Apache服务
apache的安装和测试
curl -I www.baidu.com ###看所用的服务类型
查看服务端口:ss -lntup |grep httpd 或 netstat -lntup |grep httpd
apache日志: /etc/httpd/logs/*
注意:如果selinux未关,修改安全上下文为httpd_sys_content_t
安装
yum install httpd httpd-manual -y ###安装软件和手册
systemctl enable httpd.service 或 chkconfig httpd on
systemctl start httpd.service
firewall-cmd --list-all ###列出火墙信息
firewall-cmd --permanent --add-service=http ###允许http使用
firewall-cmd --reload ###重新加载策略
/var/www/html/ ###默认发布目录
vim /var/www/html/index.html ###默认发布文件
hello world!!
测试
http://ip 或 http://ip/manual
默认发布文件修改
vim /etc/httpd/conf/httpd.conf ###apache配置文件
166
167 DirectoryIndex index index.html ###可多个(按顺序读写,前面的删除了就会读取后面的)
168
systemctl restart httpd
vim /var/www/html/index ###里面写内容就好
默认发布目录修改
mkdir -p /apache/dream
vim /apache/dream/index.html
hello dream!!
vim /etc/httpd/conf/httpd.conf
119 #DocumentRoot "/var/www/html"
120 DocumentRoot "/apache/dream" ###修改发布的目录
121 "/apache/dream">
122 Require all granted
123 
vim /etc/httpd/conf/httpd.conf
41 #Listen 12.34.56.78:80
42 Listen 8000
systemctl restart httpd
[root@apache ~]# netstat -lntup |grep httpd
tcp6 0 0 :::8000 :::* LISTEN 3898/httpd
[root@apache ~]# firewall-cmd --permanent --add-port=8000/tcp
success
[root@apache ~]# firewall-cmd --reload
success
内部访问控制
注意:还原默认配置!!!
针对主机访问控制
vim /etc/httpd/conf/httpd.conf
119 DocumentRoot "/var/www/html"
120 "/var/www/html">
121 # Require all granted
122 Order Deny,Allow
123 Allow from 172.25.254.56 ###先读Deny,后面Allow的会覆盖之允许56访问
124 Deny from all
125 
用户方式访问控制
[root@apache httpd]# htpasswd -cm /etc/httpd/webuser dream ###存在webuser文件时,建立访问用户,不要c参数
New password:
Re-type new password:
Adding password for user dream
[root@apache httpd]#vim /etc/httpd/conf/httpd.conf
119 DocumentRoot "/var/www/html"
120 "/var/www/html/dream">
121 # Require all granted
122 AuthUserfile /etc/httpd/webuser
123 AuthName "Please enter username and passwd"
124 AuthType basic
125 Require valid-user
126
[root@apache httpd]# systemctl restart httpd
[root@apache httpd]# vim /var/www/html/dream/aa
hello world!!!!!
生成不同的访问界面
在你要用浏览器访问的/etc/hosts加入解析
[root@dream ~]# vim /etc/hosts
172.25.254.156 www.baidu.com www.taobao.com [root@apache conf.d]# cat /etc/httpd/conf.d/a_default.conf
80>
DocumentRoot /var/www/html
CustomLog logs/default.log combined ###所有的日志都放在这里/etc/httpd/
[root@apache conf.d]# cat /etc/httpd/conf.d/baidu.conf ###百度的配置
80>
ServerName www.baidu.com
DocumentRoot /baidu
"/baidu">
Require all granted ###redhat6没有这步
[root@apache conf.d]# cat taobao.conf ###淘宝的配置
80>
ServerName www.taobao.com
DocumentRoot /taobao
"/taobao">
Require all granted
[root@apache conf.d]# mkdir /baidu
[root@apache conf.d]# mkdir /taobao
[root@apache conf.d]# echo "baidu_ya
" >/baidu/index.html
[root@apache conf.d]# echo "taobao_ya
" >/taobao/index.html注意:如果加载不对的话,清空下浏览器的缓存
php格式显示
[root@apache conf.d]# yum install php -y
[root@apache conf.d]# ls /etc/httpd/conf.d/ ###可以发现多了个php.conf
a_default.conf baidu.conf php.conf taobao.conf welcome.conf
autoindex.conf manual.conf README userdir.conf
[root@apache conf.d]# vim /var/www/html/index.php
;
?>
[root@apache conf.d]# systemctl restart httpd
CGI格式动态显示
####我们可以通过看用户手册得到cgi的介绍ip/manual
mkdir /var/www/html/cgi
vim /var/www/html/cgi/index.cgi
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print `date`; ###显示时间
[root@apache cgi]# ./index.cgi ###测试写的有没问题
Content-type: text/html
Wed Jan 31 07:46:39 EST 2018
[root@apache cgi]# cat /etc/httpd/conf.d/a_default.conf
_:80>
DocumentRoot /var/www/html
CustomLog logs/default.log combined
</VirtualHost>
/www/html/cgi> ###识别cgi格式
Options +ExecCGI
AddHandler cgi-script .cgi
Directory>
[root@apache cgi]# systemctl restart httpd 
mod_ssl加密访问
yum install mod_ssl -y
systemctl restart httpd
firewall-cmd --permanent --add-service=https ###永久允许https服务
firewall-cmd --reload ###火墙重新加载策略
yum install crypto-utils.x86_64 -y
genkey www.dream.com
作标记的为生成的路径
收集加密字符/dev/random,打字和移动鼠标可以加快速度
此为CA认证,需要用钱通过认证,即浏览器会统计你的加密
加密apache,如果选上连接都需要密码
把key这些复制到/etc/httpd/conf.d/ssl.conf对应的位置
查看加密是否成功
可以发现已经变成我们所改的修改的信息!!!
https虚拟主机设定及网页重写
我们可以通过手册查看帮助
[root@apache conf.d]# vim /etc/httpd/conf.d/login.conf
443> ###modssl的端口
ServerName login.dream.com
DocumentRoot /var/www/virtual/login.dream.com/html
CustomLog logs/login.log combined
SSLEngine on ###打开加密在ssl.conf里面都有
SSLCertificateFile /etc/pki/tls/certs/www.dream.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.dream.com.key
"/var/www/virtual/login.dream.com/html">
Require all granted
80>
ServerName login.dream.com
RewriteEngine on ###打开重写
RewriteRule ^(/.*)$ https://${HTTP_HOST}$1 [redirect=301] ###^(/.*)$:用户在浏览器所输的所有字符 https:强制用户加密访问 %{HTTP_HOST}:用户请求主机 $1:表示^(/.*)$的值 redirect:301临时重写,302永久转换
[root@apache conf.d]# mkdir -p /var/www/virtual/login.dream.com/html
[root@apache html]# vim /var/www/virtual/login.dream.com/htmlindex.html
Hello dream!!!
[root@apache html]# systemctl restart httpd
[root@apache html]# systemctl stop firewalld.service然后你可以发现不论输入login.dream.com或http://login.dream.com都会自动跳转到https://login.dream.com