重庆分公司,新征程启航
为企业提供网站建设、域名注册、服务器等服务
第九单元
创新互联公司始终坚持【策划先行,效果至上】的经营理念,通过多达十年累计超上千家客户的网站建设总结了一套系统有效的全网整合营销推广解决方案,现已广泛运用于各行各业的客户,其中包括:成都报废汽车回收等企业,备受客户称誉。
Apache web服务
一 Apache安装
1 yum install httpd -y ###安装apache软件包###
2 systemctl start httpd ###开启服务###
3 systemctl enable httpd.service ###开机自动开启服务###
4 systemctl stop firewalld.service ###关闭防火墙###
5 systemctl disable firewalld.service ###开机自动关闭###
6 netstat -antlp | grep httpd ###查看监听端口###
二 apache基本信息
1 apache的默认发布目录
index.html
2 apache的配置文件
/etc/httpd/conf/httpd.conf ###主配置文件###
ServerRoot "/etc/httpd" ###用于指定Apache的运行目录###
Listen 80 ###监听端口###
User apache ###运行apache程序的用户和组###
Group apache
ServerAdmin root@localhost ###管理员邮箱###
DocumentRoot "/var/www/html" ###网页文件的存放目录###
Require all granted
ErrorLog "logs/error_log" ###错误日志存放位置###
AddDefaultCharset UTF-8 ###默认支持的语言###
IncludeOptional conf.d/*.conf ###加载其它配置文件###
DirectoryIndex index.html ###默认主页名称###
/etc/httpd/conf.d/*.conf ###子配置文件###
3 apache的默认发布目录
/var/www/html
4 apache的默认端口
80
三 apache的基本配置
1 )默认文件的修改
1 vim /var/www/html/index.html ###编写默认文件###
内容:
2 vim /var/www/html/ westos.html ###编写默认文件###
内容:
3 vim /etc/httpd/conf/httpd.con
168
169 DirectoryIndex westos.html index.html ###默认westos.html为默认文件,如果westos.html不存在,则默认文件为index.html#####
170
4 systemctl restart httpd.service ###重新启动服务###
测试:
登入 172.25.254.112 查看显示的内容是index.html还是westos.html
如果将westos.html文件删除
过程如下:
[root@mariadb MySQLadmin]# cd /var/www/html/
[root@mariadb html]# ls
admin cgi mysqladmin
[root@mariadb html]# vim index.html
[root@mariadb html]# vim westos.html
[root@mariadb html]# vim /etc/httpd/conf/httpd.conf
[root@mariadb html]# systemctl restart httpd.service
[root@mariadb html]# rm -fr westos.html
2 )默认目录的修改
当selinux是disabled的时候:
1 mkdir /westos/www/test -p ###建立一个目录作为默认目录###
2 vim /westos/www/test/westos.html ###编写默认文件###
内容:
3 vim /etc/httpd/conf/httpd.conf
121 DocumentRoot "/westos/www/test" ###修改默认目录###
122
123
124 Require all granted ####允许所有人访问####
125
4 systemctl restart httpd.service ###重启服务###
测试:
登入172.25.254.112查看内容:
过程如下:
[root@mariadb html]# mkdir /westos/www/test -p
[root@mariadb html]# vim /westos/www/test/westos.html
[root@mariadb html]# vim /etc/httpd/conf/httpd.conf
[root@mariadb html]# systemctl restart httpd.service
当selinux是enforcing状态:
在添加下面两步:
1 semanage fcontext -a -t httpd_sys_content_t '/westos(/.*)?'###修改安全上下文###
2 restorecon -RvvF /westos/ ###刷新###
3 )apache的访问控制
设定ip的访问:
1 mkdir /var/www/html/admin/
2 vim /var/www/html/admin/index.html
3 vim /etc/httpd/conf/httpd.conf
Order Allow,Deny ###允许所有人访问admin目录但只有78主机不能访问###
Allow from All
Deny from 172.25.254.78
<
Order Deny,Allow
Allow from 172.25.254.78
Deny from All
3 systemctl restart httpd.service ###重启服务###
过程如下:
[root@mariadb ~]# mkdir /var/www/html/admin/
[root@mariadb ~]# vim /var/www/html/admin/index.html
[root@mariadb ~]# vim /etc/httpd/conf/httpd.conf
[root@mariadb ~]# systemctl restart httpd.service
特定用户的访问:
1 htpasswd -cm /etc/httpd/accessuser admin ###设定用户,-c指创建,-m指定名称,改命令为创建了一个用户admin,该用户信息存放在/etc/httpd/accessuser#####
2 htpasswd -m /etc/httpd/accessuser tom ###创建用户tom,第二次创建不用加-c,不然会将第一次创建的用户信息覆盖###
3 vim /etc/httpd/conf/httpd.conf
AuthUserFile /etc/httpd/accessuser ###用户认证文件###
AuthName "please input your name and password !!" ###用户认证提示信息###
AuthType basic ###认证类型###
Require user tom ###认证用户,只有tom可以访问,如果是Require valid-user 则认证文件中的所有用户###
过程如下:
[root@mariadb ~]# vim /etc/httpd/conf/httpd.conf
[root@mariadb ~]# cd /etc/httpd/
[root@mariadb httpd]# htpasswd -cm /etc/httpd/accessuser admin
New password:
Re-type new password:
Adding password for user admin
[root@mariadb httpd]# cat /etc/httpd/accessuser
admin:$apr1$/2PFvsol$SDJa/.mb1dmWnjHzZEPu11
[root@mariadb httpd]# htpasswd -m /etc/httpd/accessuser tom
New password:
Re-type new password:
Adding password for user tom
[root@mariadb httpd]# cat /etc/httpd/accessuser
admin:$apr1$/2PFvsol$SDJa/.mb1dmWnjHzZEPu11
tom:$apr1$pZ1snUMw$Sd/oscb2DOr0j6aCTvoDB1
[root@mariadb httpd]# mkdir -p /var/www/html/admin
[root@mariadb httpd]# systemctl restart httpd.service
测试:
登入172.25.254.112/admin
4)apache语言支持
php html cqi
默认支持:html
php语言:
1 yum install php -y
2 vim /var/www/html/index.php
phpinfo();
?>
3 systemctl restart httpd.service
过程如下:
[root@mariadb html]# yum install php
[root@mariadb html]# vim /var/www/html/index.html
[root@mariadb html]# systemctl restart httpd.service
cgi语言:
1 yum install httpd-manual -y
2 mkdir /var/www/html/cgi
3 cd /var/www/html/cgi/
4 vim index.cgi
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print `date`;
5 chmod +x index.cgi
6 vim /etc/httpd/conf/httpd.conf
179 DirectoryIndex index.html index.cgi
135
136 Options +ExecCGI
137 AddHandler cgi-script .cgi
138
[root@mariadb httpd]# yum install httpd-manual -y
[root@mariadb httpd]# systemctl restart httpd.service
[root@mariadb httpd]# mkdir /var/www/html/cgi
[root@mariadb httpd]# touch /var/www/html/cgi/index.cgi
[root@mariadb httpd]# cd /var/www/html/cgi/
[root@mariadb cgi]# vim index.cgi
[root@mariadb cgi]# chmod +x index.cgi
[root@mariadb cgi]# vim /etc/httpd/conf/httpd.conf
[root@mariadb cgi]# systemctl restart httpd.service
测试:
登入172.25.254.112/cgi
三 虚拟主机
1 ) 定义:
可以让我们的一台aoache服务器在被访问不同域名的时候显示不同的主页,虚拟主机允许您从一个httpd服务器同时为多个网站提供服务
2 )建立测试页:
cd /var/www/
mkdir virtual
mkdir virtual/news.westos.com
mkdir virtual/money.westos.com
mkdir virtual/money.westos.com/html
mkdir virtual/news.westos.com/html
echo "money.westos.com's page" > virtual/money.westos.com/html/index.html
echo "news.westos.com's page" > virtual/news.westos.com/html/index.html
3 )配置
1 cd /etc/httpd/conf.d/ ##在子配置文件里配置
2 vim default.conf ###没有指定域名的访问都访问default
DocumentRoot "/var/www/html" ###虚拟主机的默认发布目录###
CustomLog "logs/default.log" combined ###虚拟主机日志###
3 vim news.conf ###指定域名为news.westos.com的访问###
ServerName "news.westos.com" ###指定服务器名称###
DocumentRoot "/var/www/virtual/news.westos.com/html"
CustomLog "logs/news.log" combined
Require all granted
4 vim money.conf ###指定域名为money.westos.com的访问###
ServerName "money.westos.com"
DocumentRoot "/var/www/virtual/money.westos.com/html"
CustomLog "logs/money.log" combined
Require all granted
5 systemctl restart httpd.service ###重启服务###
6 在在浏览器的主机上要进行本地解析:
[root@foundation12 Desktop]# vim /etc/hosts
172.25.254.112 www.westos.com news.westos.com money.westos.com
测试:
分别登入www.westos.com , new.westos.com , money.westos.com
过程如下:
[root@server ~]# cd /var/www/ ###建立测试页###
[root@server www]# mkdir virtual
[root@server www]# ls
cgi-bin html virtual
[root@server www]# mkdir virtual/news.westos.com
[root@server www]# mkdir virtual/money.westos.com
[root@server www]# mkdir virtual/money.westos.com/html
[root@server www]# mkdir virtual/news.westos.com/html
[root@server www]# echo "money.westos.com's page" > virtual/money.westos.com/html/index.html
[root@server www]# echo "news.westos.com's page" > virtual/news.westos.com/html/index.html
[root@server conf]# cd /etc/httpd/conf.d/ ##在子配置文件里配置###
[root@server conf.d]# ls
autoindex.conf php.conf userdir.conf
manual.conf README welcome.conf
[root@server conf.d]# vim default.conf
[root@server conf.d]# vim news.conf
[root@server conf.d]# cp news.conf money.conf
[root@server conf.d]# vim money.conf
[root@server conf]# cd /etc/httpd/conf.d
[root@server conf.d]# ls
autoindex.conf manual.conf news.conf README welcome.conf
default.conf money.conf php.conf userdir.conf
[root@server conf.d]# systemctl restart httpd.service ###重启服务###
在浏览器的主机上要进行本地解析:
[root@foundation12 Desktop]# vim /etc/hosts
172.25.254.112 www.westos.com news.westos.com money.westos.com
4 )配置https
http的访问是明文的访问,https的访问是加密的访问。
https访问的监听端口是443
1 netstat -antlpe | grep httpd ###查看与httpd有关的端口有哪些##
2 yum install mod_ssl -y ###只有安装了ssl才会有443端口###
3 vim /etc/httpd/conf.d/ssl.conf ###安装号ssl后就会出现ssl.conf文件,文件内容有443端口####
4 yum install crypto-utils.x86_64 -y ###安装生成自签名证书的软件包###
5 genkey www.westos.com ###调用genkey生成证书###
--> 记录生成的证书和关联的私钥的位置
--> 选择合适的密钥大小
--> 在生成随机数时比较慢,敲键盘和移动鼠标可以加速
--> 拒绝向认证机构(CA)发送证书请求(CSR)
--> 拒绝加密私钥
--> 为服务器提供合适的身份。Common Name必须与服务器的主机全名完全匹配(注意,任何逗号都应使用前导反斜线[\]进行转义)
-->
6 vim ssl.conf
7 vim login.conf
ServerName "login.westos.com"
DocumentRoot "/var/www/virtual/login.westos.com/html"
CustomLog "logs/login.log" combined
SSLEngine on ###开启https的功能###
SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt ###证书###
SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key ##秘钥###
Require all granted
过程如下:
[root@localhost conf.d]# yum install mod_ssl.x86_64 -y
[root@localhost conf.d]# yum install crypto-utils.x86_64 -y
[root@localhost conf.d]# genkey www.westos.com
/usr/bin/keyutil -c makecert -g 512 -s "CN=www.westos.com, OU=linux, O=westos, L=xi'an, ST=Shannxi, C=CN" -v 1 -a -z /etc/pki/tls/.rand.3946 -o /etc/pki/tls/certs/www.westos.com.crt -k /etc/pki/tls/private/www.westos.com.key
cmdstr: makecert
cmd_CreateNewCert
command: makecert
keysize = 512 bits
subject = CN=www.westos.com, OU=linux, O=westos, L=xi'an, ST=Shannxi, C=CN
valid for 1 months
random seed from /etc/pki/tls/.rand.3946
output will be written to /etc/pki/tls/certs/www.westos.com.crt
output key written to /etc/pki/tls/private/www.westos.com.key
Generating key. This may take a few moments...
Made a key
Opened tmprequest for writing
/usr/bin/keyutil Copying the cert pointer
Created a certificate
Wrote 486 bytes of encoded data to /etc/pki/tls/private/www.westos.com.key
Wrote the key to:
/etc/pki/tls/private/www.westos.com.key
[root@localhost conf.d]# ls
autoindex.conf money.conf README tmprequest welcome.conf
default.conf news.conf ssl.conf userdir.conf
[root@localhost conf.d]# vim ssl.conf
[1]+ Stopped vim ssl.conf
[root@localhost conf.d]# fg
vim ssl.conf
[1]+ Stopped vim ssl.conf
[root@localhost conf.d]# fg
vim ssl.conf
[root@localhost conf.d]# systemctl restart httpd.service
[root@localhost conf.d]# netstat -antlpe | grep httpd
tcp6 0 0 :::443 :::* LISTEN 0 97088 4088/httpd
tcp6 0 0 :::80 :::* LISTEN 0 97074 4088/httpd
[root@localhost conf.d]# cp -p money.conf login.conf
[root@localhost conf.d]# mkdir /var/www/virtual/login.westos.com/html -p
[root@localhost conf.d]# vim /var/www/virtual/login.westos.com/html/index.html
[root@localhost conf.d]# vim login.conf
ServerName "login.westos.com"
DocumentRoot "/var/www/virtual/login.westos.com/html"
CustomLog "logs/login.log" combined
SSLEngine on ###开启https功能###
SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt##证书##
SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key##密钥##
Require all granted
[root@localhost conf.d]# systemctl restart httpd.service
测试:登入login.westos.com
5)网页重写
1 vim login.conf
ServerName "login.westos.com"
DocumentRoot "/var/www/virtual/login.westos.com/html"
CustomLog "logs/login.log" combined
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key
Require all granted
ServerName login.westos.com
RewriteEngine on
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
^(/.*)$ ###客户主机在地址栏中写入的所有字符,除了换行符###
https:// ###定向成为的访问协议###
%{HTTP_HOST} ###客户请求主机###
$1 ###指^(/.*)$的值###
[redirect=301] ###301指临时重定向,302指永久重定向###
2 systemctl restart httpd.service
测试:
在客户主机中添加解析
172.25.254.112 login.westos.com
访问http://login.westos.com 会自动跳转到
https://login.westos.com