apache[通俗易懂]

###apache服务###

###查看服务器版本

curl -I www.XXX.com

###安装服务

yum install httpd -y
systemctl start httpd
systemctl enable httpd

firewall-cmd –permanent –add-service=http
firewall-cmd –reload
systemctl restart httpd

###更改默认发布目录

vim /etc/httpd/conf/httpd.conf
164     DirectoryIndex westos index.html    ##默认发布目录为/var/www/html/index 改为westos 谁在前面谁的优先级高

119 DocumentRoot “/var/www/html”        ##默认发布目录

 <Directory “/www/html”>            ##更改默认发布目录为/www/html
122         Require all granted
123 </Directory>
[root@server102 html]# mkdir -p /www/html
[root@server102 html]# echo meilijingjingjie > /www/html/index.html
systemctl restart httpd.service

[root@server102 html]# getenforce         ##selinux为强制级别
Enforcing

[root@server102 html]# setenforce 0
或
[root@server102 html]# semanage fcontext -a -t httpd_sys_content_t ‘/www(/.*)?’
[root@server102 html]# restorecon -RvvF /www/

###更改端口
[root@server102 html]# vim /etc/httpd/conf/httpd.conf
 42 Listen 8080                    ##更改端口为8080
[root@server102 html]# firewall-cmd –permanent –add-port=8080
[root@server102 html]# firewall-cmd –reload

###apache虚拟主机

配置文件还原 并systemctl restart httpd.service
[root@server102 html]# cd /etc/httpd/conf/
[root@server102 conf]# vim default.conf
[root@server102 conf]# cat default.conf
<Virtualhost _default_:80>
    DocumentRoot /var/www/html
    CustomLog logs/default.log    combined
</Virtualhost>
[root@server102 conf]# mkdir /var/www/virtual -p
[root@server102 conf]# mkdir /var/www/virtual/news/html -p
[root@server102 conf]# mkdir /var/www/virtual/ent/html -p
[root@server102 conf]# echo news.westos.com >/var/www/virtual/news/html/index.html
[root@server102 conf]# echo ent.westos.com >/var/www/virtual/ent/html/index.html
[root@server102 [root@server102 conf]# cat news.conf
<Virtualhost *:80>
    ServerName news.westos.com
    DocumentRoot /var/www/virtual/news/html
    CustomLog logs/news.log        combined
</Virtualhost>
<Directory “/var/www/virtual/news/html”>
    Require all granted
</Directory>
[root@server102 conf]# vim ent.conf
[root@server102 conf]# cat ent.conf
<Virtualhost *:80>
    ServerName ent.westos.com
    DocumentRoot /var/www/virtual/ent/html
    CustomLog logs/ent.log        combined
</Virtualhost>
<Directory “/var/www/virtual/ent/html”>
    Require all granted
</Directory>
[root@server102 conf]# vim /etc/hosts
172.25.254.102 www.westos.com news.westos.com ent.westos.com
测试:在解析所在主机测试，也可以但见DNS解析
[root@server102 conf]# systemctl restart httpd

###设定黑白名单
[root@server102 conf.d]# cat default.conf
<Virtualhost _default_:80>
    DocumentRoot /var/www/html
    CustomLog logs/default.log    combined
</Virtualhost>
<Directory “/var/www/html”>
    Require all granted
    Order deny,allow            ##先读deny再读allow，谁在前面先读谁
    Deny from all
    Allow from 172.25.254.102        ##黑名单拒绝所有人，白名单允许的则生效
</Directory>

###登陆用户密码
[root@server102 httpd]# pwd
/etc/httpd
[root@server102 httpd]# htpasswd -cm htpasswd admin    ##c表示创建m表示添加
New password:
Re-type new password:
Adding password for user admin
[root@server102 httpd]# htpasswd -m htpasswd zdb    ##再次添加用户不加参数c
New password:
Re-type new password:
Adding password for user zdb
[root@server102 conf.d]# vim default.conf
[root@server102 conf.d]# cat default.conf
<Virtualhost _default_:80>
    DocumentRoot /var/www/html
    CustomLog logs/default.log    combined
</Virtualhost>
<Directory “/var/www/html”>
    AuthUserFile “/etc/httpd/htpasswd”
    AuthName “Please input your name and password”
    AuthType basic
    Require user admin                ##admin表示使用这个用户和密码
</Directory>
[root@server102 conf.d]# systemctl restart httpd.service

###apache手册

[root@server102 conf.d]# yum install httpd-manual -y
[root@server102 conf.d]# systemctl restart httpd.service
直接访问 172.25.254.102/manual

###https

[root@server102 conf.d]# yum install mod_ssl -y
[root@server102 conf.d]# systemctl restart httpd.service
/etc/httpd/conf.d生成ssl.conf文件
[root@server102 conf.d]# firewall-cmd –permanent –add-service=https
[root@server102 conf.d]# firewall-cmd –reload
[root@server102 conf.d]# yum install crypto-utils -y
[root@server102 conf.d]# genkey www.westos.com
生成证书
[root@server102 conf.d]# vim ssl.conf
100 SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
107 SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key
[root@server102 conf.d]# systemctl restart httpd.service
访问https://172.25.254.102
[root@server102 conf.d]# vim ent.conf
[root@server102 conf.d]# cat ent.conf
<Virtualhost *:443>
    ServerName ent.westos.com
    DocumentRoot /var/www/virtual/ent/html
    CustomLog logs/ent.log          combined
    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
    SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key
<Virtualhost>
<Virtualhost *:80>
    ServerName ent.westos.com
    RewriteEngine on
    RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
</Virtualhost>
<Directory “/var/www/virtual/ent/html”>
    Require all granted
</Directory>
[root@server102 conf.d]# systemctl restart httpd.service
访问 http://ent.westos.com 自动转换为 https://ent.westos.com 并显示内容

###php,cgi

[root@server102 html]# pwd
/var/www/virtual/news/html
[root@server102 html]# vim index.php
[root@server102 html]# cat index.php
<?php
phpinfo();
?>
[root@server102 html]# yum install php -y
[root@server102 conf.d]# pwd
/etc/httpd/conf.d
[root@server102 conf.d]# vim news.conf
<Virtualhost *:80>
    ServerName news.westos.com
    DocumentRoot /var/www/virtual/news/html
    CustomLog logs/news.log        combined
</Virtualhost>
<Directory “/var/www/virtual/news/html”>
    DirectoryIndex index.php
    Require all granted
</Directory>

[root@server102 conf.d]# mkdir /var/www/virtual/news/html/cgi
[root@server102 conf.d]# vim /var/www/virtual/news/html/cgi/index.cgi
#!/usr/bin/prel
print “Content-type: test/html\n\n”;
print `date`;
[root@server102 conf.d]# vim news.conf
[root@server102 conf.d]# cat news.conf
<Virtualhost *:80>
    ServerName news.westos.com
    DocumentRoot /var/www/virtual/news/html
    CustomLog logs/news.log        combined
</Virtualhost>
<Directory “/var/www/virtual/news/html”>
    DirectoryIndex index.php index.cgi
    Require all granted
</Directory>
[root@server102 conf.d]# vim news.conf
[root@server102 conf.d]# cat news.conf
<Virtualhost *:80>
    ServerName news.westos.com
    DocumentRoot /var/www/virtual/news/html
    CustomLog logs/news.log        combined
</Virtualhost>
<Directory “/var/www/virtual/news/html”>
    DirectoryIndex index.php index.cgi
    Require all granted
</Directory>
<Directory “/var/www/virtual/news/html/cgi”>
    Options +ExecCGI
    AddHandler cgi-script .cgi
</Directory>

[root@server102 conf.d]# setenforce 0
或修改安全上下文
[root@server102 conf.d]# semanage fcontext -a -t httpd_sys_script_exec_t ‘/var/www/virtual/news/html/cgi(/.*)?’
[root@server102 conf.d]# restorecon -RvvF /var/www/virtual/news/html/cgi

###论坛搭建

[root@server102 conf.d]# yum install mariadb-server -y
[root@server102 conf.d]# vim /etc/my.cnf
 10 skip-networking=1
[root@server102 conf.d]# systemctl restart mariadb
[root@server102 conf.d]# mysql_secure_installation
/usr/bin/mysql_secure_installation: line 379: find_mysql_client: command not found

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we’ll need the current
password for the root user.  If you’ve just installed MariaDB, and
you haven’t set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on…

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 … Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n]
 … Success!

Normally, root should only be allowed to connect from ‘localhost’.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n]
 … Success!

By default, MariaDB comes with a database named ‘test’ that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n]
 – Dropping test database…
 … Success!
 – Removing privileges on test database…
 … Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n]
 … Success!

Cleaning up…

All done!  If you’ve completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!
[root@server102 html]# pwd
/var/www/virtual/news/html
[root@server102 html]# yum install lftp -y
[root@server102 html]# lftp 172.25.254.250
lftp 172.25.254.250:~> cd pub/
lftp 172.25.254.250:/pub> get Discuz_X3.2_SC_UTF8.zip
12486177 bytes transferred                                 
[root@server102 html]# unzip Discuz_X3.2_SC_UTF8.zip
[root@server102 upload]# chmod 777 * -R
[root@server102 upload]# setenforce 0
[root@server102 upload]# yum install php-mysql -y
访问 http://news.westos.com/upload/forum.php
[root@server102 html]# curl -I news.westos.com
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2016 08:36:26 GMT
Server: Apache/2.4.6 (Red Hat) OpenSSL/1.0.1e-fips PHP/5.4.16
Last-Modified: Fri, 09 Dec 2016 01:14:23 GMT
ETag: “1c-5432f79764a64”
Accept-Ranges: bytes
Content-Length: 28
Content-Type: text/html; charset=UTF-8

###wsgi

[root@server102 html]# lab webapp setup
Creating web application files…  SUCCESS
[root@server102 html]# cd /home/student/
[root@server102 student]# ls
webapp.wsgi
[root@server102 student]# cp webapp.wsgi /var/www/virtual/news/html/cgi/
[root@server102 student]# cd /etc/httpd/conf.d/
[root@server102 conf.d]# vim ent.conf
[root@server102 conf.d]# cat ent.conf
<Virtualhost *:443>
    ServerName ent.westos.com
    DocumentRoot /var/www/virtual/ent/html
    CustomLog logs/ent.log          combined
    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
    SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key
    WSGIScriptAlias /cgi /var/www/virtual/news/html/cgi/
<Virtualhost>
<Virtualhost *:80>
    ServerName ent.westos.com
    RewriteEngine on
    RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
</Virtualhost>
<Directory “/var/www/virtual/ent/html”>
    Require all granted
</Directory>
[root@server102 conf.d]# yum install mod_wsgi -y
访问 ent.westos.com/cgi

###squid

###实验环境

虚拟机server双网卡
eth0=172.25.254.102
eth1=172.25.2.100

虚拟机desktop单网卡
eht0=172.25.2.200

###squid正向代理

在虚拟机server中
[root@server102 ~]# yum install squid -y
[root@server102 ~]# vim /etc/squid/squid.conf
 56 http_access allow all
 59 http_port 3128
 62 cache_dir ufs /var/spool/squid 100 16 256
[root@server102 squid]# systemctl start squid
[root@server102 ~]# systemctl stop firewalld.service
访问172.25.254.2，可以访问到

在虚拟机desktop中
打开浏览器
选择Edit–>Preferences–>Advanced–>Settings–>Manual proxy configuration HTTP Proxy:172.25.2.100 Port:3128–>Use this proxy server for all protocols
访问172.25.254.2，可以访问到
[root@desktop ~]# ping 172.25.254.2
connect: Network is unreachable
ping 不通

###squid反向代理

[root@server102 ~]# vim /etc/squid/squid.conf
 59 http_port 80 vhost vport
 60 cache_peer 172.25.254.2 parent 80 0 proxy-only
[root@server102 ~]# systemctl restart squid.service
[root@server102 ~]# rpm -qa | grep http        无显示代表本机没有httpd服务
[root@server102 ~]# firefox
访问172.25.254.102显示内容为172.25.254.2的默认发布目录内容