**************************************************** **************************************************** ********************
◆Case 1◆ Install Apache from source
************************ **************************************************** ********************************************
**************************************************** ********
Installation dependencies
**************************************** ********************
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum -y install epel-release
yum install -y gcc openssl openssl-devel zlib zlib-devel pcre pcre-devel expat-devel libxml2-devel
**************************************************** ********
Install Apr-1.6.3
************************************ *********************
wget http://www-eu.apache.org/dist//apr/apr-1.6.3.tar.gz
tar -xzvf apr-1.6.3.tar.gz
cd apr-1.6.3 /
CC="gcc -m64" ./configure --prefix=/usr/local/apr
./configure --prefix=/usr/local/apr
make && make install
**************************************************** ********
Install Apr-util-1.6.1
************************************ ************************
wget http://www-eu.apache.org/dist//apr/apr-util-1.6.1.tar.gz
tar -xzvf apr-util-1.6.1.tar.gz
cd apr-util-1.6.1 /
./configure --prefix=/usr/local/apr-util \
--with-apr=/usr/local/apr
make && make install
**************************************************** ********
Install Apache-2.4.33
************************************ *********************
wget http://www-eu.apache.org/dist//httpd/httpd-2.4.33.tar.gz
tar -xzvf httpd-2.4.33.tar.gz
cd httpd-2.4.33/
./configure --prefix=/usr/local/apache2 \
--enable-rewrite \
--enable-so \
--enable-headers \
--enable-expires \
--with-mpm=worker \
--enable-modules=most \
--enable-deflate \
--enable-ssl \
--with-apr=/usr/local/apr \
--with-apr-util=/usr/local/apr-util \
--with-pcre=/usr/local/pcre
make && make install
**************************************************** **************************************************** ********************
◆Case 2◆ Open the web page to realize authentication--Username and password authentication
***************** **************************************************** **************************************************** *
1. Edit the main configuration file
vim /usr/local/apache2/conf/httpd.conf
2. Find and modify key positions
Anchor Feature: # It can be "All", "None", or any combi offset +3
Find AllowOverride none (around line 235)
Modified to AllowOverride all
3. Create .htaccess under the httpd configuration file directory /usr/local/apache2/htdocs and write the following content
vim /usr/local/apache2/htdocs/.htaccess
write↓
authname "welcome to apache" #Welcome prompt information
authtype basic #Authentication type
authuserfile /usr/local/apache2/htdocs/login.psd #Authentication file storage location
require valid-user #Users other than authenticated users are not allowed to log in
4. Add an authenticated user -c to create a password file, only one user can be added -m to create a password file, which is an additional write
Add <-c> authentication user, only one user can be added
/usr/local/apache2/bin/htpasswd -c /usr/local/apache2/htdocs/login.psd LyShark
Add <-m> authenticated user LyShark, which is an additional write, and multiple users can be created
/usr/local/apache2/bin/htpasswd -m /usr/local/apache2/htdocs/login.psd LyShark
**************************************************** **************************************************** ********************
◆Case 3◆ Implementing Authentication – Client Authentication
******************** **************************************************** ************************************************
**************************************************** ********
Allow individual IP addresses to access web pages, deny all
******************************** ************************
1. Modify the main configuration file
vim /usr/local/apache2/conf/httpd.conf
Targeting feature: #AllowOverride FileInfo AuthCon offset +3
Write (about 236 lines) Write the following in the <Directory> nest
<requireall>
require all granted
require ip 192.168.1.10 #IP address allowed to access
</requireall>
#Require all granted #This line must be commented out
**************************************************** ********
Deny access to individual IP addresses, allow all
************************************ ************************
1. Modify the main configuration file
vim /usr/local/apache2/conf/httpd.conf
Targeting feature: #AllowOverride FileInfo AuthCon offset +3
Write (around line 236) Write the following inside the <Directory> nest
<requireall>
require all granted
require ip 192.168.22.147 #IP address denied access
</requireall>
#Require all granted #This line must be commented out
**************************************************** **************************************************** ********************
◆Case 4◆ Directory Aliases - Decrease Directory Depth
******************** **************************************************** ************************************************
1. Open the main configuration file
vim /usr/local/apache2/conf/httpd.conf
2. At the end of the configuration file line, append the write
alias "/lyshark" "/user/local/apache2/htdocs/a/b/c/d"
Meaning: Simplify the access path from http://IP address/a/b/c/d to http://IP address/lyshark
**************************************************** **************************************************** ********************
◆Case 5◆ Configure virtual host (emphasis)
************************ **************************************************** ************************************************
**************************************************** ****************************
※ IP-based virtual host ※ >>> Realize one server with multiple IP addresses and build multiple websites< <<
************************************************ ****************************
1. Add a sub-interface eth0:0 to the eth0 NIC
ifconfig eth0:0 192.168.22.148 netmask 255.255.255.0
2. Edit the main configuration file and enable the virtual host option (uncomment it)
vim /usr/local/apache2/conf/httpd.conf
Targeting feature: # Local access to the Apache HTTP S offset-2
Search for the keyword Virtual hosts (about line 463)
Include conf/extra/httpd-vhosts.conf #Uncomment this line
3. Modify the main configuration file to add a virtual host
vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost 192.168.22.147:80>
DocumentRoot "/usr/local/apache2/htdocs/vhost1"
ServerName dummy-host.example.com
</VirtualHost>
<VirtualHost 192.168.22.148:80>
DocumentRoot "/usr/local/apache2/htdocs/vhost2"
ServerName dummy-host2.example.com
</VirtualHost>
4. Create the vhost1 and vhost2 directories respectively, and put them in two index.html files
mkdir /usr/local/apache2/htdocs/vhost1
mkdir /usr/local/apache2/htdocs/vhost2
echo "vhost1 test page">/usr/local/apache2/htdocs/vhost1/index.html
echo "vhost2 test page">/usr/local/apache2/htdocs/vhost2/index.html
5. Restart the service and test the effect
/usr/local/apache2/bin/apachectl restart
**************************************************** *************************
※Port-based virtual host ※ >>>Realize one server with multiple ports and build multiple websites<< <
************************************************ ****************************
1. Edit the main configuration file and enable the virtual host option (uncomment it)
vim /usr/local/apache2/conf/httpd.conf
Targeting feature: # Local access to the Apache HTTP S offset-2
Search for the keyword Virtual hosts (around line 463)
Include conf/extra/httpd-vhosts.conf #Uncomment this line
2. Modify the main configuration file to add a virtual host
vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost 192.168.22.147:80>
DocumentRoot "/usr/local/apache2/htdocs/vhost1"
ServerName dummy-host.example.com
</VirtualHost>
<VirtualHost 192.168.22.147:8080>
DocumentRoot "/usr/local/apache2/htdocs/vhost2"
ServerName dummy-host2.example.com
</VirtualHost>
3. Create the vhost1 and vhost2 directories respectively, and put them in two index.html files
mkdir /usr/local/apache2/htdocs/vhost1
mkdir /usr/local/apache2/htdocs/vhost2
echo "vhost1 test page">/usr/local/apache2/htdocs/vhost1/index.html
echo "vhost2 test page">/usr/local/apache2/htdocs/vhost2/index.html
4. Restart the service and test
/usr/local/apache2/bin/apachectl restart
**************************************************** ****************************
※Virtual hosting based on domain name※ >>>Realize one server with multiple domain names and build multiple websites<< <
************************************************ ****************************
1. Set up a dns server, realize forward resolution, and point the resolution address to the same ip
2. Open the main configuration file to open the virtual host
vim /usr/local/apache2/conf/httpd.conf
Targeting feature: # Local access to the Apache HTTP S offset-2
Search keyword: Virtual hosts (around line 463)
Include conf/extra/httpd-vhosts.conf #Uncomment enable function
3. Enter the virtual host configuration file
vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/usr/local/apache2/htdocs/vhost1"
ServerName www.wang.com #wang.com resolves to vhost1 directory record
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/usr/ local/apache2/htdocs/vhost2"
ServerName www.rui.com #rui.com resolves to the vhost2 directory
</VirtualHost>
4. Create two corresponding directories in the web page save location and put them in the website index.html
mkdir /usr/local/apache2/htdocs/vhost1
mkdir /usr/local/apache2/htdocs/vhost2
echo "vhost1 test page">/usr/local/apache2/htdocs/vhost1/index.html #创建测试页
echo "vhost2 test page">/usr/local/apache2/htdocs/vhost2/index.html
5. Restart the service to take effect
/usr/local/apache2/bin/apachectl restart
**************************************************** **************************************************** ********************
◆Case 6◆ Open personal homepage function
************************ **************************************************** ************************************************
-------------------------------------------------- --------------------------
Experimental requirements: Give each user a separate web space
---------- -------------------------------------------------- ----------------
1. Open the corresponding module
vim /usr/local/apache2/conf/httpd.conf
LoadModule userdir_module modules/mod_userdir.so #Uncomment (about 146 lines)
Targeting feature: # User home directories
Include conf/extra/httpd-userdir.conf #Uncomment (around line 458)
2. Enter the configuration file and exit without modification
vim /usr/local/apache2/conf/extra/httpd-userdir.conf
3. Create a user and set a password
useradd lyshark
passwd lyshark
4. Enter the user's home directory, create the corresponding file, and grant permissions
mkdir -p /home/lyshark/public_html #Create public_html in the user's home directory
echo "This is the web space of lyshark" >>/home/lyshark/public_html/index.html #Create a test page
chmod 755 /home/lyshark/public_html/index.html #Grant execute permission
chmod 755 /home/lyshark #give execute permission
5. Access the test through a browser
The format is: http://192.168.22.147/~lyshark
**************************************************** **************************************************** ********************
◆Case 7◆ Enable address jumping (emphasis)
******************** **************************************************** ****************************************************
--- -------------------------------------------------- -------------
Experimental requirements: Realize domain name jump www.xdl.com jump to www.baidu.com
------- -------------------------------------------------- -------------------
1. Build a dns server, implement forward resolution, and point the resolution address to the same ip
2. Edit the main configuration file to enable the corresponding function (uncomment)
vim /usr/local/apache2/conf/httpd.conf
LoadModule vhost_alias_module modules/mod_vhost_alias.so #Enable virtual host (about 141 lines)
LoadModule rewrite_module modules/mod_rewrite.so #Enable web page rewriting (about 148 lines)
Include conf/extra/httpd-vhosts.conf #Load modules (about 148 lines) on line 464)
3. Rewrite the virtual host configuration file
vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
write:
<VirtualHost *:80>
DocumentRoot "/usr/local/apache2/htdocs/xdl"
ServerName www.xdl.com
</VirtualHost>
<Directory "/usr/local/apache2/htdocs/xdl">
Options indexes followsymlinks
Allowoverride all
Require all granted
</Directory>
<VirtualHost *:80>
DocumentRoot "/usr/local/apache2/htdocs/baidu"
ServerName www.baidu.com
</VirtualHost>
4. Create a web page file storage location and a test page respectively
mkdir -p /usr/local/apache2/htdocs/xdl
mkdir -p /usr/local/apache2/htdocs/baidu
echo “XDL com” > /usr/local/apache2/htdocs/xdl/index.html
echo “BAIDU com” > /usr/local/apache2/htdocs/baidu/index.html
5. Create a .htaccess file in the directory of the web page you want to jump to
write
rewriteengine on #Open the jump function
rewritecond %{HTTP_HOST} www.xdl.com #Rewrite www.xdl.com
rewriterule .* http://www.baidu.com #Jump to www.baidu.com
**************************************************** **************************************************** ********************
◆Case 8◆ Enable HTTPS to generate SSL certificate
************************ **************************************************** ************************************************
1. Create the server private key, you need to enter the password during the process
openssl genrsa -des3 -out server.key 1024
-------------------------------------------------- --------------------------
Note:
Genrsa –des3 #encryption type
-out server.key #output file- 1024 #encryption
length
--- -------------------------------------------------- -----------------------
2. Create a certificate, and the generated csr file is signed by the CA to form the server's own certificate
openssl req -new -key server.key -out server.csr
-------------------------------------------------- --------------------------
Note:
req -new #New certificate
-key server.key #Private key file
-out server.csr #Output document
Note: Enter in order: the full name of the national, provincial and municipal organization EMAIL Whether to change the password or not to change the name
------------------------------- ---------------------------------------------
3. Convert it into a certificate. This step is done by the certificate CA agency. This is just an experiment.
openssl x509 -req -days 365 -sha256 -in server.csr -signkey server.key -out servernew.crt
4. Configure the server to support https
cp servernew.crt /usr/local/apache2/conf/server.crt #Copy the certificate to the conf directory
cp server.key /usr/local/apache2/conf/server.key #The private key should also be placed in the conf directory
vim /usr/local/apache2/conf/httpd.conf #Open http main configuration file
LoadModule ssl_module modules/mod_ssl.so #Enable ssl function (about 129 lines)
Include conf/extra/httpd-ssl.conf #Open ssl template, search for SSLRandomSeed (about 481 lines)
vim /usr/local/apache2/conf/extra/httpd-ssl.conf #Open the ssl configuration file
Positioning signature: # to use and second the expiringSearch for SSLSessionCache #Comment
out the cache settings (about 76 lines)
注释掉:
SSLSessionCache "dbm:/usr/local/apache2/logs/ssl_scache"
SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
5. Restart the service and enter the password
/usr/local/apache2/bin/apachectl restart