Shulou(Shulou.com)05/31 Report--

This article introduces the relevant knowledge of "CentOS7.2 configuration Apache service instance analysis". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

A brief introduction to apache

Apache http server (apache for short) is an open source web server software of the apache Software Foundation, which can run in most computer operating systems because of its cross-platform and security (although new vulnerabilities are constantly being discovered, but because of its open source characteristics, vulnerabilities can always be patched quickly. Therefore, in general, its security is quite high. ). It is widely used and is one of the most popular web server software. It is fast, reliable and can compile interpreters such as perl/python into the server through a simple api extension.

Software icon

Second, install apache httpd

Install httpd to configure the web server, http uses 80 / tcp

[1] install httpd. [root@linuxprobe ~] # yum-y install httpd# remove the default welcome page [root@linuxprobe ~] # rm-f / etc/httpd/conf.d/welcome.conf [2] configure httpd Replace the server name with your own environment [root@linuxprobe ~] # vi / etc/httpd/conf/httpd.conf# line 86: change the administrator's email address serveradmin root@linuxprobe.org# line 95: change the domain name information servername www.linuxprobe.org:80# line 151: none to allallowoverride all# line 164add the file name directoryindex index.html index.cgi index.php# add follows to the end# that can only be accessed using the directory name Server's response header (Security) servertokens prod# keepalive is onkeepalive on [root@linuxprobe ~] # systemctl start httpd [root@linuxprobe ~] # systemctl enable httpd [3] if firewalld is running Please allow the http service. Http uses 80 / tcp [root@linuxprobe ~] # firewall-cmd-- add-service=http-- permanentsuccess [root@linuxprobe ~] # firewall-cmd-- reloadsuccess [4] to create a html test page and access it from the client pc using a web browser. If the following page is displayed, it is correct [root@linuxprobe ~] # vi / var/www/html/index.htmlwelcome access linuxprobe.org,this is test page!

Third, support perl

Enable cgi execution and use perl scripts

[1] install perl. [root @ linuxprobe ~] # yum-y install perl perl-cgi [2] by default, cgi is allowed in the "/ var/www/cgi-bin" directory. You can use perl scripts to put it in the directory. However, all files under it are processed as cgi. # the following settings are cgi settings [root@linuxprobe] # grep-n "^ * scriptalias" / etc/httpd/conf/httpd.conf247: scriptalias / cgi-bin/ "/ var/www/cgi-bin/" [3] if you want to allow cgi in other directories, the configuration is as follows. For example, it is allowed in "/ var/www/html/cgi-enabled". [root@linuxprobe ~] # vi / etc/httpd/conf.d/cgi-enabled.conf# create new# processes .CGI and .pl as cgi scripts options + execcgi addhandler cgi-script .cgi .pl [root@linuxprobe ~] # systemctl restart httpd [4] if selinux is enabled and allows cgi to change under a directory other than the default directory like [3] above, the change rules are as follows. [root@linuxprobe ~] # chcon-r-t httpd_sys_script_exec_t / var/linuxprobe/html/cgi-enabled [root@linuxprobe ~] # semanage fcontext-a-t httpd_sys_script_exec_t / var/www/html/cgi-enabled [5] create a cgi test page and access it from the client pc using a web browser. If the following page is displayed, the configuration is correct. [root@linuxprobe ~] # vi / print cgi test page "; print"\ n\ n "; print"\ n\ n "; [root@linuxprobe ~] # chmod 705 / var/www/html/cgi-enabled/index.cgi

4. Support php

Configure httpd to use php scripts

[1] install php.

[root@linuxprobe ~] # yum-y install php php-mbstring php-pear [root@linuxprobe ~] # vi / etc/php.ini# line 878: uncomment and set time zone date.timezone = "asia/shanghai" [root@linuxprobe ~] # systemctl restart httpd

[2] create a php test page and access it from the client pc using a web browser. If the following page is displayed, it is OK.

[root@linuxprobe ~] # vi / var/www/html/index.php

[3] create a phpinfo test page and confirm that php support is enabled

[root@linuxprobe ~] # echo "" > / var/www/html/phpinfo.php

5. Support ruby

Configure httpd to use the ruby script as a cgi

[1] install ruby.

[root@linuxprobe ~] # yum-y install ruby

[2] cgi is allowed by default in the "/ var/www/cgi-bin" directory.

You can use perl scripts to put it in the directory. However, all files under it are processed as cgi.

# the following settings are cgi settings [root@linuxprobe ~] # grep-n "^ * scriptalias" / etc/httpd/conf/httpd.conf247: scriptalias / cgi-bin/ "/ var/www/cgi-bin/"

[3] if you want to allow cgi in other directories, the configuration is as follows.

For example, it is allowed in "/ var/www/html/cgi-enabled".

[root@linuxprobe ~] # vi / etc/httpd/conf.d/cgi-enabled.conf# create new# processes .rb as cgi scripts options + execcgi addhandler cgi-script .rb [root@linuxprobe ~] # systemctl restart httpd

[4] if selinux is enabled and allows cgi to change the rules in a directory other than the default directory like [3] above, the rules are as follows.

[root@linuxprobe ~] # chcon-r-t httpd_sys_script_exec_t / var/www/html/cgi-enabled [root@linuxprobe ~] # semanage fcontext-a-t httpd_sys_script_exec_t / var/www/html/cgi-enabled

[5] create a cgi test page and access to it from client pc with web browser. It's ok if following page is shown.

[root@linuxprobe ~] # vi / varamp www ruby script test page print [n] # print "ruby script test page" print\ n\ n "print"\ n\ n [root@linuxprobe ~] # chmod 705 / var/www/html/cgi-enabled/index.rb

VI. Support python

Enable cgi execution and use python scripts

[1] install python. [root @ linuxprobe ~] # yum-y install python [2] by default, cgi is allowed in the "/ var/www/cgi-bin" directory. You can use perl scripts to put it in the directory. However, all files under it are processed as cgi. # the following settings are cgi settings [root@linuxprobe] # grep-n "^ * scriptalias" / etc/httpd/conf/httpd.conf247: scriptalias / cgi-bin/ "/ var/www/cgi-bin/" [3] if you want to allow cgi in other directories, the configuration is as follows. For example, it is allowed in "/ var/www/html/cgi-enabled". [root@linuxprobe ~] # vi / etc/httpd/conf.d/cgi-enabled.conf# create new# processes .py as cgi scripts options + execcgi addhandler cgi-script .py [root@linuxprobe ~] # systemctl restart httpd [4] if selinux is enabled and allows cgi to change under a directory other than the default directory like [3] above, the change rules are as follows. [root@linuxprobe] # chcon-r-t httpd_sys_script_exec_t / var/www/html/cgi-enabled [root@linuxprobe] # semanage fcontext-a-t httpd_sys_script_exec_t / var/www/html/cgi-enabled [5] create a cgi test page and access to it from client pc with web browser. It's ok if following page is shown. [root@linuxprobe ~] # vi / varwww print HtmlGIZGY pythonprint Env pythonprint "content-type: text/html\ n" print "\ n" print "\ n" print "python script test page" print "\ n\ n" print "\ n\ n" print "\ n" [root@linuxprobe ~] # chmod 705 / var/www/html/cgi-enabled/index.py

7. Support userdir

Enable userdir, users can use this setting to create a website

[1] configure httpd. [root@linuxprobe ~] # vi / etc/httpd/conf.d/userdir.conf# line 17: comment out#userdir disabled# line 24: uncommentuserdir public_html# line 31-35 allowoverride all# change options none# change require method get post options [root@linuxprobe ~] # systemctl restart httpd [2] create a test page, use ordinary users through the client pc and web browser and access it, if the following page is displayed Is the correct [cent@linuxprobe ~] $mkdir public_ html [cent @ linuxprobe ~] $chmod 711 / home/cent [cent@linuxprobe ~] $chmod 755 / home/cent/public_ html [cent @ linuxprobe ~] $vi. / public_html/index.htmluserdir test page

Browser access: http://linuxprobe.org/~wang/, the following interface appears

Setting up a virtual host

Configure a virtual host to use multiple domain names.

The following example is set in an environment where the domain name is [linuxprobe.org] and the virtual domain name is [virtual.host (root directory [/ home/wang/public_html]]).

You must set the settings for userdir for this example

[1] configure the virtual host [root@linuxprobe ~] # vi / etc/httpd/conf.d/vhost.conf# for original domain documentroot / var/www/html servername www.linuxprobe.org# for virtual domain documentroot / home/cent/public_html servername www.virtual.host serveradmin webmaster@virtual.host errorlog logs/virtual.host-error_log customlog logs/virtual.host-access_log combined [root@linuxprobe ~] # systemctl restart httpd [2] create a test page and use a web browser to access it from the client computer. If the following page is displayed, it is correct: [cent@linuxprobe ~] $vi ~ / public_html/virtual.phpvirtual host test page [3] if you do not see the corresponding page when accessing the test, you can test it with the following command: [root@linuxprobe ~] # yum-y install elinks ^ c [root@linuxprobe ~] # elinks http://www.virtual.host/virtual.php

9. Create ssl certificate

Create your own ssl certificate. However, if you use your server as a business, it is best to purchase and use formal certificates from verisigh, etc.

[root@linuxprobe ~] # cd / etc/pki/tls/certcert.pem certs/ [root@linuxprobe ~] # cd / etc/pki/tls/certs/ [root@linuxprobe certs] # make server.keyumask 77 \ / usr/bin/openssl genrsa-aes128 2048 > server.keygenerating rsa private key 2048 bit long modulus...+++... ... + + e is 65537 (0x10001) enter pass phrase:verifying-enter pass phrase: [root@linuxprobe certs] # openssl rsa-in server.key-out server.keyenter pass phrase for server.key:writing rsa key [root@linuxprobe certs] # make server.csrumask 77 \ / usr/bin/openssl req-utf8-new-key server.key-out server.csryou are about to be asked to enter information that will be incorporatedinto your certificate request.what you are about to enter is what is called a distinguished name ora dn.there are quite a few fields but you can leave some blankfor some fields there will be a default value,if you enter'.' The field will be left blank.-country name (2 letter code) [xx]: cn # country suffix state or province name (full name) []: shanghai # province locality name (eg, city) [default city]: shanghai # city organization name (eg, company) [default company ltd]: linuxprobe # organizational unit name (eg, section) []: devops # department common name (eg Your name or your server's hostname) []: linuxprobe.org # hostname emailaddress []: root@linuxprobe.org # mailbox please enter the following 'extra' attributesto be sent with your certificate requesta challenge password []: # default an optional company name []: # default # [root@linuxprobe certs] # openssl x509-in server.csr-out server.crt-req-signkey server.key-days 3650signature oksubject=/c=cn/st=shanghai/l=shanghai/o=linuxprobe/ou=devops/cn=linuxprobe.org/emailaddress=root@linuxprobe.orggetting private key

10. Configure ssl

[1] configure ssl.

[root@linuxprobe ~] # yum-y install mod_ SSL [root @ linuxprobe ~] # vi / etc/httpd/conf.d/ssl.conf# line 59: uncomment documentroot "/ var/www/html" # line 60: uncomment Define the domain name servername linuxprobe.org:443# line 75: change sslprotocolsslprotocol-all + tlsv1 + tlsv1.1 + tlsv1.2# line 100to the newly created server.crtsslcertificatefile / etc/pki/tls/certs/server.crt# line 107and change to the newly created server.keysslcertificatekeyfile / etc/pki/tls/certs/server.key [root@www ~] # systemctl restart httpd

[2] if firewalld is running, allow the https service. Https uses 443 / tcp

[root@www] # firewall-cmd-- add-service=https-- permanentsuccess [root@www] # firewall-cmd-- reloadsuccess

[3] use a web browser to access the test page from the client computer through https. The following example is fiorefix. The following screen is displayed, because the certificate was created by itself, but it does not have ploblem, proceed to the next step.

Enable basic authentication

Enable basic authentication to restrict access to specific web pages

[1] for example, set basic authentication settings under the directory [/ var/www/html/auth-basic].

[root@linuxprobe ~] # vi / etc/httpd/conf.d/auth_basic.conf# create a new profile authtype basic authname "basic authentication" authuserfile / etc/httpd/conf/.htpasswd require valid-user# add users: create a new file using "- c" (add "- c" option only for initial registration) [root@linuxprobe ~] # htpasswd-c / etc/httpd/conf/.htpasswd wangnew password: # set passwordre-type new password: # confirmadding password for user wang [root@linuxprobe ~] # systemctl restart httpd [root@linuxprobe ~] # mkdir / var/www/html/auth-basic [root@linuxprobe ~] # vi / var/www/html/auth-basic/index.html# create a test pagetest page for basic auth

[2] use a web browser to access the test page from the client computer. Then authentication is required, as a setting shown below, with the user's answer added in [1]

Basic auth + pam

Restrict access to specific web pages and use os users to authenticate over ssl connections

[1] to create a certificate, please refer to the above.

[2] for example, set basic auth under the [/ var/www/html/auth-pam] directory.

# install from epel [root@linuxprobe ~] # yum-enablerepo=epel-y install mod_authnz_external pwauth [root@linuxprobe ~] # vi / etc/httpd/conf.d/authnz_external.conf# add to the end sslrequiressl authtype basic authname "pam authentication" authbasicprovider external authexternal pwauth require valid-user [root@linuxprobe ~] # mkdir / var/www/html/auth-pam [root@linuxprobe ~] # vi / var/www/html/auth-pam/index.html# create a test pagetest page for pam auth [root@linuxprobe ~] # systemctl restart httpd

[3] use a web browser on the client to access the test page https://linuxprobe.org/auth-pam/ and authenticate with the user on the operating system.

XIII. Use webdav

The following is an example of configuring webdav settings using a ssl connection

[1] to create a certificate, please refer to the above

[2] for example, create a directory [webdav] that makes it possible to connect to the webdav directory only through ssl.

[root@linuxprobe] # mkdir / home/webdav [root@linuxprobe ~] # chown apache. / home/webdav [root@linuxprobe ~] # chmod 770 / home/webdav [root@linuxprobe ~] # vi / etc/httpd/conf.d/webdav.conf# create newdavlockdb "/ tmp/davlock" alias / webdav / home/webdav dav on sslrequiressl options none authtype basic authname webdav authuserfile / etc/httpd/conf/.htpasswd require method get post options require valid-user # add users: create a new file using "- c" (add "- c" option only for initial registration) [ Root@linuxprobe ~] # htpasswd-c / etc/httpd/conf/.htpasswd wangnew password: # set passwordre-type new password:adding password for user wang# * * Note: the htpasswd of user wang has been created There is no need to create * * [root@linuxprobe ~] # systemctl restart httpd repeatedly

[3] if selinux is enabled, change the following rules.

[root@linuxprobe ~] # chcon-r-t httpd_sys_rw_content_t / home/webdav [root@linuxprobe ~] # semanage fcontext-a-t httpd_sys_rw_content_t / home/webdav

[4] this is the setting for the webdav client on pc (windows 10).

Download "carotdav", a free webdav client, from the following website ⇒, download, install and launch carotdav, then display the following screen, click the "File" button and select "webdav".

[5] enter any name in the setting name field, and enter [server name / webdav directory] in the uri field, and enter the user name and password

[7] the configuration is added below, click it to connect to the server.

[8] waring is shown below, its ssl certificate is not installed on your computer, it does not have ploblem, click "ignore", and then go to the next step.

[9] create test directories and files under the webdav directory

[root@linuxprobe tmp] # cd / home/webdav/ [root@linuxprobe webdav] # mkdir linuxprobe [root@linuxprobe webdav] # mkdir linuxcool [root@linuxprobe webdav] # touch vdevops.txt [root@linuxprobe webdav] # touch linuxcool.txt

This is the end of "CentOS7.2 configuration Apache Service instance Analysis". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.