apache罗列

1. restorecon -Rv /srv/  恢复http权限（如果默认不是http的，可以用semanage fcontext）

2. /etc/httpd/conf.d/00vhost.conf

   DocumentRoot /srv/default/www

   CustomLog "logs/default-vhost.log" combined

   Require all granted

3. /etc/httpd/conf.d/01vhost.conf

   ServerName www0.example.com

   DocumentRoot /srv/www0.example.com/www

   ServerAlias www0

   CustomLog "logs/www0.example.com.log" combined

   Require all granted

4. 自动跳转的ssl

   ServerName demo.example.com

   SSLEngine on

   SSLCertificateFile /etc/pki/tls/certs/demo.example.com.crt

   SSLCertificateKeyFile /etc/pki/tls/private/demo.example.com.key

   SSLCertificateChainFile /etc/pki/tls/certs/example-ca.crt

   DocumentRoot /srv/www0/www

   Require all granted

   ServerName www0.example.com

   RewriteEngine on

   RewriteRule ^(/.*)$ https://%{HTTP_POST}$1 [redirect=301]

5. ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

   apache user and group

   selinux:httpd_sys_script_exec_t

6. serving php:

   mod_php

   SetHandler application/x-httpd-php

   DirectoryIndex index.php

7. serving phython:

   WSGIScriptAlias /myapp/ /srv/myapp/www/myapp.py

8. connect db

   如果数据库用remote host，selinux里httpd_can_network_connect_db需要设置为1

9. 如果不是一个常用的数据库端口，

   httpd_can_network_connect = 1