墙

[[email protected] ~]# firewall-cmd --get-services |grep http
amanda-client bacula bacula-client dhcp dhcpv6 dhcpv6-client dns ftp high-availability http https imaps ipp ipp-client ipsec kerberos kpasswd ldap ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs ntp openv*n pmcd pmproxy pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind samba samba-client smtp ssh telnet tftp tftp-client transmission-client vnc-server wbem-https
[[email protected] ~]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 service name=http accept' --permanent
success
[[email protected] ~]# firewall-cmd --reload
success

//访问web服务器
apache服务

实例二

要求

  • 已签名证书从http://ldap.example.com/pub/server30.crt获取
  • 证书的秘钥从http://ldap.example.com/pub/server30.key获取
  • 证书的签名授权信息从http://ldap.example.com/pub/group30.crt获取

解答

//安装ssl软件包

[[email protected] ~]# yum -y install mod_ssl
过程略

//下载证书,秘钥,证书授权信息

[[email protected] conf.d]# cd /etc/pki/tls
[[email protected] tls]# ls
cert.pem  certs  misc  openssl.cnf  private
[[email protected] tls]# cd certs/
[[email protected] certs]# ls
ca-bundle.crt        localhost.crt    Makefile
ca-bundle.trust.crt  make-dummy-cert  renew-dummy-cert
[[email protected] certs]# wget http://ldap.example.com/pub/server30.crt
--2019-01-17 09:33:49--  http://ldap.example.com/pub/server30.crt
Resolving ldap.example.com (ldap.example.com)... 172.16.30.254
Connecting to ldap.example.com (ldap.example.com)|172.16.30.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3147 (3.1K)
Saving to: ‘server30.crt’

100%[======================================>] 3,147       --.-K/s   in 0s      

2019-01-17 09:33:49 (417 MB/s) - ‘server30.crt’ saved [3147/3147]

[[email protected] certs]# wget http://ldap.example.com/pub/group30.crt
--2019-01-17 09:34:02--  http://ldap.example.com/pub/group30.crt
Resolving ldap.example.com (ldap.example.com)... 172.16.30.254
Connecting to ldap.example.com (ldap.example.com)|172.16.30.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3256 (3.2K)
Saving to: ‘group30.crt’

100%[======================================>] 3,256       --.-K/s   in 0s      

2019-01-17 09:34:02 (537 MB/s) - ‘group30.crt’ saved [3256/3256]

[[email protected] tls]# cd private/
[[email protected] private]# ls
localhost.key
[[email protected] private]# wget http://ldap.example.com/pub/server30.key
--2019-01-17 09:34:26--  http://ldap.example.com/pub/server30.key
Resolving ldap.example.com (ldap.example.com)... 172.16.30.254
Connecting to ldap.example.com (ldap.example.com)|172.16.30.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 887
Saving to: ‘server30.key’

100%[======================================>] 887         --.-K/s   in 0s      

2019-01-17 09:34:26 (192 MB/s) - ‘server30.key’ saved [887/887]

//进入目录,修改配置文件并重启服务

[[email protected] ~]# cd /etc/httpd/conf.d/
[[email protected] conf.d]# vim ssl.conf
#General setup for the virtual host, inherited from global configuration
#DocumentRoot "/var/www/html"
#ServerName server30.example.com:443

SSLCertificateFile /etc/pki/tls/certs/server30.crt

SSLCertificateKeyFile /etc/pki/tls/private/server30.key

SSLCACertificateFile /etc/pki/tls/certs/group30.crt
[[email protected] conf.d]# systemctl restart httpd
[[email protected] conf.d]#

//设置防火墙

[[email protected] ~]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 service name=https accept' --permanent
success
[[email protected] ~]# firewall-cmd --reload
success

//访问web服务
apache服务

实例三

要求

  • 为站点http://www.example.com创建一个虚拟主机
  • 设置DocumentRoot为/var/www/virtual
  • 从http://ldap.example.com/pub/www.html下载文件,并重命名为index.html,不要修改文件内容
  • 将文件index.html拷贝到DocumentRoot目录下
  • 确保floyd用户能够在/var/www/virtual下创建文件

解答

//创建virtual目录,下载www.html到此目录,把属组给到/var/www/下

[[email protected] ~]# mkdir /var/www/virtual
[[email protected] ~]# ls /var/www
cgi-bin  html  virtual
[[email protected] ~]# cd /var/www
[[email protected] www]# ls
cgi-bin  html  virtual
[[email protected] www]# wget -O virtual/index.html http://ldap.example.com/pub/www.html
--2019-01-17 10:09:48--  http://ldap.example.com/pub/www.html
Resolving ldap.example.com (ldap.example.com)... 172.16.30.254
Connecting to ldap.example.com (ldap.example.com)|172.16.30.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 16 [text/html]
Saving to: ‘virtual/index.html’

100%[======================================>] 16          --.-K/s   in 0s      

2019-01-17 10:09:48 (2.93 MB/s) - ‘virtual/index.html’ saved [16/16]

[[email protected] www]# chown -R apache.apache /var/www/
[[email protected] www]#

//创建floyd用户,给权限

[[email protected] www]# useradd floyd
[[email protected] www]# setfacl -m u:floyd:rwx virtual/
[[email protected] www]#

//在根目录下面搜索vhost,复制到conf.d下面

[[email protected] ~]# find / -name *vhost*
/dev/vhost-net
/etc/selinux/targeted/modules/active/modules/vhostmd.pp
/usr/lib/modules/3.10.0-123.el7.x86_64/kernel/drivers/vhost
/usr/lib/modules/3.10.0-123.el7.x86_64/kernel/drivers/vhost/vhost_net.ko
/usr/lib64/httpd/modules/mod_vhost_alias.so
/usr/share/doc/httpd-2.4.6/httpd-vhosts.conf
[[email protected] ~]# cd /etc/httpd/
[[email protected] httpd]# ls
conf  conf.d  conf.modules.d  logs  modules  run
[[email protected] httpd]# cd conf.d
[[email protected] conf.d]# ls
autoindex.conf  README  ssl.conf  userdir.conf  welcome.conf
[[email protected] conf.d]# cp /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf .
[[email protected] conf.d]#

//编辑此文件,并重启服务

[[email protected] conf.d]# vim httpd-vhosts.conf
#VirtualHost example:
#Almost any Apache directive may go into a VirtualHost container.
#The first VirtualHost section is used for all requests that do not
#match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost *:80>
    DocumentRoot "/var/www/html
    ServerName server30.example.com
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "/var/www/virtual"
    ServerName www.example.com
</VirtualHost>
[[email protected] conf.d]# systemctl restart httpd
[[email protected] conf.d]#

//到客户端ping www.example.com

[[email protected] ~]# ping www.example.com
PING www.example.com (172.16.30.130) 56(84) bytes of data.
64 bytes from alt.example.com (172.16.30.130): icmp_seq=1 ttl=64 time=1.27 ms
64 bytes from alt.example.com (172.16.30.130): icmp_seq=2 ttl=64 time=0.377 ms
64 bytes from server30.example.com (172.16.30.130): icmp_seq=3 ttl=64 time=0.658 ms
64 bytes from server30.example.com (172.16.30.130): icmp_seq=4 ttl=64 time=0.319 ms
64 bytes from www.example.com (172.16.30.130): icmp_seq=5 ttl=64 time=0.600 ms
^C
--- www.example.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 0.319/0.645/1.272/0.339 ms

//客户端访问web服务
apache服务
//回到服务端切换到用户floyd查看能否创建文件

[[email protected] ~]# su - floyd 
[[email protected] ~]$ cd /var/www/virtual/
[[email protected] virtual]$ ls
index.html
[[email protected] virtual]$ touch aa
[[email protected] virtual]$ ls
aa  index.html
[[email protected] virtual]$ ll
total 4
-rw-rw-r--. 1 floyd  floyd   0 Jan 17 10:31 aa
-rw-r--r--. 1 apache apache 16 Nov 28  2014 index.html
[[email protected] virtual]$

实例四

要求

  • 在你server上的web服务器的DocumentRoot目录下创建一个名为private的目录
  • 从http://ldap.example.com/pub/private.html下载文件到这个目录,并重命名为index.html,不要修改文件内容
  • 从server上,任何人都可以浏览private的内容,但是从其他系统不能访问这个目录的内容

解答

//进入html目录下创建private目录,下载文件到刚创建的目录下

[[email protected] ~]# cd /var/www/html/
[[email protected] html]# mkdir private
[[email protected] html]# wget -O private/index.html http://ldap.example.com/pub/private.html
--2019-01-17 10:52:02--  http://ldap.example.com/pub/private.html
Resolving ldap.example.com (ldap.example.com)... 172.16.30.254
Connecting to ldap.example.com (ldap.example.com)|172.16.30.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 8 [text/html]
Saving to: ‘private/index.html’

100%[======================================>] 8           --.-K/s   in 0s      

2019-01-17 10:52:03 (1.62 MB/s) - ‘private/index.html’ saved [8/8]

[[email protected] html]#

//修改配置文件,重启服务

 match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost *:80>
    DocumentRoot "/var/www/html
    ServerName server30.example.com
    <Directory "/var/www/html/private">
        Require ip 172.16.30.130
    </Directory>
</VirtualHost>
[[email protected] html]# systemctl restart httpd
[[email protected] html]#

//到客户端浏览server30.example.com/private,然后回到服务端重复操作
apache服务
apache服务

实例五

要求

  • 动态内容由名为alt.example.com的虚拟主机提供
  • 虚拟主机侦听端口为8909
  • 从http://ldap.example.com/pub/webapp.wsgi下载一个脚本,然后放在适当的位置,不要修改文件内容
  • 客户端访问http://alt.example.com:8909时,应该搜到动态生成的web页面
  • 此http://alt.example.com:8909必须能被example.com内所有的系统访问

解答

//创建目录,下载webapp.wsgi到此目录,并修改此属组

[[email protected] ~]# cd /var/www
[[email protected] www]# mkdir wsgi
[[email protected] www]# ls
cgi-bin  html  virtual  wsgi
[[email protected] www]# wget -O wsgi/webapp.wsgi http://ldap.example.com/pub/webapp.wsgi
--2019-01-17 11:31:09--  http://ldap.example.com/pub/webapp.wsgi
Resolving ldap.example.com (ldap.example.com)... 172.16.30.254
Connecting to ldap.example.com (ldap.example.com)|172.16.30.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 277
Saving to: ‘wsgi/webapp.wsgi’

100%[======================================>] 277         --.-K/s   in 0s      

2019-01-17 11:31:09 (46.0 MB/s) - ‘wsgi/webapp.wsgi’ saved [277/277]

[[email protected] www]# chown -R apache.apache wsgi/
[[email protected] www]

//修改配置文件

[[email protected] www]# vim /etc/httpd/conf.d/httpd-vhosts.conf
Listen 8909
<VirtualHost *:8909>
    WSGIScriptAlias / "/var/www/wsgi/webapp.wsgi"
    ServerName alt.example.com
</VirtualHost>

//安装msgi软件包

[[email protected] www]# yum -y install mod_wsgi
过程略

//查看端口,发现没有刚刚添加的端口,然后添加刚刚配置的端口

[[email protected] www]# semanage port -l |grep http
http_cache_port_t              tcp      8080, 8118, 8123, 10001-10010
http_cache_port_t              udp      3130
http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t            tcp      5988
pegasus_https_port_t           tcp      5989
[[email protected] www]# semanage port -a -t http_port_t -p tcp 8909
[[email protected] www]# semanage port -l |grep http
http_cache_port_t              tcp      8080, 8118, 8123, 10001-10010
http_cache_port_t              udp      3130
http_port_t                    tcp      8909, 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t            tcp      5988
pegasus_https_port_t           tcp      5989

//重启httpd服务

[[email protected] www]# systemctl start httpd
[[email protected] www]#

//防火墙放行8909端口,重启防火墙

[[email protected] www]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 port protocol=tcp port=8909 accept' --permanent
success
[[email protected] www]# firewall-cmd --reload
success
[[email protected] www]#

//到客户端ping alt.example.com

[[email protected] ~]# ping alt.example.com
PING alt.example.com (172.16.30.130) 56(84) bytes of data.
64 bytes from www.example.com (172.16.30.130): icmp_seq=1 ttl=64 time=0.300 ms
64 bytes from alt.example.com (172.16.30.130): icmp_seq=2 ttl=64 time=0.556 ms
64 bytes from www.example.com (172.16.30.130): icmp_seq=3 ttl=64 time=0.560 ms
^C
--- alt.example.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.300/0.472/0.560/0.121 ms

//到客户端浏览器访问alt,出现Hello World,就代表成功
apache服务

相关推荐