系统城装机大师 - 固镇县祥瑞电脑科技销售部宣传站!

当前位置:首页 > 系统教程 > Linux教程 > 详细页面

Apache服务部署--学习笔记

时间:2020-02-21来源:系统城作者:电脑系统城

本次实验环境是redhat7.0系统,所有实验都来自《linux就该这么学》
apache程序是目前拥有很高市场占有率的web服务程序之一,其跨平台和安全性被认可且拥有快速、可靠、简单的API扩展,名字取自美国印第安人的土著语,寓意着拥有高超的作战策略和无穷的耐性。

安装

[root@localhost ~]# yum install httpd -y

配置文件的位置

服务目录 /etc/httpd
主配置文件 /etc/httpd/conf/httpd.conf
网站数据目录 /var/www/html
访问日志 /var/log/httpd/access_log
错误日志 /var/log/httpd/error_log

ServerRoot 服务目录
ServerAdmin 管理员邮箱
User 运行服务的用户
Group 运行服务的用户组
ServerName 网站服务器的域名
DocumentRoot 网站数据目录
Listen 监听的IP地址与端口号
DirectoryIndex 默认的索引页页面
ErrorLog 错误日志文件
CustomLog 访问日志文件
Timeout 网页超时时间,默认为300秒

1. 自定义一个网站

1.1 创建网站目录

[root@localhost ~]# mkdir /home/wwwroot
[root@localhost ~]# echo " This is my web" >/home/wwwroot/index.html

1.2 设置selinux

设置selinx安全上下文

# 查看httpd默认网站目录的值
[root@localhost ~]# ls -ldZ /var/www/html/
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html/

# 将新建的网站目录设置相同的安全上下文值
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/*

# 重新加载生效
[root@localhost ~]# restorecon -Rv /home/wwwroot/
restorecon reset /home/wwwroot context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /home/wwwroot/index.html context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0

semanager命令用于管理selinux的策略,“semanager [选项] [文件]”

-l 查询
-a 添加
-m 修改
-d 删除

1.3 修改配置文件

119 DocumentRoot "/home/wwwroot"
120 
121 #
122 # Relax access to content within /var/www.
123 #
124 <Directory "/home/wwwroot">
125     AllowOverride None
126     # Allow open access:
127     Require all granted
128 </Directory>

1.4 启动服务

[root@localhost ~]# systemctl restart httpd 
[root@localhost ~]# systemctl enable httpd 
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'

# 设置防火墙
[root@localhost ~]# firewall-cmd --permanent --add-service=http
success
[root@localhost ~]# firewall-cmd --permanent --add-service=https
success
[root@localhost ~]# firewall-cmd --reload
success

测试访问,如果不能访问,检查防火墙,selinux,网站目录有无数据页面
Apache服务部署--学习笔记

2. 个人用户主页功能

httpd服务程序提供的个人主页功能可以让系统内所有的用户在自己的家目录中管理个人的网站。

2.1 开启个人用户主页功能

将17行注释掉(开启用户主页),将24行的注释删除(网站数据在用户家目录中的保存位置)

[root@localhost ~]# vim /etc/httpd/conf.d/userdir.conf 
15     # permissions).
 16     #
 17     #UserDir disabled
 18 
 19     #
 20     # To enable requests to /~user/ to serve the user's public_html
 21     # directory, remove the "UserDir disabled" line above, and uncomment
 22     # the following line instead:
 23     # 
 24     UserDir public_html
 25 </IfModule>
 26 

2.2 创建一个用户

创建一个用户,设置权限,保证其他人也有权限读取目录内容

[root@localhost ~]# useradd developer
[root@localhost ~]# su - developer
[developer@localhost ~]$ mkdir public_html
[developer@localhost ~]$ echo "this is developer's home" >public_html/index.html 
[developer@localhost ~]$ chmod -fR 755 /home/developer

2.3 设置selinux

该用户的网站数据目录本身就在家目录中,因此不用修改家目录的selinux的安全上下文。使用getsebool命名查看与http相关的selinux域的安全策略

[root@localhost ~]# getsebool -a |grep httpd
httpd_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_can_connect_ftp --> off
httpd_can_connect_ldap --> off
httpd_can_connect_mythtv --> off
httpd_can_connect_zabbix --> off
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> off
httpd_dbus_sssd --> off
httpd_dontaudit_search_dirs --> off
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> off
httpd_execmem --> off
httpd_graceful_shutdown --> on
httpd_manage_ipa --> off
httpd_mod_auth_ntlm_winbind --> off
httpd_mod_auth_pam --> off
httpd_read_user_content --> off
httpd_run_stickshift --> off
httpd_serve_cobbler_files --> off
httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_sys_script_anon_write --> off
httpd_tmp_exec --> off
httpd_tty_comm --> off
httpd_unified --> off
httpd_use_cifs --> off
httpd_use_fusefs --> off
httpd_use_gpg --> off
httpd_use_nfs --> off
httpd_use_openstack --> off
httpd_use_sasl --> off
httpd_verify_dns --> off
# 开启  httpd_enable_homedir
[root@localhost ~]# setsebool -P httpd_enable_homedirs=on

2.4 启动服务

[root@localhost ~]# systemctl restart httpd
[root@localhost ~]# systemctl enable httpd
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'

# 设置防火墙
[root@localhost ~]# firewall-cmd --permanent --add-service=http
success
[root@localhost ~]# firewall-cmd --permanent --add-service=https
success
[root@localhost ~]# firewall-cmd --reload
success

测试访问
Apache服务部署--学习笔记

2.5 设置身份验证

访问网站时,只有通过身份验证的用户才可以访问到网站的内容
使用htpasswd命令声场密码数据库,第一次创建需要使用 -c参数,之后再添加用户就不用了,格式 “htpasswd -c 存放密码的文件 用户名”,用户不需要是本地的系统用户。

[root@localhost ~]# htpasswd -c /etc/httpd/passwd user007
New password: 
Re-type new password: 
Adding password for user user007

修改配置文件,31-37行的配置参数

[root@localhost ~]# vim /etc/httpd/conf.d/userdir.conf 
 31 <Directory "/home/*/public_html">
 32     AllowOverride all
 33     authuserfile "/etc/httpd/passwd"
 34     authname "please auth"
 35     authtype basic
 36     Require user user007
 37 </Directory>

重启httpd

[root@localhost ~]# systemctl restart httpd

测试访问
Apache服务部署--学习笔记
输入用户user007 密码 redhat
Apache服务部署--学习笔记

3. 虚拟主机功能

使用虚拟网站功能,可以把一台服务器分割成多个“虚拟服务器”,部署多个不同的网站;有三种方式:

  • 请求不同的IP地址
  • 请求不同的主机域名
  • 请求不同的端口

3.1 基于IP地址

3.1.1 添加两个IP

[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno16777736
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
DEVICE=eno16777736
USERCTL=no
IPADDR1=192.168.137.10
PREFIX1=24
IPADDR2=192.168.137.20
FREPIX2=24
GATEWAY=192.168.137.2
DNS1=114.114.114.114
[root@localhost ~]# systemctl restart network

3.1.2 创建网站目录

创建两个不同的网站目录,访问192.168.137.10时,看到的是“192.168.137.10”;访问192.168.137.20时,看到的是“192.168.137.20”

[root@localhost ~]# mkdir /home/wwwroot/10 -p
[root@localhost ~]# mkdir /home/wwwroot/20 -p
[root@localhost ~]# echo "192.168.137.10" >/home/wwwroot/10/index.html
[root@localhost ~]# echo "192.168.137.20" >/home/wwwroot/20/index.html

3.1.3 设置selinux

设置selinux的安全上下文

# 查看默认网站目录的值
[root@localhost ~]# ls -ldZ /var/www/html/
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html/
# 设置新网站selinux安全上下文的值
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/10
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/10/*
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/20
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/20/*
# 重新加载生效
[root@localhost ~]# restorecon -Rv /home/wwwroot/
restorecon reset /home/wwwroot context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_dir_t:s0
restorecon reset /home/wwwroot/10 context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_t:s0
restorecon reset /home/wwwroot/10/index.html context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_t:s0
restorecon reset /home/wwwroot/20 context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_t:s0
restorecon reset /home/wwwroot/20/index.html context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_t:s0

3.1.4 修改配置文件

在倒数第二行添加一下内容:

[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
<virtualhost 192.168.137.10>
documentroot "/home/wwwroot/10"
servername www.a.com
<directory "/home/wwwroot/10">
allowoverride none
require all granted
</directory>
</virtualhost>

<virtualhost 192.168.137.20>
documentroot "/home/wwwroot/20"
servername www.b.com
<directory "/home/wwwroot/20">
allowoverride none
require all granted
</directory>
</virtualhost>

3.1.5 启动服务

[root@localhost ~]# systemctl restart httpd
[root@localhost ~]# systemctl enable httpd
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
# 设置防火墙
[root@localhost ~]# firewall-cmd --permanent --add-service=http
success
[root@localhost ~]# firewall-cmd --permanent --add-service=https
success
[root@localhost ~]# firewall-cmd --reload
success

测试访问
Apache服务部署--学习笔记
Apache服务部署--学习笔记

3.2 基于域名

3.2.1 创建网站目录

定义两个域名www.a.com和www.b.com。创建两个网站的目录,分别存放两个网站的数据

[root@localhost Desktop]# mkdir -p /home/wwwroot/a 
[root@localhost Desktop]# mkdir -p /home/wwwroot/b
[root@localhost Desktop]# echo "a web" >/home/wwwroot/a/index.html
[root@localhost Desktop]# echo "b web" >/home/wwwroot/b/index.html

3.2.2 设置selinux

# 查看默认网站目录的值
[root@localhost Desktop]# ls -ldZ /var/www/html/
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html/
# 设置新网站的selinux安全上下文的值
[root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot
[root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/a
[root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/a/*
[root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/b
[root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/b/*
# 重新加载生效
[root@localhost Desktop]# restorecon -Rv /home/wwwroot/
restorecon reset /home/wwwroot context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /home/wwwroot/a context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /home/wwwroot/a/index.html context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /home/wwwroot/b context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /home/wwwroot/b/index.html context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0

3.2.3 修改配置文件

在配置文件的倒数第二行,添加以下内容

[root@localhost Desktop]# vim /etc/httpd/conf/httpd.conf
<virtualhost 192.168.137.10>
documentroot "/home/wwwroot/a"
servername www.a.com
<directory "/home/wwwroot/a">
allowoverride none
require all granted
</directory>
</virtualhost>
<virtualhost 192.168.137.10>
documentroot "/home/wwwroot/b"
servername www.b.com
<directory "/home/wwwroot/b">
allowoverride none
require all granted
</directory>
</virtualhost>

3.2.4 启动服务

[root@localhost Desktop]# systemctl restart httpd
[root@localhost Desktop]# systemctl enable httpd
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
# 设置防火墙
[root@localhost Desktop]# firewall-cmd --permanent --add-service=http
success
[root@localhost Desktop]# firewall-cmd --permanent --add-service=https
success
[root@localhost Desktop]# firewall-cmd --reload 
success

在测试的客户端的/etc/hosts文件写入这两个网址的解析

[root@localhost Desktop]# vim /etc/hosts
192.168.137.10 www.a.com www.b.com

Apache服务部署--学习笔记
Apache服务部署--学习笔记

3.3 基于端口

3.3.1 创建网站目录

定义两个端口333和222端口,创建两个网站目录分别存放两个网站的数据

[root@localhost Desktop]# mkdir -p /home/wwwroot/333
[root@localhost Desktop]# mkdir -p /home/wwwroot/222
[root@localhost Desktop]# echo "333 web" >/home/wwwroot/111/index.html
[root@localhost Desktop]# echo "222 web" >/home/wwwroot/222/index.html

3.3.2 设置selinux

设置网站目录的selinux安全上下文值

# 查看默认网站目录的值
[root@localhost Desktop]# ls -ldZ /var/www/html/
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html/
# 设置新网站的值
[root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/333
[root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/333/*
[root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/222
[root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/222/*
[root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot
# 重新加载生效
[root@localhost Desktop]# restorecon -Rv /home/wwwroot/
restorecon reset /home/wwwroot context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /home/wwwroot/333 context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /home/wwwroot/333/index.html context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /home/wwwroot/222 context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /home/wwwroot/222/index.html context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0

将 333和222端口加入到selinux域测策略中,允许httpd监听这两个端口

[root@localhost Desktop]# semanage port -l|grep http
http_cache_port_t              tcp      8080, 8118, 8123, 10001-10010
http_cache_port_t              udp      3130
http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t            tcp      5988
pegasus_https_port_t           tcp      5989
[root@localhost Desktop]# semanage port -a -t http_port_t -p tcp 222
[root@localhost Desktop]# semanage port -a -t http_port_t -p tcp 333

3.3.3 修改配置文件

[root@localhost wwwroot]# vim /etc/httpd/conf/httpd.conf 
listen 222
listen 333
<virtualhost 192.168.137.10:222>
documentroot "/home/wwwroot/222"
servername www.a.com
<directory "/home/wwwroot/222">
allowoverride none
require all granted
</directory>
</virtualhost>
<virtualhost 192.168.137.10:333>
documentroot "/home/wwwroot/333"
servername www.a.com
<directory "/home/wwwroot/333">
allowoverride none
require all granted
</directory>
</virtualhost>

3.3.4 启动服务

 [root@localhost wwwroot]# systemctl restart httpd
[root@localhost wwwroot]# systemctl enable htpd
Failed to issue method call: No such file or directory
[root@localhost wwwroot]# systemctl enable httpd
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
# 设置防火墙
[root@localhost wwwroot]# firewall-cmd --permanent --add-service=http
success
[root@localhost wwwroot]# firewall-cmd --permanent --add-service=https
success
[root@localhost wwwroot]# firewall-cmd --permanent --add-port=222/tcp
success
[root@localhost wwwroot]# firewall-cmd --permanent --add-port=333/tcp
success
[root@localhost wwwroot]# firewall-cmd --reload 
success

测试访问
Apache服务部署--学习笔记
Apache服务部署--学习笔记

分享到:

相关信息

  • linux 文件权限怎么解析

    常用权限linux系统内有档案有三种身份 u:拥有者 g:群组 o:其他人这些身份对于文档常用的有下面权限:r:读权限,用户可以读取文档的内容,如用cat,more查看w:写权限,用户可以编辑文档x...

    2024-07-07

  • 如何使用WPSeku找出 WordPress 安全问题?

    然而,如果我们遵循通常的 WordPress 最佳实践,这些安全问题可以避免。在本篇中,我们会向你展示如何使用 WPSeku,一个 Linux 中的 WordPress 漏洞扫描器,它可以被用来找出你安装...

    2024-07-03

系统教程栏目

栏目热门教程

人气教程排行

站长推荐

热门系统下载