CentOS 7.2配置Apache服務httpd（上）

http://www.jb51.net/article/97434.htm

 

2、安裝Apache httpd

安裝httpd以配置Web服務器， HTTP使用80 / TCP

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

[1] 安裝 httpd. [root@linuxprobe ~] # yum -y install httpd # 刪除默認歡迎頁面 [root@linuxprobe ~] # rm -f /etc/httpd/conf.d/welcome.conf [2] 配置httpd，將服務器名稱替換爲您本身的環境 [root@linuxprobe ~] # vi /etc/httpd/conf/httpd.conf # line 86: 改變管理員的郵箱地址 ServerAdmin root@linuxprobe.org # line 95: 改變域名信息 ServerName www.linuxprobe.org:80 # line 151: none變成All AllowOverride All # line 164: 添加只能使用目錄名稱訪問的文件名 DirectoryIndex index.html index.cgi index.php # add follows to the end # server's response header（安全性） ServerTokens Prod # keepalive is ON KeepAlive On [root@linuxprobe ~] # systemctl start httpd [root@linuxprobe ~] # systemctl enable httpd [3] 若是Firewalld正在運行，請容許HTTP服務。，HTTP使用80 / TCP [root@linuxprobe ~] # firewall-cmd --add-service=http --permanent success [root@linuxprobe ~] # firewall-cmd --reload success [4] 建立一個HTML測試頁，並使用Web瀏覽器從客戶端PC訪問它。若是顯示如下頁面，是正確的 [root@linuxprobe ~] # vi /var/www/html/index.html <html> <body> <div style= "width: 100%; font-size: 40px; font-weight: bold; text-align: center;" > Welcome access LinuxProbe.org,This is Test Page! < /div > < /body > < /html >

3、支持Perl

啓用CGI執行並使用Perl腳本

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

[1] 安裝Perl. [root@linuxprobe ~] # yum -y install perl perl-CGI [2] 默認狀況下，在「 /var/www/cgi-bin 」目錄下容許CGI。 可使用Perl Scripts放在目錄下。然而，它下面的全部文件都被處理爲CGI。 # 下面的設置是CGI的設置 [root@linuxprobe ~] # grep -n "^ *ScriptAlias" /etc/httpd/conf/httpd.conf 247: ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" [3] 若是你想容許在其餘目錄中的CGI，配置以下。 例如，在「 /var/www/html/cgi-enabled 」中容許。 [root@linuxprobe ~] # vi /etc/httpd/conf.d/cgi-enabled.conf # create new # processes .cgi and .pl as CGI scripts <Directory "/var/www/html/cgi-enabled" >    Options +ExecCGI    AddHandler cgi-script .cgi .pl < /Directory > [root@linuxprobe ~] # systemctl restart httpd [4] 若是SELinux被啓用，而且容許CGI在不是像上面[3]的默認目錄下，更改規則以下。 [root@linuxprobe ~] # chcon -R -t httpd_sys_script_exec_t /var/linuxprobe/html/cgi-enabled [root@linuxprobe ~] # semanage fcontext -a -t httpd_sys_script_exec_t /var/www/html/cgi-enabled [5] 建立一個CGI測試頁面，並使用Web瀏覽器從客戶端PC訪問它。若是顯示如下頁面，說明配置正確。 [root@linuxprobe ~] # vi /var/www/html/cgi-enabled/index.cgi #!/usr/bin/perl print "Content-type: text/html\n\n" ; print "<html>\n<body>\n" ; print "<div style=\"width: 100%; font-size: 40px; font-weight: bold; text-align: center;\">\n" ; print "CGI Test Page" ; print "\n</div>\n" ; print "</body>\n</html>\n" ; [root@linuxprobe ~] # chmod 705 /var/www/html/cgi-enabled/index.cgi

 

配置httpd以使用PHP腳本
[1] 安裝PHP.

?

1 2 3 4 5

[root@linuxprobe ~] # yum -y install php php-mbstring php-pear [root@linuxprobe ~] # vi /etc/php.ini # line 878: 取消註釋，設置時區 date .timezone = "Asia/Shanghai" [root@linuxprobe ~] # systemctl restart httpd

[2] 建立一個PHP測試頁面，並使用Web瀏覽器從客戶端PC訪問它。若是顯示如下頁面，它是肯定。

?

1 2 3 4 5 6 7 8 9 10

[root@linuxprobe ~] # vi /var/www/html/index.php <html> <body> <div style= "width: 100%; font-size: 40px; font-weight: bold; text-align: center;" > <?php    print Date( "Y/m/d" ); ?> < /div > < /body > < /html >

[3] 建立phpinfo測試頁，確認是都開啓php支持
[root@linuxprobe ~]# echo "<?php phpinfo(); ?>" > /var/www/html/phpinfo.php

9、建立SSL證書

建立本身的SSL證書。可是，若是您使用您的服務器做爲業務，最好購買和使用來自Verisigh的正式證書等。

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42

[root@linuxprobe ~] # cd /etc/pki/tls/cert cert.pem certs/  [root@linuxprobe ~] # cd /etc/pki/tls/certs/ [root@linuxprobe certs] # make server.key umask 77 ; \ /usr/bin/openssl genrsa -aes128 2048 > server.key Generating RSA private key, 2048 bit long modulus ...............................................................+++ ....................................................................................................+++ e is 65537 (0x10001) Enter pass phrase: Verifying - Enter pass phrase: [root@linuxprobe certs] # openssl rsa -in server.key -out server.key Enter pass phrase for server.key: writing RSA key [root@linuxprobe certs] # make server.csr umask 77 ; \ /usr/bin/openssl req -utf8 -new -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.' , the field will be left blank. ----- Country Name (2 letter code) [XX]:CN  #國家後綴 State or Province Name (full name) []:Shanghai #省 Locality Name (eg, city) [Default City]:Shanghai #市 Organization Name (eg, company) [Default Company Ltd]:LinuxProbe #公司 Organizational Unit Name (eg, section) []:DevOps #部門 Common Name (eg, your name or your server's hostname ) []:linuxprobe.org #主機名 Email Address []:root@linuxprobe.org #郵箱   Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:  #默認 An optional company name []:  #默認 # [root@linuxprobe certs] # openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650 Signature ok subject= /C =CN /ST =Shanghai /L =Shanghai /O =LinuxProbe /OU =DevOps /CN =linuxprobe.org /emailAddress =root@linuxprobe.org Getting Private key

10、配置SSL

[1] 配置SSL.

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14

[root@linuxprobe ~] # yum -y install mod_ssl [root@linuxprobe ~] # vi /etc/httpd/conf.d/ssl.conf # line 59: 取消註釋 DocumentRoot "/var/www/html" # line 60: 取消註釋，定義域名 ServerName linuxprobe.org:443 # line 75: 改變SSLProtocol SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2   # line 100: 改爲剛剛建立的server.crt SSLCertificateFile /etc/pki/tls/certs/server .crt # line 107: 改爲剛剛建立的server.key SSLCertificateKeyFile /etc/pki/tls/certs/server .key [root@www ~] # systemctl restart httpd

[2] 若是Firewalld正在運行，請容許HTTPS服務。 HTTPS使用443 / TCP

?

 

1 2 3 4

[root@www ~] # firewall-cmd --add-service=https --permanent success [root@www ~] # firewall-cmd --reload   success

11、啓用基自己份驗證

啓用基自己份驗證以限制特定網頁的訪問

[1]例如，在目錄[/var/www/html/auth-basic]下設置基自己份驗證設置。

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29

[root@linuxprobe ~] # vi /etc/httpd/conf.d/auth_basic.conf # 建立新配置文件 <Directory /var/www/html/auth-basic >    AuthType Basic    AuthName "Basic Authentication"    AuthUserFile /etc/httpd/conf/ .htpasswd    require valid-user < /Directory > # 添加用戶：使用「-c」建立新文件（僅爲初始註冊添加「-c」選項） [root@linuxprobe ~] # htpasswd -c /etc/httpd/conf/.htpasswd wang   New password: # set password   Re- type new password: # confirm   Adding password for user wang [root@linuxprobe ~] # systemctl restart httpd [root@linuxprobe ~] # mkdir /var/www/html/auth-basic   [root@linuxprobe ~] # vi /var/www/html/auth-basic/index.html # create a test page   <html> <body> <div style= "width: 100%; font-size: 40px; font-weight: bold; text-align: wanger;" > Test Page for Basic Auth < /div > < /body > < /html >