Linux 第十二周上课笔记 阿帕奇服务

apache

[[email protected] ~]# yum install httpd -y

[[email protected] html]# yum install httpd-manual -y

更改默认发布文件

[[email protected] html]# vim /etc/httpd/conf/httpd.conf

更改默认发布目录

[[email protected] html]# mkdir /www/westos -p

[[email protected] html]# semanage fcontext -a -t httpd_sys_content_t ‘/www/westos(/*)?‘

[[email protected] html]# restorecon -RvvF /www/

restorecon reset /www context unconfined_u:object_r:default_t:s0->system_u:object_r:default_t:s0

restorecon reset /www/westos context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0

[[email protected] html]# cd /www/westos/

[[email protected] westos]# vim index.html

[[email protected] westos]# ls -Z

-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 index.html

[[email protected] westos]# vim /etc/httpd/conf/httpd.conf

120 DocumentRoot "/www/westos"

121 <Directory "/www/westos">

122     Require all granted

123 </Directory>

[[email protected] westos]# systemctl restart http

[[email protected] westos]# vim /etc/httpd/conf/httpd.conf

120 DocumentRoot "/www/westos"

121 <Directory "/www/westos">

122     Require all granted

123     Order Allow,Deny

124     Allow from All

125     Deny from 172.25.254.209

126 </Directory>

[[email protected] westos]# systemctl restart http

[[email protected] westos]# vim /etc/httpd/conf/httpd.conf

120 DocumentRoot "/www/westos"

121 <Directory "/www/westos">

122     Require all granted

123     Order Deny,Allow

124     Allow from ALL

125     Deny from 172.25.254.209

[[email protected] westos]# systemctl restart http

[[email protected] westos]# vim /etc/httpd/conf/httpd.conf

120 DocumentRoot "/www/westos"

121 <Directory "/www/westos">

122     Require all granted

123     Order Deny,Allow

124     Allow from 172.25.254.9

125     Deny from ALL

用户认证

[[email protected] httpd]# htpasswd -cm htpasswdfile admin

New password:

Re-type new password:

Adding password for user admin

[[email protected] httpd]# htpasswd -m htpasswdfile westos

New password:

Re-type new password:

Adding password for user westos

[[email protected] westos]# vim /etc/httpd/conf/httpd.conf

120 DocumentRoot "/www/westos"

121 <Directory "/www/westos">

122    # Require all granted

123    AllowOverride All

124    Authuserfile /etc/httpd/htpasswdfile

125    Authname "Please input username and passwd"

126    Authtype basic

127    Require user admin

128 </Directory>

[[email protected] httpd]# systemctl restart httpd

[[email protected] westos]# vim /etc/httpd/conf/httpd.conf

120 DocumentRoot "/www/westos"

121 <Directory "/www/westos">

122    # Require all granted

123    AllowOverride All

124    Authuserfile /etc/httpd/htpasswdfile

125    Authname "Please input username and passwd"

126    Authtype basic

127    Require valid-user

128 </Directory>

[[email protected] httpd]# systemctl restart httpd

[[email protected] ~]# cd /var/www/html/

[[email protected] ~]# vim index.html

www.westos.com

[[email protected] ~]# mkdir /var/www/virtual/news.westos.com/html -p

[[email protected] ~]# cd /var/www/virtual/news.westos.com/html

[[email protected] html]# vim index.html

[[email protected] html]# mkdir /var/www/virtual/music.westos.com/html -p

[[email protected] html]# cd /var/www/virtual/music.westos.com/html

[[email protected] html]# vim index.html

[[email protected] html]# cd /etc/httpd/conf.d/

[[email protected] conf.d]# vim default.conf

<Virtualhost _default_:80>

Documentroot /var/www/html

Customlog "logs/default.log" combined

</Virtualhost>

<Directory "/var/www/html">

Require all granted

</Directory>

[[email protected] conf.d]# vim news.conf

<Virtualhost *:80>

Servername news.westos.com

Documentroot /var/www/virtual/news.westos.com/html

Customlog "logs/default.log" combined

</Virtualhost>

<Directory "/var/www/virtual/news.westos.com/html">

Require all granted

</Directory>

[[email protected] conf.d]# vim music.conf

<Virtualhost *:80>

Servername music.westos.com

Documentroot /var/www/virtual/music.westos.com/html

Customlog "logs/default.log" combined

</Virtualhost>

<Directory "/var/www/virtual/music.westos.com/html">

Require all granted

</Directory>

[[email protected] conf.d]# systemctl restart httpd.service

测试机上的更改

vim /etc/hosts

172.25.254.109 www.westos.com westos.com news.westos.com music.westos.com

https

[[email protected] conf.d]# yum install mod_ssl -y

[[email protected] conf.d]# yum install crypto-utils -y

[[email protected] conf.d]# genkey www.westos.com

/usr/bin/keyutil -c makecert -g 1024 -s "CN=www.westos.com, OU=linux, O=westos, L=xi‘an, ST=shannxi, C=CN" -v 1 -a -z /etc/pki/tls/.rand.9611 -o /etc/pki/tls/certs/www.westos.com.crt -k /etc/pki/tls/private/www.westos.com.key

cmdstr: makecert

cmd_CreateNewCert

command:  makecert

keysize = 1024 bits

subject = CN=www.westos.com, OU=linux, O=westos, L=xi‘an, ST=shannxi, C=CN

valid for 1 months

random seed from /etc/pki/tls/.rand.9611

output will be written to /etc/pki/tls/certs/www.westos.com.crt

output key written to /etc/pki/tls/private/www.westos.com.key

Generating key. This may take a few moments...

Made a key

Opened tmprequest for writing

/usr/bin/keyutil Copying the cert pointer

Created a certificate

Wrote 882 bytes of encoded data to /etc/pki/tls/private/www.westos.com.key

Wrote the key to:

/etc/pki/tls/private/www.westos.com.key

[[email protected] conf]# cd /etc/httpd/conf.d

[[email protected] conf.d]# vim ssl.conf

100 SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt

107 SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key

[[email protected] conf.d]# systemctl restart httpd.service

测试机

网页重写与虚拟主机的https

[[email protected] html]# cd /etc/httpd/conf.d/

[[email protected] conf.d]# firewall-cmd --permanent --add-service=http

success

[[email protected] conf.d]# firewall-cmd --permanent --add-service=https

success

[[email protected] conf.d]# firewall-cmd --reload

success

[[email protected] conf.d]# vim music.conf

<Virtualhost *:80>

Servername music.westos.com

RewriteEngine on                           允许网页重写

RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]     ##重写为https

</Virtualhost>

<Directory "/var/www/virtual/music.westos.com/html">

Require all granted                      ##授权

</Directory>

<Virtualhost *:443>                                  ##443端口

Servername music.westos.com

Documentroot /var/www/virtual/music.westos.com/html

Customlog "logs/default-443.log" combined     ##产生的日志放在logs/default-443.log 下

SSLEngine on                       ##开启认证

SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt      ##证书

SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key ##钥匙

</Virtualhost>

[[email protected] conf.d]# vim news.conf

<Virtualhost *:80>

Servername news.westos.com

RewriteEngine on

RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]

</Virtualhost>

<Directory "/var/www/virtual/news.westos.com/html">

Require all granted

</Directory>

<Virtualhost *:443>

Servername news.westos.com

Documentroot /var/www/virtual/news.westos.com/html

Customlog "logs/news-443.log" combined

SSLEngine on

SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt

SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key

</Virtualhost>

[[email protected] conf.d]# systemctl restart httpd

测试机操作

[[email protected] ~]# vim /etc/hosts

172.25.254.109 www.westos.com westos.com news.westos.com music.westos.com

打开firefox输入http://music.westos.com 会自动跳转为https://music.westos.com.

php

[[email protected] html]# vim index.php

<?php

phpinfo ();

?>

[[email protected] html]# vim /etc/httpd/conf/httpd.conf

163     DirectoryIndex index.php index.html

[[email protected] html]# chmod +x /var/www/html

[[email protected] html]# systemctl restart httpd.service

cgi

[[email protected] html]# mkdir cgi

[[email protected] html]# yum install http-manual -y

[[email protected] html]# cd cgi/

vim index.cgi

#!/usr/bin/perl

print "Content-type: text/html\n\n";

print `date`;

[[email protected] html]# cd /etc/httpd/conf.d/

[[email protected] conf.d]# vim default.conf

<Virtualhost _default_:80>

DocumentRoot /var/www/html

Customlog "logs/default.log" combined

</Virtualhost>

<Directory "/var/www/html">

Options +ExecCGI

AddHandler cgi-script .cgi

</Directory>

[[email protected] conf.d]# chmod +x /var/www/html/cgi/*

[[email protected] conf.d]# semanage fcontext -a -t httpd_sys_script_exec_t ‘/var/www/html/cgi/(/.*)?‘

[[email protected] conf.d]# restorecon -RvvF /var/www/html/cgi/

[[email protected] conf.d]# systemctl restart httpd.service

论坛

[[email protected] html]# yum install mariadb -y  安装数据库

若没有安装数据库，安装后要进行安全设置。因为一般情况下我们不会把数据库的端口裸露在外，所以要隐藏端口。

[[email protected] html]# vim /etc/my.cnf

10 skip-networking=1

[[email protected] html]# netstat -antlpe | grep mariadb

[[email protected] html]# setenforce 0

[[email protected] html]# systemctl start mariadb

下载论坛安装包

Discuz_X3.2_SC_UTF8.zip

[[email protected] html]# unzip Discuz_X3.2_SC_UTF8.zip

[[email protected] html]# chmod 777 upload/ -R