目录
1.Apache的作用
在
web
被访问时通常使用
http
://
的方式
http
://
##
超文本传输协议
http
://
超文本传输协议提供软件
:
Apache
nginx
stgw
jfe
Tengine
如:
![](https://i-blog.csdnimg.cn/blog_migrate/2ed71d26e437274f253e3d48827a7b93.png)
2.Apache的安装
dnf install httpd.x86_64 - y
3.Apache的启用
systemctl enable -- now httpd ##开启服务并设定服务位开机启动firewall - cmd -- list - all ##查看火墙信息firewall - cmd -- permanent -- add - service = http ##在火墙中永久开启 http 访问firewall - cmd -- permanent -- add - service = https ##在火墙中永久开启 https 访问firewall - cmd -- reload ##刷新火墙使设定生效
![](https://i-blog.csdnimg.cn/blog_migrate/0a98917cef587882079fa7c3ed2db637.png)
4.Apache的基本信息
服务名称
:
httpd
配置文件
:
/ etc / httpd / conf / httpd.conf ##主配置文件/ etc / httpd / conf.d /* .conf ##子配置文件
默认发布目录
:
/ var / www / html
默认发布文件
:
index.html
默认端口
:
80 #http443 #https
用户
:
apache
日志
:
/ etc / httpd / logs
5.Apache的基本配置
1.Apache端口修改
vim / etc / httpd / conf / httpd.conf45 Listen 8080
![](https://i-blog.csdnimg.cn/blog_migrate/1122dd3b21279a9fbb91abd2cd6ba5ad.png)
firewall - cmd -- permanent -- add - port = 8080 / tcpfirewall - cmd -- reloadsystemctl restart httpdhttp :// 172.25.254.100 : 8080
![](https://i-blog.csdnimg.cn/blog_migrate/be14c02d6eeb384114a3b92da6a4e742.png)
2.默认发布文件
vim / etc / httpd / conf / httpd.confDirectoryIndex westos.html index.htmlsystemctl restart httpd
![](https://i-blog.csdnimg.cn/blog_migrate/27ebb05cac7327d261544547de286fb1.png)
![](https://i-blog.csdnimg.cn/blog_migrate/6fcc55ad7680aad89009816f2e2f116f.png)
![](https://i-blog.csdnimg.cn/blog_migrate/92e66d61d433cc56384f1901851e069e.png)
3.默认发布目录
mkdir / var / www / westosmv / var / www / westos / varvim / etc / httpd / conf / httpd.conf
![](https://i-blog.csdnimg.cn/blog_migrate/c8ebeeccdfedd380186335d837a15515.png)
DocumentRoot " / var / westos"
![](https://i-blog.csdnimg.cn/blog_migrate/5adeee900cad50602f78258e0ae03627.png)
< Directory " / var / westos" >Require all granted</ Directory >
![](https://i-blog.csdnimg.cn/blog_migrate/a5933b4623b390e8344f10ef31387dc4.png)
systemctl restart httpdfirefox http :// 192.168.0.11
6.Apache的访问控制
实验素材
mkdir / var / www / html / westosvim / var / www / html / westos / index.html< h1 > westosdir ' s page </ h1 >firefox http :// 192.168.0.11 / westos
1.基于客户端ip的访问控制
vim /etc/httpd/conf.d/access.conf
#ip
白名单
#
< Directory " / var / www / html / westos" >Order Deny,AllowAllow from 192.168.0.10Deny from All</ Directory >
#ip
黑名单
#
< Directory " / var / www / html / westos" >Order Allow,DenyAllow from AllDeny from 192.168.0.10</ Directory >
2.基于用户认证
vim / etc / httpd /conf.d/access.conf< Directory / var / www / html / westos >AuthUserfile / etc / httpd / htpasswdfile ##指定认证文件AuthName "Please input your name and password" ##认证提示语AuthType basic ##认证类型Require user admin ##允许通过的认证用户 2 选 1Require valid - user</ Directory >
![](https://i-blog.csdnimg.cn/blog_migrate/8954e9ce7f94c2c6222f2946dd70dae7.png)
##
允许所有用户通过认证
2
选
1
![](https://i-blog.csdnimg.cn/blog_migrate/939e80208a7ea408ebea30da6027b459.png)
htpasswd - cm / etc / httpd / htpasswdfile admin ##生成认证文件htpasswd - m / etc / httpd / htpasswdfile admin
![](https://i-blog.csdnimg.cn/blog_migrate/a326cb13aeb954bc1a686d38d2140045.png)
注意
:
当/etc/httpd/htpasswdfile存在那么在添加用户时不要加-c参数否则会覆盖源文件内容
7.Apache的虚拟主机
mkdir -p /var/www/virtual/shx.org/{news,bbs}/html/index.html
![](https://i-blog.csdnimg.cn/blog_migrate/f2a34c2daecc010f2f050b3c0d6f6e78.png)
echo www.shx.org > / var / www /html/index.htmlecho bbs.shx.org > / var / www / virtual/shx.org/bbs/html/index.htmlecho news.shx.org > / var / www / virtual/shx.org/news/html/index.html
![](https://i-blog.csdnimg.cn/blog_migrate/9e7e7897d0a6d94456065a77e284f0e3.png)
vim /etc/httpd/conf.d/Vhost.conf
1 <VirtualHost _default_:80>
2 DocumentRoot /var/www/html
3 CustomLog logs/default.log combined
4 </VirtualHost>
5
6 <VirtualHost *:80>
7 ServerName news.shx.org
8 DocumentRoot /var/www/virtual/shx.org/news/html/
9 CustomLog logs/news.log combined
10 </VirtualHost>
11
12 <VirtualHost *:80>
13 ServerName bbs.shx.org
14 DocumentRoot /var/www/virtual/shx.org/bbs/html/
15 CustomLog logs/bbs.log combined
16 </VirtualHost>
测试
:
在浏览器所在主机中
vim / etc / hosts192.168.81.128 server3 www.shx.org news.shx.org bbs.shx.org
firefox http :// www.shx.orgfirefox http :// bbs.shx.orgfirefox http :// news.shx.org
8.Apache的语言支持
#php#
vim / var / www / html / index.php< ?phpphpinfo();? >
![](https://i-blog.csdnimg.cn/blog_migrate/963d9c70f53bfc19df647ad2a401532e.png)
dnf install php - ysystemctl restart httpd
firefox http
://
192.168.81.132
/
index.php
![](https://i-blog.csdnimg.cn/blog_migrate/28c3140ba4a213bb2c0c00940b2b8fcd.png)
![](https://i-blog.csdnimg.cn/blog_migrate/6e9b939c9f4de01fa552ea1146f81327.png)
#cgi#
mkdir / var / www / html / cgidirvim / var / www / html / cgidir / index.cgi# !/ usr / bin / perlprint "Content - type : text / html \ n \ n";print `date`;
![](https://i-blog.csdnimg.cn/blog_migrate/87874268ca712ed864ae02a50ae717be.png)
vim / etc / httpd / conf.d / cgi.conf< Directory " / var / www / html / cgidir" >Options + ExecCGIAddHandler cgi - script .cgi</ Directory >
![](https://i-blog.csdnimg.cn/blog_migrate/9e57295d62a6ae3c8059aa24eb6ec2b1.png)
firefox http
://
192.168.0.11
/
cgidir
/
index.cgi
![](https://i-blog.csdnimg.cn/blog_migrate/d70faafd7b392e7d64372a5617ba40f6.png)
#wsgi#
书写
wsgi
的测试文件
vim / var / www / html / wsgi / index.wsgidef application(env, shx) :shx( '200 ok' ,[( 'Content-Type' , 'text/html' )])return [b ' hello shx ahhahahahah ! ']
![](https://i-blog.csdnimg.cn/blog_migrate/df7245c53a1b3ab006aab827b409c1de.png)
dnf install python3 - mod_wsgisystemctl restart httpd
![](https://i-blog.csdnimg.cn/blog_migrate/28a5201d3c29b7897b4e4bca912c6cfd.png)
vim / etc / httpd / conf.d / vhost< VirtualHost *: 80 >ServerName wsgi.westos.orgWSGIScriptAlias / / var / www / html / wsgi / index.wsgi</ VirtualHost >
![](https://i-blog.csdnimg.cn/blog_migrate/d19aabec81b053ffb2c486b0b9a900e3.png)
9.Apache的加密访问
安装加密插件
dnf install mod_ssl - y ## 生成证书
![](https://i-blog.csdnimg.cn/blog_migrate/ac9cfb2a0df022ca02ad916751952b73.png)
command
1
openssl genrsa - out / etc / pki / tls / private / www.westos.com.key 2048 生成私钥openssl req - new - key / etc / pki / tls / private / www.westos.com.key \- out / etc / pki / tls / certs / www.westos.com.csr 生成证书签名文件openssl x509 - req - days 365 - in / etc / pki / tls / certs / www.westos.com.csr signkey / etc / pki / tls / private / www.westos.com.key out / etc / pki / tls / certs / www.westos.com.crt #生成证书
x509 证书格式- req 请求- in 加载签证名称- signkey / etc / pki / tls / private / www.westos.com.key
command
2
openssl req -- newkey rsa : 2048 \ - nodes - sha256 - keyout / etc / httpd / westos.org.key - x509 - days 365 - out / etc / httpd / shx.org.crt 生成密钥和证书签名文件
![](https://i-blog.csdnimg.cn/blog_migrate/a94129638934800fbbe5dc754d528b57.png)
vim / etc / httpd / conf.d / Vh ost.conf18 <VirtualHost *:443>
19 Servername login.shx.org
20 DocumentRoot /var/www/virtual/shx.org/login/html
21 CustomLog logs/login.log combined
22 SSLEngine on
23 SSLCertificateFile /etc/httpd/shx.org.crt
24 SSLCertificateKeyFile /etc/httpd/shx.org.key
25 </VirtualHost>
26
27 <VirtualHost *:80>
28 ServerName login.shx.org
29 RewriteEngine on
30 RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1
31 </VirtualHost>
systemctl restart httpd
^ ( /.* )$ ##客户地址栏中输入的地址%{HTTP_HOST} ##客户主机$ 1 ##RewriteRule后面跟的第一串字符的值
10.Squid+Apache
squid 反
向代理
实验环境
:
单网卡主机设定
ip
不能上网
双网卡主机设定
ip1
可以连接单网卡主机
,
设定
ip2
可以上网
实验效果
让单网卡主机不能上网但浏览器可以访问互联网页
操作
:
在双网卡主机中
dnf install squid - y
![](https://i-blog.csdnimg.cn/blog_migrate/9cd0464e97bc1811c663885a57d73630.png)
vim / etc / squid / squid.conf59 http_access allow all63 http_port 80 vhost vport ##vhost 支持虚拟域名 vport 支持虚拟端口64 cache_peer 172.25.254.20 parent 80 0 proxy - only65 cache_dir ufs / var / spool / squid 100 16 256systemctl restart squid
firewall - cmd -- permanent -- add - port = 3128 / tcpfirewall - cmd -- reload 在单网卡专辑中选择
实验环境
:
192.168.81.131
##Apache服务器
192.168.81.128
##squid,没有数据负责缓存
vim / etc / squid / squid.conf
#
当
192.168.81.128
的
80
端口被访问会从
192.168.81.131
的
80
端口缓存数据
cache_peer 192.168.81.131 parent 80 0 proxy - onlysystemctl restart squid
测试
:
firefox http
:/
192.168.81.128
访问看到的是
192.168.81.131
上的数据
![](https://i-blog.csdnimg.cn/blog_migrate/fe1737684bc1c35144e6e851444c8059.png)
![](https://i-blog.csdnimg.cn/blog_migrate/2f718bc83be5c1aac7c14cbdcb1a34be.png)