linux Apache

1.apache:

企业中常用的web服务,用来提供http://(超文本传输协议）

2.apache的安装部署:

yum install httpd -y	##apache软件
yum install httpd-manual	##apache的手册
systemctl start httpd
systemctl enable httpd
firewall-cmd --list-all		##列出火墙信息
firewall-cmd --permanent --add-service=http	##永久允许http
firewall-cmd --reload		##火墙重新加载策略

/var/www/html		##apache的/目录，默认发布目录
/var/www/html/index.html	##apache的默认发布文件
vim /var/www/html/index.html	
<h1> hello world </h1>
:wq

测试:

http://172.25.254.160
http://172.25.254.160/manual

3.apache的基础信息

主配置目录：	/etc/httpd/conf
主配置文件：	/etc/httpd/conf/httpd.conf
子配置目录：	/etc/httpd/conf.d/
子配置文件：	/etc/httpd/conf.d/*.conf
默认发布目录：	/var/www/html
默认发布文件：	index.html
默认端口：	80
默认安全上下文：	httpd_sys_content_t
程序开启默认用户：	apache
apache日志：	/etc/httpd/logs/*

修改默认发布文集：
默认发布文集就是访问apache时没有指定文件名称时默认访问的文件
这个文件可以指定多个，有访问顺序

vim /etc/httpd/conf/httpd.conf
164 	DirectoryIndex index.html test.html

修改默认发布目录

120 DocumentRoot "/westos/html"
121 <Directory "/westos/html">
	Require all granted
    </Directory>

semanage fcontext -a -t httpd_sys_content_t '/westos(/.*)?'
restorecon -RvvF /westos/

4.apache的虚拟主机

vim /etc/hosts
172.25.254.160 www.westos.com news.westos.com music.westos.com

vim /etc/httpd/conf.d/adefault.conf
<VirtualHost _default_:80>
	DocumentRoot "/var/www/html"
</VirtualHost>

vim /etc/httpd/conf.d/news.conf
<VirtualHost *:80>
	ServerName news.westos.com	
	DocumentRoot "/var/www/virtual/westos.com/news"
	CustomLog "logs/news.westos.com.logs" combined
</VirtualHost>
<Directory "/var/www/virtual/westos.com/news">
	Require all granted
</Directory>

cp news.conf music.conf
vim music.conf
:%s/news/music/g

vim /var/www/virtual/westos.com/news/index.html
news

vim /var/www/virtual/westos.com/music/index.html
music

5.apache内部的访问控制

1.针对于主机的访问控制

<Directory "/var/www/html">
	Order deny,allow
	Allow from 172.25.254.160
	Deny from all
</Directory>

2.用户方式的访问控制

htpasswd -cm	/etc/httpd/htuser admin
再次创建用户是用：
htpasswd -m /etc/httpd/htuser admin1

mkdir /var/www/html/admin
vim /var/www/html/admin/index.html

vim adefault.conf
<Directory "/var/www/html/admin">
	AuthUserFile /etc/httpd/htuser
	AuthName "Please input your username and password"
	AuthType basic			##基础验证方式
#	Require	user admin		##指定用户可登陆
	Require valid-user		##通过验证用户可登陆
</Directory>

apache可执行语言

1.html

2.php

yum install php -y
vim /var/www/html/index.php
<?php
	phpinfo();
?>

systemctl restart httpd
测试
172.25.254.160/index.php

3.cgi

mkdir /var/www/html/cgi
semange fcontent -a -t httpd_sys_script_exec_t '/var/www/html/cgi(/.*)?'
restorecon -RvvF /var/www/html/cgi/

vim /var/www/html/cgi/index.cgi
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print `date`;

chmod +x /var/www/html/cgi/index.cgi
/var/www/html/cgi/index.cgi   ##执行脚本保证运行正常

vim adefault.conf
<Directory "/var/www/html/cgi">
	Options +ExecCGI
	AddHandler cgi-script .cgi
</Directory>

systemctl restart httpd

4.wsgi

yum install mod_wsgi -y

vim /var/www/html/cgi/westos.wsgi
import time

def application (environ, start_response):
  response_body = 'UNIX EPOCH time is now: %s\n' % time.time()
  status = '200 OK'
  response_headers = [('Content-Type', 'text/plain'),
                      ('Content-Length', '1'),
                      ('Content-Length', str(len(response_body)))]
  start_response(status, response_headers)
  return [response_body]

vim /etc/httpd/conf.d/adefault.conf
<VirtualHost _default_:80>
	DocumentRoot "/var/www/html"
	WSGIScriptAlias /WSGI	/var/www/html/cgi/westos.wsgi
</VirtualHost>

systemctl restart httpd 

7.https

yum install mod_ssl -y                    ## 可使用https
yum install crypto-utils -y		## 可修改安全证书

genkey www.westos.com

vim /etc/httpd/conf.d/ssl.conf
101 SSLCertificateFile /etc/pki/tls/verts/www.westos.com.crt
109 SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key

测试：https://www.westos.com

8.设定https虚拟主机并设定网页重写

vim /etc/httpd/conf.d/login.html
<VirtualHost *:80>
	ServerName "login.westos.com"
	RewriteEngine on
	RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
</VirtualHost>
<VirtualHost *:443>
	ServerName "login.westos.com"
	DocumentRoot "/var/www/virtual/westos.com/login"
	CustomLog logs/login.log	combined
	SSLEngine on
	SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
	SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key
</VirtualHost>
<Directory "/var/www/virtual/westos.com/login">
	Require all granted
</Directory>

mkdir /var/www/virtual/westos.com/login
vim /var/www/virtual/westos.com/login/index.html

vim /etc/hosts
172.25.254.160 login.westos.com

^(/.*)$		##客户在浏览器地址栏中输入的所有字符
https://	##强制客户加密访问
%{HTTP_HOST}	##客户请求主机
$1		##"$1"表示 ^(/.*)$的值

squid 服务

9.vpn代理上网

首先得有一个主机可以上网 并与测试主机在同一个网段
在可上网主机中：

yum install squid -y
vim /etc/squid/squid.conf
56 http_access allow all         ##允许其他主机使用此代理

62 cache_dir ufs /var/spoll/squid 100 16 256   ##打开缓存目录

在测试主机中：

在浏览器中Edit-Preferences-Advanced-Network-Settings
Manual proxy configuration:
HTTP Proxy: 172.25.254.160 Port 3128
Use this proxy server for all protocols

10 反向代理

当访问80时代理显示160内容

在80中设置：

yum install squid -y
vim /etc/squid/squid.conf
56 http_access allow all
59 http_port 80 vhost vport        ##虚拟主机 虚拟端口 当访问80/80端口时 用代理服务
60 cache_peer 172.25.254.160 parent 80 0 proxy-only  ##160作为父级 访问160/80端口 0没有其他代理 
62 cache_dir ufs /var/spoll/squid 100 16 256

11 设置轮换

vim /etc/squid/squid.conf
60 cache_peer 172.25.254.160 parent 80 0 proxy-only originserver name=web1 round-robin weight=2 ##访问两次后换 
61 cache_peer 172.25.254.100 parent 80 0 proxy-only originserver name=web1 round-robin
cache_peer_domain web1 web2 www.westos.com

12 论坛上线

systemctl start mariadb
unzip Discuz_X3.2_SC_UTF8.zip
cd upload/
chmod 777 -R config/
chmod 777 -R data/

semanage fcontext -l | grep httpd 
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/upload(/.*)?'

restorecon -FvvR /var/www/html/upload/
chmod 777 uc_* -R