apache（httpd）

youbo1

　　

　　


　　

　　

cd /var/www/html        ##apache服务共享文件的默认目录##　　vim westos.html
　　            hello world      
　　测试：firefox输入server端ip（如：172.25.254.44），则显示westos.html中的内容
注：输入后一般默认是http：//172.25.254.44，若不是修改则需要修改为http：//
　　
选择虚拟机desktop为server端：
修改主机名：hostnamectl set-hostname apache.example.com
给server端一个静态IP：172.25.254.137
配置可用yum源：vim /etc/yum.repos.d/rhel_dvd.repo
清空yum缓存：yum clean all
下载http服务：yum install httpd -y

[root@apache ~]# systemctl start httpd        ##开启httpd服务#
[root@apache ~]# systemctl enable httpd.service        ##开机启动httpd服务##
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
[root@apache ~]# firewall-cmd --list-all        ##查看火墙的服务状态##
public (default, active)
  interfaces: eth0
  sources:
  services: dhcpv6-client ssh
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:
[root@apache ~]# firewall-cmd --permanent --add-service=http        ##永久开启http服务##
success
[root@apache ~]# firewall-cmd --permanent --add-service=https        ##永久开启https服务##
success
[root@apache ~]# firewall-cmd --reload         ##刷新火墙服务状态##
success
[root@apache ~]# firewall-cmd --list-all
public (default, active)
  interfaces: eth0
  sources:
  services: dhcpv6-client http https ssh
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:　　实验：   
client用浏览器访问172.25.254.137，应显示apache的测试页
注：若显示Unable to connect,则浏览器访问172.25.254.137可能并未使用http协议
server端：
[root@apache ~]# cd /var/www/html/        ##apache服务共享文件的默认目录##
[root@apache html]# ls
[root@apache html]# vim index.html    ##编写http服务的默认分享文件，该文件的文件名必须以.html结尾##
[root@apache html]# cat index.html
hello
this is 172.25.254.137
实验：
client用浏览器再次访问172.25.254.137，应显示hello this is 172.25.254.137
注：此处vim中的换行在网页中无法显示
server端：
[root@apache html]# netstat -antlpe | grep httpd
tcp6       0      0 :::80                   :::*                    LISTEN      0          97853      3155/httpd         
[root@apache html]# vim /etc/httpd/conf/httpd.conf
     40 #
     41 #Listen 12.34.56.78:80
     42 Listen 8080        ##修改默认端口80为8080##
     43
[root@apache html]# systemctl restart httpd
实验：
因为默认的80端口被修改为8080，所以此时client若用浏览器再次访问172.25.254.137，则显示Unable to connect;应该访问172.25.254.137：8080,然而网页还是显示Unable to codnnect，可能是火墙上的8080端口没开。
server端：
[root@apache html]# firewall-cmd --list-all
public (default, active)
  interfaces: eth0
  sources:
  services: dhcpv6-client http https ssh
  ports:        ##8080端口没开##
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:
[root@apache html]# firewall-cmd --permanent --add-port=8080/tcp        ##在火墙上永久开启8080端口##
success
[root@apache html]# firewall-cmd --reload     ##刷新火墙状态##
success
[root@apache html]# firewall-cmd --list-all
public (default, active)
  interfaces: eth0
  sources:
  services: dhcpv6-client http https ssh
  ports: 8080/tcp        ##8080端口已开启##
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:
实验：
client浏览器再次访问172.25.254.137：8080，显示hello this is 172.25.254.137则实验ok
将默认端口改回80继续下面的实验
server端：
[root@apache html]# vim /etc/httpd/conf/httpd.conf
[root@apache html]# systemctl restart httpd
[root@apache html]# vim westos
[root@apache html]# cat westos
the page of westos and this is 172.25.254.137
[root@apache html]# ls
index.html  westos
[root@apache html]# rm -f index.html
[root@apache html]# ls
westos
实验:
client用浏览器访问172.25.254.137，则显示apache测试页。原因是http服务默认分享文件index.html被删除
client用浏览器访问172.25.254.137/westos，则显示the page of westos and this is 172.25.254.137
server端：
[root@apache html]# vim /etc/httpd/conf/httpd.conf
    162 #
    163
    164     DirectoryIndex index.html westos    ##httpd服务的默认分享文件##
    165
    166
[root@apache html]# systemctl restart httpd
实验：
client用浏览器访问172.25.254.137，则显示the page of westos and this is 172.25.254.137
server端：
[root@apache html]# mkdir /www/html -p
[root@apache html]# cd /www/html/
[root@apache html]# ls
[root@apache html]# vim westos
[root@apache html]# cat westos
the page of /www/html/westos
实验：
client用浏览器访问172.25.254.137显示的是the page of westos and this is 172.25.254.137，而非文件/www/html/westos中的内容
server端：
[root@apache html]# vim /etc/httpd/conf/httpd.conf
    118 #
    119 #DocumentRoot "/var/www/html"
    120 DocumentRoot "/www/html"
    121
[root@apache html]# systemctl restart httpd
实验：
client用浏览器访问172.25.254.137显示apache的测试页；访问172.25.254.137/westos则显示Forbidden     You don't have permission to access /westos on this server.
排错：报错是权限问题
清空server端的日志（> /var/log/messages）---->client端用浏览器再次访问172.25.254.137/westos---->查看server端的日志（cat /var/log/messages），日志内容如下
.........
*****  Plugin catchall (17.1 confidence) suggests   **************************
If you believe that httpd should be allowed getattr access on the  file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep httpd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
.........
一般这样的日志都是SELinux的问题，解决方法如下：
server端：
[root@apache html]# ls -Z
-rw-r--r--. root root unconfined_u:object_r:default_t:s0 westos
[root@apache html]# ls -Z /var/www/
drwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0 cgi-bin
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html
[root@apache html]# semanage fcontext -a -t httpd_sys_content_t '/www(/.*)?'
[root@apache html]# restorecon -R /www/
[root@apache html]# restorecon -RvvF /www/
restorecon reset /www context unconfined_u:object_r:httpd_sys_content_t:s0->system_u:object_r:httpd_sys_content_t:s0
restorecon reset /www/html context unconfined_u:object_r:httpd_sys_content_t:s0->system_u:object_r:httpd_sys_content_t:s0
restorecon reset /www/html/westos context unconfined_u:object_r:httpd_sys_content_t:s0->system_u:object_r:httpd_sys_content_t:s0
[root@apache html]# ls -Z /www/
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html
实验：
client端用浏览器访问172.25.254.137/westos，依然显示权限问题
排错：server端清空日志，client端访问后server端日志为空
[root@apache html]# cd /etc/httpd/
[root@apache httpd]# ls
conf  conf.d  conf.modules.d  logs  modules  run
[root@apache httpd]# cd logs
[root@apache logs]# ls
access_log  error_log        ##access_log为服务的访问日志，error_log为服务的报错日志##
[root@apache logs]# > access_log
[root@apache logs]# > error_log
##清空该服务的全部日志，client端再次访问后查看日志##
[root@apache logs]# cat access_log
172.25.254.44 - - [11/Mar/2017:05:24:48 -0500] "GET /westos HTTP/1.1" 403 208 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0"
[root@apache logs]# cat error_log
[Sat Mar 11 05:24:48.566786 2017] [authz_core:error] [pid 6433] [client 172.25.254.44:59764] AH01630: client denied by server configuration: /www/html/westos
##报错日志显示客户被服务配置拒绝##
[root@apache logs]# vim /etc/httpd/conf/httpd.conf    ##修改httpd服务的配置文件，给/www/html/westos文件权限##
    118 #
    119 #DocumentRoot "/var/www/html"
    120 DocumentRoot "/www/html"
    121  
    122      Require all granted
    123  
    124
[root@apache logs]# systemctl restart httpd
实验：
client端访问172.25.254.137/westos，则显示the page of /www/html/westos ，排错成功
[root@apache logs]# vim /etc/httpd/conf/httpd.conf
    118 #
    119 DocumentRoot "/var/www/html"
    120  
    121 #
    122 # Relax access to content within /var/www.
    123 #
[root@apache logs]# systemctl restart httpd
##还原配置文件，并重启服务进行下一步实验操作##
server端：
[root@apache logs]# cd /var/www/html/
[root@apache html]# ls
westos
[root@apache html]# vim westos
[root@apache html]# cat westos
this is www.westos.com
实验:
client访问172.25.254.137，则显示this is www.westos.com
client端添加本地域名解析：
[root@foundation44 ~]# vim /etc/hosts
[root@foundation44 ~]# tail -n 1 /etc/hosts
172.25.254.137    www.westos.com
此时client访问www.westos.com,就相当于访问172.25.254.137，显示this is www.westos.com
操作目的：client访问不同域名显示不同内容
首先client端添加本地域名解析，并确定每个域名都能ping通：
[root@foundation44 ~]# vim /etc/hosts
[root@foundation44 ~]# tail -n 1 /etc/hosts
172.25.254.137    www.westos.com  sport.westos.com  music.westos.com
[root@foundation44 ~]# ping www.westos.com
PING www.westos.com (172.25.254.137) 56(84) bytes of data.
64 bytes from www.westos.com (172.25.254.137): icmp_seq=1 ttl=64 time=0.174 ms
64 bytes from www.westos.com (172.25.254.137): icmp_seq=2 ttl=64 time=0.161 ms
^C
--- www.westos.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.161/0.167/0.174/0.014 ms
[root@foundation44 ~]# ping sport.westos.com
PING www.westos.com (172.25.254.137) 56(84) bytes of data.
64 bytes from www.westos.com (172.25.254.137): icmp_seq=1 ttl=64 time=0.168 ms
64 bytes from www.westos.com (172.25.254.137): icmp_seq=2 ttl=64 time=0.210 ms
^C
--- www.westos.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.168/0.189/0.210/0.021 ms
[root@foundation44 ~]# ping music.westos.com
PING www.westos.com (172.25.254.137) 56(84) bytes of data.
64 bytes from www.westos.com (172.25.254.137): icmp_seq=1 ttl=64 time=0.192 ms
64 bytes from www.westos.com (172.25.254.137): icmp_seq=2 ttl=64 time=0.180 ms
^C
--- www.westos.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.180/0.186/0.192/0.006 ms
注：此时client访问以上三个域名均显示相同内容this is www.westos.com
server端：
[root@apache ~]# cd /var/www/html/
[root@apache html]# mkdir /var/www/sport    ##虚拟主机sport.westos.com的httpd服务的默认分享目录##
[root@apache html]# mkdir /var/www/music    ##虚拟主机music.westos.com的httpd服务的默认分享目录##
[root@apache html]# echo this is sport.westos.com > /var/www/sport/westos
[root@apache html]# echo this is music.westos.com > /var/www/music/westos
[root@apache html]# cat /var/www/sport/westos     
this is sport.westos.com
[root@apache html]# cat /var/www/music/westos
this is music.westos.com
[root@apache html]# cat /var/www/html/westos
this is www.westos.com
[root@apache html]# cd /etc/httpd/conf.d
[root@apache conf.d]# ls
autoindex.conf  README  userdir.conf  welcome.conf
[root@apache conf.d]# vim default.conf        ##虚拟主机www.westos.com的配置文件##
      1   
      2         Documentroot /var/www/html
      3         customlog "logs/default.log" combined
      4
      5
      6
      7         require all granted
      8
[root@apache conf.d]# systemctl restart httpd
此时client访问www.westos.com，则显示this is www.westos.com
[root@apache conf.d]# cp default.conf sport.conf
[root@apache conf.d]# vim sport.conf
      1
      2         Servername sport.westos.com
      3         Documentroot /var/www/sport
      4         customlog "logs/default.log" combined
      5
      6
      7
      8         require all granted
      9
[root@apache conf.d]# systemctl restart httpd
此时client访问sport.westos.com,则显示this is sport.westos.com
[root@apache conf.d]# cp default.conf music.conf
[root@apache conf.d]# vim music.conf
      1
      2         Servername music.westos.com
      3         Documentroot /var/www/music
      4         customlog "logs/default.log" combined
      5
      6
      7
      8         require all granted
      9
[root@apache conf.d]# systemctl restart httpd
此时client访问music.westos.com,则显示this is music.westos.com
server端：
[root@apache conf.d]# cd /var/www/music/
[root@apache music]# ls
westos
[root@apache music]# mkdir admin
[root@apache music]# cd admin/
[root@apache admin]# vim westos
[root@apache admin]# cat westos
the admin's page and the host is music.westos.com
此时client访问music.westos.com/admin/,则显示the admin's page and the host is music.westos.com
补充参数：
以虚拟主机music.westos.com的配置文件为例：
  1
  2         Servername music.westos.com
  3         Documentroot /var/www/music
  4         customlog "logs/default.log" combined
  5
  6
  7
  8         require all granted
  9
10
11
12         Order allow,deny
13         allow from all
14         deny from 172.25.254.44
15
重启服务后的效果是172.25.254.44访问music.westos.com则显示被拒绝；172.25.254.44以外的client访问music.westos.com则显示the admin's page and the host is music.westos.com
若修改该配置文件第三部分的参数：
10
11
12         Order deny,allow
13         allow from all
14         deny from 172.25.254.44
15
重启服务后的效果是包括172.25.254.44在内的client均能正常访问music.westos.com/admin

server端：
[root@apache ~]# cd /etc/httpd/conf
[root@apache conf]# ls
httpd.conf  magic
[root@apache conf]# htpasswd -cm apacheuser admin    ##创建一个加密文件且默认apache htpassswd命令采用MD5算法对密码进行加密；admin表示用户名##
New password:
Re-type new password:
Adding password for user admin
[root@apache conf]# cat apacheuser    ##查看加密文件##
admin:$apr1$KDa9QbRH$ZN8EJqoOTCEMaIKzpR8ST0
[root@apache conf]# ls
apacheuser  httpd.conf  magic
[root@apache conf]# htpasswd -m apacheuser tom    ##加密文件存在的情况下，再次创建用户及密码时无需加参数-c##
New password:
Re-type new password:
Adding password for user tom
[root@apache conf]# cd ../conf.d
[root@apache conf.d]# vim music.conf    ##修改虚拟主机music.westos.com配置文件的第三部分##
     10
     11
     12         Authuserfile /etc/httpd/conf/apacheuser    ##指定用户认证文件位置##
     13         Authname "Please input your name and passwd"    ##用户访问时显示给用户的信息##
     14         Authtype basic    ##认证类型##
     15         Require user admin    ##admin用户可用##
     16
[root@apache conf]# systemctl restart httpd
实验：
client访问music.westos.com回弹出对话框要求输入用户名以及用户密码，此时admin用户及其密码可用，tom用户及其密码不可用
若将第15行参数改为Require valid-user后重启服务，则表示加密文件apacheuser中的用户都可用