Linux 第十一周上课笔记Apache服务
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Linux 第十一周上课笔记Apache服务相关的知识,希望对你有一定的参考价值。
Apache服务
1.yum install httpd -y
2.yum install httpd-manual -y#安装手册
3.systemctl start httpd
一.修改默认的发布目录
一般来说http服务的默认发布目录在/var/www/html页面中。首先读取首页index.html
如何修改:
1. vim /etc/httpd/conf/httpd.conf
119 # DocumentRoot "/var/www/html"#将原来的默认发布目录注释。方便恢复
120 DocumentRoot "/www/lyitx"#指定新的默认发布目录
121 <Directory "/www/lyitx">
122 Require all granted#允许所有人访问
123 </Directory>
2.创建目录
mkdir -p /www/lyitx
cd /www/lyitx
vim index.html
内容不限制
<html>
<body>
<h1>这里是lyitx目录</h1>
</body>
</html>
重启服务
Systemctl restart httpd
测试:
在火狐浏览器中输入:
172.25.254.66/index.html
实验成功
2.设置ip访问权限
A.访问黑名单-禁止某个ip访问
vim /etc/httpd/conf/httpd.conf
在之前修改的文件上修改
121 <Directory "/www/lyitx">
122 Require all granted
123 Order Allow,Deny#系统默认先读前面的Allow,再读Deny
124 Allow from All#允许所有人访问
125 Deny from 172.25.254.50#除了50主机
126 </Directory>
<Directory "/www/lyitx">
Require all granted
Order Allow,Deny
Allow from All
Deny from 172.25.254.0/24
</Directory>
如此设置:允许除了172.25.254.x网段的所有ip访问
<Directory "/www/lyitx">
Require all granted
Order Deny,Allow#先读去前面的deny-拒绝所有人,再允许50主机
Deny from All
Allow from 172.25.254.50
</Directory>
只有50主机能访问:
三.密码验证登陆
cd /etc/httpd/
htpasswd -cm htpasswdfile admin #首次建立登陆用户用-cm参数
htpasswd -m htpasswdfile lyitx#再次建立时则只用-m参数,否则会把之前建立的用户清空
[[email protected] httpd]# ls
conf conf.d conf.modules.d htpasswdfile logs modules run
[[email protected] httpd]# cat htpasswdfile
admin:$apr1$lWEEQdgR$vkBPESs4VC15d0ZS1PViq1
lyitx:$apr1$cHaORGNS$ZRafBI0TRqEoJkEAnykZ/.
编辑配置文件:
vim /etc/httpd/conf/httpd.conf
121 <Directory "/www/lyitx">
122 AllowOverride All
123 Authuserfile /etc/httpd/htpasswdfile
124 Authname "please input username & password"
125 Authtype basic
126 Require user admin#只有admin用户才可以登陆
127 </Directory>
systemctl restart httpd.service
#只有拥有帐号密码的用户才可登陆
vim /etc/httpd/conf/httpd.conf
# Require all granted
AllowOverride All
Authuserfile /etc/httpd/htpasswdfile
Authname "please input username & password"
Authtype basic
Require valid-user##前面么有user
再重启服务
四.虚拟主机,域名登陆
做实验前先还原之前的操作,
Vim /etc/httpd/conf/httpd.conf
119 DocumentRoot "/var/www/html"
120 #DocumentRoot "/www/lyitx"
121 #
122 # Relax access to content within /var/www.
123 #
124 <Directory "/var/www">
125 AllowOverride None
126 # Allow open access:
127 Require all granted
128 </Directory>
重启服务
1.mkdir /var/www/virtual/news.lyitx.com/html -p
2.mkdir /var/www/virtual/music.lyitx.com/html -p
3.cd /var/www/virtual/muisc.lyitx.com/html/
4.vim index.html
<html>
<body>
<h1>这里是music</h1>
</body>
</html>
5.cd /var/www/virtual/news.lyitx.com/html/
6.vim index.html
<html>
<body>
<h1>这里是news</h1>
</body>
</html>
7.cd /etc/httpd/conf.d/
8.vim default.conf
<Virtualhost _default_:80>
Documentroot /var/www/html
Customlog "logs/default.log" combined
</Virtualhost>
<Directory "/var/www/html">
Require all granted
</Directory>
9.vim news.conf
<Virtualhost *:80>
Servername news.lyitx.com
Documentroot /var/www/virtual/news.lyitx.com/html
Customlog "logs/default.log" combined
</Virtualhost>
<Directory "/var/www/virtual/news.westos.com/html">
Require all granted
</Directory>
10.vim music.conf
<Virtualhost *:80>
Servername music.lyitx.com
Documentroot /var/www/virtual/music.lyitx.com/html
Customlog "logs/default.log" combined
</Virtualhost>
<Directory "/var/www/virtual/music.westos.com/html">
Require all granted
</Directory>
重启服务
11.访问页面的主机上加入解析
Vim /etc/hosts
172.25.254.66 www.lyitx.com lyitx.com news.lyitx.com music.lyitx.com#发布共享的主机ip
测试:
######https###########
1.yum install mod_ssl -y
2. yum install crypto-utils -y
3.genkey www.lyitx.com
/usr/bin/keyutil -c makecert -g 1024 -s "CN=www.lyitx.com, OU=linux, O=westos, L=xi‘an, ST=shannxi, C=CN" -v 1 -a -z /etc/pki/tls/.rand.9611 -o /etc/pki/tls/certs/www.lyitx.com.crt -k /etc/pki/tls/private/www.lyitx.com.key
cmdstr: makecert
cmd_CreateNewCert
command: makecert
keysize = 1024 bits
subject = CN=www.lyitx.com, OU=linux, O=lyitx, L=xi‘an, ST=shannxi, C=CN
valid for 1 months
random seed from /etc/pki/tls/.rand.9611
output will be written to /etc/pki/tls/certs/www.lyitx.com.crt
output key written to /etc/pki/tls/private/www.lyitx.com.key
Generating key. This may take a few moments...
Made a key
Opened tmprequest for writing
/usr/bin/keyutil Copying the cert pointer
Created a certificate
Wrote 882 bytes of encoded data to /etc/pki/tls/private/www.lyitx.com.key
Wrote the key to:
/etc/pki/tls/private/www.lyitx.com.key
cd /etc/httpd/conf.d
vim ssl.conf
100 SSLCertificateFile /etc/pki/tls/certs/www.lyitx.com.crt
107 SSLCertificateKeyFile /etc/pki/tls/private/www.lyiyx.com.key
systemctl restart httpd.service
测试:
在浏览器中:
https://ip
查看证书
以上是关于Linux 第十一周上课笔记Apache服务的主要内容,如果未能解决你的问题,请参考以下文章