1. The role of Apache
- Usually use http:// when accessing the web
- http:// ##Hypertext Transfer Protocol
- Provide software Apache nginx stgw jfe Tengine for http:// hypertext transfer protocol
2. Apache installation
(Linux and Windows virtual machines modulate the same network segment)
- Configure the network card IP and software warehouse
- Search dnf search http to install the software required for Apache
- dnf install httpd.x86_64 -y ##Install the software
- 3. Enabling Apache
systemctl enable --now httpd ##开启apache服务
systemctl status httpd ##查看apache服务是否开启
firewall-cmd --permanent --add-service=http ##防火墙策略永久设定
firewall-cmd --reload ##刷新防火墙让策略生效
firewall-cmd --list-all ##查看火墙策略
public (active)
target: default
icmp-block-inversion: no
interfaces: br0 ens160
sources:
services: cockpit dhcpv6-client http ssh ##http服务在火墙策略中对外开放
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
4. Basic information of Apache
-
Service name: httpd
-
Configuration file:
- /etc/httpd/conf/httpd.conf ###Main configuration file
- /etc/httpd/conf.d/ ##Sub configuration file
-
Default publishing directory: /var/www/html
-
Default publishing file: index.html
-
Default port:
-
80 ##Port http
-
443 ##https
-
-
User: apache
-
Log: /etc/httpd/logs
5. Basic configuration of Apache
1. Apache port change
- getenforce ##Get selinux status
- vim /etc/httpd/conf/httpd.conf 45 lines modify 8080 ##Edit the main configuration file
To not be affected by selinux vim /etc/sysconfig/selinux SELINUX=disable reboot
- systemctl restart httpd ##Restart httpd service
- netstat -antlupe | grep httpd ##View port
- firewall-cmd --add-port=8080/tcp ##Firewall settings make it add port 8080
After the experiment is completed, modify it back to the experimental environment
2. Modify the default release directory
- vim index.html ##Add information to the default release file, which can be accessed directly
- vim /etc/httpd/conf/httpd.conf ##Modify the default release file /index 167 line, add new default file parameters
- westos index.html ##When westos does not exist to access index.html, the priority in the front is higher
- systemctl restart httpd
3. Modify the default release directory
- vim /var/www/html/westos/index.html ##Establish a default publishing directory for default publishing files
- vim /etc/httpd/conf/httpd.conf /DocumenRoot line 122
"/var/www/westos" ##Change the default publishing directory
#对访问授权
<Directory “/var/www/westos”>
require all granted
</Directory>
6. Control access
1. Permission access control
-
Create an experimental environment:
- mkdir / var / www / html / westos
- vim /var/www/html/westos/index.html
-
vim /etc/httpd/conf/httpd.conf ##Edit configuration file
<Directory "/var/www/html/westos"> ##131行
Order Allow,Deny
Allow from all
Deny from 192.168.1.112 ##允许任何人访问,不许192.168.1.112访问
(先读allow 后读deny deny中的信息会覆盖allow中的内容)
<Directory "/var/www/html/westos2"> ##131行
Order Deny,Allow ##Deny Allow的优先顺序
Allow from 192.168.1.112
Deny from all ##只允许192.168.1.112访问,其他都不允许
2. User-based access control
- htpasswd -cm /etc/httpd/.htpasswd admin ##Create an authentication file
(create again, the file already exists, remove c, the file exists, -c will delete all existing files)
- cat /etc/httpd/.htpasswd ##Check whether the authentication file exists
<Directory "/var/www/html/westos2"> ##指定需认证才可访问的文件
AuthUserFile /etc/httpd/.htpasswd ##指定认证文件
AuthName "Please input username and passwd" ##指定认证提示
AuthType basic ##指定认证类型
Require user admin ##指定认证用户admin
#Require Vaild-user ##认证文件中的所有用户都可访问(与上一句二选一)
</Directory>
7.apache virtual host
-
mkdir -p /var/www/westos.org/{linux,shell,pythpn} ##Create URL
-
Resolve vim /etc/hosts ##Write local resolution in the host where the browser is located
192.168.1.112 linux.westos.org shell.westos.org python.westos.org www.westos.org
-
cd /etc/httpd/conf.d/ ##apache sub configuration directory
-
vim vhost.conf ##Specify the sub-configuration file
<VirtualHost _default_:80> ###apache默认主机
DocumentRoot /var/www/html
CustomLog logs/defaults.log combined ##相对路径,混合型日志
</VirtualHost>
<VirtualHost *:80> ##apache虚拟主机
Severname linux.westos.org ##虚拟机主机名
DocumentRoot /var/www/westos.org/linux ##虚拟主机默认发布目录
CustomLog logs/defaults.log combined ##虚拟主机日志,相对路径,combined混合型日志
</VirtualHost>
<VirtualHost *:80>
Severname shell.westos.org
DocumentRoot /var/www/westos.org/shell
CustomLog logs/defaults.log combined ##相对路径,混合型日志
</VirtualHost>
<VirtualHost *:80>
Severname python.westos.org
DocumentRoot /var/www/westos.org/python
CustomLog logs/defaults.log combined ##相对路径,混合型日志
</VirtualHost>
-
systemctl restart httpd ##Restart the service
-
Can't restart
/var/log/messages
systemctl restart httpd
cat /var/log/messages
- Direct access to the domain name, you can get the text content
8. apache language support
1.php
#php语言# ##安装php 软件即可执行
vim /var/www/html/index.php
<?php
phpinfo()
?>
2.C++
-
dnf install httpd-manual -y ##apache document access
-
chmod +x index.cgi
-
vim /etc/httpd/ ##Edit sub-configuration file
<Directory> /var/www/html/cgi>
options +ExCGI ##执行cgi程序
AddHandler cgi-script .cgi ##程序触发器
</Directory>
- perl XXXXX ##Execute again
3.python
- "Wsgi" mkdir wsgi ##Create wsgi file
##python脚本
##vim index.wsgi ##编辑脚本
def application(env, westos):
westos('200 ok',[('Content-Type', 'text/html')])
return [b'hello world!']
-
chmod +x index.wsgi ##Increase executable permissions
-
vim /etc/httpd.conf.d/vhost.d
<VirtualHost>
ServerName wsgi.westos.org
WSGIScriptAlias / /var/www/html/wsgi/indx.wsgi
</VirtualHost>
- Install wsgi plugin dnf install python3-mod_wsgi systemctl restart httpd
- vim /etc/hosts wsgi.westos.org ##Add local resolution
- Access wsgi file
9. Apache's encrypted access
-
##Install the encryption plug-in dnf install mod_ssl -y
-
systemctl restart httpd
-
firewall-cmd --permanent --add-service=https ##Firewall service
-
firewall-cmd --list-all ##View firewall
-
View the certificate and delete it.
Enter from https://www.westos.org, select forward and accept changes
-
##Generate key
-
mkdir -p /etc/httpd/webkey/ ##Create a key directory
-
openssl genrsa -out /etc/httpd/webkey/www.westos.org.key 2048 #Generate private key
openssl x509 -req -days 365 -in /etc/httpd/webkey/www.westos.org.csr
-signkey /etc/httpd/webkey/www.westos.org.key
-out /etc/pki/tls/certs/www.westos.org.crt ##生成签证请求证书 x509 证书格式 -rep 请求 -in 加载签证姓名
-
mkdir /var/www/westos.org/login -p
-
echo login.westos.org > /var/www/westos.org/login/index.html
-
vim vhost.conf ##Write configuration file
<VirtualHost *:443>
ServerName login.westos.org
DocumentRoot /var/www/westos.org/login
CustomLog logs/login.log combined
SSLEngine on
SSLCertificateFile /etc/httpd/webkey/www.westos.org.crt
SSLCertificateKeyFile /etc/httpd/webkey/www.westos.org.key
</virtualHost>
- View certificate information has been updated
- Force direct access to https service
<VirtualHost *:80>
ServerName login.westos.org
RewriteEngine On
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1
</virtualHost>
^(/.*)$ ##The address entered in the customer address bar
%{HTTP_HOST} ##Customer host$1
##The value of the first string of characters following RewriteRule
- login.westos.org can directly enter https://login.westos.org