6.远程邮件发送权限
useradd lzt
passwd lzt
cd /etc/postfix/
vim /etc/postfix/access 修改内容为:
在最后一行添加所要禁止的 ip REJECT
如:172.25.254.8 REJECT
postmap access ##执行完此条命令会发现出现一个新的access.db文件
postconf -d | grep client
@@smtpd_client_restrictions = ##此行为上条命令显示结果的倒数第二行,为所需
postconf -e "smtpd_client_restrictions = check_client_access hash:/etc/postfix/access" ##此处hash后的文件不用加.db文件类型
systemctl restart postfix.service
vim /etc/postfix/main.cf 可发现在文件末尾会添加:
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
解除限制:
vim /etc/postfix/access
删除最后一行所要禁止的 ip REJECT
postmap access
systemctl restart postfix.service
实例:
[[email protected] ~]# useradd lzt
[[email protected] ~]# passwd lzt
Changing password for user lzt.
[[email protected] ~]# cd /etc/postfix/
[[email protected] postfix]# ls
access generic header_checks master.cf transport
canonical generic.db main.cf relocated virtual
[[email protected] postfix]# vim access
在最后一行添加 172.25.254.8 REJECT
[[email protected] postfix]# postmap access
[[email protected] postfix]# ls
access canonical generic.db main.cf relocated virtual
access.db generic header_checks master.cf transport
[[email protected] postfix]# postconf -e | grep client
[[email protected] postfix]# postconf -d | grep client
broken_sasl_auth_clients = no
local_header_rewrite_clients = permit_inet_interfaces
smtpd_client_restrictions = ##此行为下条命令所需要的
unknown_client_reject_code = 450
[[email protected] postfix]# postconf -e "smtpd_client_restrictions = check_client_access hash:/etc/postfix/access"
[[email protected] postfix]# systemctl restart postfix.service
实例测试:
[[email protected] Desktop]$ ssh [email protected]
[email protected]‘s password:
Last login: Sat Dec 3 09:25:19 2016
[[email protected] ~]# telnet 172.25.254.207 25
Trying 172.25.254.207...
Connected to 172.25.254.207.
Escape character is ‘^]‘.
220 mailwestos.westos.com ESMTP Postfix
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
554 5.7.1 <unknown[172.25.254.8]>: Client host rejected: Access denied
421 4.4.2 mailwestos.westos.com Error: timeout exceeded
Connection closed by foreign host.
[[email protected] ~]# logout
Connection to 172.25.254.8 closed.
[[email protected] Desktop]$ telnet 172.25.254.207 25
Trying 172.25.254.207...
Connected to 172.25.254.207.
Escape character is ‘^]‘.
220 mailwestos.westos.com ESMTP Postfix
mail [email protected]
501 5.5.4 Syntax: MAIL FROM:<address>
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
mm
bb
v.
.
250 2.0.0 Ok: queued as 3AB8E17E81D
quit
221 2.0.0 Bye
Connection closed by foreign host.
7.通过发件人地址进行限制
cd /etc/postfix/
vim sender ##此文件需要自己建立
修改内容为: [email protected]域名 REJECT ##表示禁止user发送邮件
如:
[email protected] REJECT ##表示禁止用户lzt发送邮件
postmap sender
postconf -d | grep sender
@@ smtpd_sender_restrictions = ##此行为上条命令结果的倒数第五行,为所需
postconf -e "smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender"
systemctl restart postfix.service
解除:
vim sender
删除上步所添加的内容 [email protected] REJECT
postmap sender
systemctl restart postfix.service
实例:
[[email protected] postfix]# vim sender
修改内容为: [email protected] REJECT
[[email protected] postfix]# postmap sender
[[email protected] postfix]# ls
access canonical generic.db main.cf relocated sender.db virtual
access.db generic header_checks master.cf sender transport
[[email protected] postfix]# postconf -d | grep sender
smtpd_reject_unlisted_sender = no
smtpd_sender_login_maps =
smtpd_sender_restrictions = ##此行为所需
unverified_sender_defer_code = 450
unverified_sender_reject_code = 450
[[email protected] postfix]# postconf -e "smtpd_sender_restrictions ="
[[email protected] postfix]# postconf -e "smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender"
[[email protected] postfix]# systemctl restart postfix.service
解除实例:
[[email protected] postfix]# vim sender
删除上步所添加的内容 [email protected] REJECT
[[email protected] postfix]# postmap sender
[[email protected] postfix]# systemctl restart postfix.service
实例测试:
[[email protected] Desktop]$ telnet 172.25.254.207 25
Trying 172.25.254.207...
Connected to 172.25.254.207.
Escape character is ‘^]‘.
220 mailwestos.westos.com ESMTP Postfix
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
vv
bb.
.
250 2.0.0 Ok: queued as 4588D17E81D
quit
221 2.0.0 Bye
Connection closed by foreign host.
[[email protected] Desktop]$ telnet 172.25.254.207 25
Trying 172.25.254.207...
Connected to 172.25.254.207.
Escape character is ‘^]‘.
220 mailwestos.westos.com ESMTP Postfix
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
554 5.7.1 <[email protected]>: Sender address rejected: Access denied
421 4.4.2 mailwestos.westos.com Error: timeout exceeded
Connection closed by foreign host.
解除后的实例测试:
[[email protected] Desktop]$ telnet 172.25.254.207 25
Trying 172.25.254.207...
Connected to 172.25.254.207.
Escape character is ‘^]‘.
220 mailwestos.westos.com ESMTP Postfix
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
kk
nn
.
250 2.0.0 Ok: queued as 9448717E81D
quit
221 2.0.0 Bye
Connection closed by foreign host.
8.不能接收邮件
cd /etc/postfix/
vim recipient
[email protected]域名 REJECT ##表示禁止user接收邮件
如:
[email protected] REJECT ##表示禁止用户lzt接收邮件
postmap recipient
postconf -d | grep recipient
@@ smtpd_recipient_restrictions = ##此行为所需行
postconf -e "smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient"
systemctl restart postfix.service
解除:
vim recipient
删除 [email protected]域名 REJECT
postmap recipient
systemctl restart postfix.service
实例:
[[email protected] postfix]# vim /etc/postfix/recipient ##此文件需要自己建立
修改内容为: [email protected] REJECT
[[email protected] postfix]# postmap /etc/postfix/recipient
[[email protected] postfix]# postconf -d | grep recipient
smtpd_recipient_restrictions =
[[email protected] postfix]# postconf -e "smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient"
[[email protected] postfix]# systemctl restart postfix.service
实例测试:
[[email protected] Desktop]$ telnet 172.25.254.207 25
Trying 172.25.254.207...
Connected to 172.25.254.207.
Escape character is ‘^]‘.
220 mailwestos.westos.com ESMTP Postfix
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
554 5.7.1 <[email protected]>: Recipient address rejected: Access denied
421 4.4.2 mailwestos.westos.com Error: timeout exceeded
Connection closed by foreign host.
做完实验后删除 /etc/postfix/main.cf 文件中 679 行之后的内容
#########邮件的收发(与图形化界面)#########
server端(172.25.254.207):
yum install dovecot -y
cd /etc/dovecot/
vim dovecot.conf
24 protocols = imap pop3 lmtp
48 login_trusted_networks = 0.0.0.0/0
49 disable_plaintext_auth = no
cd conf.d/
vim 10-mail.conf
mail_location = mbox:~/mail:INBOX=/var/mail/%u
systemctl start dovecot
>/var/log/maillog
测试(在真机上):
yum install mutt -y
mutt -f imap://[email protected]
在server端查看日志:
cat /var/log/maillog
若报错信息为无法找到文件:Error:chown(/home/lzt/mail/.imap)
su - lzt
cd mail/
ls -a
mkdir .imap (执行完后,在真机上再次执行 mutt -f imap://[email protected],若还是被拒绝,执行如下:)
查看日志:
cat /var/log/maillog
若报错信息为无法找到文件:Error:chown(/home/lzt/mail/.imap/INBOX)
su - lzt
cd mail/.imap/
touch INBOX (执行完后,在真机上再次执行 mutt -f imap://[email protected],此时应该可以看到用户 lzt 的邮件)
在desktop端(172.25.254.107):
cd /mnt/
yum install lftp -y
lftp 172.25.254.250
lftp 172.25.254.250:~>cd pub/docs/software/
lftp 172.25.254.250:/pub/docs/software> get thunderbird-31.4.0.tar.bz2
tar jxf thunderbird-31.4.0.tar.bz2
cd thunderbird/
@@{
./thunderbird
(执行完后会出现,环境不支持的信息,如:-bash:./thunderbird:/lib/ld-linux.so.2:bad ELF:NO such file)
执行:
yum whatprovides /lib/ld-linux.so.2
执行完后,会出现支持环境的软件,如:
Loaded plugins: langpacks
glibc-2.17-55.el7.i686 : The GNU libc libraries
执行:
yum install glibc-2.17-55.el7.i686 -y
}@@
重复执行上述@@{}@@中的内容,知道下载好所有的环境支持
此时,再次执行 ./thunderbird 若还是出现报错
(若环境支持已经确定全部做完,极有可能是因为是使用 ssh 服务时没有加 -X 即,没有开启图形支持,退出后 logout ,重新连接 ssh [email protected] -X,再次执行 ./thunderbird 会开启图形界面)
进入 "雷鸟" 图形页面后:
您的大名:lzt ##此处的名字为 server 端虚拟机里的用户,用的时server机里本地用户名称
电子邮件地址:[email protected]
密码: 空
点击"确定"
服务器主机名称 埠 SSL 认证
收件: IMAP 172.25.254.207 143 无 自动侦测
寄件: SMTP 172.25.254.207 25 无 自动侦测
使用者名称: 收件: lzt 寄件:lzt
点击"重新测试"--> "完成"
此时图形化界面已配置好
(图形界面里不能加入 root 用户,一般 student 用户可不加入,因为系统对其有特殊设置)
#######postfix + mysql######
server端(172.25.254.207):
yum install mariadb-server -y
systemctl start mariadb
yum install httpd php php-mysql -y
cd /var/www/html/
yum install lftp
lftp 172.25.254.250
lftp 172.25.254.250:~>cd pub/docs/software/
lftp 172.25.254.250:/pub/docs/software> get phpMyAdmin-3.4.0-all-languages.tar.bz2
tar jxf phpMyAdmin-3.4.0-all-languages.tar.bz2
mv phpMyAdmin-3.4.0-all-languages/ myadmin
cd myadmin
cp config.sample.inc.php config.inc.php
vim config.inc.php
17 $cfg[‘blowfish_secret‘] = ‘westos‘; (此处‘‘号内可添加任意字符)
systemctl start httpd
(若服务长时间起不来,编辑文件 /etc/hosts --> 172.25.254.207 mailwestos.westos.com, 然后重启服务: systemctl start httpd)
systemctl restart mariadb @@@一定要重启
mysql_secure_installation
/usr/bin/mysql_secure_installation: line 379: find_mysql_client: command not found
Set root password? [Y/n]
New password: ##输入密码
Re-enter new password: ##确认密码
Password updated successfully!
Reloading privilege tables..
... Success!
Remove anonymous users? [Y/n] ##回车
... Success!
Disallow root login remotely? [Y/n] ##回车
... Success!
Remove test database and access to it? [Y/n] ##回车
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reload privilege tables now? [Y/n] ##回车
... Success!
此时在desktop或者真机浏览器里输入: 172.25.254.207/myadmin 然后选择中文模式
新建数据库: email
在 email 库里新建数据表,名为:muser 字段数:4
字段 类型 长度/值 默认
username VARCHAR 50
password VARCHAR 50
domain VARCHAR 50
maildir VARCHAR 100
给数据表里添加信息
username VARCHAR(50) [email protected]
password VARCHAR(50) 123
domain VARCHAR(50) westos.org
maildir VARCHAR(100) westos.org/admin/(注意:此处的admin一定要写为目录: admin/)
切换回server端:
mysql -uroot -predhat
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 2
MariaDB [(none)]> CREATE USER [email protected] identified by ‘postfix‘;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT INSERT,UPDATE,SELECT on email.* to [email protected];
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> quit
cd /etc/postfix
vim mysql-users.cf 内容为:
hosts = localhost
user = postfix
password = postfix
dbname = email
table = muser
select_field = username
where_field = username
postmap -q "[email protected]" mysql:/etc/postfix/mysql-users.cf
cp -p mysql-users.cf mysql-domain.cf
vim mysql-domain.cf 修改最后两行内容为:
select_field = domain
where_field = domain
postmap -q "westos.org" mysql:/etc/postfix/mysql-domain.cf
cp -p mysql-users.cf mysql-domain.cf
vim mysql-domain.cf 修改最后两行内容为:
select_field = maildir
where_field = username
postmap -q "[email protected]" mysql:/etc/postfix/mysql-maildir.cf
groupadd vmail -g 666
useradd -u 666 -g 666 vmail -s /sbin/nologin
postconf -d | grep virtual
postconf -e "virtual_gid_maps = static:666"
postconf -e "virtual_uid_maps = static:666"
postconf -e "virtual_mailbox_base = /home/vmail"
postconf -e "virtual_alias_mps = mysql:/etc/postfix/mysql-users.cf"
postconf -e "virtual_mailbox_domains = mysql:/etc/postfix/mysql-domain.cf"
postconf -e "virtual_mailbox_maps = mysql:/etc/postfix/mysql-maildir.cf"
mail [email protected]
cd /home/vmail/westos.org/admin
ls 结果为: cur new tmp
cat new/(tab补齐) ##进行查看邮件
cd /etc/dovecot/
vim dovecot.conf
24 protocols = imap pop3 lmtp
48 login_trusted_networks = 0.0.0.0/0
49 disable_plaintext_auth = no
cd /etc/dovecot
cd conf.d/
vim 10-auth.conf 修改内容为:
第 123 行 !include auth-sql.conf.ext
cd /usr/share/doc/dovecot-2.2.10/example-config/
cp dovecot-sql.conf.ext /etc/dovecot/
cd /etc/dovecot/
vim dovecot-sql.conf.ext 修改内容为:
32 driver = mysql
71 connect = host=localhost dbname=email user=postfix password=postfix
78 default_pass_scheme = PLAIN
107 password_query = \
108 SELECT username, domain, password \
109 FROM muser WHERE username = ‘%u‘ AND domain = ‘%d‘
125 user_query = SELECT maildir, 666 AS uid, 666 AS gid FROM muser WHERE username = ‘%u‘
cd conf.d/
vim 10-mail.conf 修改内容为:
30 mail_location = maildir:/home/vmail/%d/%n
168 first_valid_uid = 666
175 first_valid_gid = 666
systemctl restart dovecot.service
telnet 172.25.254.207 110
如果报错信息为:
Trying 172.25.254.207...
Connected to 172.25.254.207.
Escape character is ‘^]‘
-ERR Disconnected:Auth process broken
那么执行:
yum search dovecot
yum install dovecot-mysql.x86_64 -y
然后再执行:
telnet 172.25.254.207 110
会出现下列信息:
Trying 172.25.254.207...
Connected to 172.25.254.207.
Escape character is ‘^]‘
+OK [XCLIENT] Dovecot ready. ##表示 110 端口正常
user [email protected]
+OK
pass 123
+OK Logged in.
quit
+OK Logged out. ##表示 mysql 连接正常
在dsktop端(172.25.254.107):(连接时使用 ssh [email protected] -X)
cd /mnt/thunderbird/
执行:
./thunderbird
进入 "雷鸟" 图形页面
进入"设定"-->添加新的电子邮件账户
您的大名: [email protected] ##此处的名字为 mysql 里的用户,用的时 数据库email库中muser表中的用户名称
电子邮件地址:[email protected]
密码: 空
点击"确定"
服务器主机名称 埠 SSL 认证
收件: IMAP 172.25.254.207 143 无 自动侦测
寄件: SMTP 172.25.254.207 25 无 自动侦测
使用者名称: 收件: [email protected] 寄件:[email protected]
点击"重新测试"--> "完成"
在mysql的图形化界面往email库的muser表里添加:
username VARCHAR(50) [email protected]
password VARCHAR(50) 123
domain VARCHAR(50) westos.org
maildir VARCHAR(100) westos.org/lp/(注意:此处的admin一定要写为目录: lp/)
切换回server端:
mail [email protected] ##相当于激活lp用户
再次在dsktop端(172.25.254.107):(连接时使用 ssh [email protected] -X)
cd /mnt/thunderbird/
执行:
./thunderbird
进入 "雷鸟" 图形页面
进入"设定"-->添加新的电子邮件账户
您的大名: [email protected] ##此处的名字为 mysql 里的用户,用的时 数据库email库中muser表中的用户名称
电子邮件地址:[email protected]
密码: 空
点击"确定"
服务器主机名称 埠 SSL 认证
收件: IMAP 172.25.254.207 143 无 自动侦测
寄件: SMTP 172.25.254.207 25 无 自动侦测
使用者名称: 收件: [email protected] 寄件:[email protected]
点击"重新测试"--> "完成"
[email protected]@@在此页面可以互发邮件进行验证
##########空壳邮件#######
空壳:由于 mta(电子邮件服务器)不能裸露在网络中,因此,给其寻找一个代理(替身--172.25.254.107)。其职责为:只负责接收邮件,将接收的邮件转发给真正的 mta (172.25.254.207)
在desktop端(172.25.254.107 maillinux.linux.com):
vim /etc/named.rfc1912.zones 添加内容:
37 zone "westos.org" IN {
38 type master;
39 file "westos.org.zone";
40 allow-update { none; };
41 };
cd /var/named/
cp -p westos.com.zone westos.org.zone
vim westos.org.zone 修改内容为:
1 $TTL 1D
2 @ IN SOA dns.westos.org. root.westos.org. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.org.
9 dns A 172.25.254.107
10 westos.org. MX 1 172.25.254.107.
systemctl restart named
mv /etc/postfix /mnt/
yum reinstall postfix.x86_64 -y
vim /etc/postfix/main.cf 修改内容为:
75 myhostname = maillinux.linux.com ##自身的名字
83 mydomain = linux.com ##自身的域名
98 myorigin = westos.org ##邮件的来源
113 inet_interfaces = all ##打开所有接口
116 #inet_interfaces = localhost
140 local_transport = error:local delivery disable ##空壳报错
164 mydestination = ##不处理任何文件
313 relayhost = 172.25.254.207 ##转发邮件的目的地址
systemctl restart postfix.service
systemctl status postfix.service
在server端(172.25.254.207 mailwestos.westos.com):
systemctl stop firewalld
setenforce 0
systemctl start mariadb
systemctl start dovecot
vim /etc/postfix/main.cf 修改内容为:
264 mynetworks = 172.25.254.0/24 或者 此处 ip 也可为 172.25.254.107 ##接收空壳发送的邮件
systemctl restart postfix.service
cd /home/vmail/
rm -fr westos.org
测试-在desktop端(172.25.254.107):
[[email protected] named]# mail [email protected]
mail [email protected]
Subject: oooo
cccc
.
EOT
验证-在server端(172.25.254.207):
[[email protected] ~]# cd /home/vmail
[[email protected] vmail]# ls
westos.org
[[email protected] vmail]# cd westos.org/
[[email protected] westos.org]# cd admin/
[[email protected] admin]# cd new/
[[email protected] new]# ls
1480776239.Vfd01I26fe28M583680.mailwestos.westos.com ##表示成功接收从空壳转发的邮件,即,从 空壳 (172.25.254.107)转发的邮件发送成功
@@@@查询extmail
###################### apache #################################
lamp = linux + apache + mysql + php
lnmp = linux + nginx + mysql + php
nginx 提供共享服务
curl -I 域名 ##查看域名使用服务的信息
如: curl -I www.baidu.com
curl -I baidu.com
nmap ## 全称(Network Mapper),Linux下的网络扫描和嗅探工具包。
nmap的下载: yum install nmap -y
nmap示例: nmap -A www.xupt.edu.cn
jsp ## Java Server Pages -- java服务器页面
asp ## Active Server Pages -- MicroSOFT公司开发的服务器端脚本环境
cgi ## Common Gateway Interface -- 公共网关接口(有不同含义)
中间键(翻译),由于apache和nginx不能识别 jsp 和 asp:
tomcat ## Apache 开发的免费开放源代码的Web应用服务器
jboss ## 基于J2EE的开放源代码的应用服务器
squid ##缓冲 Internet 数据的软件
正向代理:客户知道向谁去索取,分为:1.传统代理 2.透明代理(较常使用)
反向代理:客户需求什么,服务软件去拿什么
[email protected]@@在desktop端(172.25.254.107):
hostnamectl set-hostname web1.westos.com
yum install httpd -y
cd /var/www/html/
systemctl start httpd
vim /etc/httpd/conf/httpd.conf 修改内容为:
166 <IfModule dir_module>
167 DirectoryIndex file index.html ##此处在默认发布目录/var/www/html下 file,index.html两个文件,哪个在前,哪个优先看,如果两个文件都没有,则在浏览器显示的界面为apache的测试页面
168 </IfModule>
yum install httpd-manual.noarch -y ##manual为httpd服务的使用手册
将默认发布目录(/var/www/html/)改变为 /www/westos/ :
cd /var/www/html
ls -Zd .
显示结果: drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 .
mkdir /www/westos/ -p
semanage fcontext -a -t httpd_sys_content_t ‘/www/westos(/.*)?‘
restorecon -RvvF /www/
显示结果:
restorecon reset /www context unconfined_u:object_r:default_t:s0->system_u:object_r:default_t:s0
restorecon reset /www/westos context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0
vim /etc/httpd/conf/httpd.conf 修改内容为:
119 #DocumentRoot "/var/www/html"
120 DocumentRoot "/www/westos"
121 <Directory "/www/westos">
122 Require all granted
123 </Directory>
cd /www/westos/
vim index.html 编辑内容为: /www/westos/
systemctl restart httpd
查看端口:
查看监听端口:
ss -antlp |grep httpd
LISTEN 0 128 :::80 :::*
vim /etc/httpd/conf/httpd.conf 查看内容为:
41 #Listen 12.34.56.78:80
42 Listen 80 ##apache默认端口为 80 端口
如若改变文件/etc/httpd/conf/httpd.conf中的第 42 行为:
42 Listen 8080 ##在浏览器测试时需要输入 ip:8080 ,例如:172.25.254.107:8080
##访问权限(黑白名单):
vim /etc/httpd/conf/httpd.conf 修改内容为:
121 <Directory "/www/westos">
122 Require all granted
123 Order Deny,Allow ##Deny,Allow 谁在前,先读谁(一般默认Allow在前)
124 Allow from 172.25.254.0/24 ##表示允许 172.25.254.x 网段的所有人访问
125 Deny from ALL ##表示拒绝所有人访问
126 </Directory>
正常设置为:
vim /etc/httpd/conf/httpd.conf 修改内容为:
121 <Directory "/www/westos">
122 Require all granted
123 Order Allow,Deny ##Deny,Allow 谁在前,先读谁(一般默认Allow在前)
124 Allow from ALL ##表示允许所有人访问
125 Deny from 172.25.254.1 ##表示拒绝 172.25.254.1 访问
126 </Directory>
如果设置如下: 结果为 --> 谁都访问不了 @@因为后读 Deny,从而禁止了所有人
122 Require all granted
123 Order Allow,Deny ##Deny,Allow 谁在前,先读谁(一般默认Allow在前)
124 Allow from 172.25.254.0/24 ##表示允许 172.25.254.x 网段的所有人访问
125 Deny from ALL ##表示拒绝所有人访问
126 </Directory>
设置用户访问权限:
cd /etc/httpd/
htpasswd -cm htpasswdfile admin ## -c 表示 create--建立
htpasswd -m htpasswdfile lee ##第二次执行不用加 -c ,若加了 -c 会覆盖第一次建立的用户信息
vim /etc/httpd/conf/httpd.conf 修改内容为:
121 <Directory "/www/westos">
122 # Require all granted
123 AllowOverride All ##
124 Authuserfile /etc/httpd/htpasswdfile ##用户信息所在的文件
125 Authname "Please input username & password" ##提示信息
126 Authtype basic ##基本认证类型
127 Require user admin ##此处表示只允许使用用户 admin 在浏览器中访问
128 # Order Deny,Allow
129 # Allow from 172.25.254.0/24
130 # Deny from ALL
131 </Directory>
systemctl restart httpd.service
若要允许 /etc/httpd/htpasswdfile文件中的全部用户,vim /etc/httpd/conf/httpd.conf 修改内容为:
127 Require valid-user ##允许 /etc/httpd/htpasswdfile 文件中的全部用户
systemctl restart httpd.service
## apache的虚拟主机
vim vim /etc/httpd/conf/httpd.conf 修改内容为:
119 DocumentRoot "/var/www/html"
120 #DocumentRoot "/www/westos"
121 <Directory "/www/westos">
mkdir /var/www/virtual/news.westos.com/html -p
mkdir /var/www/virtual/music.westos.com/html -p
cd /var/www/virtual/music.westos.com/html/
vim index.html 编辑添加内容为: 这里是music
cd /var/www/virtual/news.westos.com/html/
vim index.html 编辑添加内容为: 这里是news
vim vim /etc/httpd/conf/httpd.conf 进行查看文件该编辑的地方(364 行)与应该注意的地方(269 行):
269 Require all granted
364 IncludeOptional conf.d/*.conf
cd /etc/httpd/conf.d/
vim default.conf 修改内容为:
1 <Virtualhost _default_:80>
2 Documentroot /var/www/html
3 Customlog "logs/default.log" combined ##此处的
4 </Virtualhost>
5 <Directory "/var/www/html">
6 Require all granted ##此处 all 一定要为小写,否则重启httpd服务会报错
7 </Directory>
vim music.conf 修改内容为:
1 <Virtualhost *:80>
2 Servername music.westos.com
3 Documentroot /var/www/virtual/music.westos.com/html
4 Customlog "logs/music.log" combined
5 </Virtualhost>
6 <Directory "/var/www/virtual/music.westos.com/html">
7 Require all granted ##此处 all 一定要为小写,否则重启httpd服务会报错
8 </Directory>
vim news.conf 修改内容为:
1 <Virtualhost *:80>
2 Servername news.westos.com
3 Documentroot /var/www/virtual/news.westos.com/html
4 Customlog "logs/news.log" combined
5 </Virtualhost>
6 <Directory "/var/www/virtual/news.westos.com/html">
7 Require all granted ##此处 all 一定要为小写,否则重启httpd服务会报错
8 </Directory>
systemctl restart httpd
重启服务成功后
虚拟主机的测试(在 server 端 172.25.254.207): ssh [email protected] -X
vim /etc/hosts 在末尾行添加内容为:
172.25.254.107 www.westos.com westos.com music.westos.com news.westos.com
firefox --> 在浏览器中输入不同的域名 如:www.westos.com 或 westos.com 或 music.westos.com 或 news.westos.com --> 会出来不同的界面
浏览器清空缓存:
ctrl + shift + delete
##### https ####
cd /etc/httpd/conf.d/
yum install mod_ssl -y
systemctl restart httpd
netstat -antlpe | grep 443 结果如下:
tcp6 0 0 :::443 :::* LISTEN 0 200312 14305/httpd
yum install crypto-utils.x86_64 -y
进入图形界面后 --> NEXT --> 1024 --> NEXT --> 正在生成(此时需要敲键盘,动鼠标)--> NO --> NEXT --> 填写信息 --> NEXT(执行完后会为退出图形界面) ##执行完后,会生成 /etc/pki/tls/certs/www.westos.com.crt 和 /etc/pki/tls/private/www.westos.com.key 两个文件
cd /etc/httpd/conf.d/
vim ssl.conf 修改内容为:
100 SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt ##此处为上述生成的文件
107 SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key ##此处为上述生成的文件
systemctl restart httpd
测试(server 端 172.25.254.207):
打开浏览器 --> https://172.25.254.107 查看证书