Linux中Apache web服务
一.apache的定义:企业中常用的web服务,用来提供http://(超文本传输协议)二.apache的安装部署
#安装(配置好yum源)
yum install httpd -y
yum install httpd-manual
systemctl start httpd
systemctl enable httpd
systemctl stop firewalld.service
systemctl disable firewalld.service
测试: http://172.25.254.160/
http://172.25.254.160/manual/
三.apache的基本信息
主配置目录:/etc/httpd/conf
主配置文件:/etc/httpd/conf/httpd.conf
子配置目录:/etc/httpd/conf.d/
子配置文件: /etc/httpd/conf.d/.conf
默认发布目录: /var/www/html
默认发布文件: index.html
默认端口: 80
默认安全上下文:httpd_sys_content_t
程序开启默认用户:apache
apache日志: /etc/httpd/logs/
查看安全上下文: ls -Z /var/www/
查看端口:ss -anutlpe | grep httpd
默认端口为80
修改默认端口:
vim /etc/httpd/conf/httpd.conf
42 Listen 80 ##修改默认端口为8080
重启服务
修改后的端口为8080
改回默认端口:80
修改配置文件vim /etc/httpd/conf/httpd.conf
42 Listen 80
重启服务
查看端口信息80
修改默认发布文件:
120 DocumentRoot "/www/html"
121
122 Require all granted
123
cd /var/www/html
编辑默认发布目录vim index.html
测试:
把默认发布目录名称修改不能访问
加上文件名才可访问
在配置文件中写入,当默认目录为空时即访问
配置文件中将默认目录在前,默认先访问前面的内容
测试:
默认发布目录里写入内容
semanage fcontext -a -t httpd_sys_content_t '/www(/.*)?' ##更改安全下文
restorecon -RvvF /www/ ##刷新
测试:
四.apache的虚拟主机
# cd /var/www/html/
# ls
index.htmltest.html
# vim index.html
www.html.com
# mkdir /var/www/virtual/linux1.html.com/html -p
# mkdir /var/www/virtual/linux2.html.com/html -p
vim /var/www/virtual/linux1.html.com/html/index.html
linux1.html.com
vim /var/www/virtual/linux1.html.com/html/index.html
linux1.html.com
# mkdir /var/www/virtual/linux1.html.com/html -p
# mkdir /var/www/virtual/linux2.html.com/html -p
vim /var/www/virtual/linux1.html.com/html/index.html
linux1.html.com
vim /var/www/virtual/linux2.html.com/html/index.html
linux2.html.com
# vim /etc/httpd/conf.d/adefault.conf
DocumentRoot "/var/www/html"
CustomLog "logs/www.html.com.log" combined
#vim /etc/httpd/conf.d/linux1.conf
ServerName linux1.html.com#指定站点名称
DocumentRoot "/var/www/virtual/linux1.html.com/html/" #站点默认发布目录
CustomLog "logs/linux1.html.com.logs" combined
Require all granted
# vim /etc/httpd/conf.d/linux2.conf
ServerName linux2.html.com
DocumentRoot "/var/www/virtual/linux2.html.com/html/"
CustomLog "logs/linux2.html.com.logs" combined
Require all granted
![](
测试:
在测试机中做好本地解析
vim /etc/hosts
172.25.254.160linux1.html.comlinux2.html.com www.html.com html.com
测试:
五.apache的内部访问控制
1.针对与主机的访问
2.# mkdir /var/www/html/test
# vim /var/www/html/test/index.html
hello world
测试:
# vim default.conf
DocumentRoot "/var/www/html"
CustomLog "logs/www.html.com.log" combined
Order deny,allow
Allow from all##列表读取顺序,后读取的内容会覆盖先读取内容的重复部分
Deny from 172.25.254.0/24
# systemctl restart httpd.service
测试:
拒绝172.25.254.0/24
2.用户方式的访问控制
# htpasswd -cm /etc/httpd/userpass admin
New password:
Re-type new password:
Adding password for user admin
# cat /etc/httpd/userpass
# htpasswd -m /etc/httpd/userpass admin1#再次添加用户时,去掉c
New password:
Re-type new password:
Adding password for user admin1
# cat /etc/httpd/userpass
# vim default.conf
rectory "/var/www/html/admin">
AuthUserFile /etc/httpd/userpass
AuthName "Please input your name and password"
AuthType basic
Require user admin
# mkdir /var/www/html/admin
# vim /var/www/html/admin/index.html
admin
# systemctl restart httpd.service
测试:
需要输入密码
输入密码正确后
# vim default.conf
AuthUserFile /etc/httpd/userpass
AuthName "Please input your name and password"
AuthType basic
#Require user admin
Require valid-user
#
# systemctl restart httpd.service
六。apache支持的语言
1.html
2.php
# vim index.php
# yum install php
# vim /etc/httpd/conf/httpd.conf
# systemctl restart httpd.service
# vim /etc/httpd/conf/httpd.conf
163 DirectoryIndex index.php index.html test.html
测试:
3.cgi
安装的manual里面有cgi语言的模板
# vim index.cgi
#!/usr/bin/perl
#print "Content-type: text/html\n\n";
#print "date";
给该目录加上可执行权限
# semanage fcontext -a -t httpd_sys_script_exec_t '/var/www/html/cgi(/.*)?' #更改安全上下文
# restorecon -RvvF /var/www/html/cgi/
# vim default.conf
Options +ExecCGI
AddHandler cgi-script .cgi
# systemctl restart httpd.service
测试:
七.https
# yum install mod_ssl.x86_64
# yum install crypto-utils.x86_64
查看安装过程中生成了什么文件
rpm -ql crypto-utils.x86_64
生成认证genkey www.westos.com
next
选择1024字节,加密方式
填写先关信息获得认证
生成密钥
加密字符
http://i2.51cto.com/images/blog/201711/23/e04162df3295549818e6d8de57885101.png
http://i2.51cto.com/images/blog/201711/23/7b56e2e8564d97a6033254b99dab5a31.png
vim /etc/httpd/conf.d/ssl.conf
101 SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
108 SSLCertificatekey:wq
File /etc/pki/tls/private/www.westos.com.key
http://i2.51cto.com/images/blog/201711/23/319469816355af41d3f06f55cc2e26cd.png
把刚才获得的认证写入配置文件
http://i2.51cto.com/images/blog/201711/23/367c6e45471f00614b2290b986691bfb.png
http://i2.51cto.com/images/blog/201711/23/218bc939bdb9854eecc3242e67dd3a01.png
获得证书
http://i2.51cto.com/images/blog/201711/23/738bac2cbf85cebc3a4a7bd48798f1b1.png
八。设定https虚拟主机并设定网页重写
# mkdir -p /var/www/html/virtual/login.html.com/html
# vim /var/www/html/virtual/login.html.com/html/index.html
http://i2.51cto.com/images/blog/201711/23/cf64342020716cd77694b4d53af9510c.png
http://i2.51cto.com/images/blog/201711/23/47eecfcc9a8ddcc2d7ac3769434d5eb9.png
login.html.com
# vim /etc/httpd/conf.d/login.conf
ServerName login.html.com
DocumentRoot /var/www/html/virtual/login.html.com/html
CustomLog "logs/login.logs" combined
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
SSLCertificatekeyFile /etc/pki/tls/private/www.westos.com.key
Require all granted
ServerName login.html.com
RewriteEngine on
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1
^(/.)$ ##客户在浏览器地址栏中输入的所有字符
https://##强制客户加密访问
%{HTTP_HOST} ##客户请求主机
$1 ##“$1”表示 ^(/.)$的值
##临时重写,302永久转换
http://i2.51cto.com/images/blog/201711/23/f6511a4deb91e51bb1d9d600d7c7b38a.png
http://i2.51cto.com/images/blog/201711/23/44c009abce5d9cfad359ac5f0bb523ca.png
测试:
输入内容都能跳到https
http://i2.51cto.com/images/blog/201711/23/51d5affeb4ce093eadc7f5413f7425c6.png
页:
[1]