1、查看网站所使用的服务
[kiosk@foundation66 Desktop]$ su - root
Password:
Last login: Thu May 31 00:41:53 CST 2018 on pts/0
[root@foundation66 ~]# curl -I www.baidu.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: Keep-Alive
Content-Length: 277
Content-Type: text/html
Date: Thu, 31 May 2018 01:37:01 GMT
Etag: "575e1f5c-115"
Last-Modified: Mon, 13 Jun 2016 02:50:04 GMT
Pragma: no-cache
Server: bfe/1.0.8.18
2、安装apache服务
首先确保selinux为关闭状态
清空实验所需的环境
[root@localhost ~]# rpm -e httpd php php-mysql
error: package httpd is not installed
error: package php is not installed
error: package php-mysql is not installed ## 因为换了实验环境所以之前东西没有安装
[root@localhost ~]# rm -fr /var/www/
安装httpd
[root@localhost ~]# yum install httpd -y
Loaded plugins: langpacks
rhel_dvd | 4.1 kB 00:00
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.6-17.el7 will be installed
--> Processing Dependency: httpd-tools = 2.4.6-17.el7 for package: httpd-2.4.6-17.el7.x86_64
--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-17.el7.x86_64
--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-17.el7.x86_64
--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-17.el7.x86_64
--> Running transaction check
---> Package apr.x86_64 0:1.4.8-3.el7 will be installed
---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
---> Package httpd-tools.x86_64 0:2.4.6-17.el7 will be installed
---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
httpd x86_64 2.4.6-17.el7 rhel_dvd 1.2 M
Installing for dependencies:
apr x86_64 1.4.8-3.el7 rhel_dvd 103 k
apr-util x86_64 1.5.2-6.el7 rhel_dvd 92 k
httpd-tools x86_64 2.4.6-17.el7 rhel_dvd 77 k
mailcap noarch 2.1.41-2.el7 rhel_dvd 31 k
Transaction Summary
================================================================================
Install 1 Package (+4 Dependent packages)
Total download size: 1.5 M
Installed size: 4.3 M
Downloading packages:
(1/5): apr-1.4.8-3.el7.x86_64.rpm | 103 kB 00:00
(2/5): apr-util-1.5.2-6.el7.x86_64.rpm | 92 kB 00:00
(3/5): httpd-2.4.6-17.el7.x86_64.rpm | 1.2 MB 00:00
(4/5): httpd-tools-2.4.6-17.el7.x86_64.rpm | 77 kB 00:00
(5/5): mailcap-2.1.41-2.el7.noarch.rpm | 31 kB 00:00
--------------------------------------------------------------------------------
Total 9.0 MB/s | 1.5 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : apr-1.4.8-3.el7.x86_64 1/5
Installing : apr-util-1.5.2-6.el7.x86_64 2/5
Installing : httpd-tools-2.4.6-17.el7.x86_64 3/5
Installing : mailcap-2.1.41-2.el7.noarch 4/5
Installing : httpd-2.4.6-17.el7.x86_64 5/5
Verifying : mailcap-2.1.41-2.el7.noarch 1/5
Verifying : httpd-tools-2.4.6-17.el7.x86_64 2/5
Verifying : apr-1.4.8-3.el7.x86_64 3/5
Verifying : apr-util-1.5.2-6.el7.x86_64 4/5
Verifying : httpd-2.4.6-17.el7.x86_64 5/5
Installed:
httpd.x86_64 0:2.4.6-17.el7
Dependency Installed:
apr.x86_64 0:1.4.8-3.el7 apr-util.x86_64 0:1.5.2-6.el7
httpd-tools.x86_64 0:2.4.6-17.el7 mailcap.noarch 0:2.1.41-2.el7
Complete!
[root@localhost ~]#
3、开启apache服务
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl enable httpd
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
[root@localhost ~]#
打开浏览器测试
访问特定页面
二、修改默认端口
[root@localhost html]# netstat -antlupe | grep httpd ##查看端口信息
tcp6 0 0 :::80 :::* LISTEN 0 39981 1806/httpd
[root@localhost html]# vim /etc/httpd/conf/httpd.conf
[root@localhost html]# systemctl restart httpd
[root@localhost html]# netstat -antlupe | grep httpd ##端口修改成功
tcp6 0 0 :::8080 :::* LISTEN 0 75682 30147/httpd
修改后就无法访问默认地址,所以需要修改回去
三、修改默认访问目录
[root@localhost html]# mkdir webtest
[root@localhost html]# vim webtest/index.html
[root@localhost html]# vim /etc/httpd/conf/httpd.conf
[root@localhost html]# systemctl restart httpd
[root@localhost html]#
打开浏览器测试
实验完成,修改回去
四、设置访问ip拒绝
[root@localhost html]# mkdir nolog
[root@localhost html]# ls
biu.html index.html nolog webtest
[root@localhost html]# vim /etc/httpd/conf/httpd.conf
[root@localhost html]# systemctl restart httpd
[root@localhost html]#
我让172.25.254.166访问被拒绝
测试 172.25.25.166 访问
可以看出 166ip访问被拒绝了
2、拒绝来自用户的访问
恢复实验环境,将基于ip的访问控制语句块注释掉
[root@localhost html]# cd /etc/httpd/
[root@localhost httpd]# ls
conf conf.d conf.modules.d logs modules run
[root@localhost httpd]# htpasswd -cm apacheuser admin ##创建文件apacheuser -m强制密码的MD5加密 admin是用户
New password:
Re-type new password: ##设置admin用户的密码
Adding password for user admin
[root@localhost httpd]# htpasswd -cm apacheuser tom ##再次创建用户
New password:
Re-type new password:
Adding password for user tom
[root@localhost httpd]# ls
apacheuser conf conf.d conf.modules.d logs modules run
[root@localhost httpd]# cat apacheuser ##可以看见只剩tom用户 所以建立时不能添加c会覆盖
tom:$apr1$FBcgzE2d$aqXee6FBN0RXyvjLawNMH1
[root@localhost httpd]# htpasswd -m apacheuser admin 建立回来 不加-c
New password:
Re-type new password:
Adding password for user admin
[root@localhost httpd]# cat apacheuser
tom:$apr1$FBcgzE2d$aqXee6FBN0RXyvjLawNMH1
admin:$apr1$4sP8.iv8$HZUiGJyq0jSyyId37PGqV/
[root@localhost httpd]#
修改配置文件,加入下面语句块,重启服务
DocumentRoot "/var/www/html"
#<Directory "/var/www/html/nolog">
# order Allow,Deny
# Allow from All
# Deny from 172.25.254.166
#</Directory>
<Directory"/var/www/html/webtest">
AuthUserFile /etc/httpd/apacheuser ##指定用户认证文件
AuthName "input your user and password!" ## 进入时的提示
AuthType basic ##加密方式 基本
Require user admin 可以访问的用户 admin
测试admin可以访问
tom不能
修改为所有人可以访问
tom可以访问
五、安全加密的http
https、
1、安装ssl加密模块
[root@localhost httpd]# yum install mod_ssl.x86_64 -y
Loaded plugins: langpacks
Resolving Dependencies
--> Running transaction check
---> Package mod_ssl.x86_64 1:2.4.6-17.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
==============================================================================
Package Arch Version Repository Size
==============================================================================
Installing:
mod_ssl x86_64 1:2.4.6-17.el7 rhel_dvd 97 k
Transaction Summary
==============================================================================
Install 1 Package
Total download size: 97 k
Installed size: 219 k
Downloading packages:
mod_ssl-2.4.6-17.el7.x86_64.rpm | 97 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 1:mod_ssl-2.4.6-17.el7.x86_64 1/1
Verifying : 1:mod_ssl-2.4.6-17.el7.x86_64 1/1
Installed:
mod_ssl.x86_64 1:2.4.6-17.el7
Complete!
安装提供管理和生成SSL证书和密钥的工具
[root@localhost httpd]# yum install crypto-utils -y
Loaded plugins: langpacks
Resolving Dependencies
--> Running transaction check
---> Package crypto-utils.x86_64 0:2.4.1-42.el7 will be installed
--> Processing Dependency: perl(Newt) for package: crypto-utils-2.4.1-42.el7.x86_64
--> Running transaction check
---> Package perl-Newt.x86_64 0:1.08-36.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
==============================================================================
Package Arch Version Repository Size
==============================================================================
Installing:
crypto-utils x86_64 2.4.1-42.el7 rhel_dvd 78 k
Installing for dependencies:
perl-Newt x86_64 1.08-36.el7 rhel_dvd 64 k
Transaction Summary
==============================================================================
Install 1 Package (+1 Dependent package)
Total download size: 143 k
Installed size: 347 k
Downloading packages:
(1/2): crypto-utils-2.4.1-42.el7.x86_64.rpm | 78 kB 00:00
(2/2): perl-Newt-1.08-36.el7.x86_64.rpm | 64 kB 00:00
------------------------------------------------------------------------------
Total 796 kB/s | 143 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : perl-Newt-1.08-36.el7.x86_64 1/2
Installing : crypto-utils-2.4.1-42.el7.x86_64 2/2
Verifying : crypto-utils-2.4.1-42.el7.x86_64 1/2
Verifying : perl-Newt-1.08-36.el7.x86_64 2/2
Installed:
crypto-utils.x86_64 0:2.4.1-42.el7
Dependency Installed:
perl-Newt.x86_64 0:1.08-36.el7
Complete!
3、加密
不勾选开启服务器输入密码
编写证书信息
Country Name (ISO 2 letter code) CN_ │
│ State or Province Name (full name) Shannxi_____________ │
│ Locality Name (e.g. city) xi'an_______________ │
│ Organization Name (eg, company) westos________________________ │
│ Organizational Unit Name (eg, section) linux_________________________ │
│ │
│ Common Name (fully qualified domain name) www.westos.com____________
在ssl.conf文件中写入密码和证书
重启服务
打开浏览器
www.westos.com
页面点击 try again > i understand the risks > add exception > get certificate > confirm security exception
在座上角可以查看证书