Apache is a widely used web application server. The following describes its installation and deployment in the Linux environment and common operations from the perspective of operation and maintenance.
Table of contents
1. Installation and deployment
2. Introduction to apache common configuration files
4. Modify the default release file
5. Modify the default release directory
6. Virtual host function realizes multi-site
7. Apache internal access control
1. Installation and deployment
The installation of apache is very simple. You can use yum to install httpd (software) and httpd-manual (manual package) with one click. The commands are shown in the figure below
yum install httpd -y
yum install httpd-manual -yAfter the installation of the above services is completed, the firewall needs to open port 80 (apache default port) and http service
firewall-cmd --list-all //查看防火墙所有信息
也可以分开查看端口和服务信息
firewall-cmd --list-ports //查看放行端口信息
firewall-cmd --list-services //查看放行服务信息
若80端口未放行,使用下面命令放行80端口
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --reload //防火墙重新加载策略
若http服务未放行,使用下面命令放行http服务
firewall-cmd --permanent --add-services=http
firewall-cmd --reload //防火墙重新加载策略After the above operations are completed, start the httpd service
systemctl start httpd //启动httpd服务
systemctl enable httpd //在下次开机时自启动httpd服务
systemctl status httpd //查看httpd服务状态
systemctl stop httpd //停止httpd服务
systemctl restart httpd //重启httpd服务The status active (running) appears as shown in the figure below, and the httpd service is running normally
After the service is running normally, you can open the browser on the computer to visit: http://xxxx, and you can normally access /var/www/html/index.html (the default web page release file will be introduced below). The content in the file is installed successfully (the following content has been modified, not the default)
2. Introduction to apache common configuration files
Use yum to install apache's configuration file path with one click: /etc/httpd/
The conf directory under this directory is the service main configuration file, conf.d is the sub-configuration file, and the logs directory is the log directory. What we mainly need to understand is the httpd.conf configuration file in the conf directory. The common configuration in the configuration file is introduced as follows
(1) ServerRoot: the root directory of apache, all subsequent relative directories used are in this directory
(2) Listen: listening port (default 80, can be modified)
(3) User and Group: user and user group information
(4) ServerName: Set the host name and port number used by the server to identify itself
(5) DocumentRoot: the directory where webpage files are stored
(6) Directory: Encapsulate some instructions for a certain directory, and only take effect for this directory
(7) DirectoryIndex in IfModule: Web page publishing file
3. Modify the default port
1. (1) In the /etc/httpd/conf/httpd.conf configuration file, modify the port number of the Listen configuration item to 8080 (port 8080 has been released by the general firewall and also exists in the security context port management list)
(2) Restart the httpd service after saving the modification (systemctl restart httpd)
(3) Open http://xxxx:8080 in the browser to access normally
2. If you want to modify a port number that has not been released by the firewall, you need to add the port to the management list when the firewall is installed first and selinux is enabled, so that the browser can access it normally.
If the port number is changed to 1234, execute the following command to release the port after modification
Reload the firewall policy after release, and then check the firewall port information, and found that 1234/tcp has been added
The following commands view the selinux management port list, and add port number 1234 to the management list
Then restart the httpd service, and the browser accesses http://xxxx:1234, which can be accessed normally
4. Modify the default release file
(1) The default release file is index.html in the /var/www/html/ directory. Modify the following configuration items in the /etc/httpd/conf/httpd.conf configuration file
The release files configured after the DirectoryIndex will be read in order, and the first ones will be displayed first. For example, as shown in the figure, the content in the /var/www/html/index.html file is displayed first. If the index.html file does not exist, the content in the /var/www/html/test.html file will be displayed
(2) Create a test.html file in the /var/www/html directory, and write the content: second. Delete index.html, and then visit with a browser: http://xxxx:8080 (the port number has been modified to 8080), and the content in the test.html file is shown in the figure below
5. Modify the default release directory
(1) The default publishing directory is /var/www/html. Modify the following configuration items in the /etc/httpd/conf/httpd.conf configuration file, and modify the release directory to /test/www/html. Among them, the line Require all granted is used for authorization, allowing all requests to access, and must be added
(2) Create the /test/www/html directory, create the release file index.html, and write the content: third
mkdir -p /test/www/html(3) Because selinux is enabled, it is necessary to modify the security context of the directory to http mode before sharing. The command is as follows:
semanage fcontext -a -t httpd_sys_content_t '/test/www/html(/.*)?'
restorecon -RvvF /test/www/html/
(4) After execution, the browser visits http://xxxx:8080, and can access the content in the /test/www/html/index.html file
6. Virtual host function realizes multi-site
The virtual host apache runs multiple websites on one server. Each virtual host can be bound to an independent domain name and can specify a separate directory for these domain names. When accessing these domain names, apache will open the contents of the corresponding directory.
In layman's terms, it is to access different directories on the same server.
(1) Create a vhost.conf file in the /etc/httpd/conf.d directory, the approximate format is as follows:
<VirtualHost _default_:80> //默认,除指定的ServerName,其余都访问该默认站点
DocumentRoot /westos/html
CustomLog logs/default.log combined //站点日志combined标示四种日志的集合
</VirtualHost>
<VirtualHost *:80> //虚拟主机1,端口号80
ServerName test1.he.com //站点1域名
DocumentRoot "/var/www/test1" //站点1发布目录
CustomLog logs/test1.log combined
<Directory "/var/www/test1"> //授权,允许所有请求访问
AllowOverride all
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:80> //虚拟主机2,端口号80
ServerName test2.nj.com //站点2域名
DocumentRoot "/var/www/test2" //站点2发布目录
CustomLog logs/test2.log combined
<Directory "/var/www/test2"> //授权,允许所有请求访问
AllowOverride all
Require all granted
</Directory>
</VirtualHost>
(2) Create the corresponding directory and modify the directory security context. The process refers to the above content and will not be repeated.
(3) On the client computer: Windows computer is C:\Windows\System32\drivers\etc\hosts file, Linux environment is /etc/hosts file, write the mapping relationship between ip and domain name, as shown in the figure below
(4) The browser visits test1.he.com, test2.nj.com and www.default.com respectively, and should visit the content in the /var/www/test1/index.html /var/www/test2/index.html /westos/html/index.html file respectively
7. Apache internal access control
7.1 IP-based access control
(1) In the Directory configuration item in the /etc/httpd/conf/httpd.conf configuration file, modify the configuration as follows:
<Directory "/var/www/htm/test1">
Order deny,allow //读取顺序,后读取的列表会覆盖限度去内容的重复部分
Allow from 192.168.91.128
Deny from all
</Directory>
The meaning of this configuration is to only allow client access requests from 192.168.91.128 and deny access requests from all other clients
7.2 User-based access control
(1) Create the .apache_auth file in the /etc/httpd directory (you can first use the command ls -a to check whether the file exists, this file is a hidden file, you need to use the -a parameter to view it), the command to create the file is as follows:
htppasswd -cm /etc/httpd/.apache_auth test //若.apache_auth文件存在则无需-c参数,加-c会覆盖原有文件(2) After creating the file, create the default.conf configuration file in the /etc/httpd/conf.d directory, or directly modify it in the vhost.conf configuration file added above. The configuration is as follows:
<VirtualHost _default_:80>
DocumentRoot /westos/html
CustomLog logs/default.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName test1.he.com
DocumentRoot "/var/www/test1"
CustomLog logs/test1.log combined
<Directory "/var/www/test1">
AuthUserFile /etc/httpd/.apache_auth //认证文件所在位置
AuthName "Please input your name and password" //认证提示语
AuthType basic //认证类型
#Require test //之前htpasswd创建认证文件命令最后跟的用户test,多用户的话用空格隔开
Require valid-user //针允许所有有效用户访问
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName test2.nj.com
DocumentRoot "/var/www/test2"
CustomLog logs/test2.log combined
<Directory "/var/www/test2">
AuthUserFile /etc/httpd/.apache_auth
AuthName "Please input your name and password"
AuthType basic
#Require test
Require valid-user
</Directory>
</VirtualHost>
(3) After completing the above configuration, restart the httpd service, you need to enter the user name and password to access, it is recommended to clear the browser cache before accessing