Apache服务及相关配置

📅 2026/7/19 3:05:39
Apache服务及相关配置
一、Apache安装[rootnfs-server ~]# dnf install httpd -y[rootnfs-server ~]# systemctl enable --now httpdCreated symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.二、Apache服务基本信息软件httpd端口httpd80 https443主配置文件/etc/httpd/conf/httpd.conf子配置文件/etc/httpd/conf.d/服务启动脚本httpd.service默认发布目录/var/www/html默认发布文件index.html三、Apache的基本配置1.发布文件默认发布文件的生成[rootnfs-server ~]# echo 172.25.254.100 /var/www/html/index.html #写入文件内容[rootnfs-server ~]# cat /var/www/html/index.html172.25.254.100测试[rootnfs-server ~]# curl 172.25.254.100172.25.254.100默认发布文件的修改[rootnfs-server ~]# vim /etc/httpd/conf/httpd.conf #修改主配置文件168 IfModule dir_module169 DirectoryIndex lee.html index.html #在默认发布文件前加入需要访问的文件170 /IfModule[rootnfs-server ~]# systemctl reload httpd #重启服务reload可以实现服务不停止的情况下更新配置文件[rootnfs-server ~]# echo lee /var/www/html/lee.html #写入文件内容测试[rootnfs-server ~]# curl 172.25.254.100lee[rootnfs-server ~]# cat /var/www/html/lee.htmllee[rootnfs-server ~]# rm -fr /var/www/html/lee.html[rootnfs-server ~]# curl 172.25.254.100172.25.254.1002.修改默认发布目录生成新的默认发布目录和默认发布文件[rootnfs-server ~]# mkdir /var/web/html[rootnfs-server ~]# echo /var/web/html /var/web/html/index.html配置使用新的默认发布目录和默认发布文件[rootnfs-server ~]# vim /etc/httpd/conf/httpd.conf#DocumentRoot /var/www/htmlDocumentRoot /var/web/htmlDirectory /var/web #对/var/web目录授权,否则服务拒绝访问AllowOverride None# Allow open access:Require all granted/Directory[rootnfs-server ~]# systemctl restart httpd测试[rootnfs-server ~]# curl 172.25.254.100/var/web/html四、修改服务端口[rootnfs-server ~]# vim /etc/httpd/conf/httpd.confDocumentRoot /var/www/html #恢复默认发布目录#DocumentRoot /var/web/html47 Listen 8080 #修改端口[rootnfs-server ~]# systemctl restart httpd测试[rootnfs-server ~]# netstat -antlupe | grep httpdtcp6 0 0 :::8080 :::* LISTEN 0 79486 30895/httpd[rootnfs-server ~]# curl 172.25.254.100:8080172.25.254.100五、目录的访问控制1.基于IP的访问控制要求在访问http//172.25.254.100/lee时只能让172.25.254.1主机访问其他人不能访问[rootnfs-server ~]# mkdir /var/www/html/lee[rootnfs-server ~]# echo /var/www/html/lee /var/www/html/lee/index.html[rootnfs-server ~]# vim /etc/httpd/conf/httpd.confListen 80 #更改端口Directory /var/www/html/lee #给目录授权Order deny,allow #order-顺序deny-拒绝allow-允许Deny from ALL #拒绝所有访问Allow from 172.25.254.1 #允许172.25.254.1访问/Directory注意此处有个逻辑关系后面的命令会覆盖前面的命令例如上述代码deny拒绝所有访问但是allow允许172.25.254.1访问由于allow在deny之后所以allow覆盖前面的deny所以172.25.254.1可以访问[rootnfs-server ~]# systemctl restart http测试[rootnfs-server ~]# curl 172.25.254.100/lee!DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//ENhtmlheadtitle403 Forbidden/title/headbodyh1Forbidden/h1pYou dont have permission to access this resource./p/body/html#在windows中的浏览器中访问http://172.25.254.100/lee 是可以的2.基于用户认证的访问控制当访问http//172.25.254.100/timinglee目录时需要通过用户认证否则拒绝访问[rootnfs-server ~]# mkdir -p /var/www/html/timinglee[rootnfs-server ~]# echo /var/www/html/timinglee /var/www/html/timinglee/index.html#建立认证文件[rootnfs-server ~]# htpasswd -cm /etc/httpd/.htpasswd leeNew password:Re-type new password:Adding password for user lee#配置apache目录访问认证[rootnfs-server ~]# vim /etc/httpd/conf/httpd.confDirectory /var/www/html/timingleeAuthUserFile /etc/httpd/.htpasswd #用户认证文件AuthName Please input username and passwordAuthType basicRequire valid-user/Directory[rootnfs-server ~]# systemctl restart httpd测试[rootnfs-server ~]# curl 172.25.254.100/timinglee/!DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//ENhtmlheadtitle401 Unauthorized/title/headbodyh1Unauthorized/h1pThis server could not verify that youare authorized to access the documentrequested. Either you supplied the wrongcredentials (e.g., bad password), or yourbrowser doesnt understand how to supplythe credentials required./p/body/html[rootnfs-server ~]# curl 172.25.254.100/timinglee/ -ulee:lee/var/www/html/timinglee六、Apache服务器的虚拟主机服务IP是非常有限的资源Apache默认只能发布一个站点但是企业可能又多个站点要发布那么就需要Apache的虚拟机技术1.建立各个站点的默认发布目录和发布文件www.timinglee.org 访问默认bbs.timinglee.org /var/www/virtual/timinglee.org/bbsnews.timinglee.org /var/www/virtual/timinglee.org/news[rootnfs-server ~]# mkdir /var/www/virtual/timinglee.org/news -p[rootnfs-server ~]# mkdir /var/www/virtual/timinglee.org/bbs -p[rootnfs-server ~]# echo news.timinglee.org /var/www/virtual/timinglee.org/news/index.html[rootnfs-server ~]# echo bbs.timinglee.org /var/www/virtual/timinglee.org/bbs/index.htmlbbs.timinglee.org /var/www/virtual/timinglee.org/bbs/index.html[rootnfs-server ~]# echo bbs.timinglee.org /var/www/virtual/timinglee.org/bbs/index.html2.配置虚拟主机[rootnfs-server ~]# vim /etc/httpd/conf.d/vhosts.conf #子配置文件VirtualHost _default_:80DocumentRoot /var/www/htmlCustomLog /etc/httpd/logs/default.log combined/VirtualHostVirtualHost *:80ServerName news.timinglee.orgDocumentRoot /var/www/virtual/timinglee.org/newsCustomLog /etc/httpd/logs/news.log combined/VirtualHostVirtualHost *:80ServerName bbs.timinglee.orgDocumentRoot /var/www/virtual/timinglee.org/bbsCustomLog /etc/httpd/logs/bbs.log combined/VirtualHost测试#在哪里测试就在那个主机中做解析[rootnfs-server ~]# vim /etc/hosts172.25.254.100 nfs-server www.timinglee.org news.timinglee.org bbs.timinglee.org[rootnfs-server ~]# curl www.timinglee.org172.25.254.100[rootnfs-server ~]# curl bbs.timinglee.orgbbs.timinglee.org[rootnfs-server ~]# curl news.timinglee.orgnews.timinglee.org七、Apache的https访问1.生成证书[rootnfs-server ~]# mkdir /etc/httpd/certs[rootnfs-server ~]# openssl req -newkey rsa:2048 -nodes -sha256 -keyout /etc/httpd/certs/timinglee.org.key -x509 -days 365 -out /etc/httpd/certs/timinglee.org.crtYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter ., the field will be left blank.-----Country Name (2 letter code) [XX]:CNState or Province Name (full name) []:ShannixLocality Name (eg, city) [Default City]:XianOrganization Name (eg, company) [Default Company Ltd]:timingleeOrganizational Unit Name (eg, section) []:webserverCommon Name (eg, your name or your servers hostname) []:www.timinglee.orgEmail Address []:timingleetiminglee.org[rootnfs-server ~]# ls /etc/httpd/certs/timinglee.org.crt timinglee.org.key2.安装加密套件[rootnfs-server ~]# dnf install mod_ssl -y[rootnfs-server ~]# mkdir /var/www/virtual/timinglee.org/login -p[rootnfs-server ~]# echo login.timinglee.org /var/www/virtual/timinglee.org/login/index.html3.配置加密[rootnfs-server ~]# vim /etc/httpd/conf.d/vhosts.confVirtualHost *:80ServerName login.timinglee.orgRewriteEngine OnRewriteRule ^/(.*)$ https://login.timinglee.org/$1 [R301] #导向443/VirtualHostVirtualHost *:443ServerName login.timinglee.orgDocumentRoot /var/www/virtual/timinglee.org/loginCustomLog /etc/httpd/logs/login.log combindSSLEngine onSSLCertificateFile /etc/httpd/certs/timinglee.org.crtSSLCertificateKeyFile /etc/httpd/certs/timinglee.org.key/VirtualHost[rootnfs-server ~]# systemctl restart httpd注意https和http端口不一致测试[rootnfs-server ~]# vim /etc/hosts172.25.254.100 nfs-server www.timinglee.org news.timinglee.org bbs.timinglee.org login.timinglee.org[rootnfs-server ~]# curl -kL login.timinglee.orglogin.timinglee.org