Build Apache HTTP server and authentication
- 1. What is Apache?
- 2. Apache configuration file
- 3. How to build an Apache server
1. What is Apache?
The Apache (or httpd) service is one of the most used web server technologies on the Internet. Generally speaking, it is a service for building websites.
There are two versions:
- http: Hypertext Transfer Protocol, sent in clear text over the line, using port 80/TCP by default
- https: Hypertext Transfer Protocol securely encrypted by TLS/SSL, port 443/TCP is used by default
2. Apache configuration file
1. The location of the configuration file
配置文件 存放位置
服务目录 /etc/httpd
主配置文件 /etc/httpd/conf/httpd.conf
虚拟主机的配置文件目录
配置文件 存放位置
服务目录 /etc/httpd
主配置文件 /etc/httpd/conf/httpd.conf
虚拟主机的配置文件目录 /etc/httpd/conf.d
基于用户的配置文件 /etc/httpd/conf.d/userdir.conf
日志文件目录 /etc/httpd/logs
默认的网站数据目录 /var/www/html
2. Important parameters of the main configuration file
主配置文件:/etc/httpd/conf/httpd.conf
参数 作用 参数 作用
serverRoot 服务目录 Servername 网站服务器的域名
Listen 监听的IP地址端口号 DocumentRoot 默认网站数据目录
User 运行服务的用户 Directory 文件目录权限
Group 运行服务的用户组 DirectoryIndex 默认的索引页面
Serveradmin 管理员邮箱 ErrorLog 错误日志文件
3. How to build an Apache server
Basic environment: host name, network card network, yum source
1. Change the hostname
[root@localhost ~]# hostnamectl set-hostname Ayaka
[root@localhost ~]# bash
2. Configure the network
(1) The NAT network segment of the virtual machine is configured as the 192.168.123.0 network segment (optional), and the network card adapter selects the host mode only
(2) Configure the network card:
parameters that need to be modified:
BOOTPROTO=static
IPADDR=192.168.123.101
NETMASK=255.255.255.0
(3) Restart the network service
[root@ayaka ~]# systemctl restart network
3. Configure yum source
1、搭建简单的httpd服务
1.1、安装Apache服务
[root@ayaka ~]# yum install -y http
1.2、关闭防火墙
[root@ayaka ~]# systemctl stop firewalld
1.3启动Apache服务
[root@ayaka ~]# systemctl restart httpd
访问Apche网站
[root@ayaka ~]# curl 192.168.123.101
2. Build a user-based personal website
First make sure that the httpd service has been installed,
2.1. Create a new user (used to be based on this user)
[root@localhost ~]# useradd ayaka
2.2. Create a personal web page file
[root@localhost ~]# mkdir /home/ayaka/public_html
[root@localhost ~]# cd /home/ayaka/public_html/
[root@localhost ~]# echo “welcome to ayaka’s website” >>index.html
2.3. Modify the access rights of user web files
[root@localhost ~]# chmod -R 705 /home/ayaka
2.4. Modify user-based configuration files.
[root@localhost ~]# vim /etc/httpd/conf.d/userdir.conf
Modify the 17th and 24th lines
of UserDir enable to enable, which means that the personal user homepage function is enabled
UserDir public_html to comment, indicating that the website data is in the user's home name in directory
2.5. Turn off the firewall and modify the selinux permissions
[root@localhost public_html]# systemctl stop firewalld
[root@localhost public_html]# setenforce 0
2.6. Restart the service
[root@localhost public_html]# systemctl restart httpd
2.7. Accessing web pages
No graphics: Curl httpd://192.168.123.101/~ayaka/
Graphics: firefox //192.168.123.101/~ayaka/
or search 192.168.123.101/~ayaka/ in the host browser
3. Build a virtual host based on domain name access
Create a virtual website with "www.toto.com" as the domain name
1. The website data is stored under /www/toto/
2. The content of the homepage of the website is: "welcome to toto's website"
3. The website is open to all clients
#Old appearance First of all, confirm that the httpd service is installed
[root@localhost public_html]# rpm -q httpd
httpd-2.4.6-95.el7.centos.x86_64
3.1. Create a web page file for the virtual host
[root@localhost public_html]# mkdir /www/toto -p
3.2. Modify the access rights of the file (enable other users to have executable rights)
[root@localhost toto]# chmod o+x /www
[root@localhost toto]# chmod o+x index.html
3.3, configure the webpage file of the virtual host
[root@localhost toto]# cd /etc/httpd/conf.d
[root@localhost conf.d]# vim toto.conf
<Virtualhost 192.168.123.101>
ServerName www.toto.com //定义域名
DocumentRoot /www/toto //网站主页文件的目录
<Directory /www/toto>
require all granted //所有客户端都可以访问
</Directory>
</Virtualhost>
~
3.4, do domain name resolution file
[root@localhost conf.d]# vim /etc/hosts
add 192.168.123.101 www.toto.com in the third line
3.5. Configure firewall and selinux
[root@localhost conf.d]# firewall-cmd --reload
[root@localhost conf.d]# firewall-cmd --permanent --add-service=http
3.6. Restart the service
[root@localhost conf.d]# systemctl restart httpd
access:
no graphical interface
Curl www.toto.com
and graphical interface
Firefox www.toto.com
4. Build a virtual host based on port access
Configure two new access ports, 8088 and 8089 respectively.
1. The domain name of the website is www.toto.com
2. The webpage data exists under /www/8088 and /www/8089 respectively.
3. The content of the homepage of each port is: " this is new port (8088 or 8089) for www.toto.com”
Configuration:
#通通安服
4.1. Create a web page file for the virtual host
[root@localhost conf.d]# mkdir /www/8088 -p
[root@localhost conf.d]# mkdir /www/8089 -p
[root@localhost conf.d]# cd /www/8088
[root@localhost 8088]# echo "this is a new port 8088 for www.toto.com" >>index.html
[root@localhost 8088]# cd /www/8089
[root@localhost 8089]# echo "this is a new port 8089 for www.toto.com" >>index.html
4.2. Modify file access permissions
[root@localhost 8089]# chmod o+x /www
[root@localhost 8089]# chmod o+x /www/8088/index.html
[root@localhost 8089]# chmod o+x /www/8089/index.html
4.3, configure the file of the virtual host
[root@localhost conf.d]# vim 8088.conf
<Directory /www/8088/>
Require all granted
</Directory>
<VirtualHost 192.168.123.101:8088>
DocumentRoot /www/8088
Servername www.toto.com
</VirtualHost>
<VirtualHost 192.168.123.101:8089>
DocumentRoot /www/8089
ServerName www.toto.com
</VirtualHost>
4.4. Add listening port
[root@localhost conf.d]# vim /etc/httpd/conf/httpd.conf
42 Listen 80
43 Listen 8088
44 Listen 8089
4.5. Add a new port to the firewall (only the service was added before, and no new port was added)
[root@localhost conf.d]# firewall-cmd --add-port=8088/tcp
success
[root@localhost conf.d]# firewall-cmd --add-port=8089/tcp
success
[root@localhost conf.d]# firewall-cmd --reload
success
4.6. Restart the service
systemctl restart httpd
5. Build the website and complete the certification
Build a website and complete the authentication
Create a virtual website with www.yoyo.com as the domain name
1. The webpage data is placed in /www/yoyo and the homepage is yoyo.html
2. The main content of the webpage is "welcome to yoyo's website"
3. Create user webuser1. The password of webuser2 is 123, which realizes the authenticated access to the website, and only these two users can access it
5.1. Create a web page file for the virtual machine
[root@localhost ~]# mkdir /www/toto -p
[root@localhost ~]# cd /www/toto/
[root@localhost toto]# echo “welcome to toto’s website” >>index.html
5.2. Modify file access permissions
[root@localhost toto]# chmod o+x /www
[root@localhost toto]# chmod o+x /www/toto/index.html
5.3, modify the main file
Parameters that need to be modified
119 DocumentRoot "/www/toto/"
124 <Directory "/www/toto">
131 <Directory "/www/toto">
在服务目录的最后添加认证信息
355 <VirtualHost 192.168.123.101:80>
356 ServerName www.toto.com
357 DocumentRoot /www/toto
358 <Directory /www/toto>
359 AuthType basic
360 Authname passwd
361 AuthUserfile /etc/httpd/webpasswd
362 require user webuser1
363 </Directory>
364
365 </VirtualHost
5.4, configure firewall and selinux
[root@localhost conf.d]# firewall-cmd --reload
[root@localhost conf.d]# firewall-cmd --permanent --add-service=http
5.5. Restart the service
[root@localhost conf.d]# systemctl restart httpd
5.6. Test:
Non-graphical interface:
Curl 192.168.123.101
Graphical interface
Firefox 192.168.123.101