实验在redhat7.2上进行
yum install -y httpd
systemc
1.安装apache软件包:
[root@apacheserver ~]# yum install httpd httpd-manual
2.启动apache服务:
[root@apacheserver ~]# systemctl start httpd
[root@apacheserver ~]# systemctl enable httpd
3.查看监听端口:
4.设置防火墙不阻挡apache
[root@apacheserver ~]# firewall-cmd --permanent --add-service=http
success
[root@apacheserver ~]# firewall-cmd --permanent --add-service=https
success
[root@apacheserver ~]# firewall-cmd --list-all
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client dns http https ssh
ports: 8080/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
到此apache的基本配置就完成了,我们可以在客户端用浏览器访问apache服务器,
5.测试页的撰写
在/var/www/html/下建立文件index.html
[root@apacheserver ~]# vim /var/www/html/index.html
[root@apacheserver ~]# cat /var/www/html/index.html
hello
此时在客户端用浏览器访问就会看到index.html的内容
修改Apache默认的设置
1.修改Apache默认的监听端口
1>修改配置文件
[root@apacheserver ~]# vim /etc/httpd/conf/httpd.conf
42 Listen 8080
2>重启服务
[root@apacheserver ~]# systemctl restart httpd
3>在客户端浏览器输入服务器ip:端口号
172.25.254.101:8080
2.修改Apache默认发布目录
1>新建默认发布目录
[root@apacheserver ~]# mkdir /westos/html -p
2>修改配置文件
[root@apacheserver ~]# vim /etc/httpd/conf/httpd.conf
DocumentRoot "/westos/html"
<Directory "/westos">
Require all granted
</Directory>
3>写新发布目录里写发布文件index.html
[root@apacheserver html]# vim index.html
[root@apacheserver html]# cat index.html
new directory
3>重启服务
[root@apacheserver ~]# systemctl restart httpd
4>在客户端浏览器测试,此时会报错,原因是安全上下文不匹配
[root@apacheserver ~]# ls -lZd /var/www/html/
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html/
[root@apacheserver ~]# ls -lZd /westos/html
drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 /westos/html
[root@apacheserver ~]# restorecon -RvvF /westos/
restorecon reset /westos context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0
restorecon reset /westos/html context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0
[root@apacheserver ~]# ls -lZd /westos/html
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /westos/html
[root@apacheserver ~]# systemctl restart httpd
再次测试:
基于域名配置虚拟主机
1.修改客户端的/etc/hosts
172.25.254.190 www.westos.com apache.westos.com music.westos.com
2.建立虚拟主机的发布目录和发布文件
[root@apache www]# mkdir news
[root@apache www]# mkdir music
[root@apache www]# echo new > /var/www/news/index.html
[root@apache www]# echo music > /var/www/music/index.html
3.写虚拟主机的配置文件
[root@apache www]# cd /etc/httpd/conf.d/
[root@apache conf.d]# vim default.conf
<virtualhost _default_:80>documentroot /var/www/html
customlog "logs/default.log" combined
</virtualhost>
<directory /var/www/html>
require all granted
</directory>
[root@apache conf.d]# vim news.conf
<virtualhost *:80>
servername apache.westos.com
documentroot /var/www/news
customlog "logs/news.log" combined
</virtualhost>
<directory /var/www/news>
require all granted
</directory>
[root@apache conf.d]# vim music.conf
<virtualhost *:80>
servername music.westos.com
documentroot /var/www/music
customlog "logs/music.log" combined
</virtualhost>
<directory /var/www/music>
require all granted
</directory>
4.重启服务
[root@apache conf.d]# systemctl restart httpd
Apache内置用户验证机制
1.在/etc/httpd/conf/创建用户
[root@apache conf]# htpasswd -cm apacheuser admin
New password:
Re-type new password:
Adding password for user admin
[root@apache conf]# htpasswd -m apacheuser hao
New password:
Re-type new password:
Adding password for user hao
2.在/etc/httpd/conf.d/修改虚拟主机配置文件
[root@apache conf.d]# vim news.conf
添加内容:
<directory /var/www/news/admin>
authuserfile /etc/httpd/conf/apacheuser
authname "input name,passwd"
authtype basic
require valid-user
</directory>
3.重启服务
[root@apache conf.d]# systemctl restart httpd
拒绝或允许某一个ip来访问apache网页:
[root@apache conf.d]# vim /etc/httpd/conf.d/news.conf
禁止172.25.254.90访问,要是允许就oerder deny,allow
<directory /var/www/news/admin>
order allow,deny ##哪个在前先做哪个
allow from 172.25.254.90
deny from all
</directory>
https加密
[root@music ~]# yum install -y mod_ssl.x86_64
[root@music conf.d]# systemctl reload httpd
在浏览器里直接查看有证书,不过证书内容是默认的
[root@music Desktop]# netstat -antlpe | grep httpd
tcp6 0 0 :::80 :::* LISTEN 0 40305 3249/httpd
tcp6 0 0 :::443 :::* LISTEN 0 45516 3249/httpd
[root@music Desktop]# yum install crypto-utils.x86_64 -y
[root@music Desktop]# genkey music.westos.com
[root@music Desktop]# vim /etc/httpd/conf.d/ssl.conf
101 SSLCertificateFile /etc/pki/tls/certs/music.westos.com.crt
109 SSLCertificateKeyFile /etc/pki/tls/private/music.westos.com.key
[root@music Desktop]# systemctl restart httpd.service
网页重写
[root@music Desktop]# mkdir /var/www/westos/login/html -p
[root@music Desktop]# vim /var/www/westos/login/html/index.html
[root@music conf.d]# vim login.conf
[root@music conf.d]# cat login.conf
<Virtualhost *:443>
ServerName login.westos.com
DocumentRoot /var/www/westos/login/html
CustomLog "logs/login.log" combined
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/music.westos.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/music.westos.com.key
</Virtualhost>
<Directory "/var/www/westos/login/html">
Require all granted
</Directory>
<Virtualhost *:80>
ServerName login.westos.com
RewriteEngine on
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
</Virtualhost>
[root@music conf.d]# systemctl restart httpd
在真机浏览器里测试
[root@foundation34 8.14]# vim /etc/hosts
[root@foundation34 8.14]# tail -n 1 /etc/hosts
172.25.34.101 login.westos.com
在浏览器里输入 login.westos.com 会自动跳到https加密的