http
https
vim /var/www/html/index.html
对http://172.25.254.128进行编辑
lamp=linux+apache+mysql+php
Apache主配置文件: /etc/httpd/conf/httpd.conf
ServerRoot "/etc/httpd" 用于指定Apache的运行目录
Listen 80 监听端口
User apache 运行apache程序的用户和组
Group apache
ServerAdmin root@localhost 管理员邮箱
DocumentRoot "/var/www/html" 网页文件的存放目录
<Directory "/var/www/html"> <Directory>语句块自定义目录权限
Require all granted
</Directory>
ErrorLog "logs/error_log" 错误日志存放位置
AddDefaultCharset UTF-8 默认支持的语言
IncludeOptional conf.d/*.conf 加载其它配置文件
DirectoryIndex index.html 默认主页名称
####默认发布目录DocumentRoot
[root@apache html]# pwd
/www/html
修改配置文件
#DocumentRoot "/var/www/html"
DocumentRoot "/www/html"
#
# Relax access to content within /var/www.
#
<Directory "/www/html">
require all granted
</Directory>
若开启了selinux 需要更改目录安全上下文
semanage fcontext -a -t httpd_sys_content_t "/www(/.*)?"
restorecon -RvvF /www
######端口的修改##########
[root@apache ~]# vim /etc/httpd/conf/httpd.conf
[root@apache ~]# systemctl restart httpd
[root@apache html]# firewall-cmd --permanent --add-port=8080/tcp
success
[root@apache html]# firewall-cmd --reload
success
[root@apache html]# cd /var/www/html/
[root@apache html]# vim westos
##############虚拟主机############
虚拟主机允许您从一个httpd服务器同时为多个网站提供服务。在本节中,我们将了解基于名称的虚
拟主机其中多个主机名都指向同一个IP地址,但是Web服务器根据用于到达站点的主机名提供具有不
同内容的不同网站。
[root@apache conf.d]# vim default.conf
[root@apache conf.d]# mkdir /var/www/news
[root@apache conf.d]# mkdir /var/www/music
[root@apache conf.d]# echo new.lalala.com >/var/www/news/westos
[root@apache conf.d]# echo news.lalala.com >/var/www/news/westos
[root@apache conf.d]# echo music.lalala.com >/var/www/news/westos
vim /etc/httpd/conf.d/default.conf
<Virtualhost _default_:80>
Documentroot /var/www/html
customlog "logs/default.log" combined
</Virtualhost>
<Directory /var/www/html>
require all granted
</Directory>
vim /etc/httpd/conf.d/news.conf
<Virtualhost *:80>
Servername news.westos.com
Documentroot /var/www/news
customlog "logs/news.log" combined
</Virtualhost>
<Directory /var/www/news>
require all granted
</Directory>
vim /etc/httpd/conf.d/music.conf
<Virtualhost *:80>
Servername music.westos.com
Documentroot /var/www/music
customlog "logs/music.log" combined
</Virtualhost>
<Directory /var/www/music>
require all granted
</Directory>
mkdir /var/www/news/admin
用户的通过
<Directory /var/www/news/admin>
Order allow,deny
allow from 172.25.254.247
deny from all
</Directory>
设置加密,用户认证
htpasswd -cm /etc/httpd/conf/apacheusr user1
htpasswd -m /etc/httpd/conf/apacheusr admin
vim /etc/httpd/conf.d/news.conf
<Virtualhost *:80>
Servername news.westos.com
Documentroot /var/www/news
customlog "logs/news.log" combined
</Virtualhost>
<Directory /var/www/news>
require all granted
</Directory>
<Directory /var/www/news>
Authuserfile /etc/httpd/conf/apacheusr
Authname "Please input your name and passwor"
Authtype basic
Require user admin ###限制只有admin用户才可以访问
Require valid-user ###所有用户都可以访问
</Directory>
###php
yum install php -y
vim /etc/httpd/conf.d/php.conf
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
DirectoryIndex index.php
root@apache html]# vim index.php
<?php
phpinfo ();
?>
vim /etc/httpd/conf/httpd.conf
DirectoryIndex index.php 默认主页名称
###########cgi通用网关接口##############
通用网关接口(CGI)是网站上放置动态内容的最简单的方法。CGI脚本可用于许多目
的,但是谨慎控制使用哪个CGI脚本以及允许谁添加和运行这些脚本十分重要。编写质量差的CGI
脚本可能为外部攻击者提供了破坏网站及其内容安全性的途径。因此,在Web服务器级别和
SELinux策略级别,都存在用于限制CGI脚本使用的设置。
1.在目录/var/www/news中建立目录cgi并创建index.cgi
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print `date`;
2.修改/etc/httpd/conf.d/news.conf
<Virtualhost *:80>
Servername news.westos.com
Documentroot /var/www/news
customlog "logs/news.log" combined
</Virtualhost>
<Directory /var/www/news>
require all granted
</Directory>
<Directory /var/www/news/cgi>
Options +ExecCGI
AddHandler cgi-script .cgi
</Directory>
3.测试
#######自定义自签名证书##########
如果加密的通信非常重要,而经过验证的身份不重要,管理员可以通过生成self-signed certificate来避免与认证机构进行交互所带来的复杂性。使用genkey实用程序(通过crypto-utils软件包分发),生成自签名证书及其关联的私钥。为了简化起见,genkey将在“正确”的位置(/etc/pki/tls目录)创建证书及其关联的密钥。相应地,必须以授权用户(root)身份运行该实用程序。
生成自签名证书
1. 确保已安装crypto-utils软件包。
[root@server0 ~]# yum install crypto-utils mod_ssl
2. 调用genkey,同时为生成的文件指定唯一名称(例如,服务器的主机全名)。
--days可以指定证书有效期
[root@server0 ~]# genkey server0.example.com
output will be written to /etc/pki/tls/certs/apache.example.com.crt
output key written to /etc/pki/tls/private/apache.example.com.key
vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/apache.example.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/apache.example.com.key
vim /etc/httpd/conf.d/login.conf
<Virtualhost *:443>
Servername login.westos.com
Documentroot /var/www/login
Customlog "logs/login.log" combined
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/apache.example.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/apache.example.com.key
</Virtualhost>
<Directory "/var/www/login">
Require all granted
</Directory>
<Virtualhost *:80>
Servername login.westos.com
RewriteEngine on
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
</Virtualhost>
该为网页重写。,使其自动访问https
mkdir /var/www/login
vim /var/www/login/index.html
login.westos.com
####################数据库######################
yum install mariadb-server -y
systemctl start mariadb
[root@apache ~]# netstat -antlpe | grep mysql
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 27 121617 5764/mysqld
[root@apache ~]# vim /etc/my.cnf ##关掉端口
编辑/etc/my.cnf文件,在[mysqld]中加入以下参数:
skip-networking=1
# systemctl restart mariadb
# ss -antlp |grep mysql
此时只允许通过套接字文件进行本地连接,阻断所有来自网络的tcp/ip连接。
[root@apache ~]# systemctl restart mariadb
[root@apache ~]# netstat -antlpe | grep mysqld
[root@apache ~]# mysql
使用mysql_secure_installation工具进行数据库安全设置,根据提示完成操作:
# mysql_secure_installation
登录数据库
mysqladmin -uroot -predhat password westos 修改本地mysql root密码
mysqladmin -uroot -predhat -h 192.168.0.188 password westos 修改远程192.168.0.188 mysql服务器 root密码
mysql_secure_installation 第一次安装mysql以后通过这条命令可以对mysql进行设置
mysql -uroot -predhat 从本机登录mysql数据库
show databases; 显示数据库
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)
use mysql; 进入数据库
MariaDB [mysql]>
show tables; 显示数据库中的表
+---------------------------+
| Tables_in_mysql |
+---------------------------+
| columns_priv |
| db |
| event |
| func |
| general_log |
| help_category |
| help_keyword |
| help_relation |
| help_topic |
| host |
| ndb_binlog_index |
| plugin |
| proc |
| procs_priv |
| proxies_priv |
| servers |
| slow_log |
| tables_priv |
| time_zone |
| time_zone_leap_second |
| time_zone_name |
| time_zone_transition |
| time_zone_transition_type |
| user |
+---------------------------+
24 rows in set (0.00 sec)
desc user; 查看user表的数据结构
+------------------------+-----------------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | De
MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
刷新数据库信息
select host,user,password from user; 查询user表中的host,user,password字段
+-----------+------+-------------------------------------------+
| host | user | password |
+-----------+------+-------------------------------------------+
| localhost | root | *28C1E2BE21B45562A34B6CC34A19CFAFC2F88F96 |
| 127.0.0.1 | root | *28C1E2BE21B45562A34B6CC34A19CFAFC2F88F96 |
| ::1 | root | *28C1E2BE21B45562A34B6CC34A19CFAFC2F88F96 |
+-----------+------+-------------------------------------------+
3 rows in set (0.00 sec)
create database westos; 创建westos数据库
use westos;
create table linux( 创建表,username,password字段
username varchar(15) not null,
password varchar(15) not null
);
select * from mysql.user; 查询mysql库下的user表中的所以
alter table linux add age varchar(4); 添加age字段到linux表中
ALTER TABLE linux DROP age; 删除age字段
ALTER TABLE linux ADD age VARCHAR(5) AFTER name; 在username字段后添加字段age
show tables;
desc linux;
insert into linux values ('user1','passwd1'); 在linux表中插入值为username = user1,password = password1
update linux set password=password('passwd2') where username=user1; 更新linux表中user1 的密码为password2
delete from linux where username=user1; 删除linux表中user1的所以内容
grant select on *.* to user1@localhost identified by 'passwd1'; 授权user1 密码为passwd1 并且只能在本地 查询数据库的所以内容
grant all on mysql.* to user2@'%' identified by 'passwd2'; 授权user2 密码为passwd2 可以从远程任意主机登录mysql 并且可以对mysql数据库任意操作
备份
/var/lib/mysql
mysqldump -uroot -predhat mysql > mysql.bak 备份mysql库到mysql.bak
mysql -uroot -predhat westos < mysql.bak 恢复mysql.bak 到westos库
mysql 密码恢复
/etc/init.d/mysqld stop
mysqld_safe --skip-grant-tables & 跳过grant-tables授权表 不需要认证登录本地mysql数据库
update mysql.user set password=password('westos') where user='root'; 更新mysql.user 表中条件为root用户的密码为加密westos
/etc/init.d/mysql restart
phpmyadmin
yum install php php-mysql httpd mysql mysql-server
tar jxf phpmyadmin-*.tar.bz2 -C /var/www/html
mv phpmyadmin phpadmin
cp config.sample.inc.php config.inc.php
vim config.inc.php
add
$cfg['blowfish_secret'] = 'test';
/etc/init.d/httpd start
http://192.168.0.188/phpadmin
