目錄

一、Apache的作用

二、Apache的安裝

三、Apache的啟用

四、Apache的基本信息

五、Apache的基本配置

六、Apache的訪問(wèn)控制

七、Apache的虛擬主機(jī)

八、Apache的語(yǔ)言支持

九、Apache的加密訪問(wèn)

---

一、Apache的作用

在web被訪問(wèn)時(shí)通常使用http://的方式
http://?? ??? ??? ?##超文本傳輸協(xié)議

http://?? ?超文本傳輸協(xié)議提供軟件：
Apache
nginx
stgw
jfe
Tengine

二、Apache的安裝

dnf install httpd.x86_64 -y

?

三、Apache的啟用

systemctl enable --now httpd?? ??? ??? ?##開(kāi)啟服務(wù)并設(shè)定服務(wù)位開(kāi)機(jī)啟動(dòng)
firewall-cmd --list-all?? ??? ??? ?##查看火墻信息
firewall-cmd --permanent --add-service=http?? ?##在火墻中永久開(kāi)啟http訪問(wèn)
firewall-cmd --permanent --add-service=https?? ?##在火墻中永久開(kāi)啟https訪問(wèn)
firewall-cmd --reload?? ??? ??? ??? ?##刷新火墻使設(shè)定生效????????????????????

或者關(guān)閉火墻

setenforce 0????

四、Apache的基本信息

服務(wù)名稱：?? ?httpd
配置文件：
?? ??? ?/etc/httpd/conf/httpd.conf?? ?##主配置文件
?? ??? ?/etc/httpd/conf.d/*.conf?? ?##子配置文件
默認(rèn)發(fā)布目錄：?? ?/var/www/html
默認(rèn)發(fā)布文件：?? ?index.html

默認(rèn)端口：?? ?80?? ? ? #http
?? ??? ??????????????? 443?? ?? #https
用戶:?? ??? ?apache
日志：?? ??? ?/etc/httpd/logs

五、Apache的基本配置

#1.Apache端口修改#
vim /etc/httpd/conf/httpd.conf
Listen 6666
firewall-cmd --permanent --add-port=6666/tcp
firewall-cmd --reload
semanage port -l | grep http
semanage port -a -t http_port_t -p tcp 6666
systemctl restart httpd

#2.默認(rèn)發(fā)布文件##
vim /etc/httpd/conf/httpd.conf
DirectoryIndex westos.html index.html???????????????????????? 哪個(gè)文件在前哪個(gè)優(yōu)先訪問(wèn)

vim /var/www/html/westos.html??? Hello westos
systemctl restart httpd

#3.默認(rèn)發(fā)布目錄
vim /etc/httpd/conf/httpd.conf
DocumentRoot "/var/webdir/html"
<Directory "/var/webdir/html">
??????? Require all granted
</Directory>

mkdir -p /var/webdir/html

vim /var/webdir/html/index.html??? 編輯內(nèi)容HELLO
semanage fcontext -a -t httpd_sys_content_t '/webdir(/.*)?'
restorecon -RvvF /webdir/
systemctl restart httpd

驗(yàn)證：firefox http://172.25.254.101

?

?

六、Apache的訪問(wèn)控制

#實(shí)驗(yàn)素材#
mkdir /var/www/html/westos
vim /var/www/html/westos/index.html
<h1>westosdir's page</h1>

firefox http://192.168.0.11/westos

#1.基于客戶端ip的訪問(wèn)控制#
#ip白名單#
<Directory "/var/www/html">
??????? Order Deny,Allow
??????? Allow from 172.25.254.1? ????
??????? Deny from All
</Directory>

驗(yàn)證

#ip黑名單#
<Directory "/var/www/html/westos">
??????? Order Allow,Deny
??????? Allow from All?? ??? ?
??????? Deny from 172.25.254.1
</Directory>

驗(yàn)證

#2.基于用戶認(rèn)證#
vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/westos">
??????? AuthUserfile /etc/httpd/htpasswdfile?? ??? ??? ?##指定認(rèn)證文件
??????? AuthName "Please input your name and password"?? ??? ?##認(rèn)證提示語(yǔ)

??????? AuthType basic?? ??? ??? ??? ??? ??? ?##認(rèn)證類型
??????? Require user admin?? ??? ??? ??? ??? ?##允許通過(guò)的認(rèn)證用戶 2選1
?? ???? Require valid-user?? ??? ??? ??? ??? ?##允許所有用戶通過(guò)認(rèn)證 2選1
</Directory>

htpasswd -cm /etc/httpd/htpasswdfile admin?? ??? ??? ?##生成認(rèn)證文件
注意：
當(dāng)/etc/httpd/htpasswdfile存在那么在添加用戶時(shí)不要加-c參數(shù)否則會(huì)覆蓋源文件內(nèi)容

?

七、Apache的虛擬主機(jī)

mkdir -p /var/www/westos.com/{news,linux}
echo "linux's page" >/var/www/westos.com/linux/index.html
echo "news's page" > /var/www/westos.com/news/index.html
echo "default's page" > /var/www/html/index.html

vim /etc/httpd/conf.d/Vhost.conf
<VirtualHost _default_:80>
?? ?DocumentRoot "/var/www/html"
?? ?CustomLog logs/default.log combined
</VirtualHost>

<VirtualHost *:80>
?? ?ServerName wenku.westos.com
?? ?DocumentRoot "/var/www/westos.com/wenku"
?? ?CustomLog logs/wenku.log combined
</VirtualHost>

<VirtualHost *:80>
?? ?ServerName news.westos.com
?? ?DocumentRoot "/var/www/westos.com/news"
?? ?CustomLog logs/news.log combined
</VirtualHost>

測(cè)試：
在瀏覽器所在主機(jī)中
vim /etc/hosts
172.25.254.101 www.westos.com wenku.westos.ocm news.westos.com

firefox http://www.westos.com
firefox http://wenku.westos.com
firefox http://news.westos.com

八、Apache的語(yǔ)言支持

#php#
vim /var/www/html/index.php
<?php
?? ?phpinfo();
?>

dnf install php -y
systemctl restart httpd
firefox http://172.25.254.101/index.php

#cgi#
mkdir /var/www/html/cgidir
vim /var/www/html/cgidir/index.cgi

chmod +x index.cgi?? 給執(zhí)行權(quán)限
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print `date`;

vim /etc/httpd/conf.d/Vhost.conf

<Directory "/var/www/html/cgidir">
?? ?Options +ExecCGI
?? ?AddHandler cgi-script .cgi
?? ?
</Directory>

firefox http://192.168.0.11/cgidir/index.cgi

#wsgi#

vim /var/www/html/wsgidir/index.wsgi

def application(env,start_response):
??????? start_response('200 OK',[('Content-Type','text/html')])
??????? return[b"hello world"]

chmod +x index.wsgi

vim /etc/httpd/conf.d/Vhost.conf

<VirtualHost *:80>
??? serverName wsgi.westos.com
??? WSGIScriptAlias / /var/www/html/wsgidir/index.wsgi
</VirtualHost>

dnf install python3-mod_wsgi.x86_64

systemctl restart httpd

驗(yàn)證：

九、Apache的加密訪問(wèn)

?

##安裝加密插件
dnf install mod_ssl -y

##生成證書(shū)

openssl genrsa -out /etc/pki/tls/private/www.westos.com.key????? 2048?? ?#生成私鑰

openssl req -new -key /etc/pki/tls/private/www.westos.com.key \
-out /etc/pki/tls/certs/www.westos.com.csr?? ??? ??? ??? ?##生成證書(shū)簽名文件

openssl x509? -req -days 365 -in? \
/etc/pki/tls/certs/www.westos.com.csr \
-signkey /etc/pki/tls/private/www.westos.com.key \
-out /etc/pki/tls/certs/www.westos.com.crt?? ??? ??? ??? ?#生成證書(shū)

x509 證書(shū)格式
-req 請(qǐng)求
-in 加載簽證名稱
-signkey?? ?/etc/pki/tls/private/www.westos.com.key

生成證書(shū)簽名文件

生成證書(shū)

?

vim /etc/httpd/conf.d/vhost.conf
<VirtualHost *:80>
?? ?ServerName login.westos.com
?? ?RewriteEngine on
?? ?RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1
</VirtualHost>

<VirtualHost *:443>
?? ?ServerName login.westos.com
?? ?DocumentRoot "/www/westos.com/login"
?? ?CustomLog logs/login.log combined
?? ?SSLEngine on
?? ?SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
?? ?SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key
</VirtualHost>

systemctl restart httpd
^(/.*)$?? ??? ?##客戶地址欄中輸入的地址
%{HTTP_HOST}?? ?##客戶主機(jī)
$1?? ??? ?##RewriteRule后面跟的第一串字符的值

驗(yàn)證：

十、Squid+Apache???

#squid 正向代理#
實(shí)驗(yàn)環(huán)境:
單網(wǎng)卡主機(jī)設(shè)定ip不能上網(wǎng)
雙網(wǎng)卡主機(jī)設(shè)定ip1可以連接單網(wǎng)卡主機(jī)，設(shè)定ip2可以上網(wǎng)

實(shí)驗(yàn)效果
讓單網(wǎng)卡主機(jī)不能上網(wǎng)但瀏覽器可以訪問(wèn)互聯(lián)網(wǎng)頁(yè)

操作：
在雙網(wǎng)卡主機(jī)中(172.25.254.1)
dnf install squid -y
vim /etc/squid/squid.conf
59 http_access allow all
65 cache_dir ufs /var/spool/squid 100 16 256

systemctl restart squid
firewall-cmd --permanent --add-port=3128/tcp
firewall-cmd --reload

在單網(wǎng)卡專輯中選擇?? (172.25.254.101)
NetWork Proxy
172.25.254.1 ?? 3128

測(cè)試：
在單網(wǎng)卡主機(jī)中
ping www.baidu.com?? ?不通
在瀏覽器中訪問(wèn)www.baidu.com可以

#squid反向代理#

實(shí)驗(yàn)環(huán)境:
172.25.254.101 ? ???? ##Apache服務(wù)器
172.25.254.1 ? ???? ##squid，沒(méi)有數(shù)據(jù)負(fù)責(zé)緩存

vim /etc/squid/squid.conf
http_port 80 vhost vport?? ??? ?##vhost 支持虛擬域名 vport 支持虛擬端口
#當(dāng)172.25.254.1的80端口被訪問(wèn)會(huì)從172.25.254.101的80端口緩存數(shù)據(jù)
cache_peer 172.25.254.101 parent? 80????? 0?????? proxy-only
??????????????????????????????? 80端口???????? 沒(méi)有備用代理??? 只作代理

systemctl restart squid

測(cè)試：
firefox http:/172.25.254.1
訪問(wèn)看到的時(shí)172.25.254.101上的數(shù)據(jù)

?

?

?

總結(jié)

以上是生活随笔為你收集整理的Apache 的管理及优化web的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。