linux 網頁服務器apache學習筆記

主體包：httpd

主配置文件：/etc/httpd/conf/httpd.conf

參數：ServerRoot  「/etc/httpd」#指定配置文件中引用相對路徑的文件根

    Listen 80 #監聽端口，多個端口另加一行 Listen 192.168.1.2:8080

    <Directory />

        AllowOverride none

        Require all denied #拒絕全部文件讀，可讀文件須要單獨列出並給予讀權限

    </Directory>

    <Files 「.ht*」>

        Require all denied #拒絕運行全部.ht類型文件

    </Files>

    <IfModule dir_module>

        DirectoryIndex index.html          #存在即加載

    </IfModule>

虛擬主機三種實現方法：

在/var/www/html建立兩個目錄A和B，添加索引頁以區別不一樣的網站

tree /var/www/html/     

/var/www/html/      
├── A      
│   └── index.html      
└── B      
    └── index.html

cat /var/www/html/A/index.html    
Aa

cat /var/www/html/B/index.html    
BbBb      

 a. 基於IP

 給主機添加ip

nmcli con modify eno16777984 +ipv4.addresses 192.168.1.80/24

建立虛擬主機配置文件

cat /etc/httpd/conf.d/00-vh-ip.conf    
<VirtualHost 192.168.1.199:80>      
        DocumentRoot /var/www/html/A      
        CustomLog "logs/a.log" combined      
        <Directory /var/www/html/A>      
        Require all granted      
        </Directory>      
</VirtualHost>

<VirtualHost 192.168.1.80:80>    
        DocumentRoot /var/www/html/B      
        CustomLog "logs/b.log" combined      
        <Directory /var/www/html/B>      
        Require all granted      
        </Directory>      
</VirtualHost>

重啓apache服務    

       

b. 基於端口

在主配置文件中增長監聽端口

[root@dns2 ~]# grep ^Listen /etc/httpd/conf/httpd.conf    
Listen 80      
Listen 8080      
Listen 8081      

建立虛擬主機配置文件    
[root@dns2 ~]# cat /etc/httpd/conf.d/01-vh-port.conf      
<VirtualHost 192.168.1.199:8080>      
        DocumentRoot /var/www/html/A      
        CustomLog "logs/a.log" combined      
        <Directory /var/www/html/A>      
        Require all granted      
        </Directory>      
</VirtualHost>

<VirtualHost 192.168.1.199:8081>    
        DocumentRoot /var/www/html/B      
        CustomLog "logs/b.log" combined      
        <Directory /var/www/html/B>      
        Require all granted      
        </Directory>      
</VirtualHost>

重啓apache服務

     

c. 基於域名

此方法須要修改hosts文件，或者dns配合

添加A記錄 pro，指向網頁服務器

建立新域dian.me，添加A記錄test，一樣指向網頁服務器

zone "dian.me" IN {    
        type master;      
        file "dian.me.forward";      
        notify yes;      
        allow-update { key SEC_DDNS ; };      
};

重啓域名服務，嘗試解析

;; ANSWER SECTION:    
pro.it.lab.             300     IN      A       192.168.1.199

;; ANSWER SECTION:    
test.dian.me.           86400   IN      A       192.168.1.199      

建立虛擬主機配置文件

cat /etc/httpd/conf.d/02-vh-name.conf    
<VirtualHost pro.it.lab:80>      
        DocumentRoot /var/www/html/A      
        ServerName      pro.it.lab      
        ServerAlias     pro      
        CustomLog "logs/a.log" combined      
        <Directory /var/www/html/A>      
        Require all granted      
        </Directory>      
</VirtualHost>

<VirtualHost test.dian.me:80>    
        DocumentRoot /var/www/html/B      
        Servername test.dian.me      
        ServerAlias test      
        CustomLog "logs/b.log" combined      
        <Directory /var/www/html/B>      
        Require all granted      
        </Directory>      
</VirtualHost>      

cat /etc/httpd/conf.d/02-vh-name.conf    
<VirtualHost pro.it.lab:80>      
        DocumentRoot /var/www/html/A      
        ServerName      pro.it.lab      
        CustomLog "logs/a.log" combined      
        <Directory /var/www/html/A>      
        Require all granted      
        </Directory>      
</VirtualHost>

<VirtualHost test.dian.me:80>    
        DocumentRoot /var/www/html/B      
        Servername test.dian.me      
        CustomLog "logs/b.log" combined      
        <Directory /var/www/html/B>      
        Require all granted      
        </Directory>      
</VirtualHost>      

重啓apache服務

curl http://pro

Aa  
Aa    
curl http://test    
BbBb    
BbBb    

HTTPS實現

yum –y install mod_ssl

ssl模塊會建立一個命名虛擬主機 /etc/httpd/conf.d/ssl.conf

拷貝配置文件<VirtualHost>塊並修改，添加主目錄

grep VirtualHost /etc/httpd/conf.d/03-vh-ssl.conf   

<VirtualHost pro.it.lab:443>

grep DocumentRoot /etc/httpd/conf.d/03-vh-ssl.conf    
DocumentRoot "/var/www/html/A"      

重啓apache服務

禁止https站點提供非加密內容

在TLS虛擬主機<VirtualHost>塊添加描述

Header always set Strict-Transport-Security "max-age=15768000"    

http自動跳轉https

新建一http虛擬主機（捕獲全部80端口流量），使用和捕獲全部443端口流量的https虛擬主機相同的ServerName

RewriteEngine on     

RewriteRule ^(/.*)$ http://%{HTTP_HOST}$1 [redirect=301]

CGI: common gateway interface

when a CGI resource is requested, httpd executes the resources as a process and serves the stdout of that process.

popular CGI resouces writing in perl,Java and C

to have httpd treat a location as CGI executables

ScriptAlias /cgi-bin "/var/www/cgi-bin"

CGI scritps exectued as apache user and group

label with httpd_sys_script_exec_t

have Options None and access granted using <Directory>

dynamic PHP

yum -y install php, will add mod_php to httpd

<FilesMatch \.php$>

SetHandler application/x-httpd-php

<FilesMatch>

DirectoryIndex index.php

dynamic python

python scripts can be served out using regular CGI, both python and httpd support new protocol: Web Server Gateway Interface

yum -y install mod_wsgi

WSGIScriptAlias /myapp/ /srv/myapp/www/myapp.py

this will send all request for http://servername/myapp and any resouces below it to the WSGI application

/srv/myapp/www/myapp.py

application should be executable by apache user and group, selinux label httpd_sys_content_t

Database connectivity

allow connect to a remote host database, set seboolean to 1

httpd_can_network_connect_db

remote database not using well known ports

httpd_can_network_connect