apache服务实例

–>

实例一

• 1.从http://ldap.example.com/pub/example.html下载文件，并重命名为index.html，不修改文件内容
• 2.将文件index.html拷贝到你的DocumentRoot目录下
• 3 来自于example.com的客户端可以访问web服务器
• 4.来自于my133t.org的客户端的访问会被拒绝

[[email protected] ~]# cd /var/www/html/
[[email protected] html]# wget http://ldap.example.com/pub/example.html
[[email protected] html]# mv example.html index.html
[[email protected] html]# ls
index.html
[[email protected] html]# firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 service name=http accept' ----设置防火墙策略
success
[[email protected] html]# firewall-cmd --reload
success
[[email protected] ~]# systemctl enable httpd  
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
[[email protected] ~]# systemctl start httpd  --开启httpd服务

验证

实例二

• 1.已签名证书从http://ldap.example.com/pub/server30.crt获取
• 2.证书的**从http://ldap.example.com/pub/server30.key获取
• 3.证书的签名授权信息从http://ldap.example.com/pub/group30.crt获取

[[email protected] conf.d]# vim ssl.conf 
ServerName server30.example.com:443
[[email protected] conf.d]# cd /etc/pki/tls/
[[email protected] tls]# cd certs/
[[email protected] certs]# wget http://ldap.example.com/pub/server30.crt
[[email protected] certs]# wget http://ldap.example.com/pub/group30.crt
[ro[email protected] certs]# cd ../private/
[[email protected] private]# wget http://ldap.example.com/pub/server30.key
[[email protected] private]# ls
localhost.key  server30.key 
[[email protected] private]# cd /etc/httpd/conf.d/
[[email protected] conf.d]# vim ssl.conf 
#  Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate.  If
# the certificate is encrypted, then you will be prompted for a
# pass phrase.  Note that a kill -HUP will prompt again.  A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/server30.crt   ---修改证书为server30.crt

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/server30.key  ---修改证书为server30.key
...
#   Certificate Authority (CA):
#   Set the CA certificate verification path where to find CA
#   certificates for client authentication or alternatively one
#   huge file containing all of them (file must be PEM encoded)
SSLCACertificateFile /etc/pki/tls/certs/group30.crt  ---修改证书为group30.crt

[[email protected] conf.d]# systemctl restart httpd
[[email protected] conf.d]# firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 service name=https accept'
success
[[email protected] conf.d]# firewall-cmd --reload
success

验证

实例三

• 1.为站点http://ldap.example.com创建一个虚拟主机
• 2.设置 DocumentRoot 为/var/www/virtual
• 3.从http://ldap.example.com/pub/www.html下载文件，并重命名为index.html，不要修改文件内容
• 4.将文件index.html拷贝到 DocumentRoot目录下
• 5.确保floyd用户能够在/var/www/virtual下创建文件

创建目录
[[email protected] ~]# mkdir /var/www/virtual
[[email protected] ~]# cd /var/www/virtual
[[email protected] virtual]# wget http://ldap.example.com/pub/www.html
...
[[email protected] virtual]# mv www.html index.html
[[email protected] virtual]# ls
index.html

[[email protected] ~]# cp /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf    /etc/httpd/conf.d/
[[email protected] ~]# cd /etc/httpd/conf.d/
[[email protected] conf.d]# ls
autoindex.conf  httpd-vhosts.conf  README  ssl.conf  userdir.conf  welcome.conf

[[email protected] conf.d]# vim httpd-vhosts.conf ----配置虚拟主机
<VirtualHost *:80>
    DocumentRoot "/var/www/html"
    ServerName server30.example.com
</VirtualHost>
<VirtualHost *:80>
    DocumentRoot "/var/www/virtual"
    ServerName www.example.com
</VirtualHost>
[[email protected] conf.d]# useradd floyd ---创建用户
[[email protected] conf.d]# setfacl -m u:floyd:rwx /var/www/virtual/  -设置acl
[[email protected] conf.d]# getfacl /var/www/virtual/
getfacl: Removing leading '/' from absolute path names
# file: var/www/virtual/
# owner: root
# group: root
user::rwx
user:floyd:rwx
...
[[email protected] conf.d]# systemctl restart httpd   ---重启服务
切换用户验证
[[email protected] conf.d]# su - floyd
[[email protected] ~]$ cd /var/www/virtual/
[[email protected] virtual]$ touch ll
[[email protected] virtual]$ ll
total 4
-rw-r--r--. 1 root  root  16 Nov 28  2014 index.html
-rw-rw-r--. 1 floyd floyd  0 Jan 17 10:44 ll

验证

实例四

• 1.在server上的web服务器的 DocumentRoot目录下创建一个名为private的目录，从http://ldap.example.com/pub/private.html下载文件到这个目录，并重命名为index.html，不要修改文件内容
• 2.在server上，任何人都可以浏览private的内容，但是从其他系统不能访问这个目录的内容

创建目录
[[email protected] ~]# mkdir /var/www/html/private
[[email protected] ~]# cd /var/www/html/private
[[email protected] private]# wget http://ldap.example.com/pub/private.html
[[email protected] private]# mv private.html index.html
[[email protected] private]# ls
index.html
[[email protected] ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf  ----配置虚拟主机
<VirtualHost *:80>
    DocumentRoot "/var/www/html"
    ServerName server30.example.com
    <Directory "/var/www/html/private">
    Require ip 172.16.30.130 ---只允许本机访问
   </Directory>
</VirtualHost>

客户端验证

服务器验证

实例五

• 动态内容由为 alt.example.com的虚拟主机提供
• 虚拟主机侦听端口为8909
• 1.从http://ldap.example.com/pub/webapp.wsgi下载一个脚本，然后放在适当的位置，不用修改文件内部内容
• 2.客户端访问http://ldap.example.com：8909 时，应接受到动态生成的web页面，此http://alt.example.com：8909 必须能被example.com内所有的系统访问

创建目录
[[email protected] ~]# mkdir /var/www/wsgi
[[email protected] ~]# yum -y install mod_wsgi.x86_64 
[[email protected] ~]# cd /var/www/wsgi
[[email protected] wsgi]# wget http://ldap.example.com/pub/webapp.wsgi
...
[[email protected] wsgi]# ls
webapp.wsgi
[[email protected] wsgi]# vim /etc/httpd/conf.d/httpd-vhosts.conf  ----配置虚拟主机
Listen=8909 ----侦听8909端口
<VirtualHost *:8909>
    WSGIScriptAlias / "/var/www/wsgi/webapp.wsgi"
    ServerName alt.example.com
</VirtualHost>
添加http端口
[[email protected] ~]# semanage port -l|grep http
...
http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000
...
[[email protected] ~]# semanage port -a -t http_port_t -p tcp 8909
[[email protected] ~]# semanage port -l|grep http
...
http_port_t                    tcp      8909, 80, 81, 443, 488, 8008, 8009, 8443, 9000
设置防火墙
[[email protected] ~]# firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 port protocol=tcp port=8909 accept'
success
[[email protected] ~]# firewall-cmd --reload
success
[[email protected] ~]# systemctl restart httpd

验证

本文来源 互联网收集，文章内容系作者个人观点，不代表 本站 对观点赞同或支持。如需转载，请注明文章来源,如您发现有涉嫌抄袭侵权的内容，请联系本站核实处理。