RHCE-apache安装配置安装apache:
yum install httpd
[root@server0 ~]# rpm -qa | grep httpd
httpd-tools-2.4.6-17.el7.x86_64
httpd-2.4.6-17.el7.x86_64
防火墙开放相关服务或端口:
firewall-cmd --add-service=http --permanent
firewall-cmd --add-port=80/tcp --permanent
[root@server0 ~]# firewall-cmd --list-all
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client http mountd nfs rpc-bind samba ssh
ports: 80/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
启动服务:
[root@server0 ~]# systemctl restart httpd
主配置文件
/etc/httpd/conf/httpd.conf
自定义配置文件:
/etc/httpd/conf.d一定要以.conf结尾,不以.conf结尾的配置文件不会被httpd读取生效
默认网站文件存放目录: /var/www/html
访问日志:/var/log/httpd/access_log
错误日志:/var/log/httpd/error_log
httpd.conf重要配置:
Vim /etc/httpd/conf/httpd.conf
ServerRoot“/etc/httpd”
ServerAdmin “root@example.com”
ServerName www.example.com
DocumentRoot “/var/www/hmtl”
Listen 80
DirectoryIndex index.html
ErrorLog “/var/log/httpd/error_log”
CustomLog “/var/log/httpd/access_log” combined
Timeout 300
基于apache虚拟主机: *****
基于IP地址:
[root@server0 conf.d]# pwd
/etc/httpd/conf.d
[root@server0 conf.d]# cat server0-ip.conf
<Virtualhost 172.25.0.11:80>
DocumentRoot "/var/www/html/11"
ServerName serverip11.example.com
<Directory /var/www/html/11>
AllowOverride None
Require all granted
</Directory>
</Virtualhost>
<Virtualhost 172.25.0.12:80>
DocumentRoot "/var/www/html/12"
ServerName serverip12.example.com
<Directory /var/www/html/12>
AllowOverride None
Require all granted
</Directory>
</Virtualhost>
客户端测试:
[root@desktop0 ~]# curl http://172.25.0.12
Basic ip virtualhost
172.25.0.12 serverip12.example.com
[root@desktop0 ~]# curl http://172.25.0.11
Basic ip virtualhost
172.25.0.11 serverip11.example.com
基于域名的主机:
[root@server0 conf.d]# pwd
/etc/httpd/conf.d
[root@server0 conf.d]# cat server-domain.conf
<VirtualHost 172.25.0.11:80>
DocumentRoot "/var/www/html/domain1"
ServerName domain1.example.com
<Directory /var/www/html/domain1>
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
<VirtualHost 172.25.0.11:80>
DocumentRoot "/var/www/html/domain2"
ServerName domain2.example.com
<Directory /var/www/html/domain2>
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
客户端测试:
[root@desktop0 ~]# cat /etc/hosts
172.25.0.11 domain1.example.com
172.25.0.11 domain2.example.com
[root@desktop0 ~]# curl http://domain1.example.com
Basic domain virtualhost
172.25.0.11 domain1.example.com
[root@desktop0 ~]# curl http://domain2.example.com
Basic domain2 virtualhost
172.25.0.11 domain2.example.com
基于端口的主机:
添加selinux端口号:
[root@server0 port2]# semanage port -a -t http_port_t -p tcp 8889
[root@server0 port2]# semanage port -a -t http_port_t -p tcp 8888
[root@server0 port2]# semanage port -l | grep http_port_t
http_port_t tcp 8889, 8888, 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
添加防火墙端口:
[root@server0 port2]# firewall-cmd --add-port=8888/tcp --permanent
success
[root@server0 port2]# firewall-cmd --add-port=8889/tcp --permanent
success
[root@server0 port2]# firewall-cmd --reload
success
[root@server0 port2]# firewall-cmd --list-all
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client http mountd nfs rpc-bind samba ssh
ports: 8889/tcp 80/tcp 8888/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
客户端测试:
[root@desktop0 ~]# curl http://172.25.0.11:8888
Basic port virtualhost
172.25.0.11 port1.example.com
[root@desktop0 ~]# curl http://172.25.0.11:8889
Basic port virtualhost
172.25.0.11 port2.example.com
+++++++++++++++++++++++++参考资料开始+++++++++++++++++
新添加目录和端口
Jan 04 04:41:36 server0.example.com systemd[1]: httpd.service: main process exited, ...RE
Jan 04 04:41:36 server0.example.com systemd[1]: Failed to start The Apache HTTP Server.
Jan 04 04:41:36 server0.example.com systemd[1]: Unit httpd.service entered failed state.
Hint: Some lines were ellipsized, use -l to show in full.
[root@server0 11]# semanage port -l | grep httpd
[root@server0 11]# semanage port -l | grep http
http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
http_cache_port_t udp 3130
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
添加端口标签:
[root@server0 11]# semanage port -a -t http_port_t -p tcp 8888
[root@server0 11]# semanage port -l | grep http
http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
http_cache_port_t udp 3130
http_port_t tcp 8888, 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
对目录添加selinux标签:
[root@server0 11]# ls -Zd /var/www/html
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html
[root@server0 11]# semanage fcontext -a -t httpd_sys_content_t /website'(/.*)?'
[root@server0 11]# restorecon -RFvv /website/ #这两步要一起做
restorecon reset /website context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0
restorecon reset /website/index.html context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0
[root@server0 11]# ls -Zd /website/
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /website/
+++++++++++++++++++++++++++参考资料结束+++++++++++++++++++++++++++++++++++
基于主机访问控制: *****
1.允许所有主机访问:
<Directory /var/www/html/private>
Require all granted
</Directory>
2.允许指定主机访问:
<Directory /var/www/html/private>
Require ip 192.168.122.10
Require ip 192.168.3.0/24
Require host www
</Directory>
3.只允许本机访问:
<Directory /var/www/html/private>
Require local
</Directory>
4.仅拒绝某个主机访问:
<Directory /var/www/html/private>
<RequireAll>
Require all granted
Require not ip 172.25.0.11
Require not host desktop0.example.com
</RequireAll>
<Directory>
5.拒绝某个网段访问;
<Directory /var/www/html/private>
<RequireAll>
Require all granted
Require not ip 172.24.0.0/24
</RequireAll>
<Directory>
基于apache用户的访问控制:
创建口令文件:
Htpasswd -c /etc/httpd/passwd user1
Htpasswd -c /etc/httpd/passwd user1
Cat /etc/httpd/passwd
配置apache
Vim /etc/httpd/conf.d/auth_user.conf
listen 8801
<Virtualhost 172.25.0.11:8801>
DocumentRoot "/var/www/html/user"
ServerName user.example.com
<Directory "/var/www/html/user">
Allowoverride None
#Require all granted
Authtype Basic
AuthName "Require Authentication"
AuthUserFile /etc/httpd/passwd
Require valid-user
</Directory>
配置HTTPS访问: *****
安装mod_ssl
[root@server0 CA]# yum install mod_ssl
主配置文件:
[root@server0 conf.d]# pwd
/etc/httpd/conf.d
[root@server0 conf.d]# ls
autoindex.conf README server-domain.conf ssl.conf welcome.conf
news.conf.bak server0-ip.conf server-port.conf userdir.conf
下载证书:
283 wget http://classroom.example.com/pub/example-ca.crt -P /etc/httpd/ 证书颁发机构的CA证书 [公安局]
284 wget http://classroom.example.com/pub/tls/certs/server0.crt -P /etc/httpd/ CA颁发的服务器证书 [身份证]
285 wget http://classroom.example.com/pub/tls/private/server0.key -P /etc/httpd/ 服务器的私钥 [私钥]
存放地点:
[root@server0 CA]# pwd
/etc/pki/CA
[root@server0 CA]# ls
Certs 证书
crl 证书列表
newcerts
private 私钥
[root@server0 ssl]# pwd
/root/ssl
[root@server0 ssl]# ls
example-ca.crt server0.crt server0.key
客户端与服务端的确认过程:
服务器:
公钥,私钥
客户端:证书+公钥 ->>>>服务器
第三方机构证明服务器是否合法:CA认证
非对称加密算法:用于传送服务端的公钥
对称算法:用于传输客户端的会话密钥+数据 传到服务器端通过私钥解密
客户端与服务端的通信建立过程:
客户端通过443连接服务端
服务器将公钥通过非对称密码的方式通过网络传给客户端
客户端通过会话密钥(服务器公钥)+数据 加密后发送给 ->服务端 服务端用私钥来解密客户传过来的数据
后期客户端与服务端用会话密钥,通过对称的加密算法来加密传输的数据
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName server0.example.com
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www/html
ServerName server0.example.com
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCertificateFile /etc/httpd/server0.crt#服务器的证书对应的私钥
SSLCertificateKeyFile /etc/httpd/server0.key#证书颁发机构的证书
SSLCACertificateFile /etc/httpd/example-ca.crt#证书颁发机构
</VirtualHost>
<Directory /var/www/html>
Require all granted
</Directory>
+++++++++++++++++++++实际的配置-开始++++++++++++++++++++++++++++++++++++
[root@server0 conf.d]# pwd
/etc/httpd/conf.d
[root@server0 conf.d]# cat ssl_website.conf
#<VirtualHost *:80>
#DocumentRoot /var/www/html
#ServerName server0.example.com
#</VirtualHost>
<VirtualHost 172.25.0.11:443>
DocumentRoot /var/www/html
ServerName server0.example.com
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCertificateFile /etc/pki/CA/certs/server0.crt
SSLCertificateKeyFile /etc/pki/CA/private/server0.key
SSLCACertificateFile /etc/pki/CA/certs/example-ca.crt
</VirtualHost>
<Directory /var/www/html>
Require all granted
</Directory>
客户端测试:
+++++++++++++++++++++++++++实际的配置-结束+++++++++++++++++++++++++
配置动态网站技术:主机:server0 *****
[root@server0 ~]# lab webapp setup
Creating web application files... SUCCESS #初始化系统环境
yum -y install mod_wsgi
Ls /home/student/webapp.wsgi
Mkdir /var/www/webapp0
Cp /home/student/webapp.wsgi /var/www/webapp0/
Restorecon -RFvv /var/www/
添加虚拟主机:
<VirtualHost *:80>
ServerName webapp0.example.com
WSGIScriptAlias / /var/www/webapp0/webapp.wsgi
</VritualHost>
<Directory /var/www/webapp0>
Require all granted
</Directory>
++++++++++++++++++实际的配置-开始++++++++++++++++++++++++++++++++++
[root@server0 conf.d]# pwd
/etc/httpd/conf.d
[root@server0 conf.d]# cat server-wsgi.conf
listen 8802
<Virtualhost 172.25.0.11:8802>
ServerName webapp0.example.com
WSGIScriptAlias / /var/www/webapp0/webapp.wsgi
<Directory /var/www/webapp0>
Require all granted
</Directory>
</Virtualhost>
[root@server0 ~]# firewall-cmd --add-port=8802/tcp --permanent
客户端测试:
[root@desktop0 ~]# curl http://172.25.0.11:8802
UNIX EPOCH time is now: 1515085846.4
+++++++++++++++++++实际的配置-结束++++++++++++++++++++++++++++++++
