Article Directory
- Parse the file in the host configuration of the web page
/etc/hosts
#内容
ip地址 访问地址
1. The role of Apache (httpd)
Apache HTTP Server (Apache for short) is an open source web server of the Apache Software Foundation, which can run on most computer operating systems, and is widely used for multiple platforms and security.
When the web is accessed, http:// is usually used http://
hypertext transfer protocol
- Hypertext transfer protocol provides software examples
software | Applied to |
---|---|
Apache | Baidu |
nginx | Netease, Firefox, iQiyi, 360 |
stgw | Tencent |
jfe | Jingdong |
Tengine | Ali, Sina, ByteDance |
curl -I baidu.com
: Display the header information of the web page
curl -I 163.com
curl -I www qq.com
curl -I www.bytedance.com
2. Apache install and open httpd
dnf install httpd.x86_64 -y
: Install Apachesystemctl enable --now httpd
:Open httpd service and set to start automaticallyfirewall-cmd --permanent --add-service=http
: Permanently enable http access in the firewallfirewall-cmd --permanent --add-service=https
: Permanently enable https access in the firewallfirewall-cmd --reload
: Refresh the firewall to make the setting take effectfirewall-cmd --list-all
: View firewall information
3. Basic Apache Information
- service name:httpd
- Configuration file:
- Main configuration file:/etc/httpd/conf/httpd.conf
- Self configuration file:/etc/httpd/conf.d/*.conf
- Default publishing directory:/ var / www / html
- Default publishing file:index.html
- Default port:
- 80(http)
- 443(https)
- user:apache
- Log:/etc/httpd/logs
4. Apache basic configuration
4.1. Modify Apache port number
vim /etc/httpd/conf/httpd.conf
: Modify the main configuration file
Listen 80 #默认端口号
firewall-cmd --permanent --add-port=端口号/tcp
: Add and permanently open a port to the zonefirewall-cmd --reload
: Update firewall rulessystemctl restart httpd
: Restart httpd service
- Visit http://192.168.43.101
- Modify the port number to 8080, visit http://192.168.43.101:8080
4.2. Modify the default publishing directory
mkdir /westos_web
: Create a default publishing directoryvim /westos_web/index.html
:Programmingvim /etc/httpd/conf/httpd.conf
: Modify the main configuration file
DocumentRoot "/westos_web" #所有Apache文档根目录
<Directory "/westos_web">
Require all granted
</Directory>
systemctl restart httpd
: Restart service
- Modify the release directory, visit http://192.168.43.101
4.3. Modify the default publishing file
vim /etc/httpd/conf/httpd.conf
: Modify the main configuration file
<IfModule dir_module>
DirectoryIndex test.html index.html
#依次读取,若test.html不存在,就读index.html
</IfModule>
systemctl restart httpd
: Restart service
- Example: Create test.html and set it as the default publishing file, visit http://192.168.43.101
5. Apache Access Control
-
Experimental materials:
mkdir -p /var/www/html/westos
: Create a storage directoryvim /var/www/html/westos/index.html
:Programming
5.1. Access control based on client ip
vim /etc/httpd/conf/httpd.conf
: Modify the main configuration file
DocumentRoot "/var/www/html"
#DocumentRoot "/westos_web"
<Directory "/var/www/html/westos">
Order Deny,Allow
#先读Deny,再读Allow
Allow from 192.168.43.101 #允许此ip的主机访问
Deny from all #禁止所有人访问
</Directory>
systemctl restart httpd
: Restart service- Visit http://192.168.43.101/westos
- Order Deny, Allow (in the end, only the 192.168.43.101 host can access)
- Order Allow, Deny (Deny covers Allow, and ultimately all hosts cannot access)
5.2. Access control based on user authentication
htpasswd -cm /etc/httpd/.htpasswd admin
: Generate certification files
htpasswd -m /etc/httpd/.htpasswd lee
c 创建.htpasswd文件
m 加密
#若已经存在.htpasswd文件后创建不用加c
#否则会覆盖已经创建的用户认证
cat /etc/httpd/.htpasswd
: View
ls -a /etc/httpd/
: List all filesvim /etc/httpd/conf/httpd.conf
: Modify the configuration file
DocumentRoot "/var/www/html"
#DocumentRoot "/westos_web"
<Directory "/var/www/html/westos">
AuthUserFile /etc/httpd/.htpasswd
AuthName "Please input username and password !!!!"
AuthType basic
Require valid-user #所有用户皆可访问
# Require user 用户名 #指定用户访问
</Directory>
systemctl restart httpd
: Restart service- Visit http://192.168.43.101/westos
- When all users can access
- The designated admin user can access, and it is found that admin can successfully access, but lee cannot access
6. Apache Virtual Host
vim /etc/httpd/conf/httpd.conf
: Restore filesmkdir -p /var/www/virtual/westos.org/{linux,lee}
: Create storage directory
vim /var/www/virtual/westos.org/linux/index.html
: Create linux.westos.org homepage
vim /var/www/virtual/westos.org/lee/index.html
: Create lee.westos.org homepagevim /etc/httpd/conf.d/vhosts.conf
: Create and edit virtual host configuration files
<VirtualHost _default_:80>
DocumentRoot /var/www/html
Customlog logs/default.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName linux.westos.org
DocumentRoot /var/www/virtual/westos.org/linux
Customlog logs/linux.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName lee.westos.org
DocumentRoot /var/www/virtual/westos.org/lee
Customlog logs/lee.log combined
</VirtualHost>
systemctl restart httpd
: Restart servicevim /etc/hosts
: Set client resolution (add in the host where the browser is located)
192.168.43.101 www.westos.org linux.westos.org lee.westos.org
- When the virtual host is not set, the access interface is the same after adding the analysis file
- After adding the Apache virtual host, you can access multiple sub-pages (provided that the main configuration file settings are restored)
7. Apache language support
7.1. html
Default support
7.2. php
dnf install php -y
: Install phpvim /var/www/html/index.php
: Create a php program
<?php
echo "hello php!";
echo "<br>";
echo "hello zy!";
?>
systemctl restart httpd
: Restart service
7.3. perl(CGI)
CGI (Common Gateway Interface), a common gateway interface, is a program that runs on a server such as an HTTP server and provides an interface with the client's HTML page.
CGI programs can be Python scripts, PERL scripts, SHELL scripts, C or C++ programs, etc.
mkdir /var/www/html/cgi-scripts
: Create a storage directoryvim /var/www/html/cgi-scripts/index.cgi
: Writing cgi programs
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print `date`;
print "\nzy123";
chmod +x /var/www/html/cgi-scripts/index.cgi
: Increase executable permissionsvim /etc/httpd/conf.d/vhosts.conf
: Edit virtual host configuration file
<Directory /var/www/html/cgi-scripts>
Options +ExecCGI
AddHandler cgi-script .cgi
</Directory>
systemctl restart httpd
: Restart service- Visit http://192.168.43.101/cgi-scripts/index.cgi
7.4. python(WSGI)
WSGI: The
Web Server Gateway Interface (Python Web Server Gateway Interface, abbreviated as WSGI) is a simple and universal interface between a Web server and a Web application or framework defined for the Python language.
dnf search wsgi
: Find
dnf install python3-mod_wsgi.x86_64 -y
: Installmkdir /var/www/html/wsgi-scripts
: Create a storage directoryvim /var/www/html/wsgi-scripts/index.wsgi
: Write wsgi program
def application(env, westos):
westos( '200 ok', [('Content-Type', 'text/html')])
return [b"hello wsgi! hello zy!"]
python3 /var/www/html/wsgi-scripts/index.wsgi
:Check for errors in the wsgi programchmod +x /var/www/html/wsgi-scripts/index.wsgi
: Increase execution authorityvim /etc/httpd/conf.d/vhosts.conf
: Edit virtual host configuration file
<VirtualHost *:80>
ServerName wsgi.westos.org
WSGIScriptAlias / /var/www/html/wsgi-scripts/index.wsgi
</VirtualHost>
vim /etc/hosts
: Set client resolution (add in the host where the browser is located)
172.25.254.127 www.westos.org linux.westos.org lee.westos.org wsgi.westos.org
systemctl restart httpd
: Restart service- Visit wsgi.westos.org
8. Apache's encrypted access to https
8.1. Install encryption plugin
dnf install mod_ssl -y
8.2. Generate Certificate
- Generate private key file
openssl genrsa -out /mnt/www.westos.org.key 2048
(Not less than 2048)
- Generate certificate signature file
openssl req -new -key /mnt/www.westos.org.key -out /mnt/www.westos.org.csr
Country Name (2 letter code) [XX]:CN#国家
State or Province Name (full name) []:Shannxi#省
Locality Name (eg, city) [Default City]:xi'an #'市
Organization Name (eg, company) [Default Company Ltd]:westos#组织(公司)
Organizational Unit Name (eg, section) []:linux#部门
Common Name (eg, your name or your server's hostname) []:www.wesots.org#主机名
Email Address []:[email protected]#邮箱
A challenge password []:#密码(可不设置,直接回车)
An optional company name []:#公司名(可不设置,直接回车)
- Generate certificate
openssl x509 -req -days 365 -in /mnt/www.westos.org.csr -signkey /mnt/www.westos.org.key -out /mnt/www.westos.org.crt
x509 证书格式
-req 请求
-in 加载签证名称
8.3. Edit the ssl.conf configuration file
cp /mnt/www.westos.org.* /etc/httpd/
: Copy the secret key and certificate file to /etc/httpdvim /etc/httpd/conf.d/ssl.conf
: Edit the configuration file
#指定证书
SSLCertificateFile /etc/httpd/www.westos.org.crt
#指定秘钥文件
SSLCertificateKeyFile /etc/httpd/www.westos.org.key
systemctl restart httpd
: Restart service·firewall-cmd --permanent --add-service=https
: Permanently enable https access in the firewallfirewall-cmd --reload
: Update firewall rules
8.4. Modify the configuration file
mkdir /var/www/virtual/westos.org/login
: Create a storage directoryvim /var/www/virtual/westos.org/login/index.html
:Programming
hello westos.org/login/index.html
zy!!!
vim /etc/httpd/conf.d/vhosts.conf
: Edit virtual host configuration file
#jiami login/index.html
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/httpd/www.westos.org.crt
SSLCertificateKeyFile /etc/httpd/www.westos.org.key
ServerName login.westos.org
DocumentRoot /var/www/virtual/westos.org/login
CustomLog logs/linux.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName login.westos.org
RewriteEngine on
RewriteRule ^(/*)$ https://%{
HTTP_HOST}$1
</VirtualHost>
#解释
(^(/*)$ #客户地址栏输入的地址
%{
HTTP_HOST} #客户主机
$1 #RewriteRule后面跟的第一串字符的值)
vim /etc/hosts
: Add analysis
192.168.43.101 login.westos.org
systemctl restart httpd
: Restart service- Visit login.westos.org, the URL will automatically become https://login.westos.org
9. Squid+Apache
Squid is a software used to cache Internet data. Accept requests from objects that people need to download and handle these requests appropriately. In other words, if a person wants to download a web interface, he asks Squid to get this page for him. Squid then connects to the remote server and makes a request to this page. Then, Squid explicitly aggregates the data to the client machine and copies it at the same time. The next time someone needs the same page, Squid can simply read it from the disk, and the data will be immediately transferred to the client.
- Experiment preparation:
- A host with internet access (node1)
- A host that cannot access the Internet (node2)
9.1 Squid forward agent [purchasing style]
Forward proxy: When the cached page is accessed for the second time, the browser will directly obtain the requested data from the local proxy server instead of requesting data from the original web site. This saves valuable network bandwidth and improves access speed.
9.1.1 Set up network host
dnf install squid -y
: Install squidvim /etc/squid/squid.conf
: Modify squid configuration
http_access allow all
cache_dir ufs /var/spool/squid 100 16 256
systemctl restart squid.service
: Restart the squid servicels /var/spool/squid/
firewall-cmd --permanent --add-port=3128/tcp
: Permanently add port number 3128 in FireWallfirewall-cmd --reload
: Update firewall rules
9.1.2 Set up host without internet
- Browser properties preferences==>General==>Network Proxy==>Settings==>
Select Manual proxy==>HTTP Proxy: 192.168.43.101 (download the IP of the squid host)
Port:3128==>Check Use this proxy server for all protocols==>OK
- Test node2 can go online
9.2. Squid reverse proxy (accelerated) [Branch style]
Reverse proxy: If the page requested by the Internet user is buffered on the proxy server, the proxy server directly sends the buffered content to the user. If there is no buffering, a request is sent to the WEB server first, the data is retrieved, and the local cache is then sent to the user. This approach reduces the load of the WEB server by reducing the number of requests from the WEB server.
- Experiment preparation (3 hosts)
- A host that can access the Apache page (node3:192.168.43.10)
- A host with squid service but no httpd service (node1:192.168.43.101)
- A host (node2) that needs to get data from node1
9.2.1 Set a host with squid service but no httpd service
dnf remove httpd -y
: Remove Apachevim /etc/squid/squid.conf
: Modify squid configuration
62 http_port 80 vhost vport
63 cache_peer 192.168.43.10 parent 80 0 proxy-only
#写入一个可以访问到Apache页面的主机IP
systemctl restart squid
: Restart the squid service
9.2.2 Set the host that needs to get data from node1
- Restore default browser settings
2. Visit the node1 host, but in the end it is the node3 host