day4 RHCE
12、实现一个web服务器
[root@server0 ~]# yum install httpd -y
[root@server0 ~]# rpm -ql httpd 查看httpd产生的配置文件
/usr/share/doc/httpd-2.4.6/httpd-manual.conf
/usr/share/doc/httpd-2.4.6/httpd-vhosts.conf
[root@server0 ~]# vim /etc/httpd/conf.d/vhost-server0.conf
<Directory "/var/www/html"> 网页文件存放的目录
<RequireAll> 控制特定主机(HOSTNAME)访问
Require all granted 允许所有主机访问
Require not host .my133t.com 允许所有主机访问
</RequireAll>
</Directory>
<VirtualHost *:80> 虚拟主机,基于域名的,监听80端口
DocumentRoot "/var/www/html"
ServerName server0.example.com
</VirtualHost>
[root@server0 ~]# wget -O /var/www/html/index.html http://classroom.example.com/materials/station.html
[root@server0 ~]# systemctl restart httpd
[root@server0 ~]# systemctl enable httpd
[root@server0 conf.d]# firewall-cmd --permanent --add-service=http
[root@server0 conf.d]# firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=172.25.0.0/24 service name=http accept'
[root@server0 conf.d]# firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=172.17.10.0/24 service name=http reject'
[root@server0 conf.d]# firewall-cmd --reload
测试,浏览器访问server0.example.com [root@server0 ~]# lab examrhce grade [root@server0 ~]# firefox server0.example.com
13、配置安全web服务 (https协议,mod_ssl服务)
[root@server0 ~]# yum install mod_ssl -y [root@server0 ~]# rpm -ql mod_ssl 查看mod_ssl生成的文件 /etc/httpd/conf.d/ssl.conf [root@server0 ~]# cd /etc/httpd/conf.d/ [root@server0 conf.d]# cp ssl.conf ssl.conf.bak 备份配置文件 [root@server0 conf.d]# vim ssl.conf <Directory "/var/www/html"> <RequireAll> Require all granted Require not host .my133t.com </RequireAll> </Directory> 107 SSLCertificateFile /etc/pki/tls/certs/server0.crt 115 SSLCertificateKeyFile /etc/pki/tls/private/server0.key 129 SSLCACertificateFile /etc/pki/tls/certs/example-ca.crt 查看密钥证书的保存路径后,再到目录下载文件 [root@server0 ~]# cd /etc/pki/tls/ [root@server0 tls]# ll [root@server0 tls]# cd certs/ [root@server0 certs]# wget http://classroom.example.com/pub/tls/certs/server0.crt [root@server0 certs]# wget http://classroom.example.com/pub/example-ca.crt [root@server0 certs]# cd .. [root@server0 tls]# cd private/ [root@server0 private]# wget http://classroom.example.com/pub/tls/private/server0.key [root@server0 ~]# wget -O /etc/pki/tls/certs/server0.crt http://classroom.example.com/pub/tls/certs/server0.crt [root@server0 ~]# wget -O /etc/pki/tls/private/server0.key http://classroom.example.com/pub/tls/private/server0.key [root@server0 ~]# wget -O /etc/pki/tls/certs/example-ca.crt http://classroom.example.com/pub/example-ca.crt [root@server0 conf.d]# systemctl restart httpd.service [root@server0 conf.d]# systemctl enable httpd.service [root@server0 ~]# firewall-cmd --permanent --add-service=https https协议安全 [root@server0 ~]# firewall-cmd --reload
小技巧: 如果配置文件没有备份,配置文件不能还原,写的乱七八糟 删除配置文件,remove服务httpd ,重新安装, 就会生成新的配置文件
14、配置虚拟主机
[root@server0 ~]# mkdir /var/www/virtual [root@server0 ~]# cd /var/www/virtual [root@server0 virtual]# wget http://classroom.example.com/materials/www.html [root@server0 virtual]# mv www.html index.html [root@server0 ~]# id floyd [root@server0 ~]# useradd floyd [root@server0 ~]# setfacl -m u:floyd:rwx /var/www/virtual/ [root@server0 ~]# getfacl /var/www/virtual/
[root@server0 conf.d]# cp vhost-server0.conf vhost-www0.conf [root@server0 ~]# vim /etc/httpd/conf.d/vhost-www0.conf <Directory "/var/www/virtual"> 注意virtual <RequireAll> Require all granted Require not host .my133t.com </RequireAll> </Directory> <VirtualHost *:80> DocumentRoot "/var/www/virtual" 注意virtual ServerName www0.example.com 注意www0.example </VirtualHost> [root@server0 ~]# systemctl restart httpd [root@server0 ~]# firefox www0.example.com
15、配置web内容的访问
[root@server0 ~]# mkdir -pv /var/www/virtual/private [root@server0 ~]# cd /var/www/virtual/private [root@server0 private]# wget http://classroom.example.com/materials/private.html [root@server0 private]# mv private.html index.html [root@server0 ~]# vim /etc/httpd/conf.d/vhost-www0.conf ###追加以下内容 <Directory "/var/www/virtual/private"> 注意virtual Require all denied 注意没有<Requireall> Require local </Directory> [root@server0 ~]# systemctl restart httpd [root@server0 ~]# firefox www0.example.com/private/index.html
16、实现动态Web内容
[root@server0 ~]# yum install mod_wsgi -y #python模块
[root@server0 ~]# mkdir -pv /var/www/webapp
root@server0 ~]# cd /var/www/webapp
[root@server0 ~]# wget http://classroom.example.com/materials/webinfo.wsgi
[root@server0 webapp]# getenforce #selinux
Enforcing
[root@server0 webapp]# semanage port -l | grep http 查看80端口设置
[root@server0 webapp]# semanage port -a -t http_port_t -p tcp 8908 注册端口失败(内存不足,server0内存设置为2G)
Killed
关机 shutdown 安全关机 shutdown -c (立即关机)
init 0
reboot 重启
[root@server0 ~]# semanage port -a -t http_port_t -p tcp 8908
Full path required for exclude: net:[4026532575].
Full path required for exclude: net:[4026532575].
[root@server0 webapp]# semanage port -l | grep 8908
[root@server0 conf.d]# rpm -ql mod_wsgi
/usr/share/doc/mod_wsgi-3.4/README #参考文档
WSGIScriptAlias /wsgi/ /usr/local/wsgi/scripts/
[root@server0 conf.d]# cat vhost-server0.conf
[root@server0 ~]# vim /etc/httpd/conf.d/vhost-webapp0.conf
Listen 8908 注意listen
<Directory "/var/www/webapp"> 注意webapp
Require all granted
</Directory>
<VirtualHost *:8908>
DocumentRoot "/var/www/webapp"
ServerName webapp0.example.com
WSGIScriptAlias / /var/www/webapp/webinfo.wsgi 注意格式
</VirtualHost>
[root@server0 ~]# firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=172.25.0.0/24 port port=8908 protocol=tcp accept
[root@server0 ~]# firewall-cmd --reload
[root@server0 ~]# systemctl restart httpd
[root@server0 webapp]# firefox http://webapp0.example.com:8908/
图形界面配置端口 (内存设置2G,注册成功) [root@server0 ~]# yum install policycoreutils-gui.x86_64 -y [root@server0 ~]# system-config-selinux
