apache服务器
实验-安装apache,并提供服务在gzpu1上
yum install -y httpd
echo basictest > /var/www/html/index.html
systemctl restart httpd
systemctl enablehttpd
netstat -anplut| grep httpd
firewall-cmd --permanent --add-service=http
firewall-cmd --reload
在gzpu1和gzpu2上
firefox &
http://192.168.100.1
在gzpu1和gzpu2上
http://192.168.100.1/soft
实验-基于域名的虚拟主机
mkdir /var/www/gzpu
mkdir /var/www/bing
echo gzpu > /var/www/gzpu/index.html
echo bing > /var/www/bing/index.html
cp /etc/unbound/local.d/gzpu.com.conf /etc/unbound/local.d/bing.com.conf
vim /etc/unbound/local.d/bing.com.conf
:%s/gzpu/bing/g
systemctl restart unbound
vim /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf #模板
vim /etc/httpd/conf.d/0.conf
<VirtualHost 192.168.100.1:80>
ServerAdmin admin@XXX.com
DocumentRoot "/var/www/html"
ServerName 192.168.100.1
ErrorLog "/var/log/httpd/192.168.100.1-error_log"
CustomLog "/var/log/httpd/192.168.100.1-access_log" common
</VirtualHost>
vim /etc/httpd/conf.d/gzpu.com.conf
<VirtualHost www.gzpu.com:80>
ServerAdmin admin@gzpu.com
DocumentRoot "/var/www/gzpu"
ServerName www.gzpu.com
ErrorLog "/var/log/httpd/www.gzpu.com-error_log"
CustomLog "/var/log/httpd/www.gzpu.com-access_log" common
</VirtualHost>
cp /etc/httpd/conf.d/gzpu.com.conf /etc/httpd/conf.d/bing.com.conf
:%s/gzpu/bing/g
systemctl restart httpd
在gzpu1和gzpu2上
http://www.gzpu.com
http://www.bing.com
实验-基于IP的虚拟主机
添加一块网卡,设置IP为192.168.100.11/24
nmcli device show | grep DEVICE
nmcli connection show
connection add type ethernet con-name eth1 ifname eno33554984
nmcli connection modify eth1 ipv4.method manual ipv4.addresses 192.168.100.11/24
nmcli connection down eth1
nmcli connection up eth1
vim /etc/httpd/conf.d/0.conf
<VirtualHost 192.168.100.1:80>
ServerAdmin root@gzpu.com
DocumentRoot /var/www/gzpu
ServerName www.gzpu.com
ErrorLog "/var/log/httpd/www.gzpu.com-error_log"
CustomLog "/var/log/httpd/www.gzpu.com-access_log" common
</VirtualHost>
<VirtualHost 192.168.100.11:80>
ServerAdmin root@bing.com
DocumentRoot /var/www/bing
ServerName www.bing.com
ErrorLog "/var/log/httpd/www.bing.com-error_log"
CustomLog "/var/log/www.bing.com-access_log" common
</VirtualHost>
systemctl restart httpd
在gzpu1和gzpu2上
http://192.168.100.1/index.html #不加index.html可能网页缓存会指向php页面
http://192.168.100.11
实验-基于端口的虚拟主机
semanage port -l | grep http
semanage port -a -t http_port_t -p tcp 8899
firewall-cmd --permanent --add-port=8899/tcp
firewall-cmd --reload
vim /etc/httpd/conf/httpd.conf
Listen 8899 #增加
mkdir /var/www/8899
echo 8899 > /var/www/8899/index.html
vim /etc/httpd/conf.d/0.conf
<VirtualHost 192.168.100.1:80>
DocumentRoot "/var/www/html"
ServerName 192.168.100.1
</VirtualHost>
<VirtualHost 192.168.100.1:8899>
DocumentRoot "/var/www/8899"
ServerName 192.168.100.1
</VirtualHost>
systemctl restart httpd
在gzpu1和gzpu2上
http://192.168.100.1
http://192.168.100.1:8899
实验-LAMP
yum install -y php* mariadb*
unzip Discuz.zip
rm -rf /var/www/gzpu/*
cp -rf upload/* /var/www/gzpu/
semanage fcontext -l | grep http | grep rw
chcon -R -t httpd_sys_rw_content_t /var/www/gzpu/
chown -R apache:apache /var/www/gzpu/
systemctl restart mariadb
systemctl enable mariadb
mysqladmin -u root password '123456'
systemctl restart httpd
在gzpu1和gzpu2上
http://www.gzpu.com #需要输入数据库密码123456,更改表前缀
实验-软链接网站
mkdir /local
echo gzputest > /local/index.html
semanage fcontext -a -t httpd_sys_content_t '/local(/.*)?'
restorecon -vvFR /local
ln -s /local/ /var/www/html/soft
实验-alias
还原gzpu1到基于域名的虚拟主机环境
mkdir /disk
echo disk > /disk/index.html
semanage fcontext -a -t httpd_sys_content_t '/disk(/.*)?'
restorecon -vvFR /disk/
vim /etc/httpd/conf.d/httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin root@gzpu.com
DocumentRoot /var/www/gzpu
ServerName www.gzpu.com
Alias /net /disk #增加
ErrorLog "/var/log/httpd/www.gzpu.com-error_log"
CustomLog "/var/log/httpd/www.gzpu.com-access_log" common
</VirtualHost>
<Directory /disk> #增加,添加对文件夹/disk的设置
AllowOverride none #增加,不允许覆盖写入
Require all granted #增加,允许所有人访问
</Directory> #增加
在gzpu1和gzpu2上
http://www.gzpu.com/net
实验-调用脚本
vim /var/www/cgi-bin/shell.sh
#!/bin/bash
echo -en "Content-Type: text/html; charset=UTF-8\n\n";
date +%c
#注意复制时可能会自动生成#
vim /var/www/cgi-bin/perl.pl
#!/usr/bin/perl
print "Content-Type: text/html; charset=UTF-8\n\n";
$now=localtime();
print "$now\n";
#注意复制时可能会自动生成#
yum install -y mod_wsgi
vim /var/www/cgi-bin/python.py
#!/usr/bin/env python
import time
def application (environ, start_response):
response_body = 'UNIX EPOCH time is now: %s\n' % time.time()
status = '200 OK'
response_headers = [('Content-Type', 'text/plain'),
('Content-Length', '1'),
('Content-Length', str(len(response_body)))]
start_response(status, response_headers)
return
chmod a+x /var/www/cgi-bin/shell.sh
chmod a+x /var/www/cgi-bin/perl.pl
#shell和pear必须有执行权限,python调用模块可以不加执行权限
vim /etc/httpd/conf.d/gzpu.conf
<VirtualHost *:80>
ServerAdmin root@gzpu.com
DocumentRoot /var/www/gzpu
ServerName www.gzpu.com
ErrorLog "/var/log/httpd/www.gzpu.com-error_log"
CustomLog "/var/log/httpd/www.gzpu.com-access_log" common
<IfModule alias_module> #增加
ScriptAlias /jiaoben/ "/var/www/cgi-bin/" #增加,支持shell和perl
</IfModule> #增加
WSGIScriptAlias/python/var/www/cgi-bin #增加,支持python
</VirtualHost>
systemctl restart httpd
在gzpu1和gzpu2上
http://www.gzpu.com/jiaoben/pear.pl
http://www.gzpu.com/jiaoben/shell.sh
http://www.gzpu.com/python/python.py
实验-拒绝访问
在gzpu1上
mkdir /var/www/gzpu/gzpu2deny
echo gzpu2deny > /var/www/gzpu/gzpu2deny/index.html
vim /etc/httpd/conf.d/gzpu.conf
<VirtualHost *:80>
ServerAdmin root@gzpu.com
DocumentRoot /var/www/gzpu
ServerName www.gzpu.com
ErrorLog "/var/log/httpd/www.gzpu.com-error_log"
CustomLog "/var/log/httpd/www.gzpu.com-access_log" common
</VirtualHost>
<Directory "/var/www/gzpu/gzpu2deny">
order allow,deny
allow from all
deny from 192.168.100.2 #网段采用192.168.100
</Directory>
<VirtualHost *:80>
systemctl restart httpd
gzpu2不可以访问http//www.gzpu.com/gzpu2deny,其他机器都可以访问
一些例子
Order deny,allow //默认充许所有主机访问
Denyfrom192.168.0.100//单独禁止
Order deny,allow
allow from all
deny from 219.204.253.8
#全部都可以通行
-------------------------------
Order deny,allow
deny from 219.204.253.8
allow from all
#全部都可以通行
-------------------------------
Order allow,deny
deny from 219.204.253.8
allow from all
#只有219.204.253.8不能通行
-------------------------------
Order allow,deny
allow from all
deny from 219.204.253.8
#只有219.204.253.8不能通行
-------------------------------
-------------------------------
Order allow,deny
deny from all
allow from 219.204.253.8
#全部都不能通行
-------------------------------
Order allow,deny
allow from 219.204.253.8
deny from all
#全部都不能通行
-------------------------------
Order deny,allow
allow from 219.204.253.8
deny from all
#只允许219.204.253.8通行
-------------------------------
Order deny,allow
deny from all
allow from 219.204.253.8
#只允许219.204.253.8通行
-------------------------------
--------------------------------
Order deny,allow
#全部都可以通行(默认的)
-------------------------------
Order allow,deny
#全部都不能通行(默认的)
-------------------------------
Order allow,deny
deny from all
#全部都不能通行
-------------------------------
Order deny,allow
deny from all
#全部都不能通行
-------------------------------
对于上面两种情况,如果换成allow from all,则全部都可以通行!
-------------------------------
Order deny,allow
deny from 219.204.253.8
#只有219.204.253.8不能通行
-------------------------------
Order allow,deny
deny from 219.204.253.8
#全部都不能通行
-------------------------------
Order allow,deny
allow from 219.204.253.8
#只允许219.204.253.8通行
-------------------------------
Order deny,allow
allow from 219.204.253.8
#全部都可以通行
实验-账号密码访问
htpasswd -cm /etc/httpd/.htpasswdgzpu #设置用户gzpu的密码为gzpu
htpasswd -m /etc/httpd/.htpasswdbing #设置用户bing的密码为bing新增用户不能加参数c,否则又会重建文件,之前的账号密码就没了
<virtualhost 192.168.100.1:80>
servername www.gzpu.com
documentroot /var/www/gzpu/
</virtualhost>
<Directory /var/www/gzpu>
AuthName "gzpu"
AuthType Basic
AuthUserFile /etc/httpd/.htpasswd
require valid-user
</Directory>
实验-ssl
在gzpu1上制作用于认证网站的证书和key
cd /etc/pki/tls/certs
make gzpu.crt
Enter pass phrase: #输入123.com
Verifying - Enter pass phrase: #输入123.com
Enter pass phrase for gzpu.key: #输入123.com
Country Name (2 letter code) : #输入CN
State or Province Name (full name) []: #输入BEIJING
Locality Name (eg, city) : #输入BEIJING
Organization Name (eg, company) : #输入REDHAT
Organizational Unit Name (eg, section) []: #输入WEB
Common Name (eg, your name or your server's hostname) []: #输入www.gzpu.com
cpgzpu.key/etc/pki/tls/private/gzpu.key
#相当于已经有了CA中心,并且CA中心已经颁发了证书gzpu.crt,一般证书保存在cert文件夹下,密钥保存在private文件夹下
yum install -y mod_ssl.x86_64 #安装ssl模块
httpd -M | grep -i mod_ssl #查看apache加载的模块
#如果报错AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message,一般是域名解析的错误,可以添加hosts记录,或者添加DNS记录,并更改配置文件的ServerName内容
vim /etc/httpd/conf.d/ssl.conf
SSLEngine off #更改,今后使用对每个网站的单独引擎
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
mkdir /var/www/443
echo html > /var/www/html/index.html
echo 443 > /var/www/443/index.html
cat /etc/httpd/conf.d/ssl.conf | grep -i ^ssl #复制尾部5行
vim /etc/httpd/conf.d/0.conf
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName www.gzpu.com
</VirtualHost>
vim /etc/httpd/conf.d/443.conf #增加加密的www.gzpu.com网站,新增行可用cat /etc/httpd/conf.d/ssl.conf | grep ^SSL | tail -n 5获得
<VirtualHost *:443>
DocumentRoot /var/www/443
ServerName www.gzpu.com #必须和证书输入的域名一致
SSLEngine on #激活引擎
SSLProtocol all -SSLv2 -SSLv3 #除了-SSLv2和-SSLv3协议
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile /etc/pki/tls/certs/gzpu.crt #证书位置
SSLCertificateKeyFile /etc/pki/tls/private/gzpu.key #密钥位置
</VirtualHost>
在gzpu1和gzpu2上
vim /etc/hosts
192.168.100.1 www.gzpu.com
http://www.gzpu.com
https://www.gzpu.com
实验-访问http网站自动转为https
在gzpu1上
vim /etc/httpd/conf.d/443.conf
<VirtualHost *:80>
DocumentRoot /var/www/gzpu
ServerName www.gzpu.com
RewriteEngine on #增加,激活https从定向引擎
RewriteRule ^/(.*) https://%{HTTP_HOST}$1 #增加,http重定向为https
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www/443
ServerName www.gzpu.com
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile /etc/httpd/conf/gzpu.crt
SSLCertificateKeyFile /etc/httpd/conf/gzpu.key
</VirtualHost>
<VirtualHost *:80>
在gzpu1和gzpu2上
http://www.gzpu.com #自动重定向为https://www.gzpu.com
页:
[1]