apache(httpd)
cd /var/www/html ##apache服务共享文件的默认目录## vim westos.html
hello world
测试:firefox输入server端ip(如:172.25.254.44),则显示westos.html中的内容
注:输入后一般默认是http://172.25.254.44,若不是修改则需要修改为http://
选择虚拟机desktop为server端:
修改主机名:hostnamectl set-hostname apache.example.com
给server端一个静态IP:172.25.254.137
配置可用yum源:vim /etc/yum.repos.d/rhel_dvd.repo
清空yum缓存:yum clean all
下载http服务:yum install httpd -y
# systemctl start httpd ##开启httpd服务#
# systemctl enable httpd.service ##开机启动httpd服务##
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
# firewall-cmd --list-all ##查看火墙的服务状态##
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
# firewall-cmd --permanent --add-service=http ##永久开启http服务##
success
# firewall-cmd --permanent --add-service=https ##永久开启https服务##
success
# firewall-cmd --reload ##刷新火墙服务状态##
success
# firewall-cmd --list-all
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client http https ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules: 实验:
client用浏览器访问172.25.254.137,应显示apache的测试页
注:若显示Unable to connect,则浏览器访问172.25.254.137可能并未使用http协议
server端:
# cd /var/www/html/ ##apache服务共享文件的默认目录##
# ls
# vim index.html ##编写http服务的默认分享文件,该文件的文件名必须以.html结尾##
# cat index.html
hello
this is 172.25.254.137
实验:
client用浏览器再次访问172.25.254.137,应显示hello this is 172.25.254.137
注:此处vim中的换行在网页中无法显示
server端:
# netstat -antlpe | grep httpd
tcp6 0 0 :::80 :::* LISTEN 0 97853 3155/httpd
# vim /etc/httpd/conf/httpd.conf
40 #
41 #Listen 12.34.56.78:80
42 Listen 8080 ##修改默认端口80为8080##
43
# systemctl restart httpd
实验:
因为默认的80端口被修改为8080,所以此时client若用浏览器再次访问172.25.254.137,则显示Unable to connect;应该访问172.25.254.137:8080,然而网页还是显示Unable to codnnect,可能是火墙上的8080端口没开。
server端:
# firewall-cmd --list-all
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client http https ssh
ports: ##8080端口没开##
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
# firewall-cmd --permanent --add-port=8080/tcp ##在火墙上永久开启8080端口##
success
# firewall-cmd --reload ##刷新火墙状态##
success
# firewall-cmd --list-all
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client http https ssh
ports: 8080/tcp ##8080端口已开启##
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
实验:
client浏览器再次访问172.25.254.137:8080,显示hello this is 172.25.254.137则实验ok
将默认端口改回80继续下面的实验
server端:
# vim /etc/httpd/conf/httpd.conf
# systemctl restart httpd
# vim westos
# cat westos
the page of westos and this is 172.25.254.137
# ls
index.htmlwestos
# rm -f index.html
# ls
westos
实验:
client用浏览器访问172.25.254.137,则显示apache测试页。原因是http服务默认分享文件index.html被删除
client用浏览器访问172.25.254.137/westos,则显示the page of westos and this is 172.25.254.137
server端:
# vim /etc/httpd/conf/httpd.conf
162 #
163
164 DirectoryIndex index.html westos ##httpd服务的默认分享文件##
165
166
# systemctl restart httpd
实验:
client用浏览器访问172.25.254.137,则显示the page of westos and this is 172.25.254.137
server端:
# mkdir /www/html -p
# cd /www/html/
# ls
# vim westos
# cat westos
the page of /www/html/westos
实验:
client用浏览器访问172.25.254.137显示的是the page of westos and this is 172.25.254.137,而非文件/www/html/westos中的内容
server端:
# vim /etc/httpd/conf/httpd.conf
118 #
119 #DocumentRoot "/var/www/html"
120 DocumentRoot "/www/html"
121
# systemctl restart httpd
实验:
client用浏览器访问172.25.254.137显示apache的测试页;访问172.25.254.137/westos则显示Forbidden You don't have permission to access /westos on this server.
排错:报错是权限问题
清空server端的日志(> /var/log/messages)---->client端用浏览器再次访问172.25.254.137/westos---->查看server端的日志(cat /var/log/messages),日志内容如下
.........
*****Plugin catchall (17.1 confidence) suggests **************************
If you believe that httpd should be allowed getattr access on thefile by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep httpd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
.........
一般这样的日志都是SELinux的问题,解决方法如下:
server端:
# ls -Z
-rw-r--r--. root root unconfined_u:object_r:default_t:s0 westos
# ls -Z /var/www/
drwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0 cgi-bin
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html
# semanage fcontext -a -t httpd_sys_content_t '/www(/.*)?'
# restorecon -R /www/
# restorecon -RvvF /www/
restorecon reset /www context unconfined_u:object_r:httpd_sys_content_t:s0->system_u:object_r:httpd_sys_content_t:s0
restorecon reset /www/html context unconfined_u:object_r:httpd_sys_content_t:s0->system_u:object_r:httpd_sys_content_t:s0
restorecon reset /www/html/westos context unconfined_u:object_r:httpd_sys_content_t:s0->system_u:object_r:httpd_sys_content_t:s0
# ls -Z /www/
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html
实验:
client端用浏览器访问172.25.254.137/westos,依然显示权限问题
排错:server端清空日志,client端访问后server端日志为空
# cd /etc/httpd/
# ls
confconf.dconf.modules.dlogsmodulesrun
# cd logs
# ls
access_logerror_log ##access_log为服务的访问日志,error_log为服务的报错日志##
# > access_log
# > error_log
##清空该服务的全部日志,client端再次访问后查看日志##
# cat access_log
172.25.254.44 - - "GET /westos HTTP/1.1" 403 208 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0"
# cat error_log
AH01630: client denied by server configuration: /www/html/westos
##报错日志显示客户被服务配置拒绝##
# vim /etc/httpd/conf/httpd.conf ##修改httpd服务的配置文件,给/www/html/westos文件权限##
118 #
119 #DocumentRoot "/var/www/html"
120 DocumentRoot "/www/html"
121
122 Require all granted
123
124
# systemctl restart httpd
实验:
client端访问172.25.254.137/westos,则显示the page of /www/html/westos ,排错成功
# vim /etc/httpd/conf/httpd.conf
118 #
119 DocumentRoot "/var/www/html"
120
121 #
122 # Relax access to content within /var/www.
123 #
# systemctl restart httpd
##还原配置文件,并重启服务进行下一步实验操作##
server端:
# cd /var/www/html/
# ls
westos
# vim westos
# cat westos
this is www.westos.com
实验:
client访问172.25.254.137,则显示this is www.westos.com
client端添加本地域名解析:
# vim /etc/hosts
# tail -n 1 /etc/hosts
172.25.254.137 www.westos.com
此时client访问www.westos.com,就相当于访问172.25.254.137,显示this is www.westos.com
操作目的:client访问不同域名显示不同内容
首先client端添加本地域名解析,并确定每个域名都能ping通:
# vim /etc/hosts
# tail -n 1 /etc/hosts
172.25.254.137 www.westos.comsport.westos.commusic.westos.com
# ping www.westos.com
PING www.westos.com (172.25.254.137) 56(84) bytes of data.
64 bytes from www.westos.com (172.25.254.137): icmp_seq=1 ttl=64 time=0.174 ms
64 bytes from www.westos.com (172.25.254.137): icmp_seq=2 ttl=64 time=0.161 ms
^C
--- www.westos.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.161/0.167/0.174/0.014 ms
# ping sport.westos.com
PING www.westos.com (172.25.254.137) 56(84) bytes of data.
64 bytes from www.westos.com (172.25.254.137): icmp_seq=1 ttl=64 time=0.168 ms
64 bytes from www.westos.com (172.25.254.137): icmp_seq=2 ttl=64 time=0.210 ms
^C
--- www.westos.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.168/0.189/0.210/0.021 ms
# ping music.westos.com
PING www.westos.com (172.25.254.137) 56(84) bytes of data.
64 bytes from www.westos.com (172.25.254.137): icmp_seq=1 ttl=64 time=0.192 ms
64 bytes from www.westos.com (172.25.254.137): icmp_seq=2 ttl=64 time=0.180 ms
^C
--- www.westos.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.180/0.186/0.192/0.006 ms
注:此时client访问以上三个域名均显示相同内容this is www.westos.com
server端:
# cd /var/www/html/
# mkdir /var/www/sport ##虚拟主机sport.westos.com的httpd服务的默认分享目录##
# mkdir /var/www/music ##虚拟主机music.westos.com的httpd服务的默认分享目录##
# echo this is sport.westos.com > /var/www/sport/westos
# echo this is music.westos.com > /var/www/music/westos
# cat /var/www/sport/westos
this is sport.westos.com
# cat /var/www/music/westos
this is music.westos.com
# cat /var/www/html/westos
this is www.westos.com
# cd /etc/httpd/conf.d
# ls
autoindex.confREADMEuserdir.confwelcome.conf
# vim default.conf ##虚拟主机www.westos.com的配置文件##
1
2 Documentroot /var/www/html
3 customlog "logs/default.log" combined
4
5
6
7 require all granted
8
# systemctl restart httpd
此时client访问www.westos.com,则显示this is www.westos.com
# cp default.conf sport.conf
# vim sport.conf
1
2 Servername sport.westos.com
3 Documentroot /var/www/sport
4 customlog "logs/default.log" combined
5
6
7
8 require all granted
9
# systemctl restart httpd
此时client访问sport.westos.com,则显示this is sport.westos.com
# cp default.conf music.conf
# vim music.conf
1
2 Servername music.westos.com
3 Documentroot /var/www/music
4 customlog "logs/default.log" combined
5
6
7
8 require all granted
9
# systemctl restart httpd
此时client访问music.westos.com,则显示this is music.westos.com
server端:
# cd /var/www/music/
# ls
westos
# mkdir admin
# cd admin/
# vim westos
# cat westos
the admin's page and the host is music.westos.com
此时client访问music.westos.com/admin/,则显示the admin's page and the host is music.westos.com
补充参数:
以虚拟主机music.westos.com的配置文件为例:
1
2 Servername music.westos.com
3 Documentroot /var/www/music
4 customlog "logs/default.log" combined
5
6
7
8 require all granted
9
10
11
12 Order allow,deny
13 allow from all
14 deny from 172.25.254.44
15
重启服务后的效果是172.25.254.44访问music.westos.com则显示被拒绝;172.25.254.44以外的client访问music.westos.com则显示the admin's page and the host is music.westos.com
若修改该配置文件第三部分的参数:
10
11
12 Order deny,allow
13 allow from all
14 deny from 172.25.254.44
15
重启服务后的效果是包括172.25.254.44在内的client均能正常访问music.westos.com/admin
server端:
# cd /etc/httpd/conf
# ls
httpd.confmagic
# htpasswd -cm apacheuser admin ##创建一个加密文件且默认apache htpassswd命令采用MD5算法对密码进行加密;admin表示用户名##
New password:
Re-type new password:
Adding password for user admin
# cat apacheuser ##查看加密文件##
admin:$apr1$KDa9QbRH$ZN8EJqoOTCEMaIKzpR8ST0
# ls
apacheuserhttpd.confmagic
# htpasswd -m apacheuser tom ##加密文件存在的情况下,再次创建用户及密码时无需加参数-c##
New password:
Re-type new password:
Adding password for user tom
# cd ../conf.d
# vim music.conf ##修改虚拟主机music.westos.com配置文件的第三部分##
10
11
12 Authuserfile /etc/httpd/conf/apacheuser ##指定用户认证文件位置##
13 Authname "Please input your name and passwd" ##用户访问时显示给用户的信息##
14 Authtype basic ##认证类型##
15 Require user admin ##admin用户可用##
16
# systemctl restart httpd
实验:
client访问music.westos.com回弹出对话框要求输入用户名以及用户密码,此时admin用户及其密码可用,tom用户及其密码不可用
若将第15行参数改为Require valid-user后重启服务,则表示加密文件apacheuser中的用户都可用
页:
[1]