apache的管理及优化

在web被访问是通常用http://
http是应用层协议

curl -I www.csdn.com

tengine

dnf install httpd.x86_64 -y
apache的启用
systemctl enable --now httpd  #开启服务并设定服务位开机启动
firewall-cmd --list-all #查看火墙信息
firewll-cmd --permanent --add-service=http #在火墙中永久开启http访问
firewll-cmd --permanent --add-service=https #在火墙中永久开启https访问
firewll-cmd --reload #刷新火墙使设定生效
vim /var/www/html/index.html #默认发布目录
hello

浏览器 172.25.254.150

Apache的基本信息
配置目录
/etc/httpd/conf/httpd.conf #主配置文件
/etc/httpd/conf.d/*.conf #子配置文件
默认发布目录
/var/www/html
默认发布文件
index.html
默认端口：80 http
       443 https
用户 apache
日志：/etc/httpd/logs
netstat -antlupe | grep httpd

ServerRoot "/etc/httpd" 服务的根目录 ，主配置目录

vim /etc/httpd/conf/httpd.conf

修改默认发布文件

mkdir /westos_apache
semanage fcontext -a -t httpd sys_content_t '/westos_apache(/.*)?'
restorecon -RvvF /westos_apache/

vim /etc/httpd/conf/httpd.conf
修改默认发布目录
Document "/westos_apache"
对/westos_apache进行授权
<Directory "/westos_apache">
        Require all granted
</Directory>
systemctl restart httpd

apache端口修改
Listen 80
firewall-cmd --permanent --add-port=8080/tcp
firewall-cmd --reload
systemctl restart httpd

http://172.25.254.150:8080
问题：目录的访问控制

vim /etc/httpd/conf/httpd.conf
Document "/var/www/html"
172.25.154.250不能访问
<Directory "/var/www/html/westos">
        Order Allow,Deny
        Allow from all
        Deny from 172.25.154.250
</Directory>

Document "/var/www/html"
只能172.25.154.250访问
<Directory "/var/www/html/westos">
        Order Deny,Allow
        Deny from all
        Allow from 172.25.154.250
</Directory>
systemctl restart httpd

dnf install httpd-manual -y
systemctl restart httpd

浏览器虚拟机ip/manual 会出现手册
apache手册

cd /etc/httpd/
ls
htpasswd -cm .htpasswd admin#c表示create m设定
cat .htpasswd
当这个文件已经存在添加用户
htpasswd -m .htpasswd admin1
cat .htpasswd
vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/westos">
        AuthUserFile /etc/httpd/.htpasswd
        AuthName "Please input username and password"
        AuthType basic
        Require user admin #用户名是admin可以使用并访问westos
#       Require valid-user #.htpasswd文件所有的用户都可以使用访问westos
</Directory>
systemctl restart httpd

ctrl+shift+del 选择everything
apache的虚拟主机

建立要发布的页面
mkdir -p /var/www/vhost/westos.org/{news,music,chengxing}
echo news.westos.org > /var/www/vhost/westos.org/news/index.html
echo music.westos.org > /var/www/vhost/westos.org/music/index.html
echo chengxing.westos.org > /var/www/vhost/westos.org/chengxing/index.html
vim /etc/httpd/conf.d/vhosts.conf #
<VirtualHost _default:80>
  DicumentRoot /var/www/html #默认发布目录
  CustomLog logs/default.log combined #自定义日志
<\VirtualHost>

<VirtualHost *:80>
  ServerName music.wetsos.org #域名
  DocumentRoot /var/www/vhost/westos.org/music  
  CustomLog logs/music.log combined
<\VirtualHost>

<VirtualHost *:80>
  ServerName news.westos.org
  DocumentRoot /var/www/vhost/westos.org/news
  CustomLog logs/news.log combined
<\VirtualHost>

<VirtualHost *:80>
  ServerName chengxing.westos.org
  DocumentRoot /var/www/vhost/westos.org/chengxing
  CustomLog logs/chengxing.log combined
<\VirtualHost>
systemctl restart httpd

本地解析

真机上,在那台机子上打开浏览器，就在哪台机子上做
vim /etc/hosts
虚拟机ip www.westos.org music.westos.org news.westos,org chengxing.westos.org
ping chengxing.westos.org

apache支持的语言
html 超文本标记语言
Linux：承载软件运行环境+Apache：发布页面+Mysql:存储数据+php发布语言 网站的主流架构

虚拟机
vim index.php
<?php
  phpinfo();
?>
dnf install php.x86_64
php -m
systemctl restart httpd

CGI

cd /var/www/html/
ls
mkdir cgi
ls
cd cgi/
ls
vim index.cgi
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print 'date';
chmod +x index.cgi #因为是脚本所以要给一个可执行权限
ls -Zd /var/www/cgi-bin/
semanage fcontext -a -t httpd_sys_script_exec_t '/var/www/html/cgi(/.*)?'
restorecon -RvvF /var/www/html/cgi/
./index.cgi

浏览器 http://172.25.254.150/cgi/index.cgi
通用网关接口

vim /etc/httpd/conf.d/vhost.conf加上
<Directory "/var/www/html/cgi">
    Options +ExecCGI #执行CGI
    AddHandIer cgi-scrtipt .cgi #触发器，什么样类型的文件会被执行
<\Directory>
systemctl restart httpd

书写wsgi的测试文件

vim /var/www/html/wsgi/index.wsgi
  def application(env, westos):
  westos('200 ok',[('Content-Type', 'text/html')])
return [b'hello westos aassssddfdf!']
chmod +x index.wsgi

浏览器172.25.254.150/index.wsgi

dnf search wsgi
dnf install python-mod_wsgi.x86_64 -y
cd /etc/httpd/conf.d/
ls
vim vhost.conf
<VirtualHost *:80>
  ServerName wsgi.westos.org
  WSGIScriptAlias / /var/www/html/index.wsgi
<\VirtualHost>
systemctl restart httpd

本地解析
wsgi.westos.org

出现问题时
cat /var/log/messages
cat /var/log/audit/audit.log

apache加密
https:/172.25.254.150

虚拟机
dnf install mod_ssl -y #ssl进行加密
cd /etc/pki/tls/
ls
certs证书  private 锁
cat certs/ca-bundle.trust.crt
systemctl restart httpd
cat certs/localhost.crt
cat private/localhost/key
cd

加密过程
cd
dnf install mod_ssl -y
mkdir /etc/httpd/tls
openssl req --newkey rsa:2048 -nodes -sha256 -keyout /etc/httpd/tls/westos.org.key -x509 -days 365 -out /etc/httpd/tls/westos.org.crt
CN
Shaanxi
Xi,an
WESTOS
Linux
www.westos.org
admin@westos.org
ls /etc/httpd/tls/
mkdir /var/www/vhost/westos.org/login
vim /var/www/vhost/westos.org/login/index.html
login.westos.org
vim /etc/httpd/conf.d/ssl.conf
vim /etc/httpd/conf.d/vhost.conf
<VirtualHost *:443>
   ServerHost login.westos.org
   DocumentRoot /var/www/vhost/westos.org/login
   Customlog logs/login.log combined
   SSLEngine on
   SSLCertificateFile /etc/httpd/tls/westos.org.crt
   SSLCertificateKeyFile /etc/httpd/tls/westos.org.key
</VirtualHost>
#在命令写:sp /etc/httpd/conf.d/ssl.conf
systemctl restart httpd

本地解析
login.westos.org

https://login.westos.org

网页重写规则
vim /etc/httpd/conf.d/vhost.conf
<VirtualHost *:80>
  ServerName login.westos.org
  RewriteEngine On
  RewriteRule ^/(/.*)$ https://%{HTTP_HOST}$1 #$1表示RewriteRule后面跟的第一串字符 %{HTTP_HOST}客户主机
</VirtualHost>
systemctl restart httpd

apache的代理

主机
firewall-cmd --add-masquerade

westosa
设置可以上网
vim /etc/sysconfig/network-scripts/ifcfg-ens3
DEVICE=ens3
ONBOOT=yes
BOOTPROTO=none
IPADDR=172.25.254.250
PREFIX=24
GATEWAY=172.25.254.50
DNS1=114.114.114.114
nmcli connection show
nmcli connection reload
ifconfig
route -n
cat /etc/resolv.conf
ping www.baidu.com

westosb 除了250之外谁也访问不了
设置ip
vim /etc/sysconfig/network-scripts/ifcfg-ens3
DEVICE=ens3
ONBOOT=yes
BOOTPROTO=none
IPADDR=172.25.254.150
PREFIX=24
nmcli connection reload
ping 172.25.254.250
dnf install firefox -y

westosa
dnf install squid -y
systemctl status squid
vim /etc/squid/squid.conf #主配置文件
59行 65行

systemctl t=restart squid
netstat -antlupe | grep squid
firewall-cmd --permanent --add-service=squid
firewall-cmd --reload
firewall-cmd --list-all

westosb
浏览器
preferences ->general ->

apache反向代理
让服务器的响应速度变快
企业放服务器做代理时为了加速的。CDN代理加速

设置westosb
dnf install httpd -y
systemctl enable --now httpd
firewall-cmd --permanent --add-service=http
firewall-cmd --reload
echo 172.25.254.150 > /var/www/html/index.html

westosa
vim /etc/squid/squid.conf

systemctl restart squid
firewall-cmd --permanent -add-service=http
firewall-cmd --reload

浏览器：172.25.254.250

less /usr/share/doc/squid/squid.conf.documented #文档
/cache