linux 网页服务器apache学习笔记

标签：linux   网页   服务器   配置文件   虚拟主机   

主体包：httpd

主配置文件：/etc/httpd/conf/httpd.conf

参数：ServerRoot  “/etc/httpd”#指定配置文件中引用相对路径的文件根

    Listen 80 #监听端口，多个端口另加一行 Listen 192.168.1.2:8080

    <Directory />

        AllowOverride none

        Require all denied #拒绝所有文件读，可读文件需要单独列出并给予读权限

    </Directory>

    <Files “.ht*”>

        Require all denied #拒绝运行所有.ht类型文件

    </Files>

    <IfModule dir_module>

        DirectoryIndex index.html          #存在即加载

    </IfModule>

虚拟主机三种实现方法：

在/var/www/html创建两个目录A和B，添加索引页以区别不同的网站

tree /var/www/html/     

/var/www/html/      
├── A      
│   └── index.html      
└── B      
    └── index.html

cat /var/www/html/A/index.html    
Aa

cat /var/www/html/B/index.html    
BbBb      

 a. 基于IP

 给主机添加ip

nmcli con modify eno16777984 +ipv4.addresses 192.168.1.80/24

创建虚拟主机配置文件

cat /etc/httpd/conf.d/00-vh-ip.conf    
<VirtualHost 192.168.1.199:80>      
        DocumentRoot /var/www/html/A      
        CustomLog "logs/a.log" combined      
        <Directory /var/www/html/A>      
        Require all granted      
        </Directory>      
</VirtualHost>

<VirtualHost 192.168.1.80:80>    
        DocumentRoot /var/www/html/B      
        CustomLog "logs/b.log" combined      
        <Directory /var/www/html/B>      
        Require all granted      
        </Directory>      
</VirtualHost>

重启apache服务    

       

b. 基于端口

在主配置文件中增加监听端口

[root@dns2 ~]# grep ^Listen /etc/httpd/conf/httpd.conf    
Listen 80      
Listen 8080      
Listen 8081      

创建虚拟主机配置文件    
[root@dns2 ~]# cat /etc/httpd/conf.d/01-vh-port.conf      
<VirtualHost 192.168.1.199:8080>      
        DocumentRoot /var/www/html/A      
        CustomLog "logs/a.log" combined      
        <Directory /var/www/html/A>      
        Require all granted      
        </Directory>      
</VirtualHost>

<VirtualHost 192.168.1.199:8081>    
        DocumentRoot /var/www/html/B      
        CustomLog "logs/b.log" combined      
        <Directory /var/www/html/B>      
        Require all granted      
        </Directory>      
</VirtualHost>

重启apache服务

     

c. 基于域名

此方法需要修改hosts文件，或者dns配合

添加A记录 pro，指向网页服务器

创建新域dian.me，添加A记录test，同样指向网页服务器

zone "dian.me" IN {    
        type master;      
        file "dian.me.forward";      
        notify yes;      
        allow-update { key SEC_DDNS ; };      
};

重启域名服务，尝试解析

;; ANSWER SECTION:    
pro.it.lab.             300     IN      A       192.168.1.199

;; ANSWER SECTION:    
test.dian.me.           86400   IN      A       192.168.1.199      

创建虚拟主机配置文件

cat /etc/httpd/conf.d/02-vh-name.conf    
<VirtualHost pro.it.lab:80>      
        DocumentRoot /var/www/html/A      
        ServerName      pro.it.lab      
        ServerAlias     pro      
        CustomLog "logs/a.log" combined      
        <Directory /var/www/html/A>      
        Require all granted      
        </Directory>      
</VirtualHost>

<VirtualHost test.dian.me:80>    
        DocumentRoot /var/www/html/B      
        Servername test.dian.me      
        ServerAlias test      
        CustomLog "logs/b.log" combined      
        <Directory /var/www/html/B>      
        Require all granted      
        </Directory>      
</VirtualHost>      

cat /etc/httpd/conf.d/02-vh-name.conf    
<VirtualHost pro.it.lab:80>      
        DocumentRoot /var/www/html/A      
        ServerName      pro.it.lab      
        CustomLog "logs/a.log" combined      
        <Directory /var/www/html/A>      
        Require all granted      
        </Directory>      
</VirtualHost>

<VirtualHost test.dian.me:80>    
        DocumentRoot /var/www/html/B      
        Servername test.dian.me      
        CustomLog "logs/b.log" combined      
        <Directory /var/www/html/B>      
        Require all granted      
        </Directory>      
</VirtualHost>      

重启apache服务

curl http://pro

Aa  
Aa    
curl http://test    
BbBb    
BbBb    

HTTPS实现

yum –y install mod_ssl

ssl模块会创建一个命名虚拟主机 /etc/httpd/conf.d/ssl.conf

拷贝配置文件<VirtualHost>块并修改，添加主目录

grep VirtualHost /etc/httpd/conf.d/03-vh-ssl.conf   

<VirtualHost pro.it.lab:443>

grep DocumentRoot /etc/httpd/conf.d/03-vh-ssl.conf    
DocumentRoot "/var/www/html/A"      

重启apache服务

禁止https站点提供非加密内容

在TLS虚拟主机<VirtualHost>块添加描述

Header always set Strict-Transport-Security "max-age=15768000"    

http自动跳转https

新建一http虚拟主机（捕获所有80端口流量），使用和捕获所有443端口流量的https虚拟主机相同的ServerName

RewriteEngine on     

RewriteRule ^(/.*)$ http://%{HTTP_HOST}$1 [redirect=301]

CGI: common gateway interface

when a CGI resource is requested, httpd executes the resources as a process and serves the stdout of that process.

popular CGI resouces writing in perl,Java and C

to have httpd treat a location as CGI executables

ScriptAlias /cgi-bin "/var/www/cgi-bin"

CGI scritps exectued as apache user and group

label with httpd_sys_script_exec_t

have Options None and access granted using <Directory>

dynamic PHP

yum -y install php, will add mod_php to httpd

<FilesMatch \.php$>

SetHandler application/x-httpd-php

<FilesMatch>

DirectoryIndex index.php

dynamic python

python scripts can be served out using regular CGI, both python and httpd support new protocol: Web Server Gateway Interface

yum -y install mod_wsgi

WSGIScriptAlias /myapp/ /srv/myapp/www/myapp.py

this will send all request for http://servername/myapp and any resouces below it to the WSGI application

/srv/myapp/www/myapp.py

application should be executable by apache user and group, selinux label httpd_sys_content_t

Database connectivity

allow connect to a remote host database, set seboolean to 1

httpd_can_network_connect_db

remote database not using well known ports

httpd_can_network_connect

linux 网页服务器apache学习笔记

标签：linux   网页   服务器   配置文件   虚拟主机   

原文地址：http://jerkou.blog.51cto.com/4397003/1760158