二、http服务的应用
(一)、http默认发布目录
[root@server39 ~]# yum install httpdhttpd-manual -y
[root@server39 ~]# systemctl start httpd
[root@server39 ~]# systemctl enable httpd
ln -s'/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
[root@server39 ~]# firewall-cmd --permanent--add-service=https
success
[root@server439 ~]# firewall-cmd --permanent--add-service=http
success
[root@server39 ~]# firewall-cmd --reload
success
[root@server39 ~]# firewall-cmd --list-all
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client http https ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
[root@server39 ~]# netstat -antlpe | grephttp
tcp6 0 0 :::80 :::* LISTEN 0 48679 2608/httpd
[root@server439~]# netstat -antlpe | grep:80
tcp6 0 0 :::80 :::* LISTEN 0 48679 2608/httpd
[root@server39 ~]# netstat -antlpe | grep:443
[root@server39 ~]# vim/var/www/html/index.html
@@@@@
1<html>
2<title>tao bao </title>
3<h2> welcome to lvah,there are many monkey!</h2>
4</html>
@@@@@
##Servername 监听
(二)基于域名的虚拟主机==>不同的域名访问同一IP
一旦启用虚拟主机,第一个虚拟主机就是主server,因此想默认发布目录生效,将默认发布目录作为第一个虚拟主机
tcp -> http
#######server端###############
[root@server39 ~]# mkdir /var/www/westos
[root@server39 ~]# vim/etc/httpd/conf.d/www39.conf
@@@@@@
1<VirtualHost *:80>
2 ServerName server.example.com
3 DocumentRoot /var/www/html
4</VirtualHost>
5
6<VirtualHost *:80>
7 ServerName www.example.com
8 ServerAlias www
9 DocumentRoot /var/www/westos
10</VirtualHost>
@@@@@@
[root@server39 ~]# vim/var/www/html/index.html
@@@@@@
1<html>
2<h1>www.example.com</h1>
3</html>
@@@@@@
[root@server439 ~]# systemctl restart httpd
#######client端
[root@desktop39 ~]# vim /etc/hosts
@@@@@@
172.25.45.39 server39.example.com www.example.com wwwserver
@@@@@@
######server端
[root@server39 ~]# mkdir /www
[root@server39 ~]# vim /www/index.html
@@@@@@
<h1> /www www.example.com</h1>
@@@@@@
[root@server39 ~]# chcon -R--reference=/var/www/html /westos
[root@server39 ~]# ll -dZ /www
drwxr-xr-x. root rootsystem_u:object_r:httpd_sys_content_t:s0 /westos
[root@server45 ~]# ll -dZ /var/www/html/
drwxr-xr-x. root rootsystem_u:object_r:httpd_sys_content_t:s0 /var/www/html/
[root@server45 ~]# vim/etc/httpd/conf/httpd.conf
101 #
102 <Directory />
103 AllowOverride none
104 Require all denied
105 </Directory>
106
[root@server45 ~]# vim/etc/httpd/conf.d/www39.conf
@@@@@@
1<VirtualHost *:80>
2 ServerNameserver.example.com
3 DocumentRoot /var/www/html
4</VirtualHost>
5
6<VirtualHost *:80>
7 ServerName www45.example.com
8 ServerAlias www
9 DocumentRoot /westos
10</VirtualHost>
11
12<Directory /www>
13# options indexes
14 Require all granted
15</Directory>
@@@@@@
[root@server39 ~]# systemctl restart httpd
(四)http身份认证
######server端
[root@server45 ~]# vim/etc/httpd/conf.d/default.conf
@@@@@@
1<VirtualHost *:80>
2 ServerNameserver.example.com
3 DocumentRoot /var/www/html
4</VirtualHost>
5
6
7<Directory "/var/www/html/admin">
8 authname "adminauth"
9 authtype basic
10 authuserfile /etc/httpd/.htpasswd
11 require valid-user
12</Directory>
@@@@@@
[root@server39 ~]# mkdir/var/www/html/admin
[root@server39 ~]# vim/var/www/html/admin/index.html
@@@@@@
<html>
<h4>admin auth.example.com</h4>
</html>
@@@@@@
[root@server39 ~]# htpasswd -c/etc/httpd/.htpasswd user1 ##建立第一个user时需要加参数-c
New password:
Re-type new password:
Adding password for user user1
[root@server39 ~]# htpasswd /etc/httpd/.htpasswd user2
New password:
Re-type new password:
Adding password for user user2
[root@server39 ~]# cat /etc/httpd/.htpasswd
user1:$apr1$BVJ2Jy/J$l5HLhrYjDMkqs3wOROjU51
user2:$apr1$dUWCftaN$HFY74v8pVi2hjZlDXPS.t0
[root@server45 ~]# systemctl restart httpd
(三)基于IP的虚拟主机
三 https的应用
(一)https加密
######server端
[root@server39 ~]# yum install mod_sslcrypto-utils -y
[root@server39 ~]# systemctl restarthttpd.service
[root@server39 ~]# netstat -antlpe | grep443
tcp6 0 0 :::443 :::* LISTEN 0 107678 7630/httpd
[root@server39 ~]# /etc/pki/tls/private
[root@server39 private]# rm -frlocalhost.key
[root@server39 private]# openssl genrsa1024 >localhost.key
Generating RSA private key, 1024 bit longmodulus
...............................++++++
.............++++++
e is 65537 (0x10001)
[root@server private]# pwd
/etc/pki/tls/private
[root@server39 private]# cd/etc/pki/tls/certs/
[root@server39 certs]# make testcert
umask 77 ;
/usr/bin/openssl req -utf8 -new -key/etc/pki/tls/private/localhost.key -x509 -days 365 -out/etc/pki/tls/certs/localhost.crt -set_serial 0
You are about to be asked to enterinformation that will be incorporated
into your certificate request.
What you are about to enter is what iscalled a Distinguished Name or a DN.
There are quite a few fields but you canleave some blank
For some fields there will be a defaultvalue,
If you enter '.', the field will be leftblank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name)[]:shaanxi
Locality Name (eg, city) [DefaultCity]:xi'an
Organization Name (eg, company) [DefaultCompany Ltd]:lvah
Organizational Unit Name (eg, section)[]:gf
Common Name (eg, your name or your server'shostname) []:server39.example.com
Email Address []:root@server39.example.com
[root@server39 certs]# systemctl restarthttpd
######client端######
(二)http时重定向到https
######server端
[root@server39 ~]# vim/etc/httpd/conf.d/www39.conf
@@@@@@
1<VirtualHost *:80>
2 ServerNameserver39.example.com
3 DocumentRoot /var/www/html
4</VirtualHost>
5
6<VirtualHost *:80>
7 ServerName www39.example.com
8 ServerAlias www
9 DocumentRoot /www
10 rewriteengine on
11 rewriterule ^(/.*)$ https://%{HTTP_HOST}$1[redirec t=301]
12</VirtualHost>
13
14<Directory /www39>
15# options indexes
16 Require all granted
17</Directory>
18
19<VirtualHost *:443>
20 ServerName www45.example.com
21 documentroot/www45
22 SSLEngine on
23 SSLCertificateChainFile /etc/pki/tls/certs/example- ca.crt
24 SSLCertificateFile /etc/pki/tls/certs/www45.crt
25 SSLCertificateKeyFile /etc/pki/tls/private/www45.ke y
26</VirtualHost>
@@@@@@
[root@server39 ~]# cd /etc/pki/tls/certs/
[root@server39 certs]# wgethttp://172.25.254.254/pub/example-ca.crt
Saving to: ‘example-ca.crt’
100%[===============>] 1,220 --.-K/s in 0s
[root@server39 certs]# wgethttp://172.25.254.254/pub/tls/certs/www45.crt
Saving to: ‘www45.crt’
100%[===============>] 3,501 --.-K/s in 0s
[root@server39 certs]# ls
ca-bundle.crt localhost.crt renew-dummy-cert
ca-bundle.trust.crt make-dummy-cert www39.crt
[root@server39 certs]# cd /etc/pki/tls/private/
[root@server39 private]# wgethttp://172.25.254.254/pub/tls/private/www39.key
Saving to: ‘www39.key’
100%[===============>] 916 --.-K/s in 0s
[root@server39 private]# ll
total 8
-rw-r--r--. 1 root root 887 Jan 2 16:52 localhost.key
-rw-r--r--. 1 root root 916 Jan 2 22:53 www439.key
[root@server39 private]# chmod 600www39.key
[root@server39 private]# ll
total 8
-rw-r--r--. 1 root root 887 Jan 2 16:52 localhost.key
-rw-------. 1 root root 916 Jan 2 22:53 www39.key
[root@server39 private]# systemctl restarthttpd
######client端#####
[root@desktop39 ~]# wgethttp://172.25.254.254/pub/example-ca.crt
Saving to: ‘example-ca.crt’
100%[===============>] 1,220 --.-K/s in 0s
[root@desktop39 ~]# ll
total 16
-rw-------. 1 root root 8619 May 7 2014anaconda-ks.cfg
-rw-r--r--. 1 root root 1220 Jul 11 2014 example-ca.crt
[root@desktop39 ~]# curl -Iwww39.example.com
HTTP/1.1 301 Moved Permanently
Date: Sun, 03 Jan 2016 02:35:30 GMT
Server: Apache/2.4.6 (Red Hat) OpenSSL/1.0.1e-fips
Location: https://www39.example.com/
Content-Type: text/html; charset=iso-8859-1