Apache服務部署--學習筆記

時間 2020-02-21

原文原文鏈接

本次實驗環境是redhat7.0系統，全部實驗都來自《linux就該這麼學》
apache程序是目前擁有很高市場佔有率的web服務程序之一，其跨平臺和安全性被承認且擁有快速、可靠、簡單的API擴展，名字取自美國印第安人的土著語，寓意着擁有高超的做戰策略和無窮的耐性。html

安裝

[root@localhost ~]# yum install httpd -y

配置文件的位置linux

服務目錄	/etc/httpd
主配置文件	/etc/httpd/conf/httpd.conf
網站數據目錄	/var/www/html
訪問日誌	/var/log/httpd/access_log
錯誤日誌	/var/log/httpd/error_log

ServerRoot 服務目錄
ServerAdmin 管理員郵箱
User 運行服務的用戶
Group 運行服務的用戶組
ServerName 網站服務器的域名
DocumentRoot 網站數據目錄
Listen 監聽的IP地址與端口號
DirectoryIndex 默認的索引頁頁面
ErrorLog 錯誤日誌文件
CustomLog 訪問日誌文件
Timeout 網頁超時時間，默認爲300秒web

1. 自定義一個網站

1.1 建立網站目錄

[root@localhost ~]# mkdir /home/wwwroot
[root@localhost ~]# echo " This is my web" >/home/wwwroot/index.html

1.2 設置selinux

設置selinx安全上下文數據庫

# 查看httpd默認網站目錄的值
[root@localhost ~]# ls -ldZ /var/www/html/
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html/

# 將新建的網站目錄設置相同的安全上下文值
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/*

# 從新加載生效
[root@localhost ~]# restorecon -Rv /home/wwwroot/
restorecon reset /home/wwwroot context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /home/wwwroot/index.html context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0

semanager命令用於管理selinux的策略，「semanager [選項] [文件]」apache

-l 查詢
-a 添加
-m 修改
-d 刪除vim

1.3 修改配置文件

119 DocumentRoot "/home/wwwroot"
120 
121 #
122 # Relax access to content within /var/www.
123 #
124 <Directory "/home/wwwroot">
125     AllowOverride None
126     # Allow open access:
127     Require all granted
128 </Directory>

1.4 啓動服務

[root@localhost ~]# systemctl restart httpd 
[root@localhost ~]# systemctl enable httpd 
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'

# 設置防火牆
[root@localhost ~]# firewall-cmd --permanent --add-service=http
success
[root@localhost ~]# firewall-cmd --permanent --add-service=https
success
[root@localhost ~]# firewall-cmd --reload
success

測試訪問，若是不能訪問，檢查防火牆，selinux，網站目錄有無數據頁面
安全

2. 我的用戶主頁功能

httpd服務程序提供的我的主頁功能可讓系統內全部的用戶在本身的家目錄中管理我的的網站。服務器

2.1 開啓我的用戶主頁功能

將17行註釋掉（開啓用戶主頁），將24行的註釋刪除（網站數據在用戶家目錄中的保存位置）tcp

[root@localhost ~]# vim /etc/httpd/conf.d/userdir.conf 
15     # permissions).
 16     #
 17     #UserDir disabled
 18 
 19     #
 20     # To enable requests to /~user/ to serve the user's public_html
 21     # directory, remove the "UserDir disabled" line above, and uncomment
 22     # the following line instead:
 23     # 
 24     UserDir public_html
 25 </IfModule>
 26

2.2 建立一個用戶

建立一個用戶，設置權限，保證其餘人也有權限讀取目錄內容ide

[root@localhost ~]# useradd developer
[root@localhost ~]# su - developer
[developer@localhost ~]$ mkdir public_html
[developer@localhost ~]$ echo "this is developer's home" >public_html/index.html 
[developer@localhost ~]$ chmod -fR 755 /home/developer

2.3 設置selinux

該用戶的網站數據目錄自己就在家目錄中，所以不用修改家目錄的selinux的安全上下文。使用getsebool命名查看與http相關的selinux域的安全策略

[root@localhost ~]# getsebool -a |grep httpd
httpd_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_can_connect_ftp --> off
httpd_can_connect_ldap --> off
httpd_can_connect_mythtv --> off
httpd_can_connect_zabbix --> off
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> off
httpd_dbus_sssd --> off
httpd_dontaudit_search_dirs --> off
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> off
httpd_execmem --> off
httpd_graceful_shutdown --> on
httpd_manage_ipa --> off
httpd_mod_auth_ntlm_winbind --> off
httpd_mod_auth_pam --> off
httpd_read_user_content --> off
httpd_run_stickshift --> off
httpd_serve_cobbler_files --> off
httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_sys_script_anon_write --> off
httpd_tmp_exec --> off
httpd_tty_comm --> off
httpd_unified --> off
httpd_use_cifs --> off
httpd_use_fusefs --> off
httpd_use_gpg --> off
httpd_use_nfs --> off
httpd_use_openstack --> off
httpd_use_sasl --> off
httpd_verify_dns --> off
# 開啓  httpd_enable_homedir
[root@localhost ~]# setsebool -P httpd_enable_homedirs=on

2.4 啓動服務

[root@localhost ~]# systemctl restart httpd
[root@localhost ~]# systemctl enable httpd
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'

# 設置防火牆
[root@localhost ~]# firewall-cmd --permanent --add-service=http
success
[root@localhost ~]# firewall-cmd --permanent --add-service=https
success
[root@localhost ~]# firewall-cmd --reload
success

測試訪問

2.5 設置身份驗證

訪問網站時，只有經過身份驗證的用戶才能夠訪問到網站的內容
使用htpasswd命令聲場密碼數據庫，第一次建立須要使用 -c參數，以後再添加用戶就不用了，格式「htpasswd -c 存放密碼的文件用戶名」，用戶不須要是本地的系統用戶。

[root@localhost ~]# htpasswd -c /etc/httpd/passwd user007
New password: 
Re-type new password: 
Adding password for user user007

修改配置文件，31-37行的配置參數

[root@localhost ~]# vim /etc/httpd/conf.d/userdir.conf 
 31 <Directory "/home/*/public_html">
 32     AllowOverride all
 33     authuserfile "/etc/httpd/passwd"
 34     authname "please auth"
 35     authtype basic
 36     Require user user007
 37 </Directory>

重啓httpd

[root@localhost ~]# systemctl restart httpd

測試訪問

輸入用戶user007 密碼 redhat

3. 虛擬主機功能

使用虛擬網站功能，能夠把一臺服務器分割成多個「虛擬服務器」，部署多個不一樣的網站；有三種方式：

請求不一樣的IP地址
請求不一樣的主機域名
請求不一樣的端口

3.1 基於IP地址

3.1.1 添加兩個IP

[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno16777736
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
DEVICE=eno16777736
USERCTL=no
IPADDR1=192.168.137.10
PREFIX1=24
IPADDR2=192.168.137.20
FREPIX2=24
GATEWAY=192.168.137.2
DNS1=114.114.114.114
[root@localhost ~]# systemctl restart network

3.1.2 建立網站目錄

建立兩個不一樣的網站目錄，訪問192.168.137.10時，看到的是「192.168.137.10」；訪問192.168.137.20時，看到的是「192.168.137.20」

[root@localhost ~]# mkdir /home/wwwroot/10 -p
[root@localhost ~]# mkdir /home/wwwroot/20 -p
[root@localhost ~]# echo "192.168.137.10" >/home/wwwroot/10/index.html
[root@localhost ~]# echo "192.168.137.20" >/home/wwwroot/20/index.html

3.1.3 設置selinux

設置selinux的安全上下文

# 查看默認網站目錄的值
[root@localhost ~]# ls -ldZ /var/www/html/
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html/
# 設置新網站selinux安全上下文的值
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/10
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/10/*
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/20
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/20/*
# 從新加載生效
[root@localhost ~]# restorecon -Rv /home/wwwroot/
restorecon reset /home/wwwroot context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_dir_t:s0
restorecon reset /home/wwwroot/10 context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_t:s0
restorecon reset /home/wwwroot/10/index.html context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_t:s0
restorecon reset /home/wwwroot/20 context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_t:s0
restorecon reset /home/wwwroot/20/index.html context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_t:s0

3.1.4 修改配置文件

在倒數第二行添加一下內容：

[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
<virtualhost 192.168.137.10>
documentroot "/home/wwwroot/10"
servername www.a.com
<directory "/home/wwwroot/10">
allowoverride none
require all granted
</directory>
</virtualhost>

<virtualhost 192.168.137.20>
documentroot "/home/wwwroot/20"
servername www.b.com
<directory "/home/wwwroot/20">
allowoverride none
require all granted
</directory>
</virtualhost>

3.1.5 啓動服務

[root@localhost ~]# systemctl restart httpd
[root@localhost ~]# systemctl enable httpd
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
# 設置防火牆
[root@localhost ~]# firewall-cmd --permanent --add-service=http
success
[root@localhost ~]# firewall-cmd --permanent --add-service=https
success
[root@localhost ~]# firewall-cmd --reload
success

測試訪問

3.2 基於域名

3.2.1 建立網站目錄

定義兩個域名www.a.com和www.b.com。建立兩個網站的目錄，分別存放兩個網站的數據

[root@localhost Desktop]# mkdir -p /home/wwwroot/a 
[root@localhost Desktop]# mkdir -p /home/wwwroot/b
[root@localhost Desktop]# echo "a web" >/home/wwwroot/a/index.html
[root@localhost Desktop]# echo "b web" >/home/wwwroot/b/index.html

3.2.2 設置selinux

# 查看默認網站目錄的值
[root@localhost Desktop]# ls -ldZ /var/www/html/
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html/
# 設置新網站的selinux安全上下文的值
[root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot
[root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/a
[root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/a/*
[root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/b
[root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/b/*
# 從新加載生效
[root@localhost Desktop]# restorecon -Rv /home/wwwroot/
restorecon reset /home/wwwroot context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /home/wwwroot/a context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /home/wwwroot/a/index.html context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /home/wwwroot/b context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /home/wwwroot/b/index.html context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0

3.2.3 修改配置文件

在配置文件的倒數第二行，添加如下內容

[root@localhost Desktop]# vim /etc/httpd/conf/httpd.conf
<virtualhost 192.168.137.10>
documentroot "/home/wwwroot/a"
servername www.a.com
<directory "/home/wwwroot/a">
allowoverride none
require all granted
</directory>
</virtualhost>
<virtualhost 192.168.137.10>
documentroot "/home/wwwroot/b"
servername www.b.com
<directory "/home/wwwroot/b">
allowoverride none
require all granted
</directory>
</virtualhost>

3.2.4 啓動服務

[root@localhost Desktop]# systemctl restart httpd
[root@localhost Desktop]# systemctl enable httpd
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
# 設置防火牆
[root@localhost Desktop]# firewall-cmd --permanent --add-service=http
success
[root@localhost Desktop]# firewall-cmd --permanent --add-service=https
success
[root@localhost Desktop]# firewall-cmd --reload 
success

在測試的客戶端的/etc/hosts文件寫入這兩個網址的解析

[root@localhost Desktop]# vim /etc/hosts
192.168.137.10 www.a.com www.b.com

3.3 基於端口

3.3.1 建立網站目錄

定義兩個端口333和222端口，建立兩個網站目錄分別存放兩個網站的數據

[root@localhost Desktop]# mkdir -p /home/wwwroot/333
[root@localhost Desktop]# mkdir -p /home/wwwroot/222
[root@localhost Desktop]# echo "333 web" >/home/wwwroot/111/index.html
[root@localhost Desktop]# echo "222 web" >/home/wwwroot/222/index.html

3.3.2 設置selinux

設置網站目錄的selinux安全上下文值

# 查看默認網站目錄的值
[root@localhost Desktop]# ls -ldZ /var/www/html/
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html/
# 設置新網站的值
[root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/333
[root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/333/*
[root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/222
[root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/222/*
[root@localhost Desktop]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot
# 從新加載生效
[root@localhost Desktop]# restorecon -Rv /home/wwwroot/
restorecon reset /home/wwwroot context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /home/wwwroot/333 context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /home/wwwroot/333/index.html context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /home/wwwroot/222 context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /home/wwwroot/222/index.html context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0

將 333和222端口加入到selinux域測策略中，容許httpd監聽這兩個端口

[root@localhost Desktop]# semanage port -l|grep http
http_cache_port_t              tcp      8080, 8118, 8123, 10001-10010
http_cache_port_t              udp      3130
http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t            tcp      5988
pegasus_https_port_t           tcp      5989
[root@localhost Desktop]# semanage port -a -t http_port_t -p tcp 222
[root@localhost Desktop]# semanage port -a -t http_port_t -p tcp 333

3.3.3 修改配置文件

[root@localhost wwwroot]# vim /etc/httpd/conf/httpd.conf 
listen 222
listen 333
<virtualhost 192.168.137.10:222>
documentroot "/home/wwwroot/222"
servername www.a.com
<directory "/home/wwwroot/222">
allowoverride none
require all granted
</directory>
</virtualhost>
<virtualhost 192.168.137.10:333>
documentroot "/home/wwwroot/333"
servername www.a.com
<directory "/home/wwwroot/333">
allowoverride none
require all granted
</directory>
</virtualhost>

3.3.4 啓動服務

[root@localhost wwwroot]# systemctl restart httpd
[root@localhost wwwroot]# systemctl enable htpd
Failed to issue method call: No such file or directory
[root@localhost wwwroot]# systemctl enable httpd
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
# 設置防火牆
[root@localhost wwwroot]# firewall-cmd --permanent --add-service=http
success
[root@localhost wwwroot]# firewall-cmd --permanent --add-service=https
success
[root@localhost wwwroot]# firewall-cmd --permanent --add-port=222/tcp
success
[root@localhost wwwroot]# firewall-cmd --permanent --add-port=333/tcp
success
[root@localhost wwwroot]# firewall-cmd --reload 
success

測試訪問