Linux 第十一周上课笔记（2）Apache服务

Apache服务

1.yum install httpd -y

2.yum install httpd-manual -y#安装手册

3.systemctl start httpd

一．修改默认的发布目录

一般来说http服务的默认发布目录在/var/www/html页面中。首先读取首页index.html

如何修改：

1. vim /etc/httpd/conf/httpd.conf

119 # DocumentRoot "/var/www/html"#将原来的默认发布目录注释。方便恢复

120 DocumentRoot "/www/lyitx"#指定新的默认发布目录

121 <Directory "/www/lyitx">

122      Require all granted#允许所有人访问

123 </Directory>

2.创建目录

mkdir -p  /www/lyitx

cd /www/lyitx

vim index.html

内容不限制

<html>

<body>

<h1>这里是lyitx目录</h1>

</body>

</html>

重启服务

Systemctl restart httpd

测试：

在火狐浏览器中输入：

172.25.254.66/index.html

实验成功

2.设置ip访问权限

A.访问黑名单-禁止某个ip访问

vim /etc/httpd/conf/httpd.conf

在之前修改的文件上修改

121 <Directory "/www/lyitx">

122         Require all granted

123         Order Allow,Deny#系统默认先读前面的Allow，再读Deny

124         Allow from All#允许所有人访问

125         Deny from 172.25.254.50#除了50主机

126 </Directory>

<Directory "/www/lyitx">

Require all granted

Order Allow,Deny

Allow from All

Deny from 172.25.254.0/24

</Directory>

如此设置：允许除了172.25.254.x网段的所有ip访问

<Directory "/www/lyitx">

Require all granted

Order Deny,Allow#先读去前面的deny-拒绝所有人，再允许50主机

Deny from All

Allow from 172.25.254.50

</Directory>

只有50主机能访问：

三．密码验证登陆

cd /etc/httpd/

htpasswd -cm htpasswdfile admin #首次建立登陆用户用-cm参数

htpasswd -m htpasswdfile lyitx#再次建立时则只用-m参数，否则会把之前建立的用户清空

[[email protected] httpd]# ls

conf  conf.d  conf.modules.d  htpasswdfile  logs  modules  run

[[email protected] httpd]# cat htpasswdfile

admin:$apr1$lWEEQdgR$vkBPESs4VC15d0ZS1PViq1

lyitx:$apr1$cHaORGNS$ZRafBI0TRqEoJkEAnykZ/.

编辑配置文件：

vim /etc/httpd/conf/httpd.conf

121 <Directory "/www/lyitx">

122         AllowOverride All

123         Authuserfile /etc/httpd/htpasswdfile

124         Authname "please input username & password"

125         Authtype basic

126         Require user admin#只有admin用户才可以登陆

127 </Directory>

systemctl restart httpd.service

#只有拥有帐号密码的用户才可登陆

vim /etc/httpd/conf/httpd.conf

# Require all granted

AllowOverride All

Authuserfile /etc/httpd/htpasswdfile

Authname "please input username & password"

Authtype basic

Require valid-user##前面么有user

再重启服务

四．虚拟主机，域名登陆

做实验前先还原之前的操作，

Vim /etc/httpd/conf/httpd.conf

119 DocumentRoot "/var/www/html"

120 #DocumentRoot "/www/lyitx"

121 #

122 # Relax access to content within /var/www.

123 #

124 <Directory "/var/www">

125     AllowOverride None

126     # Allow open access:

127     Require all granted

128 </Directory>

重启服务

1.mkdir /var/www/virtual/news.lyitx.com/html -p

2.mkdir /var/www/virtual/music.lyitx.com/html -p

3.cd /var/www/virtual/muisc.lyitx.com/html/

4.vim index.html

<html>

<body>

<h1>这里是music</h1>

</body>

</html>

5.cd /var/www/virtual/news.lyitx.com/html/

6.vim index.html

<html>

<body>

<h1>这里是news</h1>

</body>

</html>

7.cd /etc/httpd/conf.d/

8.vim default.conf

<Virtualhost _default_:80>

Documentroot /var/www/html

Customlog "logs/default.log" combined

</Virtualhost>

<Directory "/var/www/html">

Require all granted

</Directory>

9.vim news.conf

<Virtualhost *:80>

Servername news.lyitx.com

Documentroot /var/www/virtual/news.lyitx.com/html

Customlog "logs/default.log" combined

</Virtualhost>

<Directory "/var/www/virtual/news.westos.com/html">

Require all granted

</Directory>

10.vim music.conf

<Virtualhost *:80>

Servername music.lyitx.com

Documentroot /var/www/virtual/music.lyitx.com/html

Customlog "logs/default.log" combined

</Virtualhost>

<Directory "/var/www/virtual/music.westos.com/html">

Require all granted

</Directory>

重启服务

11.访问页面的主机上加入解析

Vim /etc/hosts

172.25.254.66 www.lyitx.com lyitx.com news.lyitx.com music.lyitx.com#发布共享的主机ip

测试：

######https###########

1.yum install mod_ssl -y

2. yum install crypto-utils -y

3.genkey www.lyitx.com

/usr/bin/keyutil -c makecert -g 1024 -s "CN=www.lyitx.com, OU=linux, O=westos, L=xi‘an, ST=shannxi, C=CN" -v 1 -a -z /etc/pki/tls/.rand.9611 -o /etc/pki/tls/certs/www.lyitx.com.crt -k /etc/pki/tls/private/www.lyitx.com.key

cmdstr: makecert

cmd_CreateNewCert

command:  makecert

keysize = 1024 bits

subject = CN=www.lyitx.com, OU=linux, O=lyitx, L=xi‘an, ST=shannxi, C=CN

valid for 1 months

random seed from /etc/pki/tls/.rand.9611

output will be written to /etc/pki/tls/certs/www.lyitx.com.crt

output key written to /etc/pki/tls/private/www.lyitx.com.key

Generating key. This may take a few moments...

Made a key

Opened tmprequest for writing

/usr/bin/keyutil Copying the cert pointer

Created a certificate

Wrote 882 bytes of encoded data to /etc/pki/tls/private/www.lyitx.com.key

Wrote the key to:

/etc/pki/tls/private/www.lyitx.com.key

cd /etc/httpd/conf.d

vim ssl.conf

100 SSLCertificateFile /etc/pki/tls/certs/www.lyitx.com.crt

107 SSLCertificateKeyFile /etc/pki/tls/private/www.lyiyx.com.key

systemctl restart httpd.service

测试：

在浏览器中：

https：//ip

查看证书