一、安装服务
1、安装:
yum install httpd
yum install httpd-manual
2、测试:
http://172.25.254.100
http://172.25.254.100/manual
3、apache的基础信息
主配置目录:/etc/httpd/conf
主配置文件:/etc/httpd/conf/httpd.conf
子配置目录:/etc/httpd/conf.d
子配置文件:/etc/httpd/conf.d/*.conf
默认发布目录:/var/www/html
默认端口:80
默认安全上下文:httpd_sys_content_t
程序开启默认用户:apache
apache日志:/etc/httpd/logs/*
二、修改服务端口
semanage port -l | grep http 查看selinux中允许的端口
1、修改selinux中允许的端口
vim /etc/httpd/conf/httpd.conf
Listen 8080
systemctl restart httpd
firewall-cmd --permanent --add-port=8080/tcp
firewall-cmd --reload
2、修改selinux中没有的端口
vim /etc/httpd/conf/httpd.conf
Listen 8888
systemctl restart httpd
semanage port -l | grep http 查看端口
semanage port -a -t http_port_t -p tcp 8888 向selinux中添加端口
firewall-cmd --permanent --add-port=8888/tcp
firewall-cmd --reload
3、测试
http://172.25.254.100:8080
http://172.25.254.100:8888
三、apache访问控制策略
1、基于ip的访问控制
黑名单:不允许172.25.254.100访问
cd /etc/httpd/conf.d/
vim vhost.conf
<VIrtualHost _default_:80>
DocumentRoot "/var/www/html"
CustomLog logs/default.log combined
</VirtualHost>
<Directory "/var/www/html">
Order Allow,Deny
Allow from All
Deny from 172.25.254.100
</Directory>
白名单:只允许172.25.254.100访问
cd /etc/httpd/conf.d/vhost.conf
<VitualHost _default_:80>
DocumnetRoot "var/www/html"
CustomLog "logs/defauli.log" combined
</VitualHost>
<Directory "/var/www/html">
Order Deny,Allow
Deny from All
Allow from 172.25.254.100
</Directory>
2、基于用户的访问控制
cd /etc/httpd
htpasswd -cm .apache_auth tom 添加一个认证用户
htpasswd cm apache_auth harry 再添加一个用户到.apache_aut文件
<VirtualHost _default_:80>
DocumentRoot "/var/www/html"
CustomLog logs/default.log combined
</VirtualHost>
<Directory "/var/www/html">
AuthUserFile /etc/httpd/.apache_auth
AuthType basic
AuthName "please input username and password;"
Require user tom 允许一个用户访问
Require user tom harry 允许部分用户访问
Require valid-user 允许所有用户访问
</Directory>
四、apache支持的开发语言
1、html
配置:
vim /var/www/html/index.html
<html>
<body>thist is html!</body>
</html>
测试:
vim /etc/httpd/conf/httpd.conf
DirectoryIndex index.html 默认访问文件
http:172.25.254.118
2、php
配置:
yum install php 下载php
vim /var/www/html/index.php
<?php
echo 'this is php!';
?>
测试:
vim /etc/httpd/conf/httpd.conf
DirectoryIndex index.php 默认访问文件
http:172.25.254.118
3、perl
配置:
1、mkdir /var/www/html/cgi
2、vim /etc/httpd/conf.d/vhost.conf
<VirtualHost _default_:80>
DocumentRoot "/var/www/html/cgi"
CustomLog "logs/default.log" combined
</VirtualHost>
<Directory "var/www/html/cgi">
Options +ExecCGI
AddHandler cgi-script.cgi
</Directory>
3、cd /var/www/html/cgi
vim index.cgi
#!/usr/bin/perl
print "Content-type: text/html";
print `date`;
4、semanage fcontext -a -t httpd_sys_script_t '/var/www/html/cgi(/.*)?'
restorecon -Rvvf /var/www/html/cgi
5、chmod +x index.cgi
测试:
vim /etc/httpd/conf/httpd.conf
Direcrotyindex index.cgi
http://172.25.254.118
4、python
配置:
1、mkdir /var/www/cgi-bin
2、vim /var/www/cgi-bin/webapp.wsgi
#!/usr/bin/env python
import time
def application (environ, start_response):
response_body = 'UNIX EPOCH time is now: %s\n' % time.time()
status = '200 OK'
response_headers = [('Content-Type', 'text/plain'),
('Content-Length', '1'),
('Content-Length', str(len(response_body)))]
start_response(status, response_headers)
return [response_body]
3、 yum install mod_wsgi -y
4、 vim /etc/httpd/conf.d/vhost.conf
<virtualHost *:80>
ServerName wsgi.westos.com
WSGIScriptAlias / /var/www/cgi-bin/webapp.wsgi
</VirtualHost>
测试:
1、vim /etc/hosts
172.25.254.118 wsgi.westos.com
2、wsgi.westos.com
五、虚拟主机
配置:
vim /etc/httpd/conf.d/vhost.conf
<VirtualHost *:80>
ServerName news.westos.com
DocumentRoot /var/www/vhost/news
CustomLog logs/news.log combined
</VirtualHost>
<Directory "/var/www/vhost/news">
Require all granted
</Directory>
测试:
vim /etc/hosts
172.25.254.118 news.westos.com
news.westos.com
六、https服务
配置:
1、yum install mod_ssl -y
2、yum install crypto-utils -y
genkey apache_server.westos.com
生成:
SSLCertificateFile ...crt
SSLCertificateKeyFile ...crt
3、vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile 生成的代替.crt
SSLCertificateKeyFile 生成的代替.key
测试:
https://172.25.254.118
七、网页重写
配置:
vim /etc/httpd/conf.d/vhost.conf
<VirtualHost *:443>
ServerName login.westos.com
DocumentRoot /var/www/vhost/login
CustomLog logs/login.log conbined
SSLEngine on
SSLCertificateFile ...crt
SSLCertificateFile ...key
</VirtualHost>
<Directory>
Require all granted
</Directory>
<VirtualHost *:80>
ServerName login.westos.com
RewriteEngine on
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
</VirtualHost>
测试:
vim /etc/hosts
172.25.254.118 login.westos.com