Linux 第十二周学习笔记 阿帕奇服务

apache
[root@web-1 ~]# yum install httpd -y
[root@web-1 html]# yum install httpd-manual -y
更改默认发布文件
[root@web-1 html]# vim /etc/httpd/conf/httpd.conf

更改默认发布目录
[root@web-1 html]# mkdir /www/westos -p
[root@web-1 html]# semanage fcontext -a -t httpd_sys_content_t '/www/westos(/*)?'
[root@web-1 html]# restorecon -RvvF /www/
restorecon reset /www context unconfined_u:object_r:default_t:s0->system_u:object_r:default_t:s0
restorecon reset /www/westos context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0
[root@web-1 html]# cd /www/westos/
[root@web-1 westos]# vim index.html
[root@web-1 westos]# ls -Z
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 index.html
[root@web-1 westos]# vim /etc/httpd/conf/httpd.conf
120 DocumentRoot "/www/westos"
121 <Directory "/www/westos">
122 Require all granted
123 </Directory>
[root@web-1 westos]# systemctl restart http

[root@web-1 westos]# vim /etc/httpd/conf/httpd.conf
120 DocumentRoot "/www/westos"
121 <Directory "/www/westos">
122 Require all granted
123 Order Allow,Deny
124 Allow from All
125 Deny from 172.25.254.209
126 </Directory>
[root@web-1 westos]# systemctl restart http

[root@web-1 westos]# vim /etc/httpd/conf/httpd.conf
120 DocumentRoot "/www/westos"
121 <Directory "/www/westos">
122 Require all granted
123 Order Deny,Allow
124 Allow from ALL
125 Deny from 172.25.254.209
[root@web-1 westos]# systemctl restart http

[root@web-1 westos]# vim /etc/httpd/conf/httpd.conf
120 DocumentRoot "/www/westos"
121 <Directory "/www/westos">
122 Require all granted
123 Order Deny,Allow
124 Allow from 172.25.254.9
125 Deny from ALL
用户认证
[root@web-1 httpd]# htpasswd -cm htpasswdfile admin
New password:
Re-type new password:
Adding password for user admin
[root@web-1 httpd]# htpasswd -m htpasswdfile westos
New password:
Re-type new password:
Adding password for user westos
[root@web-1 westos]# vim /etc/httpd/conf/httpd.conf
120 DocumentRoot "/www/westos"
121 <Directory "/www/westos">
122 # Require all granted
123 AllowOverride All
124 Authuserfile /etc/httpd/htpasswdfile
125 Authname "Please input username and passwd"
126 Authtype basic
127 Require user admin
128 </Directory>
[root@web-1 httpd]# systemctl restart httpd

[root@web-1 westos]# vim /etc/httpd/conf/httpd.conf
120 DocumentRoot "/www/westos"
121 <Directory "/www/westos">
122 # Require all granted
123 AllowOverride All
124 Authuserfile /etc/httpd/htpasswdfile
125 Authname "Please input username and passwd"
126 Authtype basic
127 Require valid-user
128 </Directory>
[root@web-1 httpd]# systemctl restart httpd

[root@web-1 ~]# cd /var/www/html/
[root@web-1 ~]# vim index.html
www.westos.com
[root@web-1 ~]# mkdir /var/www/virtual/news.westos.com/html -p
[root@web-1 ~]# cd /var/www/virtual/news.westos.com/html
[root@web-1 html]# vim index.html

[root@web-1 html]# mkdir /var/www/virtual/music.westos.com/html -p
[root@web-1 html]# cd /var/www/virtual/music.westos.com/html
[root@web-1 html]# vim index.html
[root@web-1 html]# cd /etc/httpd/conf.d/
[root@web-1 conf.d]# vim default.conf
<Virtualhost _default_:80>
Documentroot /var/www/html
Customlog "logs/default.log" combined
</Virtualhost>
<Directory "/var/www/html">
Require all granted
</Directory>

[root@web-1 conf.d]# vim news.conf
<Virtualhost *:80>
Servername news.westos.com
Documentroot /var/www/virtual/news.westos.com/html
Customlog "logs/default.log" combined
</Virtualhost>
<Directory "/var/www/virtual/news.westos.com/html">
Require all granted
</Directory>

[root@web-1 conf.d]# vim music.conf
<Virtualhost *:80>
Servername music.westos.com
Documentroot /var/www/virtual/music.westos.com/html
Customlog "logs/default.log" combined
</Virtualhost>
<Directory "/var/www/virtual/music.westos.com/html">
Require all granted
</Directory>

[root@web-1 conf.d]# systemctl restart httpd.service

测试机上的更改
vim /etc/hosts
172.25.254.109 www.westos.com westos.com news.westos.com music.westos.com

https
[root@web-1 conf.d]# yum install mod_ssl -y
[root@web-1 conf.d]# yum install crypto-utils -y
[root@web-1 conf.d]# genkey www.westos.com
/usr/bin/keyutil -c makecert -g 1024 -s "CN=www.westos.com, OU=linux, O=westos, L=xi'an, ST=shannxi, C=CN" -v 1 -a -z /etc/pki/tls/.rand.9611 -o /etc/pki/tls/certs/www.westos.com.crt -k /etc/pki/tls/private/www.westos.com.key
cmdstr: makecert

cmd_CreateNewCert
command: makecert
keysize = 1024 bits
subject = CN=www.westos.com, OU=linux, O=westos, L=xi'an, ST=shannxi, C=CN
valid for 1 months
random seed from /etc/pki/tls/.rand.9611
output will be written to /etc/pki/tls/certs/www.westos.com.crt
output key written to /etc/pki/tls/private/www.westos.com.key

Generating key. This may take a few moments...

Made a key
Opened tmprequest for writing
/usr/bin/keyutil Copying the cert pointer
Created a certificate
Wrote 882 bytes of encoded data to /etc/pki/tls/private/www.westos.com.key
Wrote the key to:
/etc/pki/tls/private/www.westos.com.key
[root@web-1 conf]# cd /etc/httpd/conf.d
[root@web-1 conf.d]# vim ssl.conf
100 SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
107 SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key

[root@web-1 conf.d]# systemctl restart httpd.service
测试机

网页重写与虚拟主机的https
[root@web-1 html]# cd /etc/httpd/conf.d/
[root@web-1 conf.d]# firewall-cmd --permanent --add-service=http
success
[root@web-1 conf.d]# firewall-cmd --permanent --add-service=https
success
[root@web-1 conf.d]# firewall-cmd --reload
success
[root@web-1 conf.d]# vim music.conf
<Virtualhost *:80>
Servername music.westos.com
RewriteEngine on 允许网页重写
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301] ##重写为https
</Virtualhost>
<Directory "/var/www/virtual/music.westos.com/html">
Require all granted ##授权
</Directory>
<Virtualhost *:443> ##443端口
Servername music.westos.com
Documentroot /var/www/virtual/music.westos.com/html
Customlog "logs/default-443.log" combined ##产生的日志放在logs/default-443.log 下
SSLEngine on ##开启认证
SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt ##证书
SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key ##钥匙
</Virtualhost>
[root@web-1 conf.d]# vim news.conf
<Virtualhost *:80>
Servername news.westos.com
RewriteEngine on
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
</Virtualhost>
<Directory "/var/www/virtual/news.westos.com/html">
Require all granted
</Directory>
<Virtualhost *:443>
Servername news.westos.com
Documentroot /var/www/virtual/news.westos.com/html
Customlog "logs/news-443.log" combined
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key
</Virtualhost>
[root@web-1 conf.d]# systemctl restart httpd
测试机操作
[root@maillinux ~]# vim /etc/hosts
172.25.254.109 www.westos.com westos.com news.westos.com music.westos.com
打开firefox输入http://music.westos.com 会自动跳转为https://music.westos.com.
php
[root@web-1 html]# vim index.php
<?php
phpinfo ();
?>
[root@web-1 html]# vim /etc/httpd/conf/httpd.conf
163 DirectoryIndex index.php index.html
[root@web-1 html]# chmod +x /var/www/html
[root@web-1 html]# systemctl restart httpd.service
cgi

[root@web-1 html]# mkdir cgi

[root@web-1 html]# yum install http-manual -y
[root@web-1 html]# cd cgi/
vim index.cgi
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print `date`;
[root@web-1 html]# cd /etc/httpd/conf.d/
[root@web-1 conf.d]# vim default.conf
<Virtualhost _default_:80>
DocumentRoot /var/www/html
Customlog "logs/default.log" combined
</Virtualhost>
<Directory "/var/www/html">
Options +ExecCGI
AddHandler cgi-script .cgi
</Directory>
[root@web-1 conf.d]# chmod +x /var/www/html/cgi/*
[root@web-1 conf.d]# semanage fcontext -a -t httpd_sys_script_exec_t '/var/www/html/cgi/(/.*)?'
[root@web-1 conf.d]# restorecon -RvvF /var/www/html/cgi/
[root@web-1 conf.d]# systemctl restart httpd.service
论坛
[root@web-1 html]# yum install mariadb -y 安装数据库
若没有安装数据库，安装后要进行安全设置。因为一般情况下我们不会把数据库的端口裸露在外，所以要隐藏端口。

[root@web-1 html]# vim /etc/my.cnf
10 skip-networking=1
[root@web-1 html]# netstat -antlpe | grep mariadb
[root@web-1 html]# setenforce 0
[root@web-1 html]# systemctl start mariadb
下载论坛安装包
Discuz_X3.2_SC_UTF8.zip
[root@web-1 html]# unzip Discuz_X3.2_SC_UTF8.zip

[root@web-1 html]# chmod 777 upload/ -R