一、Apache安装
[root@nfs-server ~]# dnf install httpd -y
[root@nfs-server ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
二、Apache服务基本信息
软件:httpd
端口:httpd:80 https:443
主配置文件:/etc/httpd/conf/httpd.conf
子配置文件:/etc/httpd/conf.d/
服务启动脚本:httpd.service
默认发布目录:/var/www/html
默认发布文件:index.html
三、Apache的基本配置
1.发布文件
默认发布文件的生成
[root@nfs-server ~]# echo 172.25.254.100 > /var/www/html/index.html #写入文件内容
[root@nfs-server ~]# cat /var/www/html/index.html
172.25.254.100
测试
[root@nfs-server ~]# curl 172.25.254.100
172.25.254.100
默认发布文件的修改
[root@nfs-server ~]# vim /etc/httpd/conf/httpd.conf #修改主配置文件
168 <IfModule dir_module>
169 DirectoryIndex lee.html index.html #在默认发布文件前加入需要访问的文件
170 </IfModule>
[root@nfs-server ~]# systemctl reload httpd #重启服务(reload可以实现服务不停止的情况下更新配置文件)
[root@nfs-server ~]# echo lee > /var/www/html/lee.html #写入文件内容
测试
[root@nfs-server ~]# curl 172.25.254.100
lee
[root@nfs-server ~]# cat /var/www/html/lee.html
lee
[root@nfs-server ~]# rm -fr /var/www/html/lee.html
[root@nfs-server ~]# curl 172.25.254.100
172.25.254.100
2.修改默认发布目录
生成新的默认发布目录和默认发布文件
[root@nfs-server ~]# mkdir /var/web/html
[root@nfs-server ~]# echo /var/web/html > /var/web/html/index.html
配置使用新的默认发布目录和默认发布文件
[root@nfs-server ~]# vim /etc/httpd/conf/httpd.conf
#DocumentRoot "/var/www/html"
DocumentRoot "/var/web/html"
<Directory "/var/web"> #对/var/web目录授权,否则服务拒绝访问
AllowOverride None
# Allow open access:
Require all granted
</Directory>
[root@nfs-server ~]# systemctl restart httpd
测试
[root@nfs-server ~]# curl 172.25.254.100
/var/web/html
四、修改服务端口
[root@nfs-server ~]# vim /etc/httpd/conf/httpd.conf
DocumentRoot "/var/www/html" #恢复默认发布目录
#DocumentRoot "/var/web/html"
47 Listen 8080 #修改端口
[root@nfs-server ~]# systemctl restart httpd
测试
[root@nfs-server ~]# netstat -antlupe | grep httpd
tcp6 0 0 :::8080 :::* LISTEN 0 79486 30895/httpd
[root@nfs-server ~]# curl 172.25.254.100:8080
172.25.254.100
五、目录的访问控制
1.基于IP的访问控制
要求:在访问http://172.25.254.100/lee时只能让172.25.254.1主机访问,其他人不能访问
[root@nfs-server ~]# mkdir /var/www/html/lee
[root@nfs-server ~]# echo /var/www/html/lee > /var/www/html/lee/index.html
[root@nfs-server ~]# vim /etc/httpd/conf/httpd.conf
Listen 80 #更改端口
<Directory "/var/www/html/lee"> #给目录授权
Order deny,allow #order-顺序,deny-拒绝,allow-允许
Deny from ALL #拒绝所有访问
Allow from 172.25.254.1 #允许172.25.254.1访问
</Directory>
注意:此处有个逻辑关系,后面的命令会覆盖前面的命令,例如上述代码,deny拒绝所有访问,但是allow允许172.25.254.1访问,由于allow在deny之后,所以allow覆盖前面的deny,所以172.25.254.1可以访问
[root@nfs-server ~]# systemctl restart http
测试
[root@nfs-server ~]# curl 172.25.254.100/lee
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
</body></html>
#在windows中的浏览器中访问http://172.25.254.100/lee 是可以的
2.基于用户认证的访问控制
当访问http://172.25.254.100/timinglee目录时,需要通过用户认证否则拒绝访问
[root@nfs-server ~]# mkdir -p /var/www/html/timinglee
[root@nfs-server ~]# echo /var/www/html/timinglee > /var/www/html/timinglee/index.html
#建立认证文件
[root@nfs-server ~]# htpasswd -cm /etc/httpd/.htpasswd lee
New password:
Re-type new password:
Adding password for user lee
#配置apache目录访问认证
[root@nfs-server ~]# vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/timinglee">
AuthUserFile /etc/httpd/.htpasswd #用户认证文件
AuthName "Please input username and password"
AuthType basic
Require valid-user
</Directory>
[root@nfs-server ~]# systemctl restart httpd
测试
[root@nfs-server ~]# curl 172.25.254.100/timinglee/
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>
[root@nfs-server ~]# curl 172.25.254.100/timinglee/ -ulee:lee
/var/www/html/timinglee
六、Apache服务器的虚拟主机
服务IP是非常有限的资源,Apache默认只能发布一个站点,但是企业可能又多个站点要发布,那么就需要Apache的虚拟机技术
1.建立各个站点的默认发布目录和发布文件
www.timinglee.org 访问默认
bbs.timinglee.org /var/www/virtual/timinglee.org/bbs
news.timinglee.org /var/www/virtual/timinglee.org/news
[root@nfs-server ~]# mkdir /var/www/virtual/timinglee.org/news -p
[root@nfs-server ~]# mkdir /var/www/virtual/timinglee.org/bbs -p
[root@nfs-server ~]# echo news.timinglee.org > /var/www/virtual/timinglee.org/news/index.html
[root@nfs-server ~]# echo bbs.timinglee.org /var/www/virtual/timinglee.org/bbs/index.html
bbs.timinglee.org /var/www/virtual/timinglee.org/bbs/index.html
[root@nfs-server ~]# echo bbs.timinglee.org > /var/www/virtual/timinglee.org/bbs/index.html
2.配置虚拟主机
[root@nfs-server ~]# vim /etc/httpd/conf.d/vhosts.conf #子配置文件
<VirtualHost _default_:80>
DocumentRoot /var/www/html
CustomLog /etc/httpd/logs/default.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName news.timinglee.org
DocumentRoot /var/www/virtual/timinglee.org/news
CustomLog /etc/httpd/logs/news.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName bbs.timinglee.org
DocumentRoot /var/www/virtual/timinglee.org/bbs
CustomLog /etc/httpd/logs/bbs.log combined
</VirtualHost>
测试
#在哪里测试就在那个主机中做解析
[root@nfs-server ~]# vim /etc/hosts
172.25.254.100 nfs-server www.timinglee.org news.timinglee.org bbs.timinglee.org
[root@nfs-server ~]# curl www.timinglee.org
172.25.254.100
[root@nfs-server ~]# curl bbs.timinglee.org
bbs.timinglee.org
[root@nfs-server ~]# curl news.timinglee.org
news.timinglee.org
七、Apache的https访问
1.生成证书
[root@nfs-server ~]# mkdir /etc/httpd/certs
[root@nfs-server ~]# openssl req -newkey rsa:2048 -nodes -sha256 -keyout /etc/httpd/certs/timinglee.org.key -x509 -days 365 -out /etc/httpd/certs/timinglee.org.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shannix
Locality Name (eg, city) [Default City]:Xi'an
Organization Name (eg, company) [Default Company Ltd]:timinglee
Organizational Unit Name (eg, section) []:webserver
Common Name (eg, your name or your server's hostname) []:www.timinglee.org
Email Address []:timinglee@timinglee.org
[root@nfs-server ~]# ls /etc/httpd/certs/
timinglee.org.crt timinglee.org.key
2.安装加密套件
[root@nfs-server ~]# dnf install mod_ssl -y
[root@nfs-server ~]# mkdir /var/www/virtual/timinglee.org/login -p
[root@nfs-server ~]# echo login.timinglee.org > /var/www/virtual/timinglee.org/login/index.html
3.配置加密
[root@nfs-server ~]# vim /etc/httpd/conf.d/vhosts.conf
<VirtualHost *:80>
ServerName login.timinglee.org
RewriteEngine On
RewriteRule ^/(.*)$ https://login.timinglee.org/$1 [R=301] #导向443
</VirtualHost>
<VirtualHost *:443>
ServerName login.timinglee.org
DocumentRoot /var/www/virtual/timinglee.org/login
CustomLog /etc/httpd/logs/login.log combind
SSLEngine on
SSLCertificateFile /etc/httpd/certs/timinglee.org.crt
SSLCertificateKeyFile /etc/httpd/certs/timinglee.org.key
</VirtualHost>
[root@nfs-server ~]# systemctl restart httpd
注意:https和http端口不一致
测试
[root@nfs-server ~]# vim /etc/hosts
172.25.254.100 nfs-server www.timinglee.org news.timinglee.org bbs.timinglee.org login.timinglee.org
[root@nfs-server ~]# curl -kL login.timinglee.org
login.timinglee.org