Building a web server [CentOS7]

Tasks required to be completed:

(1) Installation of Web server software

(2) Virtual directory configuration

(3) Virtual host configuration (domain name-based virtual host configuration, IP-based virtual host configuration, port-based virtual host configuration)

(4) User personal site configuration

(5) Host-based authorization, user-based authentication

(1) Installation and testing of web server

1. Check whether the httpd package is installed, if not installed, install it

2. Set the httpd service to start automatically, and start the service

3. Check whether the httpd service is started

4. Open port 80 on the firewall and check whether port 80 of the firewall is open

[root@pc1桌面]#firewall-cmd --permanent --zone=public --add-port=80/tcp
success
[root@pc1桌面]#firewall-cmd --permanent --zone=public --add-port=80/udp
success
[root@pc1桌面]#firewall-cmd --reload
success
[root@pc1桌面]#firewall-cmd --query-port=80/tcp
yes
[root@pc1桌面]#firewall-cmd --query-port=80/udp
yes

5. Test access in windows browser

 (2) Virtual directory configuration

The advantages of creating a virtual directory are: easy to access, easy to move the directory in the site, flexible to increase disk space, and good security. Use the Alias ​​option to create virtual directories.

Example: Create a website for the secondary unit of our school (take the School of Computer and Software as an example)

Step 1: Create the website physical directory of the two secondary units

[root@pc1~]#mkdir -p /var/www/jsjhtml

[root@pc1~]#mkdir -p /var/www/rjhtml

Step 2: Establish the homepage of the website of the two secondary units

[root@pc1~]#echo "this is jsj.">/var/www/jsjhtml/index.html

[root@pc1~]#echo "this is rj.">/var/www/rjhtml/index.html

Step 3: Edit the main configuration file

[root@pc1~]#vim /etc/httpd/conf/httpd.conf

Add a virtual directory (/jsj /rj) at the end of the file

Step 4: Change the security context of the physical directory

[root@pc1~]#chcon -R -t httpd_sys_content_t /var/www/

Step 5: Set SELinux Policy

[root@pc1~]#getsebool -a |grep httpd (Description: Check the security policy related to httpd)

httpd_enable_homedirs --> off // This item is open, change to on 

Step 5: Restart the httpd service

[root@pc1~]#systemctl restart httpd

 Step 6: Login test in the windows system browser

 (3) Virtual host configuration

IP-based virtual hosting

The local IP is 192.168.174.128, and then bind two IP addresses for the local network card, namely 192.168.174.130 and 192.168.174.131, and establish a virtual host based on these two IP addresses. The IP is 192.168.174.130 to publish the website of Nanyang Gas Company, and the IP is 192.168.174.131 to publish the website of Nanyang Institute of Technology.

Step 0: Bind two IP addresses to the network card

[root@pc1 www]# nmcli con m eno16777736 +ipv4.address "192.168.190.11/24,192.168.190.12/24"

[root@pc1 ~]# nmcli d d eno16777736

[root@pc1 ~]# nmcli con up  ifname  eno16777736

Step 1: Create two new folders

[root@pc1 www]# mkdir -p  /var/www/nyrq_ip11

[root@pc1 www]# mkdir - p /var/www/nyist_ip12

Step 2: Create a home page for the website

[root@pc1 www]# echo "this is nanyang ranqi."> /var/www/nyrq_ip11/index.html

[root@pc1 www]# echo "this is nanyang institute of technology." > /var/www/nyist_ip12/index.html

Step 3: Configure the configuration file for the virtual host

//Edit configuration file

[root@pc1 www]# vim /etc/httpd/conf.d/httpd-vhosts.conf

Add the following:

<VirtualHost 192.168.174.130>

    DocumentRoot "/var/www/nyrq_ip130/"

</VirtualHost>

<VirtualHost 192.168.174.131>

    DocumentRoot "/var/www/nyist_ip131/"

</VirtualHost>

Step 4: Restart the service

[root@pc1 www]# systemctl restart httpd

Step 5: Test Enter the IP in the windows browser, the result is as follows:

 Domain-based web hosting

The local IP is 192.168.174.128, the folder with the domain name www.nyrq.com is /var/www/nyrq, and the website of Nanyang Gas Company is published, and the folder with the domain name www.nyist.com is /var/www/nyist, Publish the Nanyang Institute of Technology website.

Step 1: Create two new folders

[root@pc1 www]# mkdir /var/www/nyrq

[root@pc1 www]# mkdir /var/www/nyist

Step 2: Create a home page for the website

[root@pc1 www]# echo "this is NanYang ranqi." > /var/www/nyrq/index.html

[root@pc1 www]# echo "this is NanYang LIGong Colloge." > /var/www/nyist/index.html

Step 3: Configure the configuration file for the virtual host

[root@pc1 www]# vim /etc/httpd/conf.d/httpd-vhosts.conf

// Write the following:

<VirtualHost 192.168.190.10:80>

    DocumentRoot "/var/www/nyrq/"

    ServerName www.nyrq.com

</VirtualHost>

<VirtualHost 192.168.190.10:80>

    DocumentRoot "/var/www/nyist/"

    ServerName www.nyist.com

</VirtualHost>

Step 4: Restart the service

[root@pc1 www]# systemctl restart httpd

Step 5: Add domain name resolution to the /etc/hosts file

[root@pc1 conf.d]#vim /etc/hosts

Add the following

192.168.174.128 www.nyrq.com

192.168.174.128 www.nyist.com

Save and exit.

Step 6: Test

The test results with the test tool links are as follows: (If you cannot use the test tool, you can install yum install –y links)

[root@pc1 conf.d]# links www.nyrq.com

 

[root@pc1 conf.d]# links www.nyist.com 

Port-based virtual hosting 

The local IP is 192.168.190.10, the virtual host of port 1888, the folder is /var/www/nyrqport, which publishes the website of Nanyang Gas Company, the virtual host of port 1666, the folder is /var/www/nyistport, and the folder is Nanyang Institute of Technology website.

Step 1 : Create two new folders

[root@pc1 www]# mkdir /var/www/nyrqport

[root@pc1 www]# mkdir /var/www/nyistport

Step 2 : Create a home page for the website

[root@pc1 www]# echo "this is nyrqport.">/var/www/nyrqport/index.html

[root@pc1 www]# echo "this is nyistport.">

/var/www/nyistport/index.html

Step 3 : Configure the configuration file for the virtual host

[root@pc1 www]# vim /etc/httpd/conf.d/httpd-vhosts.conf

// Write the following:

<VirtualHost 192.168.190.10:1888>

    DocumentRoot "/var/www/nyrqport/"

</VirtualHost>

<VirtualHost 192.168.190.10:1666>

    DocumentRoot "/var/www/nyistport/"

</VirtualHost>

Step 4: Edit the main configuration file and add the listening port

[root@pc1 conf.d]# vim /etc/httpd/conf/httpd.conf

Step 5 : Restart the service

[root@pc1 www]# systemctl restart httpd (There may be an error, you can go to the next step first, and then restart)

Step 6 : Turn off SELinux security or set a security policy

[root@pc1 www]# setenforce 0

Note: The way to set the security policy is to add the port that Apache listens to

The specific operation is as follows:

Step 7 : Test

 

(4) User personal site configuration 

Allow legitimate users on the Web server to create personal sites for themselves. In this example, personal sites are created for two users, user1 and user2, and the local IP is 192.168.174.128

Step 1 : Edit the configuration file /etc/httpd/conf.d/userdir.conf of the personal site , and modify the yellow text part.

[root@pc1 desktop]#vim /etc/httpd/conf.d/userdir.conf

 

Step 2 : Create two new folders

[root@pc1 www]# mkdir /home/user1/public_html

[root@pc1 www]# mkdir /home/user2/public_html

Step 3 : Create a homepage for the website

[root@pc1 www]# echo "this is user1."> /home/www/public_html/index.html

[root@pc1 www]# echo "this is user2."> /home/www/public_html/index.html

Step 4 : Open execute permissions for the folder

[root@pc1 desktop]#chmod 711 /home/user1

[root@pc1 desktop]#chmod 711 /home/user2

[root@pc1 desktop]#chmod 755 /home/user1/public_html

[root@pc1 desktop]#chmod 755 /home/user2/punlic_html

Step 5 : Set the security context for the folder

[root@pc1桌面]#chcon -R -t httpd_sys_content_t /home/user1

[root@pc1桌面]#chcon -R -t httpd_sys_content_t /home/user2

Step 6 : Close firewall (or open 80 ) port

[root@pc1 desktop]#systemctl stop firewalld//Turn off the firewall

Step 7 : Restart the service

[root@pc1 www]# systemctl restart httpd

Step 8 : Test

Enter the IP in the windows browser, the result is as follows:

 (5) Host-based authorization, user-based authentication

host-based authorization

Step 1: Create folders for information protection

[root@pc1 desktop]#mkdir /var/www/html/security

Step 2: Create a website inside /var/www/html/security

[root@pc1桌面]#echo "this is security dir">/var/www/html/security/index.html

Step 3: Edit the main configuration file /etc/httpd/conf/httpd.conf

[root@pc1desktop]#vim /etc/httpd/conf/httpd.conf

Add at the end of the file:

 <Directory "var/www/html/security">

357 Require ip 192.168.190// Allow all machines in the 192.168.190.0 network to access

358 </Directory>

Step 4: Restart the httpd service

[root@pc1 desktop]#systemctl restart httpd

Step 5: Test

 

Modify the IP network number allowed in step 3, test again, and deny access. 

 user-based authentication

Step 1 : Create a folder and build a website under the folder

[root@pc1~]#mkdir /var/www/html/auth

[root@pc1~]#echo "this is auth secure.">/var/www/html/auth/index.html

Step 2 : Edit the main configuration file /etc/httpd/conf/httpd.conf

[root@pc1~]#vim /etc/httpd/conf/httpd.conf

Add at the end of the configuration file:

<Directory "var/www/html/auth">

 AllowOverride None

 AuthType Basic

 AuthName "auth"

 AuthUserFile /etc/httpd/conf/authpasswd

 Require user auth me

 </Directory>

Step 3 : Create apache users auth and me . Note that when creating the first apache user, add the -c option, and you don't need to add the -c option later. The added apache user is consistent with what is allowed in the configuration file . For a legal apache user, if he is not allowed to access in the configuration file, he cannot also access the website.

[root@pc1~]#htpasswd -c /etc/httpd/conf/authpasswd auth

New password:

Re-type new password:

Adding password for user auth

[root@pc1~]#htpasswd  /etc/httpd/conf/authpasswd me

New password:

Re-type new password:

Adding password for user me

Step 4 : Change the user master and group of the user password file to apache

[root@pc1~]#chown apache.apache /etc/httpd/conf/authpasswd

Step 5 : Restart the httpd service

[root@pc1~]#systemctl restart httpd

Step 7 : Test

Configure authentication and authorization in the .htaccess file

 

Step 1 : Create a folder and build a website under the folder

[root@pc1~]#mkdir /var/www/html/myauth

[root@pc1~]#echo "Hello world.">/var/www/html/myauth/index.html

Step 2 : Edit the main configuration file /etc/httpd/conf/httpd.conf

[root@pc1~]#vim /etc/httpd/conf/httpd.conf

Add at the end of the configuration file:

<Directory "/var/www/html/myauth">

 AllowOverride AuthConfig

</Directory>

Step 3 : Edit the .htaccess file

[root@pc1conf]#vim /var/www/html/myauth/.htaccess

add something

 AuthType Basic

 AuthName "authtest"

 AuthUserFile /etc/httpd/conf/authpasswd1

 Require user user1 user2 

Step 4 : Create apache users user1 and user2 . Note that when creating the first apache user, add the -c option, and there is no need to add the -c option later. The added apache user is consistent with what is allowed in the configuration file . For a legal apache user, if he is not allowed to access in the configuration file, he cannot also access the website.

[root@pc1~]#htpasswd -c /etc/httpd/conf/authpasswd1 user1

New password:

Re-type new password:

Adding password for user user1

[root@pc1~]#htpasswd  /etc/httpd/conf/authpasswd1 user2

New password:

Re-type new password:

Adding password for user user1

 

Step 5 : Change the user master and group of the user password file to apache

[root@pc1~]#chown apache.apache /etc/httpd/conf/authpasswd1

Step 6 : Restart the httpd service

[root@pc1~]#systemctl restart httpd

Step 7 : Test