http(二)
apache虚拟主机的加密(https:加密有CA证书)
<Virtualhost *:80>
servername music.westos.com
Documentroot/var/www/virtual/music.westos.com/html
Customlog "logs/music.log" combined
</Virtualhost>
<Directory"/var/www/virtual/music.westos.com/html"
Require all granted
</Directory>
<Virtualhost *:443> (https是443端口)
servername music.westos.com
Documentroot/var/www/virtual/music.westos.com/html
Customlog "logs/music-443.log"combined
SSLEngine on
SSLCertificateFile/etc/pki/tls/certs/www.westos.com.crt
SSLCertificateKeyFile/etc/pki/tls/private/www.westos.com.key
</Virtualhost>
(测试时记得清空浏览器缓存哦~)
页面重写:
vim /etc/httpd/conf.d/music.conf
<Virtualhost *:80>
servername music.westos.com
RewriteEngine on
RewriteRule^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301](访问 http时动跳转到https)
</Virtualhost>
<Directory "/var/www/virtual/music.westos.com/html">
Require all granted
</Directory>
<Virtualhost *:443> (https是443端口)
servername music.westos.com
Documentroot/var/www/virtual/music.westos.com/html
Customlog"logs/music-443.log" combined
SSLEngine on
SSLCertificateFile/etc/pki/tls/certs/www.westos.com.crt
SSLCertificateKeyFile/etc/pki/tls/private/www.westos.com.key
</Virtualhost>
注意: 我们在另一台没有做设置的虚拟主机测试(news.westos.com )测试https时,它所访问的页面是 music.westos.com的主页(虽然有证书,但没有443端口没有做设置)
http默认情况下只支持:php cgi html wsgi
测试php:
cd /var/www/html
vim index.php
<?php
phpinfo ();
?>
yum install php -y (编译执行php语言)
vim /etc/httpd/conf/httpd.conf
<IfModule dir_module>
DirectoryIndex index.php index.html
</IfModule>
systemclt restart httpd
浏览器测试:
cgi:
cd /var/www/html
mkdir cgi
(cgi脚本可以参考 http manual : yum install http-manual -y)
vim index.cgi
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print `date`;
chmod +x index.cgi
vim /etc/httpd/conf.d/default.conf
selinux(请注意安全上下文)
cd /var/www
ls -Zd cgi-bin/
drwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0 cgi-bin/
semanage fcontext -a -thttpd_sys_script_exec_t ‘/var/www/html/cgi(/.*)?‘
restorecon -FvvR /var/www/html/cgi/
systemclt restart httpd
测试:
搭建一个论坛:
下载一个安装包:
Discuz_X3.2_SC_UTF8.zip
( yum install php/php-mysql -y)
解压:
unzip Discuz_X3.2_SC_UTF8.zip
注意要读:less readme/readme.txt
chmod 777 upload/data/upload/config/
注意:selinux (警告模式)
172.25.254.231/upload/install
安装:
登陆:
正向代理:工作原理就像一个跳板。简单的说,我是一个用户,我访问不了某网站,但我能访问一个代理服务器(代理服务器可以访问这个网站)。于是,我先连上代理服务器,告诉他我无法访问的网站内容,代理服务器去访问,然后返还给我。有时候并不知道用户的请求是什么,也隐藏了用户信息,这取决于代理搞不告诉网站(客户端必须进行设置)
用两台虚拟机做模拟测试:
在server里面加一块网卡:
ip1:172.25.254.231(与真机同一个网段)
ip2:172.25.31.10(与desktop同一个网段)
在desktop里面
ip:172.25.31.10
真机ip:172.25.254.31
测试:server 可以ping通真机
desktop不可以ping通真机
server:(可以ping通真机的那台虚拟机)
yum install squid -y
vim /etc/squid/squid.conf
http_access allow all
cache_dir ufs /var/spool/squid 100 16 256
(在 /var/spool/squid 里面 会生成16个A记录文件,每个A记录文件里面有256个二级目录)
systemctl start squid
测试:ping不通的虚拟机也可以访问真机器的apache网页(此时desktop还是ping 不通真机哒~)
(server在里面充当了翻墙工具 ^_^ 带你去看你本来看不到的东西~~)
反向代理:(服务器里面不装https)企业做的,客户端不做任何设定明确告诉上级服务器要拿什么
squid (主要做加速的)
yum install squid -y
vim /etc/squid/squid.conf
cache_peer 172.25.254.4 parent80 0 no-query
systemctl start squid
netstat -antlpe | grep 80
tcp 0 0 172.25.254.231:22 172.25.254.31:48992 ESTABLISHED 0 28081 1585/sshd: [email protected]
tcp6 0 0 :::80 :::* LISTEN 0 191797 4659/(squid-1)
tcp6 0 0 ::1:6010 ::1:38780 ESTABLISHED 0 28373 1585/sshd: [email protected]
tcp6 0 0 ::1:38780 ::1:6010 ESTABLISHED 0 28372 1621/dbus-launch
注意:服务器里面没有httpd 这个80 端口是squid开的
在另一台虚拟机里面测试: 
反向代理轮询机制:
cache_peer 172.25.254.4 parent 80 0 no-query originserver round-robin name=web1
cache_peer 172.25.254.3 parent 80 0 no-query originserver round-robin name=web2
cache_peer_domain web1 web2 
www.taobao.com
systemctl restart squid
在另一台机器上测试:www.taobao.com
刷新两次:得到不同的页面
