System management and network services

System management and network service
The configuration of the experimental environment:
configure the network card file to
build the software warehouse
View the specific configuration process (software warehouse configuration)

http: Hypertext Transfer Protocol (check data)
curl -I www.taobao.com

Note: View the service software
Apache
nginx
stgw
jfe

How to install Apache to
install the Apache service
Open the Apache
setting firewall (set when the firewall is turned on)
firewall-cmd --permanent --add--service=http
fire-cmd --reload
fire-cmd --list-all

Operation process:

Basic configuration of Apache
Service name: httpd
view configuration file

netstat -antlupe | grep httpd

Port change
netstat -antlupe | grep httpd View the port
Edit the main configuration file Listen
45 line
Firewall must set the port to open

Restart the httpd service, and view the change result

/var/www/html (default publishing file)
requirement: file name: index.html
How to change the default publishing file
setting
/etc/httpd/conf/httpd.conf in the main configuration file

When there are two default files, access the file westos. When the file westos does not exist, access index.html.
Note: After the modification is completed, the htppd service must be restarted and verified on the web page.

Change of the default publishing directory, line 122 in the main configuration file of the
original directory /var/www/html

<Directory “/var/www/westos”>
Require all granted


and authorize access to the directory.
Restart the httpd service and verify on the web page

Apache access control

Based on ip

All users are prohibited from accessing, only 172.25.254.40 users are allowed to access

User-based access settings

Write htpasswd -cm /etc/httpd/.htpasswd lee
htpasswd -m /etc/httpd/.htpasswd lee
in the main configuration file (about 130 lines)

and restart the service.

When you visit again, you don’t need to enter the user and password
browser information Clear ctrl +shift+del

Apache virtual host

Solve the publishing of multiple pages,
assuming the website is westos.org

linux shell python is the three sub-pages in westos.org


Note: local address resolution (the host where the browser is located)

At this time, when you visit the four web pages, you will all visit
the sub-configuration directory of the default test page Apache: /etc/httpd/conf.d

configuration root directory /etc/httpd

Note: ~ in the above figure is an incorrect input, after completing the above configuration Restart the htppd service and
you can access the three sub-pages through the domain name

Apache to (php perl python) access

https:
The security of encrypted transmission plaintext is too poor

php release

Note: successful access to php

perl access

Cgi executes the script.
Condition: Install the help documentation of httpd-manual Apache

Find the cgi program through the network
Create /var/www/html/cgi
write file index.cgi

chmod +x index.cgi
modify file permissions
modify the main file /etc/httpd/conf.d/vhost.conf

restart httpd service, apache access Show results

python access

The configuration of the experimental environment:
dnf install mod_ssl

After dnf install mod_ssl is
completed, there will be an encrypted configuration file in /etc/httpd/conf.d.
Restart httpd
firewall-cmd --permanent --add-service=https ##Firewall supports
firewall-cmd --reload
firewall-cmd - list-all

openssl genrsa -out /etc/httpd/webkey/www.westos.org.key 2048
openssl genrsa -out /etc/httpd/webkey/www.westos.org.csr 2048 ##visa

After creating the directory
openssl genrsa -out /etc/httpd/webkey/www.westos.org.key 2048 #Generate key

openssl req -new -key /etc/httpd/webkey/www.westos.org.key -out /etc/httpd/webkey/www.westos.org.csr ##visa request writing
##Fill in company information,
country, province, city company Department domain mailbox

openssl x509 -req -days 365 -in /etc/httpd/webkey/www.westos.org.csr -signkey /etc/httpd/wenkey/www.westos.org.key -out /etc/httpd/webkey/www. westos.org.crt
##certificate issue
#x509 certificate format
#-rep request
#-in load visa name

Create an encrypted website
/var/www/westos.org/lodin -p
echo login.westos.org> /var/www/westos.org/login/index.html

vim /etc/httpd/conf.d/vhost.conf

<VirtualHost *：443>
ServerName=login.westos.org
DocumentRoot /var/www/westos.org/login
Customlog logs/login.log combined
SSLENGINE ON
SSLCertificateFile /etc/httpd/webkey/www.westos.org.crt
SSLCertificateKeyFile /etc/httpd/webkey/www.westos.org.key

Use sp /etc/httpd/conf.d/ssl.conf ##Parameter reference file
systemctl restart httpd ##Restart the system
vim /etc/hosts ##Edit local analysis

No http access, port conversion from 80 to 443
vim /etc/httpd/conf.d/vhost.conf
<VirtualHost ：80>
ServerName=login.westos.org
RewriteEngine On
RewriteRule ^(/. )$ https://%{ HTTP_HOST}$1 ##Automatically encrypt and

restart the service