Linux -- build Apache(httpd) server

1, Basic concepts

Apache (or httpd) is one of the most used Web server technologies on the Internet. The transport protocol used is http hypertext transport protocol (a hypertext based protocol), which is used to send and receive objects through a network connection.

There are two versions:

  • http: hypertext transmission protocol. It is sent in clear text through the line. By default, 80/TCP is used (other ports can also be used)
  • https: hypertext transmission protocol securely encrypted by TLS/SSL. Port 443/TCP is used by default

2, Learn about Apache configuration files

1. Classification of configuration files

Configuring services in Linux system is actually modifying the service configuration file. The main configuration files and storage locations of httpd service program are as follows:

Name of the profile Storage location
Service directory /etc/httpd
Master profile /etc/httpd/conf/httpd.conf
Site data directory /var/www/html
Access log /var/log/httpd/access_log
Error log /var/log/httpd/error_log

2. Important parameters of master profile

Main configuration file / etc/httpd/conf/httpd.conf

parameter purpose
ServerRoot Service directory
ServerAdmin Administrator mailbox
User User running the service
Group User group running the service
ServerName Domain name of the web server
DocumentRoot Document root directory (site data directory)
Directory Permissions for site data directory
Listen Listening IP address and port number
DirectoryIndex Default index page
ErrorLog Error log file
CustomLog Access log file
Timeout Web page timeout, the default is 300 seconds

3. Directory tag

<Directory "/var/www/html">
	AllowOverride None	#Set the instruction type in the. htaccess file. None means that. htaccess is prohibited. This parameter is generally not changed
	Require all granted	#Set permissions. All client access permissions are enabled by default

3, How to configure Apache server

First prepare: hostname, network, yum source

1. Change host name:

[root@localhost ~]# Hostnamectl set hostname $hostname
[root@localhost ~]# bash	#Environment variable overload

2. Configure network

(1) Select host only mode for virtual switch and network adapter, and configure it as network segment;

(2) To edit a network profile:

[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
 Modification:	BOOTPROTO=static	#Change to static IP address
	ONBOOT=yes		#Change to automatic startup
	PREFIX=24  perhaps  NETMASK=

(3) Restart network service:

[root@localhost ~]# systemctl restart network

3. Configure yum source

(1) First, connect the system image file to the optical drive of the virtual machine in VMware;

(2) Mount the image in the optical drive:

[root@localhost ~]# mount /dev/cdrom /media

(3) Modify yum source configuration file:

[root@localhost ~]# vim /etc/yum.repos.d/local.repo

(4) Empty yum source cache information:

[root@localhost ~]# yum clean all

(5) Retrieve current yum source information:

[root@localhost ~]# yum repolist

Task 1: configure a simple httpd service

1. Install httpd service

[root@server ~]# yum -y install httpd

2. Start httpd service

[root@server ~]# systemctl restart httpd
[root@server ~]# systemctl enable httpd

3. Configure firewall

[root@server ~]# firewall-cmd --permanent --add-service=http
[root@server ~]# firewall-cmd --reload

4. Close SELinux

[root@server ~]# setenforce 0

5. Client test

[root@client ~]# firefox  http://IP Address or curl http://IP address

Task 2: configure user based personal website

Note: the user must exist in the Linux system

1. Create a new user (the site is based on this user)

[root@server ~]# useradd user0
[root@server ~]# passwd user0

2. Modify the user's home directory permissions so that other users have read and execute permissions

[root@server ~]# chmod -R 705 /home/user0

3. Create a directory to store the user's personal home page space and write the web page file of user0

[root@server ~]# mkdir /home/user0/public_html
[root@server ~]# cd /home/user0/public_html
[root@server ~]# echo "this is user0's web">>index.html

4. Modifying user based httpd profiles

[root@server ~]# vim  /etc/httpd/conf.d/userdir.conf
 Modification:	UserDir enabled		#When enabled, it means that the httpd service program enables the function of personal user home page
	UserDir public_html	#To annotate, the UserDir parameter indicates the name of the directory where the website data is saved in the user's home directory

5. Configure firewall (ditto)

[root@server ~]# firewall-cmd --permanent --add-service=http
[root@server ~]# firewall-cmd --reload

6. Modify selinux permissions

[root@server ~]# getsebool -a|grep home
[root@server ~]# setsebool httpd_enable_homedirs

7. Restart service

[root@server ~]# systemctl restart httpd

8. Client test

[root@client ~]# firefox  http://IP Address / ~ username or curl http://IP Address / ~ username

Task 3: configure the virtual host based on domain name access

1. New web page file for virtual host

[root@server ~]# mkdir /www/one /www/two
[root@server ~]# cd  /www/one
[root@server ~]# echo "this is a web for virtual host  one">>index.html
[root@server ~]# cd /www/two
[root@server ~]# echo "this is a web for virtual  host  two">>index.html
[root@server ~]# chmod o+x /www

2. Configure files for virtual hosts

[root@server ~]# cd /etc/httpd/conf.d
[root@server ~]# vim vhost.conf
	<Directory /www/one>		#Set site directory permissions
		Require all granted	#Turn on all client access
	<VirtualHost>		#Virtual host
		ServerName	#Define server name
		DocumentRoot /www/one/		#Site data directory
	<Directory /www/two>
		Require all granted
		DocumentRoot /www/two/

3. Do domain name resolution file

[root@server ~]# vim /etc/hosts

4. Configure firewall (ditto)

[root@server ~]# firewall-cmd --permanent --add-service=http
[root@server ~]# firewall-cmd --reload

5. Modify selinux context type of web page file of virtual host

[root@server ~]# semanage fcontext -a -t httpd_sys_content_t '/www(/.*)?'
[root@server ~]# restorecon -RFv /www

6. Restart service

[root@server ~]# systemctl restart httpd

7. Access with browser

Task 4: configure virtual host based on port access

1 - create a web page file for the virtual host

[root@server ~]# mkdir  /www/8088
[root@server ~]# echo "this is a web for port 8088 ">>index.html
[root@server ~]# mkdir  /www/8089
[root@server ~]# echo "this is a web for port 8089 ">>index.html

2 -- file for configuring virtual host

[root@server ~]# cd /etc/httpd/conf.d
[root@server ~]# vim vhost.conf
	<Directory /www/8088/>
		Require all granted
		DocumentRoot /www/8088/
	<Directory /www/8089/>
		Require all granted
		DocumentRoot /www/8089/

3. Configure firewall

[root@server ~]# firewall-cmd --permanent --zone=public --add-port=8089/tcp
[root@server ~]# firewall-cmd --permanent --zone=public --add-port=8088/tcp
[root@server ~]# firewall-cmd --reload

4. Close SELinux

[root@server ~]# setenforce 0

5. Restart service

[root@server ~]# systemctl restart httpd

6. Access with browser

Task 5: configure the virtual host based on TLS encryption

Note: the hypertext transmission protocol encrypted by TLS/SSL uses port 443/TCP by default

1. Install TLS encryption software, and the website content does not need to be transmitted in clear text

[root@server ~]# yum -y install mod_ssl

2. Generate key

[root@server ~]# openssl genrsa >tlsweb.key

3. Generate certificate request file

[root@server ~]# openssl req -new -key tlsweb.key > tlsweb.csr

4. Generate certificate file

[root@server ~]# openssl req -x509 -days 365 -key tlsweb.key -in tlsweb.csr >tlsweb.crt

5. Modify the ssl.conf configuration file

[root@server ~]# vim /etc/httpd/conf.d/ssl.conf
	SSLCertificateFile /etc/pki/tls/certs/tlsweb.crt
	SSLCertificateKeyFile /etc/pki/tls/private/tlsweb.key

6. Copy the certificate file to the corresponding path in the ssl.conf configuration file

[root@server ~]# cp tlsweb.crt /etc/pki/tls/certs/

7. Copy the secret key file to the corresponding path in the ssl.conf configuration file

[root@server ~]# cp tlsweb.key /etc/pki/tls/private/

8. Access with browser

Added by jammesz on Mon, 22 Nov 2021 07:17:25 +0200