linux系统中部署apache服务(虚拟主机功能,基于端口号部署多个网站)
服务器端: PC1,192.168.10.10
客户机端: PC2, 192.168.10.20
1、在PC1服务器端安装Apache服务
[root@PC1 ~]# yum install httpd -y
Loaded plugins: langpacks, product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
rhel7 | 4.1 kB 00:00
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.6-17.el7 will be installed
--> Processing Dependency: httpd-tools = 2.4.6-17.el7 for package: httpd-2.4.6-17.el7.x86_64
--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-17.el7.x86_64
--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-17.el7.x86_64
--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-17.el7.x86_64
--> Running transaction check
---> Package apr.x86_64 0:1.4.8-3.el7 will be installed
---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
---> Package httpd-tools.x86_64 0:2.4.6-17.el7 will be installed
---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
httpd x86_64 2.4.6-17.el7 rhel7 1.2 M
Installing for dependencies:
apr x86_64 1.4.8-3.el7 rhel7 103 k
apr-util x86_64 1.5.2-6.el7 rhel7 92 k
httpd-tools x86_64 2.4.6-17.el7 rhel7 77 k
mailcap noarch 2.1.41-2.el7 rhel7 31 k
Transaction Summary
================================================================================
Install 1 Package (+4 Dependent packages)
Total download size: 1.5 M
Installed size: 4.3 M
Downloading packages:
--------------------------------------------------------------------------------
Total 5.6 MB/s | 1.5 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : apr-1.4.8-3.el7.x86_64 1/5
Installing : apr-util-1.5.2-6.el7.x86_64 2/5
Installing : httpd-tools-2.4.6-17.el7.x86_64 3/5
Installing : mailcap-2.1.41-2.el7.noarch 4/5
Installing : httpd-2.4.6-17.el7.x86_64 5/5
rhel7/productid | 1.6 kB 00:00
Verifying : mailcap-2.1.41-2.el7.noarch 1/5
Verifying : httpd-tools-2.4.6-17.el7.x86_64 2/5
Verifying : apr-1.4.8-3.el7.x86_64 3/5
Verifying : apr-util-1.5.2-6.el7.x86_64 4/5
Verifying : httpd-2.4.6-17.el7.x86_64 5/5
Installed:
httpd.x86_64 0:2.4.6-17.el7
Dependency Installed:
apr.x86_64 0:1.4.8-3.el7 apr-util.x86_64 0:1.5.2-6.el7
httpd-tools.x86_64 0:2.4.6-17.el7 mailcap.noarch 0:2.1.41-2.el7
Complete!
2、PC1服务器端创建网站数据目录,首页文件
[root@PC1 ~]# mkdir -p /home/wwwroot/1111 [root@PC1 ~]# mkdir -p /home/wwwroot/2222 [root@PC1 ~]# echo "here is 111" > /home/wwwroot/1111/index.html [root@PC1 ~]# echo "here is 222" > /home/wwwroot/2222/index.html
3、PC1服务器端修改apache服务主配置文件
[root@PC1 ~]# vim /etc/httpd/conf/httpd.conf ………… 34 # Listen: Allows you to bind Apache to specific IP addresses and/or 35 # ports, instead of the default. See also the <VirtualHost> 36 # directive. 37 # 38 # Change this to Listen on specific IP addresses as shown below to 39 # prevent Apache from glomming onto all bound IP addresses. 40 # 41 #Listen 12.34.56.78:80 42 Listen 80 43 Listen 1111 44 Listen 2222 45 …………
4、PC1服务器端写入网站参数
[root@PC1 ~]# vim /etc/httpd/conf/httpd.conf …… 113 # below. 114 # 115 <VirtualHost 192.168.10.10:1111> 116 DocumentRoot "/home/wwwroot/1111" 117 ServerName xxxxxx 118 <Directory "/home/wwwroot/1111"> 119 AllowOverride None 120 Require all granted 121 </Directory> 122 </VirtualHost> 123 <VirtualHost 192.168.10.10:2222> 124 DocumentRoot "/home/wwwroot/2222" 125 ServerName xxxxxx 126 <Directory "/home/wwwroot/2222"> 127 AllowOverride None 128 Require all granted 129 </Directory> 130 </VirtualHost> 131 # 132 # DocumentRoot: The directory out of which you will serve your ……
5、PC1主机中修改网站数据及首页数据文件SELinux上下文值
[root@PC1 ~]# ls -ldZ /var/www/html/ drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html/ [root@PC1 ~]# ls -ldZ /home/wwwroot/1111/ drwxr-xr-x. root root unconfined_u:object_r:home_root_t:s0 /home/wwwroot/1111/ [root@PC1 ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/ [root@PC1 ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/1111 [root@PC1 ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/1111/* [root@PC1 ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/2222 [root@PC1 ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/2222/* [root@PC1 ~]# restorecon -Rv /home/wwwroot/ restorecon reset /home/wwwroot context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_dir_t:s0 restorecon reset /home/wwwroot/1111 context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0 restorecon reset /home/wwwroot/1111/index.html context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0 restorecon reset /home/wwwroot/2222 context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0 restorecon reset /home/wwwroot/2222/index.html context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0 [root@PC1 ~]# ls -ldZ /home/wwwroot/1111/ drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 /home/wwwroot/1111/
6、PC1端重启apache服务
[root@PC1 ~]# systemctl restart httpd Job for httpd.service failed. See 'systemctl status httpd.service' and 'journalctl -xn' for details.
7、PC1端修改SELinux允许的apache服务端口
[root@PC1 ~]# semanage port -l | grep http http_cache_port_t tcp 8080, 8118, 8123, 10001-10010 http_cache_port_t udp 3130 http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000 pegasus_http_port_t tcp 5988 pegasus_https_port_t tcp 5989 [root@PC1 ~]# semanage port -a -t http_port_t -p tcp 1111 [root@PC1 ~]# semanage port -a -t http_port_t -p tcp 2222 [root@PC1 ~]# semanage port -l | grep http http_cache_port_t tcp 8080, 8118, 8123, 10001-10010 http_cache_port_t udp 3130 http_port_t tcp 2222, 1111, 80, 81, 443, 488, 8008, 8009, 8443, 9000 pegasus_http_port_t tcp 5988 pegasus_https_port_t tcp 5989
8、PC1端重启apache服务
[root@PC1 ~]# systemctl restart httpd
[root@PC1 ~]# systemctl status httpd | head -n 5
httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled)
Active: active (running) since Thu 2020-12-17 23:39:38 CST; 4s ago
Process: 4518 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
Main PID: 4522 (httpd)
9、PC1服务器端修改SELinux对用户/home目录的域服务策略
[root@PC1 ~]# getsebool -a | grep http httpd_anon_write --> off httpd_builtin_scripting --> on httpd_can_check_spam --> off httpd_can_connect_ftp --> off httpd_can_connect_ldap --> off httpd_can_connect_mythtv --> off httpd_can_connect_zabbix --> off httpd_can_network_connect --> off httpd_can_network_connect_cobbler --> off httpd_can_network_connect_db --> off httpd_can_network_memcache --> off httpd_can_network_relay --> off httpd_can_sendmail --> off httpd_dbus_avahi --> off httpd_dbus_sssd --> off httpd_dontaudit_search_dirs --> off httpd_enable_cgi --> on httpd_enable_ftp_server --> off httpd_enable_homedirs --> off httpd_execmem --> off httpd_graceful_shutdown --> on httpd_manage_ipa --> off httpd_mod_auth_ntlm_winbind --> off httpd_mod_auth_pam --> off httpd_read_user_content --> off httpd_run_stickshift --> off httpd_serve_cobbler_files --> off httpd_setrlimit --> off httpd_ssi_exec --> off httpd_sys_script_anon_write --> off httpd_tmp_exec --> off httpd_tty_comm --> off httpd_unified --> off httpd_use_cifs --> off httpd_use_fusefs --> off httpd_use_gpg --> off httpd_use_nfs --> off httpd_use_openstack --> off httpd_use_sasl --> off httpd_verify_dns --> off named_tcp_bind_http_port --> off prosody_bind_http_port --> off [root@PC1 ~]# setsebool -P httpd_enable_homedirs=on [root@PC1 ~]# getsebool -a | grep http httpd_anon_write --> off httpd_builtin_scripting --> on httpd_can_check_spam --> off httpd_can_connect_ftp --> off httpd_can_connect_ldap --> off httpd_can_connect_mythtv --> off httpd_can_connect_zabbix --> off httpd_can_network_connect --> off httpd_can_network_connect_cobbler --> off httpd_can_network_connect_db --> off httpd_can_network_memcache --> off httpd_can_network_relay --> off httpd_can_sendmail --> off httpd_dbus_avahi --> off httpd_dbus_sssd --> off httpd_dontaudit_search_dirs --> off httpd_enable_cgi --> on httpd_enable_ftp_server --> off httpd_enable_homedirs --> on httpd_execmem --> off httpd_graceful_shutdown --> on httpd_manage_ipa --> off httpd_mod_auth_ntlm_winbind --> off httpd_mod_auth_pam --> off httpd_read_user_content --> off httpd_run_stickshift --> off httpd_serve_cobbler_files --> off httpd_setrlimit --> off httpd_ssi_exec --> off httpd_sys_script_anon_write --> off httpd_tmp_exec --> off httpd_tty_comm --> off httpd_unified --> off httpd_use_cifs --> off httpd_use_fusefs --> off httpd_use_gpg --> off httpd_use_nfs --> off httpd_use_openstack --> off httpd_use_sasl --> off httpd_verify_dns --> off named_tcp_bind_http_port --> off prosody_bind_http_port --> off
10、PC1端清空防火墙策略
[root@PC1 ~]# iptables -F [root@PC1 ~]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
11、PC2客户端测试网络连通性
[root@PC2 Desktop]# ifconfig | head -n 5 eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.10.20 netmask 255.255.255.0 broadcast 192.168.10.255 inet6 fe80::20c:29ff:fe25:bb3e prefixlen 64 scopeid 0x20<link> ether 00:0c:29:25:bb:3e txqueuelen 1000 (Ethernet) RX packets 43 bytes 14706 (14.3 KiB) [root@PC2 Desktop]# ping -c 3 192.168.10.10 PING 192.168.10.10 (192.168.10.10) 56(84) bytes of data. 64 bytes from 192.168.10.10: icmp_seq=1 ttl=64 time=0.329 ms 64 bytes from 192.168.10.10: icmp_seq=2 ttl=64 time=0.222 ms 64 bytes from 192.168.10.10: icmp_seq=3 ttl=64 time=0.205 ms --- 192.168.10.10 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 0.205/0.252/0.329/0.054 ms
12、PC2客户端测试网站部署效果
以上实验实现了服务器端基于端口号的虚拟主机功能部署两个网站。
