table of Contents
A, Apache role
- Typically used when accessing the web http: // way
http:// ##超文本传输协议
超文本传输协议提供软件:
Apache ##百度使用
nginx ##网易
stgw ##阿里
jfe ##jd使用
Tengine ##腾讯使用
note:
- You can curl -I command to view
Two, Apache installation
dnf install httpd.x86_64 -y ##安装
Three, Apache enabled
systemctl enable --now httpd ##开启服务并设定服务为开机启动
firewall-cmd --list-all ##查看火墙信息
firewall-cmd --permanent --add-service=http ##在火墙中永久开启http访问
firewall-cmd --permanent --add-service=https ##在火墙中永久开启https访问
firewall-cmd --reload ##刷新火墙使设定生效
Fourth, the basic information on the Apache
- Service Name: httpd
- Profiles:
/etc/httpd/conf/httpd.conf ##主配置文件
/etc/httpd/conf.d/*.conf ##子配置文件
-
Published default directory: / var / www / html
-
Default publish files: index.html
-
The default port:
HTTP: 80
HTTPS: 443 -
User: apache
-
Log: / etc / httpd / logs
Fifth, the basic configuration of Apache
1, Apache port modification
(1) Test Port 8080:
vim /etc/httpd/conf/httpd.conf ##打开主配置文件
Listen 8080 ##写入,把端口改为8080
Connected firefox, the display content :( not written, test page is displayed)
(2) Test Port 6666
vim /etc/httpd/conf/httpd.conf ##打开主配置文件
Listen 6666 ##写入,把端口改为6666
** Note: ** After modifying the steps above, http services fail to reboot.
the reason:
firewall-cmd --permanent --add-port=6666/tcp ##在火墙中添加端口
firewall-cmd --reload ##reload
semanage port -l | grep http ##查看http相关端口
semanage port -a -t http_port_t -p tcp 6666 ##在selinux中添加端口
systemctl restart httpd ##重启httpd服务
2, modify the default publishing documents
(1) published in the default file written lalalala, then:
vim /etc/httpd/conf/httpd.conf ##打开主配置文件
DirectoryIndex index.html ##写入
systemctl restart httpd
Access to the display:
(2) modify the default publishing documents:
vim /etc/httpd/conf/httpd.conf ##打开主配置文件
DirectoryIndex yang.html index.html ##写入
systemctl restart httpd
Review:
Note: The first displays the contents yang.html in, if there is, index.html content is displayed.
display:
3, modify the default publishing directory
vim /etc/httpd/conf/httpd.conf
DocumentRoot "/yang/html" ##写入
<Directory "/yang/html">
Require all granted
</Directory>
Review:
Note "/", without being given! ! ! ! !
semanage fcontext -a -t httpd_sys_content_t '/yang(/.*)?' ##更改目录安全上下文
restorecon -RvvF /yang/ ##刷新
systemctl restart httpd
firefox http://192.168.0.11 ##用firefox访问
Procedure:
Display:
Six, Apache access control
Experimental material:
mkdir /var/www/html/yang
vim /var/www/html/yang/index.html
yang page lalalalla ##写入
firefox http://192.168.0.11/yang
1, ip client-based access control
(1) ip whitelist:
<Directory "/var/www/html/yang"> ##写入
Order Deny,Allow ##先加载deny,再加载allow
Allow from 172.25.254.217
Deny from All
</Directory>
note:
- First reading deny file, and then allow to read files.
- After reading the file will be overwritten and first read the overlapping part of the document.
(2) ip blacklist:
<Directory "/var/www/html/yang"> ##写入
Order Allow,Deny ##先加载allow,再加载deny
Allow from All
Deny from 172.25.254.217
</Directory>
note:
- Allow files to be read, and then read deny file.
- After reading the file will be overwritten and first read the overlapping part of the document.
2, based on the user authentication
vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/yang">
AuthUserfile /etc/httpd/htpasswdfile ##指定认证文件
AuthName "Please input your name and password" ##认证提示语
AuthType basic ##认证类型
Require user yang ##允许通过的认证用户
Require valid-user ##允许所有用户通过认证
</Directory>
htpasswd -cm /etc/httpd/htpasswdfile admin ##生成认证文件
note:
- When the / etc / httpd / htpasswdfile already exists, do not add -c parameter when adding a user otherwise it will overwrite the contents of the source file.
Procedure:
Note: The generation of virtual users where users are not real.
display: