三.apache 网页重写 squid

#######网页重写########
把所有80端口的请求全部重定向由https来处理
systemctl start httpd firewalld
cd /var/www/html/
[[email protected] html]# firewall-cmd --permanent --add-service=http
success
[[email protected] html]# firewall-cmd --permanent --add-service=https
success
[[email protected] html]# firewall-cmd --reload
yum install mod_ssl
安装https
genkey www.westos.com

[[email protected] conf.d]# vim news.conf
---------------------------------------
<Virtualhost *:80>
        ServerName news.westos.com
        DocumentRoot /var/www/virtual/news/html
        Customlog logs/news.log         combined
</Virtualhost>
<Directory "/var/www/virtual/news/html">
        Require all granted
</Directory>
------------------------------------------

[[email protected] conf.d]# cp news.conf ent.conf

[[email protected] conf.d]# vim ent.conf
------------------------------------------
<Virtualhost *:80>
        ServerName ent.westos.com
        DocumentRoot /var/www/virtual/ent/html
        Customlog logs/ent.log          combined
</Virtualhost>
<Directory "/var/www/virtual/ent/html">
        Require all granted
</Directory>
-------------------------------------------

mkdir -p /var/www/virtual/ent/html
mkdir -p /var/www/virtual/news/html
echo news.westos.com > /var/www/virtual/news/html/index.html
echo ent.westos.com > /var/www/virtual/ent/html/index.html
systemctl restart httpd

vim /etc/httpd/conf.d/news.conf  ##网页重写关键一步
-----------------------------------------------------------
<Virtualhost *:80>
        ServerName news.westos.com
        RewriteEngine on
        RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
</Virtualhost>
<Directory "/var/www/virtual/news/html">
        Require all granted
</Directory>
<Virtualhost *:443>
        ServerName news.westos.com
        DocumentRoot /var/www/virtual/news/html
        Customlog log/news-443.log      combined
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
        SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key
</Virtualhost>
--------------------------------------------------------------
##在vim中 :sp /etc/httpd/conf.d/ssl.conf 可以在vim中在打开另一个vim
##将两个文件分屏显示，使用"ctrl+w 上|下"来切换

用firefox测试

#####CGI#####
CGI
通用网关接口(CGI)是网站上放置动态内容的最简单的方法。CGI脚本可用于许多目
的,但是谨慎控制使用哪个CGI脚本以及允许谁添加和运行这些脚本十分重要。编写质量差的CGI
脚本可能为外部攻击者提供了破坏网站及其内容安全性的途径。因此,在Web服务器级别和
SELinux策略级别,都存在用于限制CGI脚本使用的设置。

cd /var/www/html/
vim index.php
<?php
phpinfo ();
?>

vim /etc/httpd/conf/httpd.conf
-----------------------------------------------
164     DirectoryIndex index.php index.html
:wq
-----------------------------------------------
 systemctl reload httpd.service

测试：http://172.25.254.100（需清空缓存：ctrl+shift+delete）
无任何显示

mkdir cgi
cd cgi/
vim index.cgi
---------------------------------
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print `date`;
---------------------------------
yum install httpd-manual -y
172.25.254.100/manual/

[[email protected] cgi]# perl index.cgi
Content-type: text/html

2016年 12月 15日 星期四 06:05:17 EST

vim /etc/httpd/conf.d/default.conf
---------------------------------------------
<Virtualhost _default_:80>
         Documentroot /var/www/html
         Customlog logs/default.log   combined
</Virtualhost>
<Directory "/var/www/html/cgi">
         Options +ExecCGI
        AddHandler cgi-script .cgi
</Directory>
----------------------------------------------

设置安全上下文
[[email protected] www]# ls -Zd cgi-bin/
drwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0 cgi-bin/
[[email protected] www]# semanage fcontext -a -t httpd_sys_script_exec_t ‘/var/www/html/cgi(/.*)?‘
[[email protected] www]# restorecon -RvvF /var/www/html/cgi/
restorecon reset /var/www/html/cgi context unconfined_u:object_r:httpd_sys_content_t:s0->system_u:object_r:httpd_sys_script_exec_t:s0
restorecon reset /var/www/html/cgi/index.cgi context unconfined_u:object_r:httpd_sys_content_t:s0->system_u:object_r:httpd_sys_script_exec_t:s0

chmod +x /var/www/html/cgi/index.cgi   ##加执行权限

检验
172.25.254.100/cgi/index.cgi
 Thu Dec 15 06:20:37 EST 2016

########论坛搭建########
[[email protected] conf.d]# yum install mariadb-server -y
......
[[email protected] conf.d]# vim /etc/my.cnf
-----------------------------------------------
 10 skip-networking=1
:wq
-----------------------------------------------
[[email protected] conf.d]# systemctl start mariadb

[[email protected] conf.d]# mysql_secure_installation
......
>Set root password "westos"
[[email protected] conf.d]# cd /var/www/html/
[[email protected] html]# ls
cgi  index.html  index.php

[[email protected] pub]# pwd
/root/Documents/RHCE/LFTP/pub
[[email protected] pub]# scp Discuz_X3.2_SC_UTF8.zip [email protected]:/var/www/html/
[email protected]‘s password:
Discuz_X3.2_SC_UTF8.zip                       100%   12MB  11.9MB/s   00:01

[[email protected] html]# ls
cgi  Discuz_X3.2_SC_UTF8.zip  index.html  index.php
[[email protected] html]# unzip Discuz_X3.2_SC_UTF8.zip
......
[[email protected] html]# ls
cgi  Discuz_X3.2_SC_UTF8.zip  index.html  index.php  readme  upload  utility
[[email protected] html]# less readme/readme.txt
-----------------------------------------------
截取重要内容：

+----------------------------------+
 Discuz! X 社区软件的安装
+----------------------------------+
1. 上传 upload 目录中的文件到服务器
2. 设置目录属性（windows 服务器可忽略这一步）
        以下这些目录需要可读写权限
        ./config
        ./data 含子目录
3. 执行安装脚本 /install/
   请在浏览器中运行 install 程序，即访问 http://您的域名/论坛目录/install/
4. 参照页面提示，进行安装，直至安装完毕

-----------------------------------------------
[[email protected] html]# chmod 777 upload/data/ upload/config/

>测试：http://172.25.50.100/upload/
-->我同意
>所有文件不可写，mysql不支持

[[email protected] html]# setenforce 0

>刷新网页
>只有前4个文件显示可写，mysql不支持

[[email protected] html]# chmod 777 upload/ -R

>刷新网页
>所有文件可写，mysql不支持

[[email protected] html]# yum install php-mysql -y
......
[[email protected] html]# systemctl reload httpd

测试
>刷新网页
>所有文件可写，mysql支持
-->下一步-->下一步
-->数据库密码：westos-->管理员密码：（自行设定）-->下一步
>等待安装完成，重新输入网址：http://172.25.50.100/upload/
>安装成功！！！

--安装完成，以下为体验--
-->输入管理员密码-->登陆-->输入验证码-->登陆
-->用户组：管理员
-->模块管理
-->管理中心

########squid正向代理#######
[[email protected] ~]# ls /etc/httpd/conf.d/
autoindex.conf  README  userdir.conf  welcome.conf
[[email protected] ~]# yum install squid -y
......
[[email protected] ~]# ls /etc/httpd/conf.d/
autoindex.conf  README  squid.conf  userdir.conf  welcome.conf
[[email protected] ~]# vim /etc/squid/squid.conf
-----------------------------------------------
 56 http_access allow all

62 cache_dir ufs /var/spool/squid 100 16 256
:wq
-----------------------------------------------
[[email protected] ~]# ls /var/spool/squid/
##什么都没有
[[email protected] ~]# systemctl start squid
[[email protected] ~]# systemctl enable squid.service
Created symlink from /etc/systemd/system/multi-user.target.wants/squid.service to /usr/lib/systemd/system/squid.service.
[[email protected] ~]# netstat -antlpe |grep squid
tcp6       0      0 :::3128                 :::*                    LISTEN      0          531476     7398/(squid-1)

[[email protected] conf.d]# firefox &
>测试：www.baidu.com
>提示：一直是"Connecting..."状态
-->Edit-->Preferences-->Advanced-->Network-->Settings...
-->Manual proxy configuration-->HTTP Proxy:172.25.50.250-->Port:3128
-->OK-->Close
>再次测试：www.baidu.com
>打开百度成功！！！

--取消代理--
-->Edit-->Preferences-->Advanced-->Network-->Settings...
-->Manual proxy configuration-->No proxy
-->OK-->Close

--删除squid服务--
[[email protected] ~]# systemctl stop squid
[[email protected] ~]# yum remove squid -y
......
[[email protected] ~]# rm -fr /etc/squid/

在亚马逊租一台Linux服务器，装上squid，然后在本机指定代理后，就能访问国外的网站

#########squid反向代理#########
CDN加速

交叉存储

[[email protected] ~]# yum remove httpd -y
......
[[email protected] ~]# netstat -antlpe |grep :80
[[email protected] ~]# yum install squid -y
......
[[email protected] ~]# vim /etc/squid/squid.conf
-----------------------------------------------
 56 http_access allow all

59 http_port 80 vhost vport
 60 cache_peer 172.25.50.165 parent 80 0 no-query

62 cache_dir ufs /var/spool/squid 100 16 256
:wq
-----------------------------------------------
[[email protected] ~]# systemctl start squid
[[email protected] ~]# netstat -antlpe |grep :80
tcp6       0      0 :::80                   :::*                    LISTEN      0          41808      2069/(squid-1)

>分别为虚拟机172.25.50.165和虚拟机172.25.50.171搭建好http服务，然后使用真机进行测试
[[email protected] Desktop]# firefox &
>测试：172.25.50.165
>显示：172.25.50.165
>测试：172.25.50.171
>显示：172.25.50.171

注意：同时开启三台虚拟机会有点卡，可以使用"init 3"关闭图形。需要时，再使用"init 5"打开图形

>测试：172.25.50.100
>显示：172.25.50.165

[[email protected] ~]# vim /etc/squid/squid.conf
-----------------------------------------------
/修改
 60 cache_peer 172.25.50.165 parent 80 0 no-query originserver round-robin name=web1
/插入
 61 cache_peer 172.25.50.171 parent 80 0 no-query originserver round-robin name=web2
 62 cache_peer_domain web1 web2 www.taobao.com
:wq
-----------------------------------------------
[[email protected] ~]# systemctl restart squid

[[email protected] Desktop]# vim /etc/hosts
-----------------------------------------------
  4 172.25.50.100   www.taobao.com
:wq
-----------------------------------------------

>真机断开外网
[[email protected] Desktop]# firefox &
--> Ctrl+Shift+Delete --> 把最后两项打钩 --> Clear Now（清空缓存）
>测试：172.25.50.100
>显示：172.25.50.165
>刷新
>显示：172.25.50.171
>刷新
>显示：172.25.50.165
>刷新
>显示：172.25.50.171

轮询测试成功