Shulou(Shulou.com)06/03 Report--

Unit 9

Apache web service

One Apache installation

1 yum install httpd-y # install apache package #

2 systemctl start httpd # enable service #

3 systemctl enable httpd.service # turn on the service automatically #

4 systemctl stop firewalld.service # turn off firewall #

5 systemctl disable firewalld.service # turn it on and shut down automatically #

6 netstat-antlp | grep httpd # View listening port #

2. Basic apache information

Default release directory for 1 apache

Index.html

2 configuration file for apache

/ etc/httpd/conf/httpd.conf # main profile #

ServerRoot "/ etc/httpd" # used to specify the running directory of Apache #

Listen 80 # listening port #

User apache # users and groups running apache programs #

Group apache

ServerAdmin root@localhost # Administrator mailbox #

DocumentRoot "/ var/www/html" # the directory where web files are stored #

# # statement Block Custom Directory permissions # #

Require all granted

ErrorLog "logs/error_log" # location of error log #

AddDefaultCharset UTF-8 # default supported languages #

IncludeOptional conf.d/*.conf # load other configuration files #

DirectoryIndex index.html # default homepage name #

/ etc/httpd/conf.d/*.conf # Sub-profile #

3 default release directory for apache

/ var/www/html

4 default port for apache

eighty

Basic configuration of three apache

1) Modification of default file

1 vim / var/www/html/index.html # write default file #

Content:

Hello world

2 vim / var/www/html/ westos.html # write default file #

Content:

Westos linux

3 vim / etc/httpd/conf/httpd.con

one hundred and sixty eight

DirectoryIndex westos.html index.html# default westos.html is the default file, and if westos.html does not exist, the default file is index.html#

one hundred and seventy

4 systemctl restart httpd.service # restart service #

Test:

Log in to 172.25.254.112 to see whether the content displayed is index.html or westos.html

If you delete the westos.html file

The process is as follows:

[root@mariadb mysqladmin] # cd / var/www/html/

[root@mariadb html] # ls

Admin cgi mysqladmin

[root@mariadb html] # vim index.html

[root@mariadb html] # vim westos.html

[root@mariadb html] # vim / etc/httpd/conf/httpd.conf

[root@mariadb html] # systemctl restart httpd.service

[root@mariadb html] # rm-fr westos.html

2) Modification of default directory

When selinux is disabled:

1 mkdir / westos/www/test-p # create a directory as the default directory #

2 vim / westos/www/test/westos.html # write default file #

Content:

Westos's page

3 vim / etc/httpd/conf/httpd.conf

121 DocumentRoot "/ westos/www/test" # modify the default directory #

one hundred and twenty two

123 # set default directory access #

124 Require all granted # allow everyone to access #

one hundred and twenty five

4 systemctl restart httpd.service # restart service #

Test:

Log in to 172.25.254.112 to view the contents:

The process is as follows:

[root@mariadb html] # mkdir / westos/www/test-p

[root@mariadb html] # vim / westos/www/test/westos.html

[root@mariadb html] # vim / etc/httpd/conf/httpd.conf

[root@mariadb html] # systemctl restart httpd.service

When selinux is enforcing status:

Add the following two steps:

1 semanage fcontext-a-t httpd_sys_content_t'/ westos (/. *)?'# modify security context #

2 restorecon-RvvF / westos/ # Refresh # #

3) access control of apache

Set access to ip:

1 mkdir / var/www/html/admin/

2 vim / var/www/html/admin/index.html

Admin's page

3 vim / etc/httpd/conf/httpd.conf

Order Allow,Deny # allows everyone to access the admin directory but only 78 hosts cannot access #

Allow from All

Deny from 172.25.254.78

3 systemctl restart httpd.service

The process is as follows:

[root@mariadb html] # yum install php

[root@mariadb html] # vim / var/www/html/index.html

[root@mariadb html] # systemctl restart httpd.service

Cgi language:

1 yum install httpd-manual-y

2 mkdir / var/www/html/cgi

3 cd / var/www/html/cgi/

4 vim index.cgi

#! / usr/bin/perl

Print "Content-type: text/html\ n\ n"

Print `date`

5 chmod + x index.cgi

6 vim / etc/httpd/conf/httpd.conf

179 DirectoryIndex index.html index.cgi

one hundred and thirty five

136 Options + ExecCGI

137 AddHandler cgi-script .cgi

one hundred and thirty eight

[root@mariadb httpd] # yum install httpd-manual-y

[root@mariadb httpd] # systemctl restart httpd.service

[root@mariadb httpd] # mkdir / var/www/html/cgi

[root@mariadb httpd] # touch / var/www/html/cgi/index.cgi

[root@mariadb httpd] # cd / var/www/html/cgi/

[root@mariadb cgi] # vim index.cgi

[root@mariadb cgi] # chmod + x index.cgi

[root@mariadb cgi] # vim / etc/httpd/conf/httpd.conf

[root@mariadb cgi] # systemctl restart httpd.service

Test:

Log in to 172.25.254.112/cgi

Three virtual hosts

1) definition:

One of our aoache servers can display different home pages when visited by different domain names, and virtual hosts allow you to serve multiple websites from a httpd server at the same time.

2) create a test page:

Cd / var/www/

Mkdir virtual

Mkdir virtual/news.westos.com

Mkdir virtual/money.westos.com

Mkdir virtual/money.westos.com/html

Mkdir virtual/news.westos.com/html

Echo "money.westos.com's page" > virtual/money.westos.com/html/index.html

Echo "news.westos.com's page" > virtual/news.westos.com/html/index.html

3) configuration

1 cd / etc/httpd/conf.d/ # # configured in the subconfiguration file

2 vim default.conf # # access without a specified domain name accesses default

# Ports opened by virtual hosts #

DocumentRoot "/ var/www/html" # default release directory for virtual hosts #

CustomLog "logs/default.log" combined # Virtual host log #

3 vim news.conf # access that specifies the domain name as news.westos.com #

ServerName "news.westos.com" # specify server name #

DocumentRoot "/ var/www/virtual/news.westos.com/html"

CustomLog "logs/news.log" combined

# default release directory access authorization #

Require all granted

4 vim money.conf # access that specifies the domain name as money.westos.com #

ServerName "money.westos.com"

DocumentRoot "/ var/www/virtual/money.westos.com/html"

CustomLog "logs/money.log" combined

Require all granted

5 systemctl restart httpd.service # restart service #

6 perform local resolution on the host of the browser:

[root@foundation12 Desktop] # vim / etc/hosts

172.25.254.112 www.westos.com news.westos.com money.westos.com

Test:

Log in to www.westos.com, new.westos.com and money.westos.com respectively

The process is as follows:

[root@server ~] # cd / var/www/ # create a test page #

[root@server www] # mkdir virtual

[root@server www] # ls

Cgi-bin html virtual

[root@server www] # mkdir virtual/news.westos.com

[root@server www] # mkdir virtual/money.westos.com

[root@server www] # mkdir virtual/money.westos.com/html

[root@server www] # mkdir virtual/news.westos.com/html

[root@server www] # echo "money.westos.com's page" > virtual/money.westos.com/html/index.html

[root@server www] # echo "news.westos.com's page" > virtual/news.westos.com/html/index.html

[root@server conf] # cd / etc/httpd/conf.d/ # # configure # in the subconfiguration file

[root@server conf.d] # ls

Autoindex.conf php.conf userdir.conf

Manual.conf README welcome.conf

[root@server conf.d] # vim default.conf

[root@server conf.d] # vim news.conf

[root@server conf.d] # cp news.conf money.conf

[root@server conf.d] # vim money.conf

[root@server conf] # cd / etc/httpd/conf.d

[root@server conf.d] # ls

Autoindex.conf manual.conf news.conf README welcome.conf

Default.conf money.conf php.conf userdir.conf

[root@server conf.d] # systemctl restart httpd.service # restart service #

Local resolution is performed on the host of the browser:

[root@foundation12 Desktop] # vim / etc/hosts

172.25.254.112 www.westos.com news.westos.com money.westos.com

4) configure https

Http access is plaintext access, https access is encrypted access.

The listening port for https access is 443

1 netstat-antlpe | grep httpd # check which ports are related to httpd # #

2 yum install mod_ssl-y # Port 443 only if ssl is installed #

3 vim / etc/httpd/conf.d/ssl.conf # after the installation number ssl, the ssl.conf file will appear with port 443 #

4 yum install crypto-utils.x86_64-y # install the software package # that generates the self-signed certificate

5 genkey www.westos.com # call genkey to generate certificate #

-- > record the location of the generated certificate and associated private key

-- > choose the appropriate key size

-- > it is slow to generate random numbers. Tapping the keyboard and moving the mouse can accelerate.

-- > refuse to send a certificate request (CSR) to the certification authority (CA)

-- > refuse to encrypt the private key

-- > provide the appropriate identity for the server. The Common Name must exactly match the full host name of the server (note that any comma should be escaped using a leading backslash [\])

->

6 vim ssl.conf

7 vim login.conf

# listening port of https #

ServerName "login.westos.com"

DocumentRoot "/ var/www/virtual/login.westos.com/html"

CustomLog "logs/login.log" combined

SSLEngine on # enable https function #

SSLCertificateFile / etc/pki/tls/certs/www.westos.com.crt # Certificate #

SSLCertificateKeyFile / etc/pki/tls/private/www.westos.com.key # # key #

Require all granted

The process is as follows:

[root@localhost conf.d] # yum install mod_ssl.x86_64-y

[root@localhost conf.d] # yum install crypto-utils.x86_64-y

[root@localhost conf.d] # genkey www.westos.com

/ usr/bin/keyutil-c makecert-g 512-s "CN=www.westos.com, OU=linux, O=westos, L=xi'an, ST=Shannxi, C=CN"-v 1-a-z / etc/pki/tls/.rand.3946-o / etc/pki/tls/certs/www.westos.com.crt-k / etc/pki/tls/private/www.westos.com.key

Cmdstr: makecert

Cmd_CreateNewCert

Command: makecert

Keysize = 512 bits

Subject = CN=www.westos.com, OU=linux, O=westos, L=xi'an, ST=Shannxi, C=CN

Valid for 1 months

Random seed from / etc/pki/tls/.rand.3946

Output will be written to / etc/pki/tls/certs/www.westos.com.crt

Output key written to / etc/pki/tls/private/www.westos.com.key

Generating key. This may take a few moments...

Made a key

Opened tmprequest for writing

/ usr/bin/keyutil Copying the cert pointer

Created a certificate

Wrote 486 bytes of encoded data to / etc/pki/tls/private/www.westos.com.key

Wrote the key to:

/ etc/pki/tls/private/www.westos.com.key

[root@localhost conf.d] # ls

Autoindex.conf money.conf README tmprequest welcome.conf

Default.conf news.conf ssl.conf userdir.conf

[root@localhost conf.d] # vim ssl.conf

[1] + Stopped vim ssl.conf

[root@localhost conf.d] # fg

Vim ssl.conf

[1] + Stopped vim ssl.conf

[root@localhost conf.d] # fg

Vim ssl.conf

[root@localhost conf.d] # systemctl restart httpd.service

[root@localhost conf.d] # netstat-antlpe | grep httpd

Tcp6 0 0: 443: * LISTEN 0 97088 4088/httpd

Tcp6 0 0: 80: * LISTEN 0 97074 4088/httpd

[root@localhost conf.d] # cp-p money.conf login.conf

[root@localhost conf.d] # mkdir / var/www/virtual/login.westos.com/html-p

[root@localhost conf.d] # vim / var/www/virtual/login.westos.com/html/index.html

[root@localhost conf.d] # vim login.conf

# listening port of https #

ServerName "login.westos.com"

DocumentRoot "/ var/www/virtual/login.westos.com/html"

CustomLog "logs/login.log" combined

SSLEngine on # enable https function #

SSLCertificateFile / etc/pki/tls/certs/www.westos.com.crt## Certificate # #

SSLCertificateKeyFile / etc/pki/tls/private/www.westos.com.key## key # #

Require all granted

[root@localhost conf.d] # systemctl restart httpd.service

Test: log in to login.westos.com

5) Web page rewriting

1 vim login.conf

ServerName "login.westos.com"

DocumentRoot "/ var/www/virtual/login.westos.com/html"

CustomLog "logs/login.log" combined

SSLEngine on

SSLCertificateFile / etc/pki/tls/certs/www.westos.com.crt

SSLCertificateKeyFile / etc/pki/tls/private/www.westos.com.key

Require all granted

# automatic access to https### by web page rewriting

ServerName login.westos.com

RewriteEngine on

RewriteRule ^ (/. *) $https://%{HTTP_HOST}$1 [redirect=301]

^ (/. *) $# all characters written by the client host in the address bar, except the newline character # #

Https:// # directed access protocol #

% {HTTP_HOST} # customer request host #

$1 # # means the value of ^ (/. *) $#

[redirect=301] # 301 means temporary redirection, 302 means permanent redirection #

2 systemctl restart httpd.service

Test:

Add resolution to the customer host

172.25.254.112 login.westos.com

Access to http://login.westos.com will automatically jump to

Https://login.westos.com

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.