◆案例1◆ 编译安装Apache
1.配置yum源,安装依赖
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo yum -y install epel-release yum install -y gcc openssl openssl-devel zlib zlib-devel pcre pcre-devel expat-devel libxml2-devel
2.安装Apr -1.6.3
wget http://www-eu.apache.org/dist//apr/apr-1.6.3.tar.gz tar -xzvf apr-1.6.3.tar.gz cd apr-1.6.3/ CC="gcc -m64" ./configure --prefix=/usr/local/apr ./configure --prefix=/usr/local/apr make && make install
3.安装Apr-util -1.6.1
wget http://www-eu.apache.org/dist//apr/apr-util-1.6.1.tar.gz tar -xzvf apr-util-1.6.1.tar.gz cd apr-util-1.6.1/ ./configure --prefix=/usr/local/apr-util \ --with-apr=/usr/local/apr make && make install
4.安装Apache -2.4.33
wget http://www-eu.apache.org/dist//httpd/httpd-2.4.33.tar.gz tar -xzvf httpd-2.4.33.tar.gz cd httpd-2.4.33/ ./configure --prefix=/usr/local/apache2 \ --enable-rewrite \ --enable-so \ --enable-headers \ --enable-expires \ --with-mpm=worker \ --enable-modules=most \ --enable-deflate \ --enable-ssl \ --with-apr=/usr/local/apr \ --with-apr-util=/usr/local/apr-util \ --with-pcre=/usr/local/pcre make && make install
◆案例2◆ Apache实现身份验证 -- 基于用户名密码的认证 <打开网页实现身份验证>
1.编辑Apache主配置文件
编辑配置文件,在相应的区域中加入以下标★语句
vim /usr/local/apache2/conf/httpd.conf 235 # AllowOverride controls what directives may be placed in .htaccess files. 236 # It can be "All", "None", or any combination of the keywords: 237 # AllowOverride FileInfo AuthConfig Limit 238 # ★ AllowOverride None #修改为 AllowOverride all 240 241 # 242 # Controls who can get stuff from this server.
2.在要添加认证的网页文件下创建 .htaccess 文件,并写入以下内容
编辑配置文件,在相应的区域中覆盖写入
vim /usr/local/apache2/htdocs/.htaccess authname "welcome to admin" #欢迎提示信息 authtype basic #认证类型 authuserfile /usr/local/apache2/htdocs/login.psd #认证文件存放位置 require valid-user #除认证用户其他用户不允许登陆
3.借助Apache的工具生成密码文件
/usr/local/apache2/bin/htpasswd -c /usr/local/apache2/htdocs/login.psd LyShark #创建认证用户(覆盖) /usr/local/apache2/bin/htpasswd -m /usr/local/apache2/htdocs/login.psd LyShark #写入认证用户(追加)
4.重启Apache服务
/usr/local/apache2/bin/apachectl restart
◆案例3◆ Apache-实现身份验证 -- 基于客户端的验证
◆允许个别IP地址访问网页,拒绝所有◆
1.编辑Apache主配置文件
编辑配置文件,在相应的区域中加入以下标★语句,在<Directory>嵌套里写以下内容
vim /usr/local/apache2/conf/httpd.conf 234 # 235 # AllowOverride controls what directives may be placed in .htaccess files. 236 # It can be "All", "None", or any combination of the keywords: 237 # AllowOverride FileInfo AuthConfig Limit 238 # 239 AllowOverride None 240 ★ <requireall> ★ require all granted ★ require ip 192.168.1.10 #允许访问的IP地址 ★ </requireall> 245 246 # 247 # Controls who can get stuff from this server. 248 # 249 #Require all granted #注释掉 250 </Directory>
2.重启Apache服务
/usr/local/apache2/bin/apachectl restart
◆拒绝个别IP地址访问网页,允许所有◆
1.编辑Apache主配置文件
编辑配置文件,在相应的区域中加入以下标★语句,在<Directory>嵌套里写以下内容
vim /usr/local/apache2/conf/httpd.conf 235 # AllowOverride controls what directives may be placed in .htaccess files. 236 # It can be "All", "None", or any combination of the keywords: 237 # AllowOverride FileInfo AuthConfig Limit 238 # 239 AllowOverride None 240 <requireall> 241 require all granted 242 require not ip 192.168.1.10 #拒绝访问的IP地址 243 </requireall> 244 # 245 # Controls who can get stuff from this server. 246 # 247 #Require all granted #注释掉 248 </Directory>
2.重启Apache服务
/usr/local/apache2/bin/apachectl restart
◆案例4◆ 目录别名 - 减小目录深度
1.编辑Apache主配置文件
编辑配置文件,在配置文件行尾,追加写入以下标★语句
vim /usr/local/apache2/conf/httpd.conf 496 # Note: The following must must be present to support 497 # starting without SSL on platforms with no /dev/random equivalent 498 # but a statically compiled-in mod_ssl. 499 # 500 <IfModule ssl_module> 501 SSLRandomSeed startup builtin 502 SSLRandomSeed connect builtin 503 </IfModule> 504 ★ alias "/lyshark" "/usr/local/apache2/htdocs/a/b/c/d" #地址简化 ★含义:将访问路径由 http://IP地址/a/b/c/d 简化为 http://IP地址/lyshark
2.重启Apache服务
/usr/local/apache2/bin/apachectl restart
◆案例5◆ 配置虚拟主机 <重点>
◆基于IP的虚拟主机◆ >>>实现一台服务器多个IP地址,搭建多个网站<<<
1.在eno16777728上配置一个网卡子接口
[root@localhost]# ifconfig eno16777728:0 192.168.1.13 netmask 255.255.255.0 [root@localhost]# ifconfig eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.12 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::20c:29ff:fe1e:14e2 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:1e:14:e2 txqueuelen 1000 (Ethernet) RX packets 40292 bytes 4129804 (3.9 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 8962 bytes 1557264 (1.4 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eno16777728:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.13 netmask 255.255.255.0 broadcast 192.168.1.255 ether 00:0c:29:1e:14:e2 txqueuelen 1000 (Ethernet)
2.编辑主配置文件,开启虚拟主机选项(取消注释),在相应的区域中取消以下标★注释
vim /usr/local/apache2/conf/httpd.conf 475 476 # Virtual hosts ★ Include conf/extra/httpd-vhosts.conf #取消本行注释,开启虚拟主机模块 478 479 # Local access to the Apache HTTP Server Manual
3.修改虚拟主机配置文件添加虚拟主机,在相应的区域中修改以下标★语句
vim /usr/local/apache2/conf/extra/httpd-vhosts.conf 18 # VirtualHost example: 19 # Almost any Apache directive may go into a VirtualHost container. 20 # The first VirtualHost section is used for all requests that do not 21 # match a ServerName or ServerAlias in any <VirtualHost> block. 22 # ★ <VirtualHost 192.168.1.12:80> 24 ServerAdmin webmaster@dummy-host.example.com ★ DocumentRoot "/usr/local/apache2/htdocs/vhost1" 26 ServerName dummy-host.example.com 27 ServerAlias www.dummy-host.example.com 28 ErrorLog "logs/dummy-host.example.com-error_log" 29 CustomLog "logs/dummy-host.example.com-access_log" common 30 </VirtualHost> 31 ★ <VirtualHost 192.168.1.13:80> 33 ServerAdmin webmaster@dummy-host2.example.com ★ DocumentRoot "/usr/local/apache2/htdocs/vhost2" 35 ServerName dummy-host2.example.com 36 ErrorLog "logs/dummy-host2.example.com-error_log" 37 CustomLog "logs/dummy-host2.example.com-access_log" common 38 </VirtualHost>
4.分别创建vhost1 和vhost2目录,并放入两个index.html文件
mkdir /usr/local/apache2/htdocs/vhost1 mkdir /usr/local/apache2/htdocs/vhost2 echo "vhost1 test page" > /usr/local/apache2/htdocs/vhost1/index.html echo "vhost2 test page" > /usr/local/apache2/htdocs/vhost2/index.html
5.重启Apache服务
/usr/local/apache2/bin/apachectl restart
◆基于端口的虚拟主机◆ >>>实现一台服务器多个端口,搭建多个网站<<<
1.编辑主配置文件,开启虚拟主机选项(取消注释),在相应的区域中取消以下标★注释
vim /usr/local/apache2/conf/httpd.conf 475 476 # Virtual hosts ★ Include conf/extra/httpd-vhosts.conf #取消本行注释,开启虚拟主机模块 478 479 # Local access to the Apache HTTP Server Manual
2.修改虚拟主机配置文件添加虚拟主机,在相应的区域中修改以下标★语句
vim /usr/local/apache2/conf/extra/httpd-vhosts.conf 18 # VirtualHost example: 19 # Almost any Apache directive may go into a VirtualHost container. 20 # The first VirtualHost section is used for all requests that do not 21 # match a ServerName or ServerAlias in any <VirtualHost> block. 22 # ★ <VirtualHost 192.168.1.12:80> 24 ServerAdmin webmaster@dummy-host.example.com ★ DocumentRoot "/usr/local/apache2/htdocs/vhost1" 26 ServerName dummy-host.example.com 27 ServerAlias www.dummy-host.example.com 28 ErrorLog "logs/dummy-host.example.com-error_log" 29 CustomLog "logs/dummy-host.example.com-access_log" common 30 </VirtualHost> 31 ★ <VirtualHost 192.168.1.12:8080> 33 ServerAdmin webmaster@dummy-host2.example.com ★ DocumentRoot "/usr/local/apache2/htdocs/vhost2" 35 ServerName dummy-host2.example.com 36 ErrorLog "logs/dummy-host2.example.com-error_log" 37 CustomLog "logs/dummy-host2.example.com-access_log" common 38 </VirtualHost>
3.分别创建vhost1 和vhost2目录,并放入两个index.html文件
mkdir /usr/local/apache2/htdocs/vhost1 mkdir /usr/local/apache2/htdocs/vhost2 echo "vhost1 test page" > /usr/local/apache2/htdocs/vhost1/index.html echo "vhost2 test page" > /usr/local/apache2/htdocs/vhost2/index.html
4.重启Apache服务
/usr/local/apache2/bin/apachectl restart
◆基于域名的虚拟主机◆ >>>实现一台服务器多个域名,搭建多个网站<<<
1.手动搭建dns服务器,实现正向解析,将解析地址指向同一个ip
www.wang.com 127.0.0.1 www.rui.com 127.0.0.1
2.编辑主配置文件,开启虚拟主机选项(取消注释),在相应的区域中取消以下标★注释
vim /usr/local/apache2/conf/httpd.conf 475 476 # Virtual hosts ★ Include conf/extra/httpd-vhosts.conf #取消本行注释,开启虚拟主机模块 478 479 # Local access to the Apache HTTP Server Manual
3.修改虚拟主机配置文件添加虚拟主机,在相应的区域中修改以下标★语句
vim /usr/local/apache2/conf/extra/httpd-vhosts.conf 18 # VirtualHost example: 19 # Almost any Apache directive may go into a VirtualHost container. 20 # The first VirtualHost section is used for all requests that do not 21 # match a ServerName or ServerAlias in any <VirtualHost> block. 22 # 23 <VirtualHost *:80> 24 ServerAdmin webmaster@dummy-host.example.com ★ DocumentRoot "/usr/local/apache2/htdocs/vhost1" ★ ServerName www.wang.com #wang.com解析到vhost1目录下 27 ServerAlias www.dummy-host.example.com 28 ErrorLog "logs/dummy-host.example.com-error_log" 29 CustomLog "logs/dummy-host.example.com-access_log" common 30 </VirtualHost> 31 32 <VirtualHost *:80> 33 ServerAdmin webmaster@dummy-host2.example.com ★ DocumentRoot "/usr/local/apache2/htdocs/vhost2" ★ ServerName www.rui.com #rui.com解析到vhost2目录下 36 ErrorLog "logs/dummy-host2.example.com-error_log" 37 CustomLog "logs/dummy-host2.example.com-access_log" common 38 </VirtualHost>
4.分别创建vhost1 和vhost2目录,并放入两个index.html文件
mkdir /usr/local/apache2/htdocs/vhost1 mkdir /usr/local/apache2/htdocs/vhost2 echo "vhost1 test page" > /usr/local/apache2/htdocs/vhost1/index.html echo "vhost2 test page" > /usr/local/apache2/htdocs/vhost2/index.html
5.重启Apache服务
/usr/local/apache2/bin/apachectl restart
◆案例6◆ 开启个人主页功能
=====================================================================================
实验效果
给予每个用户都有一个单独的网页空间
=====================================================================================
1.编辑主配置文件,开启个人主页选项(取消注释),在相应的区域中取消以下标★注释
vim /usr/local/apache2/conf/httpd.conf 149 #LoadModule speling_module modules/mod_speling.so ★ LoadModule userdir_module modules/mod_userdir.so #取消注释(约在150行) 151 LoadModule alias_module modules/mod_alias.so 470 # User home directories ★ Include conf/extra/httpd-userdir.conf #取消注释(约在471行) 472 473 # Real-time info on requests and configuration
2.进入配置文件,不做修改退出
vim /usr/local/apache2/conf/extra/httpd-userdir.conf
3.创建用户并设置密码
[root@localhost ~]# useradd lyshark [root@localhost ~]# passwd lyshark
4.进入用户家目录,创建相应文件,并赋予权限
mkdir -p /home/lyshark/public_html #在用户家目录创建public_html echo "this is lyshark web" > /home/lyshark/public_html/index.html #创建测试页 chmod 755 /home/lyshark/public_html/index.html #赋予执行权限 chmod 755 /home/lyshark #赋予执行权限
5.重启Apache服务
/usr/local/apache2/bin/apachectl restart
6.通过浏览器访问测试
格式为:http://127.0.0.1/~lyshark
◆案例7◆ 启用地址跳转 <重点>
=====================================================================================
实验效果
当用户访问www.xdl.com 自动跳转到www.edu.com
=====================================================================================
1.搭建dns服务器,实现正向解析,将解析地址指向同一个ip
2.编辑主配置文件开启相应功能(取消注释)
vim /usr/local/apache2/conf/httpd.conf 145 LoadModule vhost_alias_module modules/mod_vhost_alias.so #开启虚拟主机(约在145行) 152 LoadModule rewrite_module modules/mod_rewrite.so #开启网页重写(约在152行) 476 # Virtual hosts 477 Include conf/extra/httpd-vhosts.conf #开启虚拟主机(约在477行)
3.改写虚拟主机配置文件,在相应的区域中取消以下标★注释
vim /usr/local/apache2/conf/extra/httpd-vhosts.conf 18 # VirtualHost example: 19 # Almost any Apache directive may go into a VirtualHost container. 20 # The first VirtualHost section is used for all requests that do not 21 # match a ServerName or ServerAlias in any <VirtualHost> block. 22 # 23 <VirtualHost *:80> ★ DocumentRoot "/usr/local/apache2/htdocs/xdl" #xdl网页存放位置 ★ ServerName www.xdl.com #域名1 26 </VirtualHost> 27 ★ <Directory "/usr/local/apache2/htdocs/xdl"> #xdl路径 ★ Options indexes followsymlinks ★ Allowoverride all ★ Require all granted ★ </Directory> 33 34 <VirtualHost *:80> ★ DocumentRoot "/usr/local/apache2/htdocs/edu" #edu网页存放位置 ★ ServerName www.edu.com #域名2 37 </VirtualHost>
4.分别创建网页文件存储位置,和测试页
mkdir -p /usr/local/apache2/htdocs/xdl mkdir -p /usr/local/apache2/htdocs/edu echo "xdl server" > /usr/local/apache2/htdocs/xdl/index.html echo "edu server" > /usr/local/apache2/htdocs/edu/index.html
5.在要跳转的网页目录下创建.htaccess文件(本例中应在xdl目录下创建)
覆盖写入内容
vim /usr/local/apache2/htdocs/xdl/.htaccess rewriteengine on #开启跳转功能 rewritecond %{HTTP_HOST} www.xdl.com #将www.xdl.com rewriterule .* http://www.edu.com #跳转到www.edu.com
5.重启Apache服务
/usr/local/apache2/bin/apachectl restart
◆案例8◆ 启用HTTPS生成SSL证书 <重点>
1.建立服务器私钥,过程中需要输入密码
openssl genrsa -des3 -out server.key 1024 ---------------------------------------------------------------------------- 注释: Genrsa –des3 #加密类型 -out server.key #输出文件 -1024 #加密长度 ----------------------------------------------------------------------------
2.建立证书,生成的csr文件交给CA签名后形成服务端自己的证书
openssl req -new -key server.key -out server.csr ---------------------------------------------------------------------------- 注释: req -new #新建证书 -key server.key #私钥文件 -out server.csr #输出文件 注:依次输入:国家 省 市 组织 机构 全称 EMAIL 是否要改变密码 是否改名称 ----------------------------------------------------------------------------
3.转化成证书,这一步由证书CA机构来做的,这里只是实验.
openssl x509 -req -days 365 -sha256 -in server.csr -signkey server.key -out servernew.crt
4.配置服务器让其支持https
cp -a servernew.crt /usr/local/apache2/conf/server.crt #将证书复制到conf目录下 cp -a server.key /usr/local/apache2/conf/server.key #私钥也要放入conf目录下
5.编辑主配置文件开启相应功能(取消注释)
vim /usr/local/apache2/conf/httpd.conf 133 LoadModule ssl_module modules/mod_ssl.so #开启ssl功能(约在133行) 493 # Secure (SSL/TLS) connections 494 Include conf/extra/httpd-ssl.conf #开启ssl模板,搜索SSLRandomSeed(约在494行)
6.配置SSL模板文件
vim /usr/local/apache2/conf/extra/httpd-ssl.conf 88 # Inter-Process Session Cache: 89 # Configure the SSL Session Cache: First the mechanism 90 # to use and second the expiring timeout (in seconds). 91 #SSLSessionCache "dbm:/usr/local/apache2/logs/ssl_scache" #注释掉 92 #SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)" #注释掉 93 #SSLSessionCacheTimeout 300 #注释掉
7.重启Apache服务,输入密码
/usr/local/apache2/bin/apachectl restart
8.访问网站
https://127.0.0.1:443/index.html