Httpd 1.httpd簡介 httpd是Apache超文本傳輸協議(HTTP)伺服器的主程式。被設計為一個獨立運行的後臺進程,它會建立一個處理請求的子進程或線程的池。 通常,httpd不應該被直接調用,而應該在類Unix系統中由apachectl調用,在Windows中作為服務運行。 2.htt ...
Httpd
目錄1.httpd簡介
httpd是Apache超文本傳輸協議(HTTP)伺服器的主程式。被設計為一個獨立運行的後臺進程,它會建立一個處理請求的子進程或線程的池。
通常,httpd不應該被直接調用,而應該在類Unix系統中由apachectl調用,在Windows中作為服務運行。
2.httpd的特性
httpd有很多特性,下麵就分別來說說httpd-2.2版本和httpd-2.4版本各自的特性。
| 版本 | 特性 |
|---|---|
| 2.2 | 事先創建進程 按需維持適當的進程 模塊化設計,核心比較小,各種功能通過模塊添加(包括PHP),支持運行時配置,支持單獨編譯模塊 支持多種方式的虛擬主機配置,如基於ip的虛擬主機,基於埠的虛擬主機,基於功能變數名稱的虛擬主機等 支持https協議(通過mod_ssl模塊實現) 支持用戶認證 支持基於IP或功能變數名稱的ACL訪問控制機制 支持每目錄的訪問控制(用戶訪問預設主頁時不需要提供用戶名和密碼,但是用戶訪問某特定目錄時需要提供用戶名和密碼) 支持URL重寫 支持MPM(Multi Path Modules,多處理模塊)。用於定義httpd的工作模型(單進程、單進程多線程、多進程、多進程單線程、多進程多線程) |
| 2.4 | httpd-2.4的新特性: MPM支持運行DSO機制(Dynamic Share Object,模塊的動態裝/卸載機制),以模塊形式按需載入 支持event MPM,eventMPM模塊生產環境可用 支持非同步讀寫 支持每個模塊及每個目錄分別使用各自的日誌級別 每個請求相關的專業配置,使用 |
| 工作模型 | 工作方式 |
|---|---|
| prefork | 多進程模型,預先生成進程,一個請求用一個進程響應 一個主進程負責生成n個子進程,子進程也稱為工作進程 每個子進程處理一個用戶請求,即使沒有用戶請求,也會預先生成多個空閑進程,隨時等待請求到達,最大不會超過1024個 |
| worker | 基於線程工作,一個請求用一個線程響應(啟動多個進程,每個進程生成多個線程) |
| event | 基於事件的驅動,一個進程處理多個請求 |
2.1httpd2.4版本型新添加的模塊
添加了之後常用的幾個模塊
| 模塊 | 功能 |
|---|---|
| mod_proxy_fcgi | 反向代理時支持apache伺服器後端協議的模塊 |
| mod_ratelimit | 提供速率限制功能的模塊 |
| mod_remoteip | 基於ip的訪問控制機制被改變,不再支持使用Order,Deny,Allow來做基於IP的訪問控制 |
3.httpd基礎
3.1httpd自帶的工具程式
| 工具 | 功能 |
|---|---|
| htpasswd | basic認證基於文件實現時,用到的帳號密碼生成工具 |
| apachectl | httpd自帶的服務控制腳本,支持start,stop,restart |
| apxs | 由httpd-devel包提供的,擴展httpd使用第三方模塊的工具 |
| rotatelogs | 日誌滾動工具 |
| suexec | 訪問某些有特殊許可權配置的資源時,臨時切換至指定用戶運行的工具 |
| ab | apache benchmark,httpd的壓力測試工具 |
3.2 rpm包安裝的httpd程式環境
| 文件/目錄 | 對應的功能 |
|---|---|
| /var/log/httpd/access.log | 訪問日誌 |
| /var/log/httpd/error_log | 錯誤日誌 |
| /var/www/html/ | 站點文檔目錄 |
| /usr/lib64/httpd/modules/ | 模塊文件路徑 |
| /etc/httpd/conf/httpd.conf | 主配置文件 |
| /etc/httpd/conf.modules.d/*.conf | 模塊配置文件 |
| /etc/httpd/conf.d/*.conf | 輔助配置文件 |
4.web相關的命令
curl命令
curl是基於URL語法在命令行方式下工作的文件傳輸工具,它支持FTP,FTPS,HTTP,HTTPS,GOPHER,TELNET,DICT,FILE及LDAP等協議。
curl支持以下功能:
- https認證
- http的POST/PUT等方法
- ftp上傳
- kerberos認證
- http上傳
- 代理伺服器
- cookies
- 用戶名/密碼認證
- 下載文件斷點續傳
- socks5代理伺服器
- 通過http代理伺服器上傳文件到ftp伺服器
//語法:curl [options] [URL ...]
//常用的options:
-A/--user-agent <string> //設置用戶代理髮送給伺服器
-basic //使用Http基本認證
--tcp-nodelay //使用TCP_NODELAY選項
-e/--referer <URL> //來源網址
--cacert <file> //CA證書(SSL)
--compressed //要求返回時壓縮的格式
-H/--header <line> //自定義請求首部信息傳遞給伺服器
-I/--head //只顯示響應報文首部信息
--limit-rate <rate> //設置傳輸速度
-u/--user <user[:password]> //設置伺服器的用戶和密碼
-0/--http1 //使用http 1.0版本,預設使用1.1版本。這個選項是數字0而不是字母o
-o/--output //把輸出寫到文件中
-#/--progress-bar //進度條顯示當前的傳送狀態
httpd命令
//語法:httpd [options]
//常用的options:
-l //查看靜態編譯的模塊,列出核心中編譯了哪些模塊。 \
//它不會列出使用LoadModule指令動態載入的模塊
-M //輸出一個已經啟用的模塊列表,包括靜態編譯在服務 \
//器中的模塊和作為DSO動態載入的模塊
-v //顯示httpd的版本,然後退出
-V //顯示httpd和apr/apr-util的版本和編譯參數,然後退出
-X //以調試模式運行httpd。僅啟動一個工作進程,並且 \
//伺服器不與控制台脫離
-t //檢查配置文件是否有語法錯誤
命令演示
[root@localhost ~]# httpd -t
Syntax OK
[root@localhost ~]# httpd -l
Compiled in modules:
core.c
mod_so.c
http_core.c
[root@localhost ~]# httpd -M
Loaded Modules:
core_module (static)
so_module (static)
http_module (static)
access_compat_module (shared)
actions_module (shared)
alias_module (shared)
allowmethods_module (shared)
[root@localhost ~]# httpd -v //小寫v
Server version: Apache/2.4.37 (centos)
Server built: Nov 12 2021 04:57:27
[root@localhost ~]# httpd -V //大寫V
Server version: Apache/2.4.37 (centos)
Server built: Nov 12 2021 04:57:27
Server's Module Magic Number: 20120211:83
Server loaded: APR 1.6.3, APR-UTIL 1.6.1
Compiled using: APR 1.6.3, APR-UTIL 1.6.1
Architecture: 64-bit
Server MPM: event
threaded: yes (fixed thread count)
forked: yes (variable process count)
5.httpd常用的配置文件
NAME有三種,分別是:
- prefork
- event
- worker
配置文件位置:
[root@localhost conf.modules.d]# pwd
/etc/httpd/conf.modules.d
[root@localhost conf.modules.d]# ls
00-base.conf 00-lua.conf 00-proxy.conf 01-cgi.conf
00-dav.conf 00-mpm.conf 00-systemd.conf
[root@localhost conf.modules.d]# vim 00-mpm.conf
# Select the MPM module which should be used by uncommenting exactly
# one of the following LoadModule lines:
# prefork MPM: Implements a non-threaded, pre-forking web server
# See: http://httpd.apache.org/docs/2.4/mod/prefork.html
LoadModule mpm_prefork_module modules/mod_mpm_prefork.s
訪問控製法則:
| 法則 | 功能 |
|---|---|
| Require all granted | 允許所有主機訪問 |
| Require all deny | 拒絕所有主機訪問 |
| Require ip IPADDR | 授權指定來源地址的主機訪問 |
| Require not ip IPADDR | 拒絕指定來源地址的主機訪問 |
| Require host HOSTNAME | 授權指定來源主機名的主機訪問 |
| Require not host HOSTNAME | 拒絕指定來源主機名的主機訪問 |
| IPADDR的類型 | HOSTNAME的類型 |
|---|---|
| IP:192.168.1.1 Network/mask:192.168.1.0/255.255.255.0 Network/Length:192.168.1.0/24 Net:192.168 |
FQDN:特定主機的全名 DOMAIN:指定域內的所有主機 |
註意:httpd-2.4版本預設是拒絕所有主機訪問的,所以安裝以後必須做顯示授權訪問
配置文件示例
<Directory "/var/www/html/www">
<RequireAll>
Require not ip 192.168.111.1
Require all granted
</RequireAll>
</Directory>
4.編譯安裝httpd
1.準備環境
[root@localhost ~]# dnf -y groupinstall "Development Tools" --allowerasing
Failed to set locale, defaulting to C.UTF-8
Last metadata expiration check: 0:03:34 ago on Tue Jul 12 22:42:38 2022.
Dependencies resolved.
===============================================================================================================
Package Arch Version Repository Size
===============================================================================================================
Installing group/module packages:
Complete!
[root@localhost ~]# useradd -rMs /sbin/nologin apache
[root@localhost ~]# id apache
uid=994(apache) gid=991(apache) groups=991(apache)
[root@localhost ~]# dnf -y install wget
[root@localhost ~]# dnf -y install openssl-devel pcre-devel expat-devel libtool libxml2-devel
[root@localhost ~]# dnf -y install gcc gcc-c++
[root@localhost ~]# dnf -y install make
2.下載 apr apr-util httpd
[root@localhost ~]# wget http://mirrors.aliyun.com/apache/apr/apr-1.7.0.tar.gz
--2022-07-12 22:50:06-- http://mirrors.aliyun.com/apache/apr/apr-1.7.0.tar.gz
Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 58.49.248.230, 58.49.248.232, 119.96.204.214, ...
Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|58.49.248.230|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1093896 (1.0M) [application/octet-stream]
Saving to: 'apr-1.7.0.tar.gz'
apr-1.7.0.tar.gz 100%[==========================================>] 1.04M --.-KB/s in 0.06s
2022-07-12 22:50:06 (18.4 MB/s) - 'apr-1.7.0.tar.gz' saved [1093896/1093896]
[root@localhost ~]# wget https://mirrors.aliyun.com/apache/apr/apr-util-1.6.1.tar.gz
--2022-07-12 22:50:49-- https://mirrors.aliyun.com/apache/apr/apr-util-1.6.1.tar.gz
Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 58.49.248.229, 119.96.204.215, 58.49.248.226, ...
Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|58.49.248.229|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 554301 (541K) [application/octet-stream]
Saving to: 'apr-util-1.6.1.tar.gz'
apr-util-1.6.1.tar.gz 100%[==========================================>] 541.31K --.-KB/s in 0.04s
2022-07-12 22:50:49 (14.6 MB/s) - 'apr-util-1.6.1.tar.gz' saved [554301/554301]
[root@localhost ~]# wget https://mirrors.aliyun.com/apache/httpd/httpd-2.4.54.tar.gz
--2022-07-12 22:51:06-- https://mirrors.aliyun.com/apache/httpd/httpd-2.4.54.tar.gz
Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 58.49.248.229, 119.96.204.215, 58.49.248.226, ...
Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|58.49.248.229|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 9743277 (9.3M) [application/octet-stream]
Saving to: 'httpd-2.4.54.tar.gz'
httpd-2.4.54.tar.gz 100%[==========================================>] 9.29M 39.8MB/s in 0.2s
2022-07-12 22:51:07 (39.8 MB/s) - 'httpd-2.4.54.tar.gz' saved [9743277/9743277]
[root@localhost ~]# ls
anaconda-ks.cfg apr-1.7.0.tar.gz apr-util-1.6.1.tar.gz httpd-2.4.54.tar.gz
3.解壓apr apr-util httpd
[root@localhost ~]# tar -xf apr-util-1.6.1.tar.gz -C /usr/local/src/
[root@localhost ~]# tar -xf httpd-2.4.54.tar.gz -C /usr/local/src/
[root@localhost ~]# tar -xf apr-1.7.0.tar.gz -C /usr/local/src/
[root@localhost ~]# ls /usr/local/src/
apr-1.7.0 apr-util-1.6.1 httpd-2.4.54
4.安裝apr apr-util httpd
安裝apr
[root@localhost ~]# cd /usr/local/src/apr-1.7.0/
[root@localhost apr-1.7.0]# vi configure
cfgfile=${ofile}T
trap "$RM \"$cfgfile\"; exit 1" 1 2 15
#$RM "$cfgfile" //註釋這行
[root@localhost apr-1.7.0]# ./configure --prefix=/usr/local/apr
[root@localhost apr-1.7.0]# make && make install
[root@localhost apr-1.7.0]# ls /usr/local/apr/
bin build-1 include lib
安裝apr-util
[root@localhost apr-util-1.6.1]# cd /usr/local/src/apr-util-1.6.1/
[root@localhost apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr/
[root@localhost apr-util-1.6.1]# make && make install
[root@localhost apr-util-1.6.1]# ls /usr/local/apr-util/
bin include lib
安裝httpd
[root@localhost httpd-2.4.54]# cd /usr/local/src/httpd-2.4.54/
[root@localhost httpd-2.4.54]# ./configure --prefix=/usr/local/apache --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/ --enable-modules=most --enable-mpms-shared=all --with-rpm=prefork
[root@localhost httpd-2.4.54]# make && make install
[root@localhost httpd-2.4.54]# ls /usr/local/apache/
bin cgi-bin error icons logs manual
build conf htdocs include man modules
5.配置環境變數
[root@localhost ~]# echo 'export PATH=/usr/local/apache/bin:$PATH' > /etc/profile.d/apache.sh
[root@localhost ~]# source /etc/profile.d/apache.sh
[root@localhost ~]# which apachectl
/usr/local/apache/bin/apachectl
[root@localhost ~]# ln -s /usr/local/apache/include/ /usr/include/apache
[root@localhost ~]# ll /usr/include/ | grep apache
lrwxrwxrwx. 1 root root 26 Jul 12 23:15 apache -> /usr/local/apache/include/
[root@localhost ~]# vi /etc/man_db.conf //使apache的man生效
#MANDATORY_MANPATH /usr/src/pvm3/man
#
MANDATORY_MANPATH /usr/man
MANDATORY_MANPATH /usr/share/man
MANDATORY_MANPATH
/usr/local/share/man
MANDATORY_MANPATH /usr/local/apache/man //添加此行
6.關閉防火牆和selinux服務
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# setenforce 0
7.開啟apache服務,並看出是否能訪問
[root@localhost ~]# apachectl start
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
httpd (pid 147215) already running
[root@localhost ~]# ss -anltup | grep httpd
tcp LISTEN 0 128 *:80 *:* users:(("httpd",pid=147218,fd=4),("httpd",pid=147217,fd=4),("httpd",pid=147216,fd=4),("httpd",pid=147215,fd=4))
8.取消警告信息
[root@localhost ~]# cd /usr/local/apache/
[root@localhost apache]# ls
bin cgi-bin error icons logs manual
build conf htdocs include man modules
[root@localhost apache]# cd conf/
[root@localhost conf]# ls
extra httpd.conf magic mime.types original
[root@localhost conf]# vi httpd.conf
#ServerName www.example.com:80 //刪除註釋
[root@localhost conf]# apachectl start //此時沒有警告
[root@localhost conf]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
9.使用systemctl命令使用httpd
[root@localhost ~]# cd /usr/lib/systemd/system
[root@localhost system]# ls sshd.service
sshd.service
[root@localhost system]# cp sshd.service httpd.service
[root@localhost system]# vi httpd.service
[Unit]
Description=OpenSSH server daemon //修改成Description=httpd server daemon
Documentation=man:sshd(8) man:sshd_config(5) //刪除
After=network.target sshd-keygen.target
Wants=sshd-keygen.target //刪除
[Service]
Type=notify //修改成Type=forking
EnvironmentFile=-/etc/crypto-policies/back-ends/opensshserver.config //刪除
EnvironmentFile=-/etc/sysconfig/sshd //刪除
ExecStart=/usr/sbin/sshd -D $OPTIONS $CRYPTO_POLICY //修改成ExecStart=/usr/local/apache/bin/apachectl start
ExecStop=/usr/local/apache/bin/apachectl stop //添加此行用作停止
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process //刪除
Restart=on-failure //刪除
RestartSec=42s //刪除
[Install]
WantedBy=multi-user.target
[root@localhost system]# cat httpd.service
[Unit]
Description=httpd server daemon
After=network.target sshd-keygen.target
[Service]
Type=forking
ExecStart=/usr/local/apache/bin/apachectl start
ExecStop=/usr/local/apache/bin/apachectl stop
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
[root@localhost system]# systemctl daemon-reload
[root@localhost system]# cd
[root@localhost ~]# systemctl status httpd
● httpd.service - httpd server daemon
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; ven>
Active: inactive (dead)
lines 1-3/3 (END)
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# ss -anlt //查看80埠已開啟
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
[root@localhost ~]# systemctl status httpd
● httpd.service - httpd server daemon
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; ven>
Active: active (running) since Wed 2022-07-13 19:26:50 CST; 7s ago
Process: 145364 ExecStart=/usr/local/apache/bin/apachectl start (code>
Main PID: 145367 (httpd)
Tasks: 82 (limit: 23457)
Memory: 21.6M
CGroup: /system.slice/httpd.service
├─145367 /usr/local/apache/bin/httpd -k start
├─145368 /usr/local/apache/bin/httpd -k start
├─145369 /usr/local/apache/bin/httpd -k start
└─145370 /usr/local/apache/bin/httpd -k start
Jul 13 19:26:50 localhost.localdomain systemd[1]: Starting httpd server>
Jul 13 19:26:50 localhost.localdomain systemd[1]: Started httpd server >
5.訪問控制許可權
訪問當前虛擬機的IP
[root@localhost ~]# dnf -y install httpd
[root@localhost ~]# cd /var/www/html/
[root@localhost html]# ls
[root@localhost html]# echo "123" > index.html
[root@localhost html]# systemctl restart httpd
[root@localhost html]# systemctl stop firewalld
[root@localhost html]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost html]# setenforce 0
在/var/www/html下新建一個zxr目錄,在zxr目錄下創建一個a.html文件,進行訪問測試
[root@localhost ~]# cd /var/www/html/
[root@localhost html]# ls
index.html
[root@localhost html]# mkdir zxr
[root@localhost html]# ls
index.html zxr
[root@localhost html]# cd zxr/
[root@localhost zxr]# echo "abc" > a.html
[root@localhost zxr]# ls
a.html
[root@localhost zxr]# systemctl restart httpd
設置物理機不允許訪問/var/www/html/zxr/a.html
[root@localhost ~]# vi /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/zxr">
<RequireAll>
Require not ip 192.168.111.1
Require all granted
</RequireAll>
</Directory>
[root@localhost ~]# httpd -t
Syntax OK
[root@localhost ~]# systemctl restaer httpd
[root@localhost ~]# curl http://192.168.111.135
123
[root@localhost ~]# curl http://192.168.111.135/zxr/a.html
abc
設置物理機可以訪問虛擬機訪問不了
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/zxr">
<RequireAll>
Require not ip 192.168.111.135
Require all granted
</RequireAll>
</Directory>
[root@localhost ~]# httpd -t
Syntax OK
[root@localhost ~]# curl http://192.168.111.135/zxr/a.html //訪問失敗
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
</body></html>
6.配置三種不同的虛擬主機
虛擬主機有三類:
- 相同IP不同埠
- 不同IP相同埠
- 相同IP相同埠不同功能變數名稱
6.1 配置相同IP不同埠
先將需要使用的上傳到/var/www/html下
[root@localhost ~]# dnf -y install httpd
[root@localhost ~]# find / -name *vhosts.conf
/usr/share/doc/httpd/httpd-vhosts.conf
[root@localhost ~]# cd /etc/httpd/
[root@localhost httpd]# ls
conf conf.d conf.modules.d logs modules run state
[root@localhost httpd]# cd conf.d/
[root@localhost conf.d]# ls
README autoindex.conf userdir.conf welcome.conf
[root@localhost conf.d]# cp /usr/share/doc/httpd/httpd-vhosts.conf /etc/httpd/conf.d/
[root@localhost conf.d]# ls
README autoindex.conf httpd-vhosts.conf userdir.conf welcome.conf
[root@localhost conf.d]# cd /var/www/html/
[root@localhost html]# ls
doudizhu.zip zhuawawaji.zip //需要將自己要使用的上傳至文件夾內
[root@localhost html]# dnf -y install unzip //沒有unzip解壓需要下載一個
[root@localhost html]# unzip doudizhu.zip
[root@localhost html]# unzip zhuawawaji.zip
[root@localhost html]# ls
doudizhu.zip 'HTML5 canvas移動端鬥地主小游戲' jQuery抓娃娃機游戲代碼 zhuawawaji.zip
[root@localhost html]# rm -rf doudizhu.zip zhuawawaji.zip
[root@localhost html]# ls
'HTML5 canvas移動端鬥地主小游戲' jQuery抓娃娃機游戲代碼
[root@localhost html]# mkdir doudizhu zhuawawaji
[root@localhost html]# mv 'HTML5 canvas移動端鬥地主小游戲'/* doudizhu/
[root@localhost html]# cd doudizhu/
[root@localhost doudizhu]# ls
DJDDZ.js img index.html JControls.js Prototype.js ResourceData.js
[root@localhost html]# mv jQuery抓娃娃機游戲代碼/* zhuawawaji/
[root@localhost html]# cd zhuawawaji/
[root@localhost zhuawawaji]# ls
images img index.html js
[root@localhost html]# ls
doudizhu 'HTML5 canvas移動端鬥地主小游戲' jQuery抓娃娃機游戲代碼 zhuawawaji
[root@localhost html]# rm -rf jQuery抓娃娃機游戲代碼 HTML5\ canvas移動端鬥地主小游戲/
[root@localhost html]# ls
doudizhu zhuawawaji
[root@localhost html]# cd /etc/httpd/conf.d/
[root@localhost conf.d]# vim httpd-vhosts.conf //修改配置文件
<VirtualHost 192.168.111.135:80>
DocumentRoot "/var/www/html/zhuawawaji"
ServerName www.zhuawawaji.com
ErrorLog "/var/log/httpd/www.zhuawawaji.com-error_log"
CustomLog "/var/log/httpd/www.zhuawawaji.com-access_log" common
</VirtualHost>
listen 81
<VirtualHost 192.168.111.135:81>
DocumentRoot "/var/www/html/doudizhu"
ServerName www.doudizhu.com
ErrorLog "/var/log/httpd/www.doudizhu.com-error_log"
CustomLog "/var/log/httpd/doudizhu.com-access_log" common
</VirtualHost>
[root@localhost conf.d]# httpd -t
Syntax OK
[root@localhost conf.d]# systemctl stop firewalld //沒關閉防火牆需要關閉防火牆
[root@localhost conf.d]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost conf.d]# systemctl restart httpd
查看效果
6.2 配置不同IP相同埠
[root@localhost conf.d]# ip addr add 192.168.111.140/24 dev ens33
[root@localhost conf.d]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:6d:53:62 brd ff:ff:ff:ff:ff:ff
inet 192.168.111.135/24 brd 192.168.111.255 scope global dynamic noprefixroute ens33
valid_lft 1088sec preferred_lft 1088sec
inet 192.168.111.140/24 scope global secondary ens33 //添加成功
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe6d:5362/64 scope link noprefixroute
valid_lft forever preferred_lft forever
<VirtualHost 192.168.111.135:80>
DocumentRoot "/var/www/html/zhuawawaji"
ServerName www.zhuawawaji.com
ErrorLog "/var/log/httpd/www.zhuawawaji.com-error_log"
CustomLog "/var/log/httpd/www.zhuawawaji.com-access_log" common
</VirtualHost>
[root@localhost conf.d]# vim httpd-vhosts.conf
<VirtualHost 192.168.111.140:80>
DocumentRoot "/var/www/html/doudizhu"
ServerName www.doudizhu.com
ErrorLog "/var/log/httpd/www.doudizhu.com-error_log"
CustomLog "/var/log/httpd/doudizhu.com-access_log" common
</VirtualHost>
[root@localhost conf.d]# httpd -t
Syntax OK
[root@localhost conf.d]# systemctl restart httpd
查看效果
6.3 配置相同IP相同埠不同功能變數名稱
windows hosts文件位置:
C:\windows\system32\drivers\etc\下
打開方式選擇記事本
添加IP和功能變數名稱並保存
[root@localhost conf.d]# dnf -y install bind-utils
[root@localhost conf.d]# vim httpd-vhosts.conf
<VirtualHost 192.168.111.135:80>
DocumentRoot "/var/www/html/zhuawawaji"
ServerName www.zhuawawaji.com
ErrorLog "/var/log/httpd/www.zhuawawaji.com-error_log"
CustomLog "/var/log/httpd/www.zhuawawaji.com-access_log" common
</VirtualHost>
<VirtualHost 192.168.111.135:80>
DocumentRoot "/var/www/html/doudizhu"
ServerName www.doudizhu.com
ErrorLog "/var/log/httpd/www.doudizhu.com-error_log"
CustomLog "/var/log/httpd/doudizhu.com-access_log" common
</VirtualHost>
[root@localhost conf.d]# httpd -t
Syntax OK
[root@localhost conf.d]# systemctl restart httpd
查看效果
6.4 添加訪問許可權
[root@localhost conf.d]# vim httpd-vhosts.conf
<Directory /var/www/html/zhuawawaji>
<RequireAll>
Require not ip 192.168.111.1
Require all granted
</RequireAll>
</Directory>
[root@localhost conf.d]# httpd -t
Syntax OK
[root@localhost conf.d]# systemctl restart httpd
查看效果
7.配置https
7.1 安裝ssl安全模塊
[root@localhost ~]# dnf -y install mod_ssl
Last metadata expiration check: 0:36:22 ago on Sat 23 Jul 2022 03:23:44 PM CST.
Dependencies resolved.
===========================================================================================================================
Package Architecture Version Repository Size
===========================================================================================================================
Installing:
mod_ssl x86_64 1:2.4.37-43.module_el8.5.0+1022+b541f3b1 AppStream 136 k
Installing dependencies:
sscg x86_64 2.3.3-14.el8 AppStream 49 k
Transaction Summary
===========================================================================================================================
Install 2 Packages
Total download size: 185 k
Installed size: 364 k
Downloading Packages:
(1/2): sscg-2.3.3-14.el8.x86_64.rpm 109 kB/s | 49 kB 00:00
(2/2): mod_ssl-2.4.37-43.module_el8.5.0+1022+b541f3b1.x86_64.rpm 205 kB/s | 136 kB 00:00
---------------------------------------------------------------------------------------------------------------------------
Total 279 kB/s | 185 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : sscg-2.3.3-14.el8.x86_64 1/2
Installing : mod_ssl-1:2.4.37-43.module_el8.5.0+1022+b541f3b1.x86_64 2/2
Running scriptlet: mod_ssl-1:2.4.37-43.module_el8.5.0+1022+b541f3b1.x86_64 2/2
Verifying : mod_ssl-1:2.4.37-43.module_el8.5.0+1022+b541f3b1.x86_64 1/2
Verifying : sscg-2.3.3-14.el8.x86_64 2/2
Installed:
mod_ssl-1:2.4.37-43.module_el8.5.0+1022+b541f3b1.x86_64 sscg-2.3.3-14.el8.x86_64
Complete!
[root@localhost ~]# systemctl restart httpd
[root@localhost ~]# httpd -M | grep ssl
ssl_module (shared)
7.2 CA生成一對密鑰
[root@localhost ~]# cd /etc/pki/
[root@localhost pki]# ls
ca-trust java rpm-gpg rsyslog tls
[root@localhost pki]# mkdir CA
[root@localhost pki]# cd CA/
[root@localhost CA]# pwd
/etc/pki/CA
[root@localhost CA]# mkdir private
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
..................................................+++++
...................+++++
e is 65537 (0x010001)
[root@localhost CA]# openssl rsa -in private/cakey.pem -pubout
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Rk5ctGrccaHpgdm9luZ
ZKnskqUCjEVby2ftNgPiiPfvXaXZTVtydngnc8KJM3vUj+Ci2FlxTV28xiz+MTQJ
73M1eDwV4KG0Fh6H+vt9G7HPLpjt66vPPfQBnyjbUgxOL1rhRVeLRi86x9EV5NMF
dhxjXk30dCbeluz+EXLnVjf2mYDDeF43ShngME56D1qU70+iJkopnV5AB1XkKEKw
SmK13IHc/h1TfaoSuwHw8vNSJanz8Wk5vVG8uyJUDFCPg/eMuj59sSJue+1xZRkr
vjbA6g7hkY5BIhSJiuv7yzmpHsEj4lD0et0c9+xgZCy21mkVlAcoQPe0chKgM7O0
MQIDAQAB
-----END PUBLIC KEY-----
7.3 CA生成自簽署證書
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:peixun
Common Name (eg, your name or your server's hostname) []:www.doudizhu.com
Email Address []:[email protected]
[root@localhost CA]# openssl x509 -text -in cacert.pem
[root@localhost CA]# mkdir certs newcerts crl
[root@localhost CA]# touch index.txt && echo 01 > serial
[root@localhost CA]# ls
cacert.pem certs crl index.txt newcerts private serial
[root@localhost CA]# cat serial
01
7.4 客戶端生成密鑰
[root@localhost CA]# cd /etc/httpd && mkdir ssl && cd ssl
[root@localhost ssl]# pwd
/etc/httpd/ssl
[root@localhost ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
...................................................................................+++++
..........................+++++
e is 65537 (0x010001)
[root@localhost ssl]# ls
httpd.key
7.5 客戶端生成證書簽署請求
[root@localhost ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wu
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:peixun
Common Name (eg, your name or your server's hostname) []:www.duodizhu.com
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@localhost ssl]# ls
httpd.csr httpd.key
7.6 CA簽署客戶端提交上來的證書
[root@localhost ssl]# openssl ca -in ./httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Jul 23 08:37:51 2022 GMT
Not After : Jul 23 08:37:51 2023 GMT
Subject:
countryName = cn
stateOrProvinceName = hb
organizationName = runtime
organizationalUnitName = peixun
commonName = www.duodizhu.com
emailAddress = [email protected]
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
27:23:14:CB:51:6C:E0:8E:D8:8C:B1:D2:EF:BB:62:1F:EB:A1:97:E5
X509v3 Authority Key Identifier:
keyid:C8:13:CA:71:2C:58:9B:16:6B:84:4F:71:41:9C:FA:B9:19:49:25:76
Certificate is to be certified until Jul 23 08:37:51 2023 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@localhost ssl]# ls
httpd.crt httpd.csr httpd.key
7.7 修改ssl.conf配置文件
[root@localhost ssl]# pwd
/etc/httpd/ssl
[root@localhost ssl]# cd /etc/httpd/conf.d/
[root@localhost conf.d]# ls
autoindex.conf httpd-vhosts.conf README ssl.conf userdir.conf welcome.conf
[root@localhost conf.d]# vim ssl.conf
<VirtualHost _default_:443>
# General setup for the virtual host, inherited from global configuration
DocumentRoot "/var/www/html/zhuawawaji"
ServerName www.zhuawawaji.com:443
SSLCertificateFile /etc/httpd/ssl/httpd.crt //修改位置
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key //修改位置
[root@localhost conf.d]# httpd -t
Syntax OK
[root@localhost conf.d]# systemctl restart httpd
[root@localhost conf.d]# ss -anlt | grep 443
LISTEN 0 128 *:443 *:*
7.8 查看效果
