Linux apache
1.apache
创建实验环境:
yum install httpd -y
systemctl start httpd
systemctl enable httpd
systemctl stop firewalld
systemctl disable firewalld
apache的主配置文件:/etc/httpd/conf/httpd.conf
ServerRoot "/etc/httpd" ##服务器设置的最顶层目录,包括 logs、modules等的数据都要放置在该目录下(若未声明为绝对路径时)
Listen 80 ##服务器默认的监听接口
Include conf.d/*.conf ##读入放置到/etc/httpd/conf.d/*.conf
User apache
Group apache ##与prework、worker等模块所启动的process的属主与属组设置。(此身份关乎之后提供的网络文件是否能被浏览)
ServerAdmin [email protected] ##可将[email protected]改为自己的email,当网站出现问题时错误信息会显示在联系邮箱之中
<Directory />
AllowOverride none ##不允许覆盖参数功能
Require all denied
< /Directory>
1.apache基本配置:
1)修改默认发布文件
vim /etc/httpd/conf/httpd.conf
164 DirectoryIndexwestos.html ##修改默认发布文件为westos.html
vim /var/www/html/westos.html
systemctl restart httpd
2)修改默认发布目录
当selinxu为disable状态
mkdir /westos/www/test/ -p ##新建/westos/www/test目录
mv /var/www/html/westos.html /westos/www/test/ ##将原来默认发布目录里的默认发布文件移动到新建的目录中来
vim httpd.conf
<Directory"/westos/www/test">
120 DocumentRoot "/westos/www/test" ##修改默认发布目录为/westos/www/test
Require all granted ##给文件进行授权
</Directory>
systemctl restart httpd
当selinux为enforcing状态
semanage fcontext -a -thttpd_sys_content_t '/westos(/.*)?'
restorecon -RvvF /westos
2.apache的访问控制
cd /var/www/html
mkdir admin
##设定ip的访问
vim /etc/httpd/conf/httpd.conf
DocumentRoot "/var/www/html"
#DocumentRoot"/westos/www/test"
DocumentRoot"/var/www/html/admin"
<Directory"/var/www/html/admin"> ##允许所有人访问admin目录,拒绝61主机
Order Allow,Deny
Allow from all
Deny from 172.25.254.61
</Directory>
Order Deny,Allow
Allow from 172.25.254.61
Deny from all
</Directory>
systemctl restart httpd
##设定用户的访问
htpasswd -cm /etc/httpd/accessuseradmin ##给admin新增密码
vim /etc/httpd/conf/httpd.conf
<Directory"/var/www/html/admin">
AuthUserFile/etc/httpd/accessuser ##用户认证文件
AuthName "Please inputyour named and passwd" ##用户认证提示信息
AuthType basic ##认证类型
Require valid-user ##认证用户,认证文件中的所有用户都可以访问
[Require user admin] ##只有admin用户可以访问
</Directory>
systemctl restart httpd
输入用户及密码正确
4.apache的虚拟主机
1)建立测试页
cd /var/www
mkdir -p virtual/news.westos.com/html ##虚拟主机默认发布目录
mkdir -pvirtual/money.westos.com/html
echo"<h1>money.westos.com's page</h1>" >virtual/money.westos.com/html/index.html
echo"<h1>news.westos.com's page</h1>" >virtual/news.westos.com/html/index.html
2)配置
vim /etc/httpd/conf.d/default.conf ##未指定域名的访问都访问default
<Virtualhost _default_:80> ##虚拟主机开启的端口
DocumentRoot"/var/www/html" ##虚拟主机的默认发布目录
CustomLog"logs/default.log" combined ##虚拟主机日志
</Virtualhost>
vim
/etc/httpd/conf.d/news.conf ##指定域名news.westos.com的访问到指定默认发布目录
<Virtualhost *:80>
ServerName"news.westos.com" ##指定域名
DocumentRoot"/var/www/virtual/news.westos.com/html" ##默认发布目录
CustomLog"logs/news.log" combined ##日志
</Virtualhost>
<Directory"/var/www/virtual/news.westos.com/html"> ##默认发布目录的访问授权
Require all granted
</Directory>
<Virtualhost *:80>
ServerName"money.westos.com" ##指定域名
DocumentRoot"/var/www/virtual/money.westos.com/html" ##默认发布目录
CustomLog"logs/money.log" combined ##日志
</Virtualhost>
<Directory"/var/www/virtual/money.westos.com/html"> ##默认发布目录的访问授权
Require all granted
</Directory>
3)测试
在浏览器所在主机中做域名解析
vim /etc/hosts ##域名解析
172.25.254.123 www.westos.comnews.westos.com money.westos.com
4.https加密
1)配置
yum install mod_ssl crypto-utils-y
genkey www.westos.com
生成的证书:/etc/pki/tls/certs/www.westos.com.crt
生成的**:/etc/pki/tls/private/www.westos.com.key
Virtualhost *:443>
ServerName"login.westos.com"
DocumentRoot"/var/www/virtual/login.westos.com/html"
CustomLog"logs/login.log" combined
SSLEngine on
SSLCertificateFile/etc/pki/tls/certs/www.westos.com.crt
SSLCertificateKeyFile/etc/pki/tls/private/www.westos.com.key
</Virtualhost>
<Directory"/var/www/virtual/login.westos.com/html">
Require all granted
</Directory>
<Virtualhost *:80>
ServerNamelogin.westos.com
RewriteEngine on
RewriteRule ^(/.*)$https://%{HTTP_HOST}$1 [redirect=301]
</Virtualhost>
mkdir/var/www/virtual/login.westos.com/html -p
vim/var/www/virtual/login.westos.com/html/index.html
<h1>login.westos.com</h1>
2)测试
在客户主机中添加解析
vim /etc/hosts
172.25.254.122login.westos.com
访问http://login.westos.com会自动调转到https://login.westos.com实现网页数据加密传输