apache服务器

admin

1. 实验-安装apache，并提供服务
   
2. 在gzpu1上
   
3. yum install -y httpd
   
4. echo basictest > /var/www/html/index.html
   
5. systemctl restart httpd
   
6. systemctl enable  httpd
   
7. netstat -anplut| grep httpd
   
8. firewall-cmd --permanent --add-service=http
   
9. firewall-cmd --reload
   
10. 
    
11. 在gzpu1和gzpu2上
    
12. firefox &
    
13. http://192.168.100.1
    
14. 
    
15. 在gzpu1和gzpu2上
    
16. http://192.168.100.1/soft
    
17. 
    
18. 实验-基于域名的虚拟主机
    
19. mkdir /var/www/gzpu
    
20. mkdir /var/www/bing
    
21. echo gzpu > /var/www/gzpu/index.html
    
22. echo bing > /var/www/bing/index.html
    
23. 
    
24. cp /etc/unbound/local.d/gzpu.com.conf /etc/unbound/local.d/bing.com.conf
    
25. vim /etc/unbound/local.d/bing.com.conf
    
26. :%s/gzpu/bing/g
    
27. systemctl restart unbound
    
28. 
    
29. vim /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf        #模板
    
30. vim /etc/httpd/conf.d/0.conf
    
31. <VirtualHost 192.168.100.1:80>
    
32.     ServerAdmin admin@XXX.com
    
33.     DocumentRoot "/var/www/html"
    
34.     ServerName 192.168.100.1
    
35.     ErrorLog "/var/log/httpd/192.168.100.1-error_log"
    
36.     CustomLog "/var/log/httpd/192.168.100.1-access_log" common
    
37. </VirtualHost>
    
38. 
    
39. vim /etc/httpd/conf.d/gzpu.com.conf
    
40. <VirtualHost www.gzpu.com:80>
    
41.     ServerAdmin admin@gzpu.com
    
42.     DocumentRoot "/var/www/gzpu"
    
43.     ServerName www.gzpu.com
    
44.     ErrorLog "/var/log/httpd/www.gzpu.com-error_log"
    
45.     CustomLog "/var/log/httpd/www.gzpu.com-access_log" common
    
46. </VirtualHost>
    
47. 
    
48. cp /etc/httpd/conf.d/gzpu.com.conf /etc/httpd/conf.d/bing.com.conf
    
49. :%s/gzpu/bing/g
    
50. systemctl restart httpd
    
51. 
    
52. 在gzpu1和gzpu2上
    
53. http://www.gzpu.com
    
54. http://www.bing.com
    
55. 
    
56. 实验-基于IP的虚拟主机
    
57. 添加一块网卡，设置IP为192.168.100.11/24
    
58. nmcli device show | grep DEVICE
    
59. nmcli connection show
    
60. connection add type ethernet con-name eth1 ifname eno33554984
    
61. nmcli connection modify eth1 ipv4.method manual ipv4.addresses 192.168.100.11/24
    
62. nmcli connection down eth1
    
63. nmcli connection up eth1
    
64. 
    
65. vim /etc/httpd/conf.d/0.conf
    
66. <VirtualHost 192.168.100.1:80>
    
67.     ServerAdmin root@gzpu.com
    
68.     DocumentRoot /var/www/gzpu
    
69.     ServerName www.gzpu.com
    
70.     ErrorLog "/var/log/httpd/www.gzpu.com-error_log"
    
71.     CustomLog "/var/log/httpd/www.gzpu.com-access_log" common
    
72. </VirtualHost>
    
73. <VirtualHost 192.168.100.11:80>
    
74.     ServerAdmin root@bing.com
    
75.     DocumentRoot /var/www/bing
    
76.     ServerName www.bing.com
    
77.     ErrorLog "/var/log/httpd/www.bing.com-error_log"
    
78.     CustomLog "/var/log/www.bing.com-access_log" common
    
79. </VirtualHost>
    
80. systemctl restart httpd
    
81. 
    
82. 在gzpu1和gzpu2上
    
83. http://192.168.100.1/index.html                #不加index.html可能网页缓存会指向php页面
    
84. http://192.168.100.11
    
85. 
    
86. 实验-基于端口的虚拟主机
    
87. semanage port -l | grep http
    
88. semanage port -a -t http_port_t -p tcp 8899
    
89. firewall-cmd --permanent --add-port=8899/tcp
    
90. firewall-cmd --reload
    
91. vim /etc/httpd/conf/httpd.conf
    
92. Listen 8899        #增加
    
93. 
    
94. mkdir /var/www/8899
    
95. echo 8899 > /var/www/8899/index.html
    
96. 
    
97. vim /etc/httpd/conf.d/0.conf
    
98. <VirtualHost 192.168.100.1:80>
    
99.     DocumentRoot "/var/www/html"
    
100.     ServerName 192.168.100.1
     
101. </VirtualHost>
     
102. <VirtualHost 192.168.100.1:8899>
     
103.     DocumentRoot "/var/www/8899"
     
104.     ServerName 192.168.100.1
     
105. </VirtualHost>
     
106. systemctl restart httpd
     
107. 
     
108. 在gzpu1和gzpu2上
     
109. http://192.168.100.1
     
110. http://192.168.100.1:8899
     
111. 
     
112. 实验-LAMP
     
113. yum install -y php* mariadb*
     
114. unzip Discuz.zip
     
115. rm -rf /var/www/gzpu/*
     
116. cp -rf upload/* /var/www/gzpu/
     
117. semanage fcontext -l | grep http | grep rw
     
118. chcon -R -t httpd_sys_rw_content_t /var/www/gzpu/
     
119. chown -R apache:apache /var/www/gzpu/
     
120. systemctl restart mariadb
     
121. systemctl enable mariadb
     
122. mysqladmin -u root password '123456'
     
123. systemctl restart httpd
     
124. 
     
125. 在gzpu1和gzpu2上
     
126. http://www.gzpu.com        #需要输入数据库密码123456，更改表前缀
     
127. 
     
128. 实验-软链接网站
     
129. mkdir /local
     
130. echo gzputest > /local/index.html
     
131. semanage fcontext -a -t httpd_sys_content_t '/local(/.*)?'
     
132. restorecon -vvFR /local
     
133. ln -s /local/ /var/www/html/soft
     
134. 
     
135. 实验-alias       
     
136. 还原gzpu1到基于域名的虚拟主机环境
     
137. mkdir /disk
     
138. echo disk > /disk/index.html
     
139. semanage fcontext -a -t httpd_sys_content_t '/disk(/.*)?'
     
140. restorecon -vvFR /disk/
     
141. 
     
142. vim /etc/httpd/conf.d/httpd-vhosts.conf
     
143. <VirtualHost *:80>
     
144.     ServerAdmin root@gzpu.com
     
145.     DocumentRoot /var/www/gzpu
     
146.     ServerName www.gzpu.com
     
147.     Alias /net /disk                #增加
     
148.     ErrorLog "/var/log/httpd/www.gzpu.com-error_log"
     
149.     CustomLog "/var/log/httpd/www.gzpu.com-access_log" common
     
150. </VirtualHost>
     
151. <Directory /disk>                #增加，添加对文件夹/disk的设置
     
152.     AllowOverride none                #增加，不允许覆盖写入
     
153.     Require all granted                #增加，允许所有人访问
     
154. </Directory>                        #增加
     
155. 
     
156. 在gzpu1和gzpu2上
     
157. http://www.gzpu.com/net
     
158. 
     
159. 实验-调用脚本
     
160. 
     
161. vim /var/www/cgi-bin/shell.sh
     
162. #!/bin/bash
     
163. echo -en "Content-Type: text/html; charset=UTF-8\n\n";
     
164. date +%c
     
165. #注意复制时可能会自动生成#
     
166. 
     
167. vim /var/www/cgi-bin/perl.pl
     
168. #!/usr/bin/perl
     
169. print "Content-Type: text/html; charset=UTF-8\n\n";
     
170. $now=localtime();
     
171. print "$now\n";
     
172. #注意复制时可能会自动生成#
     
173. 
     
174. yum install -y mod_wsgi
     
175. vim /var/www/cgi-bin/python.py
     
176. #!/usr/bin/env python
     
177. import time
     
178. 
     
179. def application (environ, start_response):
     
180.     response_body = 'UNIX EPOCH time is now: %s\n' % time.time()
     
181.     status = '200 OK'
     
182.     response_headers = [('Content-Type', 'text/plain'),
     
183.                         ('Content-Length', '1'),
     
184.                         ('Content-Length', str(len(response_body)))]
     
185.     start_response(status, response_headers)
     
186.     return [response_body]
     
187. 
     
188. chmod a+x /var/www/cgi-bin/shell.sh
     
189. chmod a+x /var/www/cgi-bin/perl.pl
     
190. #shell和pear必须有执行权限，python调用模块可以不加执行权限
     
191. 
     
192. vim /etc/httpd/conf.d/gzpu.conf
     
193. <VirtualHost *:80>
     
194.     ServerAdmin root@gzpu.com
     
195.     DocumentRoot /var/www/gzpu
     
196.     ServerName www.gzpu.com
     
197.     ErrorLog "/var/log/httpd/www.gzpu.com-error_log"
     
198.     CustomLog "/var/log/httpd/www.gzpu.com-access_log" common
     
199. <IfModule alias_module>                                #增加
     
200. ScriptAlias /jiaoben/ "/var/www/cgi-bin/"        #增加，支持shell和perl
     
201. </IfModule>                                        #增加
     
202. WSGIScriptAlias  /python  /var/www/cgi-bin        #增加，支持python
     
203. </VirtualHost>
     
204. 
     
205. systemctl restart httpd
     
206. 
     
207. 在gzpu1和gzpu2上
     
208. http://www.gzpu.com/jiaoben/pear.pl
     
209. http://www.gzpu.com/jiaoben/shell.sh
     
210. http://www.gzpu.com/python/python.py
     
211. 
     
212. 实验-拒绝访问
     
213. 在gzpu1上
     
214. mkdir /var/www/gzpu/gzpu2deny
     
215. echo gzpu2deny > /var/www/gzpu/gzpu2deny/index.html
     
216. 
     
217. vim /etc/httpd/conf.d/gzpu.conf
     
218. <VirtualHost *:80>
     
219.     ServerAdmin root@gzpu.com
     
220.     DocumentRoot /var/www/gzpu
     
221.     ServerName www.gzpu.com
     
222.     ErrorLog "/var/log/httpd/www.gzpu.com-error_log"
     
223.     CustomLog "/var/log/httpd/www.gzpu.com-access_log" common
     
224. </VirtualHost>
     
225. <Directory "/var/www/gzpu/gzpu2deny">
     
226.     order allow,deny
     
227.     allow from all
     
228.     deny from 192.168.100.2        #网段采用192.168.100
     
229. </Directory>
     
230. <VirtualHost *:80>
     
231. systemctl restart httpd
     
232. 
     
233. gzpu2不可以访问http//www.gzpu.com/gzpu2deny，其他机器都可以访问
     
234. 
     
235. 一些例子
     
236. Order   deny,allow //默认充许所有主机访问
     
237. Deny  from  192.168.0.100  //单独禁止
     
238. 
     
239. Order deny,allow
     
240. allow from all
     
241. deny from 219.204.253.8
     
242. #全部都可以通行
     
243. -------------------------------
     
244. Order deny,allow
     
245. deny from 219.204.253.8
     
246. allow from all
     
247. #全部都可以通行
     
248. -------------------------------
     
249. Order allow,deny
     
250. deny from 219.204.253.8
     
251. allow from all
     
252. #只有219.204.253.8不能通行
     
253. -------------------------------
     
254. Order allow,deny
     
255. allow from all
     
256. deny from 219.204.253.8
     
257. #只有219.204.253.8不能通行
     
258. -------------------------------
     
259. -------------------------------
     
260. Order allow,deny
     
261. deny from all
     
262. allow from 219.204.253.8
     
263. #全部都不能通行
     
264. -------------------------------
     
265. Order allow,deny
     
266. allow from 219.204.253.8
     
267. deny from all
     
268. #全部都不能通行
     
269. -------------------------------
     
270. Order deny,allow
     
271. allow from 219.204.253.8
     
272. deny from all
     
273. #只允许219.204.253.8通行
     
274. -------------------------------
     
275. Order deny,allow
     
276. deny from all
     
277. allow from 219.204.253.8
     
278. #只允许219.204.253.8通行
     
279. -------------------------------
     
280. --------------------------------
     
281. Order deny,allow
     
282. #全部都可以通行（默认的）
     
283. -------------------------------
     
284. Order allow,deny
     
285. #全部都不能通行（默认的）
     
286. -------------------------------
     
287. Order allow,deny
     
288. deny from all
     
289. #全部都不能通行
     
290. -------------------------------
     
291. Order deny,allow
     
292. deny from all
     
293. #全部都不能通行
     
294. -------------------------------
     
295. 对于上面两种情况，如果换成allow from all，则全部都可以通行！
     
296. -------------------------------
     
297. Order deny,allow
     
298. deny from 219.204.253.8
     
299. #只有219.204.253.8不能通行
     
300. -------------------------------
     
301. Order allow,deny
     
302. deny from 219.204.253.8
     
303. #全部都不能通行
     
304. -------------------------------
     
305. Order allow,deny
     
306. allow from 219.204.253.8
     
307. #只允许219.204.253.8通行
     
308. -------------------------------
     
309. Order deny,allow
     
310. allow from 219.204.253.8
     
311. #全部都可以通行
     
312. 
     
313. 实验-账号密码访问
     
314. htpasswd -cm /etc/httpd/.htpasswd  gzpu                #设置用户gzpu的密码为gzpu
     
315. htpasswd -m /etc/httpd/.htpasswd  bing                #设置用户bing的密码为bing新增用户不能加参数c，否则又会重建文件，之前的账号密码就没了
     
316. <virtualhost 192.168.100.1:80>
     
317. servername www.gzpu.com
     
318. documentroot /var/www/gzpu/
     
319. </virtualhost>
     
320. <Directory /var/www/gzpu>
     
321. AuthName "gzpu"
     
322. AuthType Basic
     
323. AuthUserFile /etc/httpd/.htpasswd
     
324. require valid-user
     
325. </Directory>
     
326. 
     
327. 实验-ssl
     
328. 在gzpu1上制作用于认证网站的证书和key
     
329. cd /etc/pki/tls/certs
     
330. make gzpu.crt
     
331. Enter pass phrase:                                                #输入123.com
     
332. Verifying - Enter pass phrase:                                        #输入123.com
     
333. Enter pass phrase for gzpu.key:                                        #输入123.com
     
334. Country Name (2 letter code) [XX]:                                #输入CN
     
335. State or Province Name (full name) []:                                #输入BEIJING
     
336. Locality Name (eg, city) [Default City]:                        #输入BEIJING
     
337. Organization Name (eg, company) [Default Company Ltd]:                #输入REDHAT
     
338. Organizational Unit Name (eg, section) []:                        #输入WEB
     
339. Common Name (eg, your name or your server's hostname) []:        #输入www.gzpu.com
     
340. 
     
341. cp  gzpu.key  /etc/pki/tls/private/gzpu.key
     
342. #相当于已经有了CA中心，并且CA中心已经颁发了证书gzpu.crt，一般证书保存在cert文件夹下，密钥保存在private文件夹下
     
343. 
     
344. yum install -y mod_ssl.x86_64        #安装ssl模块
     
345. httpd -M | grep -i mod_ssl        #查看apache加载的模块
     
346. #如果报错AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message，一般是域名解析的错误，可以添加hosts记录，或者添加DNS记录，并更改配置文件的ServerName内容
     
347. 
     
348. vim /etc/httpd/conf.d/ssl.conf
     
349. SSLEngine off                #更改，今后使用对每个网站的单独引擎
     
350. 
     
351. firewall-cmd --permanent --add-service=https
     
352. firewall-cmd --reload
     
353. 
     
354. mkdir /var/www/443
     
355. echo html > /var/www/html/index.html
     
356. echo 443 > /var/www/443/index.html
     
357. cat /etc/httpd/conf.d/ssl.conf | grep -i ^ssl        #复制尾部5行
     
358. 
     
359. vim /etc/httpd/conf.d/0.conf
     
360. <VirtualHost *:80>
     
361.     DocumentRoot /var/www/html
     
362.     ServerName www.gzpu.com
     
363. </VirtualHost>
     
364. 
     
365. vim /etc/httpd/conf.d/443.conf                #增加加密的www.gzpu.com网站，新增行可用cat /etc/httpd/conf.d/ssl.conf | grep ^SSL | tail -n 5获得
     
366. <VirtualHost *:443>
     
367.     DocumentRoot /var/www/443
     
368.     ServerName www.gzpu.com                                        #必须和证书输入的域名一致
     
369.         SSLEngine on                                                #激活引擎
     
370.         SSLProtocol all -SSLv2 -SSLv3                                #除了-SSLv2和-SSLv3协议
     
371.         SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
     
372.         SSLCertificateFile /etc/pki/tls/certs/gzpu.crt                #证书位置
     
373.         SSLCertificateKeyFile /etc/pki/tls/private/gzpu.key        #密钥位置
     
374. </VirtualHost>
     
375. 
     
376. 在gzpu1和gzpu2上
     
377. vim /etc/hosts
     
378. 192.168.100.1        www.gzpu.com
     
379. 
     
380. http://www.gzpu.com
     
381. https://www.gzpu.com
     
382. 
     
383. 实验-访问http网站自动转为https
     
384. 在gzpu1上
     
385. vim /etc/httpd/conf.d/443.conf
     
386. <VirtualHost *:80>
     
387.     DocumentRoot /var/www/gzpu
     
388.     ServerName www.gzpu.com
     
389.     RewriteEngine on                                        #增加，激活https从定向引擎
     
390.     RewriteRule ^/(.*) https://%{HTTP_HOST}$1 [L]        #增加，http重定向为https
     
391. </VirtualHost>
     
392. <VirtualHost *:443>
     
393.     DocumentRoot /var/www/443
     
394.     ServerName www.gzpu.com
     
395. SSLEngine on
     
396. SSLProtocol all -SSLv2 -SSLv3
     
397. SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
     
398. SSLCertificateFile /etc/httpd/conf/gzpu.crt
     
399. SSLCertificateKeyFile /etc/httpd/conf/gzpu.key
     
400. </VirtualHost>
     
401. <VirtualHost *:80>
     
402. 
     
403. 在gzpu1和gzpu2上
     
404. http://www.gzpu.com        #自动重定向为https://www.gzpu.com

复制代码