Apache-配置筆記
阿新 • • 發佈:2018-05-23
must CA error hat who module ces net 工具
◆案例1◆ 編譯安裝Apache
1.配置yum源,安裝依賴
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo yum -y install epel-release yum install -y gcc openssl openssl-devel zlib zlib-devel pcre pcre-devel expat-devel libxml2-devel
2.安裝Apr -1.6.3
wget http://www-eu.apache.org/dist//apr/apr-1.6.3.tar.gztar -xzvf apr-1.6.3.tar.gz cd apr-1.6.3/ CC="gcc -m64" ./configure --prefix=/usr/local/apr ./configure --prefix=/usr/local/apr make && make install
3.安裝Apr-util -1.6.1
wget http://www-eu.apache.org/dist//apr/apr-util-1.6.1.tar.gz tar -xzvf apr-util-1.6.1.tar.gz cd apr-util-1.6.1/ ./configure --prefix=/usr/local/apr-util--with-apr=/usr/local/apr make && make install
4.安裝Apache -2.4.33
wget http://www-eu.apache.org/dist//httpd/httpd-2.4.33.tar.gz tar -xzvf httpd-2.4.33.tar.gz cd httpd-2.4.33/ ./configure --prefix=/usr/local/apache2 --enable-rewrite --enable-so --enable-headers --enable-expires --with-mpm=worker --enable-modules=most--enable-deflate --enable-ssl --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --with-pcre=/usr/local/pcre make && make install
◆案例2◆ Apache實現身份驗證 -- 基於用戶名密碼的認證 <打開網頁實現身份驗證>
1.編輯Apache主配置文件
編輯配置文件,在相應的區域中加入以下標★語句
vim /usr/local/apache2/conf/httpd.conf 235 # AllowOverride controls what directives may be placed in .htaccess files. 236 # It can be "All", "None", or any combination of the keywords: 237 # AllowOverride FileInfo AuthConfig Limit 238 # ★ AllowOverride None #修改為 AllowOverride all 240 241 # 242 # Controls who can get stuff from this server.
2.在要添加認證的網頁文件下創建 .htaccess 文件,並寫入以下內容
編輯配置文件,在相應的區域中覆蓋寫入
vim /usr/local/apache2/htdocs/.htaccess authname "welcome to admin" #歡迎提示信息 authtype basic #認證類型 authuserfile /usr/local/apache2/htdocs/login.psd #認證文件存放位置 require valid-user #除認證用戶其他用戶不允許登陸
3.借助Apache的工具生成密碼文件
/usr/local/apache2/bin/htpasswd -c /usr/local/apache2/htdocs/login.psd LyShark #創建認證用戶(覆蓋) /usr/local/apache2/bin/htpasswd -m /usr/local/apache2/htdocs/login.psd LyShark #寫入認證用戶(追加)
4.重啟Apache服務
/usr/local/apache2/bin/apachectl restart
◆案例3◆ Apache-實現身份驗證 -- 基於客戶端的驗證
◆允許個別IP地址訪問網頁,拒絕所有◆
1.編輯Apache主配置文件
編輯配置文件,在相應的區域中加入以下標★語句,在<Directory>嵌套裏寫以下內容
vim /usr/local/apache2/conf/httpd.conf 234 # 235 # AllowOverride controls what directives may be placed in .htaccess files. 236 # It can be "All", "None", or any combination of the keywords: 237 # AllowOverride FileInfo AuthConfig Limit 238 # 239 AllowOverride None 240 ★ <requireall> ★ require all granted ★ require ip 192.168.1.10 #允許訪問的IP地址 ★ </requireall> 245 246 # 247 # Controls who can get stuff from this server. 248 # 249 #Require all granted #註釋掉 250 </Directory>
2.重啟Apache服務
/usr/local/apache2/bin/apachectl restart
◆拒絕個別IP地址訪問網頁,允許所有◆
1.編輯Apache主配置文件
編輯配置文件,在相應的區域中加入以下標★語句,在<Directory>嵌套裏寫以下內容
vim /usr/local/apache2/conf/httpd.conf 235 # AllowOverride controls what directives may be placed in .htaccess files. 236 # It can be "All", "None", or any combination of the keywords: 237 # AllowOverride FileInfo AuthConfig Limit 238 # 239 AllowOverride None 240 <requireall> 241 require all granted 242 require not ip 192.168.1.10 #拒絕訪問的IP地址 243 </requireall> 244 # 245 # Controls who can get stuff from this server. 246 # 247 #Require all granted #註釋掉 248 </Directory>
2.重啟Apache服務
/usr/local/apache2/bin/apachectl restart
◆案例4◆ 目錄別名 - 減小目錄深度
1.編輯Apache主配置文件
編輯配置文件,在配置文件行尾,追加寫入以下標★語句
vim /usr/local/apache2/conf/httpd.conf 496 # Note: The following must must be present to support 497 # starting without SSL on platforms with no /dev/random equivalent 498 # but a statically compiled-in mod_ssl. 499 # 500 <IfModule ssl_module> 501 SSLRandomSeed startup builtin 502 SSLRandomSeed connect builtin 503 </IfModule> 504 ★ alias "/lyshark" "/usr/local/apache2/htdocs/a/b/c/d" #地址簡化 ★含義:將訪問路徑由 http://IP地址/a/b/c/d 簡化為 http://IP地址/lyshark
2.重啟Apache服務
/usr/local/apache2/bin/apachectl restart
◆案例5◆ 配置虛擬主機 <重點>
◆基於IP的虛擬主機◆ >>>實現一臺服務器多個IP地址,搭建多個網站<<<
1.在eno16777728上配置一個網卡子接口
[root@localhost]# ifconfig eno16777728:0 192.168.1.13 netmask 255.255.255.0 [root@localhost]# ifconfig eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.12 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::20c:29ff:fe1e:14e2 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:1e:14:e2 txqueuelen 1000 (Ethernet) RX packets 40292 bytes 4129804 (3.9 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 8962 bytes 1557264 (1.4 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eno16777728:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.13 netmask 255.255.255.0 broadcast 192.168.1.255 ether 00:0c:29:1e:14:e2 txqueuelen 1000 (Ethernet)
2.編輯主配置文件,開啟虛擬主機選項(取消註釋),在相應的區域中取消以下標★註釋
vim /usr/local/apache2/conf/httpd.conf 475 476 # Virtual hosts ★ Include conf/extra/httpd-vhosts.conf #取消本行註釋,開啟虛擬主機模塊 478 479 # Local access to the Apache HTTP Server Manual
3.修改虛擬主機配置文件添加虛擬主機,在相應的區域中修改以下標★語句
vim /usr/local/apache2/conf/extra/httpd-vhosts.conf 18 # VirtualHost example: 19 # Almost any Apache directive may go into a VirtualHost container. 20 # The first VirtualHost section is used for all requests that do not 21 # match a ServerName or ServerAlias in any <VirtualHost> block. 22 # ★ <VirtualHost 192.168.1.12:80> 24 ServerAdmin webmaster@dummy-host.example.com ★ DocumentRoot "/usr/local/apache2/htdocs/vhost1" 26 ServerName dummy-host.example.com 27 ServerAlias www.dummy-host.example.com 28 ErrorLog "logs/dummy-host.example.com-error_log" 29 CustomLog "logs/dummy-host.example.com-access_log" common 30 </VirtualHost> 31 ★ <VirtualHost 192.168.1.13:80> 33 ServerAdmin webmaster@dummy-host2.example.com ★ DocumentRoot "/usr/local/apache2/htdocs/vhost2" 35 ServerName dummy-host2.example.com 36 ErrorLog "logs/dummy-host2.example.com-error_log" 37 CustomLog "logs/dummy-host2.example.com-access_log" common 38 </VirtualHost>
4.分別創建vhost1 和vhost2目錄,並放入兩個index.html文件
mkdir /usr/local/apache2/htdocs/vhost1 mkdir /usr/local/apache2/htdocs/vhost2 echo "vhost1 test page" > /usr/local/apache2/htdocs/vhost1/index.html echo "vhost2 test page" > /usr/local/apache2/htdocs/vhost2/index.html
5.重啟Apache服務
/usr/local/apache2/bin/apachectl restart
◆基於端口的虛擬主機◆ >>>實現一臺服務器多個端口,搭建多個網站<<<
1.編輯主配置文件,開啟虛擬主機選項(取消註釋),在相應的區域中取消以下標★註釋
vim /usr/local/apache2/conf/httpd.conf 475 476 # Virtual hosts ★ Include conf/extra/httpd-vhosts.conf #取消本行註釋,開啟虛擬主機模塊 478 479 # Local access to the Apache HTTP Server Manual
2.修改虛擬主機配置文件添加虛擬主機,在相應的區域中修改以下標★語句
vim /usr/local/apache2/conf/extra/httpd-vhosts.conf 18 # VirtualHost example: 19 # Almost any Apache directive may go into a VirtualHost container. 20 # The first VirtualHost section is used for all requests that do not 21 # match a ServerName or ServerAlias in any <VirtualHost> block. 22 # ★ <VirtualHost 192.168.1.12:80> 24 ServerAdmin webmaster@dummy-host.example.com ★ DocumentRoot "/usr/local/apache2/htdocs/vhost1" 26 ServerName dummy-host.example.com 27 ServerAlias www.dummy-host.example.com 28 ErrorLog "logs/dummy-host.example.com-error_log" 29 CustomLog "logs/dummy-host.example.com-access_log" common 30 </VirtualHost> 31 ★ <VirtualHost 192.168.1.12:8080> 33 ServerAdmin webmaster@dummy-host2.example.com ★ DocumentRoot "/usr/local/apache2/htdocs/vhost2" 35 ServerName dummy-host2.example.com 36 ErrorLog "logs/dummy-host2.example.com-error_log" 37 CustomLog "logs/dummy-host2.example.com-access_log" common 38 </VirtualHost>
3.分別創建vhost1 和vhost2目錄,並放入兩個index.html文件
mkdir /usr/local/apache2/htdocs/vhost1 mkdir /usr/local/apache2/htdocs/vhost2 echo "vhost1 test page" > /usr/local/apache2/htdocs/vhost1/index.html echo "vhost2 test page" > /usr/local/apache2/htdocs/vhost2/index.html
4.重啟Apache服務
/usr/local/apache2/bin/apachectl restart
◆基於域名的虛擬主機◆ >>>實現一臺服務器多個域名,搭建多個網站<<<
1.手動搭建dns服務器,實現正向解析,將解析地址指向同一個ip
www.wang.com 127.0.0.1 www.rui.com 127.0.0.1
2.編輯主配置文件,開啟虛擬主機選項(取消註釋),在相應的區域中取消以下標★註釋
vim /usr/local/apache2/conf/httpd.conf 475 476 # Virtual hosts ★ Include conf/extra/httpd-vhosts.conf #取消本行註釋,開啟虛擬主機模塊 478 479 # Local access to the Apache HTTP Server Manual
3.修改虛擬主機配置文件添加虛擬主機,在相應的區域中修改以下標★語句
vim /usr/local/apache2/conf/extra/httpd-vhosts.conf 18 # VirtualHost example: 19 # Almost any Apache directive may go into a VirtualHost container. 20 # The first VirtualHost section is used for all requests that do not 21 # match a ServerName or ServerAlias in any <VirtualHost> block. 22 # 23 <VirtualHost *:80> 24 ServerAdmin webmaster@dummy-host.example.com ★ DocumentRoot "/usr/local/apache2/htdocs/vhost1" ★ ServerName www.wang.com #wang.com解析到vhost1目錄下 27 ServerAlias www.dummy-host.example.com 28 ErrorLog "logs/dummy-host.example.com-error_log" 29 CustomLog "logs/dummy-host.example.com-access_log" common 30 </VirtualHost> 31 32 <VirtualHost *:80> 33 ServerAdmin webmaster@dummy-host2.example.com ★ DocumentRoot "/usr/local/apache2/htdocs/vhost2" ★ ServerName www.rui.com #rui.com解析到vhost2目錄下 36 ErrorLog "logs/dummy-host2.example.com-error_log" 37 CustomLog "logs/dummy-host2.example.com-access_log" common 38 </VirtualHost>
4.分別創建vhost1 和vhost2目錄,並放入兩個index.html文件
mkdir /usr/local/apache2/htdocs/vhost1 mkdir /usr/local/apache2/htdocs/vhost2 echo "vhost1 test page" > /usr/local/apache2/htdocs/vhost1/index.html echo "vhost2 test page" > /usr/local/apache2/htdocs/vhost2/index.html
5.重啟Apache服務
/usr/local/apache2/bin/apachectl restart
◆案例6◆ 開啟個人主頁功能
=====================================================================================
實驗效果
給予每個用戶都有一個單獨的網頁空間
=====================================================================================
1.編輯主配置文件,開啟個人主頁選項(取消註釋),在相應的區域中取消以下標★註釋
vim /usr/local/apache2/conf/httpd.conf 149 #LoadModule speling_module modules/mod_speling.so ★ LoadModule userdir_module modules/mod_userdir.so #取消註釋(約在150行) 151 LoadModule alias_module modules/mod_alias.so 470 # User home directories ★ Include conf/extra/httpd-userdir.conf #取消註釋(約在471行) 472 473 # Real-time info on requests and configuration
2.進入配置文件,不做修改退出
vim /usr/local/apache2/conf/extra/httpd-userdir.conf
3.創建用戶並設置密碼
[root@localhost ~]# useradd lyshark [root@localhost ~]# passwd lyshark
4.進入用戶家目錄,創建相應文件,並賦予權限
mkdir -p /home/lyshark/public_html #在用戶家目錄創建public_html echo "this is lyshark web" > /home/lyshark/public_html/index.html #創建測試頁 chmod 755 /home/lyshark/public_html/index.html #賦予執行權限 chmod 755 /home/lyshark #賦予執行權限
5.重啟Apache服務
/usr/local/apache2/bin/apachectl restart
6.通過瀏覽器訪問測試
格式為:http://127.0.0.1/~lyshark
◆案例7◆ 啟用地址跳轉 <重點>
=====================================================================================
實驗效果
當用戶訪問www.xdl.com 自動跳轉到www.edu.com
=====================================================================================
1.搭建dns服務器,實現正向解析,將解析地址指向同一個ip
2.編輯主配置文件開啟相應功能(取消註釋)
vim /usr/local/apache2/conf/httpd.conf 145 LoadModule vhost_alias_module modules/mod_vhost_alias.so #開啟虛擬主機(約在145行) 152 LoadModule rewrite_module modules/mod_rewrite.so #開啟網頁重寫(約在152行) 476 # Virtual hosts 477 Include conf/extra/httpd-vhosts.conf #開啟虛擬主機(約在477行)
3.改寫虛擬主機配置文件,在相應的區域中取消以下標★註釋
vim /usr/local/apache2/conf/extra/httpd-vhosts.conf 18 # VirtualHost example: 19 # Almost any Apache directive may go into a VirtualHost container. 20 # The first VirtualHost section is used for all requests that do not 21 # match a ServerName or ServerAlias in any <VirtualHost> block. 22 # 23 <VirtualHost *:80> ★ DocumentRoot "/usr/local/apache2/htdocs/xdl" #xdl網頁存放位置 ★ ServerName www.xdl.com #域名1 26 </VirtualHost> 27 ★ <Directory "/usr/local/apache2/htdocs/xdl"> #xdl路徑 ★ Options indexes followsymlinks ★ Allowoverride all ★ Require all granted ★ </Directory> 33 34 <VirtualHost *:80> ★ DocumentRoot "/usr/local/apache2/htdocs/edu" #edu網頁存放位置 ★ ServerName www.edu.com #域名2 37 </VirtualHost>
4.分別創建網頁文件存儲位置,和測試頁
mkdir -p /usr/local/apache2/htdocs/xdl mkdir -p /usr/local/apache2/htdocs/edu echo "xdl server" > /usr/local/apache2/htdocs/xdl/index.html echo "edu server" > /usr/local/apache2/htdocs/edu/index.html
5.在要跳轉的網頁目錄下創建.htaccess文件(本例中應在xdl目錄下創建)
覆蓋寫入內容
vim /usr/local/apache2/htdocs/xdl/.htaccess rewriteengine on #開啟跳轉功能 rewritecond %{HTTP_HOST} www.xdl.com #將www.xdl.com rewriterule .* http://www.edu.com #跳轉到www.edu.com
5.重啟Apache服務
/usr/local/apache2/bin/apachectl restart
◆案例8◆ 啟用HTTPS生成SSL證書 <重點>
1.建立服務器私鑰,過程中需要輸入密碼
openssl genrsa -des3 -out server.key 1024 ---------------------------------------------------------------------------- 註釋: Genrsa –des3 #加密類型 -out server.key #輸出文件 -1024 #加密長度 ----------------------------------------------------------------------------
2.建立證書,生成的csr文件交給CA簽名後形成服務端自己的證書
openssl req -new -key server.key -out server.csr ---------------------------------------------------------------------------- 註釋: req -new #新建證書 -key server.key #私鑰文件 -out server.csr #輸出文件 註:依次輸入:國家 省 市 組織 機構 全稱 EMAIL 是否要改變密碼 是否改名稱 ----------------------------------------------------------------------------
3.轉化成證書,這一步由證書CA機構來做的,這裏只是實驗.
openssl x509 -req -days 365 -sha256 -in server.csr -signkey server.key -out servernew.crt
4.配置服務器讓其支持https
cp -a servernew.crt /usr/local/apache2/conf/server.crt #將證書復制到conf目錄下 cp -a server.key /usr/local/apache2/conf/server.key #私鑰也要放入conf目錄下
5.編輯主配置文件開啟相應功能(取消註釋)
vim /usr/local/apache2/conf/httpd.conf 133 LoadModule ssl_module modules/mod_ssl.so #開啟ssl功能(約在133行) 493 # Secure (SSL/TLS) connections 494 Include conf/extra/httpd-ssl.conf #開啟ssl模板,搜索SSLRandomSeed(約在494行)
6.配置SSL模板文件
vim /usr/local/apache2/conf/extra/httpd-ssl.conf 88 # Inter-Process Session Cache: 89 # Configure the SSL Session Cache: First the mechanism 90 # to use and second the expiring timeout (in seconds). 91 #SSLSessionCache "dbm:/usr/local/apache2/logs/ssl_scache" #註釋掉 92 #SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)" #註釋掉 93 #SSLSessionCacheTimeout 300 #註釋掉
7.重啟Apache服務,輸入密碼
/usr/local/apache2/bin/apachectl restart
8.訪問網站
https://127.0.0.1:443/index.html
Apache-配置筆記