实例一:
- 在server上配置一个web站点http://server.example.com;
- 从http://ldap.example.com/pub/example.html下载文件,并重名为index.html,不要修改文
- 将文件index.html拷贝到您的DocumentRoot目录下
- 来自于exampl.com的客户端可以访问该web服务器
步骤:
- 安装Apache
[root@server30 ~]# yum -y install httpd
- 进入目录,并将指定内容下载下来,并重命名
[root@server30 ~]# cd /var/www/html
[root@server30 html]# ls
[root@server30 html]# wget http://ldap.example.com/pub/example.html
--2019-01-17 09:03:28-- http://ldap.example.com/pub/example.html
Resolving ldap.example.com (ldap.example.com)... 172.16.30.254
Connecting to ldap.example.com (ldap.example.com)|172.16.30.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 21 [text/html]
Saving to: ‘example.html’
100%[=============================================================>] 21 --.-K/s in 0s
2019-01-17 09:03:28 (2.62 MB/s) - ‘example.html’ saved [21/21]
[root@server30 html]# ls
example.html
[root@server30 html]#
[root@server30 html]# mv example.html index.html
[root@server30 html]# ls
index.html
[root@server30 html]#
- 设置防火墙,允许172.16.30.0/24网段的主机访问
[root@server30 html]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 service name=http accept' --permanent
success
[root@server30 html]# firewall-cmd --reload
success
[root@server30 html]# firewall-cmd --list-all
- 启动服务,并设置开机自启
[root@server30 html]# systemctl restart httpd
[root@server30 html]# systemctl enable httpd
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
[root@server30 html]# systemctl status httpd
httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled)
Active: active (running) since Thu 2019-01-17 09:15:19 CST; 13s ago
Main PID: 10196 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
├─10196 /usr/sbin/httpd -DFOREGROUND
├─10197 /usr/sbin/httpd -DFOREGROUND
├─10198 /usr/sbin/httpd -DFOREGROUND
├─10199 /usr/sbin/httpd -DFOREGROUND
├─10200 /usr/sbin/httpd -DFOREGROUND
└─10201 /usr/sbin/httpd -DFOREGROUND
Jan 17 09:15:19 server30.example.com systemd[1]: Started The Apache HTTP Server.
[root@server30 html]#
- 验证
实例二
- 为站点http://server.example.com配置TLS加密;
- 已签名证书从http://ldap.example.com/pub/server30.crt获取
- 证书的秘钥从http://ldap.example.com/pub/server30.key获取
- 证书的签名授权信息从http://ldap.example.com/pub/group30.crt获取
步骤
- 安装mod_ssl
[root@server30 html]# yum -y install mod_ssl
- 进入ssl.conf配置文件找到serverName并更改
[root@server30 html]# cd /etc/httpd/conf.d/
[root@server30 conf.d]# ls
autoindex.conf README ssl.conf userdir.conf welcome.conf
[root@server30 conf.d]# vim ssl.conf
#DocumentRoot "/var/www/html"
ServerName server30.example.com:443
- 按照需求,下载指定文件
[root@server30 ~]# cd /etc/pki/tls/certs/
[root@server30 certs]# wget http://ldap.example.com/pub/server30.crt
[root@server30 certs]# wget http://ldap.example.com/pub/group30.crt
[root@server30 certs]# cd ..
[root@server30 tls]# ls
cert.pem certs misc openssl.cnf private
[root@server30 tls]# cd private/
[root@server30 private]# ls
localhost.key
[root@server30 private]# wget http://ldap.example.com/pub/server30.key
[root@server30 private]# ls
localhost.key server30.key
[root@server30 private]#
- 进入配置文件改为相应内容
[root@server30 conf.d]# vim /etc/httpd/conf.d/ssl.conf
99 # certificate can be generated using the genkey(1) command.
100 SSLCertificateFile /etc/pki/tls/certs/server30.crt
107 SSLCertificateKeyFile /etc/pki/tls/private/server30.key
121 # huge file containing all of them (file must be PEM encoded)
122 SSLCACertificateFile /etc/pki/tls/certs/group30.crt
123
- 设置防火墙规则
[root@server30 conf.d]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 service name=https accept' --permanent
success
[root@server30 conf.d]# firewall-cmd --reload
success
[root@server30 conf.d]#
- 启动服务
[root@server30 ~]# systemctl restart firewalld.service
[root@server30 ~]# systemctl restart httpd
[root@server30 ~]#
- 验证
实例三
需求
- 在server上扩展您的WEB服务器
- 为站点http://www.example.com创建一个虚拟主机
- 设置DocumentRoot为/var/www/html
- 从http://ldap.example.com/pub/www.html下载文件,并重名为index.html,不要修改文件内容
- 将文件index.html拷贝到DocumentRoot目录下
- 确保floyd用户能够在/var/www/virtual下创建文件
步骤
- 根据题意创建目录,并下载文件至目录
[root@server30 ~]# cd /var/www
[root@server30 www]# mkdir virtual
[root@server30 www]# ls
cgi-bin html virtual
[root@server30 www]#
[root@server30 www]# wget -O virtual/index.html http://ldap.example.com/pub/www.html
[root@server30 www]#
[root@server30 www]# ls virtual/
index.html
[root@server30 www]#
- 更改目录属主属组为Apache
[root@server30 www]# chown -R apache.apache /var/www
[root@server30 www]# ll /var/www
total 0
drwxr-xr-x. 2 apache apache 6 Mar 20 2014 cgi-bin
drwxr-xr-x. 2 apache apache 23 Jan 17 09:04 html
drwxr-xr-x. 2 apache apache 23 Jan 17 10:11 virtual
[root@server30 www]#
- 创建用户floyd,并给他相应权限
[root@server30 www]# useradd floyd
[root@server30 www]# setfacl -m u:floyd:rwx virtual/
- 在系统中找到虚拟主机配置文件并复制到相应目录
[root@server30 www]# find / -name *vhost*
[root@server30 conf.d]# cp /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf .
[root@server30 conf.d]# ls
autoindex.conf httpd-vhosts.conf README ssl.conf userdir.conf welcome.conf
- 进入配置文件更改虚拟主机配置
[root@server30 conf.d]# vim httpd-vhosts.conf
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName server0.example.com
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/var/www/virtual"
ServerName www.example.com
</VirtualHost>
- 重启服务
[root@server30 conf.d]# systemctl restart httpd
- 验证
- 以前的主机还可以访问,没有覆盖
- 新添加的主机也可以访问
- 用户Floyd可以进入/var/www/virtual创建文件
[root@server30 ~]# su - floyd
Last login: Thu Jan 17 10:42:35 CST 2019 on pts/1
[floyd@server30 ~]$ cd /var/www/virtual/
[floyd@server30 virtual]$ mkdir aa
[floyd@server30 virtual]$ ll
total 4
drwxrwxr-x. 2 floyd floyd 6 Jan 17 10:43 aa
-rw-r--r--. 1 apache apache 16 Nov 28 2014 index.html
[floyd@server30 virtual]$
实例四
需求:
- 在您的server上web服务器的DocumentRoot目录下创建一个名为private的目录,从http://ldap.example.com/pub/private.html下载文件到这个目录,并重命名为index.html,不要修改文件内容。
- 从server上,任何人都可以浏览private的内容,但是从其他系统不能访问这个目录的内容
- 根据要求创建目录,并下载指定文件到目录,重命名为index.html
[root@server30 ~]# cd /var/www/html/
[root@server30 html]# mkdir private
[root@server30 html]# cd private/
[root@server30 private]# wget http://ldap.example.com/pub/private.html
[root@server30 private]# ls
private.html
[root@server30 private]# cat private.html
private
[root@server30 private]# mv private.html index.html
[root@server30 private]# cat index.html
private
- 修改http的主配置文件
[root@server30 private]# vim /etc/httpd/conf.d/
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName server30.example.com
<Directory "/var/www/html/private">
Require ip 172.16.30.130
</Directory>>
</VirtualHost>
- 验证
在客户机上查看,发现不可以访问,符合要求
在服务机上查看,发现可以访问,符合要求
实例五
需求
- 动态内容由名为alt.example.com的虚拟主机提供
- 虚拟主机侦听端口为8909
- 从http://ldap.example.com/pub/webapp.wsgi下载一个脚本,然后放在适当的位置,不要修改文件内容
- 客户端访问http://alt.example.com:8909时,应该接受动态生成的web页面
- 此http://alt.example.com:8909必须能被example.com内所有的系统访问
1.合适的位置是指,在/var/www目录下,创建一个新的目录wsgi,并下载指定文件,修改属主属组为apache
root@server30 ~]# cd /var/www
[root@server30 www]# wget -O wsgi/webapp.wsgi http://ldap.example.com/pub/webapp.wsgi
[root@server30 www]# ls wsgi/
webapp.wsgi
[root@server30 www]# chown -R apache.apache wsgi/
[root@server30 www]# ll wsgi/
total 4
-rw-r--r--. 1 apache apache 277 Nov 27 2014 webapp.wsgi
[root@server30 www]#
- 编辑虚拟主机配置文件
[root@server30 www]# vim /etc/httpd/conf.d/httpd-vhosts.conf
Listen 8909
<VirtualHost *:8909>
WSGIScriptAlias / "/var/www/wsgi/webapp.wsgi"
ServerName alt.example.com
</VirtualHost>
- 下载mod_wsgi*
[root@server30 ~]# yum -y install mod_wsgi*
- 配置selinux(因为8909不是网页默认端口) 启动服务
[root@server30 ~]# semanage port -a -t http_port_t -p tcp 8909
[root@server30 ~]# systemctl restart httpd
[root@server30 ~]# ss -antl
LISTEN 0 128 :::8909 :::*
- 设置防火墙规则
[root@server30 ~]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 port port=8909 protocol=tcp accept' --permanent
success
[root@server30 ~]# firewall-cmd --reload
- 重启服务
[root@server30 ~]# systemctl start httpd
[root@server30 ~]# systemctl enable httpd
- 验证
[root@server30 ~]# ping alt.example.com
PING alt.example.com (172.16.30.130) 56(84) bytes of data.
64 bytes from server30.example.com (172.16.30.130): icmp_seq=1 ttl=64 time=0.074 ms
64 bytes from www.example.com (172.16.30.130): icmp_seq=2 ttl=64 time=0.038 ms