一、Apache配置文件解释及更改
1、Apache配置文件解释
/etc/http/conf/httpd.conf ###Apache主配置文件
firewall-cmd --permanent --add-service=http ###火墙永久允许http
命令 | 含义 |
---|---|
/var/www/html | 默认发布目录 |
index.html | 默认发布文件 |
80 | 默认端口 |
/etc/http/logs/ | Apache日志 |
http_sys_content_t | 默认安全上下文 |
2、端口更改
先查看火墙设置,只有disabled时端口号才可以随意更改。
(1)、更改普通端口(eg:8080)
vim /etc/httpd/conf/httpd.conf ###Apache主配置文件
Listen 80改为8080
firewall-cmd --permanent --add-port=8080/tcp ###防火墙设置新增端口
firewall-cmd --reload ###重新加载
(2)、更改特殊端口(eg:6666)
semanage port -a -t http_port_t -p tcp 6666
systemctl restart httpd.service
firewall-cmd --permanent --add-port=6666/tcp
firewall-cmd --reload
3、更改默认发布目录
mkdir -p /westos/html ###新建目录设置为新的发布目录
vim /westos/html/index.html ###在新发布目录下写.html文件
semanage fcontext -a -t httpd_sys_content_t '/westos(/.*)?' ###修改安全上下文
restorecon -RvvF /westos/
vim /etc/httpd/conf/httpd.conf
120 DocumentRoot "/westos/html"
121 <Directory "/westos"> ###做目录授权
122 Require all granted
123 </Directory>
systemctl restart httpd.service
4、默认更改发布文件,可以指定多个,从第一个开始筛选
vim westos.html
vim /etc/httpd/conf/httpd.conf
170 DirectoryIndex westos.html index.html
systemctl restart httpd.service
二、一个Apache发布多个网站:设置多个虚拟主机
浏览器在哪就在哪里作解析
操作步骤:
cd /etc/httpd/conf.d/ ###子配置文件目录
vim vhost.conf ###编写一个.conf文件
systemctl restart httpd
mkdir -p /var/www/virtual/westos.org/{music,news}
vim /var/www/virtual/westos.org/music/index.html
vim /var/www/virtual/westos.org/news/index.html
vim /etc/hosts
172.25.254.104 www.westos.org news.westos.org music.westos.org
三、Apache的安全优化控制
1、指定固定人访问(指定ip访问)
vim vhost.conf
<Directory "/var/www/html"> ###允许172.25.254.4访问
Order deny,allow
Allow from 172.25.254.4
Deny from all
</Directory>
systemctl restart httpd
2、指定用户访问
htpasswd -cm .htpassfile admin ##在httpd下建立用户认证文件
htpasswd -m .htpassfile admin1 ###第二次建立用户要去掉c
vim /etc/httpd/conf.d/vhost.conf
systemctl restart httpd
四、Apache对perl、php、python如何执行
1、PHP
cd /var/www/html/
vim index.php
yum install php -y
systemctl restart httpd
2、perl—cgi(通用网关接口)
mkdir /var/www/html/cgi
ls -Zd /var/www/html/cgi
semanage fcontext -a -t httpd_sys_script_exec_t "/var/www/html/cgi(/.*)?" ###修改安全上下文,和/var/www/cgi-bin/一样
restorecon -FvvR /var/www/html/cgi/
vim /var/www/html/cgi/index.cgi ###编写cgi测试文件
chmod +x index.cgi
yum install httpd-manual -y
vim /etc/httpd/conf.d/vhost.conf ###子配置文件
systemctl restart httpd
3、python-wsgi
yum install mod_wsgi.x86_64 -y
cd /var/www/html
wget http://172.25.254.250/RHCEPACKAGES/materials/script.wsgi ###得到wsgi一个运行脚本
172.25.254.250/RHCEPACKAGES/matenals
chmod +x script.wsgi
vim /etc/httpd/conf.d/vhost.conf
WSGIScriptAlias /WSGI /var/www/html/script.wsgi
systemctl restart httpd
五、https的证书设定(加密方式访问)
(1)、访问
原系统不支持https的访问方式,下载插件mod_ssl
yum install mod_ssl -y ###下载插件
systemctl restart httpd.service
netstat -antlupe | grep httpd ###查看端口
firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --reload
(2)、生成自己的锁(自己做的签证)
yum install crypto-utils.x86_64 -y ###下载ssl证书签证工具
genkey www.westos.org
vim /etc/httpd/conf.d/ssl.conf
systemctl restart httpd.service
(3)、利用网页重写规则优化https的访问
指定走加密,没有指定走默认
vim /etc/httpd/conf.d/vhost.conf
vim /etc/httpd/conf.d/ssl.conf
mkdir /var/www/virtual/westos.org/login
vim /var/www/virtual/westos.org/login/index.html
vim /etc/hosts
systemctl restart httpd.service
直接默认让走443端口加密
vim /etc/httpd/conf.d/vhost.conf
<VirtualHost :80>
ServerName login.westos.org
RewriteEngine on
RewriteRule ^(/.)$ https://%{HTTP_HOST}$1
systemctl restart httpd.service
六、cdn加速(squid)-
1、正向代理
一台主机ping通百度
yum install squid -y
vim /etc/squid/squid.conf
systemctl restart squid
vim /etc/resolv.conf
cd /var/spool/squid
firewall-cmd --permanent --add-port=3128/tcp
firewall-cmd --reload
另一台ping不通的翻墙
直接firefox设置tool
2、反向代理
两台主机,一台设置网络让另一台能够访问
104(深圳):下载http编写index.html文件让能通过ip访问
204(西安):下载squid(中间服务器),谁上不了网谁装
vim /etc/squid/squid.comf
http_access allow all
http_port 80 vhost vport
cache_peer 172.25.254.204 parent 80 0 proxy-only
cache_dir ufs /var/spool/squid 100 16 256
systemctl restart squid
systemctl stop firewalld
七、squid可以做调动系统,做简单的轮询(分配网站服务器)
vim /etc/squid/squid.conf
http_port 80 vhost vport
cache_peer 172.25.254.203 parent 80 0 proxy-only round-robin originserver name=web1 weight=2
cache_peer 172.25.254.204 parent 80 0 proxy-only round-robin originserver name=web2 weight=1
cache_peer_domain www.westos.org web1 web2