CentOS httpd服務（Apache）

 

一、從ISO鏡像安裝，Apache 服務的軟件包名稱爲 httpd

#檢查源配置
[root@localhost media]# cat /etc/yum.repos.d/CentOS-Media.repo 
# CentOS-Media.repo
#
#  This repo can be used with mounted DVD media, verify the mount point for
#  CentOS-7.  You can use this repo and yum to install items directly off the
#  DVD ISO that we release.
#
# To use this repo, put in your DVD and use it with the other repos too:
#  yum --enablerepo=c7-media [command]
#  
# or for ONLY the media repo, do this:
#
#  yum --disablerepo=\* --enablerepo=c7-media [command]

[c7-media]
name=CentOS-$releasever - Media
baseurl=file:///media/CentOS/
        file:///media/cdrom/
        file:///media/cdrecorder/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#掛載cdrom，掛載點和repo配置相同
mount /dev/cdrom /media/cdrom

#安裝httpd
[root@localhost media]# yum install httpd

#啓動服務
[root@localhost media]# systemctl start httpd
[root@localhost media]# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: active (running) since 一 2019-01-21 16:11:38 CST; 5s ago
     Docs: man:httpd(8)
           man:apachectl(8)
 Main PID: 6702 (httpd)
。。。 。。。

#設置自動啓動
systemctl enable httpd

#永久打開80端口
[root@localhost media]# firewall-cmd --zone=public --add-port=80/tcp --permanent

#也能夠打開防火牆的http服務，打開http服務後，默認會打開80端口，當時在firewall-cmd --list-ports裏看不到
#能夠在/etc/services裏查看全部服務註冊的端口
[root@bigdata-senior01 etc]# firewall-cmd --zone=public --add-service=http --permanent

至此，從瀏覽器能夠訪問缺省頁面。

二、配置

缺省配置目錄：

服務目錄       /etc/httpd
主配置文件     /etc/httpd/conf/httpd.conf
網站數據目錄   /var/www/html
訪問日誌      /var/log/httpd/access_log
錯誤日誌     /var/log/httpd/error_log

2.一、配置文件主要參數/etc/httpd/conf/httpd.conf

ServerRoot  服務目錄
ServerAdmin  管理員郵箱
User  運行服務的用戶
Group  運行服務的用戶組
ServerName  網站服務器的域名
DocumentRoot  網站數據目錄
Directory 網站數據目錄的權限
Listen  監聽的 IP 地址與端口號
DirectoryIndex  默認的索引頁頁面
ErrorLog  錯誤日誌文件
CustomLog  訪問日誌文件
Timeout  網頁超時時間，默認爲 300 秒

2.二、替換網站缺省的頁面

#靜態網站通常以index.html爲啓動頁面，在網絡目錄裏放入一個index.html頁面替換apache的缺省頁面
[root@localhost html]# pwd
/var/www/html
[root@localhost html]# echo "welcome visit my homepage..." > index.html
[root@localhost html]# ls
index.html

生產環境網站的數據文件總體放入/var/www/html便可

2.三、從新設定網站的數據目錄

[root@localhost html]# mkdir /home/wwwroot
[root@localhost html]# cd /home/wwwroot/
[root@localhost wwwroot]# echo "welcome my new page..." > index.html
[root@localhost wwwroot]# ls
index.html

#修改DocumentRoot和<Directory "">
[root@localhost conf]# vi /etc/httpd/conf/httpd.conf

#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
# DocumentRoot "/var/www/html"
DocumentRoot "/home/wwwroot"

#
# Relax access to content within /var/www.
#
<Directory "/home/wwwroot">
    AllowOverride None
    # Allow open access:
    Require all granted
</Directory>


。。。。。。
#重啓httpd服務
[root@localhost conf]# systemctl restart httpd

從新訪問：

頁面已經變化。

若是出現「Forbidden,You don't have permission to access /index.html on this server.」，則多是SELinux的權限致使的。

這要從新配置SELinux權限，或者直接關閉SELinux權限。

#權限disabled
[root@localhost conf]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
#SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 

 三、開啓我的用戶主頁

#編輯配置文件
[root@localhost conf.d]# vi /etc/httpd/conf.d/userdir.conf

#
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
# The path to the end user account 'public_html' directory must be
# accessible to the webserver userid.  This usually means that ~userid
# must have permissions of 711, ~userid/public_html must have permissions
# of 755, and documents contained therein must be world-readable.
# Otherwise, the client will only receive a "403 Forbidden" message.
#
<IfModule mod_userdir.c>
    #
    # UserDir is disabled by default since it can confirm the presence
    # of a username on the system (depending on home directory
    # permissions).
    #
    #UserDir disabled #是否容許我的主頁

    #
    # To enable requests to /~user/ to serve the user's public_html
    # directory, remove the "UserDir disabled" line above, and uncomment
    # the following line instead:
    #
    UserDir public_html #主頁目錄 </IfModule>

#
# Control access to UserDir directories.  The following is an example
# for a site where these directories are restricted to read-only.
#
<Directory "/home/*/public_html">

家目錄的權限修改成 755，保證其餘人也有權限讀取

mkdir public_html
chmod -R 755 /home/es
[es@localhost public_html]$ echo "this is a homepage of es" > index.html

而後使用「網址/~用戶名」（其中的波浪號是必需的，並且網址、波浪號、用戶名之間沒有空格），確保Selinux權限是關閉的。

四、給主頁加上用戶和密碼認證

#生成兩個用戶es和xu.dm
[root@localhost httpd]# htpasswd -c /etc/httpd/.htpasswd es
New password: 
Re-type new password: 
Adding password for user es
[root@localhost httpd]# htpasswd /etc/httpd/.htpasswd xu.dm
New password: 
Re-type new password: 
Adding password for user xu.dm


[root@localhost httpd]# vi conf.d/userdir.conf 
#
# Control access to UserDir directories.  The following is an example
# for a site where these directories are restricted to read-only.
#
<Directory "/home/*/public_html">
   # AllowOverride FileInfo AuthConfig Limit Indexes
   # Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
   #  Require method GET POST OPTIONS
   AllowOverride all
   #剛剛生成出來的密碼驗證文件保存路徑
   authuserfile "/etc/httpd/.htpasswd"
   #當用戶嘗試訪問我的用戶網站時的提示信息
   authname "need user&password privately website"
   authtype basic
   #用戶進行帳戶密碼登陸時須要驗證的用戶名稱,valid-user表示authuserfile裏的用戶
   require valid-user
</Directory>


[root@localhost httpd]# systemctl restart httpd

參數：

AuthName：認證描述，填寫的內容會出如今認證窗口的提示信息中。

AuthType：認證類型，在HTTP1.0中，只有一種認證類型：basic。在HTTP1.1中有幾種認證類型，如：MD5。

AuthUserFile：指定一個包含用戶名和密碼的文本文件，每行對應一個用戶。

AuthGroupFile：指定包含用戶組清單和這些組的成員清單的文本文件。組的成員之間用空格分開，如：managers:user1 user2。

require：指定哪些用戶或組才能被受權訪問，如：

require user user1 user2 （只有用戶user1和user2能夠訪問)

require group managers (只有組managers中成員能夠訪問)

require valid-user (在AuthUserFile指定的文件中任何用戶均可以訪問)

另一種方式：

在須要認證的應用根目錄下，建立.htaccess文件，內容以下：
AuthName "User Authentication"
AuthType basic
AuthUserFile /etc/hattpd/.htpasswd
require valid-user

修改/etc/httpd/conf/httpd.conf配置文件，或者是用戶userdir.conf，將Directory標籤中的AllowOverride參數值修改成All，以下：

AllowOverride All

修改後的配置表示的含義爲：/var/www/html目錄下或者/home/*/public_html每一個應用的訪問權限由該目錄下的.htaccess文件來控制。

保存後，重啓apache

 五、虛擬主機

利用虛擬主機功能，能夠把一臺處於運行狀態的物理服務器分割成多個「虛擬的服務器」。

該技術沒法實現目前雲主機技術的硬件資源隔離，讓這些虛擬的服務器共同使用物理服務器的硬件資源，供應商只能限制硬盤的使用空間大小。

Apache 的虛擬主機功能是服務器基於用戶請求的不一樣 IP 地址、主機域名或端口號，實現提供多個網站同時爲外部提供訪問服務的技術。

5.一、基於IP，確保IP均可以鏈接

[root@bigdata-senior01 ~]# vi /etc/httpd/conf/httpd.conf
... ...
#追加以下內容
 <VirtualHost 192.168.31.10>
   DocumentRoot /home/wwwroot/10
   ServerName www.home10.com
         <Directory /home/wwwroot/10 >
           AllowOverride None
           Require all granted
        </Directory>
 </VirtualHost>
 <VirtualHost 192.168.31.11>
   DocumentRoot /home/wwwroot/11
   ServerName www.home11.com
        <Directory /home/wwwroot/11 >
          AllowOverride None
          Require all granted
         </Directory>
 </VirtualHost>
... ...

5.二、基於域名

[root@bigdata-senior01 bbs]# vi /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.31.10 bigdata-senior01.home.com www.home10.com
192.168.31.11 www.home11.com bbs.home.com


[root@bigdata-senior01 wwwroot]# vi /etc/httpd/conf/httpd.conf 
。。。 。。。
 <VirtualHost 192.168.31.10>
   DocumentRoot /home/wwwroot/10
   ServerName www.home10.com
         <Directory /home/wwwroot/10 >
           AllowOverride None
           Require all granted
        </Directory>
 </VirtualHost>
 <VirtualHost 192.168.31.11>
   DocumentRoot /home/wwwroot/11
   ServerName www.home11.com
        <Directory /home/wwwroot/11 >
          AllowOverride None
          Require all granted
         </Directory>
 </VirtualHost>
 <VirtualHost 192.168.31.11>
   DocumentRoot /home/wwwroot/bbs
   ServerName bbs.home.com
        <Directory /home/wwwroot/bbs >
          AllowOverride None
          Require all granted
         </Directory>
 </VirtualHost>

[root@bigdata-senior01 wwwroot]# systemctl restart httpd
#在本機上測試，沒有瀏覽器，用curl簡單測試
[root@bigdata-senior01 wwwroot]# curl bbs.home.com
this is a bbs

 5.三、基於端口

[root@bigdata-senior01 wwwroot]# ls
10  11  9092  9093  9094  bbs  index.html
[root@bigdata-senior01 wwwroot]# echo "listen port:9092" > 9092/index.html
[root@bigdata-senior01 wwwroot]# echo "listen port:9093" > 9093/index.html
[root@bigdata-senior01 wwwroot]# cat 9092/index.html 
listen port:9092

[root@bigdata-senior01 wwwroot]# vi /etc/httpd/conf/httpd.conf 
。。。。。。
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80
Listen 9092
Listen 9093

 <VirtualHost 192.168.31.10:9092>
   DocumentRoot /home/wwwroot/9092
   ServerName www.home10.com
        <Directory /home/wwwroot/bbs >
          AllowOverride None 
          Require all granted
         </Directory>
 </VirtualHost>
 <VirtualHost 192.168.31.10:9093>
   DocumentRoot /home/wwwroot/9093
   ServerName www.home10.com
        <Directory /home/wwwroot/bbs >
          AllowOverride None
          Require all granted
         </Directory>
 </VirtualHost>
。。。