Apache
1. http协议
超文本传输协议(hyper text transfer protocol),html(hyper text mark language)
Apache主配置文件:/etc/httpd/conf/httpd.conf
Listen 80 监听端口
curl -I qq.com #查看qq所使用的HTTP服务器
httpd帮助手册
yum install httpd-manual.noarch -y
访问:http://localhost/manual
Web资源
- 静态资源:png,html
- 动态资源:jsp.php
http一次事务的完整过程
client --请求报文--> server
client <--响应报文-- server
2. httpd的简单应用
安装与启动
yum install httpd -y
systemctl start httpd
systemctl enable httpd
systemctl stop firewalld
3.修改httpd服务默认端口(默认端口是80)
netstat -antlupe | grep 8080
vim /etc/httpd/conf/httpd.conf
更改 42 Listen 8080
firewall-cmd --premanent --add-port=8080/tcp
firewall-cmd --reload
systemctl restart httpd
测试:
172.25.254.124:8080
4.修改默认发布文件
默认发布文件就是访问apache时没有指定文件名称时默认访问的文件
这个文件可以指定多个,有访问顺序
vim /etc/httpd/conf/httpd.conf
162<IfModule dir_module>
163 DirectoryIndex westos.html index.html ##在index.html不存在时访问westos.html谁在前先读谁,不存在的话就跳过
164</IfModule>
5. 修改默认发布目录(注意selinux)
vim /etc/httpd/conf/httpd.conf
mkdir -p /westos/html
用一个语句块更改权限
120 DocumentRoot "/westos/html"
121 <Directory "/westos">
122 Require all granted
123 </Directory>
systemctl restart httpd
重启http服务就能看到/westos/html的内容
#####注意selinux级别#####
当selinux=disabled,重启http服务后可看到默认发布文件
但是,当selinux=enforing,必须修改安全上下文才能看到默认发布文件
semanage fcontext -a -t httpd_sys_content_t '/hello(/.*)?'
restorecon -RvvF /hello/
########################
6.访问控制
指定ip访问
[[email protected] html]# mkdir westos
[[email protected] westos]# vim index.html
vim /etc/httpd/conf/httpd.conf
DocumentRoot "/var/www/html"
<Directory "/var/www/html/westos">
Order Deny,Allow ##访问是有先后顺序,可以自由更改顺序
Allow from 172.25.254.24 先从Deny开始,Allow会覆盖掉Deny的信息,允许24主机访问
Deny from All
</Directory>
systemctl restart httpd
不允许124主机访问
只允许24主机访问
指定用户访问
htpasswd -cm westosuser admin ##第一次创建要加c
New password:
Re-type new password:
Adding password for user admin
htpasswd -m westosuser admin1 ##第二次不用,会把admin覆盖掉
New password:
Re-type new password:
Adding password for user admin1
[[email protected] westos]# cat westosuser
admin:$apr1$8SGgBfIj$Wo8wLkqlppRrllL63YtZU/
admin1:$apr1$UKs/HJEK$yOd4zGUcfC.HhHdv88lzY0
vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/westos">
AuthUserFile /var/www/html/westos/westosuser
AuthType basic
AuthName "please input your name and passwd!!"
Require user admin ##允许admin用户登录
或Require valid-user ##允许有效用户登陆
</Directory>
4). 客户端访问:http://172.25.254.124/westos
二.Apache的分离访问(Apache的虚拟主机)
1.还原http的默认配置
2). 创建不同域名访问不同信息的目录
mkdir /var/www/virtual/news/html -p
mkdir /var/www/virtual/music/html -p
vim /var/www/virtual/news/html/index.html
vim /var/www/virtual/music/html/index.html
3). 修改配置文件/etc/httpd/conf.d/目录下
cd /etc/httpd/conf.d/
vim a_default.conf
@@
<Virtualhost _default_:80>
DocumentRoot /var/www/html ##默认发布目录
CustomLog logs/default.log combined ##所有日志存放(访问,警告,拒绝,错误)
</Virtualhost>
@@
vim news.conf
<Virtualhost *:80>
ServerName news.westos.com
DocumentRoot /var/www/virtual/news/html
CustomLog logs/news.log combined
</Virtualhost>
<Directory "/var/www/virtual/news/html">
Require all granted
</Directory>
cp -p news.conf music.conf
vim music.conf
:%s/news/music/g ##将文中news修改为music
systemctl start httpd
5). 客户端一定要写解析/etc/hosts(在哪里测试就修改哪里的本地解析文件)
172.25.254.124 www.westos.com news.westos.com music.westos.com
访问http://www.westos.com/结果
访问http://news.westos.com/结果:
访问http://music.westos.com/结果:
修改 /virtual/目录的selinux标签,selinux=enforcing
semanage fcontext -a -t httpd_sys_content_t '/virtual(/.*)?'
restorecon -FvvR /virtual/
三.httpd服务支持php语言
[[email protected] conf.d]# cd /var/www/html
[[email protected] html]# vim index.php ##在默认发布目录下建立文件 /var/www/html/index.php
<?php
phpinfo();
?>
[[email protected] html]# yum install php -y 安装php
重启http服务后,会生成/etc/httpd/conf.d/php.conf文件
访问网页查看
四.https (输入用户名密码的页面会出现https)
yum install mod_ssl -y
systemctl restart httpd
yum install crypto-utils.x86_64 -y
genkey www.westos.com 生成证书
生成钥匙
/etc/pki/tls/certs/www.westos.com.crt ##生成的安全证书
/etc/pki/tls/private/www.westos.com.key ##生成的钥匙
cd /etc/httpd/conf.d/ 此时配置目录自动生成 ssl.conf 配置文件,
vim ssl.conf
systemctl restart httpd
https://www.westos.com
修改配置文件 /etc/httpd/conf.d/ssl.conf,读取制作好的认证证书
https://www.westos.com 测试
可以查看此证书
网页重定向(rewrite):把所有80端口的请求全部重定向给443,自动加入https
ps:http默认端口80,https默认端口443
1.建立配置文件 /etc/httpd/conf.d/login.conf
cd /etc/httpd/conf.d/
cp music.conf login.conf
vim login.conf ##:%s/music/login/g 把所有的music改成login
<Virtualhost *:443>
ServerName login.westos.com
DocumentRoot /var/www/virtual/login/html
CustomLog logs/logins.log combined
SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
SSLEngine on
SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key
</Virtualhost>
<Directory "/var/www/virtual/login/html">
Require all granted
</Directory>
<Virtualhost *:80>
ServerName login.westos.com
RewriteEngine on
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301] ###^(/.*)$客户主机在浏览器中输入的所有字符,[redirect=301] 代表转换是临时的 302代表永久转换 ,%{HTTP_HOST}客户请求主机,https://强制客户加密访问,$1代表^(/.*)的值
</Virtualhost>
mkdir -p /var/www/virtual/login/html/
vim /var/www/virtual/login/html/index.html
##访问 login.westos.com 时以443接口访问
###^(/.*)$客户主机在浏览器中输入的所有字符,[redirect=301] 代表转换是临时的 302代表永久转换 ,%{HTTP_HOST}客户请求主机,https://强制客户加密访问,$1代表^(/.*)的值
systemctl restart httpd
测试:
vim /etc/hosts
172.25.254.124 login.westos.com
login.westos.com
cgi接口与httpd服务
1). 创建cgi文件
mkdir /var/www/html/cgi
vim /var/www/html/cgi/index.cgi
chmod +x /var/www/html/cgi/index.cgi
若selinux=Enforing,需修改安全上下文
semanage fcontext -a -t httpd_sys_script_exec_t '/var/www/html/cgi(/.*)?'
restorecon -FvvR /var/www/html/cgi/
2). 修改配置
vim /etc/httpd/conf.d/default.conf
@@
<directory "/var/www/html/cgi">
require all granted
options +ExecCGI
AddHandler cgi-script .cgi .perl
</directory>
@@
systemctl s restart httpd