|
|
第六章web网站服务(二)
HTTP介绍
HTTP的全名为HyperTextTransferProtocol(超文本传输协议)
在linux下面实现web服务,通常使用Apache来实现,Apache一直是Internet上面最流行的web服务器
关于HTTP这个服务的属性
HTTP的相关软件包
Httpd
HTTP的守护进程
/usr/sbin/httpd
HTTP的脚本
/etc/init.d/httpd
HTTP的端口
80(http)443(https)
HTTP的配置文件
/etc/http/*/var/www/*
本服务器IP:192.168.200.102
一:搭建dns服务器并测试
[root@crushlinux2~]#yum-yinstallbindbind-chrootcaching-nameserver
[root@crushlinux2~]#cd/var/named/chroot/etc
[root@crushlinux2etc]#cp-pnamed.caching-nameserver.confnamed.conf
[root@crushlinux2etc]#vimnamed.conf
options{
listen-onport53{any;};
listen-on-v6port53{::1;};
directory"/var/named";
dump-file"/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
//Thoseoptionsshouldbeusedcarefullybecausetheydisableport
//randomization
//query-sourceport53;
//query-source-v6port53;
allow-query{192.168.200.0/24;};
allow-query-cache{any;};
};
logging{
channeldefault_debug{
file"data/named.run";
severitydynamic;
};
};
viewlocalhost_resolver{
match-clients{192.168.200.0/24;};
match-destinations{any;};
recursionyes;
include"/etc/named.rfc1912.zones";
};
[root@crushlinux2etc]#vimnamed.rfc1912.zones
zone"."IN{
typehint;
file"named.ca";
};
zone"baidu.com"IN{
typemaster;
file"baidu.zone";
allow-update{none;};
};
zone"200.168.192.in-addr.arpa"IN{
typemaster;
file"named.baidu";
allow-update{none;};
};
[root@crushlinux2etc]#cd/var/named/chroot/var/named/
[root@crushlinux2named]#cp-plocalhost.zonebaidu.zone
[root@crushlinux2named]#cp-pnamed.localnamed.baidu
[root@crushlinux2named]#vimbaidu.zone
INAAAA::1
$TTL86400
@INSOAwww1.baidu.comroot.baidu.com(
42;serial(d.adams)
3H;refresh
15M;retry
1W;expiry
1D);minimum
@INNSwww1.baidu.com
www1INA192.168.200.102
www2INA192.168.200.102
www3INA192.168.200.102
[root@crushlinux2named]#vimnamed.baidu
$TTL86400
@INSOAwww1.baidu.com.root.baidu.com.(
1997022700;Serial
28800;Refresh
14400;Retry
3600000;Expire
86400);Minimum
@INNSwww1.baidu.com.
102INPTRwww1.baidu.com.
102INPTRwww2.baidu.com.
102INPTRwww3.baidu.com.
[root@crushlinux2named]#servicenamedrestart
[root@crushlinux2named]#vim/etc/resolv.conf
searchcom
nameserver192.168.200.102
[root@crushlinux2named]#nslookupwww1.baidu.com
Server:192.168.200.102
Address:192.168.200.102#53
Name:www1.baidu.com
Address:192.168.200.102
[root@crushlinux2named]#nslookupwww2.baidu.com
Server:192.168.200.102
Address:192.168.200.102#53
Name:www2.baidu.com
Address:192.168.200.102
[root@crushlinux2named]#nslookupwww3.baidu.com
Server:192.168.200.102
Address:192.168.200.102#53
Name:www3.baidu.com
Address:192.168.200.102
[root@crushlinux2named]#nslookup192.168.200.102
Server:192.168.200.102
Address:192.168.200.102#53
102.200.168.192.in-addr.arpaname=www1.baidu.com.
102.200.168.192.in-addr.arpaname=www2.baidu.com.
102.200.168.192.in-addr.arpaname=www3.baidu.com.
虚拟主机可以实现在一台服务器上面运行多个站点,而且之间互不影响。可以大大的节约成本。虚拟主机技术可以通过三种方式来实现:
基于域名,基于IP,基于端口的虚拟主机。
二:安装apache软件包并配置虚拟主机
[root@crushlinux2~]#yum-yinstallhttpd
1.基于域名的虚拟主机:
[root@crushlinux2~]#vim/etc/httpd/conf/httpd.conf
NameVirtualHost192.168.200.102:80
DocumentRoot/var/www/virt1
ServerNamewww1.baidu.com
ServerAliaswww3.baidu.com
DocumentRoot/var/www/virt2
ServerNamewww2.baidu.com
建立基于域名的虚拟站点中根目录:
[root@crushlinux2~]#cd/var/www/
[root@crushlinux2www]#mkdirvirt1
[root@crushlinux2www]#mkdirvirt2
分别建立了一个测试页面:
[root@crushlinux2www]#echo"HelloIamwww1">>./virt1/index.html
[root@crushlinux2www]#echo"HelloIamwww2">>./virt2/index.html
[root@crushlinux2www]#servicehttpdrestart
测试:
[root@crushlinux2www]#elinks--dumphttp://www1.baidu.com
HelloIamwww1
[root@crushlinux2www]#elinks--dumphttp://www2.baidu.com
HelloIamwww2
[root@crushlinux2www]#elinks--dumphttp://www3.baidu.com
HelloIamwww1
2.基于IP的虚拟主机:
为本网卡配置多个IP
[root@crushlinux2www]#ifconfigeth0192.168.200.102
[root@crushlinux2www]#ifconfigeth0:1192.168.200.103
[root@crushlinux2~]#vim/etc/httpd/conf/httpd.conf
NameVirtualHost192.168.200.102:80
DocumentRoot/var/www/virt1
ServerNamewww.baidu.com
DocumentRoot/var/www/virt2
ServerNamewww.baidu.com
[root@crushlinux2www]#servicehttpdrestart
测试:
[root@crushlinux2www]#elinks--dumphttp://192.168.200.102
HelloIamwww1
[root@crushlinux2www]#elinks--dumphttp://192.168.200.103
HelloIamwww2
3.基于端口的虚拟主机:
允许apache监听多个端口
134Listen192.168.200.102:8001
135Listen192.168.200.102:8002
NameVirtualHost192.168.200.102:8001
DocumentRoot/var/www/virt1
ServerNamewww1.baidu.com
NameVirtualHost192.168.200.102:8002
DocumentRoot/var/www/virt2
ServerNamewww2.baidu.com
[root@crushlinux2www]#servicehttpdrestart
测试:
[root@crushlinux2www]#elinks--dumphttp://192.168.200.102:8001
HelloIamwww1
[root@crushlinux2www]#elinks--dumphttp://192.168.200.102:8002
HelloIamwww2
三:httpd服务的访问控制
1.限制网段或IP
[root@crushlinux2~]#vim/etc/httpd/conf/httpd.conf
NameVirtualHost192.168.200.102:8001
DocumentRoot/var/www/virt1
ServerNamewww1.baidu.com
options-Indexes-Followsymlinks
orderallow,deny
allowfromall
denyfrom192.168.200.102
NameVirtualHost192.168.200.102:8002
DocumentRoot/var/www/virt2
ServerNamewww2.baidu.com
options-Indexes-Followsymlinks
orderdeny,allow
denyfromall
allowfrom192.168.200.102
[root@crushlinux2www]#servicehttpdrestart
[root@crushlinux2www]#elinks--dumphttp://192.168.200.102:8001
[root@crushlinux2www]#elinks--dumphttp://192.168.200.102:8002
2.限制用户
现在我们创建了两个用户,bob和jack。这两个用户本地可以不需要存在,只是用来登陆http服务的。
第一次创建用户的时候,需要加上-c的参数,代表创建身份认证的数据库。
但是第二次创建用户的时候不要使用-c的参数,否则会覆盖前面的用户的。
[root@crushlinux2www]#htpasswd-cm/etc/httpd/.htpasswdbob
Newpassword:
Re-typenewpassword:
Addingpasswordforuserbob
[root@crushlinux2www]#htpasswd-m/etc/httpd/.htpasswdjack
Newpassword:
Re-typenewpassword:
Addingpasswordforuserjack
[root@crushlinux2www]#cat/etc/httpd/.htpasswd
bob:$apr1$GZGVy...$qHSci8W7z5nrASwE3z1ie0
jack:$apr1$nO7oG/..$hscIaM692G043iZmr5CR51
限制方法一:
[root@crushlinux2www]#vim/etc/httpd/conf/httpd.conf
NameVirtualHost192.168.200.102:8001
DocumentRoot/var/www/virt1
ServerNamewww1.baidu.com
AuthName"Crushlinux"
AuthTypeBasic
AuthUserFile/etc/httpd/.htpasswd
requirevalid-user
[root@crushlinux2www]#servicehttpdrestart
浏览器测试:http://192.168.200.102:8001
限制方法二:
[root@crushlinux2www]#vi/var/www/virt1/.htaccess
AuthName“berg”
AuthTypebasic
AuthUserFile/etc/httpd/.htpasswd
Requireuserbobjack
Requirevaid-user
[root@crushlinux2www]#vim/etc/httpd/conf/httpd.conf
NameVirtualHost192.168.200.102:8001
DocumentRoot/var/www/virt1
ServerNamewww1.baidu.com
AllowoverrideAuthconfig
[root@crushlinux2www]#servicehttpdrestart
浏览器测试:http://192.168.200.102:8001
-----------------------------------------------------------------------------------
关于http服务语法参数的解释:
NameVirtualHost192.168.0.254:80
通告虚拟主机在那个服务器上面以及那个端口,
第一个虚拟主机的站点,
DocumentRoot/var/www/virt1
虚拟主机站点的根目录,
ServerNamestation1.example.com
定义虚拟主机站点的域名,
ServerAliasserver1.example.com
定义一个虚拟主机域名的别名,
定义虚拟主机站点的访问控制,
options-Indexes-Followsymlinks
去掉Indexes和Followsymlinks的功能,
orderallow,deny
allowfromall
denyfrom192.168.0.10
允许所有,拒绝特定的主机。(这个是有顺序的)
orderdeny,allow
denyfromall
allowfrom192.168.0.10
拒绝所有,允许特定的主机。(这个是有顺序的)
这个是语法,与对应,表示结束。
这个是语法,与对应,表示结束。
关于http服务的身份验证
一.生成身份认证的数据库
#Htpasswd-cm/etc/httpd/.htpasswdbob
-c创建-mmd5的加密
#Htpasswd-m/etc/httpd/.htpasswdalice
AuthName“website”
认证时候的名字
AuthTypebasic
认证的类型为basic
AuthUserFile/etc/httpd/.htpasswd
调用刚才定义的认证数据库文件
Requireuserbobalice
允许bob和Alice两个用户可以访问http服务,并且需要认证。
Requirevalid-user
所有在认证数据库里面的用户均访问http服务
|
|
|
|
|
|
|
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2018-11-23 12:04:26
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡