一、lamp环境搭建
lamp环境搭建请参考我的博文:lamp环境搭建
二、lamp应用
0、实验前的准备
本次实验开启SELinux。
安装SELinux策略管理命令
[root@node0 ~]# yum install selinux-policy-devel -y
这里实验php使用作为Apache的模块使用。并且设置实验的网站目录为:/htdocs
因为开启SELinux,并且设置的网站目录不是httpd默认的网站目录,所以会受到SELinux安全上下文的限制,因此自定义的网站目录要设置SELinux安全上下文标签:
[root@node0 ~]# mkdir /htdocs
[root@node0 ~]# chown -R www.www /htdocs/
[root@node0 ~]# semanage fcontext -a -t httpd_sys_content_t /htdocs
[root@node0 ~]# restorecon -Rv /htdocs/
restorecon reset /htdocs context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
[root@node0 ~]# ls -Zd /htdocs/
drwxr-xr-x. www www unconfined_u:object_r:httpd_sys_content_t:s0 /htdocs/
[root@node0 ~]#
httpd主配置文件中<Directory />中的Require all deny修改为:Require all granted。
<Directory />
AllowOverride none
Require all granted
</Directory>
1、Apache用户认证
·创建虚拟主机
虚拟主机配置文件:/etc/httpd24/extra/http_vhost.conf
[root@node0 ~]# vim /etc/httpd24/extra/http_vhost.conf
<VirtualHost *:80>
DocumentRoot "/htdocs/test1"
ServerName haha
<Directory "/htdocs/test1">
AllowOVerride AuthConfig
AuthName "haha test1"
AuthType Basic
AuthUserFile /htdocs/.passwd
Require valid-user
</Directory>
</VirtualHost>
参数解析:
<VirtualHost *:80> //虚拟主机标签
DocumentRoot "/htdocs/test1" //网站目录
ServerName haha
<Directory "/htdocs/test1"> //指定认证的目录
AllowOVerride AuthConfig //打开认证
AuthName "haha test1" //自定义认证名字,作用不大
AuthType Basic //认证的类型,一般为Basic
AuthUserFile /htdocs/.passwd //密码文件
Require valid-user //指定需要认证的用户为全部可用的用户
</Directory>
</VirtualHost>
·创建认证的用户
[root@node0 ~]# /usr/local/apache/bin/htpasswd -c -m /htdocs/.passwd test
New password:
Re-type new password:
Adding password for user test
[root@node0 ~]#
参数解析:
-c:创建一个密码文件
-m:使用md5加密
/htdocs/.passwd:密码文件
test:用户名
创建测试页:
[root@node0 ~]# vim /htdocs/test1/index.html
<h1>test1 Apache Authentication</h1>
检查配置文件是否有错:
[root@node0 ~]# /usr/local/apache/bin/httpd -t
Syntax OK
OK配置文件没有错。
重新加载配置文件:
[root@node0 ~]# /usr/local/apache/bin/apachectl graceful
当然你也可以直接重启httpd服务:
[root@node0 ~]# systemctl restart httpd
浏览器输入192.168.10.205
输入用户名、密码:
1.2、针对某个文件做认证
虚拟主机配置为:
[root@node0 ~]# vim /etc/httpd24/extra/http_vhost.conf
<VirtualHost *:80>
DocumentRoot "/htdocs/test1"
ServerName haha
<Directory "/htdocs/test1">
AllowOverride All
Require all granted
<FilesMatch test.php>
AllowOVerride AuthConfig
AuthName "haha test1"
AuthType Basic
AuthUserFile /htdocs/.passwd
Require valid-user
</FilesMatch>
</Directory>
</VirtualHost>
测试:访问test.php需认证
[root@node0 ~]# curl -x127.0.0.1:80 haha -I
HTTP/1.1 200 OK
Date: Sat, 23 Jun 2018 01:58:47 GMT
Server: Apache/2.4.33 (Unix) PHP/7.2.6
X-Powered-By: PHP/7.2.6
Content-Type: text/html; charset=UTF-8
[root@node0 ~]# curl -x127.0.0.1:80 haha/test.php -I
HTTP/1.1 401 Unauthorized
Date: Sat, 23 Jun 2018 01:58:52 GMT
Server: Apache/2.4.33 (Unix) PHP/7.2.6
WWW-Authenticate: Basic realm="haha test1"
Content-Type: text/html; charset=iso-8859-1
[root@node0 ~]#
2、域名跳转
配置文件:
[root@node0 ~]# vim /etc/httpd24/extra/http_vhost.conf
<VirtualHost *:80>
DocumentRoot "/htdocs/test1"
ServerName haha
ServerAlias www.111.com
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www.haha.com$
RewriteRule ^/(.*)$ http://www.haha.com/$1 [R=301,L]
</IfModule>
</VirtualHost>
参数解释:
IfModule mod_rewrite.c:使用rewrite模块
RewriteEngine on :打开rewrite工具
RewriteCond %{HTTP_HOST} !^haha.com$ :定义rewrite的条件,主机名不是haha.com跳转
RewriteRule ^/(.*)$ http://www.haha.com/$1 [R=301,L] :301永久生效,302临时
查看rewrite模块是否开启:
[root@node0 ~]# /usr/local/apache/bin/apachectl -M | grep rewrite
[root@node0 ~]#
模块没有开启,所以修改httpd配置文件,把#LoadModule rewrite_module modules/mod_rewrite.so的#号去掉即可。
检查配置文件并重新加载:
[root@node0 ~]# /usr/local/apache/bin/httpd -t
Syntax OK
[root@node0 ~]# /usr/local/apache/bin/apachectl graceful
[root@node0 ~]# /usr/local/apache/bin/apachectl -M | grep rewrite
rewrite_module (shared)
[root@node0 ~]#
测试:
[root@node0 ~]# curl -x127.0.0.1:80 www.exp.com -I
HTTP/1.1 301 Moved Permanently
Date: Sat, 23 Jun 2018 02:27:21 GMT
Server: Apache/2.4.33 (Unix) PHP/7.2.6
Location: http://www.haha.com/
Content-Type: text/html; charset=iso-8859-1
状态码301。
[root@node0 ~]# curl -x127.0.0.1:80 www.exp.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www.haha.com/">here</a>.</p>
</body></html>
[root@node0 ~]#
成功跳转
[root@node0 ~]# curl -x127.0.0.1:80 exp.com/dhjgl288888 -I
HTTP/1.1 301 Moved Permanently
Date: Sat, 23 Jun 2018 02:29:06 GMT
Server: Apache/2.4.33 (Unix) PHP/7.2.6
Location: http://www.haha.com/dhjgl288888
Content-Type: text/html; charset=iso-8859-1
[root@node0 ~]#
3、Apache访问日志
访问日志记录用户的每一个请求
查看日志格式
[root@node0 ~]# vim /etc/httpd24/httpd.conf
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
有两种日志格式,默认使用common
虚拟主机配置文件添加日志:
[root@node0 ~]#
[root@node0 ~]# vim /etc/httpd24/extra/http_vhost.conf
<VirtualHost *:80>
DocumentRoot "/htdocs/test1"
ServerName haha
ServerAlias www.111.com
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www.haha.com$
RewriteRule ^/(.*)$ http://www.haha.com/$1 [R=301,L]
</IfModule>
ErrorLog "logs/test1-error_log"
CustomLog "logs/test1-access_log" combined
</VirtualHost>
重新加载后,测试:
[root@node0 ~]# curl -x127.0.0.1:80 111.com/haha.php -I
HTTP/1.1 301 Moved Permanently
Date: Sat, 23 Jun 2018 02:45:59 GMT
Server: Apache/2.4.33 (Unix) PHP/7.2.6
Location: http://www.haha.com/haha.php
Content-Type: text/html; charset=iso-8859-1
[root@node0 ~]# curl -x127.0.0.1:80 111.com/haha -I
HTTP/1.1 301 Moved Permanently
Date: Sat, 23 Jun 2018 02:46:04 GMT
Server: Apache/2.4.33 (Unix) PHP/7.2.6
Location: http://www.haha.com/haha
Content-Type: text/html; charset=iso-8859-1
[root@node0 ~]#
查看日志:
[root@node0 ~]# cat /usr/local/apache/logs/test1-access_log
127.0.0.1 - - [23/Jun/2018:10:45:59 +0800] "HEAD HTTP://111.com/haha.php HTTP/1.1" 301 - "-" "curl/7.29.0"
127.0.0.1 - - [23/Jun/2018:10:46:04 +0800] "HEAD HTTP://111.com/haha HTTP/1.1" 301 - "-" "curl/7.29.0"
192.168.10.1 - - [23/Jun/2018:10:47:13 +0800] "GET /test.php HTTP/1.1" 301 236 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
[root@node0 ~]#
4、访问日志不记录静态文件
比如图片,js等静态文件不需要记录到日志里。
编辑虚拟主机配置文件:
[root@node0 ~]# vim /etc/httpd24/extra/http_vhost.conf
<VirtualHost *:80>
DocumentRoot "/htdocs/test1"
ServerName haha
ServerAlias www.111.com
<Directory "/htdocs/test1">
AllowOverride All
Require all granted
</Directory>
SetEnvIf Request_URI ".*\.gif$" img
SetEnvIf Request_URI ".*\.jpg$" img
SetEnvIf Request_URI ".*\.png$" img
SetEnvIf Request_URI ".*\.bmp$" img
SetEnvIf Request_URI ".*\.swf$" img
SetEnvIf Request_URI ".*\.js$" img
SetEnvIf Request_URI ".*\.css$" img
ErrorLog "logs/test1-error_log"
CustomLog "logs/test1-access_log" combined env=!img
</VirtualHost>
上传一个图片到网站目录
[root@node0 test1]# pwd
/htdocs/test1
[root@node0 test1]# ls
1.jpg index.html index.php test.php
[root@node0 test1]#
浏览器访问:
查看日志:
[root@node0 ~]# tail /usr/local/apache/logs/test1-access_log
...
192.168.10.1 - - [23/Jun/2018:11:01:58 +0800] "GET /1.jpg HTTP/1.1" 200 7841 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
访问图片记录在日志中了。
现在重新加载配置文件。
[root@node0 ~]# /usr/local/apache/bin/apachectl graceful
为了方便测试先清空已有的日志:
[root@node0 ~]# > /usr/local/apache/logs/test1-access_log
再测试:
[root@node0 ~]# curl -x127.0.0.1:80 haha/1.jpg -I
HTTP/1.1 200 OK
Date: Sat, 23 Jun 2018 03:06:59 GMT
Server: Apache/2.4.33 (Unix) PHP/7.2.6
Last-Modified: Sat, 23 Jun 2018 03:01:16 GMT
ETag: "1ea1-56f465ca0f700"
Accept-Ranges: bytes
Content-Length: 7841
Content-Type: image/jpeg
[root@node0 ~]# curl -x127.0.0.1:80 haha/index.html -I
HTTP/1.1 200 OK
Date: Sat, 23 Jun 2018 03:07:32 GMT
Server: Apache/2.4.33 (Unix) PHP/7.2.6
Last-Modified: Wed, 20 Jun 2018 15:11:44 GMT
ETag: "11-56f14377abb2d"
Accept-Ranges: bytes
Content-Length: 17
Content-Type: text/html
[root@node0 ~]#
查看日志
[root@node0 ~]# > /usr/local/apache/logs/test1-access_log
[root@node0 ~]# tail /usr/local/apache/logs/test1-access_log
[root@node0 ~]# tail /usr/local/apache/logs/test1-access_log
127.0.0.1 - - [23/Jun/2018:11:07:32 +0800] "HEAD HTTP://haha/index.html HTTP/1.1" 200 - "-" "curl/7.29.0"
[root@node0 ~]#
此时,访问图片就不记录到日志中了。
5、日志切割
日志一直记录,日志文件会越来越大,把磁盘占满。所以有必要切割日志,把老的日志删除。
Apache httpd自带日志切割工具:rotatelogs
修改虚拟主机配置文件:
[root@node0 ~]# vim /etc/httpd24/extra/http_vhost.conf
<VirtualHost *:80>
DocumentRoot "/htdocs/test1"
ServerName haha
ServerAlias www.111.com
<Directory "/htdocs/test1">
AllowOverride All
Require all granted
</Directory>
SetEnvIf Request_URI ".*\.gif$" img
SetEnvIf Request_URI ".*\.jpg$" img
SetEnvIf Request_URI ".*\.png$" img
SetEnvIf Request_URI ".*\.bmp$" img
SetEnvIf Request_URI ".*\.swf$" img
SetEnvIf Request_URI ".*\.js$" img
SetEnvIf Request_URI ".*\.css$" img
CustomLog "|/usr/local/apache/bin/rotatelogs -l logs/test1-access_%Y%m%d.log 86400" combined env=!img
</VirtualHost
参数解释:
-l:以当前系统的时间切割
86400:86400秒,也就是一天。本例子中是每天切割一次。
重新加载配置文件即可。查看日志:
[root@node0 ~]# ls /usr/local/apache/logs/
access_log error_log test1-access_20180623.log test1-access_log test1-error_log
[root@node0 ~]#
6、静态元素过期时间
浏览器访问网站的图片时会把静态的文件缓存在本地电脑里,这样下次再访问的时候就不用到远程下载了。
设置静态元素过期时间,其代码为:
<IfModule mod_expires.c>
ExpiresActive on
ExpiresByType image/gif "access plus 1 days"
ExpiresByType image/jpeg "access plus 24 hours"
ExpiresByType image/png "access plus 24 hours"
ExpiresByType text/css "now plus 2 hours"
ExpiresByType application/x-javascript "now plus 2 hours"
ExpiresByType application/javascript "now plus 2 hours"
ExpiresByType application/s-shockwave-flash "now plus 2 hours"
ExpiresDefault "now plus 0 min"
</IfModule>
虚拟主机配置文件中添加此代码即可:
[root@node0 ~]# vim /etc/httpd24/extra/http_vhost.conf
<VirtualHost *:80>
DocumentRoot "/htdocs/test1"
ServerName haha
ServerAlias www.111.com
<Directory "/htdocs/test1">
AllowOverride All
Require all granted
</Directory>
<IfModule mod_expires.c>
ExpiresActive on
ExpiresByType image/gif "access plus 1 days"
ExpiresByType image/jpeg "access plus 24 hours"
ExpiresByType image/png "access plus 24 hours"
ExpiresByType text/css "now plus 2 hours"
ExpiresByType application/x-javascript "now plus 2 hours"
ExpiresByType application/javascript "now plus 2 hours"
ExpiresByType application/s-shockwave-flash "now plus 2 hours"
ExpiresDefault "now plus 0 min"
</IfModule>
SetEnvIf Request_URI ".*\.gif$" img
SetEnvIf Request_URI ".*\.jpg$" img
SetEnvIf Request_URI ".*\.png$" img
SetEnvIf Request_URI ".*\.bmp$" img
SetEnvIf Request_URI ".*\.swf$" img
SetEnvIf Request_URI ".*\.js$" img
SetEnvIf Request_URI ".*\.css$" img
CustomLog "|/usr/local/apache/bin/rotatelogs -l logs/test1-access_%Y%m%d.log 86400" combined env=!img
</VirtualHost>
要启用expires模块,编辑httpd主配置文件,把#LoadModule expires_module modules/mod_expires.so的#号去掉。
重新加载httpd配置文件即可。
[root@node0 ~]# /usr/local/apache/bin/apachectl graceful
[root@node0 ~]#