首页 > 代码库 > apache

apache

##apache##

 

 

将实验机的hostname改为web1.web1.com

 

1.安装httpd服务,并启动httpd

[root@web1 ~]# yum install httpd -y

[root@web1 ~]# systemctl start httpd

 

cd到/var/www/html

[root@web1 ~]# cd /var/www/html/

 

编辑一个文件index.html(该文件由自己命名)

[root@web1 html]# vim index.html

[root@web1 html]# cat index.html

www.拉闸.com

关闭火墙

[root@web1 html]# firewall-cmd --permanent --add-service=http

success

[root@web1 html]# firewall-cmd --reload

success

 

测试

在真机上访问index.html所在的ip

 技术分享

 

 

2.cd到/etc/httpd/conf.d

[root@web1 html]# cd /etc/httpd/conf.d

[root@web1 conf.d]# ls

autoindex.conf  php.conf  README  userdir.conf  welcome.conf

 

安装mod_ssl  ,crypto-utils

[root@web1 conf.d]# yum install mod_ssl -y

Loaded plugins: langpacks

rhel_dvd            | 4.1 kB     00:00     

 

[root@web1 conf.d]# yum install crypto-utils -y

Loaded plugins: langpacks

 

[root@web1 conf.d]# genkey www.拉闸.com

 技术分享

 

 技术分享

 

在此期间频繁动鼠标键盘,可加快速度

 

 

 

......

subject = CN=www.拉闸.com, OU=linux, O=westos, L=xi‘an, ST=shannxi, C=CN

valid for 1 months

random seed from /etc/pki/tls/.rand.3458

output will be written to /etc/pki/tls/certs/www.拉闸.com.crt

output key written to /etc/pki/tls/private/www.拉闸.com.key

.......

 

编辑ssl.conf

加入证书文件和证书钥匙文件

 

SSLCertificateFile /etc/pki/tls/certs/www.拉闸.com.crt

 

#   Server Private Key:

#   If the key is not combined with the certificate, use this

#   directive to point at the key file.  Keep in mind that if

#   you‘ve both a RSA and a DSA private key you can configure

#   both in parallel (to also allow the use of DSA ciphers, etc.)

SSLCertificateKeyFile /etc/pki/tls/private/www.拉闸.com.key

[root@web1 conf.d]# systemctl restart httpd.service

 

新建一个文件default.conf(自己命名)

[root@web1 conf.d]# vim default.conf

<Virtualhost _default_:80>

        DocumentRoot /var/www/html

        Customlog logs/default.logcombined

</Virtualhost>

 

 

[root@web1 conf.d]# mkdir -p /var/www/virtual/news/html

[root@web1 conf.d]# mkdir -p /var/www/virtual/ent/html

新建一个文件news.conf(自己命名)

[root@web1 conf.d]# vim news.conf

<Virtualhost *:80>

        ServerName news.lazha.com

        DocumentRoot /var/www/virtual/news/html

        Customlog logs/news.log combined

</Virtualhost>

<Directory "/var/www/virtual/news/html">

        Require all granted

</Directory>

[root@web1 conf.d]# cp news.conf ent.conf

[root@web1 conf.d]# vim ent.conf

<Virtualhost *:80>

        ServerName ent.lazha.com

        DocumentRoot /var/www/virtual/ent/html

        Customlog logs/ent.log  combined

</Virtualhost>

<Directory "/var/www/virtual/ent/html">

        Require all granted

</Directory>

 

[root@web1 conf.d]# echo news.lazha.com > /var/www/virtual/news/html/index.html

[root@web1 conf.d]# echo ent.lazha.com > /var/www/virtual/ent/html/index.html

[root@web1 conf.d]# systemctl restart httpd.service

在浏览器所在主机编辑/etc/hosts

[root@foundation20 ~]# vim /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

172.25.254.220 www.westos.com  westos.com music.westos.com news.westos.com

172.25.254.120 www.拉闸.com   news.lazha.com  ent.lazha.com##添加

 技术分享

 

 

3.网页重写

[root@web1 conf.d]# vim news.conf

<Virtualhost *:80>

        ServerName news.lazha.com

        RewriteEngine on

        RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]

</Virtualhost>

<Directory "/var/www/virtual/news/html">

        Require all granted

</Directory>

<Virtualhost *:443>##

        ServerName news.lazha.com   ##

        DocumentRoot /var/www/virtual/news/html   ##

        Customlog logs/news-443.log     combined   ##

        SSLEngine on   ##子网页的https登陆

        SSLCertificateFile /etc/pki/tls/certs/www.拉闸.com.crt##

        SSLCertificateKeyFile /etc/pki/tls/private/www.拉闸.com.key  ##

</Virtualhost> ##

[root@web1 conf.d]# systemctl restart httpd.service

 

测试:

在真机浏览器输入:http://news.lazha.com

此时上述输入的域名会自动变为:https://news.lazha.com

 技术分享

 

 

 

 

4.php网页和cgi网页

cd到/var/www/html

新建并编辑文件index.php

[root@web1 conf.d]# cd /var/www/html/

[root@web1 html]# ls

index.html  saozhu

[root@web1 html]# vim index.php

<?php

phpinfo ();

?>

~                                                                       

~      

[root@web1 html]# vim /etc/httpd/conf/httpd.conf

164     DirectoryIndex index.php index.html

[root@web1 html]# systemctl restart httpd.service

 

[root@web1 html]# yum install php -y

Loaded plugins: langpacks

[root@web1 cgi]# yum install php-mysql.x86_64 -y

Loaded plugins: langpacks

测试:此时在网页输入172.25.254.2显示页面为

 技术分享

 

 

 

[root@web1 cgi]# yum install httpd-manual -y

Loaded plugins: langpacks

Resolving Dependencies

--> Running transaction check

......

下载完manual可以在172.25.254.2/manual里的CGL:Dyanmic Content里查看下面所编辑的文件的内容

[root@web1 cgi]# vim index.cgi

#!/usr/bin/perl

print "Content-type: text/html\n\n";

print `date`;

[root@web1 cgi]# chmod +x index.cgi

[root@web1 cgi]# perl index.cgi

Content-type: text/html

 

Sat Dec 10 00:00:54 EST 2016

 

[root@web1 conf.d]# vim default.conf

<Virtualhost _default_:80>

        DocumentRoot /var/www/html

        Customlog "logs/default.log"    combined

</Virtualhost>

<Directory "/var/www/html/cgi">

        Options +ExecCGI

        AddHandler cgi-script .cgi

</Directory>

[root@web1 conf.d]# systemctl restart httpd.service

测试:

在浏览器输入172.25.254.2/cgi

 技术分享

 技术分享

 

刷新页面会看到时间的变化

 

*****

在此项实验如果未关闭selinux的情况下可做如下操作

 

[root@web1 conf.d]# cd /var/www

[root@web1 www]# ls

cgi-bin  html  virtual

[root@web1 www]# ls -Zd cgi-bin/

drwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0 cgi-bin/

[root@web1 www]# semanage fcontext -a -t httpd_sys_script_exec_t

[root@web1 www]# semanage fcontext -a -t httpd_sys_script_exec_t ‘/var/www/html/cgi(/.*)?‘

[root@web1 www]# restorecon -FvvR /var/www/html/cgi/##刷新标签(将之前的标签改为改过后的标签)

restorecon reset /var/www/html/cgi context unconfined_u:object_r:httpd_sys_content_t:s0->system_u:object_r:httpd_sys_script_exec_t:s0

restorecon reset /var/www/html/cgi/index.cgi context unconfined_u:object_r:httpd_sys_content_t:s0->system_u:object_r:httpd_sys_script_exec_t:s0

[root@web1 www]# getenforce

Enforcing

*****

 

5.搭建论坛

[root@web1 www]# yum install mariadb-server -y

Loaded plugins: langpacks

[root@web1 www]# systemctl start mariadb

[root@web1 ~]# netstat  -antple | grep mysql

tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      27         94425      6820/mysqld         

[root@web1 ~]# vim /etc/my.cnf

# instructions in http://fedoraproject.org/wiki/Systemd    

skip-networking=1##隐藏mysql的端口,不让它在互联网里暴露,确保数据库网络环境安全这行是加入的

[root@web1 ~]# systemctl restart mariadb

[root@web1 ~]# netstat  -antple | grep mysql

没有显示

[root@web1 html]# unzip Discuz_X3.2_SC_UTF8.zip

[root@web1 html]# ls

cgi                      index.html  readme  upload

Discuz_X3.2_SC_UTF8.zip  index.php   saozhu  utility

[root@web1 html]# chmod 777 upload/data/ upload/config/ -R

[root@web1 html]# setenforce 0

[root@web1 html]# systemctl restart httpd.service

 技术分享

 

 

squid正向代理

[root@web1 html]# yum install squid -y

Loaded plugins: langpacks

Resolving Dependencies

[root@web1 squid]# vim /etc/squid/squid.conf

 56 http_access allow all

  57

 58 # Squid normally listens to port 3128

 59 http_port 3128

  60

 61 # Uncomment and adjust the following to add a disk cache directory.

 62 cache_dir ufs /var/spool/squid 100 16 256

[root@web1 squid]# systemctl restart squid.service

 

 

技术分享

技术分享



 

 

squid反向代理

在要做实验的主机上卸载httpd服务并删除残留文件

[root@web1 ~]# yum remove httpd -y

Loaded plugins: langpacks

Resolving Dependencies

..

warning: /etc/httpd/conf/httpd.conf saved as /etc/httpd/conf/httpd.conf.rpmsave

  Verifying  : php-5.4.16-21.el7.x86_64                                     1/4

  Verifying  : 1:mod_ssl-2.4.6-17.el7.x86_64                                2/4

  Verifying  : httpd-manual-2.4.6-17.el7.noarch                             3/4

  Verifying  : httpd-2.4.6-17.el7.x86_64                                    4/4

 

Removed:

  httpd.x86_64 0:2.4.6-17.el7                                                   

 

Dependency Removed:

  httpd-manual.noarch 0:2.4.6-17.el7        mod_ssl.x86_64 1:2.4.6-17.el7       

  php.x86_64 0:5.4.16-21.el7               

 

Complete!

 

[root@web1 ~]#rm -fr /etc/httpd

此时在其他主机上访问不到本主机的ip (访问出错)

 

安装squid服务

[root@web1 ~]# yum install squid -y

[root@web1 ~]# systemctl start squid

[root@web1 etc]# vim /etc/squid/squid.conf

 56 http_access allow all

 57

 58 # Squid normally listens to port 3128

 59 http_port 80 vhost vport

 60 cache_peer 172.25.254.3 parent 80 0 no-query

     |||| || || ||

                                                       

 61 # Uncomment and adjust the following to add a disk cache directory.

 62 cache_dir ufs /var/spool/squid 100 16 256

 

[root@web1 etc]# systemctl restart squid.service

测试

在真机上用浏览器访问172.25.254.120显示的结果是172.25.254.3的默认发布目录里的东西

 

默认发布目录在/var/www/html下边

vim /etc/httpd/conf/httpd.conf

 

[root@web1 etc]# vim /etc/squid/squid.conf

 56 http_access allow all

  57

 58 # Squid normally listens to port 3128

 59 http_port 80 vhost vport

 60 cache_peer 172.25.254.3 parent 80 0 no-query originserver round-robin name=web1

 61 cache_peer 172.25.254.4 parent 80 0 no-query originserver round-robin name=web2

 62 cache_peer_domain web1 web2 www.taobao.com

 63 # Uncomment and adjust the following to add a disk cache directory.

 64 cache_dir ufs /var/spool/squid 100 16 256

[root@web1 etc]# systemctl restart squid.service

[root@web1 etc]# systemctl stop firewalld.service

测试

[root@foundation20 ~]# vim /etc/hosts

172.25.254.120 www.westos.com   news.westos.com  ent.westos.com www.taobao.com

~   

在真机上通过浏览器访问www.taobao.com 刷新就会看见ip为172.25.254.3和172.25.254.4的默认发布目录里的内容


本文出自 “12288655” 博客,谢绝转载!

apache