1:Apache的作用
在web被访问时通常使用http://的方式
http:// ##超文本传输协议
http:// 超文本传输协议提供软件:
Apache
nginx
stgw
jfe
Tengine
[root@vg1 ~]# curl -I baidu.com
HTTP/1.1 200 OK
Date: Sun, 03 Jul 2022 02:04:18 GMT
Server: Apache
Last-Modified: Tue, 12 Jan 2010 13:48:00 GMT
ETag: "51-47cf7e6ee8400"
Accept-Ranges: bytes
Content-Length: 81
Cache-Control: max-age=86400
Expires: Mon, 04 Jul 2022 02:04:18 GMT
Connection: Keep-Alive
Content-Type: text/html
[root@vg1 ~]# curl -I 163.com
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 03 Jul 2022 02:05:21 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://www.163.com/
[root@vg1 ~]# curl -I taobao.com
HTTP/1.1 302 Found
Server: Tengine
Date: Sun, 03 Jul 2022 02:03:47 GMT
Content-Type: text/html
Content-Length: 258
Connection: keep-alive
Location: http://www.taobao.com/
2:Apache的安装
yum install httpd.x86_64 -y
3:Apache的启用
systemctl enable --now httpd ##开启服务并设定服务位开机启动
firewall-cmd --list-all ##查看火墙信息
firewall-cmd --permanent --add-service=http ##在火墙中永久开启http访问
firewall-cmd --permanent --add-service=https ##在火墙中永久开启https访问
firewall-cmd --reload ##刷新火墙使设定生效
[root@vg1 ~]# systemctl enable --now httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@vg1 ~]# firewall-cmd --permanent --add-service=http
success
[root@vg1 ~]# firewall-cmd --permanent --add-service=https
success
[root@vg1 ~]# firewall-cmd --reload
success
[root@vg1 ~]# cd /var/www/html/
[root@vg1 html]# ls
[root@vg1 html]# vim index.html
hello westos
~
~
~
~
4:Apache的基本信息
服务名称:httpd
配置文件:
/etc/httpd/conf/httpd.conf ##主配置文件
/etc/httpd/conf.d/*.conf ##子配置文件
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex directive, if file-based mutexes are used. If you wish to share the
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
#
ServerRoot "/etc/httpd"
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
Include conf.modules.d/*.conf
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
默认发布目录: /var/www/html
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/var/www/html"
#
# Relax access to content within /var/www.
#
默认发布文件: index.html
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
默认端口: 80 #http
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80
#
# Dynamic Shared Object (DSO) Support
用户: apache
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User apache
Group apache
# 'Main' server configuration
#
# Relax access to content within /var/www.
#
<Directory "/var/www">
AllowOverride None
# Allow open access:
Require all granted
</Directory>
日志: /etc/httpd/logs
[root@vg1 ~]# netstat -antlupe | grep httpd
tcp6 0 0 :::80 :::* LISTEN 0 34674 4140/httpd
[root@vg1 ~]# cd /etc/httpd
[root@vg1 httpd]# ls
conf conf.d conf.modules.d logs modules run
[root@vg1 httpd]# cd logs/
[root@vg1 logs]# ls
access_log error_log
[root@vg1 logs]# pwd
/etc/httpd/logs
5:Apache的基本配置
①Apache端口修改
vim /etc/httpd/conf/httpd.conf
Listen 8080
38 # Change this to Listen on specific IP addresses as shown below to
39 # prevent Apache from glomming onto all bound IP addresses.
40 #
41 #Listen 12.34.56.78:80
42 Listen 8080
43
44 #
45 # Dynamic Shared Object (DSO) Support
46 #
firewall-cmd --permanent --add-port=8080/tcp
firewall-cmd --reload
systemctl restart httpd
[root@vg1 logs]# vim /etc/httpd/conf/httpd.conf
[root@vg1 logs]# systemctl restart httpd
[root@vg1 logs]# firewall-cmd --permanent --add-port=8080/tcp
success
http://172.25.37.9:8080看到index.html的内容
②默认发布文件
vim /etc/httpd/conf/httpd.conf
160 # DirectoryIndex: sets the file that Apache will serve if a directory
161 # is requested.
162 #
163 <IfModule dir_module>
164 DirectoryIndex index.html
165 </IfModule>
166
systemctl restart httpd
6:Apache的访问控制
#实验素材#
mkdir /var/www/html/westos
vim /var/www/html/westos/index.html
写入:<h1>westosdir's page</h1>
[root@vg1 ~]# mkdir /var/www/html/westos
[root@vg1 ~]# vim /var/www/html/westos/index.html
<h1>westosdir's page</h1>
firefox http://192.168.0.11/westos
①基于客户端ip的访问控制#
vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/westos">
Order Deny,Allow
Allow from 172.25.37.5
Deny from All
</Directory>
129
130 <Directory "/var/www/html/westos">
131 Order Deny,Allow
132 Allow from 172.25.37.5
133 Deny from All
134 </Directory>
135
systemctl restart httpd
vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/westos">
Order Allow,Deny
Allow from All
Deny from 192.168.0.10
[root@vg1 ~]# vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/westos">
Order Deny,Allow
Allow from All
Deny from 172.25.37.5
</Directory>
systemctl restart httpd
②基于用户认证
vim /etc/httpd/conf/httpd.conf
[root@vg1 ~]# vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/westos">
AuthUserfile /etc/httpd/htpasswdfile ##指定认证文件
AuthName "Please input your name and password" ##认证提示语
AuthType basic ##认证类型
Require user admin ##允许通过的认证用户 2选1
# Require valid-user ##允许所有用户通过认证 2选1
</Directory>
htpasswd -cm /etc/httpd/htpasswdfile admin ##生成认证文件
[root@vg1 westos]# htpasswd -cm /etc/httpd/htpasswdfile admin
New password:
Re-type new password:
Adding password for user admin
[root@vg1 westos]# cat /etc/httpd/htpasswdfile
admin:$apr1$YZH86G3.$HUV.d3qspg17J51uGZNw6/
[root@vg1 westos]# htpasswd -m /etc/httpd/htpasswdfile lee
New password:
Re-type new password:
Adding password for user lee
[root@vg1 westos]# cat /etc/httpd/htpasswdfile
admin:$apr1$YZH86G3.$HUV.d3qspg17J51uGZNw6/
lee:$apr1$NWCmbrqa$6Zci8Rhxat2HYokHCmTmO.
注意: 当/etc/httpd/htpasswdfile存在那么在添加用户时不要加-c参数否则会覆盖源文件内容
7:Apache的虚拟主机
mkdir -p /var/www/westos.com/{news,wenku}
echo "wenku's page" >/var/www/westos.com/wenku/index.html
echo "news's page" > /var/www/westos.com/news/index.html
vim /etc/httpd/Vhost.conf
<VirtualHost _default_:80>
DocumentRoot "/var/www/html"
CustomLog logs/default.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName wenku.westos.com
DocumentRoot "/var/www/westos.com/wenku"
CustomLog logs/wenku.log combined
</VirtualHost>
<VirtualHost*:80>
ServerName news.westos.com
DocumentRoot "/var/www/westos.com/news"
CustomLog logs/news.log combined
</VirtualHost>
<VirtualHost *:80> *表示必须指定名字
ServerName wenku.westos.com ##服务名
DocumentRoot /var/www/westos.com/news ##文件发布目录
CustomLog logs/news.log combined ##所有日志结合起来
</VirtualHost>
测试:
在浏览器所在主机中
vim /etc/hosts
[root@vg1 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.37.9 www.westos.com wenku.westos.ocm news.westos.com
firefox http://www.westos.com
firefox http://wenku.westos.com
firefox http://news.westos.com
8:Apache的语言支持
#php#
vim /var/www/html/index.php
root@vg1 ~]# vim /var/www/html/index.php
<?php
phpinfo();
?>
yum install php -y
[root@vg1 ~]# yum install php -y
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Resolving Dependencies
--> Running transaction check
---> Package php.x86_64 0:5.4.16-46.el7 will be installed
--> Processing Dependency: php-common(x86-64) = 5.4.16-46.el7 for package: php-5.4.16-46.el7.x86_64
--> Processing Dependency: php-cli(x86-64) = 5.4.16-46.el7 for package: php-5.4.16-46.el7.x86_64
--> Running transaction check
---> Package php-cli.x86_64 0:5.4.16-46.el7 will be installed
---> Package php-common.x86_64 0:5.4.16-46.el7 will be installed
--> Processing Dependency: libzip.so.2()(64bit) for package: php-common-5.4.16-46.el7.x86_64
--> Running transaction check
---> Package libzip.x86_64 0:0.10.1-8.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===============================================================================
Package Arch Version Repository Size
===============================================================================
Installing:
php x86_64 5.4.16-46.el7 dvd 1.4 M
Installing for dependencies:
libzip x86_64 0.10.1-8.el7 dvd 49 k
php-cli x86_64 5.4.16-46.el7 dvd 2.7 M
php-common x86_64 5.4.16-46.el7 dvd 565 k
Transaction Summary
===============================================================================
Install 1 Package (+3 Dependent packages)
Total download size: 4.7 M
systemctl restart httpd
[root@vg1 ~]# systemctl restart httpd.service
[root@vg1 ~]# cd /etc/httpd/conf.d
[root@vg1 conf.d]# ls
autoindex.conf php.conf README userdir.conf welcome.conf
firefox http://192.168.0.11/index.php
#cgi#
mkdir /var/www/html/cgidir
vim /var/www/html/cgidir/index.cgi
[root@vg1 ~]# cd /var/www/html/
[root@vg1 heml]# mkdir cgidir
[root@vg1 heml]# cd cgidir
[root@vg1 cgidir]# vim index.cgi
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print `date`;
[root@vg1 cgidir]# chmod +x index.cgi
vim /etc/httpd/conf.d/vhost.conf
[root@vg1 cgidir]# vim /etc/httpd/conf.d/vhost.conf
<Directory "/var/www/html/cgidir">
Options +ExecCGI
AddHandler cgi-script.cgi
</Directory>
systemctl restart httpd
firefox http://192.168.0.11/cgidir/index.cgi
#wsgi#
yum install -y mod_wsgi.x86_64
[root@vg1 yum.repos.d]# yum install -y mod_wsgi.x86_64
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Resolving Dependencies
--> Running transaction check
---> Package mod_wsgi.x86_64 0:3.4-18.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
==================================================================================================================
Package Arch Version Repository Size
==================================================================================================================
Installing:
mod_wsgi x86_64 3.4-18.el7 dvd 77 k
Transaction Summary
==================================================================================================================
Install 1 Package
systemctl restart httpd
书写wsgi的测试文件
vim /var/www/html/wsgi/index.wsgi
[root@vg1 ~]# vim /var/www/html/wsgi/index.wsgi
def application(env, westos):
westos('200 ok',[('Content-Type', 'text/html')])
return [b'hello westos ahhahahahah!']
vim /etc/httpd/conf.d/vhost
<virtualHost *:80>
ServerName wsgi.westos.org
WSGIScriptAlias / /var/www/html/wsgi/index.wsgi
</VirtualHost>
systemctl restart httpd
[root@vg1 ~]# vim /etc/hosts
172.25.37.9 www.westos.com wenku.westos.ocm news.westos.com wsgi.westos.org login.westos.org
9:Apache的加密访问
##安装加密插件
yum install mod_ssl -y
[root@vg1 ~]# yum install mod_ssl -y
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Resolving Dependencies
--> Running transaction check
---> Package mod_ssl.x86_64 1:2.4.6-88.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
==========================================================================================
Package Arch Version Repository Size
==========================================================================================
Installing:
mod_ssl x86_64 1:2.4.6-88.el7 dvd 111 k
Transaction Summary
==========================================================================================
Install 1 Package
安装完之后有ssl.conf 文件生成
[root@vg1 ~]# cd /etc/httpd/conf.d
[root@vg1 conf.d]# ls
autoindex.conf php.conf README ssl.conf userdir.conf vhost vhost.conf welcome.conf
##生成证书
##command 1
openssl genrsa -out /etc/pki/tls/private/www.westos.com.key 2048 #生成私钥
openssl req -new -key /etc/pki/tls/private/www.westos.com.key \
-out /etc/pki/tls/certs/www.westos.com.csr ##生成证书签名文件
openssl x509 -req -days 365 -in \ /etc/pki/tls/certs/www.westos.com.csr \ -signkey /etc/pki/tls/private/www.westos.com.key \ -out /etc/pki/tls/certs/www.westos.com.crt #生成证书
[root@vg1 conf.d]# openssl genrsa -out /etc/pki/tls/private/www.westos.com.key 2048
Generating RSA private key, 2048 bit long modulus
..............................................+++
........+++
e is 65537 (0x10001)
[root@vg1 conf.d]# openssl req -new -key /etc/pki/tls/private/www.westos.com.key -out /etc/pki/tls/certs/www.westos.com.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:shannxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:www.westos.org
Email Address []:linux@westos.org
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
[root@vg1 conf.d]# openssl x509 -req -days 365 -in /etc/pki/tls/certs/www.westos.com.csr -signkey /etc/pki/tls/private/www.westos.com.key -out /etc/pki/tls/certs/www.westos.com.crt
Signature ok
subject=/C=XX/L=Default City/O=Default Company Ltd
Getting Private key
An optional company name []:
x509 证书格式
-req 请求
-in 加载签证名称
##command 2
openssl req -newkey rsa:2048 -nodes -sha256 -keyout /etc/httpd/westos.org.key \
-x509 -days 365 -out /etc/httpd/westos.org.crt
[root@vg1 ~]# openssl req -newkey rsa:2048 -nodes -sha256 -keyout /etc/httpd/westos.org.key -x509 -days 365 -out /etc/httpd/westos.org.crt
Generating a 2048 bit RSA private key
....................................+++
.........................................................+++
writing new private key to '/etc/httpd/westos.org.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:shannxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:www.westos.org
Email Address []:linux@westos.org
vim /etc/httpd/conf.d/vhost.conf
[root@vg1 ~]# vim /etc/httpd/conf.d/vhost.conf
<VirtualHost *:80>
ServerName login.westos.com
RewriteEngine on
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1
</VirtualHost>
<VirtualHost *:443>
ServerName login.westos.com
DocumentRoot "/www/westos.com/login"
CustomLog logs/login.log combined
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key
</VirtualHost>
systemctl restart httpd
^(/.*)$ ##客户地址栏中输入的地址
%{HTTP_HOST} ##客户主机
$1 ##RewriteRule后面跟的第一串字符的值
10:Squid+Apache
#squid 正向代理
# 实验环境:
单网卡主机设定ip不能上网,双网卡主机设定ip1可以连接单网卡主机,设定ip2可以上网
实验效果:让单网卡主机不能上网但浏览器可以访问互联网页
操作:
在双网卡主机中:
yum install squid -y
[root@vg1 ~]# yum install squid -y
Loaded plugins: product-id, search-disabled-repos, subscription-manager
Resolving Dependencies
--> Running transaction check
---> Package squid.x86_64 7:3.5.20-12.el7 will be installed
--> Processing Dependency: perl(DBI) for package: 7:squid-3.5.20-12.el7.x86_64
--> Processing Dependency: perl(Data::Dumper) for package: 7:squid-3.5.20-12.el7.x86_64
--> Processing Dependency: perl(Digest::MD5) for package: 7:squid-3.5.20-12.el7.x86_64
--> Processing Dependency: squid-migration-script for package: 7:squid-3.5.20-12.el7.x86_64
--> Processing Dependency: libecap.so.3()(64bit) for package: 7:squid-3.5.20-12.el7.x86_64
--> Processing Dependency: libltdl.so.7()(64bit) for package: 7:squid-3.5.20-12.el7.x86_64
--> Running transaction check
---> Package libecap.x86_64 0:1.0.0-1.el7 will be installed
---> Package libtool-ltdl.x86_64 0:2.4.2-22.el7_3 will be installed
---> Package perl-DBI.x86_64 0:1.627-4.el7 will be installed
--> Processing Dependency: perl(RPC::PlClient) >= 0.2000 for package: perl-DBI-1.627-4.el7.x86_64
--> Processing Dependency: perl(RPC::PlServer) >= 0.2001 for package: perl-DBI-1.627-4.el7.x86_64
---> Package perl-Data-Dumper.x86_64 0:2.145-3.el7 will be installed
---> Package perl-Digest-MD5.x86_64 0:2.52-3.el7 will be installed
--> Processing Dependency: perl(Digest::base) >= 1.00 for package: perl-Digest-MD5-2.52-3.el7.x86_64
---> Package squid-migration-script.x86_64 7:3.5.20-12.el7 will be installed
--> Running transaction check
---> Package perl-Digest.noarch 0:1.17-245.el7 will be installed
..........
vim /etc/squid/squid.conf
[root@vg1 ~]# vim /etc/squid/squid.conf
52 http_access allow localnet
53 http_access allow localhost
54
55 # And finally deny all other access to this proxy
56 http_access allow all
57
58 # Squid normally listens to port 3128
59 http_port 3128
60
61 # Uncomment and adjust the following to add a disk cache directory.
62 cache_dir ufs /var/spool/squid 100 16 256
systemctl restart squid
firewall-cmd --permanent --add-port=3128/tcp
firewall-cmd --reload
[root@vg1 ~]# systemctl restart squid
[root@vg1 ~]# firewall-cmd --permanent --add-port=3128/tcp
success
[root@vg1 ~]# firewall-cmd --reload
success
在单网卡专辑中选择
NetWork Proxy
172.25.254.30 3128
测试:
在单网卡主机中
ping www.baidu.com 不通
在浏览器中访问www.baidu.com可以
#squid反向代理#
实验环境:
172.25.254.73 ##Apache服务器
172.25.254.200 ##squid,没有数据负责缓存
在200主机上vim /etc/squid/squid.conf
http_port 80 vhost vport ##vhost 支持虚拟域名 vport 支持虚拟端口
cache_peer 172.25.254.73 parent 80 0 proxy-only#当172.25.254.30的80端口被访问会从172.25.254.20的80端口缓存数据
[root@vg1 ~]#vim /etc/squid/squid.conf
# And finally deny all other access to this proxy
http_access allow all
# Squid normally listens to port 3128
http_port 80 vhost vport
cache peer 172.25.254.73 parent 80 0 proxy-only
systemctl restart squid