十六.Apache的管理及优化
1.Apache的启用:
设定Apache开启自启,并现在开启,在火墙中添加http为信任服务:
2.Apache的基本信息:
3.Apache的基本配置:
3-1:Apache端口修改:
vim /etc/httpd/conf/httpd.conf
Listen 8080
firewall-cmd --permanent --add-port=8080/tcp
firewall-cmd --reload
systemctl restart httpd
修改默认端口为8080,访问效果如图:
3-2.默认发布文件:
vim /etc/httpd/conf/httpd.conf
DirectoryIndex westos.html index.html
systemctl restart httpd
3-3.默认发布目录:
vim /etc/httpd/conf/httpd.conf
DocumentRoot "/westos/html"
<Directory "/westos/html">
Require all granted 必须要有认证
</Directory>
systemctl restart httpd
4.Apache的访问控制:
4-1:基于客户端ip的访问控制:
#ip白名单#
<Directory "/var/www/html/westos">
Order Deny,Allow
Allow from ip...
Deny from all
</Directory>
先读deny,禁止所有人访问,后读allow,允许ip...访问;
#ip黑名单#
<Directory "/var/www/html/westos">
Order Allow,Deny
Allow from All
Deny from ip...
</Directory>
先读allow,允许所有人访问,后读deny,禁止...访问;
如图所示配置为:只有154开启访问权限:
4-2.基于用户认证的访问控制:
vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/westos">
AuthUserFile /etc/httpd/.htpasswdfile ##指定认证文件
AuthName "Please input your name and password" ##认证提示语
AuthType basic ##认证类型
Require user admin ##允许通过的认证用户 2选1
Require valid-user ##允许所有用户通过认证 2选1
</Directory>
htpasswd -cm /etc/httpd/.htpasswd admin ##生成认证文件(添加用户时需要去掉-c参数,不然之前的用户信息会被覆盖)
注意:
当/etc/httpd/htpasswdfile存在那么在添加用户时不要加-c参数否则会覆盖源文件内容
注意:需要在<Directory “/var/www/html/westos”>中说明开启用户访问控制的文件:
5.Apache的虚拟主机 :
mkdir -p /var/www/westos.com/{
news,wenku}
echo "wenku's page" >/var/www/westos.com/wenku/index.html
echo "news's page" > /var/www/westos.com/news/index.html
echo "default's page" > /var/www/html/index.html
vim /etc/httpd/Vhost.conf
<VirtualHost _default_:80>
DocumentRoot "/var/www/html"
CustomLog logs/default.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName wenku.westos.com
DocumentRoot "/var/www/westos.com/wenku"
CustomLog logs/wenku.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName news.westos.com
DocumentRoot "/var/www/westos.com/news"
CustomLog logs/news.log combined
</VirtualHost>
测试时,别忘了修改/etc/hosts地址解析文件:
6.Apache的语言支持:
#php#
vim /var/www/html/index.php
<?php
phpinfo();
?>
dnf install php -y
systemctl restart httpd
firefox http://192.168.0.11/index.php
#cgi(perl)#
mkdir /var/www/html/cgidir
vim /var/www/html/cgidir/index.cgi
chmod +X /var/www/html/cgidir/index.cgi
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print `date`;
vim /etc/httpd/conf.d/vhost.conf
<Directory "/var/www/html/cgidir">
Options +ExecCGI
AddHandler cgi-script .cgi
</Directory>
systemctl restart httpd
firefox http://192.168.0.11/cgidir/index.cgi
wsgi(python)
mkdir /var/www/html/wsgidir
vim /var/www/html/wsgidir/index.wsgi
def application(env, westos):
westos('200 ok',[('Content-Type','text/html')])
return [b"'hello wsgi'"]
chmod +X /var/www/html/wsgidir/index.wsgi
vim /etc/httpd/conf.d/vhost.conf
<VirtualHost *:80>
ServerName wsgi.westos.org
WSGIScriptAlias / /var/www/html//wsgi-scripts/index.wsgi
</VirtualHost>
dnf install python3 -y
systemctl restart httpd
7.Apache的加密访问(https):
dnf install mod_ssl -y 下载安装加密用的插件
openssl genrsa -out /etc/pki/tls/private/www.westos.com.key 2048 生成私钥(位置随意)
openssl req -new -key /etc/pki/tls/private/www.westos.com.key \
-out /etc/pki/tls/certs/www.westos.com.csr 生成证书签名文件
openssl x509 -req -days 365 -in \
/etc/pki/tls/certs/www.westos.com.csr \
-signkey /etc/pki/tls/private/www.westos.com.key \
-out /etc/pki/tls/certs/www.westos.com.crt 生成证书
x509 证书格式
-req 请求
-in 加载签证名称
-signkey /etc/pki/tls/private/www.westos.com.key
8.Apache 的网页重写功能:
vim /etc/httpd/conf.d/vhost.conf
<VirtualHost *:80>
ServerName login.westos.com
RewriteEngine on
RewriteRule ^(/.*)$ https://%{
HTTP_HOST}$1 ^(/.*)$表示用户在地址栏中输入的内容;$1表示参数后的第一个字符;%{
HTTP_HOST}表示在用户主机中输入
</VirtualHost>
<VirtualHost *:443>
ServerName login.westos.com
DocumentRoot /www/westos.com/login
CustomLog logs/login.log combined
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key
</VirtualHost>
systemctl restart httpd
9.squid 正向代理:
在虚拟机中没有网络连接,但是仍能打开网页:
10.squid反向代理:
