Apache
Apache是世界上使用排名第一的Web服务器软件,它可以运行在所有广泛使用的计算机平台上,由于其跨平台和安全性被广泛使用,是最流行的Web服务器端软件之一。
一、Apache的前期准备
[root@localhost ~]# yum install httpd -y
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# netstat -antlupe | grep 80
tcp6 0 0 :::80 :::* LISTEN 0 36254 2133/httpd
[root@localhost ~]# netstat -antlupe | grep httpd
tcp6 0 0 :::80 :::* LISTEN 0 36254 2133/httpd
[root@localhost ~]# cd /var/www/html/ ##目录/var/www/html是默认访问目录
[root@localhost html]# systemctl stop firewalld
[root@localhost html]# vim index.html ##index.html文件是默认访问文件
[root@localhost html]# cat index.html
<h1>/var/www/html/index's page<h1> ##<h1>内容<h1> 这是html的写法,表示的格式是标题一
[root@localhost html]# vim tutu.html ##tutu.html不是默认访问文件,所以在访问时,需访问http://ip/tutu.html
[root@localhost html]# cat tutu.html
<h1>/var/www/html/tutu's page<h1>
[root@localhost html]#
浏览器查看——http://172.25.254.127/
浏览器查看——http://172.25.254.127/tutu.html
二、Apache的基本配置
1、协议端口的修改
[root@localhost html]# vim /etc/httpd/conf/httpd.conf ##httpd的配置文件
Listen 80 ——> Listen 8080 ##修改第42行
[root@localhost html]# systemctl restart httpd
[root@localhost html]# netstat -antlupe | grep httpd
tcp6 0 0 :::8080 :::* LISTEN 0 110156 9396/httpd
浏览器访问——http://172.25.254.127
[root@localhost html]# vim /etc/httpd/conf/httpd.conf
Listen 8080 ——> Listen 80 ##修改第42行
[root@localhost html]# systemctl restart httpd
[root@localhost html]# netstat -antlupe | grep httpd
tcp6 0 0 :::80 :::* LISTEN 0 111224 9449/httpd
浏览器访问——http://172.25.254.127
2、默认访问目录、文件的设置
[root@localhost html]# pwd
/var/www/html
[root@localhost html]# mkdir /westos/html -p
[root@localhost html]# cd /westos/html/
[root@localhost html]# pwd
/westos/html
[root@localhost html]# vim index.html
[root@localhost html]# cat index.html
<h1>/westos/html/index's page</h1>
浏览器访问——http://172.25.254.127
[root@localhost html]# vim /etc/httpd/conf/httpd.conf ##注释掉第119行,添加120——123行内容如下
119 #DocumentRoot "/var/www/html"
120 DocumentRoot "/westos/html"
121 <Directory "/westos">
122 require all granted
123 </Directory>
[root@localhost html]# systemctl restart httpd
浏览器访问——http://172.25.254.127(默认目录)
[root@localhost html]# ls
index.html
[root@localhost html]# vim test.html
[root@localhost html]# cat test.html
<h1>/westos/html/test's page</h1>
[root@localhost html]# vim /etc/httpd/conf/httpd.conf ##添加第123行,设置默认访问文件为test.html
120 DocumentRoot "/westos/html"
121 <Directory "/westos">
122 require all granted
123 DirectoryIndex test.html
124 </Directory>
[root@localhost html]# systemctl restart httpd
浏览器访问——http://172.25.254.127(默认文件)
[root@localhost html]# pwd
/westos/html
[root@localhost html]# ls
index.html test.html
[root@localhost html]# mkdir linux
[root@localhost html]# cd linux/
[root@localhost linux]# vim index.html
[root@localhost linux]# cat index.html
<h1>/westos/html/linux/index's page<h1>
[root@localhost linux]# vim test.html
[root@localhost linux]# cat test.html
<h1>/westos/html/linux/test's page<h1>
浏览器访问——http://172.25.254.127/linux
[root@localhost linux]# vim /etc/httpd/conf/httpd.conf ##添加121——123行,使得访问linux目录时,默认文件是index.html
120 DocumentRoot "/westos/html"
121 <Directory "/westos/html/linux">
122 DirectoryIndex index.html
123 </Directory>
124 <Directory "/westos">
125 require all granted
126 DirectoryIndex test.html
127 </Directory>
[root@localhost linux]# systemctl restart httpd
3、基于ip的身份认证
[root@localhost html]# vim /etc/httpd/conf/httpd.conf ##恢复原配置,即删除120——127行或者注释掉,这里是删除了
[root@localhost html]# systemctl restart httpd
[root@localhost html]# pwd
/westos/html
[root@localhost html]# cd /var/www/html/
[root@localhost html]# ls
index.html tutu.html
[root@localhost html]# mkdir westos
[root@localhost html]# ls
index.html tutu.html westos
[root@localhost html]# cd westos/
[root@localhost westos]# ls
[root@localhost westos]# vim index.html
[root@localhost westos]# cat index.html
<h1>/var/www/html/westos/index's page</h1>
[root@localhost westos]# vim /etc/httpd/conf/httpd.conf
##添加第120——124行,相当于黑名单
##效果:除了ip为172.25.254.50的不能访问外,其他ip都可以访问
119 DocumentRoot "/var/www/html"
120 <Directory "/var/www/html/westos">
121 Order Allow,Deny ##先读Allow,再读Deny
122 Allow from All ##允许所有ip访问
123 Deny from 172.25.254.50 ##禁止172.25.254.50访问
124 </Directory>
[root@localhost westos]# systemctl restart httpd
ip为172.25.254.127的主机进行访问
ip为172.25.254.50的主机进行访问
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
##修改第120——125行,相当于白名单
##效果:除了ip为172.25.254.50的不能访问外,其他ip都可以访问
119 DocumentRoot "/var/www/html"
120 #DocumentRoot "/westos/html"
121 <Directory "/var/www/html/westos">
122 Order Deny,Allow ##先读Deny,再读Allow
123 Allow from 172.25.254.27 ##允许172.25.254.50访问
124 Deny from All ##禁止所有ip访问
125 </Directory>
[root@localhost ~]# systemctl restart httpd
ip为172.25.254.127的主机进行访问
ip为172.25.254.50的主机进行访问
4、基于用户的身份认证
[root@localhost westos]# cd /etc/httpd/
[root@localhost httpd]# ls
conf conf.d conf.modules.d logs modules run
[root@localhost httpd]# htpasswd -cm apacheuser admin
##htpasswd [-cimBdpsDv] [-C cost] passwordfile username
##-c Create a new file.
##-m Force MD5 encryption of the password (default).
##添加第二个用户时,不要加上“-c”
New password:
Re-type new password:
Adding password for user admin
[root@localhost httpd]# cat apacheuser
admin:$apr1$.g7wvziV$0TpPETAiCBx5Gzfh5n50G/
[root@localhost httpd]# htpasswd -cm apacheuser tom
New password:
Re-type new password:
Adding password for user tom
[root@localhost httpd]# cat apacheuser
tom:$apr1$2faTciFK$iHsm6EAb1.SHdkHFL5ur6.
[root@localhost httpd]# htpasswd -m apacheuser admin
New password:
Re-type new password:
Adding password for user admin
[root@localhost httpd]# cat apacheuser
tom:$apr1$2faTciFK$iHsm6EAb1.SHdkHFL5ur6.
admin:$apr1$AbU8gYqU$KluSOrkvCLjvSj3QwfRIq/
[root@localhost httpd]# vim /etc/httpd/conf/httpd.conf
##效果:允许/etc/httpd/apacheuser中的用户admin输入密码访问,不允许/etc/httpd/apacheuser中的其他用户访问
119 DocumentRoot "/var/www/html"
120 <Directory "/var/www/html/westos">
121 AuthUserFile /etc/httpd/apacheuser
122 AuthName "Please input user and password !!"
123 AuthType basic
124 Require user admin
125 </Directory>
[root@localhost httpd]# systemctl restart httpd
- 登陆成功后
- 因为只允许用户admin登陆,所以用户tom登陆时,不能成功,会再次回到登陆页面
[root@localhost httpd]# vim /etc/httpd/conf/httpd.conf
##效果:允许/etc/httpd/apacheuser中的所有用户输入密码访问(此处就不再进行浏览器访问测试了,这就留给你吧,^_^)
119 DocumentRoot "/var/www/html"
120 <Directory "/var/www/html/westos">
121 AuthUserFile /etc/httpd/apacheuser
122 AuthName "Please input user and password !!"
123 AuthType basic
124 # Require user admin ##注释掉
125 Require valid-user
126 </Directory>
[root@localhost httpd]# systemctl restart httpd
三、关于节点设置以及HTTPS加密的设置
1、Apache——一台主机设置多个节点
测试主机设置(使用浏览器进行访问的主机)
[root@foundation50 Desktop]# vim /etc/hosts
172.25.254.127 www.westos.com news.westos.com music.westos.com login.westos.com
[root@foundation50 Desktop]#
Apache主机设置
[root@localhost httpd]# pwd
/etc/httpd
[root@localhost httpd]# ls
apacheuser conf conf.d conf.modules.d logs modules run
[root@localhost httpd]# cd conf.d/
[root@localhost conf.d]# ls
autoindex.conf README userdir.conf welcome.conf
[root@localhost conf.d]# vim default.conf
[root@localhost conf.d]# cat default.conf
<VirtualHost _default_:80>
DocumentRoot /var/www/html
CustomLog "logs/default.log" combined
</VirtualHost>
[root@localhost conf.d]# mkdir /var/www/virtual/westos.com/news -p
[root@localhost conf.d]# mkdir /var/www/virtual/westos.com/music -p
[root@localhost conf.d]# vim /var/www/virtual/westos.com/news/index.html
[root@localhost conf.d]# cat /var/www/virtual/westos.com/news/index.html
<h1>/var/www/virtual/westos.com/news/index's page<h1>
[root@localhost conf.d]# vim /var/www/virtual/westos.com/music/index.html
[root@localhost conf.d]# cat /var/www/virtual/westos.com/music/index.html
<h1>/var/www/virtual/westos.com/music/index's page<h1>
[root@localhost conf.d]# vim news.conf
[root@localhost conf.d]# cat news.conf
<VirtualHost *:80>
ServerName news.westos.com
DocumentRoot "/var/www/virtual/westos.com/news/"
CustomLog "logs/default.log" combined
</VirtualHost>
<Directory "/var/www/virtual/westos.com/news/">
Require all granted
</Directory>
[root@localhost conf.d]# cp news.conf music.conf
[root@localhost conf.d]# vim music.conf
[root@localhost conf.d]# cat music.conf
<VirtualHost *:80>
ServerName music.westos.com
DocumentRoot "/var/www/virtual/westos.com/music/"
CustomLog "logs/default.log" combined
</VirtualHost>
<Directory "/var/www/virtual/westos.com/music/">
Require all granted
</Directory>
[root@localhost conf.d]# systemctl restart httpd
访问——www.westos.com
访问——news.westos.com
访问——music.westos.com
2、HTTPS配置
[root@localhost ~]# yum install mod_ssl -y
[root@localhost ~]# cd /etc/httpd/conf.d/
[root@localhost conf.d]# ls /etc/httpd/conf.d/
autoindex.conf music.conf README userdir.conf
default.conf news.conf ssl.conf welcome.conf
[root@localhost conf.d]# systemctl restart httpd
##访问https://www.westos.com,下载证书,但是证书不是自己的信息,如下图
[root@localhost conf.d]# yum install crypto-utils -y
[root@localhost conf.d]# genkey www.westos.com
##操作见下图
output will be written to /etc/pki/tls/certs/www.westos.com.crt
output key written to /etc/pki/tls/private/www.westos.com.key
##上面这张图加载时,需要在输入字符(随意输入),不然无法完成加载
[root@localhost conf.d]# vim ssl.conf
101 SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
108 SSLCertificateFile /etc/pki/tls/private/www.westos.com.key
[root@localhost conf.d]# systemctl restart httpd
##访问https://www.westos.com,下载证书,现在证书才是自己的信息
##每次访问HTTPS时,都必须访问https://域名
3、输入域名跳转,自动成为HTTPS
[root@localhost conf.d]# ls
autoindex.conf music.conf README tmprequest welcome.conf
default.conf news.conf ssl.conf userdir.conf
[root@localhost conf.d]# vim login.conf
[root@localhost conf.d]# cat login.conf
<VirtualHost *:443>
ServerName login.westos.com
DocumentRoot "/var/www/virtual/westos.com/login/"
CustomLog "logs/login.log" combined
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key
</VirtualHost>
<Directory "/var/www/virtual/westos.com/login/">
Require all granted
</Directory>
<VirtualHost *:80>
ServerName login.westos.com
RewriteEngine on
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
</VirtualHost>
[root@localhost conf.d]# mkdir -p /var/www/virtual/westos.com/login/
[root@localhost conf.d]# vim /var/www/virtual/westos.com/login/index.html
[root@localhost conf.d]# cat /var/www/virtual/westos.com/login/index.html
<h1>/var/www/virtual/westos.com/login/index's page<h1>
[root@localhost conf.d]# systemctl restart httpd
##输入配置过的域名时,会自动跳转成为HTTPS,这里是配置的是www.westos.com,此处就不附测试的图了,第一次访问,需要下载证书
四、集成PHP 和 CGI
[root@localhost conf.d]# yum install httpd-manual -y ##安装此软件,可以访问ip/manual——php等的说明
[root@localhost conf.d]# systemctl restart httpd
PHP
[root@localhost conf.d]# cd /var/www/html/
[root@localhost html]# ls
index.html tutu.html westos
[root@localhost html]# vim index.php
[root@localhost html]# cat index.php
<?php
phpinfo();
?>
[root@localhost html]# yum install php -y
[root@localhost html]# vim /etc/httpd/conf/httpd.conf
169 <IfModule dir_module>
170 DirectoryIndex index.php index.html
171 </IfModule>
[root@localhost html]# systemctl restart httpd
##浏览器访问172.25.254.127
CGI
[root@localhost html]# pwd
/var/www/html
[root@localhost html]# mkdir cgi
[root@localhost html]# ls
cgi index.html index.php tutu.html westos
[root@localhost html]# vim cgi/index.cgi
[root@localhost html]# cat cgi/index.cgi
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print `date`;
[root@localhost html]# chmod +x cgi/index.cgi
[root@localhost html]# ./cgi/index.cgi
Content-type: text/html
Wed May 30 08:14:48 EDT 2018
[root@localhost html]# ./cgi/index.cgi
Content-type: text/html
Wed May 30 08:14:57 EDT 2018
##浏览器访问效果,看见/var/www/html/cgi/index.cgi中的文本内容如下:
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print `date`;
[root@localhost html]# ls
cgi index.html index.php tutu.html westos
[root@localhost html]# cd /etc/httpd/conf.d/
[root@localhost conf.d]# ls
autoindex.conf login.conf music.conf php.conf ssl.conf userdir.conf
default.conf manual.conf news.conf README tmprequest welcome.conf
[root@localhost conf.d]# vim default.conf
[root@localhost conf.d]# cat default.conf | tail -n 5
<Directory "/var/www/html/cgi">
Options +ExecCGI
AddHandler cgi-script .cgi
DirectoryIndex index.cgi
</Directory>
[root@localhost conf.d]# systemctl restart httpd
##浏览器访问效果,效果如下:
Wed May 30 08:19:21 EDT 2018
五、论坛的搭建
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl start mariadb
[root@localhost ~]# cd /var/www/html/
[root@localhost html]# ls
cgi Discuz_X3.2_SC_UTF8.zip index.html index.php tutu.html westos
##Discuz_X3.2_SC_UTF8.zip——从网上下载,或者从其他处获取
[root@localhost html]# unzip Discuz_X3.2_SC_UTF8.zip
[root@localhost html]# ls
cgi index.html readme upload westos
Discuz_X3.2_SC_UTF8.zip index.php tutu.html utility
[root@localhost html]# chmod 777 /var/www/html/upload/ -R
[root@localhost html]# php -m
##参数: -m Show compiled in modules
【root@localhost html]# yum install php-mysql.x86_64 -y
[root@localhost html]# systemctl restart httpd
六、代理上网(翻墙)
可以上网的主机设置
[root@localhost ~]# yum install squid -y
[root@localhost ~]# vim /etc/squid/squid.conf
56 http_access allow all
62 cache_dir ufs /var/spool/squid 100 16 256
[root@localhost ~]# systemctl start squid
不能上网的主机设置代理
七、squid+apache实现缓存加速
IP为172.25.254.50的设置——Apache(距离较远)
[root@shenzhen squid]# yum install squid -y
[root@shenzhen squid]# systemctl start squid
[root@shenzhen squid]# cd /usr/share/doc/squid-3.3.8/
[root@shenzhen squid-3.3.8]# ls
ChangeLog COPYRIGHT README rredir.pl url-normalizer.pl
COPYING QUICKSTART rredir.c squid.conf.documented user-agents.pl
[root@shenzhen squid]# systemctl stop firewalld
[root@shenzhen squid]# cd /var/www/html/
[root@shenzhen html]# vim index.html
[root@shenzhen html]# cat index.html
<h1>172.25.254.50<h1>
[root@shenzhen squid-3.3.8]# systemctl start httpd
IP为172.25.254.227的设置——Squid(距离较近)
[root@xian ~]# yum install squid -y
[root@xian ~]# vim /etc/squid/squid.conf
56 http_access allow all
59 http_port 80 vhost vport
60 cache_peer 172.25.254.50 parent 80 0 proxy-only
62 cache_dir ufs /var/spool/squid 100 16 256
[root@xian ~]# systemctl start squid
[root@xian ~]# systemctl stop firewalld