zoukankan      html  css  js  c++  java
  • CentOS httpd服务(Apache)

    1、从ISO镜像安装,Apache 服务的软件包名称为 httpd

    #检查源配置
    [root@localhost media]# cat /etc/yum.repos.d/CentOS-Media.repo # CentOS-Media.repo # # This repo can be used with mounted DVD media, verify the mount point for # CentOS-7. You can use this repo and yum to install items directly off the # DVD ISO that we release. # # To use this repo, put in your DVD and use it with the other repos too: # yum --enablerepo=c7-media [command] # # or for ONLY the media repo, do this: # # yum --disablerepo=* --enablerepo=c7-media [command] [c7-media] name=CentOS-$releasever - Media baseurl=file:///media/CentOS/ file:///media/cdrom/ file:///media/cdrecorder/ gpgcheck=1 enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
    #挂载cdrom,挂载点和repo配置相同
    mount /dev/cdrom /media/cdrom
    #安装httpd
    [root@localhost media]# yum install httpd
    
    #启动服务
    [root@localhost media]# systemctl start httpd
    [root@localhost media]# systemctl status httpd
    ● httpd.service - The Apache HTTP Server
       Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
       Active: active (running) since 一 2019-01-21 16:11:38 CST; 5s ago
         Docs: man:httpd(8)
               man:apachectl(8)
     Main PID: 6702 (httpd)
    。。。 。。。
    
    #设置自动启动
    systemctl enable httpd
    #永久打开80端口
    [root@localhost media]# firewall-cmd --zone=public --add-port=80/tcp --permanent

    #也可以打开防火墙的http服务,打开http服务后,默认会打开80端口,当时在firewall-cmd --list-ports里看不到
    #可以在/etc/services里查看所有服务注册的端口
    [root@bigdata-senior01 etc]# firewall-cmd --zone=public --add-service=http --permanent


    至此,从浏览器可以访问缺省页面。

    2、配置

    缺省配置目录:

    服务目录       /etc/httpd
    主配置文件     /etc/httpd/conf/httpd.conf
    网站数据目录   /var/www/html
    访问日志      /var/log/httpd/access_log
    错误日志     /var/log/httpd/error_log

    2.1、配置文件主要参数/etc/httpd/conf/httpd.conf

    ServerRoot  服务目录
    ServerAdmin  管理员邮箱
    User  运行服务的用户
    Group  运行服务的用户组
    ServerName  网站服务器的域名
    DocumentRoot  网站数据目录
    Directory 网站数据目录的权限
    Listen  监听的 IP 地址与端口号
    DirectoryIndex  默认的索引页页面
    ErrorLog  错误日志文件
    CustomLog  访问日志文件
    Timeout  网页超时时间,默认为 300

    2.2、替换网站缺省的页面

    #静态网站一般以index.html为启动页面,在网络目录里放入一个index.html页面替换apache的缺省页面
    [root@localhost html]# pwd
    /var/www/html
    [root@localhost html]# echo "welcome visit my homepage..." > index.html
    [root@localhost html]# ls
    index.html

    生产环境网站的数据文件整体放入/var/www/html即可

    2.3、重新设定网站的数据目录

    [root@localhost html]# mkdir /home/wwwroot
    [root@localhost html]# cd /home/wwwroot/
    [root@localhost wwwroot]# echo "welcome my new page..." > index.html
    [root@localhost wwwroot]# ls
    index.html
    
    #修改DocumentRoot和<Directory ""> [root@localhost conf]#
    vi /etc/httpd/conf/httpd.conf # # DocumentRoot: The directory out of which you will serve your # documents. By default, all requests are taken from this directory, but # symbolic links and aliases may be used to point to other locations. # # DocumentRoot "/var/www/html" DocumentRoot "/home/wwwroot" # # Relax access to content within /var/www. # <Directory "/home/wwwroot"> AllowOverride None # Allow open access: Require all granted </Directory>


    。。。。。。
    #重启httpd服务
    [root@localhost conf]# systemctl restart httpd


    重新访问:

    页面已经变化。

    如果出现“Forbidden,You don't have permission to access /index.html on this server.”,则可能是SELinux的权限导致的。

    这要重新配置SELinux权限,或者直接关闭SELinux权限。

    #权限disabled
    [root@localhost conf]# cat /etc/selinux/config
    
    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #     enforcing - SELinux security policy is enforced.
    #     permissive - SELinux prints warnings instead of enforcing.
    #     disabled - No SELinux policy is loaded.
    #SELINUX=enforcing
    SELINUX=disabled
    # SELINUXTYPE= can take one of three two values:
    #     targeted - Targeted processes are protected,
    #     minimum - Modification of targeted policy. Only selected processes are protected. 
    #     mls - Multi Level Security protection.
    SELINUXTYPE=targeted 

     3、开启个人用户主页

    #编辑配置文件
    [root@localhost conf.d]# vi /etc/httpd/conf.d/userdir.conf # # UserDir: The name of the directory that is appended onto a user's home # directory if a ~user request is received. # # The path to the end user account 'public_html' directory must be # accessible to the webserver userid. This usually means that ~userid # must have permissions of 711, ~userid/public_html must have permissions # of 755, and documents contained therein must be world-readable. # Otherwise, the client will only receive a "403 Forbidden" message. # <IfModule mod_userdir.c> # # UserDir is disabled by default since it can confirm the presence # of a username on the system (depending on home directory # permissions). # #UserDir disabled #是否允许个人主页 # # To enable requests to /~user/ to serve the user's public_html # directory, remove the "UserDir disabled" line above, and uncomment # the following line instead: # UserDir public_html #主页目录 </IfModule> # # Control access to UserDir directories. The following is an example # for a site where these directories are restricted to read-only. # <Directory "/home/*/public_html">

    家目录的权限修改为 755,保证其他人也有权限读取

    mkdir public_html
    chmod -R 755 /home/es
    [es@localhost public_html]$ echo "this is a homepage of es" > index.html




    然后使用“网址/~用户名”(其中的波浪号是必需的,而且网址、波浪号、用户名之间没有空格),确保Selinux权限是关闭的。

    4、给主页加上用户和密码认证

    #生成两个用户es和xu.dm
    [root@localhost httpd]# htpasswd -c /etc/httpd/.htpasswd es New password: Re-type new password: Adding password for user es [root@localhost httpd]# htpasswd /etc/httpd/.htpasswd xu.dm New password: Re-type new password: Adding password for user xu.dm [root@localhost httpd]# vi conf.d/userdir.conf # # Control access to UserDir directories. The following is an example # for a site where these directories are restricted to read-only. # <Directory "/home/*/public_html"> # AllowOverride FileInfo AuthConfig Limit Indexes # Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec # Require method GET POST OPTIONS AllowOverride all #刚刚生成出来的密码验证文件保存路径 authuserfile "/etc/httpd/.htpasswd" #当用户尝试访问个人用户网站时的提示信息 authname "need user&password privately website" authtype basic #用户进行账户密码登录时需要验证的用户名称,valid-user表示authuserfile里的用户 require valid-user </Directory> [root@localhost httpd]# systemctl restart httpd
    参数:
    
    AuthName:认证描述,填写的内容会出现在认证窗口的提示信息中。
    
    AuthType:认证类型,在HTTP1.0中,只有一种认证类型:basic。在HTTP1.1中有几种认证类型,如:MD5。
    
    AuthUserFile:指定一个包含用户名和密码的文本文件,每行对应一个用户。
    
    AuthGroupFile:指定包含用户组清单和这些组的成员清单的文本文件。组的成员之间用空格分开,如:managers:user1 user2。
    
    require:指定哪些用户或组才能被授权访问,如:
    
    require user user1 user2 (只有用户user1和user2可以访问)
    
    require group managers (只有组managers中成员可以访问)
    
    require valid-user (在AuthUserFile指定的文件中任何用户都可以访问)

    另外一种方式:

    在需要认证的应用根目录下,创建.htaccess文件,内容如下:
    AuthName "User Authentication"
    AuthType basic
    AuthUserFile /etc/hattpd/.htpasswd
    require valid-user
    
    修改/etc/httpd/conf/httpd.conf配置文件,或者是用户userdir.conf,将Directory标签中的AllowOverride参数值修改为All,如下:
    
    AllowOverride All
    
    修改后的配置表示的含义为:/var/www/html目录下或者/home/*/public_html每个应用的访问权限由该目录下的.htaccess文件来控制。
    
    保存后,重启apache

     5、虚拟主机

    利用虚拟主机功能,可以把一台处于运行状态的物理服务器分割成多个“虚拟的服务器”。

    该技术无法实现目前云主机技术的硬件资源隔离,让这些虚拟的服务器共同使用物理服务器的硬件资源,供应商只能限制硬盘的使用空间大小。

    Apache 的虚拟主机功能是服务器基于用户请求的不同 IP 地址、主机域名或端口号,实现提供多个网站同时为外部提供访问服务的技术。

    5.1、基于IP,确保IP都可以连接

    [root@bigdata-senior01 ~]# vi /etc/httpd/conf/httpd.conf
    ... ...
    #追加如下内容
     <VirtualHost 192.168.31.10>
       DocumentRoot /home/wwwroot/10
       ServerName www.home10.com
             <Directory /home/wwwroot/10 >
               AllowOverride None
               Require all granted
            </Directory>
     </VirtualHost>
     <VirtualHost 192.168.31.11>
       DocumentRoot /home/wwwroot/11
       ServerName www.home11.com
            <Directory /home/wwwroot/11 >
              AllowOverride None
              Require all granted
             </Directory>
     </VirtualHost>
    ... ...

    5.2、基于域名

    [root@bigdata-senior01 bbs]# vi /etc/hosts
    
    127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
    ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
    192.168.31.10 bigdata-senior01.home.com www.home10.com
    192.168.31.11 www.home11.com bbs.home.com
    

    [root@bigdata-senior01 wwwroot]# vi /etc/httpd/conf/httpd.conf
    。。。 。。。
    <VirtualHost 192.168.31.10> DocumentRoot /home/wwwroot/10 ServerName www.home10.com <Directory /home/wwwroot/10 > AllowOverride None Require all granted </Directory> </VirtualHost> <VirtualHost 192.168.31.11> DocumentRoot /home/wwwroot/11 ServerName www.home11.com <Directory /home/wwwroot/11 > AllowOverride None Require all granted </Directory> </VirtualHost> <VirtualHost 192.168.31.11> DocumentRoot /home/wwwroot/bbs ServerName bbs.home.com <Directory /home/wwwroot/bbs > AllowOverride None Require all granted </Directory> </VirtualHost>
    [root@bigdata-senior01 wwwroot]# systemctl restart httpd
    #在本机上测试,没有浏览器,用curl简单测试
    [root@bigdata-senior01 wwwroot]# curl bbs.home.com
    this is a bbs

     5.3、基于端口

    [root@bigdata-senior01 wwwroot]# ls
    10  11  9092  9093  9094  bbs  index.html
    [root@bigdata-senior01 wwwroot]# echo "listen port:9092" > 9092/index.html
    [root@bigdata-senior01 wwwroot]# echo "listen port:9093" > 9093/index.html
    [root@bigdata-senior01 wwwroot]# cat 9092/index.html 
    listen port:9092
    
    [root@bigdata-senior01 wwwroot]# vi /etc/httpd/conf/httpd.conf 
    。。。。。。
    # Change this to Listen on specific IP addresses as shown below to
    # prevent Apache from glomming onto all bound IP addresses.
    #
    #Listen 12.34.56.78:80
    Listen 80
    Listen 9092
    Listen 9093
    
     <VirtualHost 192.168.31.10:9092>
       DocumentRoot /home/wwwroot/9092
       ServerName www.home10.com
            <Directory /home/wwwroot/bbs >
              AllowOverride None 
              Require all granted
             </Directory>
     </VirtualHost>
     <VirtualHost 192.168.31.10:9093>
       DocumentRoot /home/wwwroot/9093
       ServerName www.home10.com
            <Directory /home/wwwroot/bbs >
              AllowOverride None
              Require all granted
             </Directory>
     </VirtualHost>
    。。。
  • 相关阅读:
    LeetCode偶尔一题 —— 617. 合并二叉树
    《剑指offer》 —— 链表中倒数第k个节点
    《剑指offer》 —— 青蛙跳台阶问题
    《剑指offer》—— 二维数组中的查找
    《剑指offer》—— 替换空格
    《剑指offer》—— 合并两个排序的链表
    《剑指offer》—— 礼物的最大价值
    生成Nuget 源代码包来重用你的Asp.net MVC代码
    Pro ASP.Net Core MVC 6th 第四章
    Pro ASP.NET Core MVC 6th 第三章
  • 原文地址:https://www.cnblogs.com/asker009/p/10301262.html
Copyright © 2011-2022 走看看