需要安装的软件包:httpd(redhat6 默认安装了)
服务启动脚本/etc/init.d/httpd
主配置文件:/etc/httpd/conf/httpd.conf
环境:redhat6.2 32bit
实验了虚拟主机,目录访问控制
过程如下:
[root@mail ~]# nslookup www.example.com #先查看下两个域名是否能正常解析
Server: 192.169.1.98
Address: 192.169.1.98#53
Name: www.example.com
Address: 192.169.1.98
[root@mail ~]# nslookup chen.example.com
Server: 192.169.1.98
Address: 192.169.1.98#53
Name: chen.example.com
Address: 192.169.1.98
[root@mail ~]# vim /etc/httpd/conf/httpd.conf
#NameVirtualHost 192.169.1.98:80 #虚拟主机用到这句,否则不加
<VirtualHost 192.169.1.98:80>
DocumentRoot /myweb/
ServerName chen.example.com
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>
[root@mail ~]# mkdir /myweb
[root@mail ~]# vim /myweb/index.html
[root@mail ~]# cat /myweb/index.html
hello,chen.example.com
[root@mail ~]# service httpd restart
停止 httpd: [确定]
正在启动 httpd:Warning: DocumentRoot [/myweb/] does not exist
[确定]
#提示这个目录不存在,暂时关闭selinux,重启。
[root@mail ~]# setenforce 0
[root@mail ~]# service httpd restart
停止 httpd: [确定]
正在启动 httpd: [确定]
[root@mail ~]# links chen.example.com
http://chen.example.com/
hello,chen.example.com
╔══════════════════════════════════════╗
║ ║
║ Do you really want to exit ELinks? ║
║ ║
║ [ Yes ] [ No ] ║
╚══════════════════════════════════════╝
OK [------]
[root@mail ~]# --------------虚拟主机----------------^C
[root@mail ~]# vim /etc/httpd/conf/httpd.conf
[root@mail ~]# tail -13 /etc/httpd/conf/httpd.conf
NameVirtualHost 192.169.1.98:80 #虚拟主机共用的ip
<VirtualHost 192.169.1.98:80>
DocumentRoot /myweb/
ServerName chen.example.com
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>
<VirtualHost 192.169.1.98:80>
DocumentRoot /www/
ServerName www.example.com
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>
[root@mail ~]# mkdir /www
[root@mail ~]# vim /www/index.html
[root@mail ~]# cat /www/index.html
hello,www.example.com
[root@mail ~]# service httpd restart
停止 httpd: [确定]
正在启动 httpd: [确定]
[root@mail ~]# links www.example.com
http://www.example.com/
hello,www.example.com
╔══════════════════════════════════════╗
║ ║
║ Do you really want to exit ELinks? ║
║ ║
║ [ Yes ] [ No ] ║
╚══════════════════════════════════════╝
OK [------]
[root@mail ~]# links chen.example.com
http://chen.example.com/
hello,chen.example.com
╔══════════════════════════════════════╗
║ ║
║ Do you really want to exit ELinks? ║
║ ║
║ [ Yes ] [ No ] ║
╚══════════════════════════════════════╝
OK [------]
[root@mail ~]# -------------selinux------------------^C
[root@mail ~]# getenforce
Permissive
[root@mail ~]# setenforce 1
[root@mail ~]# links chen.example.com
403 Forbidden
Forbidden
You don't have permission to access / on this server.
══════════════════════════════════════════════════════════════════════════
Apache/2.2.15
╔══════════════════════════════════════╗
║ ║
║ Do you really want to exit ELinks? ║
║ ║
║ [ Yes ] [ No ] ║
╚══════════════════════════════════════╝
OK [------]
[root@mail ~]# ls -Zd /myweb/ #myweb的上下文为default_t
drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 /myweb/
[root@mail ~]# ls -Zd /var/www/html/ #查看一下/var/www/html默认上下文
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html/
[root@mail ~]# chcon -t httpd_sys_content_t /myweb/ #将/myweb的上下文改为httpd_sys_content_t
[root@mail ~]# ls -Zd /myweb/
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 /myweb/
[root@mail ~]# chcon -t httpd_sys_content_t /myweb/index.html #里面的文件也要改
[root@mail ~]# chcon -t httpd_sys_content_t /www/
[root@mail ~]# chcon -t httpd_sys_content_t /www/index.html #修改完以后就可以正常访问了。太占空间,不贴了。。
[root@mail ~]# ----------------目录访问控制------------------^C
[root@mail ~]#
[root@mail ~]# vim /etc/httpd/conf/httpd.conf
[root@mail ~]# tail -20 /etc/httpd/conf/httpd.conf
NameVirtualHost 192.169.1.98:80
<VirtualHost 192.169.1.98:80>
DocumentRoot /myweb/
ServerName chen.example.com
<Directory "/myweb"> #对webRoot进行访问限制
Authname test #弹出对话框的名字,不重要
Authtype basic #验证类型,basic
Authuserfile /etc/httpd/.htaccess #可以访问的用户数据库文件
Require user user1 #授权用户user1可以访问,不一定要是本地用户
AllowOverride authconfig #启用认证
</Directory>
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>
<VirtualHost 192.169.1.98:80>
DocumentRoot /www/
ServerName www.example.com
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>
#添加user1到认证数据库,只有Require user和.htaccess同时有的用户才能访问
#-cm,c创建,m为md5加密
[root@mail ~]# htpasswd -cm /etc/httpd/.htaccess user1
New password:
Re-type new password:
Adding password for user user1
[root@mail ~]# cat /etc/httpd/.htaccess
user1:$apr1$17H953dp$Q8MMC4oHqYvBEO79l9Ohw.
[root@mail ~]# service httpd restart
停止 httpd: [确定]
正在启动 httpd: [确定]
在有认证时,elinks不太好使,下面是用浏览器访问的截图
数据用户名和密码后,就可以看到网页内容了。