<Directory "/var/www/html/cgi">
Options ExecCGI
AddHandler cgi-script .cgi
</Directory>
Apache的作用
在web被访问时通常使用http://的方式
http:// 超文本传输协议
Apache的启用
systemctl enable --now httpd 开启服务并设定服务位开机启动
firewall-cmd --list-all 查看火墙信息
firewall-cmd --permanent --add-service=http 在火墙中永久开启http访问
firewall-cmd --permanent --add-service=https 在火墙中永久开启https访问
firewall-cmd --reload 刷新火墙使设定生效
Apache的基本信息
主配置文件: /etc/httpd/conf/httpd.conf
子配置文件: /etc/httpd/conf.d/*.conf
默认发布目录:/var/www/html
默认发布文件:index.html
默认端口: 80
日志:/etc/httpd/logs
Apache的基本配置
修改默认端口
vim /etc/httpd/conf.d/vhosts.conf
编辑内容:
Listen 8080systemctl restart httpd
firewall-cmd --permanent --add-port=8080/tcp
firewall-cmf --reloadnetstat -antlupe | grep http
tcp6 0 0 :::8080 :::* LISTEN 0 125093 8056/httpd在浏览器上搜索172.25.254.112:8080
更改默认发布文件
[root@westoslinux yum.repos.d]# cd /var/www/html
[root@westoslinux html]# ls
[root@westoslinux html]# vim test.html
[root@westoslinux html]# cat test.html
hello world[root@westoslinux html]# vim /etc/httpd/conf/httpd.conf
编辑内容:
<IfModule dir_module>
DirectoryIndex test.html index.htmlsystemctl restart httpd
在浏览器上搜索172.25.254.112出现的内容为hello test
更改默认目录
[root@westoslinux html]# mkdir -p /westos/html
[root@westoslinux html]# ls -Zd /westos/html
unconfined_u:object_r:default_t:s0 /westos/html
[root@westoslinux html]# semanage fcontext -a -t httpd_sys_content_t '/westos/html(/.*)?'
[root@westoslinux html]# vim /westos/html/index.html
[root@westoslinux html]# cat /westos/html/index.html
/westos/html 's page
[root@westoslinux html]# vim /etc/httpd/conf/httpd.conf编辑内容:
DocumentRoot "/westos/html"
[root@westoslinux html]# systemctl restart httpd
ip白名单
vim /etc/httpd/conf/httpd.conf
编辑内容:
<Directory "/var/www/html/westos">
Order allow,deny
Allow from 172.25.254.112
Deny from all
systemctl restart httpd
在浏览器上搜索172.25.254.112出现的内容为
ip黑名单
[root@westoslinux html]# vim /etc/httpd/conf/httpd.conf
编辑内容:
<Directory "/var/www/html/westos">
Order allow,deny
Allow from all
Deny from 172.25.254.112
</Directory>
[root@westoslinux html]# systemctl restart httpd
在浏览器上除了112不能访问,其他用户可以
基于用户认证
[root@westoslinux html]# cd /etc/httpd
[root@westoslinux httpd]# htpasswd -cm .htauthfile admin
New password:
Re-type new password:
Adding password for user admin
[root@westoslinux httpd]# htpasswd -m .htauthfile lee
New password:
Re-type new password:
Adding password for user lee
[root@westoslinux httpd]# cat .htauthfile
admin:$apr1$/S0vjUUM$eJTqRSyp1kEmufucr4CIG1
lee:$apr1$AJxAs3iO$4yC34Uy2R.mbeFGBWMFUh0
[root@westoslinux httpd]# vim /etc/httpd/conf/httpd.conf
编辑内容:
<Directory "/var/www/html/westos">
AuthUserfile /etc/httpd/.htauthfile
AuthName "please input username and passwd !!"
Authtype basic
# Require user lee 允许通过的认证用户lee
Require valid-user 允许所有用户通过认证 后两个不能同时出现
</Directory>
[root@westoslinux httpd]# systemctl restart httpd
在浏览器上搜索172.25.254.112出现账号密码认证
Apache的虚拟主机
[root@westoslinux html]# mkdir -p /var/www/westos.org/{linux,luck}
[root@westoslinux html]# echo linux > /var/www/westos.org/linux/index.html
[root@westoslinux html]# echo luck > /var/www/westos.org/luck/index.html
[root@westoslinux html]# dnf install httpd-manual -y
[root@westoslinux html]#systemctl restart httpd
在浏览器上访问172.25.254.112:manual 可以访问到手册
[root@westoslinux conf.d]# cd /etc/httpd/conf.d
[root@westoslinux conf.d]# vim vhost.conf
编辑内容:
<VirtualHost _default_:80>
DocumentRoot /var/www/html
CustomLog logs/default.log combined
</VirtualHost>
<VirtualHost _default_:80>
ServerName linux.westos.org
DocumentRoot /var/www/westos.org/linux
CustomLog logs/linux.log combined
</VirtualHost>
<VirtualHost _default_:80>
ServerName luck.westos.org
DocumentRoot /var/www/westos.org/luck
CustomLog logs/luck.log combined
</VirtualHost>
[root@westoslinux conf.d]# systemctl restart httpd
在浏览器所在的主机中操作:
vim /etc/hosts
编辑内容:
172.25.254.112 www.westos.org linux.westos.org luck.westos.org
在浏览器中访问 www.westos.org linux.westos.org luck.westos.org可以分别显示他的各自文件内容
Apache的语言支持
PHP语言
[root@westoslinux conf.d]# cd /var/www/html
[root@westoslinux html]# ls
index.html westos
[root@westoslinux html]# mkdir php
[root@westoslinux html]# ls
index.html php westos
[root@westoslinux html]# cd php
[root@westoslinux php]# vim index.php
[root@westoslinux php]# cat index.php
<?php
phpinfo();
?>
[root@westoslinux php]# dnf search php
[root@westoslinux php]# dnf install php.x86_64 -y
[root@westoslinux php]# ls /etc/httpd/conf.d
autoindex.conf manual.conf php.conf README userdir.conf vhost.conf welcome.conf
[root@westoslinux php]# php -m 检查pdo_mysql是否安装上
[root@westoslinux php]# systemctl restart httpd
cgi 语言
[root@westoslinux html]# mkdir cgi
[root@westoslinux html]# cd cgi
[root@westoslinux cgi]# vim index.cgi
[root@westoslinux cgi]# cat index.cgi
#!/usr/bin/perl
print "Content-Type: text/html\n\n";
print `date`;
[root@westoslinux cgi]# perl index.cgi
Content-Type: text/html
Fri Nov 5 21:20:43 CST 2021
[root@westoslinux cgi]# ls
index.cgi
[root@westoslinux cgi]# chmod +x index.cgi
[root@westoslinux cgi]# vim /etc/httpd/conf.d/vhosts.conf
[root@westoslinux cgi]# systemctl restart httpd
[root@westoslinux cgi]# getenforce
Enforcing
[root@westoslinux cgi]# semanage fcontext -l | grep /var/www/cgi
[root@westoslinux cgi]# semanage fcontext -a -t httpd_sys_script_exec_t '/var/www/html/cgi(/.*)?'
[root@westoslinux cgi]# restorecon -RvvF /var/www/html/cgi
Relabeled /var/www/html/cgi from unconfined_u:object_r:httpd_sys_content_t:s0 to system_u:object_r:httpd_sys_script_exec_t:s0
Relabeled /var/www/html/cgi/index.cgi from unconfined_u:object_r:httpd_sys_content_t:s0 to system_u:object_r:httpd_sys_script_exec_t:s0
[root@westoslinux cgi]# vim /etc/httpd/conf.d/vhosts.conf
编辑内容:
<Directory "/var/www/html/cgi">
Options ExecCGI
AddHandler cgi-script .cgi
Directoryindex index.cgi
</Directory>
[root@westoslinux cgi]# systemctl restart httpd
在浏览器上访问172.25.254.112/cgi,会出现Fri Nov 5 21:37:08 CST 2021
wsgi语言
[root@westoslinux html]# mkdir wsgi
[root@westoslinux html]# cd wsgi
[root@westoslinux wsgi]# vim index.wsgi
[root@westoslinux wsgi]# cat index.wsgi
def application(env,westos):
westos('200 ok',[('Content-Type', 'text/html')])
return [b'hello westos']
[root@westoslinux wsgi]# chmod +x index.wsgi
[root@westoslinux wsgi]# dnf search wsgi
[root@westoslinux wsgi]# dnf install python3-mod_wsgi.x86_64 -y
[root@westoslinux wsgi]# vim /etc/httpd/conf.d/vhosts.conf
编辑内容:
<VirtualHost *:80>
serverName wsgi.westos.org
WSGIScriptAlias / /var/www/html/wsgi/index.wsgi
</VirtualHost>
[root@westoslinux wsgi]# systemctl restart httpd
[root@westoslinux wsgi]# semanage fcontext -a -t httpd_sys_script_exec_t '/var/www/html/wsgi(/.*)?'
[root@westoslinux wsgi]# restorecon -RvvF /var/www/html/wsgi
Relabeled /var/www/html/wsgi from unconfined_u:object_r:httpd_sys_content_t:s0 to system_u:object_r:httpd_sys_script_exec_t:s0
Relabeled /var/www/html/wsgi/index.wsgi from unconfined_u:object_r:httpd_sys_content_t:s0 to system_u:object_r:httpd_sys_script_exec_t:s0
[root@westos_student73 Desktop]# vim /etc/hosts
[root@westos_student73 Desktop]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.254.112 www.westos.org linux.westos.org luck.westos.org wsgi.westos.org
在浏览器上访问wsgi.westos.org ,可以显示出hello westos
Apache的加密访问
dnf install mod_ssl -y
[root@westoslinux wsgi]# systemctl restart httpd
[root@westoslinux wsgi]# ls /etc/httpd/conf.d
autoindex.conf manual.conf php.conf README ssl.conf userdir.conf vhost.conf vhosts.conf welcome.conf
[root@westoslinux wsgi]# firewall-cmd --permanent --add-service=https
firsuccess
e[root@westoslinux wsgi]# firewall-cmd --reload
success
[root@westoslinux wsgi]# cd /etc/httpd
[root@westoslinux httpd]# ls
conf conf.d conf.modules.d logs modules run state
[root@westoslinux httpd]# mkdir tls
[root@westoslinux httpd]# ls
conf conf.d conf.modules.d logs modules run state tls
[root@westoslinux httpd]# cd tls
[root@westoslinux tls]# openssl req --newkey rsa:2048 -nodes -sha256 -keyout /etc/httpd/tls/www.westos.org.key -x509 -days 365 --out /etc/httpd/tls/www.westos.org.crt
.................................+++++
....................................+++++
writing new private key to '/etc/httpd/tls/www.westos.org.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:shannxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:www.westos.org
Email Address []:[email protected]
[root@westoslinux tls]# ls
www.westos.org.crt www.westos.org.key
[root@westoslinux tls]# vim /etc/httpd/conf.d/ssl.conf
编辑内容:
SSLCertificateFile /etc/httpd/tls/www.westos.org.crt
SSLCertificateKeyFile /etc/httpd/tls/www.westos.org.key
[root@westoslinux tls]# systemctl restart httpd
在浏览器中访问 https://172.25.254.112/----------->Conection-------------->more information------->view Certificate------>证书认证信息已更改
[root@westoslinux tls]# mkdir /var/www/westos.org/login
[root@westoslinux tls]# echo login\'s page > /var/www/westos.org/login/index.html
[root@westoslinux tls]# cat /var/www/westos.org/login/index.html
login's page
[root@westoslinux html]# vim /etc/httpd/conf.d/vhosts.conf
编辑内容:
<VirtualHost *:80>
ServerName login.westos.org
RewriteEngine On
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1
</VirtualHost>
<VirtualHost *:443>
ServerName login.westos.org
DocumentRoot /var/www/westos.org/login
SSLEngine on
SSLCertificateFile /etc/httpd/tls/www.westos.org.crt
SSLCertificateKeyFile /etc/httpd/tls/www.westos.org.key
</VirtualHost>
[root@westoslinux html]# systemctl restart httpd
[root@westos_student73 Desktop]# vim /etc/hosts
[root@westos_student73 Desktop]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.254.112 www.westos.org linux.westos.org luck.westos.org wsgi.westos.org login.westos.org
用login.westos.org访问浏览器,直接会跳转到https://login.westos.org/界面
Squid+Apache
实验环境
在nodea中操作
hostnamectl set-hostname westoslinux112.westos.org
vim /etc/sysconfig/netwerk-script/ifcfg-westos
编辑内容:
DEVICE=ens3
BOOTPROTO=none
IPADDR=172.25.254.112
PREFIX=24
ONBOOT=yes
NAME=westos
GATEWAY=172.25.254.73
DNS1=114.114.114.114
nmcli connection delete "Wired connection 1"
nmcli connection reload
nmcli connection up westos
ifconfig
route -u
cat /etc/resolv.conf
在nodeb 中操作
hostnamectl set-hostname westoslinux212.westos.org
nmcli connection delete "Wired connection 1"
nmcli connection add type ethernet con-name westos ifname ens3 ipv4.method manual ipv4.addresses 172.25.254.212/24
在nodea中操作:
dnf install squid -y
dnf install firefox -y
vim /etc/squid/squid.conf
59 http_access allow all
65 cache_dir ufs /var/spool/squid 100 16 256 将注释去掉
systemctl start squid
netstat -autlupe | grep squid
firewall-cmd --pernament --add-service=squid
firewall-cmd --reload
firewall-cmd --list-all
在nodeb中操作
dnf install firefox -y
打开浏览器--->右上角------>preference----->NetWork Settings--->setting--->选择Manual system proxy connfiguration---->选择Use this proxy server for all protols---->172.25.254.112 3128 在浏览器上可以访问百度
反向代理
在nodea中操作
vim /etc/squid/squid.conf
编辑内容:
http_port 80 vhost vport vhost 支持虚拟域名 vport支持虚拟端口
cache_peer 172.25.254.212 parent 80 0 proxy-only cat /usr/share/doc/squid/squid.conf.documented 查询
systemctl restart squid
rpm -qa | grep http
firewall-cmd --list-all
firewall-cmd --permanent --add-service=http
firewall-cmd --reload
在nodeb中操作:
dnf install httpd -y
systemctl start httpd
firewall-cmd --permanent --add-service=http
firewall-cmd --reload
firewall-cmd --list-all
echo 172.25.254.200 > /var/www/html/index.html
在真机中操作
firefox 访问172.25.254.112
访问时看到的是172.25.254.212上的数据