Chapter 10. Using Apache service deployment static websites
10.1 Web Services program
(1) IIS - (Internet Information Services) - run on windows platform, the Windows default Web service program;
(2) Nginx-- low system resource consumption, high concurrency;
(3) Apache-- can run on Linux systems, Unix systems and even Windows system, supports virtual machine features IP, domain name and port number to support multiple authentication methods, integrated proxy server module, security Socket layer (SSL), to implement monitoring services state and custom log messages, and has a wealth of modules support all kinds. As Linux7 default Web service program.
Apache deployment services:
(1) to mount CD image: mkdir -p / media / cdrom; mount / dev / cdrom / media / cdrom; the information is written to mount / etc / fstab startup configuration file;
(2) Innovation Yum file Storage:
Vim /etc/yum.repos.d/rhel7.repo
[rhel7]
name = rhel7
BaseURL = file: // / Media / CDROM
Enabled. 1 =
gpgcheck = 0
(. 3) manually install Apache service program: yum install httpd
(4) to start httpd program and add it to the boot entry:
systemctl start httpd
systemctl enable httpd
(5) there is no reason for the website data: the first website which is really no data, lack of a second rights.
10.2 configure service parameters
(1) Linux system configuration files:
services directory: / etc / httpd; the main configuration file: /etc/httpd/conf/httpd.conf: comment line information, global configuration, zone configuration
website data file: / var / www / html; interrogation log: / var / log / httpd / access_log
error log: / var / log / the httpd / the error_log;
(2) the primary profile parameters
services directory ------------- --------------------------- ServerBoot
administrator mailbox ------------------- ------------------- ServerAdmin
users to run services -------------------------- ------ user
user group ----------------------------- group operation of the service
site's domain name server ---- ------------------------- ServerName
site data directory --------------------- -------------- DocumentRoot
site data directory permissions ----------------------------- directory
monitor the IP address and port number ----------------------- Listen
default index page ---------------- ---------------- DirectoryIndex
----------------------------------- ErrorLog The error log file
access log file -------- --------------------------- CustomLog
page timeout, the default is 300 seconds ------------- timeOut
10.3 SELinux security subsystem
(1) two kinds of restrictive: SELinux domain restrictions: the functional service program be restricted to ensure that the service program can not do outrageous things; SELinux security context restrictions: restrictions on access to file resources, file resources to ensure that only You can access its service program belongs.
(2) SELinux following three modes:
enforcing --------- Enforce security policy model, will intercept illegal requesting service; a production environment should turn enforcement mode.
When permissive ------- encounter unauthorized access services, without forcing the issue only a warning, interception;
Disabled ---------- For ultra vires conduct was not intercepted nor warning;
a production environment forced open mode : vim / etc / selinux / config ; SELINUX = enforcing
Note: the main SELinux configuration file services, the definition of default operating status of SELinux, which can be understood as a state after a system reboot, it will not take effect immediately after the change .
(3) View and temporary SELinux settings modes of operation: View: getenforce; Set: seenforce 0/1, (Note: this modification is temporary, after the system restart will fail.)
(4) view the security context:
LS - ZD / var / WWW / HTML
drwxr the root-XR system_u the root-X:. object_r:httpd_sys_content_t : S0 / var / the WWW / HTML
SELinux security context consists of three pieces of information: the identity system_u ---- system processes; the role object_r --- file directory; httpd_sys_content_t: system files --- Representatives Web site services.
Security context (5) proposed changes to access the site directory
semanage: -l ---- query; -a ---- for adding; -m ---- modification; -d ---- for deleting
semanage fcontext httpd_sys_content_t -t -a / Home / wwwroot
semanage fcontext -a -t httpd_sys_content_t / Home / wwwroot / *
restorecon -rv / Home / wwwroot / ---------- upper and lower modified file to take effect.
10.4 Personal User Home feature ---- so that all users within the system manage personal sites in their home directory.
(1) Open User Home feature is not turned on by default --- personal user home page feature.
vim /etc/httpd/conf.d/userdir.conf; on line 17 UserDir disabled preceded by the # sign, turn individual user's home page features; line 24 to remove the # sign: UserDir public_html. Set the directory name of the site data stored in the user's home directory.
(2) Set the user's home directory permissions, and create directories and files are saved Home site data in the user's home directory.
su - linuxprobe; mkdir public_html; echo "This IS linuxprobe's Website"> public_html / index.html; -Rf chmod 755 / Home / linuxprobe
(3) to restart the httpd service, website input format: URL / ~ username.
(4) open domain restrictions: query domain security policy: getsebool -a | grep thhp; setsebool -P httpd_enable_homedirs = ON
-P ---- immediate and permanent.
Add your website password:
(1) set a password: htpasswd -c / etc / httpd / passwd linuxprobe -------- linuxprobe which users use to verify the name, and then enter the password.
(2) Modify profile configuration file:
Vim /etc/httpd/conf.d/userdir.conf
...
31 is <Directory "/ Home / * / public_html>
32 All the AllowOverride
33 is AuthUserFile" / etc / the httpd / the passwd "
34 is authname "message"
35 Basic authType
36 linuxprobe ----- user need to verify the require user name
37 [</ Directory>
10.5 ----- virtual hosts based on different IP addresses, domain names or port numbers requesting the user to access .
(1) based on IP addresses
step 1: set on the same card three different IP addresses nmtui;
step 2: create separate directory to save various website data in / home / wwwroot in;
step 3: httpd service configuration file beginning at about 113 lines were written three additional parameters based on virtual host site IP address, set up after the restart service to validate the configuration; vim /etc/httpd/conf/httpd.conf
Step 4: Set SELinux context: semanage fcontext -a -t httpd_sys_content_t / home / wwwroot --- arranged in the following order catalog.
(2) based on the host name
Step 1: correspondence between manually define the IP address and domain name of the configuration file, after co-exist and exit will take effect immediately. vim / etc / hosts
Step 2: Create a sub-directory to hold three different sites data in / home / wwwroot in, and writes the Home files respectively.
Step 3: Start in about 113 lines of the main configuration file httpd services, are written three web hosting site parameters based on the host name; vim /etc/httpd/conf/httpd.conf
Step 4: Set SELinux context: semanage fcontext -a -t httpd_sys_content_t / home / wwwroot --- sequentially provided in the following directory.
(3) based on commodity No.
Step 1: Create a directory to save each different site data in / home / wwwroot in;
Step 2: In the line 43 and line 44 httpd service configuration files were added for listening port number parameter;
step 3: start the line at about 113 httpd service configuration file, additional writing web hosting site parameters based on port number; restart the httpd service after setup is complete, so that the configuration parameters to take effect;
step 4: design SELinux context;
step 5: Add the port number field SELinux;
10.6 the Apache access control
