首页 > 代码库 > 第二章预习
第二章预习
第二章实验(一):web服务目录的访问权限的控制
1.确认web服务器已经安装并启动
[root@www ~]# ls /usr/local/httpd/
bin build cgi-bin conf error htdocs icons include lib logs man manual modules
[root@www ~]# netstat -utpln |grep 80
tcp 0 0 :::80 :::* LISTEN 73341/httpd
2.设置只允许192.168.100.110访问,其他主机拒绝:
[root@www ~]# vim /usr/local/httpd/conf/httpd.conf
421 <Directory "/usr/local/awstats/wwwroot">
422 Options None
423 AllowOverride None
424 Order allow,deny
425 Allow from 192.168.100.110 ##修改该行
426 </Directory>
427
:set nu ##打印行号
:wq
[root@www ~]# /etc/init.d/httpd restart ##重启服务
httpd is restart complete.
测试:
修改windows主机的VNET1的IP为192.168.100.10,访问测试:
http://www.linuxfan.cn/aws.html ##不能访问
http://www.linuxfan.cn ##能访问
修改windows主机的VNET1的IP为192.168.100.110,访问测试:
http://www.linuxfan.cn/aws.html ##能访问
http://www.linuxfan.cn ##能访问
3.用户授权限制:
1)创建认证用户的密码文件(password file):
[root@www ~]# /usr/local/httpd/bin/htpasswd -c /usr/local/httpd/conf/htpasswd admin ##添加admin用户
New password: ##输入密码pwd@123
Re-type new password: ##确认密码
Adding password for user admin
[root@www ~]# cat /usr/local/httpd/conf/htpasswd
admin:TpPLVJuXl0wsE
相同的方法分别添加jhon,fage两个用户。
[root@www ~]# vim /usr/local/httpd/conf/htgroups ##为授权用户加入组
mygroup: admin fage ##组名: 成员1 成员2
2)添加用户授权配置
[root@www ~]# vim /usr/local/httpd/conf/httpd.conf
421 <Directory "/usr/local/awstats/wwwroot">
422 Options None
423 AllowOverride None
424 Order allow,deny
425 Allow from 192.168.100.110
426 AuthType Basic ##定义认证的类型为Basic
427 AuthName "Log analysis system" ##提示短语
428 AuthBasicProvider file ##提供认证者为file
429 AuthUserFile /usr/local/httpd/conf/htpasswd ##指定认证用户文件
430 AuthGroupFile /usr/local/httpd/conf/htgroups ##指定认证组文件
431 Require group mygroup ##设置允许访问的用户或者组,如果设置为用户改为“Require valid-user”即可
432 </Directory>
433
:set nu
:wq
[root@www ~]# /etc/init.d/httpd restart ##重启服务
httpd is restart complete.
3)访问测试:
http://www.linuxfan.cn/aws.html ##输入用户测试,admin与fage能登录,jhon不能登录
注意验证不同用户时只需关闭重新打开即可v
第二章实验(二):基于域名虚拟主机及主站迁移
1.配置BIND支持多域名解析:在实际工作中需要申请多个域名,并做好解析。
登录到192.168.100.100(已经提供了linuxfan.cn的解析)
[root@ns ~]# vim /var/named/chroot/etc/named.conf ##在该文件末尾添加如下内容
zone "sggfu.com" IN {
type master;
file "sggfu.com.zone";
};
:wq
[root@ns ~]# vim /var/named/chroot/var/named/sggfu.com.zone ##新建区域数据文件
$TTL 86400
@ IN SOA sggfu.com. root.sggfu.com. (
20150630
1H
2M
3W
1D
)
@ IN NS ns.sggfu.com.
@ IN A 192.168.100.100
ns IN A 192.168.100.100
www IN A 192.168.100.150
:wq
[root@ns ~]# /etc/init.d/named restart ##重启服务
[root@ns ~]# nslookup
> server 192.168.100.100
Default server: 192.168.100.100
Address: 192.168.100.100#53
> www.sggfu.com
Server: 192.168.100.100
Address: 192.168.100.100#53
Name: www.sggfu.com ##解析成功
Address: 192.168.100.150
> www.linuxfan.cn
Server: 192.168.100.100
Address: 192.168.100.100#53
Name: www.linuxfan.cn
Address: 192.168.100.150
> exit
[root@ns ~]#
2.配置基于域名的虚拟主机:登录到192.168.100.150上
1)设置虚拟主机站点的网页根目录:(测试数据)
[root@www ~]# cd /usr/local/httpd/htdocs/
[root@www ~]# mkdir linuxfan
[root@www ~]# mkdir sggfu
[root@www ~]# echo "www.linuxfan.cn" >>linuxfan/index.html
[root@www ~]# echo "www.sggfu.com" >>sggfu/index.html
2)修改虚拟主机配置文件:
[root@www ~]# vim /usr/local/httpd/conf/httpd.conf
387 Include conf/extra/httpd-vhosts.conf ##去掉该行的注释
388
:set nu 388,0-1 88%
:wq
[root@www ~]# cd /usr/local/httpd/conf/extra/ ;ls
[root@www extra]# cp httpd-vhosts.conf httpd-vhosts.conf.bak ##备份配置文件,养成好习惯
[root@www ~]# vim /usr/local/httpd/conf/extra/httpd-vhosts.conf ##修改配置文件如下
NameVirtualHost 192.168.100.150:80
<VirtualHost 192.168.100.150:80>
ServerAdmin admin@linuxfan.cn
DocumentRoot "/usr/local/httpd/htdocs/linuxfan"
ServerName www.linuxfan.cn
ErrorLog "logs/www.linuxfan.cn-error_log"
CustomLog "logs/www.linuxfan.cn-access_log" combined
</Virtualhost>
<VirtualHost 192.168.100.150:80>
ServerAdmin admin@sggfu.com
DocumentRoot "/usr/local/httpd/htdocs/sggfu/"
ServerName www.sggfu.com
ErrorLog "logs/www.sggfu.com-error_log"
CustomLog "logs/www.sggfu.com-access_log" combined
</VirtualHost>
:wq
3)测试:虚拟主机(登录到192.168.100.100)
[root@ns ~]# vim /etc/resolv.conf ##编辑配置文件确认如下行
[root@ns ~]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
nameserver 192.168.100.100 ##添加该行
nameserver 192.168.1.1
[root@ns ~]# elinks --dump www.linuxfan.cn ##访问成功
www.linuxfan.cn
[root@ns ~]# elinks --dump www.sggfu.com ##访问成功
www.sggfu.com
windows主机用浏览器访问:
http://www.linuxfan.cn
http://www.sggfu.com
http://www.linuxfan.cn/aws.html ##无法访问
3.主站迁移:
目前虚拟主机测试已经成功,问题在于老站www.linuxfan.cn中的web依然需要提供,下面将完成主站迁移,实现旧资源依然能访问:
1)移动老站资源:
[root@www ~]# tree /usr/local/httpd/htdocs/ ##树形结构查看网页根目录下的内容
/usr/local/httpd/htdocs/
├── aws.html
├── index.html
├── linuxfan
│ └── index.html
└── sggfu
└── index.html
2 directories, 4 files
[root@www ~]# cd /usr/local/httpd/htdocs/
[root@www htdocs]# ls
aws.html index.html linuxfan sggfu
[root@www htdocs]# mv aws.html index.html linuxfan/ ##将所有老站的内容移动到新站目录下
mv:是否覆盖"linuxfan/index.html"? y
[root@www htdocs]#
2)修改配置文件:
[root@www ~]# vim /usr/local/httpd/conf/httpd.conf ##注释掉主配置文件中关于awstats的配置
413 #Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"
414 #Alias /awstatscss "/usr/local/awstats/wwwroot/css/"
415 #Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/"
416 #ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/"
417 #
418 ##
419 ## This is to permit URL access to scripts/files in AWStats directory.
420 ##
421 #<Directory "/usr/local/awstats/wwwroot">
422 # Options None
423 # AllowOverride None
424 # Order allow,deny
425 # Allow from 192.168.100.110
426 # AuthType Basic
427 # AuthName "Log analysis system"
428 # AuthBasicProvider file
429 # AuthUserFile /usr/local/httpd/conf/htpasswd
430 # AuthGroupFile /usr/local/httpd/conf/htgroups
431 # Require group mygroup
432 #</Directory>
433 #
:413,$ s/^/#/g
:wq:
[root@www ~]# vim /usr/local/httpd/conf/extra/httpd-vhosts.conf ##修虚拟主机配置文件,将主配置文件中注释掉的配置文件项复制到第一个虚拟配置区域内
Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"
Alias /awstatscss "/usr/local/awstats/wwwroot/css/"
Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/"
ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/"
<Directory "/usr/local/awstats/wwwroot">
Options None
AllowOverride None
Order allow,deny
Allow from 192.168.100.110
AuthType Basic
AuthName "Log analysis system"
AuthBasicProvider file
AuthUserFile /usr/local/httpd/conf/htpasswd
AuthGroupFile /usr/local/httpd/conf/htgroups
Require group mygroup
</Directory>
:wq
[root@www ~]# /etc/init.d/httpd restart ##重启服务
httpd is restart complete.
[root@www ~]#
[root@www ~]# vim /etc/awstats/awstats.www.linuxfan.cn.conf ##修改第50行如下
LogFile="/usr/local/httpd/logs/www.linuxfan.cn-access_log"
:wq
[root@www ~]# /usr/local/awstats/tools/awstats_updateall.pl now
访问测试:
192.168.100.100上:测试成功
[root@ns ~]# elinks --dump www.linuxfan.cn
www.linuxfan.cn
1. http://www.linuxfan.cn/aws.html
[root@ns ~]#
windows上使用IE访问测试:点击后成功访问。
http://www.linuxfan.cn/
附加内容:
[root@www linuxfan]# cat index.html
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>linuxfans</title>
</head>
<body>
<h1>www.linuxfan.cn</h1>
<a href=http://www.mamicode.com/"aws.html">日志分析平台
</body>
</html>
[root@www linuxfan]# cat aws.html
<html>
<head>
<meta http-equiv="refresh" content="0; url=http://www.linuxfan.cn/awstats/awstats.pl?config=www.linuxfan.cn" />
</head>
<body></body>
</html>
[root@www linuxfan]#
第二章预习