Apache

最新推荐文章于 2024-03-10 10:15:00 发布

DCHXMJ

最新推荐文章于 2024-03-10 10:15:00 发布

阅读量505

点赞数

CC 4.0 BY-SA版权

文章标签： apache http server

本文链接：https://blog.youkuaiyun.com/DCHXMJ/article/details/60884016

1.环境配置

[root@localhost Desktop]# yum search httpd

httpd.x86_64 : Apache HTTP Server

[root@localhost Desktop]# yum install httpd.x86_64 -y
[root@localhost Desktop]# systemctl start httpd
[root@localhost Desktop]# cd /var/www/html/
[root@localhost html]# ls
[root@localhost html]# vim index.html
[root@localhost html]# cat index.html

Ni hao today!

*此时访问不到
这里写图片描述

*解决方法
[root@localhost html]# firewall-cmd –list-all

public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:

[root@localhost html]# firewall-cmd –permanent –add-service=httpd
Error: INVALID_SERVICE: httpd

[root@localhost html]# firewall-cmd –permanent –add-service=http

success

[root@localhost html]# firewall-cmd –reload
success
[root@localhost html]# firewall-cmd –list-all

public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client http ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:

[root@localhost html]#
这里写图片描述

2.http 配置文件

[root@localhost Desktop]# cd /etc/httpd/
[root@localhost httpd]# ls

conf conf.d conf.modules.d logs modules run

conf 主配置文件
……..
Listen 80 #访问端口
……
DocumentRoot “/var/www/html” #默认访问文件目录
（授权）
DirectoryIndex index.html #默认访问文件名

#授权格式

这里写图片描述

#默认访问文件

这里写图片描述

[root@localhost httpd]# ls conf
httpd.conf magic
[root@localhost httpd]# ls conf.d
autoindex.conf README userdir.conf welcome.conf
[root@localhost httpd]#

3.虚拟主机

一台主机的IP可以通过多个域名访问

1)创建域名访问目录
2)编写域名访问文件
3)查看安全上下文
4)虚拟主机的子配置文件

[root@localhost www]# mkdir news #建立虚拟用户访问的目录
[root@localhost www]# echo The weather is so good today > news/linux
[root@localhost www]# cat news/linux

The weather is so good today

[root@localhost conf.d]# ls
autoindex.conf README userdir.conf welcome.conf

虚拟主机配置文件编写

[root@localhost conf.d]# vim news.conf

Servername news.westos.com #访问的域名
Documentroot /var/www/news #域名对应的家目录
customlog “logs/news.log” combined #日志存放位置
……
require all granted #授予权限

查看安全上下文

[root@localhost conf.d]# ls -Z /var/www/html/index.html
-rw-r–r–. root root unconfined_u:object_r:httpd_sys_content_t:s0 /var/www/html/index.html
[root@localhost conf.d]# ls -Z /var/www/news/linux
-rw-r–r–. root root unconfined_u:object_r:httpd_sys_content_t:s0 /var/www/news/linux

#若安全上下文格式不一致,则需要修改

[root@apache html]# semanage fcontext -a -t httpd_sys_content_t ‘/www(/.*)?’

#或者setenforce 0 #关闭selinux

测试:
root@foundation66 ~]# vim /etc/hosts
[root@foundation66 ~]# cat /etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

#172.25.254.250 content.example.com

172.25.254.100 www.westos.com news.westos.com

4.用户访问加密

[root@localhost Desktop]# cd /etc/httpd/conf/
[root@localhost conf]# ls

httpd.conf magic
[root@localhost conf]# htpasswd -cm apachuser dch

#创建用户(第一个用户需要加上c)

New password:
Re-type new password:
Adding password for user dch

[root@localhost conf]# ls

apachuser httpd.conf magic
[root@localhost conf]# cat apachuser
dch: $apr1$ hLElLGdk$JEaxT8Ibv8CdY7yOT5S5l0

[root@localhost conf]# htpasswd -m apachuser lee
New password:
Re-type new password:
Adding password for user lee
[root@localhost conf]# ls
apachuser httpd.conf magic
[root@localhost conf]# cat apachuser

dch: $apr1$ hLElLGdk$JEaxT8Ibv8CdY7yOT5S5l0

lee: $apr1$ OEYnk7Ul$mrLiSjuwEHx3whSJMXxiS1

编写登陆加密所需的配置文件

[root@localhost conf]# vim /etc/httpd/conf.d/news.conf

Authuserfile /etc/httpd/conf/apachuser #用户和密码文件存放位置
Authname “Please enter the passwd”
Authtype basic #文件类型
Require user dch #用户白名单
Require valid-user #允许所有用户

这里写图片描述
[root@localhost conf]# mkdir /var/www/news/dch
[root@localhost conf]# touch /var/www/news/dch/file1
[root@localhost conf]# cat /var/www/news/dch/file1
Ni hao HAH

测试:

5.添加IP访问权限

[root@localhost conf]# vim /etc/httpd/conf.d/news.conf

Order allow,deny #顺序(允许和否定)

#eg:deny,allow 先执行deny的,再执行allow的

allow from 172.25.254.200
deny from all

6.自定义自签名证书

1.确保已安装crypto-utils软件包

[root@localhost Desktop]# yum install crypto-utils.x86_64 mod_ssl.x86_64 -y

2.调用genkey,同时为生成文件指定唯一生成名称
–days可以指定证书有效期

[root@localhost Desktop]# genkey apache-sever.crt

random seed from /etc/pki/tls/.rand.5424
output will be written to /etc/pki/tls/certs/apache-sever.crt.crt
output key written to /etc/pki/tls/private/apache-sever.crt.key

7.安装证书及其私钥

确定已安装mod_ssl软件包

[root@localhost Desktop]# yum search mod_ssl

Loaded plugins: langpacks
====================== N/S matched: mod_ssl =======================
mod_ssl.x86_64 : SSL/TLS module for the Apache HTTP Server
Name and summary matches only, use “search all” for everything.
[root@localhost Desktop]# vim /etc/httpd/conf.d/news.conf

[root@localhost Desktop]# systemctl restart httpd.service