1,安装服务
httpd.x86_64 : Apache HTTP Server
[root@apache ~]# yum install httpd.x86_64 -y ##### 安装apache服务,开启服务
[root@apache ~]# firewall-cmd --permanent --add-service=http ######添加防火墙认证
success
[root@apache ~]# firewall-cmd --reload
success
[root@apache ~]# firewall-cmd --list-all
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client http ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
[root@apache html]# netstat -antlpe | grep http ####### 查看该服务所使用端口
tcp6 0 0 :::80 :::* LISTEN 0 1172151 3220/httpd #######使用80端口
测试: 在任意浏览器输入该服务器ip,出现apache测试页
2.apache服务基本配置更改
1)修改测试页:
[root@apache html]# cd /var/www/html/
[root@apache html]# ls ####在共享目录中新建index.html文件,测试页内容为该文件内容
index.html
[root@apache html]# vim /etc/httpd/conf/httpd.conf ##########apache主配置文件
>> 42 Listen 80 ####监听端口
119 DocumentRoot "/var/www/html" #####指定apache共享目录
163 <IfModule dir_module>
DirectoryIndex index.html #######指定所识别的测试文件名
</IfModule>
131<Directory "/var/www/html">
Require all granted #########<Diretory>语句块自定义目录权限
</Directory>
......
2)修改apache所使用端口
[root@apache html]# vim /etc/httpd/conf/httpd.conf
修改>>Listen 8080
:wq
[root@apache html]# firewall-cmd --permanent --add-port=8080/tcp #######在防火墙中添加8080端口认证
success
[root@apache html]# firewall-cmd --reload
success
[root@apache html]# systemctl restart httpd.service ######重启apache服务
测试:在任意浏览器输入该服务器ip:8080,出现apache测试页
3)修改apache所使用的共享目录
[root@apache html]# vim /etc/httpd/conf/httpd.conf
>>DocumentRoot "/mnt/html" #####设定共享目录为/mnt/html
<Directory "/mnt">
AllowOverride None
# Allow open access:
Require all granted
</Directory>
:wq
由于在/mnt/html/中文件的安全上下文与apache服务所允许的不同所以仍不可访问。
有如下2中解决办法:
1).[root@apache mnt]# setenforce 0 ####将超级防火墙修改为警告模式
[root@apache mnt]# getenforce
Permissive
2).[root@apache mnt]# semanage fcontext -a -t httpd_sys_content_t '/mnt(/.*)?' ####修改该目录安全上下文
[root@apache mnt]# restorecon -RvvF /mnt/
restorecon reset /mnt context system_u:object_r:mnt_t:s0->system_u:object_r:httpd_sys_content_t:s0
restorecon reset /mnt/html context system_u:object_r:mnt_t:s0->system_u:object_r:httpd_sys_content_t:s0
restorecon reset /mnt/html/index.html context unconfined_u:object_r:mnt_t:s0->system_u:object_r:httpd_sys_content_t:s0
semanage fcontext -l ######查看所有目录安全上下文
修改apache服务所识别的文件
[root@apache html]# vim /etc/httpd/conf/httpd.conf
>><IfModule dir_module>
DirectoryIndex westos index.html #####识别顺序:先识别westos文件后识别index.html文件
</IfModule>
:wq
[root@apache html]# vim /etc/httpd/conf/httpd.conf #######重启服务
3,虚拟主机
虚拟主机允许一个http服务器(ip地址)提供多个具有不同内容的网站
1).在客户端添加dns解析
[root@foundation76 ~]# vim /etc/hosts
>>172.25.254.10 www.linux.com www.westos.com www.redhat.com
:wq
重启网络
2). 服务器端
[root@apache www]# mkdir westos linux redhat -p
[root@apache www]# vim linux/index.html
[root@apache www]# vim westos/index.html ####测试内容随意
[root@apache www]# vim redhat/index.html
[root@apache www]# cd /etc/httpd/conf.d/ #####apache服务子配置文件
[root@apache conf.d]# vim default.conf
>>
<Virtualhost _default_:80>
Documentroot /var/www/html
customlog "logs/default.log" combined </Virtualhost>
<Directory /var/www/html>
require all granted
</Directory>
:wq
[root@apache conf.d]# vim westos.conf #########同样编写westos.conf,redhat.conf 配置文件
>><Virtualhost *:80> ########定义虚拟主机块
Servername www.westos.com #########访问网址(服务器名称)
Documentroot /var/www/westos
customlog "logs/westos.log" combined #########日志存放位置,combined表示所有日志类型
</Virtualhost>
<Directory /var/www/westos>
require all granted #########允许所有客户访问
</Directory>
:wq
<Directory /var/www/linux/admin>
Order deny,allow #########Order控制访问deny和allow的先后顺序
deny from all
allow from 172.25.254.76
</Directory>
4,配置基本用户的身份验证
1)创建用户
[root@apache westos]# htpasswd -cm apacheuser admin #######创建第一个用户须加-c 删除用户-D 修改密码-m
[root@apache westos]# htpasswd -m apacheuser westos
New password:
Re-type new password:
Adding password for user westos
[root@apache westos]# cat apacheuser
admin:$apr1$PsHv096z$dLZRspe3JfsqnL1fmXWZY/
westos:$apr1$gLgW8dsP$AlRnYR8YrYD1LzbwdkM1s0
2).配置文件
[root@apache westos]# vim /etc/httpd/conf.d/westos.conf
>>Directory /var/www/westos/admin>
authuserfile /var/www/westos/apacheuser ####用户密码配置文件路径
AuthName "please input your name and password"
authtype basic #####加密类型
require user admin ###允许访问用户
# Require valid-user
</Directory>
:wq
重启服务,在浏览器上测试访问,在弹出的对话框中输入用户名和密码
5.配置https
yum install mod_ssl.x86_64 -y ######安装端口软件
重启apache
[root@apache conf.d]# ls
autoindex.conf linux.conf README redhat.conf ssl.conf userdir.conf welcome.conf westos.conf ####ssl.conf配置文件
[root@apache conf.d]# vim ssl.conf
>>Listen 443 https ####生成443端口
[root@apache conf.d]# yum install crypto-utils -y ###生成自定义签名证书软件
[root@apache conf.d]# genkey apache.example.com ####生成签名证书
.....
output will be written to /etc/pki/tls/certs/apache.example.com.crt ####生成的证书存放位置
output key written to /etc/pki/tls/private/apache.example.com.key ####生成的私钥存放位置
.....
[root@apache conf.d]# vim /etc/httpd/conf.d/ssl.conf
..........
SSLCertificateKeyFile /etc/pki/tls/private/apache.example.com.key ####将SSL指令指向密钥文件
SSLCertificateFile /etc/pki/tls/certs/apache.example.com.crt
......
[root@apache conf.d]# vim westos.conf
<Virtualhost *:80>
Servername www.westos.com
RewriteEngine on
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
</Virtualhost>
<Directory "/var/www/westos/html">
Require all granted
</Directory>
<Virtualhost *:443>
servername www.westos.com
documentroot /var/www/westos/html
customlog "logs/westos.log" combined
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/apache.example.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/apache.example.com.key
</Virtualhost>
:wq
重启apache服务
测试:在web端输入www.westo.com 网页转向https://www.westos.com