1.Apache的作用
在web被访问时通常使用http://的方式
http:// ##超文本传输协议
超文本传输协议提供软件: Apache nginx
Apache:重量级,同步阻塞模式,稳定性高
nginx:轻量级,异步非阻塞模式,速度快
2.Apache的安装
dnf install httpd.x86_64 -y
3.Apache的启用
systemctl enable --now httpd ##开启服务并设定服务位开机启动
firewall-cmd --list-all ##查看火墙信息
firewall-cmd --get-sercives ##查看所有可添加服务
firewall-cmd --permanent --add-service=http ##在火墙中永久开启http访问
firewall-cmd --permanent --add-service=https ##在火墙中永久开启https访问
firewall-cmd --reload ##刷新火墙使设定生效
4.Apache的基本信息
服务名称: httpd.service
配置文件: /etc/httpd/conf/httpd.conf
##主配置文件
/etc/httpd/conf.d/*.conf
##子配置文件
rpm -qc httpd
默认发布目录: /var/www/html
默认发布文件: index.html
默认端口: 80 #http 443 #https
netstat -antlupe|grep http
ss -antlupe|grep http
默认安全上下文:httpd_sys_content_t
用户: apache
日志: /etc/httpd/logs
5.Apache的基本配置
1.Apache端口修改
vim /etc/httpd/conf/httpd.conf
Listen 6666
firewall-cmd --permanent --add-port=6666/tcp
firewall-cmd --reload
semanage port -l | grep http
semanage port -a -t http_port_t -p tcp 6666
systemctl restart httpd
2.默认发布文件
vim /etc/httpd/conf/httpd.conf
DirectoryIndex westos.html index.html systemctl restart httpd
3.默认发布目录
vim /etc/httpd/conf/httpd.conf
DocumentRoot "/westos/html"
<Directory "/westos/html">
Require all granted
</Directory>
semanage fcontext -a -t httpd_sys_content_t '/westos(/.*)?'
restorecon -RvvF /westos/
systemctl restart httpd
firefox http://192.168.0.11
6.Apache的访问控制
实验素材
# mkdir /var/www/html/westos
vim /var/www/html/westos/index.html <h1>westosdir's page</h1>
firefox http://192.168.0.11/westos
1.基于客户端ip的访问控制
ip白名单
<Directory "/var/www/html/westos">
Order Deny,Allow
Allow from 192.168.0.10
Deny from All
</Directory>
ip黑名单
<Directory "/var/www/html/westos">
Order Allow,Deny
Allow from All
Deny from 192.168.0.10
</Directory>
注意:按照order顺序读取,一般是先读取大范围,再读取小范围。
2.基于用户认证
vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/westos">
AuthUserfile /etc/httpd/htpasswdfile ##指定认证文件
AuthName "Please input your name and password" ##认证提示语
AuthType basic ##认证类型
Require user admin ##允许通过的认证用户 2选1
Require valid-user ##允许所有用户通过认证 2选 1
</Directory>
htpasswd -cm /etc/httpd/htpasswdfile admin
##生成认证文件
注意: 当/etc/httpd/htpasswdfile存在那么在添加用户时不要加-c参数否则会覆盖源文件内容
7.Apache的虚拟主机
意义:可以同时发布多个站点
1)建立发布站点目录及发布文件
mkdir -p /var/www/westos.com/{news,wenku}
echo "wenku's page" >/var/www/westos.com/wenku/index.html
echo "news's page" > /var/www/westos.com/news/index.html
echo "default's page" > /var/www/html/index.html
2)建立虚拟主机子配置文件(/etc/httpd/conf.d/vhost.conf)
vim /etc/httpd/Vhost.conf
<VirtualHost _default_:80> ##默认虚拟主机
DocumentRoot "/var/www/html"
CustomLog logs/default.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName wenku.westos.com
DocumentRoot "/var/www/westos.com/wenku"
CustomLog logs/wenku.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName news.westos.com
DocumentRoot "/var/www/westos.com/news"
CustomLog logs/news.log combined
</VirtualHost>
3)在浏览器所在主机中做本地解析
vim /etc/hosts
192.168.0.11 www.westos.com wenku.westos.ocm news.westos.com
测试: firefox http://www.westos.com
firefox http://wenku.westos.com
firefox http://news.westos.com
8.Apache的语言支持
#php#
vim /var/www/html/index.php
<?php phpinfo(); ?>
dnf install php -y
systemctl restart httpd
firefox http://192.168.0.11/index.php
#cgi#
建立发布文件
mkdir /var/www/html/cgidir
vim /var/www/html/cgidir/index.cgi
#!/usr/bin/per
l print "Content-type: text/html\n\n";
print `date`;
对发布目录作cgi编译
vim /etc/httpd/conf.d/vhost.conf
<Directory "/var/www/html/cgidir">
Options +ExecCGI
AddHandler cgi-script .cgi
</Directory>
测试: firefox http://192.168.0.11/cgidir/index.cgi
9.Apache的https加密访问
1)安装ssl网页加密工具
dnf install mod_ssl -y
firewall-cmd --add-port=443/tcp
firewall-cmd --add-service=https
firewall-cmd --reload
systemclt restart httpd
2)生成自己的证书文件
openssl genrsa -out /etc/pki/tls/private/www.westos.com.key 2048 #生成私钥
openssl req -new -key /etc/pki/tls/private/www.westos.com.key \ -out /etc/pki/tls/certs/www.westos.com.csr ##生成证书签名文
件
openssl x509 -req -days 365 -in \ /etc/pki/tls/certs/www.westos.com.csr \ -signkey /etc/pki/tls/private/www.westos.com.key \ -out /etc/pki/tls/certs/www.westos.com.crt #生成证书
-signkey /etc/pki/tls/private/www.westos.com.key
x509 证书格式 -req 请求 -in 加载签证名称
3)建立加密的443端口虚拟主机,并网页跳转强制加密
vim /etc/httpd/conf.d/vhost.conf
<VirtualHost *:80>
ServerName login.westos.com
RewriteEngine on
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1
</VirtualHost>
<VirtualHost *:443>
ServerName login.westos.com
DocumentRoot "/www/westos.com/login"
CustomLog logs/login.log combined
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key
</VirtualHost>
systemctl restart httpd
^(/.*)$ ##客户地址栏中输入的地址 %{HTTP_HOST} ##客户主机 $1 ##RewriteRule后面跟的第一串字符的值
10.Squid+Apache
#squid 正向代理#
实验环境: 单网卡主机设定ip不能上网 双网卡主机设定ip1可以连接单网卡主机,设定ip2可以上网
实验效果 让单网卡主机不能上网但浏览器可以访问互联网页
操作: 在双网卡主机中
dnf install squid -y
systemctl enable --now squid
vim /etc/squid/squid.conf
59 http_access allow all
65 cache_dir ufs /var/spool/squid 100 16 256
systemctl restart squid
firewall-cmd --permanent --add-port=3128/tcp
firewall-cmd --reload
在单网卡专辑中选择 NetWork Proxy 172.25.254.13 3128
测试: 在单网卡主机中 ping www.baidu.com 不通 在浏览器中访问www.baidu.com可以
#squid反向代理#
实验环境:
192.168.0.11 ##Apache服务器
192.168.0.12 ##squid,没有数据负责缓存
vim /etc/squid/squid.conf
http_port 80 vhost vport ##vhost 支持虚拟域名 vport 支持虚拟端口
#当192.168.0.12的80端口被访问会从192.168.0.11的80端口缓存数据
cache_peer 192.168.0.11 parent 80 0 proxy-only
systemctl restart squid
测试: firefox http://192.168.0.12 访问看到的时192.168.0.11上的数据