The role of Apache
When the web is accessed, http:// is usually used http://
hypertext transfer protocol
http:// Hypertext Transfer Protocol provides software:
Apache
nginx
stgw
jfe
Tengine
Apache installation
dnf install httpd.x86_64 -y
Apache is enabled
systemctl enable --now httpd Start the service and set the service bit to start
firewall-cmd --permanent --add-service=http Permanently open http access in the
firewall firewall-cmd --reload Refresh the firewall to make the settings effective
firewall-cmd --list-all View firewall information
In firefox: 172.25.254.106
will appear Apache page
Basic information of Apache
Service name: httpd
configuration file: /etc/httpd/conf/httpd.conf main configuration file
/etc/httpd/conf.d/*.conf sub configuration file
Default publishing directory: /var/www/html
default Publishing file: index.html
Default port: 80 http
443 (encrypted port) https
user: apache
log: /etc/httpd/logs
The basic configuration of
Apache Apache port modification
vim /etc/httpd/conf/httpd.conf
Listen 1111
firewall-cmd --permanent --add-port=1111/tcp
firewall-cmd --reload semanage port -l | grep http
semanage port -a -t http_port_t -p tcp 1111
systemctl restart httpd
Default publishing file
In 10:
vim /etc/hosts
In 20:
vim /var/www//html/index.html
At this time, the default file content can be accessed in 10
If you want to modify the default release file, you can modify the release file to test.html as follows:
vim test.html
vim /etc/httpd/conf/httpd.conf
167 DirectoryIndex test.html westos.html
systemctl restart httpd
At this time, visit www.westos.com in 10 to access the new release file
The default publishing directory
vim /etc/httpd/conf/httpd.conf
DocumentRoot “/westos/html”
<Directory “/westos/html”>
Require all granted
</Directory>
semanage fcontext -a -t httpd_sys_content_t ‘/westos(/.*)?’
restorecon -RvvF /westos/
systemctl restart httpd
firefox http://www.westos.com
Apache access control
experiment material
mkdir /var/www/html/westos
vim /var/www/html/westos/index.html
<h1>westosdir's page< /h1>
firefox http://172.25.254.106/westos
Access control
ip whitelist based on client ip
vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/westos">
Order Deny, Allow
Allow from 172.25.254.6
Deny from All
</Directory>
106 cannot be accessed at this time, 6 can be accessed
ip黑名单
<Directory “/var/www/html/westos”>
Order Allow,Deny
Allow from All
Deny from 172.25.254.6
< /Directory>
6 is not accessible at this time, others are accessible
User-based authentication
vim /etc/httpd/conf/httpd.conf<Directory “/var/www/html/westos”>
AuthUserfile /etc/httpd/.http_user Specify the authentication file
AuthName “Please input your name and password” Authentication prompt
AuthType basic Authentication type
Require user admin Allowed authenticated users to choose 1 from 2
Require valid-user Allows all users to pass authentication 1 from 2
</Directory>
htpasswd -cm .http_user admin Generate authentication file
Note: When /etc/httpd/htpasswdfile exists, then do not add the -c parameter when adding users, otherwise the content of the source file will be overwritten
At this time, you need to enter a password to verify the user identity to access westosdir
Apache virtual host
mkdir -p /var/www/westos.com/{news,music}
echo "music's page" >/var/www/westos.com/music/index.html
echo "news's page"> /var/ www/westos.com/news/index.html
vim /etc/httpd/conf.d/Vhost.conf
< VirtualHost default:80>
DocumentRoot “/var/www/html”
CustomLog logs/default.log combined
< /VirtualHost>
<VirtualHost *:80>
ServerName wenku.westos.com
DocumentRoot “/var/www/westos.com/wenku”
CustomLog logs/wenku.log combined
< /VirtualHost><VirtualHost *:80>
ServerName news.westos.com
DocumentRoot “/var/www/westos.com/news”
CustomLog logs/news.log combined
< /VirtualHost>
Test: vim /etc/hosts 172.25.254.106 www.westos.com music.westos.com news.westos.com
in the host where the browser is located
firefox http://www.westos.com
firefox http://music.westos.com
firefox http://news.westos.com
Apache language supports
php
vim /var/www/html/index.php
dnf install php -y
systemctl restart httpd
firefox http://172.25.254.106/index.php
cgi
dnf install httpd-manual
systemctl restart httpd
mkdir /var/www/html/cgi
semanage fcontext -a -t httpd_sys_script_exec_t ‘/var/www/html/cgi(/.*)?’
restorecon -RvvF /var/www//html/cgi/
vim /var/www/html/cgi/index.cgi
#!/usr/bin/perl
print “Content-type: text/html\n\n”;
print date
;
chmod +x index.cgi
vim /etc/httpd/conf.d/vhost.conf
<Directory “/var/www/html/cgidir”>
Options +ExecCGI
AddHandler cgi-script .cgi
< /Directory>
firefox http://www.westos.com/cgi/index.cgi
Encrypted access of Apache
Install encryption plug-in
dnf install mod_ssl -y Generate certificate
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
openssl genrsa -out /etc/pki/tls/private/www.westos.com.key 2048 Generate private key
openssl req -new -key /etc/pki/tls/private/www.westos.com.key -out /etc/pki/tls/certs/www.westos.com.csr Generate certificate signature file
openssl x509 -req -days 365 -in \ /etc/pki/tls/certs/www.westos.com.csr -signkey /etc/pki/tls/private/www.westos.com.key -out /etc/pki /tls/certs/www.westos.com.crt Generate certificate
x509 certificate format-
req request-in
load visa name-
signkey
vim /etc/httpd/conf.d/ssl.conf
systemctl restart httpd
After downloading the certificate from https://www.westos.com , check the certificate information and find that the certificate has been generated
Encrypted virtual host
vim /etc/httpd/conf.d/vhosts.conf
systemctl restart httpd
Web page rewriting function
vim /etc/httpd/conf.d/vhosts.conf
At this time, browsing music.westos.com will be automatically encrypted
Squid+Apache
squid forward proxy
Experimental environment:
single network card host node1172.25.254.6 set ip can not access the Internet,
dual network card host node2172.25.254.206 set ip1 to connect to a single network card host, set ip2 to access the Internet
Experimental effect
Let the host with a single network card cannot access the Internet but the browser can access the Internet page
Operation: dnf install squid -y vim /etc/squid/squid.conf http_access allow all cache_dir ufs /var/spool/squid 100 16 256
in the dual-NIC host 206
systemctl restart squid
firewall-cmd --permanent --add-port=3128/tcp
firewall-cmd --reload
Select
NetWork Proxy in single network card host 20
172.25.254.30 3128
Test: ping www.baidu.com
in a single network card host
does not work
Visit www.baidu.com in the browser to
Squid reverse proxy
Experimental environment:
172.25.254.6 Apache server
172.25.254.206 Squid, no data is responsible for caching
vim /etc/squid/squid.conf
http_port 80 vhost vport vhost supports virtual domain name vport supports virtual port
When port 80 of 172.25.254.206 is accessed, data will be cached from port 80 of
172.25.254.6 cache_peer 172.25.254.6parent 80 0 proxy-only
systemctl restart squid
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --reload
Test:
In 106:
firefox http://172.25.254.206 to
access the data on 172.25.254.6 when you see it