第十次笔记

最新推荐文章于 2024-04-17 01:51:46 发布

无妄海

最新推荐文章于 2024-04-17 01:51:46 发布

阅读量343

点赞数

本文链接：https://blog.csdn.net/qq_34498816/article/details/60972932

版权

http

https

vim /var/www/html/index.html

对http://172.25.254.128进行编辑

lamp=linux+apache+mysql+php

Apache主配置文件: /etc/httpd/conf/httpd.conf

ServerRoot "/etc/httpd" 用于指定Apache的运行目录

Listen 80 监听端口

User apache 运行apache程序的用户和组

Group apache

ServerAdmin root@localhost 管理员邮箱

DocumentRoot "/var/www/html" 网页文件的存放目录

<Directory "/var/www/html"> <Directory>语句块自定义目录权限

Require all granted

</Directory>

ErrorLog "logs/error_log" 错误日志存放位置

AddDefaultCharset UTF-8 默认支持的语言

IncludeOptional conf.d/*.conf 加载其它配置文件

DirectoryIndex index.html 默认主页名称

####默认发布目录DocumentRoot

[root@apache html]# pwd

/www/html

修改配置文件

#DocumentRoot "/var/www/html"

DocumentRoot "/www/html"

# Relax access to content within /var/www.

require all granted

</Directory>

若开启了selinux 需要更改目录安全上下文

semanage fcontext -a -t httpd_sys_content_t "/www(/.*)?"

restorecon -RvvF /www

######端口的修改##########

[root@apache ~]# vim /etc/httpd/conf/httpd.conf

[root@apache ~]# systemctl restart httpd

[root@apache html]# firewall-cmd --permanent --add-port=8080/tcp

success

[root@apache html]# firewall-cmd --reload

success

[root@apache html]# cd /var/www/html/

[root@apache html]# vim westos

##############虚拟主机############

虚拟主机允许您从一个httpd服务器同时为多个网站提供服务。在本节中,我们将了解基于名称的虚

拟主机其中多个主机名都指向同一个IP地址,但是Web服务器根据用于到达站点的主机名提供具有不

同内容的不同网站。

[root@apache conf.d]# vim default.conf

[root@apache conf.d]# mkdir /var/www/news

[root@apache conf.d]# mkdir /var/www/music

[root@apache conf.d]# echo new.lalala.com >/var/www/news/westos

[root@apache conf.d]# echo news.lalala.com >/var/www/news/westos

[root@apache conf.d]# echo music.lalala.com >/var/www/news/westos

vim /etc/httpd/conf.d/default.conf

Documentroot /var/www/html

customlog "logs/default.log" combined

</Virtualhost>

require all granted

</Directory>

vim /etc/httpd/conf.d/news.conf

Servername news.westos.com

Documentroot /var/www/news

customlog "logs/news.log" combined

</Virtualhost>

require all granted

</Directory>

vim /etc/httpd/conf.d/music.conf

Servername music.westos.com

Documentroot /var/www/music

customlog "logs/music.log" combined

</Virtualhost>

require all granted

</Directory>

mkdir /var/www/news/admin

用户的通过

Order allow,deny

allow from 172.25.254.247

deny from all

</Directory>

设置加密，用户认证

htpasswd -cm /etc/httpd/conf/apacheusr user1

htpasswd -m /etc/httpd/conf/apacheusr admin

vim /etc/httpd/conf.d/news.conf

Servername news.westos.com

Documentroot /var/www/news

customlog "logs/news.log" combined

</Virtualhost>

require all granted

</Directory>

Authuserfile /etc/httpd/conf/apacheusr

Authname "Please input your name and passwor"

Authtype basic

Require user admin ###限制只有admin用户才可以访问

Require valid-user ###所有用户都可以访问

</Directory>

###php

yum install php -y

vim /etc/httpd/conf.d/php.conf

SetHandler application/x-httpd-php

</FilesMatch>

DirectoryIndex index.php

root@apache html]# vim index.php

<?php

phpinfo ();

vim /etc/httpd/conf/httpd.conf

DirectoryIndex index.php 默认主页名称

###########cgi通用网关接口##############

通用网关接口(CGI)是网站上放置动态内容的最简单的方法。CGI脚本可用于许多目

的,但是谨慎控制使用哪个CGI脚本以及允许谁添加和运行这些脚本十分重要。编写质量差的CGI

脚本可能为外部攻击者提供了破坏网站及其内容安全性的途径。因此,在Web服务器级别和

SELinux策略级别,都存在用于限制CGI脚本使用的设置。

1.在目录/var/www/news中建立目录cgi并创建index.cgi

#!/usr/bin/perl

print "Content-type: text/html\n\n";

print `date`;

2.修改/etc/httpd/conf.d/news.conf

Servername news.westos.com

Documentroot /var/www/news

customlog "logs/news.log" combined

</Virtualhost>

require all granted

</Directory>

Options +ExecCGI

AddHandler cgi-script .cgi

</Directory>

3.测试

#######自定义自签名证书##########

如果加密的通信非常重要,而经过验证的身份不重要,管理员可以通过生成self-signed certificate来避免与认证机构进行交互所带来的复杂性。使用genkey实用程序(通过crypto-utils软件包分发),生成自签名证书及其关联的私钥。为了简化起见,genkey将在“正确”的位置(/etc/pki/tls目录)创建证书及其关联的密钥。相应地,必须以授权用户(root)身份运行该实用程序。

生成自签名证书

1. 确保已安装crypto-utils软件包。

[root@server0 ~]# yum install crypto-utils mod_ssl

2. 调用genkey,同时为生成的文件指定唯一名称(例如,服务器的主机全名)。

--days可以指定证书有效期

[root@server0 ~]# genkey server0.example.com

output will be written to /etc/pki/tls/certs/apache.example.com.crt

output key written to /etc/pki/tls/private/apache.example.com.key

vim /etc/httpd/conf.d/ssl.conf

SSLCertificateFile /etc/pki/tls/certs/apache.example.com.crt

SSLCertificateKeyFile /etc/pki/tls/private/apache.example.com.key

vim /etc/httpd/conf.d/login.conf

Servername login.westos.com

Documentroot /var/www/login

Customlog "logs/login.log" combined

SSLEngine on

SSLCertificateFile /etc/pki/tls/certs/apache.example.com.crt

SSLCertificateKeyFile /etc/pki/tls/private/apache.example.com.key

</Virtualhost>

Require all granted

</Directory>

Servername login.westos.com

RewriteEngine on

RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]

</Virtualhost>

该为网页重写。，使其自动访问https

mkdir /var/www/login

vim /var/www/login/index.html

####################数据库######################

yum install mariadb-server -y

systemctl start mariadb

[root@apache ~]# netstat -antlpe | grep mysql

tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 27 121617 5764/mysqld

[root@apache ~]# vim /etc/my.cnf ##关掉端口

编辑/etc/my.cnf文件,在[mysqld]中加入以下参数:

skip-networking=1

# systemctl restart mariadb

# ss -antlp |grep mysql

此时只允许通过套接字文件进行本地连接,阻断所有来自网络的tcp/ip连接。

[root@apache ~]# systemctl restart mariadb

[root@apache ~]# netstat -antlpe | grep mysqld

[root@apache ~]# mysql

使用mysql_secure_installation工具进行数据库安全设置,根据提示完成操作:

# mysql_secure_installation

登录数据库

mysqladmin -uroot -predhat password westos 修改本地mysql root密码

mysqladmin -uroot -predhat -h 192.168.0.188 password westos 修改远程192.168.0.188 mysql服务器 root密码

mysql_secure_installation 第一次安装mysql以后通过这条命令可以对mysql进行设置

mysql -uroot -predhat 从本机登录mysql数据库

show databases; 显示数据库

+--------------------+

| Database |

+--------------------+

| information_schema |

| mysql |

| performance_schema |

+--------------------+

3 rows in set (0.00 sec)

use mysql; 进入数据库

MariaDB [mysql]>

show tables; 显示数据库中的表

+---------------------------+

| Tables_in_mysql |

+---------------------------+

| columns_priv |

| db |

| event |

| func |

| general_log |

| help_category |

| help_keyword |

| help_relation |

| help_topic |

| host |

| ndb_binlog_index |

| plugin |

| proc |

| procs_priv |

| proxies_priv |

| servers |

| slow_log |

| tables_priv |

| time_zone |

| time_zone_leap_second |

| time_zone_name |

| time_zone_transition |

| time_zone_transition_type |

| user |

+---------------------------+

24 rows in set (0.00 sec)

desc user; 查看user表的数据结构

+------------------------+-----------------------------------+------+-----+---------+-------+

MariaDB [mysql]> flush privileges;

Query OK, 0 rows affected (0.00 sec)

刷新数据库信息

select host,user,password from user; 查询user表中的host，user，password字段

+-----------+------+-------------------------------------------+

| host | user | password |

+-----------+------+-------------------------------------------+

| localhost | root | *28C1E2BE21B45562A34B6CC34A19CFAFC2F88F96 |

| 127.0.0.1 | root | *28C1E2BE21B45562A34B6CC34A19CFAFC2F88F96 |

| ::1 | root | *28C1E2BE21B45562A34B6CC34A19CFAFC2F88F96 |

+-----------+------+-------------------------------------------+

3 rows in set (0.00 sec)

create database westos; 创建westos数据库

use westos;

create table linux( 创建表，username，password字段

username varchar(15) not null,

password varchar(15) not null

);

select * from mysql.user; 查询mysql库下的user表中的所以

alter table linux add age varchar(4); 添加age字段到linux表中

ALTER TABLE linux DROP age; 删除age字段

ALTER TABLE linux ADD age VARCHAR(5) AFTER name; 在username字段后添加字段age

show tables;

desc linux;

insert into linux values ('user1','passwd1'); 在linux表中插入值为username = user1，password = password1

update linux set password=password('passwd2') where username=user1; 更新linux表中user1 的密码为password2

delete from linux where username=user1; 删除linux表中user1的所以内容

grant select on *.* to user1@localhost identified by 'passwd1'; 授权user1 密码为passwd1 并且只能在本地查询数据库的所以内容

grant all on mysql.* to user2@'%' identified by 'passwd2'; 授权user2 密码为passwd2 可以从远程任意主机登录mysql 并且可以对mysql数据库任意操作

备份

/var/lib/mysql

mysqldump -uroot -predhat mysql > mysql.bak 备份mysql库到mysql.bak

mysql -uroot -predhat westos < mysql.bak 恢复mysql.bak 到westos库

mysql 密码恢复

/etc/init.d/mysqld stop

mysqld_safe --skip-grant-tables & 跳过grant-tables授权表不需要认证登录本地mysql数据库

update mysql.user set password=password('westos') where user='root'; 更新mysql.user 表中条件为root用户的密码为加密westos

/etc/init.d/mysql restart

phpmyadmin

yum install php php-mysql httpd mysql mysql-server

tar jxf phpmyadmin-*.tar.bz2 -C /var/www/html

mv phpmyadmin phpadmin

cp config.sample.inc.php config.inc.php

vim config.inc.php

add

$cfg['blowfish_secret'] = 'test';

/etc/init.d/httpd start

http://192.168.0.188/phpadmin

无妄海

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
第十次笔记

httphttps vim /var/www/html/index.html 对http://172.25.254.128进行编辑 lamp=linux+apache+mysql+php Apache主配置文件: /etc/httpd/conf/httpd.confServerRoot "/etc/httpd" 用于指定Apache的运行目录List
复制链接

扫一扫