一、apache
企業中常用的web服務,用來提供http://(超文本傳輸協定)
二、apache的安裝部署
yum install httpd -y
yum install httpd-manual
systemctl start httpd
systemctl enable httpd
圖示:安裝httpd
<a href="https://s3.51cto.com/oss/201711/21/390a7dbdcc3004a10dc45b04d35ec516.png-wh_500x0-wm_3-wmp_4-s_2911428301.png" target="_blank"></a>
圖示:安裝httpd-manual
<a href="https://s1.51cto.com/oss/201711/21/c1645cf7b8f40efb6062679febd9386d.png-wh_500x0-wm_3-wmp_4-s_3450849954.png" target="_blank"></a>
圖示:開啟加載httpd
<a href="https://s4.51cto.com/oss/201711/21/988307baaef1ea04282d74a42b955ef3.png-wh_500x0-wm_3-wmp_4-s_1757750438.png" target="_blank"></a>
測試 http://172.25.254.121
http://172.25.254.121/manual
圖示:通路測試
<a href="https://s3.51cto.com/oss/201711/21/9ffe152e407551d57b1f78261170147c.png-wh_500x0-wm_3-wmp_4-s_2888741024.png" target="_blank"></a>
圖示:通路測試man
三、apache 的基礎資訊
主配置目錄: /etc/httpd/conf
主配置檔案: /etc/httpd/conf/httpd.conf
子配置目錄: /etc/httpd/conf.d
子配置檔案: /etc/httpd/conf.d/*.conf
預設釋出目錄: /var/www/html
預設釋出檔案: /index.html
預設端口: 80
預設安全上下文:httpd_sys_content_t
程式開啟預設使用者: apache
apache日志: /etc/httpd/logs/*
檢視端口
ss -anutlpe | grep httpd
圖示:端口80
<a href="https://s2.51cto.com/oss/201711/21/96b7702c277773eb5e400e114101571a.png-wh_500x0-wm_3-wmp_4-s_2734458378.png" target="_blank"></a>
修改預設端口
vim /etc/httpd/conf/httpd.conf
43 Linsten 8080 修改預設端口為8080
圖示:修改配置檔案
<a href="https://s4.51cto.com/oss/201711/21/c9c23cdb913bb4a662a4189c3ff169ad.png-wh_500x0-wm_3-wmp_4-s_2553650759.png" target="_blank"></a>
修改預設分布檔案:
預設釋出檔案就是通路apache時沒有指定檔案名稱時預設通路的檔案
這個檔案可以指定多個,有通路先後順序
164 DirectoryIndex index.html test.html 當index.html不存在時通路 test.html
<a href="https://s4.51cto.com/oss/201711/21/b7e1af9190b09ae7701a234cbc2c9e5d.png-wh_500x0-wm_3-wmp_4-s_1794687150.png" target="_blank"></a>
修改預設釋出目錄
121 <Directory "/www">
122 Require all granted
123 <Directory>
<a href="https://s3.51cto.com/oss/201711/21/324b6ced572aaefd993c6bf00ce2043f.png-wh_500x0-wm_3-wmp_4-s_3809680934.png" target="_blank"></a>
[root@domain ~]# > /var/log/messages
[root@domain ~]# ls -Zd /www/
drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 /www/
[root@domain ~]# storecon -RvvF /www/
四、apache的虛拟主機
vim /etc/httpd/conf.d/adefault.conf
<VirtualHost _default_:80>
DocumentRoot"/var/www/html"
CustomLog "logs/www.westos.com.log"combined
</VirtualHost>
vim /etc/httpd/conf.d/linux.conf
<VirtualHost *:80>
ServerName linux.westos.com ##指定站點名稱
DocumentRoot"/var/www/virtual/linux.westos.com/html" ##站點預設釋出目錄
CustomLog"logs/linux.westos.com.logs" combined ##站點日 志combined表示四種日志的集合
<Directory "/var/www/virtual/linux.westos.com/html">
Require all granted
</Directory>
vim /etc/httpd/conf.d/c.conf
DocumentRoot "/var/www/html"
CustomLog "logs/www.westos.com.log"combined
<Directory "/var/www/html/test">
Order deny,allow
Allow from 172.25.254.60
Deny from all
測試:
測試主機中做好本地解析
vim /etc/hosts
172.25.254.100 c.westos.com
圖示:測試
<a href="https://s3.51cto.com/oss/201711/21/363d5d3171bcc35e3deec0fdea551949.png-wh_500x0-wm_3-wmp_4-s_669871886.png" target="_blank"></a>
五、apache内部的通路控制
1.針對與主機的通路設定
touch /var/www/html/test
<Directory"/var/www/html/test">
Order deny,allow ##清單讀取順序,後讀取的清單會覆寫限度去内容的重複部分
Allow from 172.25.254.60
Deny from all
</Directory>
2.使用者方式的通路控制
cd /etc/httpd/conf.d/
mkdir /var/www/html/admin
vim /var/www/html/admin/index.html
htpasswd -cm /etc/httpd/userpass admin
htpasswd -m /etc/httpd/userpass admin1
圖示:建立加密使用者,建立第一個使用者需要加“-c”
<a href="https://s2.51cto.com/oss/201711/21/81baf86a9f1e6b2eb01201a91313ae23.png-wh_500x0-wm_3-wmp_4-s_831534997.png" target="_blank"></a>
<Directory "/var/www/html/admin">
AuthUserFile/etc/httpd/userpass
AuthName "Please input your nameand password"
AuthType basic
#Require user admin ##隻允許admin使用者登陸
Require valid-user ##允許所有使用者登陸
systemctl restart httpd.service
圖示:adefault.conf内容
<a href="https://s3.51cto.com/oss/201711/21/96f3d1ee1bb05b0e7f0f9a87713c3674.png-wh_500x0-wm_3-wmp_4-s_38211613.png" target="_blank"></a>
六、apeche 支援的語言
1.html ##系統預設支援
2.php
vim /var/www/html/index.php
<?php
phpinfo();
?>
yum install php -y
systemctl restart httpd
圖示:安裝 php
<a href="https://s4.51cto.com/oss/201711/21/244fd6a1c5f953ed67ba6639754fac60.png-wh_500x0-wm_3-wmp_4-s_1160848066.png" target="_blank"></a>
測試:(確定100主機防火牆關閉)
http://172.25.254.100/index.php
圖示:測試結果
<a href="https://s4.51cto.com/oss/201711/21/bc85c0ddbf1b19fb66e4a27336e877a2.png-wh_500x0-wm_3-wmp_4-s_2303380010.png" target="_blank"></a>
3.cgi
mkdir /var/www/html/cgi -p
semanage fcontext -a -t httpd_sys_script_exec_t '/var/www/html/cgi(/.*)?'
restorecon -RvvF/var/www/html/cgi/
vim /var/www/html/cgi/index.cgi
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print `date`;
chmod +x /var/www/html/cgi/index.cgi ##添加可執行權限
/var/www/html/cgi/index.cgi ##執行腳本确定正确
圖示:腳本運作正确
<a href="https://s2.51cto.com/oss/201711/21/221f21d04079afcdda08e58b4fe4726d.png-wh_500x0-wm_3-wmp_4-s_4153838258.png" target="_blank"></a>
<Directory "/var/www/html/cgi">
Options +ExecCGI
AddHandler cgi-script .cgi
圖示:腳本内容
<a href="https://s1.51cto.com/oss/201711/21/2b55c9e47df0aee3849892cddc595e24.png-wh_500x0-wm_3-wmp_4-s_2314135874.png" target="_blank"></a>
七、設定https虛拟主機并設定網頁重寫
1.安裝
yum install mod_ssl
yum install crypto-utils -y
2.配置
genkey www.westos.com
圖示:操作過程
<a href="https://s2.51cto.com/oss/201711/21/ea538f3afd316e9d0d6472d1e0600762.png-wh_500x0-wm_3-wmp_4-s_757802928.png" target="_blank"></a>
<a href="https://s2.51cto.com/oss/201711/21/9730414b493b1c7d7c91cb210f9bbc63.png-wh_500x0-wm_3-wmp_4-s_1308879805.png" target="_blank"></a>
<a href="https://s2.51cto.com/oss/201711/21/bffe6c74db1b491ae4309e0851da4722.png-wh_500x0-wm_3-wmp_4-s_3644417688.png" target="_blank"></a>
vim /etc/httpd/conf.d/ssl.conf
101 SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt ##生成的證書
108 SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key ##生成的鑰匙
vim /etc/httpd/conf.d/login.conf
1 <VirtualHost *:443>
2 ServerName login.westos.com
3 DocumentRoot /var/www/html/virtual/login.westos.com/html
4 CustomLog "logs/login.logs" combined
5 SSLEngine on ##開始https功能
6 SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt ##證書
7 SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key ##鑰匙
8 </VirtualHost>
9 <Directory"/var/www/html/virtual/login.westos.com/html"> ##給預設釋出目錄授權通路
10 Require all granted
11 </Directory>
12 <VirtualHost *:80> ##網頁重寫實作自動通路https
13 ServerName login.westos.com
14 RewriteEngine on
15 RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
16 </VirtualHost>
重寫規則
^(/.*)$ ##客戶在浏覽器地質欄中輸入的所有字元
https:// ##強制客戶加密通路
%{HTTP_HOST} ##客戶請求主機
$1 ##‘$1’表示 ^(/.*)$ 的值
[redirect=301] ##臨時重寫 302永久轉換
<a href="https://s2.51cto.com/oss/201711/21/731d2c461f9f4daa60068ea24ae81d08.png-wh_500x0-wm_3-wmp_4-s_753229582.png" target="_blank"></a>
在通路端添加解析
172.25.254.100 login.westos.com
通路http://login.westos.com會自動調轉到https://login.westos.com 實作網頁資料加密傳輸
圖示:獲驗證書
<a href="https://s5.51cto.com/oss/201711/21/42a9755a9ad30c6472a0538db0e13de4.png-wh_500x0-wm_3-wmp_4-s_112715441.png" target="_blank"></a>
<a href="https://s3.51cto.com/oss/201711/21/b5a2504d5225c090b359c87c00bdc5da.png-wh_500x0-wm_3-wmp_4-s_793150108.png" target="_blank"></a>
##end##
本文轉自 無緣 51CTO部落格,原文連結:http://blog.51cto.com/13352594/1983913
![Apache配置SSLApache配置SSL[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)