Linux 第十一周上课笔记Apache服务

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Linux 第十一周上课笔记Apache服务相关的知识,希望对你有一定的参考价值。

Apache服务

1.yum install httpd -y

2.yum install httpd-manual -y#安装手册

3.systemctl start httpd

一.修改默认的发布目录

一般来说http服务的默认发布目录在/var/www/html页面中。首先读取首页index.html

如何修改:

1. vim /etc/httpd/conf/httpd.conf

119 # DocumentRoot "/var/www/html"#将原来的默认发布目录注释。方便恢复

120 DocumentRoot "/www/lyitx"#指定新的默认发布目录

121 <Directory "/www/lyitx">

122      Require all granted#允许所有人访问

123 </Directory>

2.创建目录

mkdir -p  /www/lyitx

cd /www/lyitx

vim index.html

内容不限制

<html>

<body>

<h1>这里是lyitx目录</h1>

</body>

</html>

重启服务

Systemctl restart httpd

 

测试:

在火狐浏览器中输入:

172.25.254.66/index.html

技术分享

实验成功

2.设置ip访问权限

A.访问黑名单-禁止某个ip访问

vim /etc/httpd/conf/httpd.conf

在之前修改的文件上修改

121 <Directory "/www/lyitx">

122         Require all granted

123         Order Allow,Deny#系统默认先读前面的Allow,再读Deny

124         Allow from All#允许所有人访问

125         Deny from 172.25.254.50#除了50主机

126 </Directory>

 

 

技术分享

技术分享

<Directory "/www/lyitx">

        Require all granted

        Order Allow,Deny

        Allow from All

        Deny from 172.25.254.0/24

</Directory>

如此设置:允许除了172.25.254.x网段的所有ip访问

 

<Directory "/www/lyitx">

        Require all granted

        Order Deny,Allow#先读去前面的deny-拒绝所有人,再允许50主机

        Deny from All

        Allow from 172.25.254.50

</Directory>

只有50主机能访问:

 

三.密码验证登陆

cd /etc/httpd/

htpasswd -cm htpasswdfile admin #首次建立登陆用户用-cm参数

htpasswd -m htpasswdfile lyitx#再次建立时则只用-m参数,否则会把之前建立的用户清空

 

[[email protected] httpd]# ls

conf  conf.d  conf.modules.d  htpasswdfile  logs  modules  run

[[email protected] httpd]# cat htpasswdfile

admin:$apr1$lWEEQdgR$vkBPESs4VC15d0ZS1PViq1

lyitx:$apr1$cHaORGNS$ZRafBI0TRqEoJkEAnykZ/.

编辑配置文件:

vim /etc/httpd/conf/httpd.conf

121 <Directory "/www/lyitx">

122         AllowOverride All

123         Authuserfile /etc/httpd/htpasswdfile

124         Authname "please input username & password"

125         Authtype basic

126         Require user admin#只有admin用户才可以登陆

127 </Directory>

systemctl restart httpd.service

 

技术分享

 

#只有拥有帐号密码的用户才可登陆

 vim /etc/httpd/conf/httpd.conf

# Require all granted

        AllowOverride All

        Authuserfile /etc/httpd/htpasswdfile

        Authname "please input username & password"

        Authtype basic

        Require valid-user##前面么有user

再重启服务

 

四.虚拟主机,域名登陆

做实验前先还原之前的操作,

Vim /etc/httpd/conf/httpd.conf

119 DocumentRoot "/var/www/html"

120 #DocumentRoot "/www/lyitx"

121 #

122 # Relax access to content within /var/www.

123 #

124 <Directory "/var/www">

125     AllowOverride None

126     # Allow open access:

127     Require all granted

128 </Directory>

重启服务

 

1.mkdir /var/www/virtual/news.lyitx.com/html -p

2.mkdir /var/www/virtual/music.lyitx.com/html -p

3.cd /var/www/virtual/muisc.lyitx.com/html/

4.vim index.html

<html>

<body>

 

<h1>这里是music</h1>

 

</body>

 

</html>

5.cd /var/www/virtual/news.lyitx.com/html/

6.vim index.html

 

<html>

<body>

 

<h1>这里news</h1>

 

</body>

 

</html>

7.cd /etc/httpd/conf.d/

8.vim default.conf

<Virtualhost _default_:80>

           Documentroot /var/www/html

           Customlog "logs/default.log" combined

</Virtualhost>

<Directory "/var/www/html">

            Require all granted

</Directory>

9.vim news.conf

<Virtualhost *:80>

           Servername news.lyitx.com

           Documentroot /var/www/virtual/news.lyitx.com/html

           Customlog "logs/default.log" combined

</Virtualhost>

<Directory "/var/www/virtual/news.westos.com/html">

            Require all granted

</Directory>

10.vim music.conf

<Virtualhost *:80>

           Servername music.lyitx.com

           Documentroot /var/www/virtual/music.lyitx.com/html

           Customlog "logs/default.log" combined

</Virtualhost>

<Directory "/var/www/virtual/music.westos.com/html">

            Require all granted

</Directory>

重启服务

11.访问页面的主机上加入解析

Vim /etc/hosts

172.25.254.66 www.lyitx.com lyitx.com news.lyitx.com music.lyitx.com#发布共享的主机ip

测试:

技术分享

技术分享

 

######https###########

 

1.yum install mod_ssl -y

2. yum install crypto-utils -y

3.genkey www.lyitx.com

/usr/bin/keyutil -c makecert -g 1024 -s "CN=www.lyitx.com, OU=linux, O=westos, L=xi‘an, ST=shannxi, C=CN" -v 1 -a -z /etc/pki/tls/.rand.9611 -o /etc/pki/tls/certs/www.lyitx.com.crt -k /etc/pki/tls/private/www.lyitx.com.key

cmdstr: makecert

 

cmd_CreateNewCert

command:  makecert

keysize = 1024 bits

subject = CN=www.lyitx.com, OU=linux, O=lyitx, L=xi‘an, ST=shannxi, C=CN

valid for 1 months

random seed from /etc/pki/tls/.rand.9611

output will be written to /etc/pki/tls/certs/www.lyitx.com.crt

output key written to /etc/pki/tls/private/www.lyitx.com.key

 

 

Generating key. This may take a few moments...

 

Made a key

Opened tmprequest for writing

/usr/bin/keyutil Copying the cert pointer

Created a certificate

Wrote 882 bytes of encoded data to /etc/pki/tls/private/www.lyitx.com.key

Wrote the key to:

/etc/pki/tls/private/www.lyitx.com.key

 

cd /etc/httpd/conf.d

 vim ssl.conf

100 SSLCertificateFile /etc/pki/tls/certs/www.lyitx.com.crt

107 SSLCertificateKeyFile /etc/pki/tls/private/www.lyiyx.com.key

systemctl restart httpd.service

 

测试:

在浏览器中:

https//ip

查看证书


以上是关于Linux 第十一周上课笔记Apache服务的主要内容,如果未能解决你的问题,请参考以下文章

第十一周上课练习

第十一周上课练习

20179223《Linux内核原理与分析》第十一周学习笔记

第十一周总结

每周学习进度第十一周

Linux服务及安全管理第十一周作业Linux微职位