Apache服务实例（续）

原创于 2019-01-17 10:15:14 发布 · 421 阅读

0 ·

CC 4.0 BY-SA版权

这篇博客详细介绍了Apache服务器的五个配置实例，包括文件下载、证书安装、虚拟主机创建、目录权限设置以及动态内容服务。每个实例都包含具体步骤，并强调了测试验证的重要性。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

实例一

1.从http://ldap.example.com/pub/example.html下载文件，并重命名为index.html，不修改文件内容
2.将文件index.html拷贝到你的DocumentRoot目录下
3 来自于example.com的客户端可以访问web服务器
4.来自于my133t.org的客户端的访问会被拒绝

[root@server30 html]# mv example.html index.html
[root@server30 ~]# systemctl mask iptables ebtables
ln -s '/dev/null' '/etc/systemd/system/iptables.service'
ln -s '/dev/null' '/etc/systemd/system/ebtables.service'
[root@server30 ~]# systemctl stop iptables ebtables
[root@server30 ~]# firewall-cmd --get-service|grep http
amanda-client bacula bacula-client dhcp dhcpv6 dhcpv6-client dns ftp high-availability http https imaps ipp ipp-client ipsec kerberos kpasswd ldap ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind samba samba-client smtp ssh telnet tftp tftp-client transmission-client vnc-server wbem-https
[root@server30 ~]# firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 service name=http accept'
success
[root@server30 ~]# firewall-cmd --reload
success
[root@server30 ~]# systemctl restart httpd

测试
在这里插入图片描述

实例二

1.已签名证书从http://ldap.example.com/pub/server30.crt获取
2.证书的密钥从http://ldap.example.com/pub/server30.key获取
3.证书的签名授权信息从http://ldap.example.com/pub/group30.crt获取

**先安装mod_ssl，然后到/etc/httpd/conf.d/ssl.conf下面配置

[root@server30 ~]# rpm -qa|grep mod_ssl
mod_ssl-2.4.6-17.el7.x86_64
[root@server30 ~]# cd /etc/httpd/conf.d/
[root@server30 conf.d]# ls
autoindex.conf  README  ssl.conf  userdir.conf  welcome.conf
[root@server30 conf.d]# vim ssl.conf 
60行
[root@server30 conf.d]# cd /etc/pki/tls/
[root@server30 tls]# ls
cert.pem  certs  misc  openssl.cnf  private
[root@server30 tls]# cd certs/
[root@server30 certs]# wget http://ldap.example.com/pub/server30.crt
[root@server30 certs]# cd ..
[root@server30 tls]# cd private/
[root@server30 private]# wget http://ldap.example.com/pub/server30.key
[root@server30 ~]# firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 service name=https accept'
success
[root@server30 ~]# firewall-cmd --reload
Success
[root@server30 conf.d]# vim ssl.conf 
......
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/server30.crt

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/server30.key

#   huge file containing all of them (file must be PEM encoded)
SSLCACertificateFile /etc/pki/tls/certs/group30.crt
......
[root@server30 conf.d]# systemctl restart httpd

测试
在这里插入图片描述

实例三

1.为站点http://ldap.example.com创建一个虚拟主机
2.设置 DocumentRoot 为/var/www/virtual
3.从http://ldap.example.com/pub/www.html下载文件，并重命名为index.html，不要修改文件内容
4.将文件index.html拷贝到 DocumentRoot目录下
5.确保floyd用户能够在/var/www/virtual下创建文件

[root@server30 ~]# cd /var/www/
[root@server30 www]# mkdir virtual
[root@server30 www]# cd virtual/
[root@server30 virtual]# wget http://ldap.example.com/pub/www.html
[root@server30 virtual]# ls
www.html
[root@server30 virtual]# mv www.html index.html
[root@server30 virtual]# cat index.html 
www.example.com
[root@server30 ~]# useradd floyd
[root@server30 ~]# setfacl -m u:floyd:rwx /var/www/virtual
[root@server30 ~]# getfacl /var/www/virtual
getfacl: Removing leading '/' from absolute path names
# file: var/www/virtual
# owner: root
# group: root
user::rwx
user:floyd:rwx
group::r-x
mask::rwx
other::r-x
[root@server30 ~]# find / -name *vhost*
/dev/vhost-net
/etc/selinux/targeted/modules/active/modules/vhostmd.pp
/usr/lib/modules/3.10.0-123.el7.x86_64/kernel/drivers/vhost
/usr/lib/modules/3.10.0-123.el7.x86_64/kernel/drivers/vhost/vhost_net.ko
/usr/lib64/httpd/modules/mod_vhost_alias.so
/usr/share/doc/httpd-2.4.6/httpd-vhosts.conf
[root@server30 ~]# cd /etc/httpd/conf.d/
[root@server30 conf.d]# cp /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf .
[root@server30 conf.d]# ls
autoindex.conf  httpd-vhosts.conf  README  ssl.conf  userdir.conf  welcome.conf
[root@server30 conf.d]# vim httpd-vhosts.conf 
......
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost *:80>
    DocumentRoot "/var/www/html"
    ServerName server30.example.com
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "/var/www/virtual"
    ServerName www.example.com
</VirtualHost>
......

[root@server30 conf.d]# systemctl restart httpd

测试
在这里插入图片描述

实例四

1.在server上的web服务器的 DocumentRoot目录下创建一个名为private的目录，从http://ldap.example.com/pub/private.html下载文件到这个目录，并重命名为index.html，不要修改文件内容
2.在server上，任何人都可以浏览private的内容，但是从其他系统不能访问这个目录的内容

[root@server30 ~]# cd /var/www/html/
[root@server30 html]# mkdir private
[root@server30 html]# cd private/
[root@server30 private]# wget http://ldap.example.com/pub/private.html
[root@server30 private]# mv private.html index.html
[root@server30 private]# ls
index.html
[root@server30 private]# cat index.html 
private
[root@server30 ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf
......
<VirtualHost *:80>
    DocumentRoot "/var/www/html"
    ServerName server30.example.com
    <Directory "/var/www/html/private">
    Require ip 172.16.30.130
    </Directory>
</VirtualHost>
......

[root@server30 ~]# systemctl restart httpd

测试
在这里插入图片描述

实例五

动态内容由为 alt.example.com的虚拟主机提供
虚拟主机侦听端口为8909
1.从http://ldap.example.com/pub/webapp.wsgi下载一个脚本，然后放在适当的位置，不用修改文件内容
2.客户端访问http://ldap.example.com：8909时，应接受到动态生成的web页面，此http://alt.example.com：8909必须能被example.com内所有的系统访问

[root@server30 ~]# cd /var/www/
[root@server30 www]# mkdir wsgi
[root@server30 www]# cd wsgi/
[root@server30 wsgi]# wget http://ldap.example.com/pub/webapp.wsgi
[root@server30 wsgi]# ls
webapp.wsgi
[root@server30 ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf 
......
<VirtualHost *:80>
    DocumentRoot "/var/www/virtual"
    ServerName www.example.com
</VirtualHost>
Listen 8909
<VirtualHost *:8909>
    WSGIScriptAlias / "/var/www/wsgi/webapp.wsgi"
    ServerName alt.example.com
</VirtualHost>
......

[root@server30 ~]# rpm -qa|grep wsgi
mod_wsgi-3.4-11.el7.x86_64
[root@server30 ~]# semanage port -l |grep http
http_cache_port_t              tcp      8080, 8118, 8123, 10001-10010
http_cache_port_t              udp      3130
http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t            tcp      5988
pegasus_https_port_t           tcp      5989
[root@server30 ~]# semanage port -a -t http_port_t -p tcp 8909
[root@server30 ~]# semanage port -l |grep http
http_cache_port_t              tcp      8080, 8118, 8123, 10001-10010
http_cache_port_t              udp      3130
http_port_t                    tcp      8909, 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t            tcp      5988
pegasus_https_port_t           tcp      5989
[root@server30 ~]# systemctl restart httpd
[root@server30 ~]# firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 port protocol=tcp port=8909 accept'
success
[root@server30 ~]# firewall-cmd --reload
success

测试
在这里插入图片描述