1. web server
1.1Protocol used by www
HTTP Hypertext Transfer Protocol is the most widespread network protocol on the Internet. All www files must comply with this standard.
It is a stateless connection established on TCP. The entire basic workflow is that the client sends an HTTP request, indicating the resources the client wants to access and the requested action. After the server receives the request, the server starts processing request, and make corresponding actions according to the request to access server resources, and finally return the result to the client by sending an HTTP response. The beginning of a request to the end of a corresponding is called a transaction. When a transaction ends, it will also be on the server. Add a log entry
1.1.1 Introduction to URL and HTTP
Most of the data provided by the web server are files, so we need to write the data files on the server side first and place them under a special directory. This directory is the homepage of our entire website. In Redhat, this directory The default is /var/www/html.
URL: Uniform Resource Locator, a concise representation of the location and access method of resources available on the Internet. It is the address of a standard resource on the Internet
URL format: <Protocol>://<Host or hostname>[:port]/<Directory resource or path>
Commonly used protocol status codes for httpd:
status(状态码):
1xx:100-101 信息提示
2xx:200-206 成功
3xx:300-305 重定向
4xx:400-415 错误类信息,客户端错误
5xx:500-505 错误类信息,服务器端错误
Description of common status codes and status descriptions:
200: 客户端请求成功
400: 客户端请求有语法错误,不能被服务器所理解
401: 请求未经授权,这个状态码必须和WWW-Authenticate报头域一起使用
403: 服务器收到请求,但是拒绝提供服务
404: 请求资源不存在,举个例子:输入了错误的URL
500: 服务器内部错误
502: 代理服务器从后端服务器收到了一条伪响应,如无法连接到网关
503 – 服务不可用,临时服务器维护或过载,服务器无法处理请求
504 – 网关超时
505 — http的版本不受支持
2. Working process of HTTP protocol request
(1)终端客户在web浏览器地址输入访问地址http://www.ceshi.con:80/index.html
(2)web浏览器请求DNS服务器把域名www.ceshi.com解析成web服务的IP地址
(3)web浏览器将端口号(默认是80)从访问地址(URL)中解析出来
(4)web浏览器通过解析后的IP地址及端口号与web服务器之间建立一条TCP连接
(5)建立TCP连接后,web浏览器向web服务器发送一条HTTP请求报文
(6)web服务器响应并读取浏览器的请求信息,然后返回一条 HTTP响应报文
(7)web服务器关闭HTTP连接,关闭TCP连接,web浏览器显示访问的网站内容到屏幕上
3. Basic configuration of www server
Perform on the server side (192.168.169.128):
Step 1: Mount
mount /dev/sr0 /mnt
Step 2: Configure the yum source warehouse
vim /etc/yum.repos.d/base.repo
Step 3: Install http and start the service, turn off the firewall and selinux
[root@server ~]# yum install httpd -y
[root@server ~]# systemctl start httpd
[root@server ~]# systemctl stop filewalld
[root@server ~]# setenforce 0
Test results: The resource interface can be accessed
4. Build a static website - a static website based on http protocol
Configuration file: /etc/httpd/conf/httpd.conf
ServerName 0.0.0.0:80
LISTEN 80 监听端口
DoucmentROOT /var/www/html 网站加载数据文件的主目录
<Directory /> 默认有权限
AllowOverride none 不允许覆盖
Require all denied(granted)默认对根目录请求全部拒绝(授予)
<Directory>
<Directory /var/www>
AllowOverride noe
Require all granted
<Directory>
<Ifmodule dir_modlue>
DIrectoryIndex index.html 网站的资源文件名
</Ifmodule>
Build a web server and display the "hello world" welcome interface when accessing the server
[root@server ~]# cd /var/www/html/
[root@server html]# vim index.html
hello world
之后再通过浏览器访问
or:
[root@server ~]# echo hello world > /var/www/html/index.html
[root@server ~]# curl 192.168.169.128
helloworld
Question:
1. Which configuration file is used to set the default access to the apache welcome interface? Where are the specific files for the apache welcome interface?
配置文件:/etc/httpd/conf.d/welcome.conf
具体文件:/usr/share/httpd/noindex/index.html
2. Why is the static page you defined in the /var/www/html directory?
因为在配置文件/etc/httpd/conf/httpd.conf中,
网站加载数据文件的主目录为/var/www/html
DoucmentROOT /var/www/html
1. Multi-IP website construction
Step 1: Add multiple IPs
[root@server ~]# nmcli connection modify ens160 ipv4.method manual +ipv4.addresses 192.168.169.134/24 +ipv4.addresses 192.168.169.135/24 +ipv4.addresses 192.168.169.136/24 ipv4.gateway 192.168.169.2 ipv4.dns 114.114.114.114 connection.autoconnect yes
[root@server ~]# nmcli connection up ens160
Server host configuration:
1. Install the web service package
[root@server ~]# yum install httpd -y
2. Close selinux, firewalld
[root@server ~]# systemctl stop filewalld
[root@server ~]# setenforce 0
3. Change the configuration file according to your needs
[root@server ~]# vim /etc/httpd/conf.d/vhosts.conf
[root@server ~]# cat /etc/httpd/conf.d/vhosts.conf
<Virtualhost 192.168.169.134:80>
DocumentRoot /www/134
ServerName 192.168.169.134
</Virtualhost>
<Directory /www>
AllowOverride none
Require all granted
</Directory>
<Virtualhost 192.168.169.135:80>
DocumentRoot /www/135
ServerName 192.168.169.135
</Virtualhost>
<Virtualhost 192.168.169.136:80>
DocumentRoot /www/136
ServerName 192.168.169.136
</Virtualhost>
4. Create corresponding resource directories and files
[root@server ~]# mkdir /www/{134,135,136} -pv
[root@server ~]# echo this is 134 > /www/134/index.html
[root@server ~]# echo this is 135 > /www/135/index.html
[root@server ~]# echo this is 136 > /www/136/index.html
5. Restart the service
[root@server ~]# systemctl restart httpd
Test Results:
eg: Remove or modify the network card address
There are four IP addresses 192.168.10.100, 134, 135, and 136 in the ens160 network card.
移除134、135、136;添加200
[root@server ~]# nmcli connection edit ens160
nmcli> goto ipv4
nmcli ipv4> remove ipv4.addresses 192.168.10.134/24
nmcli ipv4> remove ipv4.addresses 192.168.10.135/24
nmcli ipv4> remove ipv4.addresses 192.168.10.136/24
nmcli ipv4> set ipv4.addresses 192.168.10.200/24
nmcli ipv4> save
nmcli ipv4> quit
2. Build a website with a single IP address and multiple ports
1. Add multiple ports
[root@server ~]# vim /etc/httpd/conf.d/vhosts.conf
[root@server ~]# cat /etc/httpd/conf.d/vhosts.conf
<Virtualhost 192.168.169.134:80>
DocumentRoot /www/80
ServerName 192.168.169.134
</Virtualhost>
<Directory /www>
AllowOverride none
Require all granted
</Directory>
Listen 8909
Listen 9999
<Virtualhost 192.168.169.134:8909>
DocumentRoot /www/8909
ServerName 192.168.169.134
</Virtualhost>
<Virtualhost 192.168.169.134:9999>
DocumentRoot /www/9999
ServerName 192.168.169.134
</Virtualhost>
2. Create corresponding resource directories and files based on cooperation
[root@server ~]# mkdir /www/{80,8909,9999} -pv
[root@server ~]# echo this is 80 > /www/80/index.html
[root@server ~]# echo this is 8909 > /www/8909/index.html
[root@server ~]# echo this is 9999 > /www/9999/index.html
3. Restart the service
4. Test
3. Create two websites based on domain name access
1. Create a new website with the domain name www.ceshi.com, set the DocumentRoot to /www/name, and the content of the web page is this is test
2. Create a new website with the domain name www.first.day, which can also be accessed through ce.first.day, set DocumentRoot to /www/ce, and the web page content is: today is first day of class
#本机地址192.168.10.100
[root@server ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.10.100 www.ceshi.com
192.168.10.100 www.first.day
192.168.10.100 ce.first.day
[root@server ~]# vim /etc/httpd/conf.d/vhost.conf
<virtualHost 192.168.10.100:80>
DocumentRoot /www/ce
ServerName www.first.day
ServerName ce.first.day
</virtualHost>
<virtualHost 192.168.10.100:80>
DocumentRoot /www/name
ServerName www.ceshi.com
</virtualHost>
<Directory /www>
AllowOverride none
Require all granted
</Directory>
[root@server ~]# mkdir /www/name
[root@server ~]# mkdir /www/ce
[root@server ~]# echo this is test > /www/name/index.html
[root@server ~]# echo today is first day of class > /www/ce/index.html
[root@server ~]# systemctl restart httpd
Test Results:
<Directory /www>
AllowOverride none
<RequirelAll>
Require all granted #允许所有主机都可以访问
Require not ip 192.168.10.134 #不允许此IP访问
</RequireAll>
</Directory>
5. Build a static website - a static website based on https protocol
HTTPS: Hypertext Transfer Security Protocol is an HTTP channel aimed at security.
1. Introduction
HTTPS is not a new protocol, but HTTP+SSL (TLS). Originally, HTTP first communicated directly with TCP (assuming that the transport layer is the TCP protocol), but after adding SSL, it became HTTP first communicated with SSL, and then SSL communicated with TCP, which is equivalent to SSL being embedded between HTTP and TCP. .
SSL: It is the abbreviation of "Secure Sockets Layer", which is called "Secure Sockets Layer" in Chinese. It was designed by Netscape in the mid-1990s. By 1999, SSL was widely used and had become the de facto standard on the Internet. The IETF standardizes SSL. After standardization, SSL was changed to TLS (Transport Layer Security).
2. SSL protocol
Two-layer SSL protocol:
SSL Record Protocol: It is built on a reliable transmission protocol (such as TCP) and provides basic functions such as data encapsulation, compression, and encryption for high-level protocols.
SSL Handshake Protocol: It is built on the SSL record protocol and is used by the communicating parties to authenticate identities, negotiate encryption algorithms, and exchange encryption keys before actual data transmission begins.
Services provided by the SSL protocol:
1) Authenticate users and servers to ensure data is sent to the correct client and server
2) Encrypt data to prevent data from being stolen midway
3) Maintain data integrity and ensure that data is not changed during transmission.
Build https static website
mod_ssl: It is a software based on the openssl toolbox that specifically provides password protection for apache webserver.
1.装包
[root@localhost ~]# yum install mod_ssl -y
ssl.conf中重要的三条配置
SSLEngine on 引擎
SSLCertificateFile /etc/pki/tls/certs/localhost.crt 证书文件
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key 私钥文件
2.创建自签名证书和颁发证书
[root@localhost ~]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout /etc/pki/tls/private/openlab.key -x509 -days 365 -out /etc/pki/tls/certs/openlab.crt
3.更改配置文件
<Virtualhost 192.168.10.100:443>
DocumentRoot /www/443
ServerName 192.168.10.100
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/openlab.crt
SSLCertificateKeyFile /etc/pki/tls/private/openlab.key
</Virtualhost>
<Directory /www>
AllowOverride none
Require all granted
</Directory>
4.创建对应资源目录、文件
[root@localhost ~]# mkdir /www/443
[root@localhost ~]# echo i really is 栓q > /www/443/index.html
5. Restart the service and test
6. Build a dynamic website (build a forum)
LAMP(Linux+Apache+MySQL+PHP)
ApacheMainly provides www server platform
MySQL: The database is a file in a special format. This Files must be read and written through a special interface (database software). Since this special interface has been optimized for data query and writing, it is suitable for multiple people to write and query at the same time
PHP: can be used to create dynamic web pages. PHP program code can be directly embedded in HTML web pages. It is as easy as editing HTML web pages. PHP is a programming language that can be written directly in web pages. , can be executed without compilation
1. Turn off the firewall and selinux
2.安包
yum install httpd -y
yum install php* -y
yum install mariadb-server -y
3.上传discuz包
包链接:
https://pan.baidu.com/s/15vywjSPrj4fhbxuANvsLpA?pwd=zw13
4.解压
[root@localhost discuz]# unzip Discuz_X3.4_SC_GBK_20191201.zip
5.启动MySQL服务以及初始化数据库
[root@localhost upload]# systemctl restart mariadb
[root@localhost upload]# mysql_secure_installation 设置密码
6.进入数据库并创建库
[root@localhost upload]# mysql -uroot -p
MariaDB [(none)]> create database discuz;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> exit
Bye
[root@localhost upload]# systemctl restart mariadb
7.更改配置
[root@localhost ~]# vim /etc/httpd/conf.d/vhosts.conf
<Virtualhost 192.168.10.100:80>
DocumentRoot /discuz
ServerName 192.168.10.100
</Virtualhost>
<Directory /discuz>
AllowOverride none
Require all granted
</Directory>
[root@localhost ~]# systemctl restart httpd
Use a browser to access http://192.168.10.100/upload to enter the forum installation and configuration process.
在当前目录upload下无权限,所以要加权限
[root@localhost upload]# chmod 777 config data uc_* -R
Refresh
