文章目录
前言
Apache用于提供超文本传输协议,本质上是一个软件。超文本传输协议:http://,提供该协议的软件一般有:Apache、nginx、stgw、jfe、Tengine,而Apache在网页应用中使用比较广泛,比如百度所使用的就是该软件。
一、Apache的安装及启用
dnf install httpd.x86_64 -y %dnf安装
systemctl enable --now httpd %开启服务并设定服务位开机启动
firewall-cmd --list-all %查看火墙信息
firewall-cmd --permanent --add-service=http %在火墙中永久开启http访问
firewall-cmd --reload %刷新火墙使设定生效
具体操做示意图:
二、Apache的基本信息
服务名称: | httpd |
---|---|
配置文件: | /etc/httpd/conf/httpd.conf (主配置文件)/etc/httpd/conf.d/*.conf(子配置文件) |
默认发布目录: | /var/www/html |
默认发布文件: | index.html |
默认端口: | 80(http)443 (https) |
用户: | apache |
日志: | /etc/httpd/logs |
三、Apache的基本配置及修改
1、Apache端口修改
vim /etc/httpd/conf/httpd.conf %编辑主配置文件
Listen xxxx
firewall-cmd --permanent --add-port=xxxx/tcp %防火墙设置允许xxxx端口
firewall-cmd --reload %防火墙信息重新加载
systemctl restart httpd %重启httpd服务
2、默认发布文件
vim /etc/httpd/conf/httpd.conf %编辑主配置文件
DirectoryIndex westos.html index.html %添加默认发布文件westos.html
systemctl restart httpd %重启服务
3、默认发布目录
mkdir /dirname %创建目录,在主配置文件中添加下述内容
vim /etc/httpd/conf/httpd.conf
DocumentRoot "/dirname/html"
<Directory "/dirname/html">
Require all granted
</Directory>
systemctl restart httpd
三、Apache的访问控制
1、基于客户端ip的访问控制
mkdir /var/www/html/westos
vim /var/www/html/westos/index.html
在浏览器中访问 http://ip/westos,可以访问到index.html中编写的内容
(1)ip白名单 %注意:白名单时,先Deny后Allow才可以,因为顺序颠倒的话,Deny会把Allow给覆盖掉
<Directory "/var/www/html/westos">
Order Deny,Allow
Allow from ip
Deny from All
</Directory>
(2)ip黑名单 %注意:黑名单时,先Allow后Deny才可以,因为顺序颠倒的话,Allow会把Deny给覆盖掉
<Directory "/var/www/html/westos">
Order Allow,Deny
Allow from All
Deny from ip
</Directory>
2、基于用户认证
[root@haha conf.d]# cd ../conf
[root@haha conf]# cd ..
[root@haha httpd]# ls
conf conf.d conf.modules.d logs modules run state
[root@haha httpd]# htpasswd -cm .htpasswd admin(这里是用户名,需要是真实存在的目录)
New password:
Re-type new password:
Adding password for user admin
[root@haha httpd]# ls -a
. .. conf conf.d conf.modules.d .htpasswd logs modules run state
[root@haha httpd]# vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/westos">
AuthUserFile /etc/httpd/.htpasswd
AuthName "Please input username and password !!"
AuthType basic
# Require user admin %允许通过的认证用户 2选1
Require valid-user %允许所有用户通过认证 2选1
</Directory>
四、Apache的虚拟主机
在实际情况中,不可能每访问一个网页就需要一台主机来安装Apache并部署相关环境,虚拟主机实现了同一个ip下有多个站点,即可以通过一个ip来访问多个网页内容。
(1)虚拟主机建立
[root@haha Desktop]# mkdir -p /var/www/virutal/westos.org/{linux,lee} %创建虚拟主机的默认发布目录}
[root@haha Desktop]# vim /var/www/virutal/westos.org/linux/index.html %编写虚拟机内容的默认发布页中的内容
[root@haha Desktop]# vim /var/www/virutal/westos.org/lee/index.html
[root@haha Desktop]# vim /etc/httpd/conf/httpd.conf %注释掉下面几行(之前设置的,如果没有则可以忽略这一步)
#DocumentRoot "/westos_web"
#<Directory "/var/www/html/westos">
# Order Deny,Allow
# Allow from 172.25.254.1
# Deny from All
#</Directory>
[root@haha conf.d]# cat /var/www/virutal/westos.org/linux/index.html
linux.westos.org
[root@haha conf.d]# cat /var/www/virutal/westos.org/lee/index.html
lee.westos.org
[root@haha conf.d]# vim Vhost.conf %编写该文件内容如下
<VirtualHost _default_:80>
DocumentRoot /var/www/html
CustomLog logs/default.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName lee.westos.org
DocumentRoot /var/www/virutal/westos.org/lee
CustomLog logs/lee.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName linux.westos.org
DocumentRoot /var/www/virutal/westos.org/linux
CustomLog logs/linux.log combined
</VirtualHost>
[root@haha conf.d]# systemctl restart httpd.service
(2)在浏览器所在主机添加本地解析
[root@westos_student1 ~]# vim /etc/hosts %在另外一台主机里添加解析如下
ip www.westos.org linux.westos.org lee.westos.org login.westos.org
(3)测试:在浏览器中访问以下内容:
firefox http://www.westos.org
firefox http://lee.westos.org
firefox http://linux.westos.org
五、Apache的语言支持
(1)php
vim /var/www/html/index.php
<?php
phpinfo();
?>
dnf install php -y
systemctl restart httpd
firefox http://ip/index.php
(2)cgi
mkdir /var/www/html/cgidir
vim /var/www/html/cgidir/index.cgi
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print `date`;
chmod +x index.cgi
vim /etc/httpd/conf.d/vhost.conf
<Directory "/var/www/html/cgidir">
Options +ExecCGI
AddHandler cgi-script .cgi
</Directory>
systemctl restart httpd
firefox http://ip/cgidir/index.cgi
(3)wsgi
mkdir /var/www/html/wsgidir
vim /var/www/html/wsgidir/index.wsgi
def application (env, westos):
westos('200 ok', [('Content-Type', 'text/html')])
return [b'hello wsgi!']
chmod +x index.wsgi
dnf search wsgi
dnf install python3-mod_wsgi.x86_64 -y
vim /etc/httpd/conf.d/vhost.conf
<VirtualHost *:80>
Servername wsgi.westos.org
wSGIScriptAlias / /var/www/html/wsgidir/index.wsgi
</VirtualHost>
systemctl restart httpd
vim /etc/hosts
ip www.westos.org linux.westos.org lee.westos.org login.westos.org wsgi.westos.org
firefox wsgi.westos.org/index.wsgi
六、Apache的加密访问
网页上用户的个人信息传输如果不经过加密手段,安全性将会受到极大的威胁,比如说账户密码信息,此时就需要一种加密手段能够给用户信息加密,相当于给用户信息上锁,而这个锁必须是经过专门机构认证的锁,这个锁就相当于私钥,锁的认证信息相当于证书签名文件,生成证书需要私钥和证书签名文件,二者缺一不可。
具体步骤:
[root@haha wsgi-scripts]# dnf install mod_ssl -y
[root@haha wsgi-scripts]# cd /etc/httpd/conf.d/
[root@haha conf.d]# ls
autoindex.conf php.conf ssl.conf Vhost.conf
manual.conf README userdir.conf welcome.conf
[root@haha conf.d]# firewall-cmd --permanent --add-service=https
success
[root@haha conf.d]# firewall-cmd --reload
success
[root@haha conf.d]# systemctl restart httpd
完成上述步骤后在浏览器中加https可以访问到界面
[root@haha conf.d]# openssl genrsa -out /mnt/www.westos.org.key 2048
[root@haha conf.d]# openssl req -new -key /mnt/www.westos.org.key -out /mnt/www.westos.org.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:ShanXi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:www.westos.org
Email Address []:admin@westos.org
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@haha conf.d]# ls /mnt/
www.westos.org.csr www.westos.org.key
[root@haha conf.d]# openssl x509 -req -days 365 -in /mnt/www.westos.org.csr -signkey /mnt/www.westos.org.key -out /mnt/www.westos.org.crt
Signature ok
subject=C = CN, ST = ShanXi, L = xi'an, O = westos, OU = linux, CN = www.westos.org, emailAddress = admin@westos.org
Getting Private key
[root@haha conf.d]# ls
autoindex.conf manual.conf php.conf README ssl.conf userdir.conf Vhost.conf welcome.conf
[root@haha conf.d]# ls /mnt/
www.westos.org.crt www.westos.org.csr www.westos.org.key
[root@haha conf.d]# cp /mnt/www.westos.org.key /etc/pki/tls/private/
[root@haha conf.d]# cp /mnt/www.westos.org.* /etc/httpd/
[root@haha conf.d]# cd /etc/httpd/
[root@haha httpd]# ls
conf conf.modules.d modules state www.westos.org.csr
conf.d logs run www.westos.org.crt www.westos.org.key
[root@haha httpd]# cd ..
[root@haha etc]# cd /etc/httpd/conf.d/
[root@haha conf.d]# ls
autoindex.conf manual.conf php.conf README ssl.conf userdir.conf Vhost.conf welcome.conf
[root@haha conf.d]# vim ssl.conf
85 SSLCertificateFile /etc/httpd/www.westos.org.crt
86
87 # Server Private Key:
88 # If the key is not combined with the certificate, use this
89 # directive to point at the key file. Keep in mind that if
90 # you've both a RSA and a DSA private key you can configure
91 # both in parallel (to also allow the use of DSA ciphers, etc.)
92 # ECC keys, when in use, can also be configured in parallel
93 SSLCertificateKeyFile /etc/httpd/www.westos.org.key
[root@haha conf.d]# systemctl restart httpd
[root@haha conf.d]# mkdir /var/www/virutal/westos.org/login
[root@haha conf.d]# vim /var/www/virutal/westos.org/login/index.html #里面的内容任意
[root@haha conf.d]# vim /etc/httpd/conf.d/Vhost.conf
23 <VirtualHost *:443>
24 SSLEngine on
25 SSLCertificateFile /etc/httpd/www.westos.org.crt
26 SSLCertificateKeyFile /etc/httpd/www.westos.org.key
27 ServerName login.westos.org
28 DocumentRoot /var/www/virutal/westos.org/login
29 CustomLog logs/linux.log combined
30 </VirtualHost>
31
32 <VirtualHost *:80>
33 ServerName login.westos.org
34 RewriteEngine on
35 RewriteRule ^(/*)$ https://%{HTTP_HOST}$1
36 </VirtualHost>
[root@haha conf.d]# systemctl restart httpd
[root@haha conf.d]# vim /etc/httpd/conf.d/Vhost.conf
[root@haha conf.d]# cd /var/www/html/
[root@haha html]# ls
cgidir index.html index.php westos westos.html wsgi-scripts
操作示例: