配置文件:/etc/httpd/conf/httpd.conf
<IfModule dir_module> DirectoryIndex index.html text.html #此處會優先讀取前面一個文件。如果index文件不存在,就讀取text文件。如果都沒有,顯示測試頁 </IfModule>
/etc/httpd/conf.d/*.conf conf.d目錄下的所有conf文件
虛擬主機
基於主機名:
<VirtualHost *:80> ServerName localhost.localdomain DocumentRoot /var/www/local </VirtualHost>
添加字段,控制文件訪問權限:
創建2個用戶(不是系統用戶,是訪問html的用戶)
httpd-manual裏面 Authentication and Authorization 中有
[root@localhost conf]# htpasswd -c /etc/httpd/.htpasswd user1 New password: Re-type new password: Adding password for user user1 [root@localhost conf]# htpasswd /etc/httpd/.htpasswd user2 New password: Re-type new password: Adding password for user user2 [root@localhost conf]# cat /etc/httpd/.htpasswd user1:$apr1$/HcTzDUm$16tL9pldhS4YV7i1E6GKU0 user2:$apr1$qTaxMLFd$1YtqCEglB1e5lNyjUbuec1
<VirtualHost *:80> ServerName localhost.localdomain DocumentRoot /var/www/local <Directory /var/www/local> AuthType basic AuthName "Please Input Your Name&Passwd!" AuthUserFile /etc/httpd/.htpasswd Require user user1 #只有user1能訪問 Require valid-user #.htpasswd中的用戶都能訪問 </Directory> </VirtualHost>
以索引的方式顯示文件,並且可以顯示鏈接文件
Mapping URLs to the Filesystem 手冊中有
<Directory /var/www/local/file> Options Indexes FollowSymlinks </Directory>
Options -Indexes -FollowSymlinks #要關閉功能在前面加上-
添加IP限制
Access Control 手冊
<Directory /var/www/local/allow> Order allow,deny ##後面的優先級高!!如果allow在後面,allow的優先級高 allow from 10.42.1.0/24 deny from 10.42.1.14 </Directory>
https
默認端口:443
安裝包:mod_ssl
ssl的配置文件
/etc/httpd/conf.d/ssl.conf
Listen 443 <VirtualHost *:443> ServerName localhost.localdomain DocumentRoot /var/www/ssl SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLCertificateFile /etc/pki/tls/certs/localhost.crt #服務端的證書 SSLCertificateKeyFile /etc/pki/tls/private/localhost.key #服務端的私鑰 SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt #CA的證書 </VirtualHost>
不要CA的證書,自己簽名
[root@localhost certs]# ls ca-bundle.crt localhost.crt Makefile ca-bundle.trust.crt make-dummy-cert renew-dummy-cert [root@localhost certs]# pwd /etc/pki/tls/certs [root@localhost certs]# make chomper.crt
這個命令是指生成一個自籤的證書,自己給自己簽名。
用此種方式restart服務的時候需要輸入私鑰的密碼。
生成一個私鑰(需要輸入密碼),
生成一個公鑰(證書)(需要輸入私鑰的密碼)。
然後填寫證書的信息(#主機名#)
Listen 443 SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog <VirtualHost *:443> ServerName www.chomper.com DocumentRoot /var/www/ssl SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLCertificateFile /etc/pki/tls/certs/chomper.crt SSLCertificateKeyFile /etc/pki/tls/private/chomper.key </VirtualHost>
安裝包 mod_wsgi
<VirtualHost *:80> ServerName localhost.localdomain DocumentRoot /var/www/ssl WSGIScriptAlias / /var/www/ssl/webapp.wsgi </VirtualHost>
基於端口的虛擬主機:添加8899端口
Listen 8899 <VirtualHost *:8899> ServerName www.chomper.com DocumentRoot /var/www/ssl </VirtualHost>
[root@localhost conf.d]# semanage port -l | grep http http_cache_port_t tcp 8080, 8118, 8123, 10001-10010 http_cache_port_t udp 3130 http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000 pegasus_http_port_t tcp 5988 pegasus_https_port_t tcp 5989 [root@localhost conf.d]# semanage port -a -t http_port_t -p tcp 8899
[root@localhost conf.d]# semanage port -l | grep http http_cache_port_t tcp 8080, 8118, 8123, 10001-10010 http_cache_port_t udp 3130 http_port_t tcp 8899, 80, 81, 443, 488, 8008, 8009, 8443, 9000 pegasus_http_port_t tcp 5988 pegasus_https_port_t tcp 5989