Linux学习day8–Apache
一、安装
1、查看是否安装过httpd服务
rpm -qa |grep httpd*
2、通过yum源安装httpd服务
yum install httpd*
3、设置开机启动
systemctl enable httpd
4、相关配置文件
作用 | 文件名称 |
---|---|
服务目录 | /etc/httpd |
主配置文件 | /etc/httpd/conf/httpd.conf |
网站数据目录 | var/www/html |
访问日志 | /var/log/httpd/access_log |
错误日志 | /var/log/httpd/error_log |
5、主配置文件/etc/httpd/conf/httpd.conf
监听端口号
容器
网页存储的真实路径
只要是在conf.d目录下的任何以.conf结尾的文件都是主配置文件的一部分
做一个基于ServerName的网页:www.hahaha.com 需要DNS来解析该域名
1、修改/etc/hosts文件,让hosts来解析域名
vim /etc/hosts
2、修改主配置文件
vim /etc/httpd/conf/httpd.conf
3、创建网页
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
[root@localhost ~]# cd /var/www/html/
[root@localhost html]# echo "www.hahaha.com" > index.html
[root@localhost html]# cat index.html
www.hahaha.com
4、重启httpd服务
[root@localhost html]# systemctl restart httpd
5、检查配置文件是否有语法错误
[root@localhost html]# httpd -t
Syntax OK
6、查看网页
- 使用elinks查看,elinks可通过yum网络源安装
[root@localhost ~]# elinks www.hahaha.com
- 使用curl查看
[root@localhost html]# curl www.hahaha.com
www.hahaha.com
- 使用浏览器查看
基于用户主目录的网页
主配置文件:/etc/httpd/conf.d/userdir.conf
创建一个普通用户
[root@localhost conf.d]# useradd webtest
创建用户主目录及网页并重启服务
[root@localhost home]# useradd webuer
[root@localhost home]# ll
总用量 4
drwx------. 15 dd dd 4096 9月 20 18:36 dd
drwx------. 3 webuer webuer 78 9月 20 19:28 webuer
[root@localhost home]# mkdir -p webuer/webtest
[root@localhost home]# echo "this is a web" > webuer/webtest/index.html
[root@localhost home]# cat webuer/webtest/index.html
this a web
[root@localhost home]# systemctl restart httpd
给予对应的权限
[root@localhost home]# chmod -Rf 755 /home/webuer/
访问网页测试
[root@localhost home]# elinks http://192.168.10.10/~webuer
连接失败
查看此时selinux状态为开启,关闭selinux立刻可以访问
[root@localhost home]# getenforce
Enforcing
开启selinux进行排错
denied:拒绝
read:读
comm=“httpd” 描述与httpd有关的审计日志
name=“index.html” 访问的是index.html这个文件
scontext=: 源属性 (httpd_t)
tcontext=:目的属性(user_home_t)
上下文不匹配,调整目的属性和源属性一致
查看selinux属性:
[root@localhost home]# ll -Zd /var/www/html/
drwxr-xr-x. 2 root root system_u:object_r:httpd_sys_content_t:s0 6 2月 6 2019 /var/www/html/
[root@localhost home]# ll -Zd /home/webuer/webtest/
drwxr-xr-x. 2 root root unconfined_u:object_r:user_home_t:s0 24 9月 21 00:07 /home/webuer/webtest/
在主目录中添加一条selinux安全上下文,让这个目录及目录里面的文件能够被httpd服务程序访问到
[root@localhost home]# semanage fcontext -a -t httpd_sys_content_t /home/webuer/webtest
[root@localhost home]# semanage fcontext -a -t httpd_sys_content_t /home/webuer/webtest/*
[root@localhost home]# ll -Zd /home/webuer/webtest/
drwxr-xr-x. 2 root root unconfined_u:object_r:user_home_t:s0 24 9月 21 00:07 /home/webuer/webtest/
[root@localhost home]# restorecon -Rv /home/webuer/webtest/
Relabeled /home/webuer/webtest from unconfined_u:object_r:user_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0
Relabeled /home/webuer/webtest/index.html from unconfined_u:object_r:user_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0
重新访问网页测试
删除刚刚添加的两条selinux安全上下文,发现已经被禁止访问了
添加用户验证功能
[root@localhost conf.d]# htpasswd -c /etc/httpd/passwd webuser
New password:
Re-type new password:
Adding password for user webuser
[root@localhost conf.d]# vim /etc/httpd/conf.d/userdir.conf
31 <Directory "/home/*/webtest">
32 AllowOverride all
33 #刚刚生成出来的密码验证文件保存路径
34 authuserfile "/etc/httpd/passwd"
35 #当用户尝试访问个人用户网站时的提示信息
36 authname "this is a web"
37 authtype basic
38 #用户进行账户密码登录时需要验证的用户名称
39 require user webuser
40 </Directory>
[root@localhost conf.d]# systemctl restart httpd
虚拟主机功能
可以查看手册
1、分别在/home/wwwroot中创建用于保存不同网站数据的3个目录,并向其中分别写入网站的首页文件
[root@bogon yum.repos.d]# mkdir -p /home/wwwroot/10
[root@bogon yum.repos.d]# mkdir -p /home/wwwroot/20
[root@bogon yum.repos.d]# mkdir -p /home/wwwroot/30
[root@bogon yum.repos.d]# echo "IP:192.168.31.10" > /home/wwwroot/10/index.html
[root@bogon yum.repos.d]# echo "IP:192.168.31.20" > /home/wwwroot/20/index.html
[root@bogon yum.repos.d]# echo "IP:192.168.31.30" > /home/wwwroot/30/index.html
2、从httpd服务的配置文件中大约第132行处开始,分别追加写入3个基于IP地址的虚拟主机网站参数,然后保存并退出。然后重启httpd服务使其生效。
[root@bogon yum.repos.d]# vim /etc/httpd/conf/httpd.conf
133 <VirtualHost 192.168.31.10>
134 DocumentRoot /home/wwwroot/10
135 ServerName www.webtest.com
136 <Directory /home/wwwroot/10>
137 AllowOverride None
138 Require all granted
139 </Directory>
140 </VirtualHost>
141
142 <VirtualHost 192.168.31.20>
143 DocumentRoot /home/wwwroot/20
144 ServerName www.webtest.com
145 <Directory /home/wwwroot/20>
146 AllowOverride None
147 Require all granted
148 </Directory>
149 </VirtualHost>
150
151
152 <VirtualHost 192.168.31.30>
153 DocumentRoot /home/wwwroot/30
154 ServerName www.webtest.com
155 <Directory /home/wwwroot/30>
156 AllowOverride None
157 Require all granted
158 </Directory>
159 </VirtualHost>
[root@bogon yum.repos.d]# systemctl restart httpd
3、访问网页测试
4、修改selinux安全上下文权限
[root@bogon yum.repos.d]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot
[root@bogon yum.repos.d]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/10
[root@bogon yum.repos.d]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/10/*
[root@bogon yum.repos.d]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/20
[root@bogon yum.repos.d]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/20/*
[root@bogon yum.repos.d]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/30
[root@bogon yum.repos.d]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/30/*
[root@bogon yum.repos.d]# restorecon -Rv /home/wwwroot/
Relabeled /home/wwwroot from unconfined_u:object_r:user_home_dir_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0
Relabeled /home/wwwroot/10 from unconfined_u:object_r:user_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0
Relabeled /home/wwwroot/10/index.html from unconfined_u:object_r:user_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0
Relabeled /home/wwwroot/20 from unconfined_u:object_r:user_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0
Relabeled /home/wwwroot/20/index.html from unconfined_u:object_r:user_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0
Relabeled /home/wwwroot/30 from unconfined_u:object_r:user_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0
Relabeled /home/wwwroot/30/index.html from unconfined_u:object_r:user_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0
重新访问网页测试
[root@bogon yum.repos.d]# curl http://192.168.31.10
IP:192.168.31.10
[root@bogon yum.repos.d]# curl http://192.168.31.20
IP:192.168.31.20
[root@bogon yum.repos.d]# curl http://192.168.31.30
IP:192.168.31.30
基于主机域名
通过手册查看模板
1、手动定义IP地址与域名之间对应关系的配置文件,保存并退出后会立即生效。可以通过分别ping这些域名来验证域名是否已经成功解析为IP地址
[root@localhost ~]# vim /etc/hosts
1 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
2 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
3 192.168.31.10 www.test1.com www.test2.com www.test3.com
[root@localhost ~]# ping www.test1.com
PING www.test1.com (192.168.31.10) 56(84) bytes of data.
64 bytes from www.test1.com (192.168.31.10): icmp_seq=1 ttl=64 time=0.041 ms
^C
--- www.test1.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.041/0.041/0.041/0.000 ms
[root@localhost ~]# ping www.test2.com
PING www.test1.com (192.168.31.10) 56(84) bytes of data.
64 bytes from www.test1.com (192.168.31.10): icmp_seq=1 ttl=64 time=0.039 ms
64 bytes from www.test1.com (192.168.31.10): icmp_seq=2 ttl=64 time=0.076 ms
^C
--- www.test1.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 74ms
rtt min/avg/max/mdev = 0.039/0.057/0.076/0.020 ms
[root@localhost ~]# ping www.test3.com
PING www.test1.com (192.168.31.10) 56(84) bytes of data.
64 bytes from www.test1.com (192.168.31.10): icmp_seq=1 ttl=64 time=0.042 ms
64 bytes from www.test1.com (192.168.31.10): icmp_seq=2 ttl=64 time=0.066 ms
^C
--- www.test1.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 40ms
rtt min/avg/max/mdev = 0.042/0.054/0.066/0.012 ms
2、分别在/home/wwwroot中创建用于保存不同网站数据的3个目录,并向其中分别写入网站的首页文件。
[root@localhost ~]# mkdir -p /home/wwwroot/test1
[root@localhost ~]# mkdir -p /home/wwwroot/test2
[root@localhost ~]# mkdir -p /home/wwwroot/test3
[root@localhost ~]# echo "www.test1.com" > /home/wwwroot/test1/index.html
[root@localhost ~]# echo "www.test2.com" > /home/wwwroot/test2/index.html
[root@localhost ~]# echo "www.test3.com" > /home/wwwroot/test3/index.html
3、从httpd服务的配置文件中大约第132行处开始,分别追加写入3个基于主机名的虚拟主机网站参数,然后保存并退出。然后重启httpd服务使其生效。
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
133 <VirtualHost 192.168.31.10>
134 Documentroot /home/wwwroot/test1
135 ServerName www.test1.com
136 <Directory /home/wwwroot/test1>
137 AllowOverride None
138 Require all granted
139 </Directory>
140 </VirtualHost>
141 <VirtualHost 192.168.31.10>
142 Documentroot /home/wwwroot/test2
143 ServerName www.test2.com
144 <Directory /home/wwwroot/test2>
145 AllowOverride None
146 Require all granted
147 </Directory>
148 </VirtualHost>
149
150 <VirtualHost 192.168.31.10>
151 Documentroot /home/wwwroot/test3
152 ServerName www.test3.com
153 <Directory /home/wwwroot/test3>
154 AllowOverride None
155 Require all granted
156 </Directory>
157 </VirtualHost>
[root@localhost ~]# systemctl restart httpd
4、修改selinux安全上下文权限
[root@localhost ~]# ll -Zd /var/www/html/
drwxr-xr-x. 2 root root system_u:object_r:httpd_sys_content_t:s0 6 Feb 6 2019 /var/www/html/
[root@localhost ~]# ll -Zd /home/wwwroot/
drwxr-xr-x. 5 root root unconfined_u:object_r:user_home_dir_t:s0 45 Sep 22 19:10 /home/wwwroot/
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/test1
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/test1/*
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/test2
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/test2/*
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/test3
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/test3/*
[root@localhost ~]# restorecon -Rv /home/wwwroot/
Relabeled /home/wwwroot from unconfined_u:object_r:user_home_dir_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0
Relabeled /home/wwwroot/test1 from unconfined_u:object_r:user_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0
Relabeled /home/wwwroot/test1/index.html from unconfined_u:object_r:user_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0
Relabeled /home/wwwroot/test2 from unconfined_u:object_r:user_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0
Relabeled /home/wwwroot/test2/index.html from unconfined_u:object_r:user_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0
Relabeled /home/wwwroot/test3 from unconfined_u:object_r:user_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0
Relabeled /home/wwwroot/test3/index.html from unconfined_u:object_r:user_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0
5、访问网页测试
[root@localhost ~]# curl www.test1.com
www.test1.com
[root@localhost ~]# curl www.test2.com
www.test2.com
[root@localhost ~]# curl www.test3.com
www.test3.com
基于端口号
1、分别在/home/wwwroot中创建用于保存不同网站数据的3个目录,并向其中分别写入网站的首页文件。
[root@localhost ~]# mkdir -p /home/wwwroot/6111
[root@localhost ~]# mkdir -p /home/wwwroot/6222
[root@localhost ~]# mkdir -p /home/wwwroot/6333
[root@localhost ~]# echo "port:6111" > /home/wwwroot/6111/index.html
[root@localhost ~]# echo "port:6222" > /home/wwwroot/6222/index.html
[root@localhost ~]# echo "port:6333" > /home/wwwroot/6333/index.html
2、在httpd服务配置文件的第46行~48行分别添加用于监听6111、6222和6333端口的参数。
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
45 Listen 80
46 Listen 6111
47 Listen 6222
48 Listen 6333
138 <VirtualHost 192.168.31.10:6111>
139 DocumentRoot /home/wwwroot/6111
140 ServerName www.test6111.com
141 <Directory /home/wwwroot/6111>
142 AllowOverride None
143 Require all granted
144 </Directory>
145 </VirtualHost>
146
147 <VirtualHost 192.168.31.10:6222>
148 DocumentRoot /home/wwwroot/6222
149 ServerName www.test6222.com
150 <Directory /home/wwwroot/6222>
151 AllowOverride None
152 Require all granted
153 </Directory>
154 </VirtualHost>
155
156 <VirtualHost 192.168.31.10:6333>
157 DocumentRoot /home/wwwroot/6333
158 ServerName www.test6333.com
159 <Directory /home/wwwroot/6333>
160 AllowOverride None
161 Require all granted
162 </Directory>
163 </VirtualHost>
3、配置selinux安全上下文
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/6111
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/6111/*
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/6222
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/6222/*
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/6333
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/6333/*
[root@localhost ~]# restorecon -Rv /home/wwwroot/
4、重启httpd服务使其生效
[root@localhost ~]# systemctl restart httpd
Job for httpd.service failed because the control process exited with error code.
See "systemctl status httpd.service" and "journalctl -xe" for details.
[root@localhost ~]# journalctl -xe
-- Subject: Unit httpd.service has failed
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- Unit httpd.service has failed.
--
-- The result is RESULT.
Sep 22 22:16:19 localhost dbus-daemon[941]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Sep 22 22:16:23 localhost setroubleshoot[4255]: SELinux is preventing /usr/sbin/httpd from name_bind access on the tcp_so>
Sep 22 22:16:23 localhost platform-python[4255]: SELinux is preventing /usr/sbin/httpd from name_bind access on the tcp_s>
***** Plugin bind_ports (92.2 confidence) suggests ******************>
If you want to allow /usr/sbin/httpd to bind to network port 6111
Then you need to modify the port type.
Do
# semanage port -a -t PORT_TYPE -p tcp 6111
where PORT_TYPE is one of the following: http_cache_port_t, http_por>
***** Plugin catchall_boolean (7.83 confidence) suggests ************>
If you want to allow nis to enabled
Then you must tell SELinux about this by enabling the 'nis_enabled' bool>
Do
setsebool -P nis_enabled 1
***** Plugin catchall (1.41 confidence) suggests ********************>
If you believe that httpd should be allowed name_bind access on the port>
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'httpd' --raw | audit2allow -M my-httpd
# semodule -X 300 -i my-httpd.pp
lines 2858-2894/2894 (END)
-- Subject: Unit httpd.service has failed
根据提示可以通过semanage port -a -t PORT_TYPE -p tcp 端口来将需要放开的端口添加进去
5、查看当前允许的端口有哪些
[root@localhost ~]# semanage port -l |grep http
http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
http_cache_port_t udp 3130
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
6、将6111、6222、6333这三个端口添加进去
[root@localhost ~]# semanage port -a -t http_port_t -p tcp 6111
[root@localhost ~]# semanage port -a -t http_port_t -p tcp 6222
[root@localhost ~]# semanage port -a -t http_port_t -p tcp 6333
[root@localhost ~]# semanage port -l |grep http
http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
http_cache_port_t udp 3130
http_port_t tcp 6333, 6222, 6111, 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
[root@localhost ~]# systemctl restart httpd
7、访问网页测试
[root@localhost ~]# curl 192.168.31.10:6111
port:6111
[root@localhost ~]# curl 192.168.31.10:6222
port:6222
[root@localhost ~]# curl 192.168.31.10:6333
port:6333