Apache web服务

第九单元

Apache web服务

一 Apache安装

1 yum install httpd -y ###安装apache软件包###

2 systemctl start httpd ###开启服务###

3 systemctl enable httpd.service ###开机自动开启服务###

4 systemctl stop firewalld.service ###关闭防火墙###

5 systemctl disable firewalld.service ###开机自动关闭###

6 netstat -antlp | grep httpd ###查看监听端口###

二 apache基本信息

1 apache的默认发布目录

index.html

2 apache的配置文件

/etc/httpd/conf/httpd.conf ###主配置文件###

ServerRoot "/etc/httpd" ###用于指定Apache的运行目录###

Listen 80 ###监听端口###

User apache ###运行apache程序的用户和组###

Group apache

ServerAdmin root@localhost ###管理员邮箱###

DocumentRoot "/var/www/html" ###网页文件的存放目录###

##语句块自定义目录权限##

Require all granted

ErrorLog "logs/error_log" ###错误日志存放位置###

AddDefaultCharset UTF-8 ###默认支持的语言###

IncludeOptional conf.d/*.conf ###加载其它配置文件###

DirectoryIndex index.html ###默认主页名称###

/etc/httpd/conf.d/*.conf ###子配置文件###

3 apache的默认发布目录

/var/www/html

4 apache的默认端口

80

三 apache的基本配置

1 ）默认文件的修改

1 vim /var/www/html/index.html ###编写默认文件###

内容：

hello world

2 vim /var/www/html/ westos.html ###编写默认文件###

内容:

westos linux

3 vim /etc/httpd/conf/httpd.con

168

169 DirectoryIndex westos.html index.html ###默认westos.html为默认文件，如果westos.html不存在，则默认文件为index.html#####

170

4 systemctl restart httpd.service ###重新启动服务###

测试：

登入 172.25.254.112 查看显示的内容是index.html还是westos.html

如果将westos.html文件删除

过程如下：

[root@mariadb mysqladmin]# cd /var/www/html/

[root@mariadb html]# ls

admin cgi mysqladmin

[root@mariadb html]# vim index.html

[root@mariadb html]# vim westos.html

[root@mariadb html]# vim /etc/httpd/conf/httpd.conf

[root@mariadb html]# systemctl restart httpd.service

[root@mariadb html]# rm -fr westos.html

2 ）默认目录的修改

当selinux是disabled的时候：

1 mkdir /westos/www/test -p ###建立一个目录作为默认目录###

2 vim /westos/www/test/westos.html ###编写默认文件###

内容：

westos's page

3 vim /etc/httpd/conf/httpd.conf

121 DocumentRoot "/westos/www/test" ###修改默认目录###

122

123 ###设置默认目录访问权限####

124 Require all granted ####允许所有人访问####

125

4 systemctl restart httpd.service ###重启服务###

测试：

登入172.25.254.112查看内容：

过程如下：

[root@mariadb html]# mkdir /westos/www/test -p

[root@mariadb html]# vim /westos/www/test/westos.html

[root@mariadb html]# vim /etc/httpd/conf/httpd.conf

[root@mariadb html]# systemctl restart httpd.service

当selinux是enforcing状态：

在添加下面两步：

1 semanage fcontext -a -t httpd_sys_content_t '/westos(/.*)?'###修改安全上下文###

2 restorecon -RvvF /westos/ ###刷新###

3 )apache的访问控制

设定ip的访问：

1 mkdir /var/www/html/admin/

2 vim /var/www/html/admin/index.html

admin's page

3 vim /etc/httpd/conf/httpd.conf

Order Allow,Deny ###允许所有人访问admin目录但只有78主机不能访问###

Allow from All

Deny from 172.25.254.78

< ###只允许78访问访问admin目录####

Order Deny,Allow

Allow from 172.25.254.78

Deny from All

3 systemctl restart httpd.service ###重启服务###

过程如下：

[root@mariadb ~]# mkdir /var/www/html/admin/

[root@mariadb ~]# vim /var/www/html/admin/index.html

[root@mariadb ~]# vim /etc/httpd/conf/httpd.conf

[root@mariadb ~]# systemctl restart httpd.service

特定用户的访问：

1 htpasswd -cm /etc/httpd/accessuser admin ###设定用户，-c指创建，-m指定名称，改命令为创建了一个用户admin，该用户信息存放在/etc/httpd/accessuser#####

2 htpasswd -m /etc/httpd/accessuser tom ###创建用户tom，第二次创建不用加-c，不然会将第一次创建的用户信息覆盖###

3 vim /etc/httpd/conf/httpd.conf

AuthUserFile /etc/httpd/accessuser ###用户认证文件###

AuthName "please input your name and password !!" ###用户认证提示信息###

AuthType basic ###认证类型###

Require user tom ###认证用户，只有tom可以访问，如果是Require valid-user 则认证文件中的所有用户###

过程如下：

[root@mariadb ~]# vim /etc/httpd/conf/httpd.conf

[root@mariadb ~]# cd /etc/httpd/

[root@mariadb httpd]# htpasswd -cm /etc/httpd/accessuser admin

New password:

Re-type new password:

Adding password for user admin

[root@mariadb httpd]# cat /etc/httpd/accessuser

admin:$apr1$/2PFvsol$SDJa/.mb1dmWnjHzZEPu11

[root@mariadb httpd]# htpasswd -m /etc/httpd/accessuser tom

New password:

Re-type new password:

Adding password for user tom

[root@mariadb httpd]# cat /etc/httpd/accessuser

admin:$apr1$/2PFvsol$SDJa/.mb1dmWnjHzZEPu11

tom:$apr1$pZ1snUMw$Sd/oscb2DOr0j6aCTvoDB1

[root@mariadb httpd]# mkdir -p /var/www/html/admin

[root@mariadb httpd]# systemctl restart httpd.service

测试：

登入172.25.254.112/admin

4）apache语言支持

php html cqi

默认支持：html

php语言：

1 yum install php -y

2 vim /var/www/html/index.php

phpinfo();

?>

3 systemctl restart httpd.service

过程如下：

[root@mariadb html]# yum install php

[root@mariadb html]# vim /var/www/html/index.html

[root@mariadb html]# systemctl restart httpd.service

cgi语言：

1 yum install httpd-manual -y

2 mkdir /var/www/html/cgi

3 cd /var/www/html/cgi/

4 vim index.cgi

#!/usr/bin/perl

print "Content-type: text/html\n\n";

print `date`;

5 chmod +x index.cgi

6 vim /etc/httpd/conf/httpd.conf

179 DirectoryIndex index.html index.cgi

135

136 Options +ExecCGI

137 AddHandler cgi-script .cgi

138

[root@mariadb httpd]# yum install httpd-manual -y

[root@mariadb httpd]# systemctl restart httpd.service

[root@mariadb httpd]# mkdir /var/www/html/cgi

[root@mariadb httpd]# touch /var/www/html/cgi/index.cgi

[root@mariadb httpd]# cd /var/www/html/cgi/

[root@mariadb cgi]# vim index.cgi

[root@mariadb cgi]# chmod +x index.cgi

[root@mariadb cgi]# vim /etc/httpd/conf/httpd.conf

[root@mariadb cgi]# systemctl restart httpd.service

测试：

登入172.25.254.112/cgi

三 虚拟主机

1 ) 定义：

可以让我们的一台aoache服务器在被访问不同域名的时候显示不同的主页,虚拟主机允许您从一个httpd服务器同时为多个网站提供服务

2 )建立测试页：

cd /var/www/

mkdir virtual

mkdir virtual/news.westos.com

mkdir virtual/money.westos.com

mkdir virtual/money.westos.com/html

mkdir virtual/news.westos.com/html

echo "money.westos.com's page" > virtual/money.westos.com/html/index.html

echo "news.westos.com's page" > virtual/news.westos.com/html/index.html

3 )配置

1 cd /etc/httpd/conf.d/ ##在子配置文件里配置

2 vim default.conf ###没有指定域名的访问都访问default

####虚拟主机开启的端口####

DocumentRoot "/var/www/html" ###虚拟主机的默认发布目录###

CustomLog "logs/default.log" combined ###虚拟主机日志###

3 vim news.conf ###指定域名为news.westos.com的访问###

ServerName "news.westos.com" ###指定服务器名称###

DocumentRoot "/var/www/virtual/news.westos.com/html"

CustomLog "logs/news.log" combined

###默认发布目录访问授权#

Require all granted

4 vim money.conf ###指定域名为money.westos.com的访问###

ServerName "money.westos.com"

DocumentRoot "/var/www/virtual/money.westos.com/html"

CustomLog "logs/money.log" combined

Require all granted

5 systemctl restart httpd.service ###重启服务###

6 在在浏览器的主机上要进行本地解析：

[root@foundation12 Desktop]# vim /etc/hosts

172.25.254.112 www.westos.com news.westos.com money.westos.com

测试：

分别登入www.westos.com , new.westos.com , money.westos.com

过程如下：

[root@server ~]# cd /var/www/ ###建立测试页###

[root@server www]# mkdir virtual

[root@server www]# ls

cgi-bin html virtual

[root@server www]# mkdir virtual/news.westos.com

[root@server www]# mkdir virtual/money.westos.com

[root@server www]# mkdir virtual/money.westos.com/html

[root@server www]# mkdir virtual/news.westos.com/html

[root@server www]# echo "money.westos.com's page" > virtual/money.westos.com/html/index.html

[root@server www]# echo "news.westos.com's page" > virtual/news.westos.com/html/index.html

[root@server conf]# cd /etc/httpd/conf.d/ ##在子配置文件里配置###

[root@server conf.d]# ls

autoindex.conf php.conf userdir.conf

manual.conf README welcome.conf

[root@server conf.d]# vim default.conf

[root@server conf.d]# vim news.conf

[root@server conf.d]# cp news.conf money.conf

[root@server conf.d]# vim money.conf

[root@server conf]# cd /etc/httpd/conf.d

[root@server conf.d]# ls

autoindex.conf manual.conf news.conf README welcome.conf

default.conf money.conf php.conf userdir.conf

[root@server conf.d]# systemctl restart httpd.service ###重启服务###

在浏览器的主机上要进行本地解析：

[root@foundation12 Desktop]# vim /etc/hosts

172.25.254.112 www.westos.com news.westos.com money.westos.com

4 )配置https

http的访问是明文的访问，https的访问是加密的访问。

https访问的监听端口是443

1 netstat -antlpe | grep httpd ###查看与httpd有关的端口有哪些##

2 yum install mod_ssl -y ###只有安装了ssl才会有443端口###

3 vim /etc/httpd/conf.d/ssl.conf ###安装号ssl后就会出现ssl.conf文件,文件内容有443端口####

4 yum install crypto-utils.x86_64 -y ###安装生成自签名证书的软件包###

5 genkey www.westos.com ###调用genkey生成证书###

--> 记录生成的证书和关联的私钥的位置

--> 选择合适的密钥大小

--> 在生成随机数时比较慢,敲键盘和移动鼠标可以加速

--> 拒绝向认证机构(CA)发送证书请求(CSR)

--> 拒绝加密私钥

--> 为服务器提供合适的身份。Common Name必须与服务器的主机全名完全匹配(注意,任何逗号都应使用前导反斜线[\]进行转义)

-->

6 vim ssl.conf

7 vim login.conf

###https的监听端口###

ServerName "login.westos.com"

DocumentRoot "/var/www/virtual/login.westos.com/html"

CustomLog "logs/login.log" combined

SSLEngine on ###开启https的功能###

SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt ###证书###

SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key ##秘钥###

Require all granted

过程如下：

[root@localhost conf.d]# yum install mod_ssl.x86_64 -y

[root@localhost conf.d]# yum install crypto-utils.x86_64 -y

[root@localhost conf.d]# genkey www.westos.com

/usr/bin/keyutil -c makecert -g 512 -s "CN=www.westos.com, OU=linux, O=westos, L=xi'an, ST=Shannxi, C=CN" -v 1 -a -z /etc/pki/tls/.rand.3946 -o /etc/pki/tls/certs/www.westos.com.crt -k /etc/pki/tls/private/www.westos.com.key

cmdstr: makecert

cmd_CreateNewCert

command: makecert

keysize = 512 bits

subject = CN=www.westos.com, OU=linux, O=westos, L=xi'an, ST=Shannxi, C=CN

valid for 1 months

random seed from /etc/pki/tls/.rand.3946

output will be written to /etc/pki/tls/certs/www.westos.com.crt

output key written to /etc/pki/tls/private/www.westos.com.key

Generating key. This may take a few moments...

Made a key

Opened tmprequest for writing

/usr/bin/keyutil Copying the cert pointer

Created a certificate

Wrote 486 bytes of encoded data to /etc/pki/tls/private/www.westos.com.key

Wrote the key to:

/etc/pki/tls/private/www.westos.com.key

[root@localhost conf.d]# ls

autoindex.conf money.conf README tmprequest welcome.conf

default.conf news.conf ssl.conf userdir.conf

[root@localhost conf.d]# vim ssl.conf

[1]+ Stopped vim ssl.conf

[root@localhost conf.d]# fg

vim ssl.conf

[1]+ Stopped vim ssl.conf

[root@localhost conf.d]# fg

vim ssl.conf

[root@localhost conf.d]# systemctl restart httpd.service

[root@localhost conf.d]# netstat -antlpe | grep httpd

tcp6 0 0 :::443 :::* LISTEN 0 97088 4088/httpd

tcp6 0 0 :::80 :::* LISTEN 0 97074 4088/httpd

[root@localhost conf.d]# cp -p money.conf login.conf

[root@localhost conf.d]# mkdir /var/www/virtual/login.westos.com/html -p

[root@localhost conf.d]# vim /var/www/virtual/login.westos.com/html/index.html

[root@localhost conf.d]# vim login.conf

###https的监听端口###

ServerName "login.westos.com"

DocumentRoot "/var/www/virtual/login.westos.com/html"

CustomLog "logs/login.log" combined

SSLEngine on ###开启https功能###

SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt##证书##

SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key##密钥##

Require all granted

[root@localhost conf.d]# systemctl restart httpd.service

测试：登入login.westos.com

5)网页重写

1 vim login.conf

ServerName "login.westos.com"

DocumentRoot "/var/www/virtual/login.westos.com/html"

CustomLog "logs/login.log" combined

SSLEngine on

SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt

SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key

Require all granted

###网页重写实现自动访问https###

ServerName login.westos.com

RewriteEngine on

RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]

^(/.*)$ ###客户主机在地址栏中写入的所有字符，除了换行符###

https:// ###定向成为的访问协议###

%{HTTP_HOST} ###客户请求主机###

$1 ###指^(/.*)$的值###

[redirect=301] ###301指临时重定向，302指永久重定向###

2 systemctl restart httpd.service

测试：

在客户主机中添加解析

172.25.254.112 login.westos.com

访问http://login.westos.com 会自动跳转到

https：//login.westos.com