####apache####
##1.apache
企业中常用wed服务,用来提供http:// (超文本传输协议)
##2.apache的安装部署
1.环境配置
(1).网络通,设IP地址
(2).内核强制防火墙/etc/sysconfig/selinux
selinux=enforcing
(3).yum源配置
2.安装
yum install httpd-manual ##使用手册
systemctl start httpd ##打开
systemctl enable httpd ##设置开机自启
firewall-cmd --list-all ##列出防火墙信息
firewall-cmd --permanent --add-service=http ##永久允许http
firewall-cmd --reload ##重启防火墙
访问测试:
编写默认发布文件:
/var/www/html/index.html
访问测试:
###apache的基础配置信息###
主配置目录 /etc/httpd/conf
主配置文件/etc/httpd/conf/httpd.conf
子配置目录 /etc/httpd/conf.d
子配置文件 /etc/httpd/conf.d/*.conf ##在子配置目录中所有的以.conf 结尾的文件
默认发布目录 /var/www/html
默认发布文件 /var/www/html/Index.html ##默认发布目录中Index.html文件名称固定
默认端口 80
##默认端口修改###
apache 的默认端口80
netstat -antlupe | grep httpd ##查看服务端口
/etc/httpd/conf/httpd.conf ##修改主配置文件中的默认端口
[root@server conf]# ls
httpd.conf magic
[root@server conf]# vim httpd.conf
42 Listen 8080 ##改变80端口
[root@server conf]# systemctl restart httpd.service
[root@server conf]# netstat -antlupe | grep httpd ##查看端口80变成8080 但火墙还没开启服务
tcp6 0 0 :::8080 :::* LISTEN 0 148158 31929/httpd
[root@server conf]# firewall-cmd --add-port=8080/tcp ##临时设定8080端口可以访问
success
[root@server conf]# firewall-cmd --list-all
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client http ssh
ports: 8080/tcp ##防火墙为8080端口服务
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
访问测试
添加端口
semanage port -l | grep http ##查看允许使用的端口,selinux在强制状态时只有被其允许的端口才能进入
http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
http_cache_port_t udp 3130
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000 ##固定的端口
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
[root@server conf]# vim httpd.conf
42 Listen 8888 ##改变端口
[root@server conf]# systemctl restart httpd.service
[root@server conf]# getenforce
Enforcing
[root@server conf]# systemctl restart httpd.service
Job for httpd.service failed. See 'systemctl status httpd.service' and 'journalctl -xn' for details. ##不存在8888端口,访问失败
[root@server conf]# semanage port -a -t http_port_t -p tcp 8888 ##添加8888端口
[root@server conf]# semanage port -l | grep http
http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
http_cache_port_t udp 3130
http_port_t tcp 8888, 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
[root@server conf]# firewall-cmd --add-port=8888/tcp ##防火墙添加8888端口
success
[root@server conf]# systemctl restart httpd.service ##访问172.25.254.206:8888
访问测试
##修改默认发布文件
默认发布文件就是当访问apache时服务默认访问的文件;这个文件可以指定多个,有访问顺序
[root@server html]# ls
index.html
[root@server html]# vim /etc/httpd/conf/httpd.conf
169 DirectoryIndex test index.html ##添加test 为默认访问
[root@server html]# systemctl restart httpd
[root@server html]# vim test.html ##添加访问内容会访问到
[root@server html]# systemctl restart httpd
访问测试
修改默认发布目录
/var/www/html ##更改前默认发布目录
[root@server html]# mkdir /www/html -p ##创建新的目录作为发布目录
[root@server html]# semanage fcontext -a -t httpd_sys_content_t '/www/html(/.*)?' ##更改安全上下文
[root@server html]# restorecon -FvvR /www/ ##更新
restorecon reset /www context unconfined_u:object_r:default_t:s0->system_u:object_r:default_t:s0
restorecon reset /www/html context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0
[root@server html]# ls -Zd /www/html/ ##查看
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /www/html/
[root@server html]# vim /www/html/index.html
[root@server html]# systemctl restart httpd
[root@server html]# cd /www/html/
[root@server html]# ls -Z
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 index.html
[root@server html]# vim /etc/httpd/conf/httpd.conf
120 #DocumentRoot "/var/www/html"
121 DocumentRoot "/www/html"
122 <Directory "/www/html">
123 Require all granted
124 </Directory>
125 #
[root@server html]# systemctl restart httpd
访问测试
##5.apache 内部的访问控制##
(1)针对主机的访问控制
修改配置文件,在需要访问的发布目录的授权语块中进行编写,规定被限制的主机以及可以访问的主机。
/etc/httpd/conf/httpd.conf
[root@server html]# systemctl restart httpd
#DocumentRoot "/var/www/html"
DocumentRoot "/www/html"
<Directory "/www/html">
Require all granted
Order Deny,Allow ##先读不允许再读允许,后读的会覆盖先读的所有都能访问
Allow from all ## 允许所有人
Deny from 172.25.254.5 ##不允许172.25.254.5
</Directory>
注意:
order Allow,Deny 服务在读取限制名单的时候,按此处的顺序先读取Allow中的名单在读取Deny中的名单,当前后存在同一主机时后面读取的内容会覆盖之前的内容
访问测试:
172.25.254.246访问
172.25.254.46访问
(2)针对能访问的用户
htpasswd -cm /etc/httpd/userpass admin ##生成用户认证文件
New password: ##输入密码
Re-type new password:
Adding password for user admin
[root@server html]# htpasswd -m /etc/httpd/userpass admin1 ## 设置第二个能访问的用户只能用-m
[root@server html]# vim /etc/httpd/conf/httpd.conf ##修改配置文件
120 #DocumentRoot "/var/www/html"
121 DocumentRoot "/www/html"
122 <Directory "/www/html">
123 Require all granted
124 # Order Allow,Deny ##先允许,后不许(更改位置谁在前就先读谁)
125 # Allow from all ##允许所有人访问
126 # Deny from 172.25.254.106 ##不允许172.25.254.106
127 AuthUserFile "/etc/httpd/.htpass_file" ##授权文件位置
128 AuthType basic ##访问的方式是基础访问
129 AuthName "Please input username and password!!" ##用户访问的方式用户名和密码
130 Require user admin ##允许访问的用户admin
131 # Require valid-user
132 </Directory>
访问测试:
###apache的虚拟主机##
虚拟主机指的是在同一机器上运行多个网站
创建发布目录及发布文件:
[root@localhost html]# vim index.html *www.westos.com*
[root@localhost html]# ls
index.html test
[root@localhost html]# cd /etc/httpd/conf.d
[root@localhost conf.d]# ls
autoindex.conf README userdir.conf welcome.conf
[root@localhost conf.d]# vim vhost.conf
[root@localhost conf.d]# systemctl restart httpd
[root@localhost conf.d]# cd /etc/httpd
[root@localhost httpd]# ls
conf conf.d conf.modules.d logs modules run
[root@localhost httpd]# cd logs/
[root@localhost logs]# ls
access_log default.log error_log
[root@localhost logs]# mkdir /web_virt_dir/{music,news}/html -p ##创建不同域名的发布目录
[root@localhost logs]# ll /web_virt_dir/
total 0
drwxr-xr-x. 3 root root 17 Apr 27 21:36 music
drwxr-xr-x. 3 root root 17 Apr 27 21:36 news
[root@localhost logs]# ls -Zd /web_virt_dir/ ##查看此目录的安全上下文,无法时别,需要更改
drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 /web_virt_dir/
[root@localhost logs]# semanage fcontext -a -t httpd_sys_content_t '/web_virt_dir(/.*)?' ##更改其安全上下文
[root@localhost logs]# restorecon -RvvF /web_virt_dir/ ##刷新安全上下文 更改成功
restorecon reset /web_virt_dir context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0
restorecon reset /web_virt_dir/music context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0
restorecon reset /web_virt_dir/music/html context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0
restorecon reset /web_virt_dir/news context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0
restorecon reset /web_virt_dir/news/html context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0
[root@localhost logs]# vim /web_virt_dir/music/html/index.html ##编辑发布文件music music.westos.com
[root@localhost logs]# vim /web_virt_dir/news/html/index.html ##编辑发布文件news news.westos.com
[root@localhost logs]# cd /etc/httpd/conf.d
[root@localhost conf.d]# ls
autoindex.conf README userdir.conf vhost.conf welcome.conf
[root@localhost conf.d]# vim vhost.conf ##更改配置文件
[root@localhost conf.d]# systemctl restart httpd ##重启服务
[root@localhost conf.d]# cat vhost.conf
<VirtualHost _default_:80>
DocumentRoot /var/www/html
Customlog logs/default.log combined
</Virtualhost>
<VirtualHost *:80>
DocumentRoot /web_virt_dir/music/html
ServerName music.westos.com
Customlog logs/music.log combined
</Virtualhost>
<VirtualHost *:80>
DocumentRoot /web_virt_dir/news/html
ServerName news.westos.com
Customlog logs/news.log combined
</Virtualhost>
<Directory "/web_virt_dir">
Require all granted
</Directory>
测试:在真机测试
更改真机文件
[root@foundation5 ~]# cd /var/www/html
[root@foundation5 html]# ls
ks.cfg westos
[root@foundation5 html]# vim /etc/hosts
[root@foundation5 html]# firefox &
[1] 5116
[root@foundation5 html]# 1556416786676 addons.productaddons WARN Failed downloading XML, status: 0, reason: error
^C
[1]+ Done firefox
[root@foundation5 html]# vim /etc/hosts
1 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
2 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
3 172.25.254.205 www.westos.com music.westos.com news.westos.com
真机测试:
www.westos.com
music.westos.com
news.westos.com
###apache的语言支持##
php语言
rpm -q php ##查看是否安装php
yum install -y php ##安装php插件
ls /etc/httpd/conf.d/ ##自动生成php.conf文件
2,编写php文件
[root@localhost html]# cd /var/www/html
[root@localhost html]# ls
index.html test
[root@localhost html]# vim index.php ##编辑发布文件
<?php
phpinfo()
?>
[root@localhost html]# systemctl restart httpd
二.cgi perl
[root@localhost www]# ls
cgi-bin html
[root@localhost www]# ls -Z
drwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0 cgi-bin
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html
[root@localhost ~]# cd /var/www/html
[root@localhost html]# mkdir cgi
[root@localhost html]# ls
cgi index.html index.php test
[root@localhost html]# ls -Z
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 cgi
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 index.html
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 index.php
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 test
[root@localhost html]# semanage fcontext -a -t httpd_sys_script_exec_t '/var/www/html/cgi(/.*)?' ##更改安全上下文
[root@localhost html]# restorecon -RvvF /var/www/html/cgi ##刷新安全上下文
restorecon reset /var/www/html/cgi context unconfined_u:object_r:httpd_sys_content_t:s0->system_u:object_r:httpd_sys_script_exec_t:s0
[root@localhost html]# vim /var/www/html/cgi/index.cgi ##编辑index.cgi文件
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print `date`;
[root@localhost html]# python /var/www/html/cgi/index.cgi
Content-type: text/html
Hello, World.
[root@localhost html]# chmod +x cgi/index.cgi
[root@localhost html]# ./cgi/index.cgi
Content-type: text/html
Hello, World.
[root@localhost html]# vim /etc/httpd/conf.d/vhost.conf
[root@localhost html]# systemctl restart httpd
26 <Directory "/var/www/html/cgi">
27 Options +ExecCGI
28 AddHandler cgi-script .cgi
29 </Directory>
真机检测:172.25.254.246/cgi/index.cgi
三.python语言 --webapp.wsgi
1.拷贝模板
lftp 172.25.254.250:~> ls
drwxr-xr-x 20 0 0 4096 Mar 26 07:53 pub
lftp 172.25.254.250:/> cd /pub
lftp 172.25.254.250:/pub> get webapp.wsgi
397 bytes transferred
[root@localhost html]# yum search wsgi
Loaded plugins: langpacks
============================== N/S matched: wsgi ===============================
mod_wsgi.x86_64 : A WSGI interface for Python web applications in Apache
python-beaker.noarch : WSGI middleware layer to provide sessions
Name and summary matches only, use "search all" for everything.
[root@localhost html]# yum install mod_wsgi.x86_64 -y
Loaded plugins: langpacks
Resolving Dependencies
--> Running transaction check
---> Package mod_wsgi.x86_64 0:3.4-11.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
mod_wsgi x86_64 3.4-11.el7 westos 76 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 76 k
Installed size: 197 k
Downloading packages:
mod_wsgi-3.4-11.el7.x86_64.rpm | 76 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : mod_wsgi-3.4-11.el7.x86_64 1/1
Verifying : mod_wsgi-3.4-11.el7.x86_64 1/1
Installed:
mod_wsgi.x86_64 0:3.4-11.el7
Complete!
[root@localhost html]# cd /etc/httpd/conf.d
[root@localhost conf.d]# ls
autoindex.conf php.conf README userdir.conf vhost.conf welcome.conf
[root@localhost conf.d]# rpm -ql mod_wsgi-3.4-11.el7.x86_64
/etc/httpd/conf.modules.d/10-wsgi.conf
/usr/lib64/httpd/modules/mod_wsgi.so
/usr/share/doc/mod_wsgi-3.4
/usr/share/doc/mod_wsgi-3.4/LICENCE
/usr/share/doc/mod_wsgi-3.4/README
[root@localhost html]# vim webapp.wsgi
#!/usr/bin/env python
import time
def application (environ, start_response):
response_body = 'UNIX EPOCH time is now: %s\n' % time.time()
status = '200 OK'
response_headers = [('Content-Type', 'text/plain'),
('Content-Length', '1'),
('Content-Length', str(len(response_body)))]
start_response(status, response_headers)
return [response_body]
[root@localhost cgi-bin]# vim /etc/httpd/conf.d/vhost.conf
<VirtualHost *:80>
ServerName wsgi.westos.com
WSGIScriptAlias / /var/www/cgi-bin/webapp.wsgi
</Virtualhost>
[root@localhost cgi-bin]# systemctl restart htt
真机测试:
在主机中添加 wsgi.westos.com的本地解析域
vim /etc/hosts
浏览器输入 wsgi.westos.com
###https超文本传输安全协议####
1.下载ssl
Loaded plugins: langpacks
Resolving Dependencies
--> Running transaction check
---> Package mod_ssl.x86_64 1:2.4.6-17.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===============================================================================
Package Arch Version Repository Size
===============================================================================
Installing:
mod_ssl x86_64 1:2.4.6-17.el7 westos 97 k
Transaction Summary
===============================================================================
Install 1 Package
Total download size: 97 k
Installed size: 219 k
Downloading packages:
mod_ssl-2.4.6-17.el7.x86_64.rpm | 97 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 1:mod_ssl-2.4.6-17.el7.x86_64 1/1
Verifying : 1:mod_ssl-2.4.6-17.el7.x86_64 1/1
Installed:
mod_ssl.x86_64 1:2.4.6-17.el7
Complete!
[root@localhost ~]# cd /etc/httpd/conf.d/ ##自动生成ssl文件
[root@localhost conf.d]# ls
autoindex.conf README userdir.conf welcome.conf
php.conf ssl.conf vhost.conf
[root@localhost conf.d]# systemctl restart httpd
[root@localhost conf.d]# netstat -antlupe | grep httpd
tcp6 0 0 :::443 :::* LISTEN 0 88593 9698/httpd
tcp6 0 0 :::80 :::* LISTEN 0 88585 9698/httpd
[root@localhost conf.d]# firewall-cmd --permanent --add-port=443/tcp
success
[root@localhost conf.d]# firewall-cmd --reload
success
2.下载加密工具crypto-utils.x86_64
Loaded plugins: langpacks
Resolving Dependencies
--> Running transaction check
---> Package crypto-utils.x86_64 0:2.4.1-42.el7 will be installed
--> Processing Dependency: perl(Newt) for package: crypto-utils-2.4.1-42.el7.x86_64
--> Running transaction check
---> Package perl-Newt.x86_64 0:1.08-36.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===============================================================================
Package Arch Version Repository Size
===============================================================================
Installing:
crypto-utils x86_64 2.4.1-42.el7 westos 78 k
Installing for dependencies:
perl-Newt x86_64 1.08-36.el7 westos 64 k
Transaction Summary
===============================================================================
Install 1 Package (+1 Dependent package)
Total download size: 143 k
Installed size: 347 k
Is this ok [y/d/N]: y
Downloading packages:
(1/2): crypto-utils-2.4.1-42.el7.x86_64.rpm | 78 kB 00:00
(2/2): perl-Newt-1.08-36.el7.x86_64.rpm | 64 kB 00:00
-------------------------------------------------------------------------------
Total 1.3 MB/s | 143 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : perl-Newt-1.08-36.el7.x86_64 1/2
Installing : crypto-utils-2.4.1-42.el7.x86_64 2/2
Verifying : crypto-utils-2.4.1-42.el7.x86_64 1/2
Verifying : perl-Newt-1.08-36.el7.x86_64 2/2
Installed:
crypto-utils.x86_64 0:2.4.1-42.el7
Dependency Installed:
perl-Newt.x86_64 0:1.08-36.el7
Complete!
3.查看加密路径
[root@localhost conf.d]# rpm -ql crypto-utils-2.4.1-42.el7.x86_64
/etc/cron.daily/certwatch
/usr/bin/certwatch
/usr/bin/genkey ##加密路径
/usr/bin/keyrand
/usr/bin/keyutil
/usr/lib64/perl5/vendor_perl/Crypt
/usr/lib64/perl5/vendor_perl/Crypt/Makerand.pm
/usr/lib64/perl5/vendor_perl/auto/Crypt
/usr/lib64/perl5/vendor_perl/auto/Crypt/Makerand
/usr/lib64/perl5/vendor_perl/auto/Crypt/Makerand/Makerand.so
/usr/lib64/perl5/vendor_perl/auto/Crypt/Makerand/autosplit.ix
/usr/share/doc/crypto-utils-2.4.1
/usr/share/doc/crypto-utils-2.4.1/COPYING
/usr/share/doc/crypto-utils-2.4.1/LICENSE.librand
/usr/share/man/man1/certwatch.1.gz
/usr/share/man/man1/genkey.1.gz
/usr/share/man/man1/keyrand.1.gz
/usr/share/man/man3/Crypt::Makerand.3pm.gz
4.生成证书
/usr/bin/keyutil -c makecert -g 1024 -s "CN=www.westos.com, OU=linux, O=westos, L=xi'an, ST=Shannxi, C=CN" -v 1 -a -z /etc/pki/tls/.rand.10261 -o /etc/pki/tls/certs/www.westos.com.crt -k /etc/pki/tls/private/www.westos.com.key
cmdstr: makecert
cmd_CreateNewCert
command: makecert
keysize = 1024 bits
subject = CN=www.westos.com, OU=linux, O=westos, L=xi'an, ST=Shannxi, C=CN
valid for 1 months
random seed from /etc/pki/tls/.rand.10261
output will be written to /etc/pki/tls/certs/www.westos.com.crt
output key written to /etc/pki/tls/private/www.westos.com.key
Generating key. This may take a few moments...
Made a key
Opened tmprequest for writing
/usr/bin/keyutil Copying the cert pointer
Created a certificate
Wrote 882 bytes of encoded data to /etc/pki/tls/private/www.westos.com.key
Wrote the key to:
/etc/pki/tls/private/www.westos.com.key
编辑完之后自动生成安全证书
编辑ssl文件
[root@localhost conf.d]# ls
autoindex.conf README tmprequest vhost.conf
php.conf ssl.conf userdir.conf welcome.conf
[root@localhost conf.d]# vim ssl.conf ##注释100行,添加101 107行
[root@localhost conf.d]# systemctl restart httpd
100 #SSLCertificateFile /etc/pki/tls/certs/localhost.crt
101 SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
102 # Server Private Key:
103 # If the key is not combined with the certificate, use this
104 # directive to point at the key file. Keep in mind that if
105 # you've both a RSA and a DSA private key you can configure
106 # both in parallel (to also allow the use of DSA ciphers, etc.)
107 SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key
在真机浏览器查看是否生成专属证书
https://172.25.254.246
2设定https虚拟机并设定网页重写
vim /etc/httpd/conf.d/login.conf
<VirtualHost *:443>
ServerName www.westos.com
DocumentRoot /web_virt_dir/login/html
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key
</VirtualHost>
<VirtualHost *:80>
ServerName www.westos.com
RewriteEngine on
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
</VirtualHost>
~```
systemctl restart httpd
创建虚拟机发布目录及文件
![在这里插入图片描述](https://img-blog.csdnimg.cn/20190504110538159.png)
访问测试:
访问www.westos.com会自动转换https://www.westos.com
![在这里插入图片描述](https://img-blog.csdnimg.cn/20190504110745303.png)
##lamp###
lamp是指一组通常一起使用运行的动态网站或服务器的自由软件名称的首字母
Linux+Apache+Mysql+Php