2. IT
    3. Apache

    Apache

    xiaoxiao2021-03-25  148

    1.环境配置

    [root@localhost Desktop]# yum search httpd

    httpd.x86_64 : Apache HTTP Server

    [root@localhost Desktop]# yum install httpd.x86_64 -y [root@localhost Desktop]# systemctl start httpd [root@localhost Desktop]# cd /var/www/html/ [root@localhost html]# ls [root@localhost html]# vim index.html [root@localhost html]# cat index.html

    Ni hao today!

    *此时访问不到

    *解决方法 [root@localhost html]# firewall-cmd –list-all

    public (default, active) interfaces: eth0 sources: services: dhcpv6-client ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules:

    [root@localhost html]# firewall-cmd –permanent –add-service=httpd Error: INVALID_SERVICE: httpd

    [root@localhost html]# firewall-cmd –permanent –add-service=http

    success

    [root@localhost html]# firewall-cmd –reload success [root@localhost html]# firewall-cmd –list-all

    public (default, active) interfaces: eth0 sources: services: dhcpv6-client http ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules:

    [root@localhost html]#

    2.http 配置文件

    [root@localhost Desktop]# cd /etc/httpd/ [root@localhost httpd]# ls

    conf conf.d conf.modules.d logs modules run

    conf 主配置文件 …….. Listen 80 #访问端口 …… DocumentRoot “/var/www/html” #默认访问文件目录 (授权) DirectoryIndex index.html #默认访问文件名

    #授权格式

    #默认访问文件

    [root@localhost httpd]# ls conf httpd.conf magic [root@localhost httpd]# ls conf.d autoindex.conf README userdir.conf welcome.conf [root@localhost httpd]#

    3.虚拟主机

    一台主机的IP可以通过多个域名访问

    1)创建域名访问目录 2)编写域名访问文件 3)查看安全上下文 4)虚拟主机的子配置文件

    [root@localhost www]# mkdir news #建立虚拟用户访问的目录 [root@localhost www]# echo The weather is so good today > news/linux [root@localhost www]# cat news/linux

    The weather is so good today

    [root@localhost conf.d]# ls autoindex.conf README userdir.conf welcome.conf

    虚拟主机配置文件编写

    [root@localhost conf.d]# vim news.conf

    Servername news.westos.com #访问的域名 Documentroot /var/www/news #域名对应的家目录 customlog “logs/news.log” combined #日志存放位置 …… require all granted #授予权限

    查看安全上下文

    [root@localhost conf.d]# ls -Z /var/www/html/index.html -rw-r–r–. root root unconfined_u:object_r:httpd_sys_content_t:s0 /var/www/html/index.html [root@localhost conf.d]# ls -Z /var/www/news/linux -rw-r–r–. root root unconfined_u:object_r:httpd_sys_content_t:s0 /var/www/news/linux

    #若安全上下文格式不一致,则需要修改

    [root@apache html]# semanage fcontext -a -t httpd_sys_content_t ‘/www(/.*)?’

    #或者setenforce 0 #关闭selinux

    测试: root@foundation66 ~]# vim /etc/hosts [root@foundation66 ~]# cat /etc/hosts

    127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

    #172.25.254.250 content.example.com

    172.25.254.100 www.westos.com news.westos.com

    4.用户访问加密

    [root@localhost Desktop]# cd /etc/httpd/conf/ [root@localhost conf]# ls

    httpd.conf magic [root@localhost conf]# htpasswd -cm apachuser dch

    #创建用户(第一个用户需要加上c)

    New password: Re-type new password: Adding password for user dch

    [root@localhost conf]# ls

    apachuser httpd.conf magic [root@localhost conf]# cat apachuser dch: apr1 hLElLGdk$JEaxT8Ibv8CdY7yOT5S5l0

    [root@localhost conf]# htpasswd -m apachuser lee New password: Re-type new password: Adding password for user lee [root@localhost conf]# ls apachuser httpd.conf magic [root@localhost conf]# cat apachuser

    dch: apr1 hLElLGdk$JEaxT8Ibv8CdY7yOT5S5l0

    lee: apr1 OEYnk7Ul$mrLiSjuwEHx3whSJMXxiS1

    编写登陆加密所需的配置文件

    [root@localhost conf]# vim /etc/httpd/conf.d/news.conf

    Authuserfile /etc/httpd/conf/apachuser #用户和密码文件存放位置 Authname “Please enter the passwd” Authtype basic #文件类型 Require user dch #用户白名单 Require valid-user #允许所有用户

    [root@localhost conf]# mkdir /var/www/news/dch [root@localhost conf]# touch /var/www/news/dch/file1 [root@localhost conf]# cat /var/www/news/dch/file1 Ni hao HAH

    测试:

    5.添加IP访问权限

    [root@localhost conf]# vim /etc/httpd/conf.d/news.conf

    Order allow,deny #顺序(允许和否定)

    #eg:deny,allow 先执行deny的,再执行allow的

    allow from 172.25.254.200 deny from all

    6.自定义自签名证书

    1.确保已安装crypto-utils软件包

    [root@localhost Desktop]# yum install crypto-utils.x86_64 mod_ssl.x86_64 -y

    2.调用genkey,同时为生成文件指定唯一生成名称 –days可以指定证书有效期

    [root@localhost Desktop]# genkey apache-sever.crt

    random seed from /etc/pki/tls/.rand.5424 output will be written to /etc/pki/tls/certs/apache-sever.crt.crt output key written to /etc/pki/tls/private/apache-sever.crt.key

    7.安装证书及其私钥

    确定已安装mod_ssl软件包

    [root@localhost Desktop]# yum search mod_ssl

    Loaded plugins: langpacks ====================== N/S matched: mod_ssl ======================= mod_ssl.x86_64 : SSL/TLS module for the Apache HTTP Server Name and summary matches only, use “search all” for everything. [root@localhost Desktop]# vim /etc/httpd/conf.d/news.conf [root@localhost Desktop]# systemctl restart httpd.service

    转载请注明原文地址: https://ju.6miu.com/read-7341.html

    技术

    最新回复(0)