httpd实例

于 2019-01-17 11:32:00 发布
阅读量435 收藏
点赞数
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/weixin_44437026/article/details/86521364
版权

实例1:

在server上配置一个web站点http://server.example.com;

从http://ldap.example.com/pub/example.html下载文件,并重命名为index.html,

不要修改文件内容,将文件index.html拷贝到您的DocumentRoot目录下

来自于example.com的客户端可以访问该web服务器

来自于my133t.org的客户端的访问会被拒绝

//安装httpd服务器,并且启动它
[root@server0 ~]# yum -y install httpd
[root@server0 ~]# systemctl enable httpd
[root@server0 ~]# systemctl start httpd
//下载文件,重命名
[root@server30 Desktop]# cd /var/www/html/
[root@server30 html]# wget http://ldap.example.com/pub/example.html
[root@server30 html]# mv example.html index.html
//添加防火墙规则
[root@server30 html]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 service name=http accept' --permanent
success
[root@server30 html]# firewall-cmd --reload
success
//防火墙默认拒绝,my133t.org会被拒绝

验证
在这里插入图片描述
实例2:

为站点http://server.example.com配置TLS加密;

已签名证书从http://ldap.example.com/pub/server30.crt获取

证书的密钥从http://ldap.example.com/pub/server30.key获取

证书的签名授权信息从http://ldap.example.com/pub/group30.crt获取

//下载TLS服务
[root@server30 html]# yum -y install mod_ssl
//配置ssl配置文件
[root@server30 html]# vim /etc/httpd/conf.d/ssl.conf
<VirtualHost _default_:443>

# General setup for the virtual host, inherited from global configuration
#DocumentRoot "/var/www/html"
ServerName www.example.com:443 (把这行的注释给去掉)
//下载证书
[root@server30 ~]# cd /etc/pki/tls/certs/
[root@server30 certs]# wget http://ldap.example.com/pub/server30.crt
[root@server30 certs]# wget http://ldap.example.com/pub/group30.crt
[root@server30 certs]# cd ../private/
[root@server30 private]# wget http://ldap.example.com/pub/server30.key
//修改ssl配置文件
[root@server30 html]# vim /etc/httpd/conf.d/ssl.conf
# the certificate is encrypted, then you will be prompted for a
# pass phrase.  Note that a kill -HUP will prompt again.  A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/server30.crt

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/server30.key

#   Server Certificate Chain:
#   Point SSLCertificateChainFile at a file containing the
#   concatenation of PEM encoded CA certificates which form the
#   certificate chain for the server certificate. Alternatively
#   the referenced file can be the same as SSLCertificateFile
#   when the CA certificates are directly appended to the server
#   certificate for convinience.
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt

#   Certificate Authority (CA):
#   Set the CA certificate verification path where to find CA
#   certificates for client authentication or alternatively one
#   huge file containing all of them (file must be PEM encoded)
SSLCACertificateFile /etc/pki/tls/certs/group30.crt
//添加https防火墙规则
[root@server30 ~]# firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 service name=https accept'
[root@server30 ~]# firewall-cmd --reload .crt
//重启服务
[root@server30 ~]# systemctl restart httpd

验证:
在这里插入图片描述
实例3:

在server上扩展您的web服务器;

为站点http://www.example.com创建一个虚拟主机

设置DocumentRoot为/var/www/virtual

从http://ldap.example.com/pub/www.html下载文件,并重命名为index.html,不要修改文件内容

将文件index.html拷贝到DocumentRoot目录下

确保Floyd用户能够在/var/www/virtual下创建文件

//创建Document目录,下载文件
root@server30 ~]# systemctl restart httpd
[root@server30 ~]# cd /var/www/
[root@server30 www]# mkdir virtual
[root@server30 www]# wget -O virtual/index.html http://ldap.example.com/pub/www.html
//修改属主和属组
[root@server30 www]# chown -R apache.apache /var/www/
//确保Floyd用户能够在/var/www/virtual下创建文件
[root@server30 www]# useradd Floyd
[root@server30 www]# setfacl -m u:Floyd:rwx virtual/
//在辅助配置文件创建虚拟网站
[root@server30 www]#  cd /etc/httpd/conf.d
[root@server30 httpd]# cp /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf  /etc/httpd/conf.d/
[root@server30 conf.d]# vim httpd-vhosts.conf 
[root@server30 conf.d]# tail httpd-vhosts.conf 
<VirtualHost *:80>
    DocumentRoot "/var/www/html"
    ServerName server30.example.com
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "/var/www/virtual"
    ServerName www.example.com
</VirtualHost>



//重新启动服务
[root@server30 httpd]# systemctl restart httpd

验证:
在这里插入图片描述
在这里插入图片描述
实例4:

web访问控制;

在您server上的web服务器的DocumentRoot目录下创建一个名为private的目录,

从http://ldap.example.com/pub/private.html下载文件到这个目录,并重命名为index.html,不要修改文件内容

从server上,任何人都可以浏览private的内容,但是从其他系统不能访问这个目录的内容

//创建目录,下载目录
[root@server30 Desktop]# cd /var/www/html
[root@server30 html]# mkdir privateml
[root@server30 html]# wget -O private/index.html http://ldap.example.com/pub/private.html
[root@server30 html]# chown apache.apache private/
//创建虚拟网站
[root@server30 html]# vim /etc/httpd/conf.d/httpd-vhosts.conf 
[root@server30 html]# tail -8 /etc/httpd/conf.d/httpd-vhosts.conf f 
<VirtualHost *:80>
    DocumentRoot "/var/www/html"
    ServerName server30.example.com
    <Directory "/var/www/html/private">
        Require ip 172.16.30.130
    </Directory>
</VirtualHost>
//重启服务
[root@server30 html]# systemctl restart httpd

验证:
服务器上:
在这里插入图片描述
客户机上:

在这里插入图片描述

实例5:

在server上实现动态web内容;

动态内容由名为alt.example.com的虚拟主机提供

虚拟主机监听端口为8909

从http://ldap.example.com/pub/webapp.wsgi下载一个脚本,然后放在适当的位置,不要修改文件内容

客户端访问http://alt.example.com:8909时,应该接受到动态生成的web页面

此http://alt.example.com:8909必须能被example.com内所有的系统访问

//下载一个脚本,然后放在适当的位置
[root@server30 html]# cd /var/www/
[root@server30 www]# mkdir wsgi
[root@server30 www]# wget -O wsgi/webapp.wsgi http://ldap.example.com/pub/webapp.wsgi
[root@server30 www]# chown -R apache.apache wsgi/
//创建虚拟网站
[root@server30 wsgi]# vim /etc/httpd/conf.d/httpd-vhosts.conf 
[root@server30 wsgi]# tail -5 /etc/httpd/conf.d/httpd-vhosts.conf 
<VirtualHost *:8909>
    WSGIScriptAlias / "/var/www/wsgi/webapp.wsgi"
    ServerName alt.example.com
</VirtualHost>
Listen 8909
(这里配置完了服务并不能起来,因为selinux还没配置,它不会放行)
[root@server30 www]# yum install mod_wsgi -y
[root@server30 www]# systemctl stop httpd
[root@server30 www]# semanage port -l |grep http
http_cache_port_t              tcp      8080, 8118, 8123, 10001-10010
http_cache_port_t              udp      3130
http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t            tcp      5988
pegasus_https_port_t           tcp      5989
[root@server30 www]# semanage port -a -t http_port_t -p tcp 8909
[root@server30 www]# systemctl start httpd
[root@server30 www]# firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 port protocol=tcp port=8909 accept'
[root@server30 www]# firewall-cmd --reload

验证:
在这里插入图片描述

章正光
关注
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值