#########################################apache與https
1.安裝
yum install httpd -y ##安裝apache服務
systemctl start httpd ##開啓服務
systemctl enable httpd ##開機自啓
systemctl stop firewalld ##關閉火牆
systemctl disable firewalld ##關閉開機自啓
yum install httpd -y ##安裝apache服務
systemctl start httpd ##開啓服務
systemctl enable httpd ##開機自啓
systemctl stop firewalld ##關閉火牆
systemctl disable firewalld ##關閉開機自啓
2.基礎瞭解
1)apache默認發佈文件:index.html
1)apache默認發佈文件:index.html
2)apache默認發佈目錄:/var/www/html
3)apache默認端口:80
4)apache主配置文件:/etc/httpd/conf/httpd.conf
5)apache子配置文件:/etc/httpd/conf.d
5)apache子配置文件:/etc/httpd/conf.d
3.基本配置
1)修改默認發佈文件
vim /var/www/html/westos.html
<h1>westos's page</h1>
vim /etc/httpd/conf/httpd.conf
DirectoryIndex westos.html ##默認爲index.html改爲westos.html
systemctl restart httpd ##重啓服務
測試
在瀏覽器中直接輸入172.25.254.123訪問到westos.html
1)修改默認發佈文件
vim /var/www/html/westos.html
<h1>westos's page</h1>
vim /etc/httpd/conf/httpd.conf
DirectoryIndex westos.html ##默認爲index.html改爲westos.html
systemctl restart httpd ##重啓服務
測試
在瀏覽器中直接輸入172.25.254.123訪問到westos.html
2)修改默認發佈目錄
mkdir /westos/www/test -p ##建立發佈目錄
cd /westos/www/test
vim westos.html ##建立發佈文件
<h1>test's page</h1>
當selinxu爲disable狀態
vim /etc/httpd/conf/httpd.conf
DocumentRoot "/westos/www/test" ##修改發佈目錄爲/westos/www/test
<Directory "/westos/www/test"> ##自定義目錄權限
Require all granted
</Directory>
systemctl restart httpd ##重啓服務
當selinxu爲enforcing狀態
vim /etc/httpd/conf/httpd.conf
DocumentRoot "/westos/www/test"
<Directory "/westos/www/test">
Require all granted
</Directory>
systemctl restart httpd
semanage fcontext -a -t httpd_sys_content_t '/westos(/.*)?' ##修改安全上下文
restorecon -RvvF /westos ##刷新
測試
在瀏覽器中直接輸入172.25.254.123訪問到westos.html
mkdir /westos/www/test -p ##建立發佈目錄
cd /westos/www/test
vim westos.html ##建立發佈文件
<h1>test's page</h1>
當selinxu爲disable狀態
vim /etc/httpd/conf/httpd.conf
DocumentRoot "/westos/www/test" ##修改發佈目錄爲/westos/www/test
<Directory "/westos/www/test"> ##自定義目錄權限
Require all granted
</Directory>
systemctl restart httpd ##重啓服務
當selinxu爲enforcing狀態
vim /etc/httpd/conf/httpd.conf
DocumentRoot "/westos/www/test"
<Directory "/westos/www/test">
Require all granted
</Directory>
systemctl restart httpd
semanage fcontext -a -t httpd_sys_content_t '/westos(/.*)?' ##修改安全上下文
restorecon -RvvF /westos ##刷新
測試
在瀏覽器中直接輸入172.25.254.123訪問到westos.html
4.apache訪問控制
cd /var/www/html
mkdir admin
cd admin
vim index.html
<h1>admin's page</h1>
1)設定ip的訪問
vim /etc/httpd/conf/httpd.conf
DocumentRoot "/var/www/html/admin"
<Directory "/var/www/html/admin"> ##允許所有人訪問admin目錄,拒絕23主機
Order Allow,Deny
Allow from all
Deny from 172.25.254.23
</Directory>
<Directory "/var/www/html/admin"> ##只允許23主機訪問admin目錄
Order Deny,Allow
Allow from 172.25.254.23
Deny from all
</Directory>
systemctl restart httpd
![]()
![]()
2)設定用戶的訪問
htpasswd -cm /etc/httpd/accessuser admin ##建立用戶認證文件
vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/admin">
AuthUserFile /etc/httpd/accessuser ##用戶認證文件
AuthName "Please input your named and passwd" ##用戶認證提示信息
AuthType basic ##認證類型
Require valid-user ##認證用戶,認證文件中的所有用戶都可以訪問
[Require user admin] ##只有admin用戶可以訪問
</Directory>
systemctl restart httpd
![]()
![]()
![]()
cd /var/www/html
mkdir admin
cd admin
vim index.html
<h1>admin's page</h1>
1)設定ip的訪問
vim /etc/httpd/conf/httpd.conf
DocumentRoot "/var/www/html/admin"
<Directory "/var/www/html/admin"> ##允許所有人訪問admin目錄,拒絕23主機
Order Allow,Deny
Allow from all
Deny from 172.25.254.23
</Directory>
<Directory "/var/www/html/admin"> ##只允許23主機訪問admin目錄
Order Deny,Allow
Allow from 172.25.254.23
Deny from all
</Directory>
systemctl restart httpd
2)設定用戶的訪問
htpasswd -cm /etc/httpd/accessuser admin ##建立用戶認證文件
vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/admin">
AuthUserFile /etc/httpd/accessuser ##用戶認證文件
AuthName "Please input your named and passwd" ##用戶認證提示信息
AuthType basic ##認證類型
Require valid-user ##認證用戶,認證文件中的所有用戶都可以訪問
[Require user admin] ##只有admin用戶可以訪問
</Directory>
systemctl restart httpd
5.apache語言支持:php html cgi
1)html語言默認支持
2)php:需安裝php服務
yum install php -y
systemctl restart httpd
3)cgi
mkdir /var/www/html/cgi
cd /var/www/html/cgi
vim index.cgi
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print `date`;
vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/cgi">
Options +ExecCGI
AddHandler cgi-script .cgi
</Directory>
systemctl restart httpd
測試
在瀏覽器中輸入172.25.254.123/cgi訪問
1)html語言默認支持
2)php:需安裝php服務
yum install php -y
systemctl restart httpd
3)cgi
mkdir /var/www/html/cgi
cd /var/www/html/cgi
vim index.cgi
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print `date`;
vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/cgi">
Options +ExecCGI
AddHandler cgi-script .cgi
</Directory>
systemctl restart httpd
測試
在瀏覽器中輸入172.25.254.123/cgi訪問
6.虛擬主機
1)建立測試頁
mkdir -p /var/www/virtual/news.westos.com/html ##虛擬主機默認發佈目錄
mkdir -p /var/www/virtual/money.westos.com/html
echo "<h1>money.westos.com's page</h1>" > /var/www/virtual/money.westos.com/html/index.html
echo "<h1>news.westos.com's page</h1>" > /var/www/virtual/news.westos.com/html/index.html
2)配置
vim /etc/httpd/conf.d/default.conf ##未指定域名的訪問都訪問default
<Virtualhost _default_:80> ##虛擬主機開啓的端口
DocumentRoot "/var/www/html" ##虛擬主機的默認發佈目錄
CustomLog "logs/default.log" combined ##虛擬主機日誌
</Virtualhost>
vim /etc/httpd/conf.d/news.conf ##指定域名news.westos.com的訪問到指定默認發佈目錄
<Virtualhost *:80>
ServerName "news.westos.com" ##指定域名
DocumentRoot "/var/www/virtual/news.westos.com/html" ##默認發佈目錄
CustomLog "logs/news.log" combined ##日誌
</Virtualhost>
<Directory "/var/www/virtual/news.westos.com/html"> ##默認發佈目錄的訪問授權
Require all granted
</Directory>
vim /etc/httpd/conf.d/moeny.conf ##指定域名news.westos.com的訪問到指定默認發佈目錄
<Virtualhost *:80>
ServerName "money.westos.com" ##指定域名
DocumentRoot "/var/www/virtual/money.westos.com/html" ##默認發佈目錄
CustomLog "logs/money.log" combined ##日誌
</Virtualhost>
<Directory "/var/www/virtual/money.westos.com/html"> ##默認發佈目錄的訪問授權
Require all granted
</Directory>
systemctl restart httpd
3)測試
在瀏覽器所在主機中做域名解析
vim /etc/hosts ##域名解析
172.25.254.123 www.westos.com news.westos.com money.westos.com
瀏覽器輸入域名訪問,不同域名訪問不同頁面
1)建立測試頁
mkdir -p /var/www/virtual/news.westos.com/html ##虛擬主機默認發佈目錄
mkdir -p /var/www/virtual/money.westos.com/html
echo "<h1>money.westos.com's page</h1>" > /var/www/virtual/money.westos.com/html/index.html
echo "<h1>news.westos.com's page</h1>" > /var/www/virtual/news.westos.com/html/index.html
2)配置
vim /etc/httpd/conf.d/default.conf ##未指定域名的訪問都訪問default
<Virtualhost _default_:80> ##虛擬主機開啓的端口
DocumentRoot "/var/www/html" ##虛擬主機的默認發佈目錄
CustomLog "logs/default.log" combined ##虛擬主機日誌
</Virtualhost>
vim /etc/httpd/conf.d/news.conf ##指定域名news.westos.com的訪問到指定默認發佈目錄
<Virtualhost *:80>
ServerName "news.westos.com" ##指定域名
DocumentRoot "/var/www/virtual/news.westos.com/html" ##默認發佈目錄
CustomLog "logs/news.log" combined ##日誌
</Virtualhost>
<Directory "/var/www/virtual/news.westos.com/html"> ##默認發佈目錄的訪問授權
Require all granted
</Directory>
vim /etc/httpd/conf.d/moeny.conf ##指定域名news.westos.com的訪問到指定默認發佈目錄
<Virtualhost *:80>
ServerName "money.westos.com" ##指定域名
DocumentRoot "/var/www/virtual/money.westos.com/html" ##默認發佈目錄
CustomLog "logs/money.log" combined ##日誌
</Virtualhost>
<Directory "/var/www/virtual/money.westos.com/html"> ##默認發佈目錄的訪問授權
Require all granted
</Directory>
systemctl restart httpd
3)測試
在瀏覽器所在主機中做域名解析
vim /etc/hosts ##域名解析
172.25.254.123 www.westos.com news.westos.com money.westos.com
瀏覽器輸入域名訪問,不同域名訪問不同頁面
7.https:網頁註冊登陸數據加密
1)定義
Hyper text transfer protocol over Secure socker layer
通過ssl實現加密
2)配置
mkdir /var/www/virtual/login.westos.com/html -p
cd /var/www/virtual/login.westos.com/html
vim index.html
<h1>login.westos.com page</h1>
yum install mod_ssl crypto-utils -y
genkey www.westos.com ##生成證書和密鑰
生成的證書:/etc/pki/tls/certs/www.westos.com.crt
生成的密鑰:/etc/pki/tls/private/www.westos.com.key
vim /etc/httpd/conf.d/login.conf
<Virtualhost *:443> ##https端口爲443
ServerName "login.westos.com"
DocumentRoot "/var/www/virtual/login.westos.com/html"
CustomLog "logs/login.log" combined
SSLEngine on ##開啓https功能
SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt ##證書
SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key ##密鑰
</Virtualhost>
<Directory "/var/www/virtual/login.westos.com/html">
Require all granted
</Directory>
<Virtualhost *:80> ##網頁重寫實現自動訪問https
ServerName login.westos.com
RewriteEngine on
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
</Virtualhost>
systemctl restart httpd
1)定義
Hyper text transfer protocol over Secure socker layer
通過ssl實現加密
2)配置
mkdir /var/www/virtual/login.westos.com/html -p
cd /var/www/virtual/login.westos.com/html
vim index.html
<h1>login.westos.com page</h1>
yum install mod_ssl crypto-utils -y
genkey www.westos.com ##生成證書和密鑰
生成的證書:/etc/pki/tls/certs/www.westos.com.crt
生成的密鑰:/etc/pki/tls/private/www.westos.com.key
vim /etc/httpd/conf.d/login.conf
<Virtualhost *:443> ##https端口爲443
ServerName "login.westos.com"
DocumentRoot "/var/www/virtual/login.westos.com/html"
CustomLog "logs/login.log" combined
SSLEngine on ##開啓https功能
SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt ##證書
SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key ##密鑰
</Virtualhost>
<Directory "/var/www/virtual/login.westos.com/html">
Require all granted
</Directory>
<Virtualhost *:80> ##網頁重寫實現自動訪問https
ServerName login.westos.com
RewriteEngine on
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
</Virtualhost>
systemctl restart httpd
##^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
^(/.*)$ 客戶主機在地址欄中寫入的所有字符,不包括換行符
https:// 定向成爲訪問協議
%{HTTP_HOST} 客戶請求主機
$1 $1的值就表示^(/.*)$的值
[redirect=301] 臨時重定向,302表示永久重定向
^(/.*)$ 客戶主機在地址欄中寫入的所有字符,不包括換行符
https:// 定向成爲訪問協議
%{HTTP_HOST} 客戶請求主機
$1 $1的值就表示^(/.*)$的值
[redirect=301] 臨時重定向,302表示永久重定向
3)測試
在客戶主機中添加解析
vim /etc/hosts
172.25.254.123 login.westos.com
訪問http://login.westos.com會自動調轉到https://login.westos.com實現網頁數據加密傳輸
