httpd的实例(经典)
实例一
- 1.从http://ldap.example.com/pub/example.html下载文件,并重命名为index.html,不修改文件内容
- 2.将文件index.html拷贝到你的DocumentRoot目录
- 3 来自于example.com的客户端可以访问web服务器
- 4.来自于my133t.org的客户端的访问会被拒绝
[root@server30 ~]# cd /var/www/
cgi-bin/ html/
[root@server30 ~]# cd /var/www/html/
[root@server30 html]# wget -O index.html http://ldap.example.com/pub/example.html
--2019-01-17 19:03:11-- http://ldap.example.com/pub/example.html
Resolving ldap.example.com (ldap.example.com)... 172.16.30.254
Connecting to ldap.example.com (ldap.example.com)|172.16.30.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 21 [text/html]
Saving to: ‘index.html’
100%[======================================>] 21 --.-K/s in 0s
2019-01-17 19:03:11 (3.25 MB/s) - ‘index.html’ saved [21/21]
[root@server30 html]# ls
index.html
[root@server30 html]# cat index.html
server30.example.com
[root@server30 html]#
[root@server30 html]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 service name=http accept' --permanent
success
[root@server30 html]# firewall-cmd --reload
success
[root@server30 html]#
[root@server30 ~]# systemctl restart httpd
[root@server30 ~]# systemctl enable httpd
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
[root@server30 ~]#
实例二
- 已签名证书从http://ldap.example.com/pub/server30.crt获取
- 证书的密钥从http://ldap.example.com/pub/server30.key获取
- 证书的签名授权信息从http://ldap.example.com/pub/group30.crt获取
[root@server30 ~]# rpm -qa | grep mod_ssl
mod_ssl-2.4.6-17.el7.x86_64
[root@server30 ~]#
[root@server30 ~]# cd /etc/httpd/conf.d/
[root@server30 conf.d]# ls
autoindex.conf README ssl.conf userdir.conf welcome.conf
[root@server30 conf.d]# vim ssl.conf
#DocumentRoot "/var/www/html"
ServerName server30.example.com:443
[root@server30 conf.d]# cd /etc/pki/tls/certs/
[root@server30 certs]# ls
ca-bundle.crt localhost.crt Makefile
ca-bundle.trust.crt make-dummy-cert renew-dummy-cert
[root@server30 certs]# wget http://ldap.example.com/pub/server30.crt
[root@server30 certs]# wget http://ldap.example.com/pub/group30.crt
[root@server30 certs]# cd ..
[root@server30 tls]# cd private/
[root@server30 private]# ls
localhost.key
[root@server30 private]# wget http://ldap.example.com/pub/server30.key
[root@server30 ~]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 service name=https accept' --permanent
success
[root@server30 ~]# firewall-cmd --reload
success
[root@server30 ~]#
[root@server30 ~]# vim /etc/httpd/conf.d/ssl.conf
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/server30.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/server30.key
# huge file containing all of them (file must be PEM encoded)
SSLCACertificateFile /etc/pki/tls/certs/group30.crt
[root@server30 ~]# systemctl restart httpd
实例三
- 1.为站点http://ldap.example.com创建一个虚拟主机
- 2.设置 DocumentRoot 为/var/www/virtual
- 3.从http://ldap.example.com/pub/www.html下载文件,并重命名为index.html,不要修改文件内容
- 4.将文件index.html拷贝到 DocumentRoot目录下
- 5.确保floyd用户能够在/var/www/virtual下创建文件
[root@server30 ~]# cd /var/www/
[root@server30 www]# mkdir virtual
[root@server30 www]# cd virtual/
[root@server30 virtual]# wget http://ldap.example.com/pub/www.html
--2019-01-18 10:14:32-- http://ldap.example.com/pub/www.html
Resolving ldap.example.com (ldap.example.com)... 172.16.30.254
Connecting to ldap.example.com (ldap.example.com)|172.16.30.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 16 [text/html]
Saving to: ‘www.html’
100%[======================================>] 16 --.-K/s in 0s
2019-01-18 10:14:32 (2.39 MB/s) - ‘www.html’ saved [16/16]
[root@server30 virtual]# ls
www.html
[root@server30 virtual]# mv www.html index.html
[root@server30 virtual]# ls
index.html
[root@server30 virtual]# cat index.html
www.example.com
[root@server30 virtual]#
[root@server30 ~]# useradd floyd
[root@server30 ~]# setfacl -m u:floyd:rwx /var/www/virtual
[root@server30 ~]# getfacl /var/www/virtual
getfacl: Removing leading '/' from absolute path names
# file: var/www/virtual
# owner: root
# group: root
user::rwx
user:floyd:rwx
group::r-x
mask::rwx
other::r-x
[root@server30 ~]#
[root@server30 ~]# find / -name *vhost*
/dev/vhost-net
/etc/selinux/targeted/modules/active/modules/vhostmd.pp
/usr/lib/modules/3.10.0-123.el7.x86_64/kernel/drivers/vhost
/usr/lib/modules/3.10.0-123.el7.x86_64/kernel/drivers/vhost/vhost_net.ko
/usr/lib64/httpd/modules/mod_vhost_alias.so
/usr/share/doc/httpd-2.4.6/httpd-vhosts.conf
[root@server30 ~]# cd /etc/httpd/conf.d/
[root@server30 conf.d]# cp /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf .
[root@server30 conf.d]# ls
autoindex.conf httpd-vhosts.conf README ssl.conf userdir.conf welcome.conf
[root@server30 conf.d]#
[root@server30 conf.d]# vim httpd-vhosts.conf
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName server30.example.com
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/var/www/virtual"
ServerName www.example.com
</VirtualHost>
[root@server30 ~]# systemctl restart httpd
[root@desktop30 ~]# vim /etc/hosts
172.16.30.9 www.example.com
172.16.30.9 server30.example.com
实例四
- 1.在server上的web服务器的 DocumentRoot目录下创建一个名为private的目录,从http://ldap.example.com/pub/private.html下载文件到这个目录,并重命名为index.html,不要修改文件内容
- 2.在server上,任何人都可以浏览private的内容,但是从其他系统不能访问这个目录的内容
[root@server30 ~]# cd /var/www/html/
[root@server30 html]# mkdir private
[root@server30 html]# wget -O private/index.html http://ldap.example.com/pub/private.html
--2019-01-18 10:55:32-- http://ldap.example.com/pub/private.html
Resolving ldap.example.com (ldap.example.com)... 172.16.30.254
Connecting to ldap.example.com (ldap.example.com)|172.16.30.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 8 [text/html]
Saving to: ‘private/index.html’
100%[======================================>] 8 --.-K/s in 0s
2019-01-18 10:55:32 (1.55 MB/s) - ‘private/index.html’ saved [8/8]
[root@server30 html]# cd private/
[root@server30 private]# ls
index.html
[root@server30 private]#
[root@server30 ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName server30.example.com
<Directory "/var/www/html/private">
Require ip 172.16.30.9
</Directory>
</VirtualHost>
[root@server30 ~]# systemctl restart httpd
实例五
- 动态内容由为 alt.example.com的虚拟主机提供
- 虚拟主机侦听端口为8909
- 1.从http://ldap.example.com/pub/webapp.wsgi下载一个脚本,然后放在适当的位置,不用修改文件内容
- 2.客户端访问http://ldap.example.com:8909时,应接受到动态生成的web页面,此http://alt.example.com:8909必须能被example.com内所有的系统访问
[root@server30 ~]# cd /var/www/
[root@server30 www]# ls
cgi-bin html virtual
[root@server30 www]# mkdir wsgi
[root@server30 www]# cd wsgi
[root@server30 wsgi]# wget http://ldap.example.com/pub/webapp.wsgi
--2019-01-18 11:23:14-- http://ldap.example.com/pub/webapp.wsgi
Resolving ldap.example.com (ldap.example.com)... 172.16.30.254
Connecting to ldap.example.com (ldap.example.com)|172.16.30.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 277
Saving to: ‘webapp.wsgi’
100%[======================================>] 277 --.-K/s in 0s
2019-01-18 11:23:14 (42.6 MB/s) - ‘webapp.wsgi’ saved [277/277]
[root@server30 wsgi]# ls
webapp.wsgi
[root@server30 wsgi]#
[root@server30 ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf
//在最后面加上下面内容
Listen 8909
<VirtualHost *:8909>
WSGIScriptAlias / "/var/www/wsgi/webapp.wsgi"
ServerName alt.example.com
</VirtualHost>
[root@server30 ~]# yum -y install mod_wsgi
[root@server30 ~]# semanage port -l | grep http
http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
http_cache_port_t udp 3130
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
[root@server30 ~]# semanage port -a -t http_port_t -p tcp 8909
[root@server30 ~]# semanage port -l | grep http
http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
http_cache_port_t udp 3130
http_port_t tcp 8909, 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
[root@server30 ~]#
[root@server30 ~]# systemctl restart httpd
[root@server30 ~]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 port protocol=tcp port=8909 accept' --permanent
success
[root@server30 ~]# firewall-cmd --reload
success
[root@server30 ~]#