Deployment and optimization of Apache service

1. The role of Apache

• Usually use http:// when accessing the web
• http:// ##Hypertext Transfer Protocol
• Provide software Apache nginx stgw jfe Tengine for http:// hypertext transfer protocol

2. Apache installation

(Linux and Windows virtual machines modulate the same network segment)

• Configure the network card IP and software warehouse
• Search dnf search http to install the software required for Apache
  
• dnf install httpd.x86_64 -y ##Install the software
  
• 3. Enabling Apache

systemctl enable --now httpd ##开启apache服务
  systemctl status httpd  ##查看apache服务是否开启

  firewall-cmd --permanent --add-service=http ##防火墙策略永久设定
  firewall-cmd --reload ##刷新防火墙让策略生效
  firewall-cmd --list-all  ##查看火墙策略
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: br0 ens160
  sources: 
  services: cockpit dhcpv6-client http ssh  ##http服务在火墙策略中对外开放
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

4. Basic information of Apache

• Service name: httpd

• Configuration file:

  • /etc/httpd/conf/httpd.conf ###Main configuration file
  • /etc/httpd/conf.d/ ##Sub configuration file

• Default publishing directory: /var/www/html

• Default publishing file: index.html

• Default port:

  • 80 ##Port http

  • 443 ##https

• User: apache

• Log: /etc/httpd/logs

5. Basic configuration of Apache

1. Apache port change

• getenforce ##Get selinux status
• vim /etc/httpd/conf/httpd.conf 45 lines modify 8080 ##Edit the main configuration file
  

To not be affected by selinux vim /etc/sysconfig/selinux SELINUX=disable reboot

• systemctl restart httpd ##Restart httpd service
• netstat -antlupe | grep httpd ##View port
• firewall-cmd --add-port=8080/tcp ##Firewall settings make it add port 8080
  
  
  
  

After the experiment is completed, modify it back to the experimental environment

2. Modify the default release directory

• vim index.html ##Add information to the default release file, which can be accessed directly
• vim /etc/httpd/conf/httpd.conf ##Modify the default release file /index 167 line, add new default file parameters
  
  

• westos index.html ##When westos does not exist to access index.html, the priority in the front is higher
• systemctl restart httpd
  

3. Modify the default release directory

• vim /var/www/html/westos/index.html ##Establish a default publishing directory for default publishing files

• vim /etc/httpd/conf/httpd.conf /DocumenRoot line 122
  "/var/www/westos" ##Change the default publishing directory
  

#对访问授权 
 <Directory “/var/www/westos”>
      require all granted
 </Directory>

6. Control access

1. Permission access control

• Create an experimental environment:

  • mkdir / var / www / html / westos
  • vim /var/www/html/westos/index.html
    

• vim /etc/httpd/conf/httpd.conf ##Edit configuration file

<Directory "/var/www/html/westos">   ##131行
   Order Allow,Deny 
   Allow from all
   Deny from 192.168.1.112  ##允许任何人访问，不许192.168.1.112访问
   （先读allow 后读deny deny中的信息会覆盖allow中的内容）

<Directory "/var/www/html/westos2">   ##131行
   Order Deny，Allow   ##Deny Allow的优先顺序
   Allow from 192.168.1.112
   Deny from all  ##只允许192.168.1.112访问，其他都不允许

2. User-based access control

• htpasswd -cm /etc/httpd/.htpasswd admin ##Create an authentication file
  (create again, the file already exists, remove c, the file exists, -c will delete all existing files)
  
• cat /etc/httpd/.htpasswd ##Check whether the authentication file exists

 <Directory "/var/www/html/westos2">  ##指定需认证才可访问的文件
    AuthUserFile /etc/httpd/.htpasswd  ##指定认证文件
    AuthName "Please input username and passwd" ##指定认证提示
    AuthType basic  ##指定认证类型
    Require user admin  ##指定认证用户admin
 #Require Vaild-user  ##认证文件中的所有用户都可访问（与上一句二选一）
 </Directory>

7.apache virtual host

• mkdir -p /var/www/westos.org/{linux,shell,pythpn} ##Create URL
  

• Resolve vim /etc/hosts ##Write local resolution in the host where the browser is located
  192.168.1.112 linux.westos.org shell.westos.org python.westos.org www.westos.org
  
  
  
  

• cd /etc/httpd/conf.d/ ##apache sub configuration directory

• vim vhost.conf ##Specify the sub-configuration file

<VirtualHost _default_:80>   ###apache默认主机
    DocumentRoot /var/www/html
    CustomLog  logs/defaults.log combined  ##相对路径，混合型日志
</VirtualHost>

<VirtualHost *:80>      ##apache虚拟主机
    Severname linux.westos.org    ##虚拟机主机名
    DocumentRoot /var/www/westos.org/linux   ##虚拟主机默认发布目录
    CustomLog  logs/defaults.log combined  ##虚拟主机日志，相对路径，combined混合型日志
</VirtualHost>

<VirtualHost *:80>
    Severname shell.westos.org
    DocumentRoot /var/www/westos.org/shell
    CustomLog  logs/defaults.log combined  ##相对路径，混合型日志
</VirtualHost>

<VirtualHost *:80>
    Severname python.westos.org
    DocumentRoot /var/www/westos.org/python
    CustomLog  logs/defaults.log combined  ##相对路径，混合型日志
</VirtualHost>

• systemctl restart httpd ##Restart the service
  

• Can't restart

/var/log/messages
systemctl restart httpd
cat /var/log/messages

• Direct access to the domain name, you can get the text content
  
  
  

8. apache language support

1.php

#php语言#  ##安装php 软件即可执行
vim /var/www/html/index.php
<?php
   phpinfo（）
 ？>

2.C++

• dnf install httpd-manual -y ##apache document access

• chmod +x index.cgi
  
  

• vim /etc/httpd/ ##Edit sub-configuration file

<Directory> /var/www/html/cgi>
   options +ExCGI   ##执行cgi程序
   AddHandler cgi-script .cgi   ##程序触发器
</Directory>

• perl XXXXX ##Execute again
  

3.python

• "Wsgi" mkdir wsgi ##Create wsgi file

##python脚本
##vim index.wsgi  ##编辑脚本
def application(env, westos):
      westos('200 ok',[('Content-Type', 'text/html')])
       return [b'hello world!']

• chmod +x index.wsgi ##Increase executable permissions

• vim /etc/httpd.conf.d/vhost.d

<VirtualHost>
  ServerName wsgi.westos.org
   WSGIScriptAlias  / /var/www/html/wsgi/indx.wsgi
</VirtualHost>

• Install wsgi plugin dnf install python3-mod_wsgi systemctl restart httpd
  
• vim /etc/hosts wsgi.westos.org ##Add local resolution
  
• Access wsgi file

9. Apache's encrypted access

• ##Install the encryption plug-in dnf install mod_ssl -y
  
  

• systemctl restart httpd

• firewall-cmd --permanent --add-service=https ##Firewall service

• firewall-cmd --list-all ##View firewall
  

• View the certificate and delete it.
  Enter from https://www.westos.org, select forward and accept changes

• ##Generate key

• mkdir -p /etc/httpd/webkey/ ##Create a key directory

• openssl genrsa -out /etc/httpd/webkey/www.westos.org.key 2048 #Generate private key

openssl x509 -req -days 365 -in /etc/httpd/webkey/www.westos.org.csr
  -signkey /etc/httpd/webkey/www.westos.org.key 
  -out /etc/pki/tls/certs/www.westos.org.crt  ##生成签证请求证书 x509 证书格式 -rep 请求  -in  加载签证姓名

• mkdir /var/www/westos.org/login -p

• echo login.westos.org > /var/www/westos.org/login/index.html
  

• vim vhost.conf ##Write configuration file

<VirtualHost *:443>
   ServerName login.westos.org
   DocumentRoot /var/www/westos.org/login
   CustomLog logs/login.log combined
   SSLEngine on
   SSLCertificateFile /etc/httpd/webkey/www.westos.org.crt
   SSLCertificateKeyFile /etc/httpd/webkey/www.westos.org.key
</virtualHost>

• View certificate information has been updated

• Force direct access to https service

<VirtualHost *:80>
   ServerName login.westos.org
   RewriteEngine On
   RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1
</virtualHost>

^(/.*)$ ##The address entered in the customer address bar
%{HTTP_HOST} ##Customer host$1
##The value of the first string of characters following RewriteRule

• login.westos.org can directly enter https://login.westos.org