Apache的管理及优化web

一.Apache的作用

在web被访问时通常使用http：//的方式

http://                 超文本传输协议

http://  超文本传输协议提供软件

Apache

ngix

stgw

jfe

Tengine

二.Apache的安装

dnf install httpd.x86_64 -y

三.Apache的启用

systemctl enable --now httpd                     开启服务并设定服务开机启动

firewall-cmd --list-all                          查看火墙信息

firewall-cmd --permanent --add-service=http      在火墙中永久开启http访问

firewall-cmd --permanent --add-service=https     在火墙中永久开启https访问

firewall-cmd --reload                            刷新火墙使设定生效

四.Apache的基本信息

服务名称：    httpd

配置文件：    /etc/httpd/conf/httpd.conf     主配置文件

                      /etc/httpd/conf.d/*.conf       子配置文件

默认发布目录：/var/www/html

默认发布文件：index.html    修改167行

默认端口    ：80    #http

                      443   #https

用户        ：Apache日志        ：/etc/httpd/logs
/etc/hosts

五.Apache的基本配置

1.Apache的端口修改

vim /etc/httpd/conf/httpd.conf

Listen 1111

firewall-cmd --permanent --add-port=1111/tcp

firewall-cmd --reload

semanage port -l |grep http

semanage port -a -t http_port_t -p tcp 1111

systemctl restart httpd

2.默认发布文件

vim /etc/httpd/conf/httpd.conf

DirectoryIndex westos.html index.html

systemctl restart httpd

3.默认发布目录

vim /etc/httpd/conf/httpd.conf

DocumentRoot "/westos/html"

<Directory "/westos/html"

                   Require all granted

</Directory>

semanage fcontext -a -t httpd_sys_content_t '/westos(/.*)?'

restorecon -RvvF /westos/

systemctl restart httpd

firefox http://172.25.254.20

六.Apache的访问控制

实验素材

mkdir /var/www/html/westos

vim /var/www/html/westos/index.html

<h1>westos's page</h1>

firefox http://172.25.254.20/westos

1.基于客户端ip的访问控制

ip白名单

vim /etc/httpd/conf/httpd.conf

<Directory "/var/www/html/westos">

Order Deny,Allow

Allow from 172.25.254.10

 Deny from All

</Directory>

ip黑名单

<Directory "/var/www/html/westos">

Order Allow,Deny

Allow from All

Deny from 172.25.254.10

</Directory>

2.基于用户认证

vim /etc/httpd/conf/httpd.conf

<Directory "/var/www/html/westos">

AuthUserfile /etc/httpd/htpasswdfile           指定认证文件

AuthName "Please input your name and passwd"   认证提示

AuthType basic                                 认证类型

Require user admin                             允许通过的认证用户   二选一

 Require valid-user                             允许所有用户通过认证 二选一

</Directory>

htpasswd -cm /etc/httpd/htpasswdfile admin          生成认证文件

注意： 

当/etc/httpd/htpasswdfile存在那么在添加用户时不要加-c参数否则会覆盖原文件内容

七.Apache的虚拟主机

mkdir /var/www/virtual/westos.com/{news,music}

echo news > /var/www/virtual/westos.com/news/index.html

echo music > /var/www/virtual/westos.com/music/index.html

echo westos > /var/www/html/index.html

vim /etc/httpd/Vhost.conf   ##修改发布目录的配置文件

<VirtualHost _default_:80>
     
          DocumentRoot "/var/www/html" 
     
          CustomLog logs/default.log combined 

</VirtualHost>
 

<VirtualHost *:80> 
     
          ServerName music.westos.com 
     
          DocumentRoot "/var/www/westos.com/music" 
     
           CustomLog logs/music.log combined 

</VirtualHost>
 

<VirtualHost *:80> 
     
           ServerName news.westos.com 
     
          DocumentRoot "/var/www/westos.com/news" 
     
           CustomLog logs/news.log combined 

</VirtualHost>

systemctl restart httpd

测试：在浏览器所有主机中

vim /etc/hosts

172.25.254.20 www.westos.com news.westos.com music.westos.com

firefox访问

八.Apache的语言支持

php 

vim /var/www/html/index.php

<?php

       phpinfo();

?>

dhf search php

dnf install php -y

systemctl restart httpd

firefox http://172.25.254.20/index.php

cgi

mkdir /var/www/html/cgidir

vim /var/www/html/cgidir/index.cgi

#!/usr/bin/perl

print "Content-type: text/html\n\n";

print `date`

semanage fcontext -a -t httpd_sys_script_exec_t '/var/www/html/cgidir(/.*)?'

restorecon -RvvF /var/www/html/cgidir

chmod +x index.cgi

./index.cgi

vim /etc/httpd/conf.d/vhosts.conf

<Directory "/var/www/html/cgidir/">

           Options +ExecCGI

           AddHandler cgi-script .cgi

</Directory>

systemctl restart httpd

firefox http://172.25.254.20/cgidir/index.cgi

九.Apache的加密方式

安装加密插件

dnf install mod_ssl -y

生成证书    

openssl genrsa -out /etc/pki/tls/private/www.westos.com.key 2048           生成私钥

openssl req -new -key /etc/pki/tls/private/www.westos.com.key              生成证书签名文件

-out /etc/pki/tls/certs/www.westos.com.csr    

openssl x509 -req -days 365 -in /etc/pki/tls/certs/www.westos.com.csr      生成证书

-signkey /etc/pki/tls/private/www.westos.com.key 

-out /etc/pki/tls/certs/www.westos.com.crt

x509  证书格式

-req  请求

-in   加载签证名称

-signkey  /etc/pki/tls/private/www.westos.com.key 

vim /etc/httpd/conf.d/ssl.conf

SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt

SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key

ll /etc/pki/tls/private/www.westos.com.key

chmod 644 /etc/pki/tls/private/www.westos.com.key

systemctl restart httpd

vim /etc/httpd/conf.d/vhost.d

<VirtualHost *.80>

        ServerName login.westos.com

        RewriteEngine on

        RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1

</VirtualHost>

<VirtualHost *.443>

          ServerName login.westos.com

          DocumentRoot "/www.westos.com/login"

           CustomLog logs/login.log combined

            SSLEngine on

            SSLCertficateFile /etc/pki/tls/certs/www.westos.com.crt

            SSLCertficateKeyFile /etc/pki/tls/private/www.westos.com.key

</VirtualHost>

systemctl restart httpd

^(/.*)$     客户地址栏中输入的地址

%{HTTP_HOST}     客户主机

$1          RewriteRule后面跟的第一串字符的值