1. Apache's role
http://
hypertext transfer protocol
http://Hypertext Transfer Protocol provides software
Apache
nginx
stgw
jfe
Tengine
2. Apache installation
dnf search http
dnf install httpd.x86_64 -y
3, Apache enabled
systemctl enable --now httpd # http service turned on and set boot
Firewall-cmd --permanent --add-Service = http
# Set firewall policy, has been allowed to http service
Firewall-cmd --reload
# re Load the firewall and let the policy take effect
firewall-cmd --list-all #You
can see http in the firewall policy
If the setting is successful, you can see this page, which is the Apache default page
4. Basic information of Apache
Service name: httpd
configuration file:
/etc/httpd/conf/httpd.conf #Main configuration file
/etc/httpd/conf.d/*.conf #Sub configuration file
Default publishing directory: /var/www/html
can be changed, But you also need to authorize access when changing, otherwise you won’t be able to access
Default publishing file: index.html
can be changed in the main configuration file (there can be multiple default publishing files)
Writing westos index.html means you can directly see the content of westos when you visit, but if westos deletes it, you can directly see the content of index.html
Default port: 80 #http
443 #https
can be changed, but after the change, the policy needs to be changed in the firewall, and the port number should be written when accessing.
Log /etc/httpd/logs
5. Apache's access control permissions
1) Change the access control permissions in the configuration file
/etc/httpd/conf/httpd.conf
<Directory “var/www/html/westos”>
Order Allow, Deny #allow and deny access reading order
Allow fron ALL #Allow any People visit westos
Deny from 172.168.1.216 #Do not allow 216 to access westos #Because
you read allow first and then deny, then the information in deny will overwrite the information in allow
cat var/www/html/westos #View the content in westos
at this time Westos content can be seen on other hosts, but not on host 216.
However, if the access control authority is modified, host 216 can also be accessed.
2) Establish an Apache directory authentication file
htpasswd -cm /etc/httpd/.htpasswd admin
#当When the authentication file does not exist, you need to add the parameter -c. When the authentication file exists, adding the -c parameter will delete the original content.
#Note, the user here does not exist in the system, just borrow the identity.
Edit the configuration file
/etc/httpd/ conf/httpd.conf
<Directory “/var/www/html/westos”>
AuthUserFile /etc/httpd/.htpasswd #Specify authentication file
AuthName “Please input username and passwd” #Specify authentication prompt
AuthType basic #Specify the authentication type
Require user admin
#The admin user in the authentication file can pass authentication #Require valid-user #Any user in the authentication file can pass #The
above two sentences are designated authentication users, you can choose one of the two sentences
</Directory>
ctrl+shift +del #Clear the browser information.
At this time, enter the user and the password you just set to pass the authentication.
6. Apache's virtual host
We can only see the same page at the same URL of Apache we set, but generally In the case of different keywords on the same page, you can see different things
Preparation conditions:
write local resolution on the host where the browser is located
vim /etc/hosts
cd /etc/httpd/conf.d/
#Enter the sub-configuration directory vim vhost.conf #Specify the sub-configuration file
Write the configuration file, and then restart the service
to get the same URL
Access to different pages corresponding to different keywords When you enter a domain name that has not been set, you will access the content under the set default path; when you enter the set content, the domain name set by the server in the http sub-configuration file will be displayed The content in the access path
8, Apache language support
dnf install httpd-manual -y #apache document
1) php
dnf install php -y
vim /var/www/html/index.php The
php instruction page will appear when you visit
2)cgi
Create a cgi directory in the default publishing directory, and edit the file, and then
give the file execution permission
vim /etc/httpd/conf.d/vhost.conf.
When you visit the web page at this time, the result of the script execution will be displayed
3) wsgi
Write wsgi test script
vim /var/www/html/wsgi/index.wsgi
dnf install python3-mod_wsgi
vim /etc/httpd/conf.d/vhost.conf
systemctl restart httpd
vim /etc/hosts
writes the domain name resolution into it.
At this time, when you visit on the page, the results of the script execution will be displayed
9, Apache's encrypted transmission
Install the encryption plug-in, and you can observe that the ssl file has been generated at this time
dnf install mod_ssl -y
firewall-cmd --permanent --add-service=https #Make the firewall permanently allow the https service.
At this time, the web page can be accessed through https, but we can see that the generated certificate is not generated by
us. We can delete it in the browser Remove this certificate that you already have
Generate private key
Generate certificate signature file
Generate certificate
Edit file
Edit ssl configuration file
vim /etc/httpd/conf.d/ssl.conf
(The location of the public key is written above, and the location of the certificate is written below)
vim /etc/httpd/ conf.d/vhost.conf
systemctl restart httpd
vim /etc/hosts
At this time, you can access the page through the https service, and you can see the certificate generated by ourselves
But at this time we found that it is still possible to bypass the encryption of https and access the page directly through http, which is not secure.
So again,
add
systemctl restart httpd to vim /etc/httpd/conf.d/vhost.conf to
access the page at this time, and you can see that the page is accessed Force access to https