httpd实例

实例1：

• 在server上配置一个web站点http://server.example.com；
• 从http://ldap.example.com/pub/example.html下载文件，并重命名为index.html，
• 不要修改文件内容，将文件index.html拷贝到您的DocumentRoot目录下
• 来自于example.com的客户端可以访问该web服务器
• 来自于my133t.org的客户端的访问会被拒绝

//安装httpd服务器，并且启动它
[[email protected] ~]# yum -y install httpd
[[email protected] ~]# systemctl enable httpd
[[email protected] ~]# systemctl start httpd
//下载文件，重命名
[[email protected] Desktop]# cd /var/www/html/
[[email protected] html]# wget http://ldap.example.com/pub/example.html
[[email protected] html]# mv example.html index.html
//添加防火墙规则
[[email protected] html]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 service name=http accept' --permanent
success
[[email protected] html]# firewall-cmd --reload
success
//防火墙默认拒绝，my133t.org会被拒绝

实例2：

• 为站点http://server.example.com配置TLS加密；
• 已签名证书从http://ldap.example.com/pub/server0.crt获取
• 证书的**从http://ldap.example.com/pub/server0.key获取
• 证书的签名授权信息从http://ldap.example.com/pub/group30.crt获取

//下载TLS服务
[[email protected] html]# yum -y install mod_ssl
//配置ssl配置文件
[[email protected] html]# vim /etc/httpd/conf.d/ssl.conf
ServerName www.example.com:443           //去掉注释
SSLCertificateFile /etc/pki/tls/certs/               //签名证书存放地址
SSLCertificateKeyFile /etc/pki/tls/private      //证书**存放地址
SSLCACertificateFile /etc/pki/tls/certs           //证书的签名授权信息存放地址
//下载证书
[[email protected] ~]# cd /etc/pki/tls/certs/
[[email protected] certs]# wget http://ldap.example.com/pub/server0.crt
[[email protected] certs]# wget http://ldap.example.com/pub/group0.crt
[[email protected] certs]# ls
ca-bundle.crt        localhost.crt    Makefile          server0.crt
ca-bundle.trust.crt  make-dummy-cert  renew-dummy-cert  group0.crt

[[email protected] certs]# cd ../private/
[[email protected] private]# wget http://ldap.example.com/pub/server0.key
[[email protected] private]# ls
localhost.key  server0.key

//添加https防火墙规则
[[email protected] ~]# firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 service name=https accept'
[[email protected] ~]# firewall-cmd --reload .crt
//重启服务
[[email protected] ~]# systemctl restart httpd

实例3：

在server上扩展您的web服务器:

• 为站点http://www.example.com创建一个虚拟主机
• 设置DocumentRoot为/var/www/virtual
• 从http://ldap.example.com/pub/www.html下载文件，并重命名为index.html，不要修改文件内容
• 将文件index.html拷贝到DocumentRoot目录下
• 确保Floyd用户能够在/var/www/virtual下创建文件

//创建Document目录，下载文件
[email protected] ~]# systemctl restart httpd
[[email protected] ~]# cd /var/www/
[[email protected] www]# mkdir virtual
[[email protected] www]# wget -O virtual/index.html http://ldap.example.com/pub/www.html
//修改属主和属组
[[email protected] www]# chown -R apache.apache /var/www/
//确保Floyd用户能够在/var/www/virtual下创建文件
[[email protected] www]# useradd Floyd
[[email protected] www]# setfacl -m u:Floyd:rwx virtual/
//将本地虚拟主机复制到httpd配置文件
[[email protected] www]#  cd /etc/httpd/conf.d
[[email protected] httpd]# cp /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf  /etc/httpd/conf.d/
[[email protected] conf.d]# vim httpd-vhosts.conf 
[[email protected] conf.d]# tail httpd-vhosts.conf 
<VirtualHost *:80>
    DocumentRoot "/var/www/html"
    ServerName server0.example.com
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "/var/www/virtual"
    ServerName www.example.com
</VirtualHost>

//重新启动服务
[[email protected] httpd]# systemctl restart httpd

实例4：

web访问控制:

• 在您server上的web服务器的DocumentRoot目录下创建一个名为private的目录，
• 从http://ldap.example.com/pub/private.html下载文件到这个目录，并重命名为index.html，不要修改文件内容
• 从server上，任何人都可以浏览private的内容，但是从其他系统不能访问这个目录的内容

//创建目录，下载目录
[[email protected] Desktop]# cd /var/www/html
[[email protected] html]# mkdir privateml
[[email protected] html]# wget -O private/index.html http://ldap.example.com/pub/private.html
[[email protected] html]# chown apache.apache private/
//创建虚拟主机
[[email protected] html]# vim /etc/httpd/conf.d/httpd-vhosts.conf 
[[email protected] html]# tail -8 /etc/httpd/conf.d/httpd-vhosts.conf f 
<VirtualHost *:80>
    DocumentRoot "/var/www/html"
    ServerName server0.example.com
    <Directory "/var/www/html/private">
        Require ip 172.16.30.130
    </Directory>
</VirtualHost>
//重启服务
[[email protected] html]# systemctl restart httpd

验证：

实例5：

• 在server上实现动态web内容；
• 动态内容由名为alt.example.com的虚拟主机提供
• 虚拟主机监听端口为8909
• 从http://ldap.example.com/pub/webapp.wsgi下载一个脚本，然后放在适当的位置，不要修改文件内容
• 客户端访问http://alt.example.com:8909时，应该接受到动态生成的web页面
• 此http://alt.example.com:8909必须能被example.com内所有的系统访问

//下载一个脚本，然后放在适当的位置
[[email protected] html]# cd /var/www/
[[email protected] www]# mkdir wsgi
[[email protected] www]# wget -O wsgi/webapp.wsgi http://ldap.example.com/pub/webapp.wsgi
[[email protected] www]# chown -R apache.apache wsgi/
//创建虚拟网站
[[email protected] wsgi]# vim /etc/httpd/conf.d/httpd-vhosts.conf 
[[email protected] wsgi]# tail -5 /etc/httpd/conf.d/httpd-vhosts.conf 
<VirtualHost *:8909>
    WSGIScriptAlias / "/var/www/wsgi/webapp.wsgi"
    ServerName alt.example.com
</VirtualHost>
Listen 8909
（这里配置完了服务并不能起来，因为selinux还没配置，它不会放行）
[[email protected] www]# yum install mod_wsgi -y
[[email protected] www]# systemctl stop httpd
[[email protected] www]# semanage port -l |grep http
http_cache_port_t              tcp      8080, 8118, 8123, 10001-10010
http_cache_port_t              udp      3130
http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t            tcp      5988
pegasus_https_port_t           tcp      5989
[[email protected] www]# semanage port -a -t http_port_t -p tcp 8909
[[email protected] www]# systemctl start httpd
[[email protected] www]# firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 port protocol=tcp port=8909 accept'
[[email protected] www]# firewall-cmd --reload