Configuring Apache services on CentOS 7.6 Compact Edition

The introduction and functions of Apache services are not explained here. Only the configuration process and some usage methods of Apache services are recorded. The operating system environment is CentOS 7.6 compact version, and the IP addresses of CentOS hosts are 192.168.0.40 and 192.168.10.40. The configuration process is as follows:

[root@localhost ~]# yum install -y httpd	#Step 1: install the Apache service program. The installation process is omitted
[root@localhost ~]# systemctl restart httpd		#service httpd start 
[root@localhost ~]# systemctl enable httpd		#Add to boot item
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
#The following command sets the windows host to access
[root@localhost ~]# iptables -I INPUT -s 192.168.0.5 -p tcp --dport 80 -j ACCEPT
[root@localhost ~]# iptables -I INPUT -s 192.168.10.1 -p tcp --dport 80 -j ACCEPT
#The following command settings allow everyone to access, and the above two commands can be omitted
[root@localhost ~]# iptables -I INPUT -s 0.0.0.0/0 -p tcp --dport 80 -j ACCEPT
[root@localhost ~]# iptables-save	#Save the firewall settings, and the next restart is still valid
#The command to save firewall settings for lower version Linux is: service iptables save
#Now you can access the Apache test page by visiting 192.168.0.40 and 192.168.10.40 in the browser of windows computer
[root@localhost ~]# cd /var/www/html/		#Go to the directory where you saved the site files
[root@localhost html]# echo '<h1>Hello, website service program</h1>' > index.html	#Create home page file
#Now you can normally see the contents of the index.html file on the browser of windows computer

Next, change the default website storage directory / var/www/html to / home/wwwroot directory. Modifying the default save directory of the service involves SELinux security context technical restrictions. The - Z parameter of the ls command allows you to view the SELinux permissions of the directory. The configuration process is as follows:

[root@localhost ~]# vim /etc/httpd/conf/httpd.conf	#Edit httpd configuration file
......
DocumentRoot "/home/wwwroot"	#Modify the value of this row
#
# Relax access to content within /var/www.
#
<Directory "/home/wwwroot">		#Also change the value of this row
......
[root@localhost ~]# systemctl restart httpd
[root@localhost ~]# mkdir -p /home/wwwroot
[root@localhost ~]# ls -ldZ /var/www/html
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html
#The output above shows that the / var/www/html directory has httpd_sys_content_t permissions
[root@localhost ~]# ls -ldZ /home/wwwroot
drwxr-xr-x. root root unconfined_u:object_r:home_root_t:s0 /home/wwwroot
[root@localhost ~]# cat /etc/selinux/config		#View SELinux values
SELINUX=enforcing	#Just focus on this line. enforcing means mandatory. There are also permissive and disalbed
#Setenforce0 command temporarily closes SELinux, and setenforce1 command temporarily opens SELinux
#The semanage command modifies or adds the SELinux field. The fcontext parameter indicates that the SELinux value is to be edited
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/*
[root@localhost ~]# restorecon -Rv /home/wwwroot	#Make SELinux value effective
restorecon reset /home/wwwroot context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
[root@localhost ~]# echo '<h2>hello Apache</h2>' > /home/wwwroot/index.html

Now visit 192.168.0.40 and 192.168.10.40 on the browser of windows computer, and you can normally see the contents of / home/wwwroot/index.html file. The experimental configuration is successful.

Configure a web site for each user. Create a public in the user's home directory_ html directory, where html files are stored. To normally access the html files in this directory through the browser, you need to modify the userdir.conf configuration file. In addition, set the SELinux domain to allow the httpd service program to access files in the user directory. The operation is as follows:

[root@localhost ~]# vim /etc/httpd/conf.d/userdir.conf	#Modify profile
 17     UserDir public_html		#Change the disabled in line 17 to public_html
[root@localhost ~]# systemctl restart httpd		#Restart service
[root@localhost ~]# su - tom		#Switch to tom user
[tom@localhost ~]$ mkdir public_html	#Create public_html directory
[tom@localhost ~]$ chmod 755 -Rf public_html	#Modify the directory permission and set it smaller
[tom@localhost ~]$ chmod 755 -Rf /home/tom	#Also modify the permissions of the tom user's home directory
[tom@localhost ~]$ cd public_html/
[tom@localhost public_html]$ echo "<h3>hello, tom</h3>" > index.html
[tom@localhost public_html]$ exit	#Exit tom user
logout
[root@localhost ~]# getsebool -a | grep httpd
httpd_enable_homedirs --> off	#Set this to on to enable access to the user's home directory
[root@localhost ~]# setsebool -P httpd_enable_homedirs=on	#Open permission

Visit now http://192.168.10.40/tom/,http://192.168.0.40/ tom /, you can normally see public under the tom user's home directory_ The index.html file content in the HTML directory. Of course, you can also access other file contents in the directory.

Next, you need to enter a password to access the website under the user's home directory. The configuration process is as follows:

[root@localhost ~]# vim /etc/httpd/conf.d/userdir.conf	#Step 1: edit this configuration file
 31 <Directory "/home/*/public_html">	#Change the contents of the 31 line directory tag to this
 32     AllowOverride all
 33     authuserfile "/etc/httpd/passwd"	#Documents corresponding to certification
 34     authname "Please enter User ID and Password"	#Prompt information
 35     authtype basic		#Authentication type, basic authentication: user name + password
 36     require user tom	#The name of the user who needs to be authenticated when accessing the web site
 37 </Directory>
[root@localhost ~]# htpasswd -c /etc/httpd/passwd tom #Step 2: generate the password database of tom user
New password: 			#Prompt for a password, which is not the password for tom user to log in to the shell
Re-type new password: 
Adding password for user tom
[root@localhost ~]# systemctl restart httpd		#Step 3: restart the httpd service

Visit now http://192.168.10.40/tom/,http://192.168.0.40/ tom / must enter the correct user name and password to access.

Next, configure the virtual host function: cut the server hardware resources based on the IP address, so that users can accurately access the desired data. This experiment will use the / home/wwwroot directory created earlier in this section to create three subdirectories under this directory to experiment with the host function of the virtual website. The configuration process is as follows:

[root@localhost ~]# cd /home/wwwroot/
[root@localhost wwwroot]# ls
index.html
[root@localhost wwwroot]# mkdir 40	#Step 1: create 3 subdirectories
[root@localhost wwwroot]# mkdir 41
[root@localhost wwwroot]# mkdir 42
#Step 2: edit the network card parameter profile
[root@localhost wwwroot]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
......
IPADDR0=192.168.0.40
IPADDR1=192.168.0.41		#Add 41 and 42 IP addresses to the network card configuration file
IPADDR2=192.168.0.42
......
#Restart the network service and ensure that the 40, 41 and 42 IP S can ping normally
[root@localhost wwwroot]# systemctl restart network	
#Step 3: write an index.html file to each of the three subdirectories
[root@localhost wwwroot]# echo "<h1>11111111</h1>" > 40/index.html
[root@localhost wwwroot]# echo "<h1>22222222</h1>" > 41/index.html
[root@localhost wwwroot]# echo "<h1>33333333</h1>" > 42/index.html
#Step 4: edit the Apache configuration file
[root@localhost wwwroot]# vim /etc/httpd/conf/httpd.conf	#Edit apache configuration file
113 <virtualhost 192.168.0.40>			#Start adding the following at line 113
114     documentroot /home/wwwroot/40
115     <directory /home/wwwroot/40>
116         allowoverride none
117         require all granted
118     </directory>
119 </virtualhost>
120 <virtualhost 192.168.0.41>
121     documentroot /home/wwwroot/41
122     <directory /home/wwwroot/41>
123         allowoverride none
124         require all granted
125     </directory>
126 </virtualhost>
127 <virtualhost 192.168.0.42>
128     documentroot /home/wwwroot/42
129     <directory /home/wwwroot/42>
130         allowoverride none
131         require all granted
132     </directory>
133 </virtualhost>
......
[root@localhost wwwroot]# systemctl restart httpd	#Restart service
#Step 5: add SELinux domain permissions to the wwwroot directory and its subdirectories, and the files under the subdirectories also need to be added
[root@localhost wwwroot]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot
[root@localhost wwwroot]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/40
[root@localhost wwwroot]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/40/*
[root@localhost wwwroot]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/41
[root@localhost wwwroot]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/41/*
[root@localhost wwwroot]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/42
[root@localhost wwwroot]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/42/*

Now access 192.168.0.40, 192.168.0.41 and 192.168.0.42 in the browser of the windows host, and you can normally access the corresponding resources.

Added by m@tt on Wed, 08 Dec 2021 10:16:08 +0200

Programming VIP

Configuring Apache services on CentOS 7.6 Compact Edition

Popular Keywords