[Linux study notes 21] Apache (web server deployment)

• Parse the file in the host configuration of the web page

/etc/hosts
#内容
ip地址 访问地址

1. The role of Apache (httpd)

Apache HTTP Server (Apache for short) is an open source web server of the Apache Software Foundation, which can run on most computer operating systems, and is widely used for multiple platforms and security.

When the web is accessed, http:// is usually used http://
hypertext transfer protocol

• Hypertext transfer protocol provides software examples

software	Applied to
Apache	Baidu
nginx	Netease, Firefox, iQiyi, 360
stgw	Tencent
jfe	Jingdong
Tengine	Ali, Sina, ByteDance

curl -I baidu.com: Display the header information of the web page

curl -I 163.com
curl -I www qq.com
curl -I www.bytedance.com

2. Apache install and open httpd

1. dnf install httpd.x86_64 -y: Install Apache
2. systemctl enable --now httpd：Open httpd service and set to start automatically
3. firewall-cmd --permanent --add-service=http: Permanently enable http access in the firewall
4. firewall-cmd --permanent --add-service=https: Permanently enable https access in the firewall
5. firewall-cmd --reload: Refresh the firewall to make the setting take effect
6. firewall-cmd --list-all: View firewall information

3. Basic Apache Information

1. service name:httpd
2. Configuration file:
   • Main configuration file:/etc/httpd/conf/httpd.conf
   • Self configuration file:/etc/httpd/conf.d/*.conf
3. Default publishing directory:/ var / www / html
4. Default publishing file:index.html
5. Default port:
   • 80（http）
   • 443（https）
6. user:apache
7. Log:/etc/httpd/logs

4. Apache basic configuration

4.1. Modify Apache port number

1. vim /etc/httpd/conf/httpd.conf: Modify the main configuration file

Listen 80	#默认端口号

2. firewall-cmd --permanent --add-port=端口号/tcp: Add and permanently open a port to the zone
3. firewall-cmd --reload: Update firewall rules
4. systemctl restart httpd: Restart httpd service

• Visit http://192.168.43.101

• Modify the port number to 8080, visit http://192.168.43.101:8080

4.2. Modify the default publishing directory

1. mkdir /westos_web: Create a default publishing directory
2. vim /westos_web/index.html:Programming
3. vim /etc/httpd/conf/httpd.conf: Modify the main configuration file

DocumentRoot "/westos_web"	#所有Apache文档根目录
<Directory "/westos_web">
        Require all granted
</Directory>

4. systemctl restart httpd: Restart service

• Modify the release directory, visit http://192.168.43.101

4.3. Modify the default publishing file

1. vim /etc/httpd/conf/httpd.conf: Modify the main configuration file

<IfModule dir_module>
    DirectoryIndex test.html  index.html
    #依次读取，若test.html不存在，就读index.html
</IfModule>

2. systemctl restart httpd: Restart service

• Example: Create test.html and set it as the default publishing file, visit http://192.168.43.101

5. Apache Access Control

• Experimental materials:

  • mkdir -p /var/www/html/westos: Create a storage directory
  • vim /var/www/html/westos/index.html:Programming

5.1. Access control based on client ip

1. vim /etc/httpd/conf/httpd.conf: Modify the main configuration file

DocumentRoot "/var/www/html"
#DocumentRoot "/westos_web"
<Directory "/var/www/html/westos">
        Order Deny,Allow
        #先读Deny，再读Allow
        Allow from 192.168.43.101	#允许此ip的主机访问
        Deny from all	#禁止所有人访问
</Directory>

2. systemctl restart httpd: Restart service
3. Visit http://192.168.43.101/westos

• Order Deny, Allow (in the end, only the 192.168.43.101 host can access)

• Order Allow, Deny (Deny covers Allow, and ultimately all hosts cannot access)

5.2. Access control based on user authentication

1. htpasswd -cm /etc/httpd/.htpasswd admin: Generate certification files
   htpasswd -m /etc/httpd/.htpasswd lee

c 创建.htpasswd文件 
m 加密
#若已经存在.htpasswd文件后创建不用加c
#否则会覆盖已经创建的用户认证

2. cat /etc/httpd/.htpasswd: View
   ls -a /etc/httpd/: List all files
3. vim /etc/httpd/conf/httpd.conf : Modify the configuration file

DocumentRoot "/var/www/html"
#DocumentRoot "/westos_web"
<Directory "/var/www/html/westos">
    AuthUserFile /etc/httpd/.htpasswd
    AuthName "Please input username and password !!!!"
    AuthType basic
    Require valid-user	#所有用户皆可访问
#   Require user 用户名 #指定用户访问
</Directory>

4. systemctl restart httpd: Restart service
5. Visit http://192.168.43.101/westos

• When all users can access

• The designated admin user can access, and it is found that admin can successfully access, but lee cannot access

6. Apache Virtual Host

1. vim /etc/httpd/conf/httpd.conf: Restore files
2. mkdir -p /var/www/virtual/westos.org/{linux,lee}: Create storage directory
   vim /var/www/virtual/westos.org/linux/index.html: Create linux.westos.org homepage
   vim /var/www/virtual/westos.org/lee/index.html: Create lee.westos.org homepage
3. vim /etc/httpd/conf.d/vhosts.conf: Create and edit virtual host configuration files

<VirtualHost _default_:80>
        DocumentRoot /var/www/html
        Customlog logs/default.log combined
</VirtualHost>
<VirtualHost *:80>
        ServerName linux.westos.org
        DocumentRoot /var/www/virtual/westos.org/linux
        Customlog logs/linux.log combined
</VirtualHost>
<VirtualHost *:80>
        ServerName lee.westos.org
        DocumentRoot /var/www/virtual/westos.org/lee
        Customlog logs/lee.log combined
</VirtualHost>

4. systemctl restart httpd: Restart service
5. vim /etc/hosts: Set client resolution (add in the host where the browser is located)

192.168.43.101  www.westos.org  linux.westos.org    lee.westos.org

• When the virtual host is not set, the access interface is the same after adding the analysis file

• After adding the Apache virtual host, you can access multiple sub-pages (provided that the main configuration file settings are restored)

7. Apache language support

7.1. html

Default support

7.2. php

1. dnf install php -y: Install php
2. vim /var/www/html/index.php: Create a php program

<?php
	echo "hello php!";
	echo "<br>";
    echo "hello zy!";
?>

3. systemctl restart httpd: Restart service

7.3. perl（CGI）

CGI (Common Gateway Interface), a common gateway interface, is a program that runs on a server such as an HTTP server and provides an interface with the client's HTML page.

CGI programs can be Python scripts, PERL scripts, SHELL scripts, C or C++ programs, etc.

1. mkdir /var/www/html/cgi-scripts: Create a storage directory
2. vim /var/www/html/cgi-scripts/index.cgi: Writing cgi programs

#!/usr/bin/perl
print "Content-type: text/html\n\n";
print `date`;
print "\nzy123";

3. chmod +x /var/www/html/cgi-scripts/index.cgi: Increase executable permissions
4. vim /etc/httpd/conf.d/vhosts.conf: Edit virtual host configuration file

<Directory /var/www/html/cgi-scripts>
	Options +ExecCGI
	AddHandler cgi-script .cgi
</Directory>

5. systemctl restart httpd: Restart service
6. Visit http://192.168.43.101/cgi-scripts/index.cgi

7.4. python（WSGI）

WSGI: The
Web Server Gateway Interface (Python Web Server Gateway Interface, abbreviated as WSGI) is a simple and universal interface between a Web server and a Web application or framework defined for the Python language.

1. dnf search wsgi: Find
   dnf install python3-mod_wsgi.x86_64 -y: Install
2. mkdir /var/www/html/wsgi-scripts: Create a storage directory
3. vim /var/www/html/wsgi-scripts/index.wsgi: Write wsgi program

def application(env, westos):
	westos( '200 ok', [('Content-Type', 'text/html')])
	return [b"hello wsgi! hello zy!"]

4. python3 /var/www/html/wsgi-scripts/index.wsgi：Check for errors in the wsgi program
5. chmod +x /var/www/html/wsgi-scripts/index.wsgi: Increase execution authority
6. vim /etc/httpd/conf.d/vhosts.conf: Edit virtual host configuration file

<VirtualHost *:80>
	ServerName wsgi.westos.org
	WSGIScriptAlias / /var/www/html/wsgi-scripts/index.wsgi
</VirtualHost>

7. vim /etc/hosts: Set client resolution (add in the host where the browser is located)

172.25.254.127  www.westos.org  linux.westos.org lee.westos.org wsgi.westos.org

8. systemctl restart httpd: Restart service
9. Visit wsgi.westos.org

8. Apache's encrypted access to https

8.1. Install encryption plugin

dnf install mod_ssl -y

8.2. Generate Certificate

1. Generate private key file

openssl genrsa -out /mnt/www.westos.org.key 2048(Not less than 2048)

2. Generate certificate signature file

openssl req -new -key /mnt/www.westos.org.key -out /mnt/www.westos.org.csr

Country Name (2 letter code) [XX]:CN#国家
State or Province Name (full name) []:Shannxi#省
Locality Name (eg, city) [Default City]:xi'an #'市
Organization Name (eg, company) [Default Company Ltd]:westos#组织（公司）
Organizational Unit Name (eg, section) []:linux#部门
Common Name (eg, your name or your server's hostname) []:www.wesots.org#主机名
Email Address []:[email protected]#邮箱

A challenge password []:#密码（可不设置，直接回车）
An optional company name []:#公司名（可不设置，直接回车）

3. Generate certificate

openssl x509 -req -days 365 -in /mnt/www.westos.org.csr -signkey /mnt/www.westos.org.key -out /mnt/www.westos.org.crt

x509 证书格式 
-req 请求 
-in 加载签证名称

8.3. Edit the ssl.conf configuration file

1. cp /mnt/www.westos.org.* /etc/httpd/: Copy the secret key and certificate file to /etc/httpd
2. vim /etc/httpd/conf.d/ssl.conf: Edit the configuration file

#指定证书
SSLCertificateFile /etc/httpd/www.westos.org.crt
#指定秘钥文件
SSLCertificateKeyFile /etc/httpd/www.westos.org.key

3. systemctl restart httpd: Restart service·
4. firewall-cmd --permanent --add-service=https: Permanently enable https access in the firewall
5. firewall-cmd --reload: Update firewall rules

8.4. Modify the configuration file

1. mkdir /var/www/virtual/westos.org/login: Create a storage directory
2. vim /var/www/virtual/westos.org/login/index.html:Programming

hello westos.org/login/index.html
zy!!!

3. vim /etc/httpd/conf.d/vhosts.conf: Edit virtual host configuration file

#jiami login/index.html
<VirtualHost *:443>
	SSLEngine on
	SSLCertificateFile /etc/httpd/www.westos.org.crt
	SSLCertificateKeyFile /etc/httpd/www.westos.org.key
	ServerName login.westos.org
	DocumentRoot /var/www/virtual/westos.org/login
	CustomLog logs/linux.log combined
</VirtualHost>
<VirtualHost *:80>
	ServerName login.westos.org
	RewriteEngine on
	RewriteRule ^(/*)$ https://%{
    
    HTTP_HOST}$1
</VirtualHost>

#解释
（^(/*)$ #客户地址栏输入的地址  
%{
    
    HTTP_HOST} #客户主机 
$1 #RewriteRule后面跟的第一串字符的值）

4. vim /etc/hosts: Add analysis

192.168.43.101	login.westos.org

5. systemctl restart httpd: Restart service
6. Visit login.westos.org, the URL will automatically become https://login.westos.org

9. Squid+Apache

Squid is a software used to cache Internet data. Accept requests from objects that people need to download and handle these requests appropriately. In other words, if a person wants to download a web interface, he asks Squid to get this page for him. Squid then connects to the remote server and makes a request to this page. Then, Squid explicitly aggregates the data to the client machine and copies it at the same time. The next time someone needs the same page, Squid can simply read it from the disk, and the data will be immediately transferred to the client.

• Experiment preparation:
  • A host with internet access (node1)
  • A host that cannot access the Internet (node2)

9.1 Squid forward agent [purchasing style]

Forward proxy: When the cached page is accessed for the second time, the browser will directly obtain the requested data from the local proxy server instead of requesting data from the original web site. This saves valuable network bandwidth and improves access speed.

9.1.1 Set up network host

1. dnf install squid -y: Install squid
2. vim /etc/squid/squid.conf: Modify squid configuration

http_access allow all
cache_dir ufs /var/spool/squid 100 16 256

3. systemctl restart squid.service: Restart the squid service
4. ls /var/spool/squid/
5. firewall-cmd --permanent --add-port=3128/tcp: Permanently add port number 3128 in FireWall
6. firewall-cmd --reload: Update firewall rules

9.1.2 Set up host without internet

1. Browser properties preferences==>General==>Network Proxy==>Settings==>
   Select Manual proxy==>HTTP Proxy: 192.168.43.101 (download the IP of the squid host)
   Port:3128==>Check Use this proxy server for all protocols==>OK

2. Test node2 can go online

9.2. Squid reverse proxy (accelerated) [Branch style]

Reverse proxy: If the page requested by the Internet user is buffered on the proxy server, the proxy server directly sends the buffered content to the user. If there is no buffering, a request is sent to the WEB server first, the data is retrieved, and the local cache is then sent to the user. This approach reduces the load of the WEB server by reducing the number of requests from the WEB server.

• Experiment preparation (3 hosts)
  • A host that can access the Apache page (node3:192.168.43.10)
  • A host with squid service but no httpd service (node1:192.168.43.101)
  • A host (node2) that needs to get data from node1

9.2.1 Set a host with squid service but no httpd service

1. dnf remove httpd -y: Remove Apache
2. vim /etc/squid/squid.conf: Modify squid configuration

 62 http_port 80 vhost vport
 63 cache_peer 192.168.43.10 parent 80 0 proxy-only
#写入一个可以访问到Apache页面的主机IP

3. systemctl restart squid: Restart the squid service

9.2.2 Set the host that needs to get data from node1

1. Restore default browser settings

2. Visit the node1 host, but in the end it is the node3 host