Tasks required to be completed:
(1) Installation of Web server software
(2) Virtual directory configuration
(3) Virtual host configuration (domain name-based virtual host configuration, IP-based virtual host configuration, port-based virtual host configuration)
(4) User personal site configuration
(5) Host-based authorization, user-based authentication
(1) Installation and testing of web server
- Check whether the httpd package is installed, if not installed, install it
2. Set the httpd service to start automatically, and start the service
3. Check whether the httpd service is started
4. Open port 80 on the firewall and check whether port 80 of the firewall is open
[root@pc1桌面]#firewall-cmd --permanent --zone=public --add-port=80/tcp
success
[root@pc1桌面]#firewall-cmd --permanent --zone=public --add-port=80/udp
success
[root@pc1桌面]#firewall-cmd --reload
success
[root@pc1桌面]#firewall-cmd --query-port=80/tcp
yes
[root@pc1桌面]#firewall-cmd --query-port=80/udp
yes
5. Test access in windows browser
(2) Virtual directory configuration
The advantages of creating a virtual directory are: easy to access, easy to move the directory in the site, flexible to increase disk space, and good security. Use the Alias option to create virtual directories.
Example: Create a website for the secondary unit of our school (take the School of Computer and Software as an example)
Step 1: Create the website physical directory of the two secondary units
[root@pc1~]#mkdir -p /var/www/jsjhtml
[root@pc1~]#mkdir -p /var/www/rjhtml
Step 2: Establish the homepage of the website of the two secondary units
[root@pc1~]#echo "this is jsj.">/var/www/jsjhtml/index.html
[root@pc1~]#echo "this is rj.">/var/www/rjhtml/index.html
Step 3: Edit the main configuration file
[root@pc1~]#vim /etc/httpd/conf/httpd.conf
Add a virtual directory (/jsj /rj) at the end of the file
Step 4: Change the security context of the physical directory
[root@pc1~]#chcon -R -t httpd_sys_content_t /var/www/
Step 5: Set SELinux Policy
[root@pc1~]#getsebool -a |grep httpd (Description: Check the security policy related to httpd)
httpd_enable_homedirs --> off // This item is open, change to on
Step 5: Restart the httpd service
[root@pc1~]#systemctl restart httpd
Step 6: Login test in the windows system browser
(3) Virtual host configuration
IP-based virtual hosting
The local IP is 192.168.174.128, and then bind two IP addresses for the local network card, namely 192.168.174.130 and 192.168.174.131, and establish a virtual host based on these two IP addresses. The IP is 192.168.174.130 to publish the website of Nanyang Gas Company, and the IP is 192.168.174.131 to publish the website of Nanyang Institute of Technology.
Step 0: Bind two IP addresses to the network card
[root@pc1 www]# nmcli con m eno16777736 +ipv4.address "192.168.190.11/24,192.168.190.12/24"
[root@pc1 ~]# nmcli d d eno16777736
[root@pc1 ~]# nmcli con up ifname eno16777736
Step 1: Create two new folders
[root@pc1 www]# mkdir -p /var/www/nyrq_ip11
[root@pc1 www]# mkdir - p /var/www/nyist_ip12
Step 2: Create a home page for the website
[root@pc1 www]# echo "this is nanyang ranqi."> /var/www/nyrq_ip11/index.html
[root@pc1 www]# echo "this is nanyang institute of technology." > /var/www/nyist_ip12/index.html
Step 3: Configure the configuration file for the virtual host
//Edit configuration file
[root@pc1 www]# vim /etc/httpd/conf.d/httpd-vhosts.conf
Add the following:
<VirtualHost 192.168.174.130>
DocumentRoot "/var/www/nyrq_ip130/"
</VirtualHost>
<VirtualHost 192.168.174.131>
DocumentRoot "/var/www/nyist_ip131/"
</VirtualHost>
Step 4: Restart the service
[root@pc1 www]# systemctl restart httpd
Step 5: Test Enter the IP in the windows browser, the result is as follows:
Domain-based web hosting
The local IP is 192.168.174.128, the folder with the domain name www.nyrq.com is /var/www/nyrq, and the website of Nanyang Gas Company is published, and the folder with the domain name www.nyist.com is /var/www/nyist, Publish the Nanyang Institute of Technology website.
Step 1: Create two new folders
[root@pc1 www]# mkdir /var/www/nyrq
[root@pc1 www]# mkdir /var/www/nyist
Step 2: Create a home page for the website
[root@pc1 www]# echo "this is NanYang ranqi." > /var/www/nyrq/index.html
[root@pc1 www]# echo "this is NanYang LIGong Colloge." > /var/www/nyist/index.html
Step 3: Configure the configuration file for the virtual host
[root@pc1 www]# vim /etc/httpd/conf.d/httpd-vhosts.conf
// Write the following:
<VirtualHost 192.168.190.10:80>
DocumentRoot "/var/www/nyrq/"
ServerName www.nyrq.com
</VirtualHost>
<VirtualHost 192.168.190.10:80>
DocumentRoot "/var/www/nyist/"
ServerName www.nyist.com
</VirtualHost>
Step 4: Restart the service
[root@pc1 www]# systemctl restart httpd
Step 5: Add domain name resolution to the /etc/hosts file
[root@pc1 conf.d]#vim /etc/hosts
Add the following
192.168.174.128 www.nyrq.com
192.168.174.128 www.nyist.com
Save and exit.
Step 6: Test
The test results with the test tool links are as follows: (If you cannot use the test tool, you can install yum install –y links)
[root@pc1 conf.d]# links www.nyrq.com
[root@pc1 conf.d]# links www.nyist.com
Port-based virtual hosting
The local IP is 192.168.190.10, the virtual host of port 1888, the folder is /var/www/nyrqport, which publishes the website of Nanyang Gas Company, the virtual host of port 1666, the folder is /var/www/nyistport, and the folder is Nanyang Institute of Technology website.
Step 1 : Create two new folders
[root@pc1 www]# mkdir /var/www/nyrqport
[root@pc1 www]# mkdir /var/www/nyistport
Step 2 : Create a home page for the website
[root@pc1 www]# echo "this is nyrqport.">/var/www/nyrqport/index.html
[root@pc1 www]# echo "this is nyistport.">
/var/www/nyistport/index.html
Step 3 : Configure the configuration file for the virtual host
[root@pc1 www]# vim /etc/httpd/conf.d/httpd-vhosts.conf
// Write the following:
<VirtualHost 192.168.190.10:1888>
DocumentRoot "/var/www/nyrqport/"
</VirtualHost>
<VirtualHost 192.168.190.10:1666>
DocumentRoot "/var/www/nyistport/"
</VirtualHost>
Step 4: Edit the main configuration file and add the listening port
[root@pc1 conf.d]# vim /etc/httpd/conf/httpd.conf
Step 5 : Restart the service
[root@pc1 www]# systemctl restart httpd (There may be an error, you can go to the next step first, and then restart)
Step 6 : Turn off SELinux security or set a security policy
[root@pc1 www]# setenforce 0
Note: The way to set the security policy is to add the port that Apache listens to
The specific operation is as follows:
Step 7 : Test
(4) User personal site configuration
Allow legitimate users on the Web server to create personal sites for themselves. In this example, personal sites are created for two users, user1 and user2, and the local IP is 192.168.174.128
Step 1 : Edit the configuration file /etc/httpd/conf.d/userdir.conf of the personal site , and modify the yellow text part.
[root@pc1 desktop]#vim /etc/httpd/conf.d/userdir.conf
Step 2 : Create two new folders
[root@pc1 www]# mkdir /home/user1/public_html
[root@pc1 www]# mkdir /home/user2/public_html
Step 3 : Create a homepage for the website
[root@pc1 www]# echo "this is user1."> /home/www/public_html/index.html
[root@pc1 www]# echo "this is user2."> /home/www/public_html/index.html
Step 4 : Open execute permissions for the folder
[root@pc1 desktop]#chmod 711 /home/user1
[root@pc1 desktop]#chmod 711 /home/user2
[root@pc1 desktop]#chmod 755 /home/user1/public_html
[root@pc1 desktop]#chmod 755 /home/user2/punlic_html
Step 5 : Set the security context for the folder
[root@pc1桌面]#chcon -R -t httpd_sys_content_t /home/user1
[root@pc1桌面]#chcon -R -t httpd_sys_content_t /home/user2
Step 6 : Close firewall (or open 80 ) port
[root@pc1 desktop]#systemctl stop firewalld//Turn off the firewall
Step 7 : Restart the service
[root@pc1 www]# systemctl restart httpd
Step 8 : Test
Enter the IP in the windows browser, the result is as follows:
(5) Host-based authorization, user-based authentication
host-based authorization
Step 1: Create folders for information protection
[root@pc1 desktop]#mkdir /var/www/html/security
Step 2: Create a website inside /var/www/html/security
[root@pc1桌面]#echo "this is security dir">/var/www/html/security/index.html
Step 3: Edit the main configuration file /etc/httpd/conf/httpd.conf
[root@pc1desktop]#vim /etc/httpd/conf/httpd.conf
Add at the end of the file:
<Directory "var/www/html/security">
357 Require ip 192.168.190// Allow all machines in the 192.168.190.0 network to access
358 </Directory>
Step 4: Restart the httpd service
[root@pc1 desktop]#systemctl restart httpd
Step 5: Test
Modify the IP network number allowed in step 3, test again, and deny access.
user-based authentication
Step 1 : Create a folder and build a website under the folder
[root@pc1~]#mkdir /var/www/html/auth
[root@pc1~]#echo "this is auth secure.">/var/www/html/auth/index.html
Step 2 : Edit the main configuration file /etc/httpd/conf/httpd.conf
[root@pc1~]#vim /etc/httpd/conf/httpd.conf
Add at the end of the configuration file:
<Directory "var/www/html/auth">
AllowOverride None
AuthType Basic
AuthName "auth"
AuthUserFile /etc/httpd/conf/authpasswd
Require user auth me
</Directory>
Step 3 : Create apache users auth and me . Note that when creating the first apache user, add the -c option, and you don't need to add the -c option later. The added apache user is consistent with what is allowed in the configuration file . For a legal apache user, if he is not allowed to access in the configuration file, he cannot also access the website.
[root@pc1~]#htpasswd -c /etc/httpd/conf/authpasswd auth
New password:
Re-type new password:
Adding password for user auth
[root@pc1~]#htpasswd /etc/httpd/conf/authpasswd me
New password:
Re-type new password:
Adding password for user me
Step 4 : Change the user master and group of the user password file to apache
[root@pc1~]#chown apache.apache /etc/httpd/conf/authpasswd
Step 5 : Restart the httpd service
[root@pc1~]#systemctl restart httpd
Step 7 : Test
Configure authentication and authorization in the .htaccess file
Step 1 : Create a folder and build a website under the folder
[root@pc1~]#mkdir /var/www/html/myauth
[root@pc1~]#echo "Hello world.">/var/www/html/myauth/index.html
Step 2 : Edit the main configuration file /etc/httpd/conf/httpd.conf
[root@pc1~]#vim /etc/httpd/conf/httpd.conf
Add at the end of the configuration file:
<Directory "/var/www/html/myauth">
AllowOverride AuthConfig
</Directory>
Step 3 : Edit the .htaccess file
[root@pc1conf]#vim /var/www/html/myauth/.htaccess
add something
AuthType Basic
AuthName "authtest"
AuthUserFile /etc/httpd/conf/authpasswd1
Require user user1 user2
Step 4 : Create apache users user1 and user2 . Note that when creating the first apache user, add the -c option, and there is no need to add the -c option later. The added apache user is consistent with what is allowed in the configuration file . For a legal apache user, if he is not allowed to access in the configuration file, he cannot also access the website.
[root@pc1~]#htpasswd -c /etc/httpd/conf/authpasswd1 user1
New password:
Re-type new password:
Adding password for user user1
[root@pc1~]#htpasswd /etc/httpd/conf/authpasswd1 user2
New password:
Re-type new password:
Adding password for user user1
Step 5 : Change the user master and group of the user password file to apache
[root@pc1~]#chown apache.apache /etc/httpd/conf/authpasswd1
Step 6 : Restart the httpd service
[root@pc1~]#systemctl restart httpd
Step 7 : Test