apache服务配置

一、安装服务

1、安装：

yum install httpd
yum install httpd-manual

2、测试：

http://172.25.254.100
http://172.25.254.100/manual

3、apache的基础信息

主配置目录：/etc/httpd/conf
主配置文件：/etc/httpd/conf/httpd.conf
子配置目录：/etc/httpd/conf.d
子配置文件：/etc/httpd/conf.d/*.conf
默认发布目录：/var/www/html
默认端口：80
默认安全上下文：httpd_sys_content_t
程序开启默认用户：apache
apache日志：/etc/httpd/logs/*

二、修改服务端口

semanage port -l | grep http 查看selinux中允许的端口

1、修改selinux中允许的端口

vim /etc/httpd/conf/httpd.conf
	Listen 8080
systemctl restart httpd
firewall-cmd --permanent --add-port=8080/tcp
firewall-cmd --reload

2、修改selinux中没有的端口

vim /etc/httpd/conf/httpd.conf
		Listen 8888
systemctl restart httpd
semanage port -l | grep http	查看端口
semanage port -a -t http_port_t -p tcp 8888 向selinux中添加端口
firewall-cmd --permanent --add-port=8888/tcp
firewall-cmd --reload

3、测试

http://172.25.254.100：8080
http://172.25.254.100：8888

三、apache访问控制策略

1、基于ip的访问控制

黑名单：不允许172.25.254.100访问

cd /etc/httpd/conf.d/
vim vhost.conf
	<VIrtualHost _default_:80>
		DocumentRoot "/var/www/html"
		CustomLog logs/default.log combined
	</VirtualHost>
	<Directory "/var/www/html">
		Order Allow,Deny
		Allow from All
		Deny from 172.25.254.100
	</Directory>

白名单：只允许172.25.254.100访问

cd /etc/httpd/conf.d/vhost.conf
	<VitualHost _default_:80>
		DocumnetRoot "var/www/html"
		CustomLog "logs/defauli.log" combined
	</VitualHost>
	<Directory "/var/www/html">
		Order Deny,Allow
		Deny from All
		Allow from 172.25.254.100
	</Directory>

2、基于用户的访问控制

cd /etc/httpd
	htpasswd -cm .apache_auth tom			添加一个认证用户
	htpasswd cm apache_auth harry			再添加一个用户到.apache_aut文件
<VirtualHost _default_:80>
    DocumentRoot "/var/www/html"
    CustomLog logs/default.log combined
</VirtualHost>
<Directory "/var/www/html">
	AuthUserFile /etc/httpd/.apache_auth
	AuthType basic
	AuthName "please input username and password;"
	Require user tom			允许一个用户访问
	Require user tom harry		允许部分用户访问
	Require valid-user			允许所有用户访问
</Directory>

四、apache支持的开发语言

1、html

配置：

vim /var/www/html/index.html
	<html>
		<body>thist is html!</body>
	</html>

测试：

vim /etc/httpd/conf/httpd.conf
	DirectoryIndex index.html	默认访问文件
http:172.25.254.118

2、php

配置：

yum install php			下载php
vim /var/www/html/index.php
	<?php
		echo 'this is php!';
	?>

测试:

vim /etc/httpd/conf/httpd.conf
	DirectoryIndex index.php	默认访问文件
http:172.25.254.118		

3、perl

配置：

1、mkdir /var/www/html/cgi  
2、vim /etc/httpd/conf.d/vhost.conf
	<VirtualHost _default_:80>
		DocumentRoot "/var/www/html/cgi"
		CustomLog "logs/default.log" combined
	</VirtualHost>
	<Directory "var/www/html/cgi">
		Options +ExecCGI
		AddHandler cgi-script.cgi
	</Directory>
3、cd /var/www/html/cgi
	vim index.cgi
		#!/usr/bin/perl
		print "Content-type: text/html";
		print `date`;
4、semanage fcontext -a -t httpd_sys_script_t '/var/www/html/cgi(/.*)?'
	restorecon -Rvvf /var/www/html/cgi
5、chmod +x index.cgi

测试：

vim /etc/httpd/conf/httpd.conf
	Direcrotyindex index.cgi
http://172.25.254.118

4、python

配置：

1、mkdir /var/www/cgi-bin
2、vim /var/www/cgi-bin/webapp.wsgi
	#!/usr/bin/env python
	import time
	def application (environ, start_response):
	response_body = 'UNIX EPOCH time is now: %s\n' % time.time()
	status = '200 OK'
	response_headers = [('Content-Type', 'text/plain'),
            		    ('Content-Length', '1'),
                  		('Content-Length', str(len(response_body)))]
 	start_response(status, response_headers)
	return [response_body]
3、  yum install mod_wsgi -y
4、 vim /etc/httpd/conf.d/vhost.conf
		<virtualHost *:80>
    		ServerName wsgi.westos.com
    		WSGIScriptAlias / /var/www/cgi-bin/webapp.wsgi
		</VirtualHost>

测试：

1、vim /etc/hosts
	172.25.254.118 wsgi.westos.com
2、wsgi.westos.com

五、虚拟主机

配置：

vim /etc/httpd/conf.d/vhost.conf
	<VirtualHost *:80>
		ServerName news.westos.com
		DocumentRoot /var/www/vhost/news
		CustomLog logs/news.log combined
	</VirtualHost>
	<Directory "/var/www/vhost/news">
			Require all granted
	</Directory>

测试：

vim  /etc/hosts
	172.25.254.118 news.westos.com
news.westos.com

六、https服务

配置：

1、yum install mod_ssl -y
2、yum install crypto-utils -y
	genkey apache_server.westos.com
	生成：
	    SSLCertificateFile ...crt
	    SSLCertificateKeyFile ...crt
3、vim /etc/httpd/conf.d/ssl.conf
		SSLCertificateFile 生成的代替.crt
		SSLCertificateKeyFile  生成的代替.key

测试：

https://172.25.254.118

七、网页重写

配置：

vim /etc/httpd/conf.d/vhost.conf
	<VirtualHost *:443>
		ServerName login.westos.com
		DocumentRoot /var/www/vhost/login
		CustomLog logs/login.log conbined
		SSLEngine on
		SSLCertificateFile ...crt
		SSLCertificateFile ...key
	</VirtualHost>
	<Directory>
		Require all granted
	</Directory>
	<VirtualHost *:80>
		ServerName login.westos.com
		RewriteEngine on
		RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
	</VirtualHost>

测试：

vim /etc/hosts
	172.25.254.118 login.westos.com