apache服务实例

实例一

  • 1.从http://ldap.example.com/pub/example.html下载文件,并重命名为index.html,不修改文件内容
  • 2.将文件index.html拷贝到你的DocumentRoot目录下
  • 3 来自于example.com的客户端可以访问web服务器
  • 4.来自于my133t.org的客户端的访问会被拒绝
[root@server30 ~]# cd /var/www/html/
[root@server30 html]# wget http://ldap.example.com/pub/example.html
[root@server30 html]# mv example.html index.html
[root@server30 html]# ls
index.html
[root@server30 html]# firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 service name=http accept' ----设置防火墙策略
success
[root@server30 html]# firewall-cmd --reload
success
[root@server30 ~]# systemctl enable httpd  
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
[root@server30 ~]# systemctl start httpd  --开启httpd服务

验证
apache服务实例_第1张图片

实例二

  • 1.已签名证书从http://ldap.example.com/pub/server30.crt获取
  • 2.证书的密钥从http://ldap.example.com/pub/server30.key获取
  • 3.证书的签名授权信息从http://ldap.example.com/pub/group30.crt获取
[root@server30 conf.d]# vim ssl.conf 
ServerName server30.example.com:443
[root@server30 conf.d]# cd /etc/pki/tls/
[root@server30 tls]# cd certs/
[root@server30 certs]# wget http://ldap.example.com/pub/server30.crt
[root@server30 certs]# wget http://ldap.example.com/pub/group30.crt
[root@server30 certs]# cd ../private/
[root@server30 private]# wget http://ldap.example.com/pub/server30.key
[root@server30 private]# ls
localhost.key  server30.key 
[root@server30 private]# cd /etc/httpd/conf.d/
[root@server30 conf.d]# vim ssl.conf 
#  Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate.  If
# the certificate is encrypted, then you will be prompted for a
# pass phrase.  Note that a kill -HUP will prompt again.  A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/server30.crt   ---修改证书为server30.crt

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/server30.key  ---修改证书为server30.key
...
#   Certificate Authority (CA):
#   Set the CA certificate verification path where to find CA
#   certificates for client authentication or alternatively one
#   huge file containing all of them (file must be PEM encoded)
SSLCACertificateFile /etc/pki/tls/certs/group30.crt  ---修改证书为group30.crt

[root@server30 conf.d]# systemctl restart httpd
[root@server30 conf.d]# firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 service name=https accept'
success
[root@server30 conf.d]# firewall-cmd --reload
success

验证
apache服务实例_第2张图片

实例三

  • 1.为站点http://ldap.example.com创建一个虚拟主机
  • 2.设置 DocumentRoot 为/var/www/virtual
  • 3.从http://ldap.example.com/pub/www.html下载文件,并重命名为index.html,不要修改文件内容
  • 4.将文件index.html拷贝到 DocumentRoot目录下
  • 5.确保floyd用户能够在/var/www/virtual下创建文件
创建目录
[root@server30 ~]# mkdir /var/www/virtual
[root@server30 ~]# cd /var/www/virtual
[root@server30 virtual]# wget http://ldap.example.com/pub/www.html
...
[root@server30 virtual]# mv www.html index.html
[root@server30 virtual]# ls
index.html

[root@server30 ~]# cp /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf    /etc/httpd/conf.d/
[root@server30 ~]# cd /etc/httpd/conf.d/
[root@server30 conf.d]# ls
autoindex.conf  httpd-vhosts.conf  README  ssl.conf  userdir.conf  welcome.conf

[root@server30 conf.d]# vim httpd-vhosts.conf ----配置虚拟主机

    DocumentRoot "/var/www/html"
    ServerName server30.example.com


    DocumentRoot "/var/www/virtual"
    ServerName www.example.com

[root@server30 conf.d]# useradd floyd ---创建用户
[root@server30 conf.d]# setfacl -m u:floyd:rwx /var/www/virtual/  -设置acl
[root@server30 conf.d]# getfacl /var/www/virtual/
getfacl: Removing leading '/' from absolute path names
# file: var/www/virtual/
# owner: root
# group: root
user::rwx
user:floyd:rwx
...
[root@server30 conf.d]# systemctl restart httpd   ---重启服务
切换用户验证
[root@server30 conf.d]# su - floyd
[floyd@server30 ~]$ cd /var/www/virtual/
[floyd@server30 virtual]$ touch ll
[floyd@server30 virtual]$ ll
total 4
-rw-r--r--. 1 root  root  16 Nov 28  2014 index.html
-rw-rw-r--. 1 floyd floyd  0 Jan 17 10:44 ll

验证
apache服务实例_第3张图片

实例四

  • 1.在server上的web服务器的 DocumentRoot目录下创建一个名为private的目录,从http://ldap.example.com/pub/private.html下载文件到这个目录,并重命名为index.html,不要修改文件内容
  • 2.在server上,任何人都可以浏览private的内容,但是从其他系统不能访问这个目录的内容
创建目录
[root@server30 ~]# mkdir /var/www/html/private
[root@server30 ~]# cd /var/www/html/private
[root@server30 private]# wget http://ldap.example.com/pub/private.html
[root@server30 private]# mv private.html index.html
[root@server30 private]# ls
index.html
[root@server30 ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf  ----配置虚拟主机

    DocumentRoot "/var/www/html"
    ServerName server30.example.com
    
    Require ip 172.16.30.130 ---只允许本机访问
   



客户端验证
apache服务实例_第4张图片
服务器验证
apache服务实例_第5张图片

实例五

  • 动态内容由为 alt.example.com的虚拟主机提供
  • 虚拟主机侦听端口为8909
  • 1.从http://ldap.example.com/pub/webapp.wsgi下载一个脚本,然后放在适当的位置,不用修改文件内部内容
  • 2.客户端访问http://ldap.example.com:8909 时,应接受到动态生成的web页面,此http://alt.example.com:8909 必须能被example.com内所有的系统访问
创建目录
[root@server30 ~]# mkdir /var/www/wsgi
[root@server30 ~]# yum -y install mod_wsgi.x86_64 
[root@server30 ~]# cd /var/www/wsgi
[root@server30 wsgi]# wget http://ldap.example.com/pub/webapp.wsgi
...
[root@server30 wsgi]# ls
webapp.wsgi
[root@server30 wsgi]# vim /etc/httpd/conf.d/httpd-vhosts.conf  ----配置虚拟主机
Listen=8909 ----侦听8909端口

    WSGIScriptAlias / "/var/www/wsgi/webapp.wsgi"
    ServerName alt.example.com

添加http端口
[root@server30 ~]# semanage port -l|grep http
...
http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000
...
[root@server30 ~]# semanage port -a -t http_port_t -p tcp 8909
[root@server30 ~]# semanage port -l|grep http
...
http_port_t                    tcp      8909, 80, 81, 443, 488, 8008, 8009, 8443, 9000
设置防火墙
[root@server30 ~]# firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 port protocol=tcp port=8909 accept'
success
[root@server30 ~]# firewall-cmd --reload
success
[root@server30 ~]# systemctl restart httpd

验证
apache服务实例_第6张图片

你可能感兴趣的:(apache服务实例)