Apache安装
-
Step 1 创建运行时用户和组
$ groupadd www $ useradd -g www www -s /sbin/nologin -M
-
Step 2 安装工具集和依赖
$ yum install -y wget $ wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo $ yum install -y gcc wget make libtool expat-devel pcre-devel openssl-devel libxml2-devel
-
Step 3 安装apr
$ cd ~ $ wget http://10.0.16.133/src/x86_64/apr/apr-1.6.5.tar.gz $ tar -zxvf apr-1.6.5.tar.gz $ cd apr-1.6.5 $ sed -i s/"RM='\$RM'"/"RM='\$RM -f'"/ configure $ ./configure --prefix=/usr/local/apr $ make $ make install
-
Step 4 安装apr-util
$ cd ~ $ wget http://10.0.16.133/src/x86_64/apr/apr-util-1.6.1.tar.gz $ tar -zxvf apr-util-1.6.1.tar.gz $ cd apr-util-1.6.1 $ ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr $ make $ make install
-
Step 5 安装httpd
$ cd ~ $ wget http://10.0.16.133/src/x86_64/httpd/httpd-2.4.43.tar.gz $ tar -zxvf httpd-2.4.43.tar.gz $ cd httpd-2.4.43 $ ./configure --prefix=/usr/local/apache \ --with-apr=/usr/local/apr \ --with-apr-util=/usr/local/apr-util \ --enable-so \ --enable-ssl \ --enable-cgi \ --enable-rewrite \ --with-pcre \ --with-zlib \ --with-mpm=event \ --enable-modules=most \ --enable-mpms-shared=all $ make $ make install
-
Step 6 创建日志存放目录
$ mkdir -pv /data/logs/apache $ chown -R www:www /data/logs/apache
-
Step 7 创建Apache主配置文件
$ mv /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/http.conf.default $ mkdir -p /usr/local/apache/conf/vhost $ cat >/usr/local/apache/conf/httpd.conf <<EOF Listen 0.0.0.0:80 ServerRoot /usr/local/apache # 加载模块 LoadModule authn_file_module modules/mod_authn_file.so LoadModule mpm_prefork_module modules/mod_mpm_prefork.so LoadModule authn_core_module modules/mod_authn_core.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_user_module modules/mod_authz_user.so LoadModule authz_core_module modules/mod_authz_core.so LoadModule access_compat_module modules/mod_access_compat.so LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule reqtimeout_module modules/mod_reqtimeout.so LoadModule filter_module modules/mod_filter.so LoadModule mime_module modules/mod_mime.so LoadModule log_config_module modules/mod_log_config.so LoadModule logio_module modules/mod_logio.so LoadModule env_module modules/mod_env.so LoadModule headers_module modules/mod_headers.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule version_module modules/mod_version.so LoadModule ssl_module modules/mod_ssl.so LoadModule unixd_module modules/mod_unixd.so LoadModule status_module modules/mod_status.so LoadModule autoindex_module modules/mod_autoindex.so <IfModule !mpm_prefork_module> LoadModule cgid_module modules/mod_cgid.so </IfModule> <IfModule mpm_prefork_module> LoadModule cgi_module modules/mod_cgi.so </IfModule> LoadModule vhost_alias_module modules/mod_vhost_alias.so LoadModule dir_module modules/mod_dir.so LoadModule alias_module modules/mod_alias.so LoadModule rewrite_module modules/mod_rewrite.so ServerAdmin admin@feisu.com ServerName localhost ############### # 日志格式定义# ############### <IfModule log_config_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module> LogFormat "{\"server_ip\": \"%A\",\"client_ip\": \"%a\",\"@timestamp\": \"%{%Y-%m-%dT%H:%M:%S%z}t\",\"server_name\": \"%v\",\"mehtod\": \"%m\",\"request\": \"%U%q\", \"url\": \"%U\",\"query\": \"%q\",\"status\": \"%>s\",\"user_agent\": \"%{User-agent}i\",\"referer\": \"%{Referer}i\",\"response_time\": \"%D\",\"x_forward_for\": \"%{X-Forwarded-For}i\",\"send_bytes\": \"%I\",\"recv_bytes\": \"%O\"}" json </IfModule> </IfModule> ErrorLog /data/logs/apache/error.log CustomLog /data/logs/apache/access.log json LogLevel warn ############### # Mime类型加载# ############### <IfModule mime_module> TypesConfig conf/mime.types AddType application/x-gzip .tgz AddEncoding x-compress .Z AddEncoding x-gzip .gz .tgz AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType text/html .shtml AddOutputFilter INCLUDES .shtml AddType application/x-httpd-php .php </IfModule> ############### # 全局安全规则# ############### # 禁止通过web访问.htaccess <Files ".ht*"> Require all denied </Files> # 隐藏Apache版本号 ServerTokens ProductOnly ServerSignature Off # 开启同源策略限制,只允许同域名访问 <IfModule headers_module> Header always append X-Frame-Options SAMEORIGIN </IfModule> # 禁止.ssh访问 <LocationMatch "\.ssh"> Order allow,deny Deny from all </LocationMatch> # 禁止.git访问 <LocationMatch "\.git"> Order allow,deny Deny from all </LocationMatch> # 限制Apache运行时用户 <IfModule unixd_module> User www Group www </IfModule> ########### # 虚拟主机# ########### Include conf/vhost/*.conf EOF
-
Step 8 创建默认虚拟主机
$ mkdir -pv /data/wwwroot/default $ echo "hello world" > /data/wwwroot/default/index.html $ cat >/usr/local/apache/conf/vhost/0.conf <<EOF <VirtualHost *:80> DocumentRoot /data/wwwroot/default ServerName localhost DirectoryIndex index.html </VirtualHost> EOF
-
Step 9 添加系统服务
$ cat > /usr/lib/systemd/system/httpd.service << _EOF [Unit] Description=The Apache HTTP Server After=network.target remote-fs.target nss-lookup.target [Service] Type=forking ExecStartPre=/usr/local/apache/bin/httpd -t ExecStart=/usr/local/apache/bin/httpd -k start ExecReload=/usr/local/apache/bin/httpd -k graceful ExecStop=/usr/local/apach/bin/httpd -k stop KillSignal=SIGKILL PrivateTmp=true [Install] WantedBy=multi-user.target _EOF $ systemctl daemon-reload
-
Step 10 启动服务并添加到开机自启动
$ systemctl start httpd $ systemctl enable httpd
-
Step 11 添加日志切割脚本
$ cat > /etc/logrotate.d/httpd << _EOF /data/logs/apache/*.log { daily rotate 15 compress nodelaycompress ifempty dateext missingok postrotate [ -e /usr/local/apache/bin/httpd ] && /usr/local/apache/bin/httpd -k graceful &>/dev/null endscript } _EOF
验证
$curl http://localhosthello world
配置文件详解
配置文件详解文件位置:/etc/httpd/conf/httpd.conf
ServerRoot "/etc/httpd" //服务器的根路径,改文件中所有涉及到的路径的根都是相对它而言的。 Listen 80 //监听的端口 Include conf.modules.d/*.conf //包含辅助配置文件目录下的所有以.conf结尾的;;;文件(/etc/httpd/conf.modules.d/*.conf) User apache //运行web服务的用户 Group apache ServerAdmin root@localhost //管理员邮件地址 #ServerName www.example.com:80 //服务器的名字 ServerName www.uplooking.com:80 <Directory /> ---容器,对整个目录中的东西进行设置,权限等等 AllowOverride none Require all denied </Directory> DocumentRoot "/var/www/html" //web服务文档根路径 <Directory "/var/www"> AllowOverride None # Allow open access: Require all granted </Directory> <Directory "/var/www/html"> Options Indexes FollowSymLinks //Indexes:索引目录,(默认没有主页时),允许索引目录 FollowSymLinks:支持符号链接 软连接 AllowOverride None //和访问权限有关 可以进行认证 None --不使用认证 all--应用所有的认证指令 AuthConfig --允许使用与认证授权相关的指令 Require all granted //访问控制 所有人方行 </Directory> <IfModule dir_module> DirectoryIndex index.html //网站索引页的名称 </IfModule> <Files ".ht*"> //以所有.ht开头进行模式匹配不能进行访问 Require all denied </Files> ErrorLog "logs/error_log" //错误日志的设定 LogLevel warn //日志级别 <IfModule log_config_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined //日志格式规定 LogFormat "%h %l %u %t \"%r\" %>s %b" common //日志格式规定 <IfModule logio_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio //日志格式规定 </IfModule> CustomLog "logs/access_log" combined //访问日志 </IfModule> <IfModule alias_module> # Alias /webpath /full/filesystem/path //给路径设置别名 意味着访问http://Server_ip/webpath时,其页面文件来自于/full/filesystem/path中 ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" //脚本路径的别名 </IfModule> <Directory "/var/www/cgi-bin"> AllowOverride None Options None Require all granted </Directory> <IfModule mime_module> TypesConfig /etc/mime.types //支持哪些非二进制文件 AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType text/html .shtml AddOutputFilter INCLUDES .shtml </IfModule> AddDefaultCharset UTF-8 //默认字符集 #EnableMMAP off //线程模式 EnableSendfile on //开启进程模式(默认) IncludeOptional conf.d/*.conf //包含辅助配置文件目录下的所有以.conf结尾的文件(/etc/httpd/conf.d/*.conf)
为了帮助大家更好的学习网络安全,我给大家准备了一份网络安全入门/进阶学习资料,里面的内容都是适合零基础小白的笔记和资料,不懂编程也能听懂、看懂这些资料!
因篇幅有限,仅展示部分资料,需要点击下方链接即可前往获取
CSDN大礼包:《黑客&网络安全入门&进阶学习资源包》免费分享
因篇幅有限,仅展示部分资料,需要点击下方链接即可前往获取