文章目录
1.Apache的作用及启用
-
在web被访问时通常使用http://的方式
http:// ##超文本传输协议 -
http:// 超文本传输协议提供软件:
Apache、nginx、stgw、jfe、Tengine
root@localhost ~]# dnf search httpd
[root@localhost ~]# dnf install httpd.x86_64 -y
[root@localhost ~]# systemctl enable --now httpd
[root@localhost ~]# firewall-cmd --permanent --add-service=http
success
[root@localhost ~]# firewall-cmd --reload
[root@localhost ~]# netstat -antlp | grep 80
tcp6 0 0 :::80 :::* LISTEN 10497/httpd
[root@localhost ~]# ss -antlupe | grep httpd
tcp LISTEN 0 128 *:80 *:* users:(("httpd",pid=10501,fd=4),("httpd",pid=10500,fd=4),("httpd",pid=10499,fd=4),("httpd",pid=10497,fd=4)) ino:78496 sk:4 v6only:0 <->
[root@localhost ~]# cd /var/www/html
[root@localhost html]# ls
[root@localhost html]# vim index.html
hello westos
访问192.168.0.1
2. Apache的基本信息
- 服务名称: httpd
- 配置文件:
/etc/httpd/conf/httpd.conf ##主配置文件
/etc/httpd/conf.d/*.conf ##子配置文件 - 默认发布目录: /var/www/html
- 默认发布文件: index.html
- 默认端口: 80 #http
443 #https - 用户: apache
- 日志: /etc/httpd/logs
[root@localhost html]# rpm -qc httpd
/etc/httpd/conf.d/autoindex.conf
/etc/httpd/conf.d/userdir.conf
/etc/httpd/conf.d/welcome.conf
/etc/httpd/conf.modules.d/00-base.conf
/etc/httpd/conf.modules.d/00-dav.conf
/etc/httpd/conf.modules.d/00-lua.conf
/etc/httpd/conf.modules.d/00-mpm.conf
/etc/httpd/conf.modules.d/00-optional.conf
/etc/httpd/conf.modules.d/00-proxy.conf
/etc/httpd/conf.modules.d/00-systemd.conf
/etc/httpd/conf.modules.d/01-cgi.conf
/etc/httpd/conf/httpd.conf
/etc/httpd/conf/magic
/etc/logrotate.d/httpd
/etc/sysconfig/htcacheclean
3.Apache的基本配置
3.1 Apache端口修改
[root@localhost html]# vim /etc/httpd/conf/httpd.conf
45 Listen 8080
[root@localhost html]# systemctl restart httpd
[root@localhost html]# firewall-cmd --permanent --add-port=8080/tcp
[root@localhost html]# firewall-cmd --reload
[root@localhost html]# ss -antlipe | grep httpd
LISTEN 0 128 *:8080
[root@localhost html]# ss -antlupe | grep httpd
tcp LISTEN 0 128 *:8080 *:* users:(("httpd",pid=12134,fd=4),("httpd",pid=12133,fd=4),("httpd",pid=12132,fd=4),("httpd",pid=12129,fd=4)) ino:1245218 sk:6 v6only:0 <->
[root@localhost html]# vim /etc/httpd/conf/httpd.conf
Listen 80 改回来
[root@localhost html]# systemctl restart httpd
3.2 默认发布文件
[root@localhost html]# vim /etc/httpd/conf/httpd.conf
167 DirectoryIndex test.html index.html ##按顺序访问,默认访问test.html文件
[root@localhost html]# systemctl restart httpd
[root@localhost html]# vim test.html
hello test
3.3 默认发布目录
[root@localhost html]# mkdir /westos_web
[root@localhost html]# vim /westos_web/index.html
hello westos_web
[root@localhost html]# vim /etc/httpd/conf/httpd.conf
122 #DocumentRoot "/var/www/html"
DocumentRoot "/westos_web"
<Directory "/westos_web>"
Require all granted ## 允许任何人访问目录
</Directory>
[root@localhost html]# systemctl restart httpd
4. Apache的访问控制
4.1 基于客户端ip的访问控制
[root@localhost html]# mkdir westos
[root@localhost html]# cd westos
[root@localhost westos]# vim index.html
hahaha
[root@localhost html]# vim /etc/httpd/conf/httpd.conf
[root@localhost html]# systemctl restart httpd
123
<Directory "/var/www/html/westos">
Order Deny,Allow
Allow from 192.168.0.2
Deny from all
</Directory>
<Directory "/var/www/html/westos">
Order Allow,Deny
Allow from all
Deny from 192.168.0.2
</Directory>
192.168.0.100 被拒绝访问
192.168.0.2 访问成功
4.2 基于用户认证
root@localhost ~]# cd /etc/httpd/conf
[root@localhost conf]# ls
httpd.conf magic
[root@localhost conf]# cd ..
root@localhost httpd]# ls
[root@localhost httpd]# htpasswd -cm .htpasswd admin ##c创建 m指定文件
[root@localhost httpd]# htpasswd -m .htpasswd lee
[root@localhost httpd]# cat .htpasswd
admin:$apr1$2C4kYiP4$3DZac9rLvq4qfNIDtE6Zj1
lee:$apr1$yNVog0Bp$8AJ/xfAXhvLBT7WmckDwZ1
[root@localhost httpd]# vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/westos>"
AuthUserFile /etc/httpd/conf/.htpasswd
AuthName "Please input username and password !!"
AuthType basic
# Require user admin
Require valid-user
</Directory>
[root@localhost httpd]# systemctl restart httpd
[root@localhost httpd]# pwd
/etc/httpd/logs
[root@localhost httpd]# cat error_log
5.Apache的虚拟主机
## 真机地址解析
[root@westos_student12 Desktop]# vim /etc/hosts
192.168.0.1 www.westos.org linux.westos.org lee.westos.org
## 虚拟机配置文件
[root@localhost Desktop]# vim /etc/httpd/conf/httpd.conf
[root@localhost Desktop]# mkdir -p /var/www/virutal/westos.org/{linux,lee}
[root@localhost Desktop]# vim /var/www/virutal/westos.org/linux/index.html
linux.westos.org
[root@localhost Desktop]# vim /var/www/virutal/westos.org/lee/index.html
lee.westos.org
[root@localhost Desktop]# cd /etc/httpd/conf.d/
[root@localhost conf.d]# ls
autoindex.conf README userdir.conf welcome.conf
[root@localhost conf.d]# vim vhosts.conf
<VirtualHost _default_:80>
DocumentRoot /var/www/html
CustomLog logs/default.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName lee.westos.org
DocumentRoot /var/www/virutal/westos.org/lee
CustomLog logs/lee.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName linux.westos.org
DocumentRoot /var/www/virutal/westos.org/linux
CustomLog logs/linux.log combined
</VirtualHost>
[root@localhost conf.d]# systemctl restart httpd
测试
linux.westos.org lee.westos.org
6.Apache的语言支持
[root@localhost httpd]# dnf install php -y
[root@localhost httpd]# vim /var/www/html/index.php
<?php
phpinfo();
?>
[root@localhost httpd]# systemctl restart httpd
测试www.westos.org/index.php
pel
[root@13 httpd]# dnf install httpd-manual -y
[root@13 httpd]# systemctl restart httpd
www.westos.org/manual
6.1 cgi
cgi通用网络接口:apache通过插件读取代码最后执行的结果。
[root@localhost httpd]# cd /var/www/html
[root@localhost html]# ls
[root@localhost html]# mkdir cgi-scripts
[root@localhost html]# cd cgi-scripts
[root@localhost cgi-scripts]# ls
[root@localhost cgi-scripts]# vim index.cgi
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print `date`;
[root@localhost cgi-scripts]# yum -y install perl perl-devel
[root@localhost cgi-scripts]# ./index.cgi
Content-type: text/html
Mon Jun 28 18:22:57 CST 2021
[root@localhost cgi-scripts]# vim /etc/httpd/conf.d/vhosts.conf
##添加
<Directory /var/www/html/cgi-scripts>
Options +ExecCGI
AddHandler cgi-script .cgi
</Directory>
[root@localhost cgi-scripts]# systemctl restart httpd
[root@localhost cgi-scripts]# ls
index.cgi
[root@localhost cgi-scripts]# ll
total 4
-rw-r--r-- 1 root root 67 Nov 22 11:26 index.cgi
[root@localhost cgi-scripts]# chmod +x index.cgi
[root@localhost cgi-scripts]# systemctl restart httpd
测试 http://www.westos.org/cgi-scripts/index.cgi
6.2 wsgi
[root@foundation Desktop]# vim /etc/hosts ##真机地址解析
192.168.0.1 controller www.westos.org linux.westos.org lee.westos.org wsgi.westos.org
[root@localhost html]# mkdir wsgi-scripts
[root@localhost html]# ls
cgi-scripts index.html index.php test.html westos wsgi-scripts
[root@localhost html]# cd wsgi-scripts/
[root@localhost wsgi-scripts]# ls
[root@localhost wsgi-scripts]# vim index.wsgi
def application(env, westos):
westos( '200 ok', [('Content-Type', 'text/html')])
return [b'hello wsgi!']
[root@localhost wsgi-scripts]# chmod +x index.wsgi
[root@localhost wsgi-scripts]# vim /etc/httpd/conf.d/vhosts.conf
<VirtualHost *:80>
ServerName wsgi.westos.org
WSGIScriptAlias / /var/www/html/wsgi-scripts/index.wsgi
</VirtualHost>
[root@localhost wsgi-scripts]# dnf search wsgi
[root@localhost wsgi-scripts]# dnf install python3-mod_wsgi.x86_64 -y
[root@localhost wsgi-scripts]# systemctl restart httpd
hello wsgi!
7.Apache的加密访问
7.1 加密访问
[root@localhost cgi-scripts]# dnf install mod_ssl -y
[root@localhost cgi-scripts]# cd /etc/httpd/conf.d
[root@localhost cgi-scripts]# ls
[root@localhost conf.d]# systemctl restart httpd
[root@localhost conf.d]# firewall-cmd --permanent --add-service=https
success
[root@localhost conf.d]# firewall-cmd --reload
success
[root@localhost conf.d]# openssl genrsa -out /mnt/www.westos.org.key 2048 #生成私钥
[root@localhost conf.d]# openssl req -new -key /mnt/www.westos.org.key -out /mnt/www.westos.org.csr ##生成证书签名文件
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:shanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:www.westos.org
Email Address []:admin@westos.org
A challenge password []:
An optional company name []:
[root@localhost conf.d]# openssl x509 -req -days 365 -in /mnt/www.westos.org.csr -signkey /mnt/www.westos.org.key -out /mnt/www.westos.org.crt #生成证书
[root@localhost conf.d]# cp /mnt/www.westos.org.* /etc/httpd/
[root@localhost conf.d]# cd /etc/httpd
[root@localhost httpd]# ls
[root@localhost httpd]# cd -
/etc/httpd/conf.d
[root@localhost conf.d]# ls
autoindex.conf php.conf README ssl.conf userdir.conf vhosts.conf welcome.conf
[root@localhost conf.d]# vim ssl.conf
86 SSLCertificateFile /etc/httpd/www.westos.org.crt
95 SSLCertificateKeyFile /etc/httpd/www.westos.org.key
7.2 网页自动跳转
[root@13 conf.d]# mkdir -p /var/www/virtual/westos.org/login
[root@13 login]# vim /var/www/virtual/westos.org/login/index.html
login.westos.org
[root@foundation Desktop]# vim /etc/hosts ##真机地址解析
login.westos.org
[root@localhost conf.d]# vim vhosts.conf
[root@localhost conf.d]# systemctl restart httpd
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/httpd/www.westos.org.crt
SSLCertificateKeyFile /etc/httpd/www.westos.org.key
ServerName login.westos.org
DocumentRoot /var/www/virtual/westos.org/login
CustomLog logs/linux.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName login.westos.org
RewriteEngine on
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1
</VirtualHost>
^(/.*)$ ##客户地址栏中输入的地址
%{HTTP_HOST} ##客户主机
$1 ##RewriteRule后面跟的第一串字符的值
测试 login.westos.org 会自动跳转到 https://login.westos.org/
8. Squid+Apache
8.1 正向代理
[root@localhost conf.d]# ping www.qq.com ##192.168.0.66可以上网
[root@localhost conf.d]# dnf install squid -y
[root@localhost conf.d]# vim /etc/squid/squid.conf
59 http_access allow all
65 cache_dir ufs /var/spool/squid 100 16 256
[root@localhost conf.d]# cd /var/spool/squid/
[root@localhost squid]# ls
[root@localhost squid]# systemctl restart squid
[root@localhost squid]# ls
[root@localhost squid]# firewall-cmd --permanent --add-port=3128/tcp
success
[root@localhost squid]# firewall-cmd --reload
success
8.2 反向代理
[root@localhost squid]# dnf remove httpd
[root@localhost squid]# vim /etc/squid/squid.conf
62 http_port 80 vhost vport
63 cache_peer 192.168.0.2 parent 80 0 proxy-only ##有apache的主机 192.168.0.2
[root@localhost squid]# systemctl restart squid
[root@localhost squid]# curl -I 192.168.0.1
HTTP/1.1 200 OK
Date: Mon, 28 Jun 2021 12:18:19 GMT
Server: Apache/2.4.37 (Red Hat Enterprise Linux)
Last-Modified: Mon, 28 Jun 2021 12:17:06 GMT
ETag: "12-5c5d277bef6a8"
Accept-Ranges: bytes
Content-Length: 18
Content-Type: text/html; charset=UTF-8
X-Cache: MISS from server1
X-Cache-Lookup: MISS from server1:80
Via: 1.1 server1 (squid/4.4)
Connection: keep-alive
不能上网的主机内设置 setting 选择HTTP 192.168.0.2 80
测试:真机访问192.168.0.1 和 192.168.0.2 的页面一样