linux系统中部署apache服务(个人用户主页功能)

个人用户主页功能:每个用户建立一个独立的网站

以下实验中PC1为服务器端,IP地址为192.168.10.10;PC2和PC3为客户机端, IP地址为192.168.10.20和192.168.10.30。

1、在PC1服务器端部署apache服务

[root@PC1 ~]# ifconfig | head -n 3
eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.10 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::20c:29ff:fe66:37f7 prefixlen 64 scopeid 0x20<link>

[root@PC1 ~]# yum install httpd -y
Loaded plugins: langpacks, product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.6-17.el7 will be installed
--> Processing Dependency: httpd-tools = 2.4.6-17.el7 for package: httpd-2.4.6-17.el7.x86_64
--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-17.el7.x86_64
--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-17.el7.x86_64
--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-17.el7.x86_64
--> Running transaction check
---> Package apr.x86_64 0:1.4.8-3.el7 will be installed
---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
---> Package httpd-tools.x86_64 0:2.4.6-17.el7 will be installed
---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

============================================================================================
 Package                Arch              Version                    Repository        Size
============================================================================================
Installing:
 httpd                  x86_64            2.4.6-17.el7               rhel7            1.2 M
Installing for dependencies:
 apr                    x86_64            1.4.8-3.el7                rhel7            103 k
 apr-util               x86_64            1.5.2-6.el7                rhel7             92 k
 httpd-tools            x86_64            2.4.6-17.el7               rhel7             77 k
 mailcap                noarch            2.1.41-2.el7               rhel7             31 k

Transaction Summary
============================================================================================
Install  1 Package (+4 Dependent packages)

Total download size: 1.5 M
Installed size: 4.3 M
Downloading packages:
--------------------------------------------------------------------------------------------
Total                                                       3.9 MB/s | 1.5 MB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : apr-1.4.8-3.el7.x86_64                                                   1/5 
  Installing : apr-util-1.5.2-6.el7.x86_64                                              2/5 
  Installing : httpd-tools-2.4.6-17.el7.x86_64                                          3/5 
  Installing : mailcap-2.1.41-2.el7.noarch                                              4/5 
  Installing : httpd-2.4.6-17.el7.x86_64                                                5/5 
rhel7/productid                                                      | 1.6 kB  00:00:00     
  Verifying  : mailcap-2.1.41-2.el7.noarch                                              1/5 
  Verifying  : httpd-tools-2.4.6-17.el7.x86_64                                          2/5 
  Verifying  : apr-1.4.8-3.el7.x86_64                                                   3/5 
  Verifying  : apr-util-1.5.2-6.el7.x86_64                                              4/5 
  Verifying  : httpd-2.4.6-17.el7.x86_64                                                5/5 

Installed:
  httpd.x86_64 0:2.4.6-17.el7                                                               

Dependency Installed:
  apr.x86_64 0:1.4.8-3.el7                       apr-util.x86_64 0:1.5.2-6.el7             
  httpd-tools.x86_64 0:2.4.6-17.el7              mailcap.noarch 0:2.1.41-2.el7             

Complete!

 

2、在PC1服务器端修改用户配置文件

[root@PC1 ~]# vim /etc/httpd/conf.d/userdir.conf 
 1 #
  2 # UserDir: The name of the directory that is appended onto a user's home
  3 # directory if a ~user request is received.
  4 #
  5 # The path to the end user account 'public_html' directory must be
  6 # accessible to the webserver userid.  This usually means that ~userid
  7 # must have permissions of 711, ~userid/public_html must have permissions
  8 # of 755, and documents contained therein must be world-readable.
  9 # Otherwise, the client will only receive a "403 Forbidden" message.
 10 #
 11 <IfModule mod_userdir.c>
 12     #
 13     # UserDir is disabled by default since it can confirm the presence
 14     # of a username on the system (depending on home directory
 15     # permissions).
 16     #
 17     #UserDir disabled
 18 
 19     #
 20     # To enable requests to /~user/ to serve the user's public_html
 21     # directory, remove the "UserDir disabled" line above, and uncomment
 22     # the following line instead:
 23     # 
 24     UserDir public_html
 25 </IfModule>
 26 
 27 #
 28 # Control access to UserDir directories.  The following is an example
 29 # for a site where these directories are restricted to read-only.
…………

 

3、在PC1服务器端创建两个测试用户

[root@PC1 ~]# cd /home/
[root@PC1 home]# ls
linuxprobe
[root@PC1 home]# useradd usertest1
[root@PC1 home]# useradd usertest2
[root@PC1 home]# echo redhat | passwd --stdin usertest1
Changing password for user usertest1.
passwd: all authentication tokens updated successfully.
[root@PC1 home]# echo redhat | passwd --stdin usertest2
Changing password for user usertest2.
passwd: all authentication tokens updated successfully.
[root@PC1 home]# ls
linuxprobe  usertest1  usertest2

 

4、在PC1服务器端切换至测试用户usertest1,创建网站数据目录、修改权限

[root@PC1 home]# su - usertest1
[usertest1@PC1 ~]$ pwd
/home/usertest1
[usertest1@PC1 ~]$ mkdir public_html
[usertest1@PC1 ~]$ ls
public_html
[usertest1@PC1 ~]$ cd public_html/
[usertest1@PC1 public_html]$ ls
[usertest1@PC1 public_html]$ echo "welcome to 192.168.10.10 usertest1!" > index.html
-bash: !": event not found
[usertest1@PC1 public_html]$ echo "welcome to 192.168.10.10 usertest1\!" > index.html
[usertest1@PC1 public_html]$ ls
index.html
[usertest1@PC1 public_html]$ cat index.html 
welcome to 192.168.10.10 usertest1\!
[usertest1@PC1 public_html]$ ll -d /home/usertest1
drwx------. 6 usertest1 usertest1 4096 Dec 16 23:21 /home/usertest1
[usertest1@PC1 public_html]$ chmod -R 755 /home/usertest1
[usertest1@PC1 public_html]$ ll -d /home/usertest1
drwxr-xr-x. 6 usertest1 usertest1 4096 Dec 16 23:21 /home/usertest1

 

5、在PC1服务器端切换至测试用户usertest2,创建网站数据目录、修改权限

[usertest1@PC1 public_html]$ su - usertest2
Password: 
[usertest2@PC1 ~]$ pwd
/home/usertest2
[usertest2@PC1 ~]$ mkdir public_html
[usertest2@PC1 ~]$ ls
public_html
[usertest2@PC1 ~]$ cd public_html/
[usertest2@PC1 public_html]$ ls
[usertest2@PC1 public_html]$ echo " here is 192.168.10.10 usertest2" > index.html
[usertest2@PC1 public_html]$ ls
index.html
[usertest2@PC1 public_html]$ cat index.html 
 here is 192.168.10.10 usertest2
[usertest2@PC1 public_html]$ ll -d /home/usertest2
drwx------. 6 usertest2 usertest2 4096 Dec 16 23:24 /home/usertest2
[usertest2@PC1 public_html]$ chmod -R 755 /home/usertest2
[usertest2@PC1 public_html]$ ll -d /home/usertest2
drwxr-xr-x. 6 usertest2 usertest2 4096 Dec 16 23:24 /home/usertest2

 

6、在PC1服务器端重启apche服务

[usertest2@PC1 public_html]$ su - root
Password: 
Last login: Wed Dec  2 16:39:39 CST 2020 on :0
[root@PC1 ~]# systemctl restart httpd
[root@PC1 ~]# systemctl enable httpd.service 
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
[root@PC1 ~]# systemctl status httpd.service 
httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled)
   Active: active (running) since Wed 2020-12-16 23:27:33 CST; 29s ago
 Main PID: 4265 (httpd)
   Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"
   CGroup: /system.slice/httpd.service
           ├─4265 /usr/sbin/httpd -DFOREGROUND
           ├─4266 /usr/sbin/httpd -DFOREGROUND
           ├─4267 /usr/sbin/httpd -DFOREGROUND
           ├─4268 /usr/sbin/httpd -DFOREGROUND
           ├─4269 /usr/sbin/httpd -DFOREGROUND
           └─4270 /usr/sbin/httpd -DFOREGROUND

Dec 16 23:27:33 PC1 systemd[1]: Starting The Apache HTTP Server...
Dec 16 23:27:33 PC1 httpd[4265]: AH00557: httpd: apr_sockaddr_info_get() failed for PC1
Dec 16 23:27:33 PC1 httpd[4265]: AH00558: httpd: Could not reliably determine the serv...age
Dec 16 23:27:33 PC1 systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.

 

7、在PC1服务器端清空防火墙策略,并使其生效

[root@PC1 ~]# iptables -F
[root@PC1 ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]

 

8、在PC2和PC3客户机端测试与PC1服务器端的网络连通性

[root@PC2 Desktop]# ifconfig | head -n 3
eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.20  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 fe80::20c:29ff:fe25:bb3e  prefixlen 64  scopeid 0x20<link>
[root@PC2 Desktop]# ping -c 3 192.168.10.10
PING 192.168.10.10 (192.168.10.10) 56(84) bytes of data.
64 bytes from 192.168.10.10: icmp_seq=1 ttl=64 time=0.295 ms
64 bytes from 192.168.10.10: icmp_seq=2 ttl=64 time=0.259 ms
64 bytes from 192.168.10.10: icmp_seq=3 ttl=64 time=0.222 ms

--- 192.168.10.10 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.222/0.258/0.295/0.035 ms
[root@PC3 Desktop]# ifconfig | head -n 3
eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.30  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 fe80::20c:29ff:fe7d:e711  prefixlen 64  scopeid 0x20<link>
[root@PC3 Desktop]# ping -c 3 192.168.10.10
PING 192.168.10.10 (192.168.10.10) 56(84) bytes of data.
64 bytes from 192.168.10.10: icmp_seq=1 ttl=64 time=0.331 ms
64 bytes from 192.168.10.10: icmp_seq=2 ttl=64 time=0.214 ms
64 bytes from 192.168.10.10: icmp_seq=3 ttl=64 time=0.157 ms

--- 192.168.10.10 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.157/0.234/0.331/0.072 ms

 

9、在PC2和PC3客户端测试PC1端的配置效果

 

 

 

 

10、在PC1服务器端设置SELinux域权限

[root@PC1 ~]# getsebool -a | grep http
httpd_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_can_connect_ftp --> off
httpd_can_connect_ldap --> off
httpd_can_connect_mythtv --> off
httpd_can_connect_zabbix --> off
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> off
httpd_dbus_sssd --> off
httpd_dontaudit_search_dirs --> off
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> off
httpd_execmem --> off
httpd_graceful_shutdown --> on
httpd_manage_ipa --> off
httpd_mod_auth_ntlm_winbind --> off
httpd_mod_auth_pam --> off
httpd_read_user_content --> off
httpd_run_stickshift --> off
httpd_serve_cobbler_files --> off
httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_sys_script_anon_write --> off
httpd_tmp_exec --> off
httpd_tty_comm --> off
httpd_unified --> off
httpd_use_cifs --> off
httpd_use_fusefs --> off
httpd_use_gpg --> off
httpd_use_nfs --> off
httpd_use_openstack --> off
httpd_use_sasl --> off
httpd_verify_dns --> off
named_tcp_bind_http_port --> off
prosody_bind_http_port --> off
[root@PC1 ~]# setsebool -P httpd_enable_homedirs=on
[root@PC1 ~]# getsebool -a | grep http
httpd_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_can_connect_ftp --> off
httpd_can_connect_ldap --> off
httpd_can_connect_mythtv --> off
httpd_can_connect_zabbix --> off
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> off
httpd_dbus_sssd --> off
httpd_dontaudit_search_dirs --> off
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> on
httpd_execmem --> off
httpd_graceful_shutdown --> on
httpd_manage_ipa --> off
httpd_mod_auth_ntlm_winbind --> off
httpd_mod_auth_pam --> off
httpd_read_user_content --> off
httpd_run_stickshift --> off
httpd_serve_cobbler_files --> off
httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_sys_script_anon_write --> off
httpd_tmp_exec --> off
httpd_tty_comm --> off
httpd_unified --> off
httpd_use_cifs --> off
httpd_use_fusefs --> off
httpd_use_gpg --> off
httpd_use_nfs --> off
httpd_use_openstack --> off
httpd_use_sasl --> off
httpd_verify_dns --> off
named_tcp_bind_http_port --> off
prosody_bind_http_port --> off

 

11、 在PC2客户机端测试调整效果 (可以访问)

 

 

 

 

12、在PC3客户机端测试配置效果 (可以访问)

 

 

 

 以上实验实现了在PC1服务器端分别为普通用户usertest1和usertest2分别部署个人用户的网站。

posted @ 2020-12-16 23:45  小鲨鱼2018  阅读(793)  评论(0编辑  收藏  举报