筆記十

時間 2019-12-19

標籤筆記简体版

原文原文鏈接

6.遠程郵件發送權限php

useradd lzthtml

passwd lztjava

cd /etc/postfix/mysql

vim /etc/postfix/access 修改內容爲:linux

在最後一行添加所要禁止的 ip REJECTios

如:172.25.254.8 REJECT nginx

postmap access ##執行完此條命令會發現出現一個新的access.db文件web

postconf -d | grep clientsql

@@smtpd_client_restrictions =##此行爲上條命令顯示結果的倒數第二行，爲所需數據庫

postconf -e "smtpd_client_restrictions = check_client_access hash:/etc/postfix/access" ##此處hash後的文件不用加.db文件類型

systemctl restart postfix.service

vim /etc/postfix/main.cf 可發如今文件末尾會添加:

smtpd_client_restrictions = check_client_access hash:/etc/postfix/access

解除限制:

vim /etc/postfix/access

刪除最後一行所要禁止的 ip REJECT

postmap access

systemctl restart postfix.service

實例:

[root@mailwestos ~]# useradd lzt

[root@mailwestos ~]# passwd lzt

Changing password for user lzt.

[root@mailwestos ~]# cd /etc/postfix/

[root@mailwestos postfix]# ls

access generic header_checks master.cf transport

canonical generic.db main.cf relocated virtual

[root@mailwestos postfix]# vim access

在最後一行添加 172.25.254.8 REJECT

[root@mailwestos postfix]# postmap access

[root@mailwestos postfix]# ls

access canonical generic.db main.cf relocated virtual

access.db generic header_checks master.cf transport

[root@mailwestos postfix]# postconf -e | grep client

[root@mailwestos postfix]# postconf -d | grep client

broken_sasl_auth_clients = no

local_header_rewrite_clients = permit_inet_interfaces

smtpd_client_restrictions =##此行爲下條命令所須要的

unknown_client_reject_code = 450

[root@mailwestos postfix]# postconf -e "smtpd_client_restrictions = check_client_access hash:/etc/postfix/access"

[root@mailwestos postfix]# systemctl restart postfix.service

實例測試:

[kiosk@foundation7 Desktop]$ ssh root@172.25.254.8

root@172.25.254.8's password:

Last login: Sat Dec 3 09:25:19 2016

[root@foundation8 ~]# telnet 172.25.254.207 25

Trying 172.25.254.207...

Connected to 172.25.254.207.

Escape character is '^]'.

220 mailwestos.westos.com ESMTP Postfix

mail from:lzt@westos.com

250 2.1.0 Ok

rcpt to:root@westos.com

554 5.7.1 <unknown[172.25.254.8]>: Client host rejected: Access denied

421 4.4.2 mailwestos.westos.com Error: timeout exceeded

Connection closed by foreign host.

[root@foundation8 ~]# logout

Connection to 172.25.254.8 closed.

[kiosk@foundation7 Desktop]$ telnet 172.25.254.207 25

Trying 172.25.254.207...

Connected to 172.25.254.207.

Escape character is '^]'.

220 mailwestos.westos.com ESMTP Postfix

mail lzt@westos.com

501 5.5.4 Syntax: MAIL FROM:<address>

mail from:lzt@westos.com

250 2.1.0 Ok

rcpt to:root@westos.com

250 2.1.5 Ok

data

354 End data with <CR><LF>.<CR><LF>

250 2.0.0 Ok: queued as 3AB8E17E81D

quit

221 2.0.0 Bye

Connection closed by foreign host.

7.經過發件人地址進行限制

cd /etc/postfix/

vim sender ##此文件須要本身創建

修改內容爲: user@域名 REJECT##表示禁止user發送郵件

如:

lzt@westos.com REJECT##表示禁止用戶lzt發送郵件

postmap sender

postconf -d | grep sender

@@ smtpd_sender_restrictions =##此行爲上條命令結果的倒數第五行，爲所需

postconf -e "smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender"

systemctl restart postfix.service

解除:

vim sender

刪除上步所添加的內容 user@westos.com REJECT

postmap sender

systemctl restart postfix.service

實例:

[root@mailwestos postfix]# vim sender

修改內容爲: lzt@westos.com REJECT

[root@mailwestos postfix]# postmap sender

[root@mailwestos postfix]# ls

access canonical generic.db main.cf relocated sender.db virtual

access.db generic header_checks master.cf sender transport

[root@mailwestos postfix]# postconf -d | grep sender

smtpd_reject_unlisted_sender = no

smtpd_sender_login_maps =

smtpd_sender_restrictions =##此行爲所需

unverified_sender_defer_code = 450

unverified_sender_reject_code = 450

[root@mailwestos postfix]# postconf -e "smtpd_sender_restrictions ="

[root@mailwestos postfix]# postconf -e "smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender"

[root@mailwestos postfix]# systemctl restart postfix.service

解除實例:

[root@mailwestos postfix]# vim sender

刪除上步所添加的內容 lzt@westos.com REJECT

[root@mailwestos postfix]# postmap sender

[root@mailwestos postfix]# systemctl restart postfix.service

實例測試:

[kiosk@foundation7 Desktop]$ telnet 172.25.254.207 25

Trying 172.25.254.207...

Connected to 172.25.254.207.

Escape character is '^]'.

220 mailwestos.westos.com ESMTP Postfix

mail from:student@westos.com

250 2.1.0 Ok

rcpt to:root@westos.com

250 2.1.5 Ok

data

354 End data with <CR><LF>.<CR><LF>

bb.

250 2.0.0 Ok: queued as 4588D17E81D

quit

221 2.0.0 Bye

Connection closed by foreign host.

[kiosk@foundation7 Desktop]$ telnet 172.25.254.207 25

Trying 172.25.254.207...

Connected to 172.25.254.207.

Escape character is '^]'.

220 mailwestos.westos.com ESMTP Postfix

mail from:lzt@westos.com

250 2.1.0 Ok

rcpt to:root@westos.com

554 5.7.1 <lzt@westos.com>: Sender address rejected: Access denied

421 4.4.2 mailwestos.westos.com Error: timeout exceeded

Connection closed by foreign host.

解除後的實例測試:

[kiosk@foundation7 Desktop]$ telnet 172.25.254.207 25

Trying 172.25.254.207...

Connected to 172.25.254.207.

Escape character is '^]'.

220 mailwestos.westos.com ESMTP Postfix

mail from:lzt@westos.com

250 2.1.0 Ok

rcpt to:root@westos.com

250 2.1.5 Ok

data

354 End data with <CR><LF>.<CR><LF>

250 2.0.0 Ok: queued as 9448717E81D

quit

221 2.0.0 Bye

Connection closed by foreign host.

8.不能接收郵件

cd /etc/postfix/

vim recipient

user@域名 REJECT##表示禁止user接收郵件

如:

lzt@westos.com REJECT##表示禁止用戶lzt接收郵件

postmap recipient

postconf -d | grep recipient

@@ smtpd_recipient_restrictions =##此行爲所需行

postconf -e "smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient"

systemctl restart postfix.service

解除:

vim recipient

刪除 user@域名 REJECT

postmap recipient

systemctl restart postfix.service

實例:

[root@mailwestos postfix]# vim /etc/postfix/recipient##此文件須要本身創建

修改內容爲: lzt@westos.com REJECT

[root@mailwestos postfix]# postmap /etc/postfix/recipient

[root@mailwestos postfix]# postconf -d | grep recipient

smtpd_recipient_restrictions =

[root@mailwestos postfix]# postconf -e "smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient"

[root@mailwestos postfix]# systemctl restart postfix.service

實例測試:

[kiosk@foundation7 Desktop]$ telnet 172.25.254.207 25

Trying 172.25.254.207...

Connected to 172.25.254.207.

Escape character is '^]'.

220 mailwestos.westos.com ESMTP Postfix

mail from:root@westos.com

250 2.1.0 Ok

rcpt to:lzt@westos.com

554 5.7.1 <lzt@westos.com>: Recipient address rejected: Access denied

421 4.4.2 mailwestos.westos.com Error: timeout exceeded

Connection closed by foreign host.

作完實驗後刪除 /etc/postfix/main.cf 文件中 679 行以後的內容

#########郵件的收發(與圖形化界面)#########

server端(172.25.254.207):

yum install dovecot -y

cd /etc/dovecot/

vim dovecot.conf

24 protocols = imap pop3 lmtp

48 login_trusted_networks = 0.0.0.0/0

49 disable_plaintext_auth = no

cd conf.d/

vim 10-mail.conf

mail_location = mbox:~/mail:INBOX=/var/mail/%u

systemctl start dovecot

>/var/log/maillog

測試(在真機上):

yum install mutt -y

mutt -f imap://lzt@172.25.254.207

在server端查看日誌:

cat /var/log/maillog

若報錯信息爲沒法找到文件:Error:chown(/home/lzt/mail/.imap)

su - lzt

cd mail/

ls -a

mkdir .imap (執行完後，在真機上再次執行 mutt -f imap://lzt@172.25.254.207，若仍是被拒絕，執行以下:)

查看日誌:

cat /var/log/maillog

若報錯信息爲沒法找到文件:Error:chown(/home/lzt/mail/.imap/INBOX)

su - lzt

cd mail/.imap/

touch INBOX (執行完後，在真機上再次執行 mutt -f imap://lzt@172.25.254.207,此時應該能夠看到用戶 lzt 的郵件)

在desktop端(172.25.254.107):

cd /mnt/

yum install lftp -y

lftp 172.25.254.250

lftp 172.25.254.250:~>cd pub/docs/software/

lftp 172.25.254.250:/pub/docs/software> get thunderbird-31.4.0.tar.bz2

tar jxf thunderbird-31.4.0.tar.bz2

cd thunderbird/

@@{

./thunderbird

(執行完後會出現，環境不支持的信息，如:-bash:./thunderbird:/lib/ld-linux.so.2:bad ELF:NO such file)

執行:

yum whatprovides /lib/ld-linux.so.2

執行完後，會出現支持環境的軟件，如:

Loaded plugins: langpacks

glibc-2.17-55.el7.i686 : The GNU libc libraries

執行:

yum install glibc-2.17-55.el7.i686 -y

}@@

重複執行上述@@{}@@中的內容，知道下載好全部的環境支持

此時，再次執行 ./thunderbird 若仍是出現報錯

(若環境支持已經肯定所有作完，極有多是由於是使用 ssh 服務時沒有加 -X 即，沒有開啓圖形支持，退出後 logout ，從新鏈接 ssh root@172.25.254.107 -X，再次執行 ./thunderbird 會開啓圖形界面)

進入 "雷鳥" 圖形頁面後:

您的大名:lzt##此處的名字爲 server 端虛擬機裏的用戶，用的時server機裏本地用戶名稱

電子郵件地址:lzt@westos.com

密碼: 空

點擊"肯定"

服務器主機名稱埠SSL認證

收件: IMAP 172.25.254.207143無自動偵測

寄件: SMTP 172.25.254.20725無自動偵測

使用者名稱: 收件: lzt寄件:lzt

點擊"從新測試"--> "完成"

此時圖形化界面已配置好

(圖形界面裏不能加入 root 用戶，通常 student 用戶可不加入，由於系統對其有特殊設置)

#######postfix + mysql######

server端(172.25.254.207):

yum install mariadb-server -y

systemctl start mariadb

yum install httpd php php-mysql -y

cd /var/www/html/

yum install lftp

lftp 172.25.254.250

lftp 172.25.254.250:~>cd pub/docs/software/

lftp 172.25.254.250:/pub/docs/software> get phpMyAdmin-3.4.0-all-languages.tar.bz2

tar jxf phpMyAdmin-3.4.0-all-languages.tar.bz2

mv phpMyAdmin-3.4.0-all-languages/ myadmin

cd myadmin

cp config.sample.inc.php config.inc.php

vim config.inc.php

17 $cfg['blowfish_secret'] = 'westos'; (此處''號內可添加任意字符)

systemctl start httpd

(若服務長時間起不來，編輯文件 /etc/hosts --> 172.25.254.207 mailwestos.westos.com, 而後重啓服務: systemctl start httpd)

systemctl restart mariadb@@@必定要重啓

mysql_secure_installation

/usr/bin/mysql_secure_installation: line 379: find_mysql_client: command not found

Set root password? [Y/n]

New password: ##輸入密碼

Re-enter new password: ##確認密碼

Password updated successfully!

Reloading privilege tables..

... Success!

Remove anonymous users? [Y/n] ##回車

... Success!

Disallow root login remotely? [Y/n] ##回車

... Success!

Remove test database and access to it? [Y/n] ##回車

- Dropping test database...

... Success!

- Removing privileges on test database...

... Success!

Reload privilege tables now? [Y/n] ##回車

... Success!

此時在desktop或者真機瀏覽器裏輸入: 172.25.254.207/myadmin 而後選擇中文模式

新建數據庫: email

在 email 庫裏新建數據表,名爲:muser 字段數:4

字段類型長度/值默認

usernameVARCHAR50

passwordVARCHAR50

domainVARCHAR50

maildirVARCHAR100

給數據表裏添加信息

usernameVARCHAR（50）admin@westos.org

passwordVARCHAR（50）123

domainVARCHAR（50）westos.org

maildirVARCHAR（100）westos.org/admin/(注意:此處的admin必定要寫爲目錄: admin/)

切換回server端:

mysql -uroot -predhat

Welcome to the MariaDB monitor. Commands end with ; or \g.

Your MariaDB connection id is 2

MariaDB [(none)]> CREATE USER postfix@localhost identified by 'postfix';

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT INSERT,UPDATE,SELECT on email.* to postfix@localhost;

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> quit

cd /etc/postfix

vim mysql-users.cf 內容爲:

hosts = localhost

user = postfix

password = postfix

dbname = email

table = muser

select_field = username

where_field = username

postmap -q "admin@westos.org" mysql:/etc/postfix/mysql-users.cf

cp -p mysql-users.cf mysql-domain.cf

vim mysql-domain.cf 修改最後兩行內容爲:

select_field = domain

where_field = domain

postmap -q "westos.org" mysql:/etc/postfix/mysql-domain.cf

cp -p mysql-users.cf mysql-domain.cf

vim mysql-domain.cf 修改最後兩行內容爲:

select_field = maildir

where_field = username

postmap -q "admin@westos.org" mysql:/etc/postfix/mysql-maildir.cf

groupadd vmail -g 666

useradd -u 666 -g 666 vmail -s /sbin/nologin

postconf -d | grep virtual

postconf -e "virtual_gid_maps = static:666"

postconf -e "virtual_uid_maps = static:666"

postconf -e "virtual_mailbox_base = /home/vmail"

postconf -e "virtual_alias_mps = mysql:/etc/postfix/mysql-users.cf"

postconf -e "virtual_mailbox_domains = mysql:/etc/postfix/mysql-domain.cf"

postconf -e "virtual_mailbox_maps = mysql:/etc/postfix/mysql-maildir.cf"

mail admin@westos.org

cd /home/vmail/westos.org/admin

ls 結果爲: cur new tmp

cat new/(tab補齊)##進行查看郵件

cd /etc/dovecot/

vim dovecot.conf

24 protocols = imap pop3 lmtp

48 login_trusted_networks = 0.0.0.0/0

49 disable_plaintext_auth = no

cd /etc/dovecot

cd conf.d/

vim 10-auth.conf 修改內容爲:

第 123 行 !include auth-sql.conf.ext

cd /usr/share/doc/dovecot-2.2.10/example-config/

cp dovecot-sql.conf.ext /etc/dovecot/

cd /etc/dovecot/

vim dovecot-sql.conf.ext 修改內容爲:

32 driver = mysql

71 connect = host=localhost dbname=email user=postfix password=postfix

78 default_pass_scheme = PLAIN

107 password_query = \

108 SELECT username, domain, password \

109 FROM muser WHERE username = '%u' AND domain = '%d'

125 user_query = SELECT maildir, 666 AS uid, 666 AS gid FROM muser WHERE username = '%u'

cd conf.d/

vim 10-mail.conf 修改內容爲:

30 mail_location = maildir:/home/vmail/%d/%n

168 first_valid_uid = 666

175 first_valid_gid = 666

systemctl restart dovecot.service

telnet 172.25.254.207 110

若是報錯信息爲:

Trying 172.25.254.207...

Connected to 172.25.254.207.

Escape character is '^]'

-ERR Disconnected:Auth process broken

那麼執行:

yum search dovecot

yum install dovecot-mysql.x86_64 -y

而後再執行:

telnet 172.25.254.207 110

會出現下列信息:

Trying 172.25.254.207...

Connected to 172.25.254.207.

Escape character is '^]'

+OK [XCLIENT] Dovecot ready.##表示 110 端口正常

user admin@westos.org

+OK

pass 123

+OK Logged in.

quit

+OK Logged out.##表示 mysql 鏈接正常

在dsktop端(172.25.254.107):（鏈接時使用 ssh root@172.25.254.107 -X）

cd /mnt/thunderbird/

執行:

./thunderbird

進入 "雷鳥" 圖形頁面

進入"設定"-->添加新的電子郵件帳戶

您的大名: admin@westos.org##此處的名字爲 mysql 裏的用戶，用的時數據庫email庫中muser表中的用戶名稱

電子郵件地址:admin@westos.com

密碼: 空

點擊"肯定"

服務器主機名稱埠SSL認證

收件: IMAP 172.25.254.207143無自動偵測

寄件: SMTP 172.25.254.20725無自動偵測

使用者名稱: 收件: admin@westos.org寄件:admin@westos.org

點擊"從新測試"--> "完成"

在mysql的圖形化界面往email庫的muser表裏添加:

usernameVARCHAR（50）lp@westos.org

passwordVARCHAR（50）123

domainVARCHAR（50）westos.org

maildirVARCHAR（100）westos.org/lp/(注意:此處的admin必定要寫爲目錄: lp/)

切換回server端:

mail lp@westos.org##至關於激活lp用戶

再次在dsktop端(172.25.254.107):（鏈接時使用 ssh root@172.25.254.107 -X）

cd /mnt/thunderbird/

執行:

./thunderbird

進入 "雷鳥" 圖形頁面

進入"設定"-->添加新的電子郵件帳戶

您的大名: lp@westos.org##此處的名字爲 mysql 裏的用戶，用的時數據庫email庫中muser表中的用戶名稱

電子郵件地址:lp@westos.com

密碼: 空

點擊"肯定"

服務器主機名稱埠SSL認證

收件: IMAP 172.25.254.207143無自動偵測

寄件: SMTP 172.25.254.20725無自動偵測

使用者名稱: 收件: lp@westos.org寄件:lp@westos.org

點擊"從新測試"--> "完成"

!!!@@@在此頁面能夠互發郵件進行驗證

##########空殼郵件#######

空殼:因爲 mta(電子郵件服務器)不能裸露在網絡中，所以，給其尋找一個代理(替身--172.25.254.107)。其職責爲:只負責接收郵件，將接收的郵件轉發給真正的 mta (172.25.254.207)

在desktop端(172.25.254.107 maillinux.linux.com):

vim /etc/named.rfc1912.zones 添加內容:

37 zone "westos.org" IN {

38 type master;

39 file "westos.org.zone";

40 allow-update { none; };

41 };

cd /var/named/

cp -p westos.com.zone westos.org.zone

vim westos.org.zone 修改內容爲:

1 $TTL 1D

2 @ IN SOA dns.westos.org. root.westos.org. (

3 0 ; serial

4 1D ; refresh

5 1H ; retry

6 1W ; expire

7 3H ) ; minimum

8 NS dns.westos.org.

9 dns A 172.25.254.107

10 westos.org. MX 1 172.25.254.107.

systemctl restart named

mv /etc/postfix /mnt/

yum reinstall postfix.x86_64 -y

vim /etc/postfix/main.cf 修改內容爲:

75 myhostname = maillinux.linux.com##自身的名字

83 mydomain = linux.com##自身的域名

98 myorigin = westos.org##郵件的來源

113 inet_interfaces = all##打開全部接口

116 #inet_interfaces = localhost

140 local_transport = error:local delivery disable##空殼報錯

164 mydestination =##不處理任何文件

313 relayhost = 172.25.254.207##轉發郵件的目的地址

systemctl restart postfix.service

systemctl status postfix.service

在server端(172.25.254.207 mailwestos.westos.com):

systemctl stop firewalld

setenforce 0

systemctl start mariadb

systemctl start dovecot

vim /etc/postfix/main.cf 修改內容爲:

264 mynetworks = 172.25.254.0/24 或者此處 ip 也可爲 172.25.254.107 ##接收空殼發送的郵件

systemctl restart postfix.service

cd /home/vmail/

rm -fr westos.org

測試-在desktop端(172.25.254.107):

[root@maillinux named]# mail admin@westos.org

mail admin@westos.org

Subject: oooo

cccc

EOT

驗證-在server端(172.25.254.207):

[root@mailwestos ~]# cd /home/vmail

[root@mailwestos vmail]# ls

westos.org

[root@mailwestos vmail]# cd westos.org/

[root@mailwestos westos.org]# cd admin/

[root@mailwestos admin]# cd new/

[root@mailwestos new]# ls

1480776239.Vfd01I26fe28M583680.mailwestos.westos.com##表示成功接收從空殼轉發的郵件，即，從空殼 (172.25.254.107)轉發的郵件發送成功

@@@@查詢extmail

######################apache#################################

lamp = linux + apache + mysql + php

lnmp = linux + nginx + mysql + php

nginx 提供共享服務

curl -I 域名##查看域名使用服務的信息

如: curl -I www.baidu.com

curl -I baidu.com

nmap ## 全稱(Network Mapper),Linux下的網絡掃描和嗅探工具包。

nmap的下載: yum install nmap -y

nmap示例: nmap -A www.xupt.edu.cn

jsp## Java Server Pages -- java服務器頁面

asp## Active Server Pages -- MicroSOFT公司開發的服務器端腳本環境

cgi## Common Gateway Interface -- 公共網關接口(有不一樣含義)

中間鍵(翻譯)，因爲apache和nginx不能識別 jsp 和 asp:

tomcat## Apache 開發的免費開放源代碼的Web應用服務器

jboss## 基於J2EE的開放源代碼的應用服務器

squid##緩衝 Internet 數據的軟件

正向代理:客戶知道向誰去索取，分爲:1.傳統代理 2.透明代理（較常使用）

反向代理:客戶需求什麼，服務軟件去拿什麼

!!!@@@在desktop端(172.25.254.107):

hostnamectl set-hostname web1.westos.com

yum install httpd -y

cd /var/www/html/

systemctl start httpd

vim /etc/httpd/conf/httpd.conf 修改內容爲:

166 <IfModule dir_module>

167 DirectoryIndex file index.html ##此處在默認發佈目錄/var/www/html下 file，index.html兩個文件，哪一個在前，哪一個優先看，若是兩個文件都沒有，則在瀏覽器顯示的界面爲apache的測試頁面

168 </IfModule>

yum install httpd-manual.noarch -y##manual爲httpd服務的使用手冊

將默認發佈目錄(/var/www/html/)改變爲 /www/westos/ :

cd /var/www/html

ls -Zd .

顯示結果: drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 .

mkdir /www/westos/ -p

semanage fcontext -a -t httpd_sys_content_t '/www/westos(/.*)?'

restorecon -RvvF /www/

顯示結果:

restorecon reset /www context unconfined_u:object_r:default_t:s0->system_u:object_r:default_t:s0

restorecon reset /www/westos context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0

vim /etc/httpd/conf/httpd.conf 修改內容爲:

119 #DocumentRoot "/var/www/html"

120 DocumentRoot "/www/westos"

121 <Directory "/www/westos">

122 Require all granted

123 </Directory>

cd /www/westos/

vim index.html 編輯內容爲: /www/westos/

systemctl restart httpd

查看端口:

查看監聽端口:

ss -antlp |grep httpd

LISTEN0128:::80:::*

vim /etc/httpd/conf/httpd.conf 查看內容爲:

41 #Listen 12.34.56.78:80

42 Listen 80##apache默認端口爲 80 端口

如若改變文件/etc/httpd/conf/httpd.conf中的第 42 行爲:

42 Listen 8080##在瀏覽器測試時須要輸入 ip:8080 ,例如:172.25.254.107:8080

##訪問權限(黑白名單):

vim /etc/httpd/conf/httpd.conf 修改內容爲:

121 <Directory "/www/westos">

122 Require all granted

123 Order Deny,Allow##Deny，Allow 誰在前，先讀誰(通常默認Allow在前)

124 Allow from 172.25.254.0/24##表示容許 172.25.254.x 網段的全部人訪問

125 Deny from ALL ##表示拒絕全部人訪問

126 </Directory>

正常設置爲:

vim /etc/httpd/conf/httpd.conf 修改內容爲:

121 <Directory "/www/westos">

122 Require all granted

123 Order Allow,Deny##Deny，Allow 誰在前，先讀誰(通常默認Allow在前)

124 Allow from ALL##表示容許全部人訪問

125 Deny from 172.25.254.1##表示拒絕 172.25.254.1 訪問

126 </Directory>

若是設置以下: 結果爲 --> 誰都訪問不了 @@由於後讀 Deny，從而禁止了全部人

122 Require all granted

123 Order Allow,Deny##Deny，Allow 誰在前，先讀誰(通常默認Allow在前)

124 Allow from 172.25.254.0/24##表示容許 172.25.254.x 網段的全部人訪問

125 Deny from ALL ##表示拒絕全部人訪問

126 </Directory>

設置用戶訪問權限:

cd /etc/httpd/

htpasswd -cm htpasswdfile admin## -c 表示 create--創建

htpasswd -m htpasswdfile lee##第二次執行不用加 -c ，若加了 -c 會覆蓋第一次創建的用戶信息

vim /etc/httpd/conf/httpd.conf 修改內容爲:

121 <Directory "/www/westos">

122 # Require all granted

123 AllowOverride All##

124 Authuserfile /etc/httpd/htpasswdfile##用戶信息所在的文件

125 Authname "Please input username & password"##提示信息

126 Authtype basic##基本認證類型

127 Require user admin##此處表示只容許使用用戶 admin 在瀏覽器中訪問

128 # Order Deny,Allow

129 # Allow from 172.25.254.0/24

130 # Deny from ALL

131 </Directory>

systemctl restart httpd.service

若要容許 /etc/httpd/htpasswdfile文件中的所有用戶,vim /etc/httpd/conf/httpd.conf 修改內容爲:

127 Require valid-user##容許 /etc/httpd/htpasswdfile 文件中的所有用戶

systemctl restart httpd.service

## apache的虛擬主機

vim vim /etc/httpd/conf/httpd.conf 修改內容爲:

119 DocumentRoot "/var/www/html"

120 #DocumentRoot "/www/westos"

121 <Directory "/www/westos">

mkdir /var/www/virtual/news.westos.com/html -p

mkdir /var/www/virtual/music.westos.com/html -p

cd /var/www/virtual/music.westos.com/html/

vim index.html 編輯添加內容爲: 這裏是music

cd /var/www/virtual/news.westos.com/html/

vim index.html 編輯添加內容爲: 這裏是news

vim vim /etc/httpd/conf/httpd.conf 進行查看文件該編輯的地方(364 行)與應該注意的地方(269 行):

269 Require all granted

364 IncludeOptional conf.d/*.conf

cd /etc/httpd/conf.d/

vim default.conf 修改內容爲:

1 <Virtualhost _default_:80>

2 Documentroot /var/www/html

3 Customlog "logs/default.log" combined##此處的

4 </Virtualhost>

5 <Directory "/var/www/html">

6 Require all granted##此處 all 必定要爲小寫，不然重啓httpd服務會報錯

7 </Directory>

vim music.conf 修改內容爲:

1 <Virtualhost *:80>

2 Servername music.westos.com

3 Documentroot /var/www/virtual/music.westos.com/html

4 Customlog "logs/music.log" combined

5 </Virtualhost>

6 <Directory "/var/www/virtual/music.westos.com/html">

7 Require all granted##此處 all 必定要爲小寫，不然重啓httpd服務會報錯

8 </Directory>

vim news.conf 修改內容爲:

1 <Virtualhost *:80>

2 Servername news.westos.com

3 Documentroot /var/www/virtual/news.westos.com/html

4 Customlog "logs/news.log" combined

5 </Virtualhost>

6 <Directory "/var/www/virtual/news.westos.com/html">

7 Require all granted##此處 all 必定要爲小寫，不然重啓httpd服務會報錯

8 </Directory>

systemctl restart httpd

重啓服務成功後

虛擬主機的測試(在 server 端 172.25.254.207): ssh root@172.25.254.207 -X

vim /etc/hosts 在末尾行添加內容爲:

172.25.254.107 www.westos.com westos.com music.westos.com news.westos.com

firefox --> 在瀏覽器中輸入不一樣的域名如:www.westos.com 或 westos.com 或 music.westos.com 或 news.westos.com --> 會出來不一樣的界面

瀏覽器清空緩存:

ctrl + shift + delete

##### https ####

cd /etc/httpd/conf.d/

yum install mod_ssl -y

systemctl restart httpd

netstat -antlpe | grep 443 結果以下:

tcp6 0 0 :::443 :::* LISTEN 0 200312 14305/httpd

yum install crypto-utils.x86_64 -y

進入圖形界面後 --> NEXT --> 1024 --> NEXT --> 正在生成(此時須要敲鍵盤，動鼠標)--> NO --> NEXT --> 填寫信息 --> NEXT(執行完後會爲退出圖形界面) ##執行完後，會生成 /etc/pki/tls/certs/www.westos.com.crt 和 /etc/pki/tls/private/www.westos.com.key 兩個文件

cd /etc/httpd/conf.d/

vim ssl.conf 修改內容爲:

100 SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt##此處爲上述生成的文件

107 SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key##此處爲上述生成的文件

systemctl restart httpd

測試(server 端 172.25.254.207):

打開瀏覽器 --> https://172.25.254.107 查看證書