vim westos.html
hello world
測試:firefox輸入server端ip(如:172.25.254.44),則顯示westos.html中的內容
注:輸入後一般默認是http://172.25.254.44,若不是修改則需要修改爲http://
選擇虛擬機desktop爲server端:
修改主機名:hostnamectl set-hostname apache.example.com
給server端一個靜態IP:172.25.254.137
配置可用yum源:vim /etc/yum.repos.d/rhel_dvd.repo
清空yum緩存:yum clean all
下載http服務:yum install httpd -y
[root@apache ~]# systemctl start httpd ##開啓httpd服務# [root@apache ~]# systemctl enable httpd.service ##開機啓動httpd服務## ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service' [root@apache ~]# firewall-cmd --list-all ##查看火牆的服務狀態## public (default, active) interfaces: eth0 sources: services: dhcpv6-client ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules: [root@apache ~]# firewall-cmd --permanent --add-service=http ##永久開啓http服務## success [root@apache ~]# firewall-cmd --permanent --add-service=https ##永久開啓https服務## success [root@apache ~]# firewall-cmd --reload ##刷新火牆服務狀態## success [root@apache ~]# firewall-cmd --list-all public (default, active) interfaces: eth0 sources: services: dhcpv6-client http https ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules:
實驗:
client用瀏覽器訪問172.25.254.137,應顯示apache的測試頁
注:若顯示Unable to connect,則瀏覽器訪問172.25.254.137可能並未使用http協議
server端:
[root@apache ~]# cd /var/www/html/ ##apache服務共享文件的默認目錄##
[root@apache html]# ls
[root@apache html]# vim index.html ##編寫http服務的默認分享文件,該文件的文件名必須以.html結尾##
[root@apache html]# cat index.html
hello
this is 172.25.254.137
實驗:
client用瀏覽器再次訪問172.25.254.137,應顯示hello this is 172.25.254.137
注:此處vim中的換行在網頁中無法顯示
server端:
[root@apache html]# netstat -antlpe | grep httpd
tcp6 0 0 :::80 :::* LISTEN 0 97853 3155/httpd
[root@apache html]# vim /etc/httpd/conf/httpd.conf
40 #
41 #Listen 12.34.56.78:80
42 Listen 8080 ##修改默認端口80爲8080##
43
[root@apache html]# systemctl restart httpd
實驗:
因爲默認的80端口被修改爲8080,所以此時client若用瀏覽器再次訪問172.25.254.137,則顯示Unable to connect;應該訪問172.25.254.137:8080,然而網頁還是顯示Unable to codnnect,可能是火牆上的8080端口沒開。
server端:
[root@apache html]# firewall-cmd --list-all
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client http https ssh
ports: ##8080端口沒開##
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
[root@apache html]# firewall-cmd --permanent --add-port=8080/tcp ##在火牆上永久開啓8080端口##
success
[root@apache html]# firewall-cmd --reload ##刷新火牆狀態##
success
[root@apache html]# firewall-cmd --list-all
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client http https ssh
ports: 8080/tcp ##8080端口已開啓##
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
實驗:
client瀏覽器再次訪問172.25.254.137:8080,顯示hello this is 172.25.254.137則實驗ok
將默認端口改回80繼續下面的實驗
server端:
[root@apache html]# vim /etc/httpd/conf/httpd.conf
[root@apache html]# systemctl restart httpd
[root@apache html]# vim westos
[root@apache html]# cat westos
the page of westos and this is 172.25.254.137
[root@apache html]# ls
index.html westos
[root@apache html]# rm -f index.html
[root@apache html]# ls
westos
實驗:
client用瀏覽器訪問172.25.254.137,則顯示apache測試頁。原因是http服務默認分享文件index.html被刪除
client用瀏覽器訪問172.25.254.137/westos,則顯示the page of westos and this is 172.25.254.137
server端:
[root@apache html]# vim /etc/httpd/conf/httpd.conf
162 #
163 <IfModule dir_module>
164 DirectoryIndex index.html westos ##httpd服務的默認分享文件##
165 </IfModule>
166
[root@apache html]# systemctl restart httpd
實驗:
client用瀏覽器訪問172.25.254.137,則顯示the page of westos and this is 172.25.254.137
server端:
[root@apache html]# mkdir /www/html -p
[root@apache html]# cd /www/html/
[root@apache html]# ls
[root@apache html]# vim westos
[root@apache html]# cat westos
the page of /www/html/westos
實驗:
client用瀏覽器訪問172.25.254.137顯示的是the page of westos and this is 172.25.254.137,而非文件/www/html/westos中的內容
server端:
[root@apache html]# vim /etc/httpd/conf/httpd.conf
118 #
119 #DocumentRoot "/var/www/html"
120 DocumentRoot "/www/html"
121
[root@apache html]# systemctl restart httpd
實驗:
client用瀏覽器訪問172.25.254.137顯示apache的測試頁;訪問172.25.254.137/westos則顯示Forbidden You don't have permission to access /westos on this server.
排錯:報錯是權限問題
清空server端的日誌(> /var/log/messages)---->client端用瀏覽器再次訪問172.25.254.137/westos---->查看server端的日誌(cat /var/log/messages),日誌內容如下
.........
***** Plugin catchall (17.1 confidence) suggests **************************
If you believe that httpd should be allowed getattr access on the file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep httpd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
.........
一般這樣的日誌都是SELinux的問題,解決方法如下:
server端:
[root@apache html]# ls -Z
-rw-r--r--. root root unconfined_u:object_r:default_t:s0 westos
[root@apache html]# ls -Z /var/www/
drwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0 cgi-bin
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html
[root@apache html]# semanage fcontext -a -t httpd_sys_content_t '/www(/.*)?'
[root@apache html]# restorecon -R /www/
[root@apache html]# restorecon -RvvF /www/
restorecon reset /www context unconfined_u:object_r:httpd_sys_content_t:s0->system_u:object_r:httpd_sys_content_t:s0
restorecon reset /www/html context unconfined_u:object_r:httpd_sys_content_t:s0->system_u:object_r:httpd_sys_content_t:s0
restorecon reset /www/html/westos context unconfined_u:object_r:httpd_sys_content_t:s0->system_u:object_r:httpd_sys_content_t:s0
[root@apache html]# ls -Z /www/
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html
實驗:
client端用瀏覽器訪問172.25.254.137/westos,依然顯示權限問題
排錯:server端清空日誌,client端訪問後server端日誌爲空
[root@apache html]# cd /etc/httpd/
[root@apache httpd]# ls
conf conf.d conf.modules.d logs modules run
[root@apache httpd]# cd logs
[root@apache logs]# ls
access_log error_log ##access_log爲服務的訪問日誌,error_log爲服務的報錯日誌##
[root@apache logs]# > access_log
[root@apache logs]# > error_log
##清空該服務的全部日誌,client端再次訪問後查看日誌##
[root@apache logs]# cat access_log
172.25.254.44 - - [11/Mar/2017:05:24:48 -0500] "GET /westos HTTP/1.1" 403 208 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0"
[root@apache logs]# cat error_log
[Sat Mar 11 05:24:48.566786 2017] [authz_core:error] [pid 6433] [client 172.25.254.44:59764] AH01630: client denied by server configuration: /www/html/westos
##報錯日誌顯示客戶被服務配置拒絕##
[root@apache logs]# vim /etc/httpd/conf/httpd.conf ##修改httpd服務的配置文件,給/www/html/westos文件權限##
118 #
119 #DocumentRoot "/var/www/html"
120 DocumentRoot "/www/html"
121 <Directory "/www">
122 Require all granted
123 </Directory>
124
[root@apache logs]# systemctl restart httpd
實驗:
client端訪問172.25.254.137/westos,則顯示the page of /www/html/westos ,排錯成功
[root@apache logs]# vim /etc/httpd/conf/httpd.conf
118 #
119 DocumentRoot "/var/www/html"
120
121 #
122 # Relax access to content within /var/www.
123 #
[root@apache logs]# systemctl restart httpd
##還原配置文件,並重啓服務進行下一步實驗操作##
server端:
[root@apache logs]# cd /var/www/html/
[root@apache html]# ls
westos
[root@apache html]# vim westos
[root@apache html]# cat westos
this is www.westos.com
實驗:
client訪問172.25.254.137,則顯示this is www.westos.com
client端添加本地域名解析:
[root@foundation44 ~]# vim /etc/hosts
[root@foundation44 ~]# tail -n 1 /etc/hosts
172.25.254.137 www.westos.com
此時client訪問www.westos.com,就相當於訪問172.25.254.137,顯示this is www.westos.com
操作目的:client訪問不同域名顯示不同內容
首先client端添加本地域名解析,並確定每個域名都能ping通:
[root@foundation44 ~]# vim /etc/hosts
[root@foundation44 ~]# tail -n 1 /etc/hosts
172.25.254.137 www.westos.com sport.westos.com music.westos.com
[root@foundation44 ~]# ping www.westos.com
PING www.westos.com (172.25.254.137) 56(84) bytes of data.
64 bytes from www.westos.com (172.25.254.137): icmp_seq=1 ttl=64 time=0.174 ms
64 bytes from www.westos.com (172.25.254.137): icmp_seq=2 ttl=64 time=0.161 ms
^C
--- www.westos.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.161/0.167/0.174/0.014 ms
[root@foundation44 ~]# ping sport.westos.com
PING www.westos.com (172.25.254.137) 56(84) bytes of data.
64 bytes from www.westos.com (172.25.254.137): icmp_seq=1 ttl=64 time=0.168 ms
64 bytes from www.westos.com (172.25.254.137): icmp_seq=2 ttl=64 time=0.210 ms
^C
--- www.westos.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.168/0.189/0.210/0.021 ms
[root@foundation44 ~]# ping music.westos.com
PING www.westos.com (172.25.254.137) 56(84) bytes of data.
64 bytes from www.westos.com (172.25.254.137): icmp_seq=1 ttl=64 time=0.192 ms
64 bytes from www.westos.com (172.25.254.137): icmp_seq=2 ttl=64 time=0.180 ms
^C
--- www.westos.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.180/0.186/0.192/0.006 ms
注:此時client訪問以上三個域名均顯示相同內容this is www.westos.com
server端:
[root@apache ~]# cd /var/www/html/
[root@apache html]# mkdir /var/www/sport ##虛擬主機sport.westos.com的httpd服務的默認分享目錄##
[root@apache html]# mkdir /var/www/music ##虛擬主機music.westos.com的httpd服務的默認分享目錄##
[root@apache html]# echo this is sport.westos.com > /var/www/sport/westos
[root@apache html]# echo this is music.westos.com > /var/www/music/westos
[root@apache html]# cat /var/www/sport/westos
this is sport.westos.com
[root@apache html]# cat /var/www/music/westos
this is music.westos.com
[root@apache html]# cat /var/www/html/westos
this is www.westos.com
[root@apache html]# cd /etc/httpd/conf.d
[root@apache conf.d]# ls
autoindex.conf README userdir.conf welcome.conf
[root@apache conf.d]# vim default.conf ##虛擬主機www.westos.com的配置文件##
1 <Virtualhost _default_:80>
2 Documentroot /var/www/html
3 customlog "logs/default.log" combined
4 </Virtualhost>
5
6 <Directory /var/www/html>
7 require all granted
8 </Directory>
[root@apache conf.d]# systemctl restart httpd
此時client訪問www.westos.com,則顯示this is www.westos.com
[root@apache conf.d]# cp default.conf sport.conf
[root@apache conf.d]# vim sport.conf
1 <Virtualhost *:80>
2 Servername sport.westos.com
3 Documentroot /var/www/sport
4 customlog "logs/default.log" combined
5 </Virtualhost>
6
7 <Directory /var/www/sport>
8 require all granted
9 </Directory>
[root@apache conf.d]# systemctl restart httpd
此時client訪問sport.westos.com,則顯示this is sport.westos.com
[root@apache conf.d]# cp default.conf music.conf
[root@apache conf.d]# vim music.conf
1 <Virtualhost *:80>
2 Servername music.westos.com
3 Documentroot /var/www/music
4 customlog "logs/default.log" combined
5 </Virtualhost>
6
7 <Directory /var/www/music>
8 require all granted
9 </Directory>
[root@apache conf.d]# systemctl restart httpd
此時client訪問music.westos.com,則顯示this is music.westos.com
server端:
[root@apache conf.d]# cd /var/www/music/
[root@apache music]# ls
westos
[root@apache music]# mkdir admin
[root@apache music]# cd admin/
[root@apache admin]# vim westos
[root@apache admin]# cat westos
the admin's page and the host is music.westos.com
此時client訪問music.westos.com/admin/,則顯示the admin's page and the host is music.westos.com
補充參數:
以虛擬主機music.westos.com的配置文件爲例:
1 <Virtualhost *:80>
2 Servername music.westos.com
3 Documentroot /var/www/music
4 customlog "logs/default.log" combined
5 </Virtualhost>
6
7 <Directory /var/www/music>
8 require all granted
9 </Directory>
10
11 <Directory /var/www/music/admin>
12 Order allow,deny
13 allow from all
14 deny from 172.25.254.44
15 </Directory>
重啓服務後的效果是172.25.254.44訪問music.westos.com則顯示被拒絕;172.25.254.44以外的client訪問music.westos.com則顯示the admin's page and the host is music.westos.com
若修改該配置文件第三部分的參數:
10
11 <Directory /var/www/music/admin>
12 Order deny,allow
13 allow from all
14 deny from 172.25.254.44
15 </Directory>
重啓服務後的效果是包括172.25.254.44在內的client均能正常訪問music.westos.com/admin
server端:
[root@apache ~]# cd /etc/httpd/conf
[root@apache conf]# ls
httpd.conf magic
[root@apache conf]# htpasswd -cm apacheuser admin ##創建一個加密文件且默認apache htpassswd命令採用MD5算法對密碼進行加密;admin表示用戶名##
New password:
Re-type new password:
Adding password for user admin
[root@apache conf]# cat apacheuser ##查看加密文件##
admin:$apr1$KDa9QbRH$ZN8EJqoOTCEMaIKzpR8ST0
[root@apache conf]# ls
apacheuser httpd.conf magic
[root@apache conf]# htpasswd -m apacheuser tom ##加密文件存在的情況下,再次創建用戶及密碼時無需加參數-c##
New password:
Re-type new password:
Adding password for user tom
[root@apache conf]# cd ../conf.d
[root@apache conf.d]# vim music.conf ##修改虛擬主機music.westos.com配置文件的第三部分##
10
11 <Directory /var/www/music/admin>
12 Authuserfile /etc/httpd/conf/apacheuser ##指定用戶認證文件位置##
13 Authname "Please input your name and passwd" ##用戶訪問時顯示給用戶的信息##
14 Authtype basic ##認證類型##
15 Require user admin ##admin用戶可用##
16 </Directory>
[root@apache conf]# systemctl restart httpd
實驗:
client訪問music.westos.com回彈出對話框要求輸入用戶名以及用戶密碼,此時admin用戶及其密碼可用,tom用戶及其密碼不可用
若將第15行參數改爲Require valid-user後重啓服務,則表示加密文件apacheuser中的用戶都可用