HTTP
HTTP WEB服务 tcp80
使apache支持html
开启httpd并查看有效内容
服务器操作
1.#yum insall httpd
2.#echo “test page” >/var/www/html/index.html
#systemctl restart httpd
客户端测试
#yum install elinks
#links http://192.168.10.5
查看Apache当前工作模式
#httpd -V | grep “Server MPM”
修改Apache工作模式
#vim /etc/httpd/conf.modules.d/00-mpm.conf
-----------------------------------------------------------------------------------------------------------------------------
HTTP WEB服务 使apache支持perl脚本
服务器操作
1.#yum install perl perl-CGI -y[安装perl支持程序]
2.#vim /etc/httpd/conf [修改httpd.conf配置]
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"[确认247行对cgi的支持]
3.Options FollowSymLinks ExecCGI [确认144行Apache允许执行CGI]
4.AddHandler cgi-script .cgi .pl[确认294行支持CGI后缀名的处理]
5.DirectoryIndex index.html index.cgi[确认164行支持index.cgi索引文件]
6. #vim /var/www/html/index.cgi[设置index.cgi脚本]
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print "<html>\n<body>\n";
print "<div style=\"width: 100%; fontsize:
40px; font-weight: bold; text-align:
center;\">\n";
print "CGI Test Page";
print "\n</div>\n";
print "</body>\n</html>\n";
7.#rm /var/www/html/index.html[删除原先文件]
#chmod 705 /var/www/html/index.cgi[修改权限]
客户端测试
#links http://192.168.10.5
-----------------------------------------------------------------------------------------------------------------------------
HTTP WEB服务 使apache支持php脚本
服务器操作
1.安装php支持程序
#yum install php php-mbstring php-pear -y
2.确认php相关配置文件存在
#ls -l /etc/httpd/conf.d/php.conf
#ls -l /etc/httpd/conf.modules.d/10-php.conf
3.确认164行支持index.php索引文件
DirectoryIndex index.html index.php
4.创建index.php文件
#rm -i /var/www/html/index.cgi[将原先文件删除]
#vim /var/www/html/index.php
<?php phpinfo(); ?>
5.重启httpd服务
客户端测试
#links http://192.168.10.5
-----------------------------------------------------------------------------------------------------------------------------
HTTP WEB服务 使apache支持ruby脚本
服务器操作
1.安装ruby支持程序
#yum install ruby -y
2.#vim /etc/httpd/conf[修改httpd.conf配置]
确认247行对cgi的支持
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
确认144行Apache允许执行CGI
Options FollowSymLinks ExecCGI
确认294行支持CGI后缀名的处理
AddHandler cgi-script .cgi .rb
确认164行支持index.cgi索引文件
DirectoryIndex index.html index.rb
3.#vim /var/www/html/index.rb[设置index.rb脚本]
#vim /var/www/html/index.cgi
#!/usr/bin/ruby
print "Content-type: text/html\n\n"
print "<html>\n<body>\n"
print "<div style=\"width: 100%; fontsize:
40px; font-weight: bold; text-align:
center;\">\n"
print Time.now.strftime('%Y/%m/%d')
print "\n</div>\n"
print "</body>\n</html>\n"
4.增加index.cgi权限
#rm /var/www/html/index.php [删除]
#chmod 705 /var/www/html/index.rb
5.重启httpd服务
客户端测试
#links http://192.168.10.5
-----------------------------------------------------------------------------------------------------------------------------
HTTP WEB服务 使apache支持python脚本
服务器操作
1.安装程序
#yum install python mod_wsgi -y
2.确认wsgi模块配置文件存在
#ls -l /etc/httpd/conf.modules.d/10-wsgi.conf
3.#vim /etc/httpd/conf[修改httpd.conf以支持python]
确认247行对cgi的支持
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
确认164行支持index.cgi索引文件
DirectoryIndex index.html index.php
确认144行Apache允许执行CGI
Options Indexes FollowSymLinks ExecCGI
确认294行支持CGI后缀名的处理
AddHandler cgi-script .cgi .py
4.#vim /var/www/html/index.py[设置index.py脚本]
import web
urls = (
'/(.*)', 'hello'
)
app = web.application(urls, globals())
class hello:
def GET(self, name):
if not name:
name = 'World'
return 'Hello, ' + name + '!'
if __name__ == "__main__":
app.run()
app = web.application(urls, globals(), autoreload=False)
application = app.wsgifunc()
5.增加index.py权限
#rm /var/www/html/index.rb [删除]
#chmod 705 /var/www/html/index.py
6.#systemctl restart httpd[重启]
客户端测试
#links http://192.168.10.5
-----------------------------------------------------------------------------------------------------------------------------
HTTP虚拟主机 FQDN
FQDN:需要DNS支持,并不同的FQDN配置为同一IP地址
服务器操作
1.#vim /etc/httpd/conf.d/yht.conf[配置基于不同FQDN的虚拟主机]
<Directory /var/www/fqdn/yht>
Require all granted
AllowOverride None
</Directory>
<VirtualHost *:80>
DocumentRoot /var/www/fqdn/yht
ServerName www.yht.bl
ServerAdmin webmaster@yht.bl
ErrorLog "logs/rh7s1_error_log"
CustomLog "logs/rh7s1_access_log"
common
</VirtualHost>
#vim /etc/httpd/conf.d/web.conf
<Directory /var/www/fqdn/www>
Require all granted
AllowOverride None
</Directory>
<VirtualHost *:80>
DocumentRoot /var/www/fqdn/www
ServerName web.edu.bl
ServerAdmin webmaster@ak.edu
ErrorLog "logs/web_error_log"
CustomLog "logs/web_access_log" common
</VirtualHost>
2.建立目录
#mkdir -p /var/www/fqdn/yht
#mkdir -p /var/www/fqdn/www
3.建立index.html
#echo “hello yht ak47” > /var/www/fqdn/yht
#echo “hello yanghaitao ck007” > /var/www/fqdn/www
4.重启apache
#systemctl restart httpd
客户端测试
1.vim /etc/hosts[添加、修改host文件]
192.168.10.5 www.yht.bl
192.168.10.5 web.edu.bl
2.#links http://yht.edu.bl
3.# links http://web.edu.bl
-----------------------------------------------------------------------------------------------------------------------------
HTTP虚拟主机 IP
基基于不同IP的虚拟主机(需要本地主机有多个IP地址)
服务器操作
1.配置基于不同IP的虚拟主机
#vim /etc/httpd/conf.d/ip-1.conf[配置主机1]
<Directory /var/www/ip-1.conf>
Require all granted
AllowOverride None
</Directory>
<VirtualHost 192.168.10.101:80>
DocumentRoot /var/www/ip-1.conf
ServerName ck.edu.bl
ServerAdmin webmaster@edu.bl
ErrorLog "logs/rh7s1_error_log"
CustomLog "logs/rh7s1_access_log" common
</VirtualHost>
#vim /etc/httpd/conf.d/ip-2.conf[配置主机2]
#vim /etc/httpd/conf.d/ip-2.conf
<Directory /var/www/ip-2.conf>
Require all granted
AllowOverride None
</Directory>
<VirtualHost 192.168.10.100:80>
DocumentRoot /var/www/ip-2.conf
ServerName ak.edu.bl
ServerAdmin webmaster@edu.bl
ErrorLog "logs/web_error_log"
CustomLog "logs/web_access_log"common
</VirtualHost>
2.增加ip地址
#ip addr add 192.168.10.100/24 brd + dev eno16777736
#ip addr add 192.168.10.101/24 brd + dev eno16777736
3.建立目录
#mkdir -p /var/www/ip-1.conf
#mkdir -p /var/www/ip-2.conf
4.建立index.html
#cd /var/www/ip-1.conf
#echo “hello ck007 snow” >index.thml
#cd /var/www/ip-2.conf
#echo “hello ak110 lisa” >index.thml
5.重启apache
#systemctl restart httpd
客户端测试
1.#vim /etc/hosts [添加、修改host文件]
192.168.10.100 ak.edu.bl
192.168.10.101 ck.edu.bl
2.#links http://192.168.10.100
3.#links http://192.168.10.101
____________________________________________________________________________________________________________________
HTTP port端口
基于同一IP不同端口的虚拟主机
服务器操作
1.#vim /etc/httpd/conf.d/port-1.conf[配置第一个端口]
<Directory /var/www/port-1.conf>
Require all granted
AllowOverride None
</Directory>
LIsten 1200→在本文件中指定端口后可以不用修改/etc/httpd/conf/httpd.conf系统文件
<VirtualHost 192.168.10.5:1200>
DocumentRoot /var/www/port-1.conf
ServerName fuck.edu.bl
ServerAdmin webmaster@niliu.edu
ErrorLog "logs/rh7s1_error_log"
CustomLog "logs/rh7s1_access_log" common
</VirtualHost>
2.#vim /etc/httpd/conf.d/port-2.conf[配置第二个端口]
<Directory /var/www/port-2.conf>
Require all granted
AllowOverride None
</Directory>
LIsten 1100 →在本文件中指定端口后可以不用修改/etc/httpd/conf/httpd.conf系统文件
<VirtualHost 192.168.10.5:1100>
DocumentRoot /var/www/port-2.conf
ServerName dog.edu.bl
ServerAdmin webmaster@niliu.edu
ErrorLog "logs/rh7s1_error_log"
CustomLog "logs/rh7s1_access_log" common
3.建立目录
#mkdir -p /var/www/port-1.conf>
#mkdir -p /var/www/port-2.conf>
4.建立index.html
#echo “fuck 123” > /var/www/port-1.conf/index.html
#echo “dog 234” > /var/www/port-2.conf/index.html
5.修改apache配置文件 ←注:[上面文件没有指定端口才需修改配置文件]
将42行Listen 80下面增加
Listen 888
Listen 8888
6.重启apache
#systemctl restart httpd
7.查看启动端口
#netstat -lant | grep 88
客户端测试
1.#links http://192.168.10.5:1100
2.#links http://192.168.10.5:1200
-----------------------------------------------------------------------------------------------------------------------------
HTTP 基于不同FQDN不同端口的虚拟主机
需要DNS支持,并不同的FQDN配置为同一IP地址
服务器操作
1.配置基于不同FQDN的虚拟主机
#vim /etc/httpd/conf.d/123.conf
<Directory /var/www/123.conf>
Require all granted
AllowOverride None
</Directory>
Listen 1500 →在本文件中指定端口后可以不用修改/etc/httpd/conf/httpd.conf系统文件
<VirtualHost yn.yht.bl:1500>
DocumentRoot /var/www/123.conf
ServerName yn.yht.bl
ServerAdmin webmaster@yht.bl
ErrorLog "logs/rh7s1_error_log"
CustomLog "logs/rh7s1_access_log" common
</VirtualHost>
2.#vim /etc/httpd/conf.d/234.conf
<Directory /var/www/234.conf>
Require all granted
AllowOverride None
</Directory>
Listen 1510 →在本文件中指定端口后可以不用修改/etc/httpd/conf/httpd.conf系统文件
<VirtualHost beijing.to.bl:1510>
DocumentRoot /var/www/234.conf
ServerName beijing.to.bl
ServerAdmin webmaster@to.bl
ErrorLog "logs/rh7s1_error_log"
CustomLog "logs/rh7s1_access_log" common
</VirtualHost>
3.建立目录
#mkdir -p /var/www/123.conf
#mkdir -p /var/www/234.conf
4.建立index.html
#echo "thers is 云南 " >/var/www/123.conf/index.html
#echo “北京 234” > /var/www/234.conf/index.html
5.修改apache配置文件 ←注:[上面文件没有指定端口才需修改配置文件]
将42行Listen 80下面增加
Listen 1500
Listen 1510
6.#vim /etc/hosts[添加host文件]
192.168.10.5 yn.yht.bl
192.168.10.5 beijing.to.bl
7.重启apache
#systemctl restart httpd
8.查看启动端口
#netstat -lant | grep 1500
客户端测试
1.#links http://192.168.10.5:1500
2.#links http://192.168.10.5:1510
-----------------------------------------------------------------------------------------------------------------------------
HTTP 基于同一FQDN不同端口显示不同内容
服务器操作
1.#vim ipandport.conf[配置基于不同端口的虚拟主机]
<Directory /var/www/ipandport/1>
Require all granted
AllowOverride None
</Directory>
Listen 2200
<VirtualHost *:2200>→此处*要在客户端添加host文件,域名的话需在服务器和客户端都添加host
DocumentRoot /var/www/ipandport.conf/1
ServerName ck.edu.bl
ServerAdmin webmaster@edu.bl
ErrorLog "logs/rh7s1_error_log"
CustomLog "logs/rh7s1_access_log" common
</VirtualHost>
<Directory /var/www/ipandport/2>
Require all granted
AllowOverride None
</Directory>
Listen 2201
<VirtualHost *:2201>此处*要在客户端添加host文件,域名的话需在服务器和客户端都添加host
DocumentRoot /var/www/ipandport.conf/2
ServerName ck.edu.bl
ServerAdmin webmaster@edu.bl
ErrorLog "logs/rh7s1_error_log"
CustomLog "logs/rh7s1_access_log" common
</VirtualHost>
2.#cd /var/www[创建文件目录]
#mkdir -p ipandport.conf/1 ipandport.conf/2
#echo "111111111" >ipandport.conf/1/index.html
#echo "666666666" >ipandport.conf/2/index.html
3.重启服务
#systemctl restart httpd
客户端测试
1.#vim /etc/hosts[修改host文件]
192.168.10.5 ck.edu.bl
2.#links http://ck.edu.bl:2200
#links http://ck.edu.bl:2201
-----------------------------------------------------------------------------------------------------------------------------
HTTP 基于同一IP不同端口显示不同内容
服务器操作
1.#vim portandip.conf[配置基于不同端口的虚拟主机]
<Directory /var/www/portandip/1>
Require all granted
AllowOverride None
</Directory>
Listen 1234
<VirtualHost 192.168.10.110:1234>
DocumentRoot /var/www/portandip/1
ServerName nanjing.edu.bl
ServerAdmin webmaster@edu.bl
ErrorLog "logs/rh7s1_error_log"
CustomLog "logs/rh7s1_access_log" common
</VirtualHost>
<Directory /var/www/portandip/2>
Require all granted
AllowOverride None
</Directory>
Listen 1235
<VirtualHost 192.168.10.110:1235>
DocumentRoot /var/www/portandip/2
ServerName nanjing.edu.bl
ServerAdmin webmaster@edu.bl
ErrorLog "logs/rh7s1_error_log"
CustomLog "logs/rh7s1_access_log" common
</VirtualHost>
2.#cd /var/www[创建文件目录]
#mkdir -p portandip/1 portandip/2
#echo "8888 lisa" > portandip/1/index.html
#echo "9999 dachui" > portandip/2/index.html
3.重启服务
#systemctl restart httpd
客户端测试
#links http://192.168.10.110:1234
#links http://192.168.10.111:1235
-----------------------------------------------------------------------------------------------------------------------------
HTTP 配置https(http+ssl)
生成所需证书
1.生成秘钥
#cd /etc/pki/tls/certs
#openssl genrsa -des3 -out web.key 1024
2.剥离key文件口令
#openssl rsa -in web.key -out web.key
#chmod 400 web.key
3.生成证书
#openssl req -new -x509 -days 3650 -key web.key -out web.crt
4.安装apache ssl的支持软件
#yum install mod_ssl -y
5.配置/etc/httpd/conf.d/ssl.conf 文件
取消59行注释:
DocumentRoot “/var/www/ssl”
取消60行注释,并改成HTTP的FQDN
ServerName ck.edu.bl:443
修改100行所指定的crt文件
SSLCertificateFIle
/etc/pki/tls/certs/web.crt
修改107行所指定的key文件
SSLCertificateKeyFIle /etc/pki/tls/certs/web.key
6.重启apache服务
#systemctl restart httpd
客户端测试
---------------------------------------------------------------------------------------------------------------------------
HTTP 配置ssl
配置转发加密,以确保SSL安全
开启92的SSL密码生成方式,开启93行加密
功能
1.配置HSTS(HTTP Strict TransportSecurity),防止web回话被劫持开关 说明
UserDir disabled 所有用户均关闭此功能
UserDir enabled 所有用户均启用此功能
Userdir disabled thomas 对指定用户关闭此功能
Userdir enabled snow 对指定用户开启此功能
UserDir disabled 所有用户均关闭此功能
UserDir enabled snow 仅对 snow 开启此功能
UserDIr disabled snow 仅对 snow 关闭此功能
UserDir enabled 对除 snow 账户外开启此功能
1)在ssl.conf中添加
Header always set Strict-Transport-
Security "max-age=600"
//*max-age为用户访问后的存活时间,单位为
秒,如用户于18:00对页面请求,600秒后即过期
启用用户主页功能
1.编辑userdir配置文件
#vim /etc/httpd/conf.d/userdir.conf
修改17行将其注释
UserDir disabled
取消25行注释
UserDir public_html
2.重启httpd
#systemctl restart httpd
3.创建用户public_html目录、修改权限
#su – snow
$mkdir -v public_html
$echo “hello snow”>public_html/index.html
$chmod 711 /home/snow
$chmod 755 public_html
客户端测试
#links http://ck.edu.bl/~snow
#links http://192.168.10.5/~snow