配置服务文件参数-Linux系统中的配置文件
服务目录:/etc/httpd
主配置文件:/etc/httpd/conf/httpd.conf
网站数据目录:/var/www/html
访问日志:/var/log/httpd/access_log
错误日志:/var/log/httpd/error_log
HTTP服务主配置文件的参数结构
//全局配置
ServerName www.linuxprobe.com
ServerRoot /etc/httpd
........
//区域配置
<Directory>
....
</Directory>
....
//区域配置
<Location /server-status>
....
</Location>
....配置httpd服务程序时最常用的参数以及用途描述
//ServerRoot:服务目录
//ServerAdmin:管理员邮箱
//User:运行服务的用户
//Group:运行服务的用户组
//ServerName:网站服务器的域名
//DocumentRoot:网站数据目录
//Listen:监听的IP地址与端口
//DirectoryIndex:默认的索引页页面
//ErrorLog:错误日志文件
//CustomLog:访问日志文件
//Timeout:网页超时时间,默认为300秒
//修改默认页面
[root@localhost ~]# echo "Welcome to 192.168.95.100 LinuxProbe.com" > /var/www/html/index.html
//建立网站数据目录
[root@localhost ~]# echo "Welcome to 192.168.95.100 LinuxProbe.com" > /var/www/html/index.html
[root@localhost ~]# mkdir /home/wwwroot
[root@localhost ~]# echo "The New Web Directory" > /home/wwwroot/index.html
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
DocumentRoot "/home/wwwroot"
#
# Relax access to content within /var/www.
#
<Directory "/home/wwwroot">
AllowOverride None
# Allow open access:
Require all granted
</Directory>
# Further relax access to the default document root:
<Directory "/home/wwwroot">
.....省略部分输出信息.....
</Directory>
//SELinux三种配置模式
1.enforcing:强制启用安全策略模式,将拦截服务的不合法请求。
2.permissive:遇到服务越权访问时,只发出警告而不拦截
3.disbaled:对于越权行为不警告也不拦截
//查看SELinux运行模式,定义的是SELinux的默认运行状态,它不会再更改后立即生效
[root@localhost ~]# vim /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
//使用getenforce命令获得当前SELinux运行模式
[root@localhost ~]# getenforce
Enforcing
//使用setenforce [0/1]修改当前运行模式(0为禁用,1为启用)
[root@localhost ~]# setenforce 0
[root@localhost ~]# getenforce
Permissive
//再次刷新网页可正常显示内容
//semanage命令:用于管理SELinux的策略,语法格式为"semanage [参数] [文件]"
//semanage命令中的常用参数及作用
//-l:查询
//-a:添加
//-m:修改
//-d:删除向新的网站数据目录中新添加一条SELinux安全上下文,让这个目录以及里面的所有文件能够被httpd服务程序访问到
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/*//执行上述设置之后,还无法立即访问网站,还需要使用restorecon命令将设置好的SELinux安全上下文立即生效。使用-Rv参数对指定的目录进行递归操作,以及显示SELinux安全上下文的修改过程
[root@localhost ~]# restorecon -Rv /home/wwwroot/
Relabeled /home/wwwroot from unconfined_u:object_r:user_home_dir_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0
Relabeled /home/wwwroot/index.html from unconfined_u:object_r:user_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0个人用户主页功能
httpd服务程序中,默认没有开启个人用户主页功能。为此,我们需要编辑下面的配置文件,在UserDir disabled参数前面加上#,表示让httpd服务程序开启个人用户主页功能;同时把UserDir public_html参数前面的#去掉,UserDir参数表示网站数据在用户家目录中的保存目录名称,即public_html目录。
[root@localhost wwwroot]# vim /etc/httpd/conf.d/userdir.conf
#
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
# The path to the end user account 'public_html' directory must be
# accessible to the webserver userid. This usually means that ~userid
# must have permissions of 711, ~userid/public_html must have permissions
# of 755, and documents contained therein must be world-readable.
# Otherwise, the client will only receive a "403 Forbidden" message.
#
<IfModule mod_userdir.c>
#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
# UserDir disabled
#
# To enable requests to /~user/ to serve the user's public_html
# directory, remove the "UserDir disabled" line above, and uncomment
# the following line instead:
#
UserDir public_html
</IfModule>
#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
<Directory "/home/*/public_html">
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
</Directory>//在用户家目录中建立用于保存网站数据的目录及首页面信息。另外,还需要把家目录的权限修改为755,保证其他人也有权限读取里面的内容
[root@localhost wwwroot]# su - linuxprobe
[linuxprobe@localhost ~]$ mkdir public_html
[linuxprobe@localhost ~]$ echo "This is linuxprobe's website" > public_html/index.html
[linuxprobe@localhost ~]$ chmod -R 755 /home/linuxprobe/
[linuxprobe@localhost ~]$ exit
logout
[root@localhost wwwroot]# systemctl restart httpd
//此次报错的原因:SELinux域的概念。SELinux域确保服务程序不能执行违规的操作,只能本本分分地为用户提供服务。httpd服务中突然开启的这项个人用户主页功能到底有没有被SELinux域默认允许
[root@localhost wwwroot]# getsebool -a | grep http
httpd_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_dontaudit_search_dirs --> off
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> off
httpd_execmem --> off
httpd_graceful_shutdown --> off
httpd_manage_ipa --> off
[root@localhost wwwroot]# setsebool -P httpd_enable_homedirs=on
//生成密码文件
//让用户通过身份验证才能看到里面的内容
[root@localhost wwwroot]# htpasswd -c /etc/httpd/passwd linuxprobe
New password:
Re-type new password:
Adding password for user linuxprobe
[root@localhost wwwroot]# vim /etc/httpd/conf.d/userdir.conf
31 <Directory "/home/*/public_html">
32 AllowOverride all
33 #刚刚生成出的密码验证文件保存路径
34 authuserfile "/etc/httpd/passwd"
35 #当用户访问网站时的提示信息
36 authname "My Privately website"
37 #验证方式为密码模式
38 authtype basic
39 #访问网站时需要验证的用户名称
40 require user linuxprobe
41 </Directory>
虚拟主机
[root@localhost ~]# mkdir -p /home/wwwroot/10
[root@localhost ~]# mkdir -p /home/wwwroot/20
[root@localhost ~]# mkdir -p /home/wwwroot/30
[root@localhost ~]# echo "IP:192.168.10.10" > /home/wwwroot/10/index.html
[root@localhost ~]# echo "IP:192.168.10.20" > /home/wwwroot/20/index.html
[root@localhost ~]# echo "IP:192.168.10.30" > /home/wwwroot/30/index.html
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
<VirtualHost 192.168.95.102>
DocumentRoot /home/wwwroot/10
ServerName www.linuxprobe.com
<Directory /home/wwwroot/10>
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
<VirtualHost 192.168.95.104>
DocumentRoot /home/wwwroot/20
ServerName www.linuxcool.com
<Directory /home/wwwroot/10>
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
<VirtualHost 192.168.95.105>
DocumentRoot /home/wwwroot/30
ServerName www.linuxdown.com
<Directory /home/wwwroot/10>
AllowOverride None
Require all granted
</Directory>
</VirtualHost>当服务器无法为每个网站都分配一个独立IP地址的时候,可以尝试让Apache自动识别用户请求的域名
[root@localhost conf]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.95.102 www.linuxprobe.com www.linuxcool.com www.linuxdown.com
[root@localhost conf]# ping -c 4 www.linuxprobe.com
PING www.linuxprobe.com (192.168.95.102) 56(84) bytes of data.
64 bytes from www.linuxprobe.com (192.168.95.102): icmp_seq=1 ttl=64 time=0.039 ms
64 bytes from www.linuxprobe.com (192.168.95.102): icmp_seq=2 ttl=64 time=0.058 ms
64 bytes from www.linuxprobe.com (192.168.95.102): icmp_seq=3 ttl=64 time=0.048 ms
64 bytes from www.linuxprobe.com (192.168.95.102): icmp_seq=4 ttl=64 time=0.049 ms
--- www.linuxprobe.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3068ms
rtt min/avg/max/mdev = 0.039/0.048/0.058/0.009 ms//基于主机域名
[root@localhost ~]# mkdir -p /home/wwwroot/linuxprobe
[root@localhost ~]# mkdir -p /home/wwwroot/linuxcool
[root@localhost ~]# mkdir -p /home/wwwroot/linuxdown
[root@localhost ~]# echo "www.linuxprobe.com" > /home/wwwroot/linuxprobe/index.html
[root@localhost ~]# echo "www.linuxcool.com" > /home/wwwroot/linuxcool/index.html
[root@localhost ~]# echo "www.linuxdown.com" > /home/wwwroot/linuxdown/index.html
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
<VirtualHost 192.168.95.102>
DocumentRoot /home/wwwroot/linuxprobe
ServerName www.linuxprobe.com
<Directory /home/wwwroot/linuxprobe>
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
<VirtualHost 192.168.95.102>
DocumentRoot /home/wwwroot/linuxcool
ServerName www.linuxcool.com
<Directory /home/wwwroot/linuxcool>
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
<VirtualHost 192.168.95.102>
DocumentRoot /home/wwwroot/linuxdown
ServerName www.linuxdown.com
<Directory /home/wwwroot/linuxdown>
AllowOverride None
Require all granted
</Directory>
</VirtualHost>//基于主机端口
[root@localhost ~]# mkdir -p /home/wwwroot/6111
[root@localhost ~]# mkdir -p /home/wwwroot/6222
[root@localhost ~]# mkdir -p /home/wwwroot/6333
[root@localhost ~]# echo "port:6111" > /home/wwwroot/6111/index.html
[root@localhost ~]# echo "port:6222" > /home/wwwroot/6222/index.html
[root@localhost ~]# echo "port:6333" > /home/wwwroot/6333/index.html
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
<VirtualHost 192.168.95.102:6111>
DocumentRoot /home/wwwroot/6111
ServerName www.linuxprobe.com
<Directory /home/wwwroot/6111>
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
<VirtualHost 192.168.95.102:6222>
DocumentRoot /home/wwwroot/6222
ServerName www.linuxcool.com
<Directory /home/wwwroot/6222>
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
<VirtualHost 192.168.95.102:6333>
DocumentRoot /home/wwwroot/6333
ServerName www.linuxdown.com
<Directory /home/wwwroot/6333>
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
#Listen 12.34.56.78:80
Listen 80
Listen 6111
Listen 6222
Listen 6333
[root@localhost ~]# semanage port -a -t http_port_t -p tcp 6111
[root@localhost ~]# semanage port -a -t http_port_t -p tcp 6222
[root@localhost ~]# semanage port -a -t http_port_t -p tcp 6333
[root@localhost ~]# systemctl restart httpd.service
扫一扫
1744
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
