Apache HTTP Server(简称Apache)是Apache软件基金会的一个开放源码的网页服务器,可以在大多数计算机操作系统中运行,由于其多平台和安全性被广泛使用,是最流行的Web服务器端软件之一。它快速、可靠并且可通过简单的API扩展,将Perl/Python等解释器编译到服务器中。
| yum install httpd -y systemctl start httpd systemctl stop firewalld systemctl enable httpd systemctl disable firewalld |
apache的基本配置
| index.html | apache的默认发布文件 |
|---|---|
| /etc/httpd/conf/httpd.conf /etc/httpd/conf.d/*.conf | apache的配置文件 |
| /var/www/html | apache的默认发布目录 |
| 80 | apache的默认端口 |
根据这些默认设置,我们可以先试验一下:
[root@localhost html]# echo "<h1 style="color":limegreen>FirstHtml</h1>" >> index.html [root@localhost html]# pwd /var/www/html 效果如图: 
1.修改默认发布文件
[root@localhost html]# vim /etc/httpd/conf/httpd.conf | 164 DirectoryIndex diy.html index.html |
添加新的发布文件
[root@localhost html]# echo "<h1 style="color":dodgerblue>ChangedHtml</h1>" > diy.html 重启httpd服务后刷新浏览器页面:
[root@localhost html]# systemctl restart httpd 
当selinux是disabled状态
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf 120 DocumentRoot "/Custom/html" 124 <Directory "/Custom/html"> 125 Require all granted 126 < /Directory>[root@localhost html]# echo "<h1 style="color":yellowgreen>Changed_Directory_Html</h1>" > index.html [root@localhost ~]# systemctl restart httpd 
当selinux是enforcing状态,由于自己设定的目录没有被系统“认证“,所以需要更改目录的安全上下文。
实验:
更改安全上下文为enforcing
[root@localhost ~]# vim /etc/selinux/config SELINUX=enforcing [root@localhost ~]# reboot [root@localhost ~]# getenforce Enforcing 
发现无法访问apache网页
此时查看安全上下文,发现未能被系统识别。
[root@localhost ~]# ls -Zd /Custom/ drwxr-xr-x. root root system_u:object_r:default_t:s0 /Custom所以我们要修改网站数据目录的安全上下文:
semanage fcontext -a -t httpd_sys_content_t ‘/Custom(/.*)?’
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t '/Custom(/.*)?' 这样操作后查看到SELinux安全上下文依然没有改变,此时需要再执行下restorecon命令即可:
restorecon -Rv /Custom
[root@localhost ~]# restorecon -Rv /Custom/ restorecon reset /Custom/html context system_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0 restorecon reset /Custom/html/index.html context system_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0 [root@localhost ~]# ls -Zd /Custom drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /Custom
[root@localhost html]# vim /etc/httpd/conf/httpd.conf [root@localhost html]# echo "<h1>Allow</h1>" >> Allow/index.html [root@localhost html]# echo "<h1>Deny</h1>" >> Deny/index.html<Directory "/Custom/html/Deny"> #允许所有人访问admin目录但拒绝118访问 Order Allow,Deny Allow from all Deny from 172.25.254.79 </Directory>
129.7.2.201
<Directory "/Custom/html/Allow"> #拒绝所有人访问admin目录但允许118访问 Order Deny,Allow Deny from all Allow from 172.25.254.79 </Directory> 
管理用户文件的基本认证
htpasswd -cm /etc/httpd/accessuser admin
-c 创建目录 -m 使用MD5算法进行加密用户 仅允许用户admin使用密码进行访问。
[root@localhost ~]# htpasswd -cm /etc/httpd/accessuser admin New password: Re-type new password: Adding password for user admin [root@localhost ~]# vim /etc/httpd/conf/httpd.conf 124 <Directory "/Custom/html"> 125 AuthUserfile /etc/httpd/accessuser #用户认证文件 126 AuthName "Enter Password,please" #用户认证提示信息 127 AuthType basic #认证类型 128 Require valid-user #认证用户,认证文件中所有用户都可以通过 129 </Directory>
php html(默认) cgi 下面进行实验:
首先安装php软件,然后编写一个php程序
[root@localhost cgi]# yum install php -y [root@localhost html]# echo -e "<?php\nphpinfo();\n?>" > /Custom/html/index.php
cgi
[root@localhost html]# mkdir cgi [root@localhost cgi]# vim index.cgi添加配置,以使Apache允许此目录中CGI程序的执行。
131 <Directory "/Custom/html/cgi"> 132 Options +ExecCGI 133 AddHandler cgi-scripts .cgi #AddHandler指令告诉服务器所有带有cgi或pl后缀的文件是CGI程序:# 134 </Directory> [root@localhost cgi]# systemctl restart httpd
查看httpd占用端口号为80
[root@localhost cgi]# ss -antlupe | grep httpd tcp LISTEN 0 128 :::80 :::* users:(("httpd",2705,4),("httpd",2471,4),("httpd",2470,4),("httpd",2469,4),("httpd",2468,4),("httpd",2467,4),("httpd",2466,4)) ino:47914 sk:ffff880037ca4000 <->更改端口号80为888
[root@localhost cgi]# vim /etc/httpd/conf/httpd.conf Listen 888或者查看端口服务已被tcp网络服务占用
[root@localhost cgi]# ss -antlupe | grep httpd tcp LISTEN 0 128 :::888 :::* users:(("httpd",2987,4),("httpd",2986,4),("httpd",2985,4),("httpd",2984,4),("httpd",2983,4),("httpd",2982,4)) ino:53213 sk:ffff880035241800 <-> [root@localhost conf.d]# lsof -i:888 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME httpd 3116 root 4u IPv6 55359 0t0 TCP *:cddbp (LISTEN) httpd 3117 apache 4u IPv6 55359 0t0 TCP *:cddbp (LISTEN) httpd 3118 apache 4u IPv6 55359 0t0 TCP *:cddbp (LISTEN) httpd 3119 apache 4u IPv6 55359 0t0 TCP *:cddbp (LISTEN) httpd 3120 apache 4u IPv6 55359 0t0 TCP *:cddbp (LISTEN) httpd 3121 apache 4u IPv6 55359 0t0 TCP *:cddbp (LISTEN) [root@localhost conf.d]# lsof -i:80 #80端口被释放或者在网页中查看(在ip后必须添加端口号才能访问) 
而使用原来的端口就无法访问 
在一个Apache服务器上可以配置多个虚拟主机,实现一个服务器提供多站点服务,其实就是访问同一个服务器上的不同目录。
首先建立域名文件:
[root@localhost html]# mkdir -p xupt.news.com/html xupt.sports.com/html [root@localhost xupt.news.com]# echo "xupt.news.com's page" > /Custom/html/xupt.news.com/html/index.html [root@localhost xupt.news.com]# echo "xupt.sports.com's page" > /Custom/html/xupt.sports.com/html/index.html 进行配置使可以访问新添的域名
未指定域名的访问都访问default.conf这个配置
[root@localhost conf.d]# vim default.conf <Localhost _default_:80> #虚拟主机开启的端口 DocumentRoot "/var/www/html" #虚拟主机默认发布目录 Customlog "logs/default.log" combined #虚拟主机日志 </Localhost>#指定域名xupt.study.com的访问到指定默认发布目录中
[root@localhost conf.d]# vim /etc/httpd/conf.d/news.conf <VIrtualHost *:80> ServerName xupt.study.com DocumentRoot "/Custom/html/xupt.news.com/html/" #默认发布目录的访问授权 CustomLog "logs/news.log" combined </VirtualHost> <Directory "/Custom/html/xupt.news.com/html/"> Require all granted </Directory> [root@localhost conf.d]# vim /etc/httpd/conf.d/sports.conf <VIrtualHost *:80> ServerName xupt.sports.com DocumentRoot "/Custom/html/xupt.sports.com/html/" </VirtualHost> <Directory "/Custom/html/xupt.sports.com/html/"> Require all granted </Directory> 测试
在浏览器所在的主机中
[root@foundation79 Desktop]# vim /etc/hosts 172.25.254.141 xupt.news.com xupt.sports.com
注意域名可能会和网络域名冲突,可以在断网条件下检测
[root@localhost ~]# yum install mod_ssl -y [root@localhost ~]# yum install crypto-utils -y [root@localhost ~]# cd /etc/httpd/conf.d/ [root@localhost conf.d]# genkey www.haha.com #手动生成证书秘钥
[root@localhost ~]# vim /etc/httpd/conf.d/ssl.conf 100 #SSLCertificateFile /etc/pki/tls/certs/localhost.crt 101 SSLCertificateFile /etc/pki/tls/certs/xupt.sports.com.crt 102 # Server Private Key: 103 # If the key is not combined with the certificate, use this 104 # directive to point at the key file. Keep in mind that if 105 # you've both a RSA and a DSA private key you can configure 106 # both in parallel (to also allow the use of DSA ciphers, etc.) 107 #SSLCertificateKeyFile /etc/pki/tls/private/localhost.key 108 SSLCertificateKeyFile /etc/pki/tls/private/xupt.sports.com.key[root@node1 ~]# yum install squid -y [root@node1 ~]# vim /etc/squid/squid.conf 56 http_access allow all 57 58 # Squid normally listens to port 3128 59 http_port 3128 60 61 # Uncomment and adjust the following to add a disk cache directory. 62 cache_dir ufs /var/spool/squid 100 16 256[root@foundation79 Desktop]# systemctl start squid打开客户机 
Apache服务器:172.25.254.141
Squid服务器:172.25.254.79
客户机:172.25.254.241
在Apache服务器上:
1.html发布目录下有默认网页
2.重启apache
[root@localhost ~]# systemctl start httpd主机squid:
[root@localhost ~]# yum install squid -y [root@foundation79 Desktop]# vim /etc/squid/squid.confhttp_access allow all # Squid normally listens to port 3128 http_port 80 vhost vport cache_peer 172.25.254.141 parent 80 0 proxy-only在客户机上进行访问测试:
文章来源: Apache