1. Role of Apache:
http: / / is usually used when the web is accessed
http:// ## Hyper Text Transfer Protocol
http: / / hypertext transfer protocol provider software:
Apache
nginx
stgw
jfe
Tengine
2. Install Apache
dnf search Apache # lookup
dnf install httpd.x86_64 -y # Installation services
3. Enabling Apache
systemctl enable --now httpd # Start the service and set the service to start
firewall-cmd --list-all ## View fire wall information
firewall-cmd --permanent -- add-service=http # Permanently turn on HTTP access in the firewall
firewall-cmd --reload # Refresh the fire wall to make the settings take effect
vim /var/www/html/index.html # Modify default test page
hello world
Detection: 172.25.254.117 = = show hello world
4. Basic information of Apache:
1) Service Name: httpd
2) Profile:
/ etc/httpd/conf/httpd.conf ## Master profile
/ etc/httpd/conf.d/*.conf ## Sub profile
3) Default publishing Directory: / var/www/html
4) Default publishing file: index.html
5) Default port: 80 # http. [443 #https ]
6) User: apache
7) Log: / etc/httpd/logs
5. Basic configuration of Apache
1) Apache port modification
vim /etc/httpd/conf/httpd.conf # modify Apache's main configuration file
Listen 8080 # The default port is changed to 8080 (about 45 lines)
systemctl restart httpd # Restart service
firewall-cmd --permanent --add-port=8080/tcp # Add and permanently open a port to the TCP zone
firewall-cmd --reload # Update fire wall
*Detection http://172.25.254.117:8080 [the previous port 80 cannot be accessed]
==After this experiment, restore the port number to the default==
2) Default publish file
cd /var/www/html vim test.html hello test vim /etc/httpd/conf/httpd.conf DirectoryIndex test.html index.html systemctl restart httpd
*Detection http://172.25.254.117== The display should be hello test
3) Default publishing directory
mkdir /westos/html -p
ls -Zd /var/www/html # view the security context of / var/www/html
ls -Zd /westos/html # view the security context of the / westos/html directory
semanage fcontext -a -t httpd_sys_content_t '/westos/html(/.*)?' # Permanently modify the security context of the / westos / HTML directory
restorecon -RvvF /westos/html / # refresh
systemctl restart httpd # Restart service
vim /westos/html/index.html
/westos/html 's page
vim /etc/httpd/conf/httpd.conf
* Comment out DocumentRoot "/var/www/html"
DocumentRoot "/westos/html"
<Directory "/westos/html">
Require all granted
</Directory>
systemctl restart httpd
*Detection http://172.25.254.117== The display should be / westos / HTML's page
**Restore environment after experiment = = uncomment DocumentRoot "/var/www/html"
Note: the security context of the newly created / westos/html directory must be changed to be the same as that of / var/www/html directory, otherwise the page accessed is a whole page of English by default
6. Access control of Apache
Experimental materials:
mkdir /var/www/html/westos vim /var/www/html/westos/index.html /var/www/html/westos page
Detection: visit 172.25.254.117/westos = = = the page that appears is: / var/www/html/westos page
1) Access control based on client ip
ip whitelist
vim /etc/httpd/conf/httpd.conf DocumentRoot "/var/www/html" <Directory "/var/www/html/westos"> Order Deny,Allow #First, Denny is reading Allow Allow from 172.25.254.17 #Only this ip host is allowed to access. Be sure to write the ip address of the real host Deny from all </Directory> systemctl restart httpd
Detection: 172.25.254.117/westos / = = the page appearing is: / var/www/html/westos page
Note: the order of reading is who reads first. When writing ip, you must write the ip of the real host
ip blacklist
vim /etc/httpd/conf/httpd.conf DocumentRoot "/var/www/html" <Directory "/var/www/html/westos"> Order Allow,Deny #Read Allow first Allow from 172.25.254.17 Deny from all #Finally, the result of reading deny is that no ip can access it </Directory> systemctl restart httpd
##Note: delete the black-and-white list just added after this experiment
2) Based on user authentication
cd /etc/httpd/
ls
htpasswd -cm .htauthfile admin # Generate authentication, password 123
htpasswd -m .htauthfile lee # Generate authentication, password 123
cat .htauthfile # see
vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/westos">
AuthUserfile /etc/httpd/.htauthfile
AuthName "Please input username and passwd !!!"
AuthType basic
# Require user lee # Specifies that Lee users can access. Then admin is not accessible
Require valid-user # Specify that all users can access
</Directory>
systemctl restart httpd
Note: when / etc/httpd/htpasswdfile exists, do not add the - c parameter when adding users, otherwise the contents of the source file will be overwritten
testing:
7.Apache virtual host
In real machine:
vim /etc/hosts # Set client resolution (add in the host where the browser is located)
172.25.254.117 www.westos.org linux.westos.org luck.westos.org
In virtual machine:
mkdir -p /var/www/westos.org/ #Create a storage directory echo linux > /var/www/westos.org/linux/index.html #Import linux into file echo luck > /var/www/westos.org/luck/index.html #Import the plug into the file and pay attention to the path cat /var/www/westos.org/luck/index.html #view file contents cat /var/www/westos.org/linux/index.html cd /etc/httpd/conf.d/ #Switch directory
vim vhost.conf #Note the absolute path when writing this file <VirtualHost _default_:80> DocumentRoot /var/www/html CustomLog logs/default.log combined </VirtualHost> <VirtualHost *:80> ServerName linux.westos.org DocumentRoot /var/www/westos.org/linux CustomLog logs/linux.log combined </VirtualHost> <VirtualHost *:80> ServerName luck.westos.org DocumentRoot /var/www/westos.org/luck CustomLog logs/luck.log combined </VirtualHost> systemctl restart httpd
* Check www.westos.org = = = the displayed content is hello world
linux.westos.org = = = the display is linux
luck.westos.org = = = = = the displayed content is luck
8.Apache language support
1)php
cd /var/www/html/ mkdir /var/www/html/php #Create a php directory and pay attention to the path dnf install php -y #Install php systemctl restart httpd #Restart the service [you must restart the program after installation!!!] cd php/ vim index.php #Create a php program and pay attention to the path <?php phpinfo(); ?> systemctl restart httpd
Detection: 172.25.254.117/php/index.php
2)cgi(perl)
mkdir /var/www/html/cgi #When creating a cgi directory, be sure to pay attention to the path cd /var/www/html/cgi vim index.cgi #Write cgi program #!/usr/bin/perl print "Content-type: text/html\n\n"; print `date`; perl index.cgi #Execution procedure Content-type: text/html Fri Nov 5 09:58:07 CST 2021 chmod +x /var/www/html/cgi/index.cgi #Add executable permissions
vim /etc/httpd/conf.d/vhost.conf <Directory "/var/www/html/cgi"> #The path must be written correctly Options +ExecCGI AddHandler cgi-script .cgi Directoryindex index.cgi </Directory> systemctl restart httpd semanage fcontext -a -t httpd_sys_script_exec_t '/var/www/html/cgi(/.*)?' #Permanently modify the security context of the directory restorecon -RvvF /var/www/html/cgi #Refresh
Test: 172.25.254.117/cgi/
3)wsgi(python)
mkdir /var/www/html/wsgi #Create storage directory vim /var/www/html/wsgi/index.wsgi #Write swgi program. The content must be aligned, and python has strict requirements for format def application(env,westos): westos('200 ok',[('Content-Type', 'text/html')]) return [b'hello westos'] dnf install python3-mod_wsgi -y #Download and install systemctl restart httpd
vim /etc/httpd/conf.d/vhost.conf #Write virtual machine master profile <VirtualHost *:80> ServerName wsgi.westos.org #Service name WSGIScriptAlias / /var/www/html/wsgi/index.wsgi #The path is written correctly </VirtualHost> systemctl restart httpd
In the host: vim /etc/hosts # It must be a super user
172.25.254.117 wsgi.westos.org
Detection: wsgi.westos.org
9. Encrypted access to Apache
dnf install mod_ssl -y #Install encryption plug-in systemctl restart httpd #Be sure to restart the service after each download mkdir /etc/httpd/tls openssl req --newkey rsa:2048 -nodes -sha256 -keyout /etc/httpd/tls/www.westos.org.key -x509 -days 365 --out /etc/httpd/tls/www.westos.org.crt[x509 Certificate format;-req Request;-in Load visa name] #Generate certificate, private key [cannot be less than 2048] and certificate signature file vim /etc/httpd/conf.d/ssl.conf #Write configuration file [specify certificate and key file, and the path must be correct] #Lines 85 and 93 are commented out, then copied and changed to: SSLCertificateFile /etc/httpd/tls/www.westos.org.crt #Specify the certificate. 85 lines. The path must be written correctly SSLCertificateKeyFile /etc/httpd/tls/www.westos.org.key #Specify the key file. Line 93, the path must be correct systemctl restart httpd #Restart service
mkdir /var/www/westos.org/login #Create a storage directory echo login\'s page > /var/www/westos.org/login/index.html hold login\'s page Import into path file cat /var/www/westos.org/login/index.html #view file contents login's page
vim /etc/httpd/conf.d/vhost.conf #Write virtual machine master profile <VirtualHost *:80> ServerName login.westos.org RewriteEngine on RewriteRule ^(/.*)$ https://%$1 # [^ (/. *) $## customer address field;% ## customer host; $1 ## Value of the first string of characters following RewriteRule] </VirtualHost> <VirtualHost *:443> #443 is a hypertext encryption transmission protocol ServerName login.westos.org DocumentRoot "/var/www/westos.org/login" SSLEngine on SSLCertificateFile /etc/httpd/tls/www.westos.org.crt SSLCertificateKeyFile /etc/httpd/tls/www.westos.org.key </VirtualHost> systemctl restart httpd
In the host: vim /etc/hosts # It must be a super user
172.25.254.117 login.westos.org
Detection: visit login.westos.org and it will automatically become an encrypted address
10.squid
squid forward proxy
Forward proxy: when the cached page is accessed for the second time, the browser will directly obtain the request data from the local proxy server instead of requesting data from the original web site, which saves the network broadband and improves the access speed
Two hosts are required. One host can access the Internet (squid agent), one host cannot access the Internet, and the host that cannot access the Internet can access the web page through the host that can access the Internet
Experimental results: the single network card host can not access the Internet, but the browser can access the Internet web page
Operation:
In nodea, a dual network card host: [ensure that the software warehouse is successfully built]
nmcli connection show nmcli connection delete Wired\ connection\ 1 cd /etc/sysconfig/network-scripts/ vim ifcfg-ens3 #Configure network ip address DEVICE=ens3 ONBOOT=yes BOOTPROTO=none IPADDR=172.25.254.170 NETMASK=255.255.255.0 NAME=ens3 DNS1=114.114.114.114 GATEWAY=172.25.254.70 nmcli connection reload nmcli connection up ens3 nmcli connection show
dnf install squid -y #Download squid vim /etc/squid/squid.conf #Modify master profile Line 59 should read http_access allow all Line 65 uncomment systemctl start squid #Turn on squid service firewall-cmd --permanent --add-service=squid #Permanently add squid service to the fire wall firewall-cmd --reload #Refresh fire wall firewall-cmd --add-masquerade #Open address camouflage
In nodeb of single network card host: [be sure to pay attention to the path]
nmcli connection show nmcli connection delete Wired\ connection\ 1 cd /etc/sysconfig/network-scripts/ #Configure network files vim ifcfg-ens3 DEVICE=ens3 ONBOOT=yes BOOTPROTO=none IPADDR=172.25.254.200 NETMASK=255.255.255.0 NAME=ens3 nmcli connection reload nmcli connection up ens3 nmcli connection show dnf install firefox -y ping www.baidu.com #ping failed
Open Firefox and set it in Firefox
squid reverse proxy
In nodeb
dnf install httpd -y #Download a software systemctl start httpd #Start httpd service firewall-cmd --add-service=http #Set http permanently in the fire wall echo 172.25.254.200 > /var/www/html/index.html Put 172.25.254.200 Import/var/www/html/index.html In the file
In nodea
vim /etc/squid/squid.conf #Add in main profile http_port 80 vhost vport cache_peer 172.25.254.200 parent 80 0 proxy-only systemctl restart squid.service #Restart squid service firewall-cmd --add-service=http #Permanently add http to the fire wall
Visit on Firefox
