一、安装apache
dnf install httpd.x86_64 -y
systemctl enable --now httpd ##开启服务并设定服务开机启动
firewall-cmd --list-all ##查看火墙信息
firewall-cmd --permanent --add-service=http ##在火墙中永久开启http访问
firewall-cmd --permanent --add-service=https ##在火墙中永久开启https访问
firewall-cmd --reload ##刷新火墙使设定生效
二、更改apache主配置文件
1、端口:
semanage port -l | grep http ##查看端口列表
vim /etc/httpd/conf/httpd.conf
---Listen 8080
systemctl restart httpd
netstat -antlupe | grep httpd ##查看apache可用端口
2、默认发文件:
vim /etc/httpd/conf/httpd.conf
171----DirectoryIndex westos.html index.html
systemctl restart httpd
3、默认发目录:
mkdir /westosdir
vim /etc/httpd/conf/httpd.conf ##更改
---DocumentRoot "/westosdir"
---<Directory "/westosdir">
--- Require all granted
---</Directory>
systemctl restart httpd
vim /westosdir/index.html ##建立默认发文件
semanage fcontext -a -t httpd_sys_content_t '/westosdir(/.*)?' ##更改发目录安全上下文
restorecon -RvvF /westosdir/ ##立刻生效
三、用用户密码限制访问
cd /etc/httpd/
htpasswd -cm .westospasswd user4 ##建立名单
htpasswd -m .westospasswd user5
cat .westospasswd
mkdir /var/www/html/westos ##建要访问的目录
vim /etc/httpd/conf/httpd.conf
---<Directory "/var/www/html/westos">
AuthUserFile /etc/httpd/.westospasswd
AuthName "Please input username and password"
AuthType basic
Require user user4 ##user4可以用密码访问
# Require valid-user ##名单中的用户都可以用密码访问
---</Directory>
systemctl restart httpd
user4可以访问
user5不可访问
四、用id限制访问
vim /etc/httpd/conf/httpd.conf
----<Directory "/var/www/html/westos">
Order Allow,Deny ##Allow>Deny
Allow from all ##所有都允许访问
Deny from 172.25.254.50 ##50不能访问
----</Directory>
systemctl restart httpd
172.25.254.50 不能访问
五、虚拟主机 多站点配置
服务器:
mkdir -p /var/www/westos.com/{news,music,app}
echo news > /var/www/westos.com/news/index.html
echo music > /var/www/westos.com/music/index.html
echo app > /var/www/westos.com/app/index.html
vim /etc/httpd/conf.d/vhosts.conf ##写子配置文件
<VirtualHost _default_:80>
DocumentRoot /var/www/html
CustomLog logs/default.log combined
</VirtualHost>
<VirtualHost *:80>
Servername news.westos.com ##名称
DocumentRoot /var/www/westos.com/news ##指定发目录
CustomLog logs/news.log combined
</VirtualHost>
<VirtualHost *:80>
Servername music.westos.com
DocumentRoot /var/www/westos.com/music
CustomLog logs/music.log combined
</VirtualHost>
<VirtualHost *:80>
Servername app.westos.com
DocumentRoot /var/www/westos.com/app
CustomLog logs/app.log combined
</VirtualHost>
systemctl restart httpd
客户端:
vim /etc/hosts ##编写本地解析
172.25.254.150 www.westos.com music.westos.com news.westos.com app.westos.com
效果:
六、Apache的语言支持
1、php:
vim /var/www/html/index.php ##编写默认发文件
<?php
phpinfo();
?>
dnf install php -y ##安装php
systemctl restart httpd
2、cgi
mkdir /var/www/html/cgi
vim /var/www/html/cgi/index.cgi
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print `date`;
chmod +x /var/www/html/cgi/index.cgi ##给此脚本执行权限
semanage fcontext -a -t http_sys_script_exec_t '/var/www/html/cgi/index.cgi(/.*)?' ##使cgi可执行
restorecon -RvvF /var/www/html/cgi/index.cgi
vim /etc/httpd/conf.d/vhost.conf
<Directory "/var/www/html/cgi"> ##把index.cgi当作脚本执行
Options +ExecCGI
AddHandler cgi-script .cgi
</Directory>
systemctl restart httpd
3、wsgi
服务器:
vim /var/www/html/wsgi/index.wsgi ##写测试文件
def application(env, westos):
westos('200 ok',[('Content-Type', 'text/html')])
return [b'hello westos hahahahaha!']
dnf install python3-mod_wsgi ##安装python
systemctl restart httpd
vim /etc/httpd/conf.d/vhosts.conf
<VirtualHost *:80>
ServerName wsgi.westos.com
WSGIScriptAlias / /var/www/html/wsgi/index.wsgi
</VirtualHost>
客户端:
vim /etc/hosts ##编写本地解析
172.25.254.150 www.westos.com music.westos.com news.westos.com app.westos.com wsgi.westos.com
效果:
七、Apache的加密访问
1、安装加密插件
dnf install mod_ssl -y
2、生成证书
openssl genrsa -out /etc/pki/tls/private/www.westos.com.key 2048 #生成私钥
openssl req -new -key /etc/pki/tls/private/www.westos.com.key \
-out /etc/pki/tls/certs/www.westos.com.csr ##生成证书签名文件
openssl x509 -req -days 365 -in \
/etc/pki/tls/certs/www.westos.com.csr \
-signkey /etc/pki/tls/private/www.westos.com.key \
-out /etc/pki/tls/certs/www.westos.com.crt ##生成证书
3、编写配置文件
vim /etc/httpd/conf.d/vhosts.conf
<VirtualHost *:80>
ServerName login.westos.com
RewriteEngine on
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1
</VirtualHost>
<VirtualHost *:443>
ServerName login.westos.com
DocumentRoot "/www/westos.com/login"
CustomLog logs/login.log combined
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key
</VirtualHost>
systemctl restart httpd
注解:
^(/.*)$ ##客户地址栏中输入的地址
%{HTTP_HOST} ##客户主机
$1 ##RewriteRule后面跟的第一串字符的值
效果:
需下载证书才能访问。
八、用squid进行正向代理与反向代理
1. 正向代理
代理服务器:
配置好网络,使之可以访问到外网
dnf install squid
vim /etc/squid/squid.conf
59 http_access allow all
62 http_port 3128
65 cache_dir ufs /var/spool/squid 100 16 256
systemctl restart squid.service
firewall-cmd --permanent --add-service=squid
firewall-cmd --reload
firewall-cmd --list-all
客户端:
保证可以与代理主机通信,但不能与外网通信。
浏览器里:设置---Network Setting---选择第四个,输入代理ip与端口 即可用浏览器访问外网。
测试:
客户端设置好后可以用浏览器访问外网,但依旧ping不通外网。
2. 反向代理
资源主机服务器:
ip为172.25.254.144
安装apache
保证可以被访问
子服务器:
不能使用apache
ip为172.25.254.44
vim /etc/squid/squid.conf
62 http_port 80 vhost vport
63 cache_peer 172.25.254.144 parent 80 0 proxy-only
systemctl restart squid.service
firewall-cmd --permanent --add-service=http
firewall-cmd --reload
测试:
访问44时,会缓存资源主机144的资源