12、实现一个web服务器
[root@server0 ~]# yum install httpd -y
[root@server0 ~]# rpm -ql httpd 查看httpd产生的配置文件
/usr/share/doc/httpd-2.4.6/httpd-manual.conf
/usr/share/doc/httpd-2.4.6/httpd-vhosts.conf[root@server0 ~]# vim /etc/httpd/conf.d/vhost-server0.conf
<Directory "/var/www/html"> 网页文件存放的目录
<RequireAll> 控制特定主机(HOSTNAME)访问
Require all granted 允许所有主机访问
Require not host .my133t.com 允许所有主机访问 </RequireAll>
</Directory>
<VirtualHost *:80> 虚拟主机,基于域名的,监听80端口
DocumentRoot "/var/www/html"
ServerName server0.example.com
</VirtualHost>[root@server0 ~]# wget -O /var/www/html/index.html http://classroom.example.com/materials/station.html[root@server0 ~]# systemctl restart httpd
[root@server0 ~]# systemctl enable httpd[root@server0 conf.d]# firewall-cmd --permanent --add-service=http
[root@server0 conf.d]# firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=172.25.0.0/24 service name=http accept'
[root@server0 conf.d]# firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=172.17.10.0/24 service name=http reject'
[root@server0 conf.d]# firewall-cmd --reload
测试,浏览器访问server0.example.com
[root@server0 ~]# lab examrhce grade
[root@server0 ~]# firefox server0.example.com
13、配置安全web服务 (https协议,mod_ssl服务)
[root@server0 ~]# yum install mod_ssl -y [root@server0 ~]# rpm -ql mod_ssl 查看mod_ssl生成的文件
/etc/httpd/conf.d/ssl.conf[root@server0 ~]# cd /etc/httpd/conf.d/
[root@server0 conf.d]# cp ssl.conf ssl.conf.bak 备份配置文件[root@server0 conf.d]# vim ssl.conf
<Directory "/var/www/html">
<RequireAll>
Require all granted
Require not host .my133t.com
</RequireAll>
</Directory>107 SSLCertificateFile /etc/pki/tls/certs/server0.crt
115 SSLCertificateKeyFile /etc/pki/tls/private/server0.key
129 SSLCACertificateFile /etc/pki/tls/certs/example-ca.crt查看密钥证书的保存路径后,再到目录下载文件
[root@server0 ~]# cd /etc/pki/tls/
[root@server0 tls]# ll
[root@server0 tls]# cd certs/
[root@server0 certs]# wget http://classroom.example.com/pub/tls/certs/server0.crt
[root@server0 certs]# wget http://classroom.example.com/pub/example-ca.crt[root@server0 certs]# cd ..
[root@server0 tls]# cd private/
[root@server0 private]# wget http://classroom.example.com/pub/tls/private/server0.key[root@server0 ~]# wget -O /etc/pki/tls/certs/server0.crt http://classroom.example.com/pub/tls/certs/server0.crt
[root@server0 ~]# wget -O /etc/pki/tls/private/server0.key http://classroom.example.com/pub/tls/private/server0.key
[root@server0 ~]# wget -O /etc/pki/tls/certs/example-ca.crt http://classroom.example.com/pub/example-ca.crt[root@server0 conf.d]# systemctl restart httpd.service
[root@server0 conf.d]# systemctl enable httpd.service
[root@server0 ~]# firewall-cmd --permanent --add-service=https https协议安全
[root@server0 ~]# firewall-cmd --reload
小技巧:
如果配置文件没有备份,配置文件不能还原,写的乱七八糟
删除配置文件,remove服务httpd ,重新安装,
就会生成新的配置文件
14、配置虚拟主机
[root@server0 ~]# mkdir /var/www/virtual
[root@server0 ~]# cd /var/www/virtual
[root@server0 virtual]# wget http://classroom.example.com/materials/www.html
[root@server0 virtual]# mv www.html index.html[root@server0 ~]# id floyd
[root@server0 ~]# useradd floyd
[root@server0 ~]# setfacl -m u:floyd:rwx /var/www/virtual/
[root@server0 ~]# getfacl /var/www/virtual/
[root@server0 conf.d]# cp vhost-server0.conf vhost-www0.conf
[root@server0 ~]# vim /etc/httpd/conf.d/vhost-www0.conf
<Directory "/var/www/virtual"> 注意virtual
<RequireAll>
Require all granted
Require not host .my133t.com
</RequireAll>
</Directory>
<VirtualHost *:80>
DocumentRoot "/var/www/virtual" 注意virtual
ServerName www0.example.com 注意www0.example
</VirtualHost>[root@server0 ~]# systemctl restart httpd
[root@server0 ~]# firefox www0.example.com
15、配置web内容的访问
[root@server0 ~]# mkdir -pv /var/www/virtual/private
[root@server0 ~]# cd /var/www/virtual/private
[root@server0 private]# wget http://classroom.example.com/materials/private.html
[root@server0 private]# mv private.html index.html[root@server0 ~]# vim /etc/httpd/conf.d/vhost-www0.conf
###追加以下内容
<Directory "/var/www/virtual/private"> 注意virtual
Require all denied 注意没有<Requireall>
Require local
</Directory>[root@server0 ~]# systemctl restart httpd[root@server0 ~]# firefox www0.example.com/private/index.html
16、实现动态Web内容
[root@server0 ~]# yum install mod_wsgi -y #python模块
[root@server0 ~]# mkdir -pv /var/www/webapp
root@server0 ~]# cd /var/www/webapp
[root@server0 ~]# wget http://classroom.example.com/materials/webinfo.wsgi[root@server0 webapp]# getenforce #selinux
Enforcing
[root@server0 webapp]# semanage port -l | grep http 查看80端口设置
[root@server0 webapp]# semanage port -a -t http_port_t -p tcp 8908 注册端口失败(内存不足,server0内存设置为2G)
Killed关机 shutdown 安全关机 shutdown -c (立即关机)
init 0
reboot 重启[root@server0 ~]# semanage port -a -t http_port_t -p tcp 8908
Full path required for exclude: net:[4026532575].
Full path required for exclude: net:[4026532575].
[root@server0 webapp]# semanage port -l | grep 8908[root@server0 conf.d]# rpm -ql mod_wsgi
/usr/share/doc/mod_wsgi-3.4/README #参考文档
WSGIScriptAlias /wsgi/ /usr/local/wsgi/scripts/
[root@server0 conf.d]# cat vhost-server0.conf
[root@server0 ~]# vim /etc/httpd/conf.d/vhost-webapp0.confListen 8908 注意listen
<Directory "/var/www/webapp"> 注意webapp
Require all granted
</Directory>
<VirtualHost *:8908>
DocumentRoot "/var/www/webapp"
ServerName webapp0.example.com
WSGIScriptAlias / /var/www/webapp/webinfo.wsgi 注意格式
</VirtualHost>[root@server0 ~]# firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=172.25.0.0/24 port port=8908 protocol=tcp accept
[root@server0 ~]# firewall-cmd --reload
[root@server0 ~]# systemctl restart httpd[root@server0 webapp]# firefox http://webapp0.example.com:8908/
图形界面配置端口 (内存设置2G,注册成功)
[root@server0 ~]# yum install policycoreutils-gui.x86_64 -y
[root@server0 ~]# system-config-selinux