apache（httpd）

cd /var/www/html        ##apache服務共享文件的默認目錄##

vim westos.html

            hello world       

測試：firefox輸入server端ip（如：172.25.254.44），則顯示westos.html中的內容
注：輸入後一般默認是http：//172.25.254.44，若不是修改則需要修改爲http：//

選擇虛擬機desktop爲server端：
修改主機名：hostnamectl set-hostname apache.example.com
給server端一個靜態IP：172.25.254.137
配置可用yum源：vim /etc/yum.repos.d/rhel_dvd.repo
清空yum緩存：yum clean all
下載http服務：yum install httpd -y

[root@apache ~]# systemctl start httpd        ##開啓httpd服務#
[root@apache ~]# systemctl enable httpd.service        ##開機啓動httpd服務##
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
[root@apache ~]# firewall-cmd --list-all        ##查看火牆的服務狀態##
public (default, active)
  interfaces: eth0
  sources: 
  services: dhcpv6-client ssh
  ports: 
  masquerade: no
  forward-ports: 
  icmp-blocks: 
  rich rules: 
[root@apache ~]# firewall-cmd --permanent --add-service=http        ##永久開啓http服務##
success
[root@apache ~]# firewall-cmd --permanent --add-service=https        ##永久開啓https服務##
success
[root@apache ~]# firewall-cmd --reload         ##刷新火牆服務狀態##
success
[root@apache ~]# firewall-cmd --list-all
public (default, active)
  interfaces: eth0
  sources: 
  services: dhcpv6-client http https ssh
  ports: 
  masquerade: no
  forward-ports: 
  icmp-blocks: 
  rich rules:

實驗：    
client用瀏覽器訪問172.25.254.137，應顯示apache的測試頁
注：若顯示Unable to connect,則瀏覽器訪問172.25.254.137可能並未使用http協議


server端：
[root@apache ~]# cd /var/www/html/        ##apache服務共享文件的默認目錄##
[root@apache html]# ls
[root@apache html]# vim index.html    ##編寫http服務的默認分享文件，該文件的文件名必須以.html結尾##
[root@apache html]# cat index.html
hello
this is 172.25.254.137
實驗：
client用瀏覽器再次訪問172.25.254.137，應顯示hello this is 172.25.254.137
注：此處vim中的換行在網頁中無法顯示


server端：
[root@apache html]# netstat -antlpe | grep httpd
tcp6       0      0 :::80                   :::*                    LISTEN      0          97853      3155/httpd          
[root@apache html]# vim /etc/httpd/conf/httpd.conf
     40 #
     41 #Listen 12.34.56.78:80
     42 Listen 8080        ##修改默認端口80爲8080##
     43
[root@apache html]# systemctl restart httpd
實驗：
因爲默認的80端口被修改爲8080，所以此時client若用瀏覽器再次訪問172.25.254.137，則顯示Unable to connect;應該訪問172.25.254.137：8080,然而網頁還是顯示Unable to codnnect，可能是火牆上的8080端口沒開。
server端：
[root@apache html]# firewall-cmd --list-all
public (default, active)
  interfaces: eth0
  sources:
  services: dhcpv6-client http https ssh
  ports:        ##8080端口沒開##
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:
    
[root@apache html]# firewall-cmd --permanent --add-port=8080/tcp        ##在火牆上永久開啓8080端口##
success
[root@apache html]# firewall-cmd --reload     ##刷新火牆狀態##
success
[root@apache html]# firewall-cmd --list-all
public (default, active)
  interfaces: eth0
  sources:
  services: dhcpv6-client http https ssh
  ports: 8080/tcp        ##8080端口已開啓##
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:
實驗：
client瀏覽器再次訪問172.25.254.137：8080，顯示hello this is 172.25.254.137則實驗ok

將默認端口改回80繼續下面的實驗

server端：
[root@apache html]# vim /etc/httpd/conf/httpd.conf
[root@apache html]# systemctl restart httpd
[root@apache html]# vim westos
[root@apache html]# cat westos
the page of westos and this is 172.25.254.137
[root@apache html]# ls
index.html  westos
[root@apache html]# rm -f index.html
[root@apache html]# ls
westos
實驗:
client用瀏覽器訪問172.25.254.137，則顯示apache測試頁。原因是http服務默認分享文件index.html被刪除
client用瀏覽器訪問172.25.254.137/westos，則顯示the page of westos and this is 172.25.254.137


server端：
[root@apache html]# vim /etc/httpd/conf/httpd.conf
    162 #
    163 <IfModule dir_module>
    164     DirectoryIndex index.html westos    ##httpd服務的默認分享文件##
    165 </IfModule>
    166
[root@apache html]# systemctl restart httpd
實驗：
client用瀏覽器訪問172.25.254.137，則顯示the page of westos and this is 172.25.254.137


server端：
[root@apache html]# mkdir /www/html -p
[root@apache html]# cd /www/html/
[root@apache html]# ls
[root@apache html]# vim westos
[root@apache html]# cat westos
the page of /www/html/westos
實驗：
client用瀏覽器訪問172.25.254.137顯示的是the page of westos and this is 172.25.254.137，而非文件/www/html/westos中的內容
server端：
[root@apache html]# vim /etc/httpd/conf/httpd.conf
    118 #
    119 #DocumentRoot "/var/www/html"
    120 DocumentRoot "/www/html"
    121
[root@apache html]# systemctl restart httpd
實驗：
client用瀏覽器訪問172.25.254.137顯示apache的測試頁；訪問172.25.254.137/westos則顯示Forbidden     You don't have permission to access /westos on this server.
排錯：報錯是權限問題
清空server端的日誌（> /var/log/messages）---->client端用瀏覽器再次訪問172.25.254.137/westos---->查看server端的日誌（cat /var/log/messages），日誌內容如下

.........

*****  Plugin catchall (17.1 confidence) suggests   **************************

If you believe that httpd should be allowed getattr access on the  file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep httpd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

.........

一般這樣的日誌都是SELinux的問題，解決方法如下：
server端：
[root@apache html]# ls -Z
-rw-r--r--. root root unconfined_u:object_r:default_t:s0 westos
[root@apache html]# ls -Z /var/www/
drwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0 cgi-bin
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html
[root@apache html]# semanage fcontext -a -t httpd_sys_content_t '/www(/.*)?'
[root@apache html]# restorecon -R /www/
[root@apache html]# restorecon -RvvF /www/
restorecon reset /www context unconfined_u:object_r:httpd_sys_content_t:s0->system_u:object_r:httpd_sys_content_t:s0
restorecon reset /www/html context unconfined_u:object_r:httpd_sys_content_t:s0->system_u:object_r:httpd_sys_content_t:s0
restorecon reset /www/html/westos context unconfined_u:object_r:httpd_sys_content_t:s0->system_u:object_r:httpd_sys_content_t:s0
[root@apache html]# ls -Z /www/
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html
實驗：
client端用瀏覽器訪問172.25.254.137/westos，依然顯示權限問題

排錯：server端清空日誌，client端訪問後server端日誌爲空
[root@apache html]# cd /etc/httpd/
[root@apache httpd]# ls
conf  conf.d  conf.modules.d  logs  modules  run
[root@apache httpd]# cd logs
[root@apache logs]# ls
access_log  error_log        ##access_log爲服務的訪問日誌，error_log爲服務的報錯日誌##
[root@apache logs]# > access_log
[root@apache logs]# > error_log
##清空該服務的全部日誌，client端再次訪問後查看日誌##
[root@apache logs]# cat access_log
172.25.254.44 - - [11/Mar/2017:05:24:48 -0500] "GET /westos HTTP/1.1" 403 208 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0"
[root@apache logs]# cat error_log
[Sat Mar 11 05:24:48.566786 2017] [authz_core:error] [pid 6433] [client 172.25.254.44:59764] AH01630: client denied by server configuration: /www/html/westos
##報錯日誌顯示客戶被服務配置拒絕##
[root@apache logs]# vim /etc/httpd/conf/httpd.conf    ##修改httpd服務的配置文件，給/www/html/westos文件權限##
    118 #
    119 #DocumentRoot "/var/www/html"
    120 DocumentRoot "/www/html"
    121  <Directory "/www">
    122      Require all granted
    123  </Directory>
    124
[root@apache logs]# systemctl restart httpd
實驗：
client端訪問172.25.254.137/westos，則顯示the page of /www/html/westos ，排錯成功

[root@apache logs]# vim /etc/httpd/conf/httpd.conf
    118 #
    119 DocumentRoot "/var/www/html"
    120  
    121 #
    122 # Relax access to content within /var/www.
    123 #
[root@apache logs]# systemctl restart httpd
##還原配置文件，並重啓服務進行下一步實驗操作##

server端：
[root@apache logs]# cd /var/www/html/
[root@apache html]# ls
westos
[root@apache html]# vim westos
[root@apache html]# cat westos
this is www.westos.com
實驗:
client訪問172.25.254.137，則顯示this is www.westos.com

client端添加本地域名解析：
[root@foundation44 ~]# vim /etc/hosts
[root@foundation44 ~]# tail -n 1 /etc/hosts
172.25.254.137    www.westos.com
此時client訪問www.westos.com,就相當於訪問172.25.254.137，顯示this is www.westos.com


操作目的：client訪問不同域名顯示不同內容

首先client端添加本地域名解析，並確定每個域名都能ping通：
[root@foundation44 ~]# vim /etc/hosts
[root@foundation44 ~]# tail -n 1 /etc/hosts
172.25.254.137    www.westos.com  sport.westos.com  music.westos.com
[root@foundation44 ~]# ping www.westos.com
PING www.westos.com (172.25.254.137) 56(84) bytes of data.
64 bytes from www.westos.com (172.25.254.137): icmp_seq=1 ttl=64 time=0.174 ms
64 bytes from www.westos.com (172.25.254.137): icmp_seq=2 ttl=64 time=0.161 ms
^C
--- www.westos.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.161/0.167/0.174/0.014 ms
[root@foundation44 ~]# ping sport.westos.com
PING www.westos.com (172.25.254.137) 56(84) bytes of data.
64 bytes from www.westos.com (172.25.254.137): icmp_seq=1 ttl=64 time=0.168 ms
64 bytes from www.westos.com (172.25.254.137): icmp_seq=2 ttl=64 time=0.210 ms
^C
--- www.westos.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.168/0.189/0.210/0.021 ms
[root@foundation44 ~]# ping music.westos.com
PING www.westos.com (172.25.254.137) 56(84) bytes of data.
64 bytes from www.westos.com (172.25.254.137): icmp_seq=1 ttl=64 time=0.192 ms
64 bytes from www.westos.com (172.25.254.137): icmp_seq=2 ttl=64 time=0.180 ms
^C
--- www.westos.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.180/0.186/0.192/0.006 ms
注：此時client訪問以上三個域名均顯示相同內容this is www.westos.com

server端：
[root@apache ~]# cd /var/www/html/
[root@apache html]# mkdir /var/www/sport    ##虛擬主機sport.westos.com的httpd服務的默認分享目錄##
[root@apache html]# mkdir /var/www/music    ##虛擬主機music.westos.com的httpd服務的默認分享目錄##
[root@apache html]# echo this is sport.westos.com > /var/www/sport/westos
[root@apache html]# echo this is music.westos.com > /var/www/music/westos
[root@apache html]# cat /var/www/sport/westos     
this is sport.westos.com
[root@apache html]# cat /var/www/music/westos
this is music.westos.com
[root@apache html]# cat /var/www/html/westos
this is www.westos.com
[root@apache html]# cd /etc/httpd/conf.d
[root@apache conf.d]# ls
autoindex.conf  README  userdir.conf  welcome.conf
[root@apache conf.d]# vim default.conf        ##虛擬主機www.westos.com的配置文件##
      1 <Virtualhost _default_:80>  
      2         Documentroot /var/www/html
      3         customlog "logs/default.log" combined
      4 </Virtualhost>
      5
      6 <Directory /var/www/html>
      7         require all granted
      8 </Directory>

[root@apache conf.d]# systemctl restart httpd
此時client訪問www.westos.com，則顯示this is www.westos.com

[root@apache conf.d]# cp default.conf sport.conf
[root@apache conf.d]# vim sport.conf
      1 <Virtualhost *:80>
      2         Servername sport.westos.com
      3         Documentroot /var/www/sport
      4         customlog "logs/default.log" combined
      5 </Virtualhost>
      6
      7 <Directory /var/www/sport>
      8         require all granted
      9 </Directory>

[root@apache conf.d]# systemctl restart httpd
此時client訪問sport.westos.com,則顯示this is sport.westos.com

[root@apache conf.d]# cp default.conf music.conf
[root@apache conf.d]# vim music.conf
      1 <Virtualhost *:80>
      2         Servername music.westos.com
      3         Documentroot /var/www/music
      4         customlog "logs/default.log" combined
      5 </Virtualhost>
      6
      7 <Directory /var/www/music>
      8         require all granted
      9 </Directory>

[root@apache conf.d]# systemctl restart httpd
此時client訪問music.westos.com,則顯示this is music.westos.com
server端：
[root@apache conf.d]# cd /var/www/music/
[root@apache music]# ls
westos
[root@apache music]# mkdir admin
[root@apache music]# cd admin/
[root@apache admin]# vim westos
[root@apache admin]# cat westos
the admin's page and the host is music.westos.com
此時client訪問music.westos.com/admin/,則顯示the admin's page and the host is music.westos.com



補充參數：
以虛擬主機music.westos.com的配置文件爲例：
  1 <Virtualhost *:80>
  2         Servername music.westos.com
  3         Documentroot /var/www/music
  4         customlog "logs/default.log" combined
  5 </Virtualhost>
  6
  7 <Directory /var/www/music>
  8         require all granted
  9 </Directory>
 10
 11 <Directory /var/www/music/admin>
 12         Order allow,deny
 13         allow from all
 14         deny from 172.25.254.44
 15 </Directory>
重啓服務後的效果是172.25.254.44訪問music.westos.com則顯示被拒絕；172.25.254.44以外的client訪問music.westos.com則顯示the admin's page and the host is music.westos.com

若修改該配置文件第三部分的參數：
 10
 11 <Directory /var/www/music/admin>
 12         Order deny,allow
 13         allow from all
 14         deny from 172.25.254.44
 15 </Directory>
重啓服務後的效果是包括172.25.254.44在內的client均能正常訪問music.westos.com/admin




server端：
[root@apache ~]# cd /etc/httpd/conf
[root@apache conf]# ls
httpd.conf  magic
[root@apache conf]# htpasswd -cm apacheuser admin    ##創建一個加密文件且默認apache htpassswd命令採用MD5算法對密碼進行加密；admin表示用戶名##
New password:
Re-type new password:
Adding password for user admin
[root@apache conf]# cat apacheuser    ##查看加密文件##
admin:$apr1$KDa9QbRH$ZN8EJqoOTCEMaIKzpR8ST0
[root@apache conf]# ls
apacheuser  httpd.conf  magic
[root@apache conf]# htpasswd -m apacheuser tom    ##加密文件存在的情況下，再次創建用戶及密碼時無需加參數-c##
New password:
Re-type new password:
Adding password for user tom
[root@apache conf]# cd ../conf.d
[root@apache conf.d]# vim music.conf    ##修改虛擬主機music.westos.com配置文件的第三部分##
     10
     11 <Directory /var/www/music/admin>
     12         Authuserfile /etc/httpd/conf/apacheuser    ##指定用戶認證文件位置##
     13         Authname "Please input your name and passwd"    ##用戶訪問時顯示給用戶的信息##
     14         Authtype basic    ##認證類型##
     15         Require user admin    ##admin用戶可用##
     16 </Directory>
[root@apache conf]# systemctl restart httpd
實驗：
client訪問music.westos.com回彈出對話框要求輸入用戶名以及用戶密碼，此時admin用戶及其密碼可用，tom用戶及其密碼不可用
若將第15行參數改爲Require valid-user後重啓服務，則表示加密文件apacheuser中的用戶都可用