httpd经典案例

httpd的实例（经典）

实例一

• 1.从http://ldap.example.com/pub/example.html下载文件，并重命名为index.html，不修改文件内容
• 2.将文件index.html拷贝到你的DocumentRoot目录
• 3 来自于example.com的客户端可以访问web服务器
• 4.来自于my133t.org的客户端的访问会被拒绝

    [root@server30 ~]# cd /var/www/
cgi-bin/ html/    
[root@server30 ~]# cd /var/www/html/
[root@server30 html]# wget -O index.html http://ldap.example.com/pub/example.html
--2019-01-17 19:03:11--  http://ldap.example.com/pub/example.html
Resolving ldap.example.com (ldap.example.com)... 172.16.30.254
Connecting to ldap.example.com (ldap.example.com)|172.16.30.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 21 [text/html]
Saving to: ‘index.html’

100%[======================================>] 21          --.-K/s   in 0s      

2019-01-17 19:03:11 (3.25 MB/s) - ‘index.html’ saved [21/21]

[root@server30 html]# ls
index.html
[root@server30 html]# cat index.html 
server30.example.com
[root@server30 html]#

[root@server30 html]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 service name=http accept' --permanent
success
[root@server30 html]# firewall-cmd --reload
success
[root@server30 html]# 
[root@server30 ~]# systemctl restart httpd
[root@server30 ~]# systemctl enable httpd
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
[root@server30 ~]# 

实例二

1. 已签名证书从http://ldap.example.com/pub/server30.crt获取
2. 证书的密钥从http://ldap.example.com/pub/server30.key获取
3. 证书的签名授权信息从http://ldap.example.com/pub/group30.crt获取

[root@server30 ~]# rpm -qa | grep mod_ssl
mod_ssl-2.4.6-17.el7.x86_64
[root@server30 ~]# 
[root@server30 ~]# cd /etc/httpd/conf.d/
[root@server30 conf.d]# ls
autoindex.conf  README  ssl.conf  userdir.conf  welcome.conf
[root@server30 conf.d]# vim ssl.conf
#DocumentRoot "/var/www/html"
ServerName server30.example.com:443

[root@server30 conf.d]# cd /etc/pki/tls/certs/
[root@server30 certs]# ls
ca-bundle.crt        localhost.crt    Makefile
ca-bundle.trust.crt  make-dummy-cert  renew-dummy-cert
[root@server30 certs]# wget http://ldap.example.com/pub/server30.crt
[root@server30 certs]# wget http://ldap.example.com/pub/group30.crt
[root@server30 certs]# cd ..
[root@server30 tls]# cd private/
[root@server30 private]# ls
localhost.key
[root@server30 private]# wget http://ldap.example.com/pub/server30.key

[root@server30 ~]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 service name=https accept' --permanent
success
[root@server30 ~]# firewall-cmd --reload
success
[root@server30 ~]# 
[root@server30 ~]# vim /etc/httpd/conf.d/ssl.conf



# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/server30.crt

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/server30.key

#   huge file containing all of them (file must be PEM encoded)
SSLCACertificateFile /etc/pki/tls/certs/group30.crt

[root@server30 ~]# systemctl restart httpd

实例三

• 1.为站点http://ldap.example.com创建一个虚拟主机
• 2.设置 DocumentRoot 为/var/www/virtual
• 3.从http://ldap.example.com/pub/www.html下载文件，并重命名为index.html，不要修改文件内容
• 4.将文件index.html拷贝到 DocumentRoot目录下
• 5.确保floyd用户能够在/var/www/virtual下创建文件

[root@server30 ~]# cd /var/www/
[root@server30 www]# mkdir virtual
[root@server30 www]# cd virtual/
[root@server30 virtual]# wget http://ldap.example.com/pub/www.html
--2019-01-18 10:14:32--  http://ldap.example.com/pub/www.html
Resolving ldap.example.com (ldap.example.com)... 172.16.30.254
Connecting to ldap.example.com (ldap.example.com)|172.16.30.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 16 [text/html]
Saving to: ‘www.html’

100%[======================================>] 16          --.-K/s   in 0s      

2019-01-18 10:14:32 (2.39 MB/s) - ‘www.html’ saved [16/16]

[root@server30 virtual]# ls
www.html
[root@server30 virtual]# mv www.html index.html
[root@server30 virtual]# ls
index.html
[root@server30 virtual]# cat index.html 
www.example.com
[root@server30 virtual]# 

[root@server30 ~]# useradd floyd
[root@server30 ~]# setfacl -m u:floyd:rwx /var/www/virtual
[root@server30 ~]# getfacl /var/www/virtual
getfacl: Removing leading '/' from absolute path names
# file: var/www/virtual
# owner: root
# group: root
user::rwx
user:floyd:rwx
group::r-x
mask::rwx
other::r-x

[root@server30 ~]# 
[root@server30 ~]# find / -name *vhost*
/dev/vhost-net
/etc/selinux/targeted/modules/active/modules/vhostmd.pp
/usr/lib/modules/3.10.0-123.el7.x86_64/kernel/drivers/vhost
/usr/lib/modules/3.10.0-123.el7.x86_64/kernel/drivers/vhost/vhost_net.ko
/usr/lib64/httpd/modules/mod_vhost_alias.so
/usr/share/doc/httpd-2.4.6/httpd-vhosts.conf
[root@server30 ~]# cd /etc/httpd/conf.d/
[root@server30 conf.d]# cp /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf .
[root@server30 conf.d]# ls
autoindex.conf  httpd-vhosts.conf  README  ssl.conf  userdir.conf  welcome.conf
[root@server30 conf.d]# 



[root@server30 conf.d]# vim httpd-vhosts.conf 

# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost *:80>
    DocumentRoot "/var/www/html"
    ServerName server30.example.com
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "/var/www/virtual"
    ServerName www.example.com
</VirtualHost>

[root@server30 ~]# systemctl restart httpd


[root@desktop30 ~]# vim /etc/hosts

172.16.30.9 www.example.com
172.16.30.9 server30.example.com

实例四

• 1.在server上的web服务器的 DocumentRoot目录下创建一个名为private的目录，从http://ldap.example.com/pub/private.html下载文件到这个目录，并重命名为index.html，不要修改文件内容
• 2.在server上，任何人都可以浏览private的内容，但是从其他系统不能访问这个目录的内容

[root@server30 ~]# cd /var/www/html/
[root@server30 html]# mkdir private
[root@server30 html]# wget -O private/index.html http://ldap.example.com/pub/private.html 
--2019-01-18 10:55:32--  http://ldap.example.com/pub/private.html
Resolving ldap.example.com (ldap.example.com)... 172.16.30.254
Connecting to ldap.example.com (ldap.example.com)|172.16.30.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 8 [text/html]
Saving to: ‘private/index.html’

100%[======================================>] 8           --.-K/s   in 0s      

2019-01-18 10:55:32 (1.55 MB/s) - ‘private/index.html’ saved [8/8]

[root@server30 html]# cd private/
[root@server30 private]# ls
index.html
[root@server30 private]# 


[root@server30 ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf 
<VirtualHost *:80>
    DocumentRoot "/var/www/html"
    ServerName server30.example.com
    <Directory "/var/www/html/private">
    Require ip 172.16.30.9
    </Directory>
</VirtualHost>

[root@server30 ~]# systemctl restart httpd

实例五

• 动态内容由为 alt.example.com的虚拟主机提供
• 虚拟主机侦听端口为8909
• 1.从http://ldap.example.com/pub/webapp.wsgi下载一个脚本，然后放在适当的位置，不用修改文件内容
• 2.客户端访问http://ldap.example.com：8909时，应接受到动态生成的web页面，此http://alt.example.com：8909必须能被example.com内所有的系统访问

[root@server30 ~]# cd /var/www/
[root@server30 www]# ls
cgi-bin  html  virtual
[root@server30 www]# mkdir wsgi
[root@server30 www]# cd wsgi
[root@server30 wsgi]# wget http://ldap.example.com/pub/webapp.wsgi
--2019-01-18 11:23:14--  http://ldap.example.com/pub/webapp.wsgi
Resolving ldap.example.com (ldap.example.com)... 172.16.30.254
Connecting to ldap.example.com (ldap.example.com)|172.16.30.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 277
Saving to: ‘webapp.wsgi’

100%[======================================>] 277         --.-K/s   in 0s      

2019-01-18 11:23:14 (42.6 MB/s) - ‘webapp.wsgi’ saved [277/277]

[root@server30 wsgi]# ls
webapp.wsgi
[root@server30 wsgi]# 

[root@server30 ~]# vim  /etc/httpd/conf.d/httpd-vhosts.conf
//在最后面加上下面内容
Listen 8909
<VirtualHost *:8909>
    WSGIScriptAlias / "/var/www/wsgi/webapp.wsgi"
    ServerName alt.example.com
</VirtualHost>

[root@server30 ~]# yum -y install mod_wsgi

[root@server30 ~]# semanage port -l | grep http
http_cache_port_t              tcp      8080, 8118, 8123, 10001-10010
http_cache_port_t              udp      3130
http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t            tcp      5988
pegasus_https_port_t           tcp      5989
[root@server30 ~]# semanage port -a -t http_port_t -p tcp 8909
[root@server30 ~]# semanage port -l | grep http
http_cache_port_t              tcp      8080, 8118, 8123, 10001-10010
http_cache_port_t              udp      3130
http_port_t                    tcp      8909, 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t            tcp      5988
pegasus_https_port_t           tcp      5989
[root@server30 ~]# 

[root@server30 ~]# systemctl restart httpd
[root@server30 ~]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 port protocol=tcp port=8909 accept' --permanent
success
[root@server30 ~]# firewall-cmd --reload
success
[root@server30 ~]#