Apache的管理及优化web

1.Apache的作用及启用

• 在web被访问时通常使用http://的方式
  http:// ##超文本传输协议

• http:// 超文本传输协议提供软件：
  Apache、nginx、stgw、jfe、Tengine

root@localhost ~]# dnf search httpd
[root@localhost ~]# dnf install httpd.x86_64 -y
[root@localhost ~]# systemctl enable --now httpd
[root@localhost ~]# firewall-cmd --permanent --add-service=http
success
[root@localhost ~]# firewall-cmd  --reload
[root@localhost ~]# netstat -antlp | grep 80
tcp6       0      0 :::80                   :::*                    LISTEN      10497/httpd   
[root@localhost ~]# ss -antlupe | grep httpd
tcp     LISTEN   0        128                    *:80                  *:*       users:(("httpd",pid=10501,fd=4),("httpd",pid=10500,fd=4),("httpd",pid=10499,fd=4),("httpd",pid=10497,fd=4)) ino:78496 sk:4 v6only:0 <->

[root@localhost ~]# cd /var/www/html
[root@localhost html]# ls
[root@localhost html]# vim index.html
hello westos
访问192.168.0.1

2. Apache的基本信息

• 服务名称： httpd
• 配置文件：
  /etc/httpd/conf/httpd.conf ##主配置文件
  /etc/httpd/conf.d/*.conf ##子配置文件
• 默认发布目录： /var/www/html
• 默认发布文件： index.html
• 默认端口： 80 #http
  443 #https
• 用户: apache
• 日志： /etc/httpd/logs

[root@localhost html]# rpm -qc httpd
/etc/httpd/conf.d/autoindex.conf
/etc/httpd/conf.d/userdir.conf
/etc/httpd/conf.d/welcome.conf
/etc/httpd/conf.modules.d/00-base.conf
/etc/httpd/conf.modules.d/00-dav.conf
/etc/httpd/conf.modules.d/00-lua.conf
/etc/httpd/conf.modules.d/00-mpm.conf
/etc/httpd/conf.modules.d/00-optional.conf
/etc/httpd/conf.modules.d/00-proxy.conf
/etc/httpd/conf.modules.d/00-systemd.conf
/etc/httpd/conf.modules.d/01-cgi.conf
/etc/httpd/conf/httpd.conf
/etc/httpd/conf/magic
/etc/logrotate.d/httpd
/etc/sysconfig/htcacheclean

3.Apache的基本配置

3.1 Apache端口修改

[root@localhost html]# vim /etc/httpd/conf/httpd.conf 
45 Listen 8080
[root@localhost html]# systemctl restart httpd
[root@localhost html]# firewall-cmd  --permanent  --add-port=8080/tcp
[root@localhost html]# firewall-cmd  --reload
[root@localhost html]# ss -antlipe | grep httpd
LISTEN    0         128                      *:8080    
[root@localhost html]# ss -antlupe | grep httpd
tcp     LISTEN   0        128                    *:8080                *:*       users:(("httpd",pid=12134,fd=4),("httpd",pid=12133,fd=4),("httpd",pid=12132,fd=4),("httpd",pid=12129,fd=4)) ino:1245218 sk:6 v6only:0 <->


[root@localhost html]# vim /etc/httpd/conf/httpd.conf 
Listen 80 改回来
[root@localhost html]# systemctl restart httpd

3.2 默认发布文件

[root@localhost html]# vim /etc/httpd/conf/httpd.conf 
167 DirectoryIndex test.html index.html  ##按顺序访问，默认访问test.html文件
[root@localhost html]# systemctl restart httpd
[root@localhost html]# vim test.html
hello test

3.3 默认发布目录

[root@localhost html]# mkdir /westos_web
[root@localhost html]# vim /westos_web/index.html
hello westos_web
[root@localhost html]# vim /etc/httpd/conf/httpd.conf 
122 #DocumentRoot "/var/www/html"
DocumentRoot "/westos_web"
<Directory "/westos_web>"
    Require all granted   ## 允许任何人访问目录
</Directory>
[root@localhost html]# systemctl restart httpd

4. Apache的访问控制

4.1 基于客户端ip的访问控制

[root@localhost html]# mkdir westos
[root@localhost html]# cd westos
[root@localhost westos]# vim index.html
hahaha

[root@localhost html]# vim /etc/httpd/conf/httpd.conf 
[root@localhost html]# systemctl restart httpd
123
<Directory "/var/www/html/westos">
    Order Deny,Allow
    Allow from 192.168.0.2
    Deny from all
</Directory>

<Directory "/var/www/html/westos">
    Order Allow,Deny
    Allow from all
    Deny from 192.168.0.2
</Directory>

192.168.0.100 被拒绝访问

192.168.0.2 访问成功

4.2 基于用户认证

root@localhost ~]# cd /etc/httpd/conf
[root@localhost conf]# ls
httpd.conf  magic
[root@localhost conf]# cd ..
root@localhost httpd]# ls
[root@localhost httpd]# htpasswd -cm .htpasswd admin   ##c创建 m指定文件
[root@localhost httpd]# htpasswd -m .htpasswd lee
[root@localhost httpd]# cat .htpasswd
admin:$apr1$2C4kYiP4$3DZac9rLvq4qfNIDtE6Zj1
lee:$apr1$yNVog0Bp$8AJ/xfAXhvLBT7WmckDwZ1
[root@localhost httpd]# vim /etc/httpd/conf/httpd.conf 
<Directory "/var/www/html/westos>"
    AuthUserFile /etc/httpd/conf/.htpasswd
    AuthName "Please input username and password !!"
    AuthType basic
#   Require user admin
    Require valid-user
</Directory>

[root@localhost httpd]# systemctl restart httpd
[root@localhost httpd]# pwd
/etc/httpd/logs
[root@localhost httpd]# cat error_log

5.Apache的虚拟主机

## 真机地址解析
[root@westos_student12 Desktop]# vim /etc/hosts
192.168.0.1 www.westos.org  linux.westos.org lee.westos.org 

## 虚拟机配置文件
[root@localhost Desktop]# vim /etc/httpd/conf/httpd.conf 
[root@localhost Desktop]# mkdir -p /var/www/virutal/westos.org/{linux,lee}
[root@localhost Desktop]# vim /var/www/virutal/westos.org/linux/index.html
linux.westos.org
[root@localhost Desktop]# vim /var/www/virutal/westos.org/lee/index.html
lee.westos.org
[root@localhost Desktop]# cd /etc/httpd/conf.d/
[root@localhost conf.d]# ls
autoindex.conf  README  userdir.conf  welcome.conf
[root@localhost conf.d]# vim vhosts.conf
<VirtualHost _default_:80>
    DocumentRoot /var/www/html
    CustomLog logs/default.log combined
</VirtualHost>

<VirtualHost *:80>
    ServerName lee.westos.org
    DocumentRoot /var/www/virutal/westos.org/lee
    CustomLog logs/lee.log combined
</VirtualHost>

<VirtualHost *:80>
    ServerName linux.westos.org
    DocumentRoot /var/www/virutal/westos.org/linux
    CustomLog logs/linux.log combined
</VirtualHost>

[root@localhost conf.d]# systemctl restart httpd
测试 
linux.westos.org   lee.westos.org

6.Apache的语言支持

[root@localhost httpd]# dnf install php -y
[root@localhost httpd]# vim /var/www/html/index.php
<?php
       phpinfo();
?>
[root@localhost httpd]# systemctl restart httpd
测试www.westos.org/index.php

pel
[root@13 httpd]# dnf install httpd-manual -y
[root@13 httpd]# systemctl restart httpd
www.westos.org/manual

6.1 cgi

cgi通用网络接口：apache通过插件读取代码最后执行的结果。

[root@localhost httpd]# cd /var/www/html
[root@localhost html]# ls
[root@localhost html]# mkdir cgi-scripts
[root@localhost html]# cd cgi-scripts
[root@localhost cgi-scripts]# ls
[root@localhost cgi-scripts]# vim index.cgi
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print `date`;
[root@localhost cgi-scripts]#  yum -y install perl perl-devel 
[root@localhost cgi-scripts]# ./index.cgi 
Content-type: text/html
Mon Jun 28 18:22:57 CST 2021

[root@localhost cgi-scripts]# vim /etc/httpd/conf.d/vhosts.conf
##添加
<Directory /var/www/html/cgi-scripts>  
     Options +ExecCGI
     AddHandler cgi-script .cgi
</Directory>

[root@localhost cgi-scripts]# systemctl restart httpd
[root@localhost cgi-scripts]# ls
index.cgi
[root@localhost cgi-scripts]# ll
total 4
-rw-r--r-- 1 root root 67 Nov 22 11:26 index.cgi
[root@localhost cgi-scripts]# chmod +x index.cgi
[root@localhost cgi-scripts]# systemctl restart httpd
测试 http://www.westos.org/cgi-scripts/index.cgi

6.2 wsgi

[root@foundation Desktop]# vim /etc/hosts ##真机地址解析
192.168.0.1 controller www.westos.org linux.westos.org lee.westos.org wsgi.westos.org

[root@localhost html]# mkdir wsgi-scripts
[root@localhost html]# ls
cgi-scripts  index.html  index.php  test.html  westos  wsgi-scripts
[root@localhost html]# cd  wsgi-scripts/
[root@localhost wsgi-scripts]# ls
[root@localhost wsgi-scripts]# vim index.wsgi
def application(env, westos):
    westos( '200 ok', [('Content-Type', 'text/html')])
    return [b'hello wsgi!']

[root@localhost wsgi-scripts]# chmod +x index.wsgi
[root@localhost wsgi-scripts]# vim /etc/httpd/conf.d/vhosts.conf
<VirtualHost *:80>
    ServerName wsgi.westos.org
    WSGIScriptAlias /   /var/www/html/wsgi-scripts/index.wsgi
</VirtualHost>

[root@localhost wsgi-scripts]# dnf search wsgi
[root@localhost wsgi-scripts]# dnf install python3-mod_wsgi.x86_64 -y
[root@localhost wsgi-scripts]# systemctl restart httpd

hello wsgi!

7.Apache的加密访问

7.1 加密访问

[root@localhost cgi-scripts]# dnf install mod_ssl -y
[root@localhost cgi-scripts]# cd /etc/httpd/conf.d
[root@localhost cgi-scripts]# ls
[root@localhost conf.d]# systemctl restart httpd
[root@localhost conf.d]# firewall-cmd --permanent --add-service=https
success
[root@localhost conf.d]# firewall-cmd --reload 
success

[root@localhost conf.d]# openssl genrsa -out /mnt/www.westos.org.key 2048  #生成私钥
[root@localhost conf.d]# openssl req -new -key /mnt/www.westos.org.key -out /mnt/www.westos.org.csr   ##生成证书签名文件
 
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:shanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:www.westos.org
Email Address []:admin@westos.org
A challenge password []:
An optional company name []:

[root@localhost conf.d]# openssl x509 -req -days 365 -in /mnt/www.westos.org.csr -signkey /mnt/www.westos.org.key  -out /mnt/www.westos.org.crt    #生成证书

[root@localhost conf.d]# cp /mnt/www.westos.org.* /etc/httpd/
[root@localhost conf.d]# cd /etc/httpd
[root@localhost httpd]# ls
[root@localhost httpd]# cd -
/etc/httpd/conf.d
[root@localhost conf.d]# ls
autoindex.conf  php.conf  README  ssl.conf  userdir.conf  vhosts.conf  welcome.conf
[root@localhost conf.d]# vim ssl.conf 
86 SSLCertificateFile /etc/httpd/www.westos.org.crt
95 SSLCertificateKeyFile  /etc/httpd/www.westos.org.key

7.2 网页自动跳转

[root@13 conf.d]# mkdir -p /var/www/virtual/westos.org/login
[root@13 login]# vim /var/www/virtual/westos.org/login/index.html
login.westos.org
[root@foundation Desktop]# vim /etc/hosts  ##真机地址解析
login.westos.org

[root@localhost conf.d]# vim vhosts.conf 
[root@localhost conf.d]# systemctl restart httpd

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /etc/httpd/www.westos.org.crt
    SSLCertificateKeyFile /etc/httpd/www.westos.org.key
    ServerName login.westos.org
    DocumentRoot /var/www/virtual/westos.org/login
    CustomLog logs/linux.log combined
</VirtualHost>

<VirtualHost *:80>
    ServerName login.westos.org
    RewriteEngine on
    RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1
</VirtualHost>

^(/.*)$ ##客户地址栏中输入的地址
%{HTTP_HOST} ##客户主机
$1 ##RewriteRule后面跟的第一串字符的值

测试 login.westos.org 会自动跳转到 https://login.westos.org/

8. Squid+Apache

8.1 正向代理

[root@localhost conf.d]# ping www.qq.com ##192.168.0.66可以上网

[root@localhost conf.d]# dnf install squid -y
[root@localhost conf.d]# vim /etc/squid/squid.conf
59 http_access allow all
65 cache_dir ufs /var/spool/squid 100 16 256

[root@localhost conf.d]# cd /var/spool/squid/
[root@localhost squid]# ls
[root@localhost squid]# systemctl restart squid
[root@localhost squid]# ls
[root@localhost squid]# firewall-cmd --permanent --add-port=3128/tcp
success
[root@localhost squid]# firewall-cmd --reload 
success

8.2 反向代理

[root@localhost squid]# dnf remove httpd
[root@localhost squid]# vim /etc/squid/squid.conf
62 http_port 80 vhost vport
63 cache_peer 192.168.0.2 parent 80 0 proxy-only  ##有apache的主机 192.168.0.2
[root@localhost squid]# systemctl restart squid

[root@localhost squid]# curl -I 192.168.0.1
HTTP/1.1 200 OK
Date: Mon, 28 Jun 2021 12:18:19 GMT
Server: Apache/2.4.37 (Red Hat Enterprise Linux)
Last-Modified: Mon, 28 Jun 2021 12:17:06 GMT
ETag: "12-5c5d277bef6a8"
Accept-Ranges: bytes
Content-Length: 18
Content-Type: text/html; charset=UTF-8
X-Cache: MISS from server1
X-Cache-Lookup: MISS from server1:80
Via: 1.1 server1 (squid/4.4)
Connection: keep-alive

不能上网的主机内设置 setting 选择HTTP 192.168.0.2 80
测试：真机访问192.168.0.1 和 192.168.0.2 的页面一样