Linux System Engineer
The system used in the experiment is redhat-rhel8 2.
Linux system management - Apache management and optimization
1, Function and installation of Apache
Web Server software stay web Commonly used when accessed http: //The way http: // ##Hypertext Transfer Protocol
dnf install httpd.x86_64 -y
2, Enabling Apache
systemctl enable --now httpd ##Turn on the service and set the service bit for startup firewall-cmd --list-all ##View fire wall information firewall-cmd --permanent --add-service=http ##Permanently turn on http access in the firewall firewall-cmd --permanent --add-service=https ##Permanently turn on https access in the firewall firewall-cmd --reload ##Refresh the fire wall to make the settings take effect vim /var/www/html/index.html ##Modify welcome interface /// hello /// 172.25.254.109 ##Test in browser
#apache enable
#Test successful
3, Basic information about Apache
Service Name: httpd Profile: /etc/httpd/conf/httpd.conf ##Master profile /etc/httpd/conf.d/*.conf ##Sub profile Default publishing Directory: /var/www/html Default publish file: index.html Default port: 80 ##http 443 ##https User: apache journal: /etc/httpd/logs
4, Basic configuration of Apacdhe
1. Port modification of Apache
vim /etc/httpd/conf/httpd.conf ##Modify profile /// Listen 8080 /// systemctl restart httpd netstat -antlupe | grep httpd ##Port view If you need access firewall-cmd --permanent --add-port=8080/tcp ##Permanently open 8080 port access in the fire wall firewall-cmd --reload systemctl restart httpd http://172.25.254.109:8080 ## Browser access firewall-cmd --permanent --remove-port=8080/tcp ##delete a port vim /etc/httpd/conf/httpd.conf ##Restore profile
2. Default publish file
vim /var/www/html/index.html ##Default publish file /// index.html /// vim /var/www/html/westos.html ##New publish file /// westos.html /// vim /etc/httpd/conf/httpd.conf ##Modify profile /// DirectoryIndex westos.html index.html ##Load westos first html /// systemctl restart httpd
#In the configuration file, westos HTML before
#Visit westos.com first html
[note] if the configuration file does not include westos HTML, used when accessing http://172.25.254.109/westos.html
#Restore profile to default
#Default access index html
#You can also access it, but you need to add a path
3. Default publishing directory
mkdir /westos_apache ##New publishing directory vim /westos_apache/index.html ##Edit the publication file of the publication directory /// westos_apache /// semanage fcontext -a -t httpd_sys_content_t '/westos_apache(/.*)?' ##Modify security context restorecon -RvvF /westos_apache/ ##Read security context vim /etc/httpd/conf/httpd.conf ##Modify profile /// #DocumentRoot "/var/www/html" ##Note default publishing directory DocumentRoot "/westos_apache" ##Use new publishing directory <Directory "/westos_apache"> Require all granted ##Consent authorization </Directory> /// systemctl restart httpd Test: http://172.25.254.109 #westos_apache [be careful] After the experiment, comment out the changes and restore the default
#Profile modification
#Test access succeeded
#Restore profile
5, Access control of apache
[note] after modifying the configuration file, restart the service
1. Control IP
Experimental preparation:
mkdir /var/www/html/westos vim /var/www/html/westos/index.html /// westos/index.html ///
The current real machine ip is 172.25.254.9,a virtual machine ip is 172.25.254.109 as the server, and b virtual machine ip is 172.25.254.209 as the client
That is, access with the browser of real machine and b virtual machine
- Allow everyone except number 9 to access
vim /etc/httpd/conf/httpd.conf /// <Directory "/var/www/html/westos"> ##to grant authorization Order Allow,Deny ##Access allow first, then deny Allow from all ##Allow everyone access Deny from 172.25.254.9 ##Access denied to 9 </Directory> /// systemctl restart httpd Test: http: //172.25.254.109/westos/ 9-> refuse other->agree
#Profile modification
#Real machine 9 access failed
#Virtual machine b access succeeded
- Deny access to everyone except No. 9
vim /etc/httpd/conf/httpd.conf /// <Directory "/var/www/html/westos"> Order Deny,Allow ##Visit deny first, then allow Deny from all ##Deny everyone access Allow from 172.25.254.9 ##Allow No. 9 access </Directory> systemctl restart httpd Test: http: //172.25.254.109/westos/ 9->agree other->refuse
#Profile modification
#Real machine 9 successfully accessed
#Virtual machine b access failed
2. Control access (username and password)
Experimental preparation:
cd /etc/httpd htpasswd -cm .htpasswd admin ##Add user and password #New password:123 #Re-type new password:123 #Adding password for user admin cat .htpasswd ##View user and encrypted passwords htpasswd -m .htpasswd admin1 #New password: 123 #Re-type new password: 123 #Adding password for user admin1 ls -a /etc/httpd ##View hidden files htpasswd cat .htpasswd ##View content
[note] when adding another user, the parameter is - m, and using - cm will overwrite the first user
- Allow admin access only
vim /etc/httpd/conf/httpd.conf /// <Directory "/var/www/html/westos"> AuthUserFile /etc/httpd/.htpasswd ##Path to the executable AuthName "Please input username and password" AuthType basic Require user admin ##Allow admin user access # Require valid-users ##Notes, allowed All user access in htpasswd </Directory> /// systemctl restart httpd
#Profile modification
#admin user access succeeded
#admin1 user access failed
[note] clear the history and cache before logging in with a new user
- Allow All user access in htpasswd
vim /etc/httpd/conf/httpd.conf /// # Require user admin ##Note, admin user access Require valid-user ##Allow All user access in htpasswd /// systemctl restart httpd
#When modifying the configuration file, pay attention to the location of valid users – > valid user and "#"
#admin user access succeeded
#admin1 user access succeeded
6, apache virtual host
Experimental preparation:
mkdir -p /var/www/vhost/westos.org/{news,music,map} ##New publishing directory echo news.westos.org > /var/www/vhost/westos.org/news/index.html echo music.westos.org > /var/www/vhost/westos.org/music/index.html echo map.westos.org > /var/www/vhost/westos.org/map/index.html ##Publish file
vim /etc/httpd/conf.d/vhosts.conf ##Domain name profile /// <VirtualHost _default_:80> DocumentRoot /var/www/html ##File path CustomLog logs/default.log combined ##Log path </VirtualHost> <VirtualHost *:80> ServerName music.westos.org ##name DocumentRoot /var/www/vhost/westos.org/music CustomLog logs/music.log combined </VirtualHost> <VirtualHost *:80> ServerName news.westos.org DocumentRoot /var/www/vhost/westos.org/news CustomLog logs/news.log combined </VirtualHost> <VirtualHost *:80> ServerName map.westos.org DocumentRoot /var/www/vhost/westos.org/map CustomLog logs/map.log combined </VirtualHost> /// systemctl restart httpd
#Profile modification
[note] resolve the domain name wherever you open the browser
su - root vim /etc/hosts ##Domain name resolution profile /// 172.25.254.109 www.westos.org music.westos.org news.westos.org map.westos.org /// ping map.westos.org Test: http://news.westos.org
[note] if there is no problem with the file, but the browser displays the contents of other domain names, clean the browser cache
#Domain name resolution file
#Access successful
7, Language support for apache
LAMP linux+Apache+Myaql+PHP/Perl/Python
1,php
dnf install php.x86_64 -y systemctl restart httpd vim /var/www/html/index.php /// <?php phpinfo(); ?> /// Test: http://172.25.254.109/index.php
#Access successful
2,cgi
cd /var/www/html/ mkdir cgi cd cgi vim index.cgi /// #!/usr/bin/perl print "Content-type:text/html\n\n"; print `date`; ##`date ` means to execute the command ##Note that the symbol is `, not quotation marks /// chmod +x index.cgi ##Execution Authority ls -Zd /var/www/cgi-bin/ ##View security context semanage fcontext -a -t httpd_sys_script_exec_t '/var/www/html/cgi(/.*)?' ##Set synchronization security context restorecon -RvvF /var/www/html/cgi/ ##Read settings ./index.cgi ##See if the command can be run ##At this time, the browser cannot open CGI / index CGI, only the source code can be seen, because it cannot be recognized vim /etc/httpd/conf.d/vhosts.conf ##Domain name profile /// <Directory "/var/www/html/cgi"> Options +ExecCGI AddHandler cgi-script .cgi ##Both types of files can be identified and executed </Directory> /// systemctl restart httpd testing: http://172.25.254.109/cgi/index.cgi
[note] if there is no error, check selinux and change it to permissive
#Edit publish file
#At this time, the browser cannot open CGI / index CGI, you can only see the source code
#Access successful
3,wsgi
cd /var/www/html/ vim index.wsgi ##Edit publish file /// def application(env,westos): westos('200 ok',[('Content-Type','text/html')]) return [b'hello westos'] /// ## Pay attention to indentation chmod +x index.wsgi ##Give execution permission dnf search wsgi dnf install python3-mod_wsgi.x86_64 -y systemctl restart httpd ##172.25.254.109/index. Is displayed in the browser WSGI pop-up download index wsgi vim /etc/httpd/conf.d/vhosts.conf /// <VirtualHost *:80> ServerName wsgi.westos.org WSGIScriptAlias / /var/www/html/index.wsgi </VirtualHost> /// systemctl restart httpd ##Domain name resolution vim /etc/hosts /// 172.25.254.109 www.westos.org music.westos.org news.westos.org map.westos.org wsgi.westos.org /// ping wsgi.westos.org Test: browser wsgi.westos.org
#Before domain name resolution, the download file will pop up
#Domain name resolution succeeded
#Access successful
8, Encrypted access to apache
Install encryption software dnf install mod_ssl -y ##Install encryption plug-in systemctl restart httpd mkdir /etc/httpd/tls openssl req --newkey rsa:2048 -nodes -sha256 -keyout /etc/httpd/tls/westos.org.key -x509 -days 365 -out /etc/httpd/tls/westos.org.crt /// CN-->Shaanxi-->Xi'an-->WESTOS-->Linux-->www.westos.org-->admin@westos.org /// ############ -req ##request x509 ##Certificate format --newkey rsa:2048 -nodes ##Generate private key -sha256 -keyout /etc/httpd/tls/westos.org.key ##Generate certificate signature file -x509 -days 365 -out /etc/httpd/tls/westos.org.crt ##Generate certificate ############ ls /etc/httpd/tls/ mkdir /var/www/vhost/westos.org/login vim /var/www/vhost/westos.org/login/index.html /// login.westos.org /// vim /etc/httpd/conf.d/vhosts.conf /// <VirtualHost *:443> ServerName login.westos.org DocumentRoot /var/www/vhost/westos.org/login Customlog logs/login.log combined SSLEngine on SSLCertificateFile /etc/httpd/tls/westos.org.crt SSLCertificateKeyFile /etc/httpd/tls/westos.org.key </VirtualHost> /// systemctl restart httpd ############ ^(/.*)$ ##Address entered in the customer address field %{HTTP_HOST} ##Client host $1 ##The value of the first string of characters following the root of RewriteRule ############ ##Domain name resolution vim /etc/hosts /// 172.25.254.109 www.westos.org music.westos.org news.westos.org map.westos.org wsgi.westos.org login.westos.org /// ping login.westos.org Test: browser login.westos.org