Apache服务部署--学习笔记
本次实验环境是redhat7.0系统,全部实验都来自《linux就该这么学》
apache程序是目前拥有很高市场占有率的web服务程序之一,其跨平台和安全性被承认且拥有快速、可靠、简单的API扩展,名字取自美国印第安人的土著语,寓意着拥有高超的做战策略和无穷的耐性。html
安装
[root@localhost ~]# yum install httpd -y
配置文件的位置linux
| 服务目录 | /etc/httpd |
|---|---|
| 主配置文件 | /etc/httpd/conf/httpd.conf |
| 网站数据目录 | /var/www/html |
| 访问日志 | /var/log/httpd/access_log |
| 错误日志 | /var/log/httpd/error_log |
ServerRoot 服务目录
ServerAdmin 管理员邮箱
User 运行服务的用户
Group 运行服务的用户组
ServerName 网站服务器的域名
DocumentRoot 网站数据目录
Listen 监听的IP地址与端口号
DirectoryIndex 默认的索引页页面
ErrorLog 错误日志文件
CustomLog 访问日志文件
Timeout 网页超时时间,默认为300秒web
1. 自定义一个网站
1.1 建立网站目录
[root@localhost ~]# mkdir /home/wwwroot [root@localhost ~]# echo " This is my web" >/home/wwwroot/index.html
1.2 设置selinux
设置selinx安全上下文数据库
# 查看httpd默认网站目录的值 [root@localhost ~]# ls -ldZ /var/www/html/ drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html/ # 将新建的网站目录设置相同的安全上下文值 [root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot [root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/* # 从新加载生效 [root@localhost ~]# restorecon -Rv /home/wwwroot/ restorecon reset /home/wwwroot context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0 restorecon reset /home/wwwroot/index.html context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
semanager命令用于管理selinux的策略,“semanager [选项] [文件]”apache
-l 查询
-a 添加
-m 修改
-d 删除vim
1.3 修改配置文件
119 DocumentRoot "/home/wwwroot" 120 121 # 122 # Relax access to content within /var/www. 123 # 124 <Directory "/home/wwwroot"> 125 AllowOverride None 126 # Allow open access: 127 Require all granted 128 </Directory>
1.4 启动服务
[root@localhost ~]# systemctl restart httpd [root@localhost ~]# systemctl enable httpd ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service' # 设置防火墙 [root@localhost ~]# firewall-cmd --permanent --add-service=http success [root@localhost ~]# firewall-cmd --permanent --add-service=https success [root@localhost ~]# firewall-cmd --reload success
测试访问,若是不能访问,检查防火墙,selinux,网站目录有无数据页面
安全
2. 我的用户主页功能
httpd服务程序提供的我的主页功能可让系统内全部的用户在本身的家目录中管理我的的网站。服务器
2.1 开启我的用户主页功能
将17行注释掉(开启用户主页),将24行的注释删除(网站数据在用户家目录中的保存位置)tcp
[root@localhost ~]# vim /etc/httpd/conf.d/userdir.conf 15 # permissions). 16 # 17 #UserDir disabled 18 19 # 20 # To enable requests to /~user/ to serve the user's public_html 21 # directory, remove the "UserDir disabled" line above, and uncomment 22 # the following line instead: 23 # 24 UserDir public_html 25 </IfModule> 26
2.2 建立一个用户
建立一个用户,设置权限,保证其余人也有权限读取目录内容ide
[root@localhost ~]# useradd developer [root@localhost ~]# su - developer [developer@localhost ~]$ mkdir public_html [developer@localhost ~]$ echo "this is developer's home" >public_html/index.html [developer@localhost ~]$ chmod -fR 755 /home/developer
2.3 设置selinux
该用户的网站数据目录自己就在家目录中,所以不用修改家目录的selinux的安全上下文。使用getsebool命名查看与http相关的selinux域的安全策略
[root@localhost ~]# getsebool -a |grep httpd httpd_anon_write --> off httpd_builtin_scripting --> on httpd_can_check_spam --> off httpd_can_connect_ftp --> off httpd_can_connect_ldap --> off httpd_can_connect_mythtv --> off httpd_can_connect_zabbix --> off httpd_can_network_connect --> off httpd_can_network_connect_cobbler --> off httpd_can_network_connect_db --> off httpd_can_network_memcache --> off httpd_can_network_relay --> off httpd_can_sendmail --> off httpd_dbus_avahi --> off httpd_dbus_sssd --> off httpd_dontaudit_search_dirs --> off httpd_enable_cgi --> on httpd_enable_ftp_server --> off httpd_enable_homedirs --> off httpd_execmem --> off httpd_graceful_shutdown --> on httpd_manage_ipa --> off httpd_mod_auth_ntlm_winbind --> off httpd_mod_auth_pam --> off httpd_read_user_content --> off httpd_run_stickshift --> off httpd_serve_cobbler_files --> off httpd_setrlimit --> off httpd_ssi_exec --> off httpd_sys_script_anon_write --> off httpd_tmp_exec --> off httpd_tty_comm --> off httpd_unified --> off httpd_use_cifs --> off httpd_use_fusefs --> off httpd_use_gpg --> off httpd_use_nfs --> off httpd_use_openstack --> off httpd_use_sasl --> off httpd_verify_dns --> off # 开启 httpd_enable_homedir [root@localhost ~]# setsebool -P httpd_enable_homedirs=on
2.4 启动服务
[root@localhost ~]# systemctl restart httpd [root@localhost ~]# systemctl enable httpd ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service' # 设置防火墙 [root@localhost ~]# firewall-cmd --permanent --add-service=http success [root@localhost ~]# firewall-cmd --permanent --add-service=https success [root@localhost ~]# firewall-cmd --reload success
测试访问
2.5 设置身份验证
访问网站时,只有经过身份验证的用户才能够访问到网站的内容
使用htpasswd命令声场密码数据库,第一次建立须要使用 -c参数,以后再添加用户就不用了,格式 “htpasswd -c 存放密码的文件 用户名”,用户不须要是本地的系统用户。
[root@localhost ~]# htpasswd -c /etc/httpd/passwd user007 New password: Re-type new password: Adding password for user user007
修改配置文件,31-37行的配置参数
[root@localhost ~]# vim /etc/httpd/conf.d/userdir.conf 31 <Directory "/home/*/public_html"> 32 AllowOverride all 33 authuserfile "/etc/httpd/passwd" 34 authname "please auth" 35 authtype basic 36 Require user user007 37 </Directory>
重启httpd
[root@localhost ~]# systemctl restart httpd
测试访问
输入用户user007 密码 redhat
3. 虚拟主机功能
使用虚拟网站功能,能够把一台服务器分割成多个“虚拟服务器”,部署多个不一样的网站;有三种方式:
- 请求不一样的IP地址
- 请求不一样的主机域名
- 请求不一样的端口
3.1 基于IP地址
3.1.1 添加两个IP
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno16777736 TYPE=Ethernet BOOTPROTO=none ONBOOT=yes DEVICE=eno16777736 USERCTL=no IPADDR1=192.168.137.10 PREFIX1=24 IPADDR2=192.168.137.20 FREPIX2=24 GATEWAY=192.168.137.2 DNS1=114.114.114.114 [root@localhost ~]# systemctl restart network
3.1.2 建立网站目录
建立两个不一样的网站目录,访问192.168.137.10时,看到的是“192.168.137.10”;访问192.168.137.20时,看到的是“192.168.137.20”
[root@localhost ~]# mkdir /home/wwwroot/10 -p [root@localhost ~]# mkdir /home/wwwroot/20 -p [root@localhost ~]# echo "192.168.137.10" >/home/wwwroot/10/index.html [root@localhost ~]# echo "192.168.137.20" >/home/wwwroot/20/index.html
3.1.3 设置selinux
设置selinux的安全上下文
# 查看默认网站目录的值 [root@localhost ~]# ls -ldZ /var/www/html/ drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html/ # 设置新网站selinux安全上下文的值 [root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot [root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/10 [root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/10/* [root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/20 [root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/20/* # 从新加载生效 [root@localhost ~]# restorecon -Rv /home/wwwroot/ restorecon reset /home/wwwroot context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_dir_t:s0 restorecon reset /home/wwwroot/10 context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_t:s0 restorecon reset /home/wwwroot/10/index.html context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_t:s0 restorecon reset /home/wwwroot/20 context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_t:s0 restorecon reset /home/wwwroot/20/index.html context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_t:s0
3.1.4 修改配置文件
在倒数第二行添加一下内容:
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf <virtualhost 192.168.137.10> documentroot "/home/wwwroot/10" servername www.a.com <directory "/home/wwwroot/10"> allowoverride none require all granted </directory> </virtualhost> <virtualhost 192.168.137.20> documentroot "/home/wwwroot/20" servername www.b.com <directory "/home/wwwroot/20"> allowoverride none require all granted </directory> </virtualhost>
3.1.5 启动服务
[root@localhost ~]# systemctl restart httpd [root@localhost ~]# systemctl enable httpd ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service' # 设置防火墙 [root@localhost ~]# firewall-cmd --permanent --add-service=http success [root@localhost ~]# firewall-cmd --permanent --add-service=https success [root@localhost ~]# firewall-cmd --reload success
测试访问
3.2 基于域名
3.2.1 建立网站目录
定义两个域名www.a.com和www.b.com。建立两个网站的目录,分别存放两个网站的数据
[root@localhost Desktop]# mkdir -p /home/wwwroot/a [root@localhost Desktop]# mkdir -p /home/wwwroot/b [root@localhost Desktop]# echo "a web" >/home/wwwroot/a/index.html [root@localhost Desktop]# echo "b web" >/home/wwwroot/b/index.html
3.2.2 设置selinux
# 查看默认网站目录的值 [root@localhost Desktop]# ls -ldZ /var/www/html/ drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html/ # 设置新网站的selinux安全上下文的值 [root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot [root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/a [root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/a/* [root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/b [root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/b/* # 从新加载生效 [root@localhost Desktop]# restorecon -Rv /home/wwwroot/ restorecon reset /home/wwwroot context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0 restorecon reset /home/wwwroot/a context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0 restorecon reset /home/wwwroot/a/index.html context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0 restorecon reset /home/wwwroot/b context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0 restorecon reset /home/wwwroot/b/index.html context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
3.2.3 修改配置文件
在配置文件的倒数第二行,添加如下内容
[root@localhost Desktop]# vim /etc/httpd/conf/httpd.conf <virtualhost 192.168.137.10> documentroot "/home/wwwroot/a" servername www.a.com <directory "/home/wwwroot/a"> allowoverride none require all granted </directory> </virtualhost> <virtualhost 192.168.137.10> documentroot "/home/wwwroot/b" servername www.b.com <directory "/home/wwwroot/b"> allowoverride none require all granted </directory> </virtualhost>
3.2.4 启动服务
[root@localhost Desktop]# systemctl restart httpd [root@localhost Desktop]# systemctl enable httpd ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service' # 设置防火墙 [root@localhost Desktop]# firewall-cmd --permanent --add-service=http success [root@localhost Desktop]# firewall-cmd --permanent --add-service=https success [root@localhost Desktop]# firewall-cmd --reload success
在测试的客户端的/etc/hosts文件写入这两个网址的解析
[root@localhost Desktop]# vim /etc/hosts 192.168.137.10 www.a.com www.b.com
3.3 基于端口
3.3.1 建立网站目录
定义两个端口333和222端口,建立两个网站目录分别存放两个网站的数据
[root@localhost Desktop]# mkdir -p /home/wwwroot/333 [root@localhost Desktop]# mkdir -p /home/wwwroot/222 [root@localhost Desktop]# echo "333 web" >/home/wwwroot/111/index.html [root@localhost Desktop]# echo "222 web" >/home/wwwroot/222/index.html
3.3.2 设置selinux
设置网站目录的selinux安全上下文值
# 查看默认网站目录的值 [root@localhost Desktop]# ls -ldZ /var/www/html/ drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html/ # 设置新网站的值 [root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/333 [root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/333/* [root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/222 [root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/222/* [root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot # 从新加载生效 [root@localhost Desktop]# restorecon -Rv /home/wwwroot/ restorecon reset /home/wwwroot context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0 restorecon reset /home/wwwroot/333 context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0 restorecon reset /home/wwwroot/333/index.html context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0 restorecon reset /home/wwwroot/222 context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0 restorecon reset /home/wwwroot/222/index.html context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
将 333和222端口加入到selinux域测策略中,容许httpd监听这两个端口
[root@localhost Desktop]# semanage port -l|grep http http_cache_port_t tcp 8080, 8118, 8123, 10001-10010 http_cache_port_t udp 3130 http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000 pegasus_http_port_t tcp 5988 pegasus_https_port_t tcp 5989 [root@localhost Desktop]# semanage port -a -t http_port_t -p tcp 222 [root@localhost Desktop]# semanage port -a -t http_port_t -p tcp 333
3.3.3 修改配置文件
[root@localhost wwwroot]# vim /etc/httpd/conf/httpd.conf listen 222 listen 333 <virtualhost 192.168.137.10:222> documentroot "/home/wwwroot/222" servername www.a.com <directory "/home/wwwroot/222"> allowoverride none require all granted </directory> </virtualhost> <virtualhost 192.168.137.10:333> documentroot "/home/wwwroot/333" servername www.a.com <directory "/home/wwwroot/333"> allowoverride none require all granted </directory> </virtualhost>
3.3.4 启动服务
[root@localhost wwwroot]# systemctl restart httpd [root@localhost wwwroot]# systemctl enable htpd Failed to issue method call: No such file or directory [root@localhost wwwroot]# systemctl enable httpd ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service' # 设置防火墙 [root@localhost wwwroot]# firewall-cmd --permanent --add-service=http success [root@localhost wwwroot]# firewall-cmd --permanent --add-service=https success [root@localhost wwwroot]# firewall-cmd --permanent --add-port=222/tcp success [root@localhost wwwroot]# firewall-cmd --permanent --add-port=333/tcp success [root@localhost wwwroot]# firewall-cmd --reload success
测试访问
相关文章
- 1. kubernetes学习笔记(二)——部署服务
- 2. 运维学习笔记Apache服务
- 3. NFS服务学习记录与部署
- 4. Linux学习笔记(21)——使用Apache服务部署静态网站
- 5. centos7 部署Apache服务器
- 6. Centos7 部署Apache服务器
- 7. Apache服务器部署(2)
- 8. Apache服务器部署
- 9. 部署Apache网站服务
- 10. Linux笔记15 使用Apache服务部署静态网站。
- 更多相关文章...
- • Maven 自动化部署 - Maven教程
- • 启动MySQL服务 - MySQL教程
- • Tomcat学习笔记(史上最全tomcat学习笔记)
- • Spring Cloud 微服务实战(三) - 服务注册与发现
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
欢迎关注本站公众号,获取更多信息
