1, Basic concepts
Apache (or httpd) is one of the most used Web server technologies on the Internet. The transport protocol used is http hypertext transport protocol (a hypertext based protocol), which is used to send and receive objects through a network connection.
There are two versions:
- http: hypertext transmission protocol. It is sent in clear text through the line. By default, 80/TCP is used (other ports can also be used)
- https: hypertext transmission protocol securely encrypted by TLS/SSL. Port 443/TCP is used by default
2, Learn about Apache configuration files
1. Classification of configuration files
Configuring services in Linux system is actually modifying the service configuration file. The main configuration files and storage locations of httpd service program are as follows:
| Name of the profile | Storage location |
|---|---|
| Service directory | /etc/httpd |
| Master profile | /etc/httpd/conf/httpd.conf |
| Site data directory | /var/www/html |
| Access log | /var/log/httpd/access_log |
| Error log | /var/log/httpd/error_log |
2. Important parameters of master profile
Main configuration file / etc/httpd/conf/httpd.conf
| parameter | purpose |
|---|---|
| ServerRoot | Service directory |
| ServerAdmin | Administrator mailbox |
| User | User running the service |
| Group | User group running the service |
| ServerName | Domain name of the web server |
| DocumentRoot | Document root directory (site data directory) |
| Directory | Permissions for site data directory |
| Listen | Listening IP address and port number |
| DirectoryIndex | Default index page |
| ErrorLog | Error log file |
| CustomLog | Access log file |
| Timeout | Web page timeout, the default is 300 seconds |
3. Directory tag
<Directory "/var/www/html"> AllowOverride None #Set the instruction type in the. htaccess file. None means that. htaccess is prohibited. This parameter is generally not changed Require all granted #Set permissions. All client access permissions are enabled by default </Directory>
3, How to configure Apache server
First prepare: hostname, network, yum source
1. Change host name:
[root@localhost ~]# Hostnamectl set hostname $hostname [root@localhost ~]# bash #Environment variable overload
2. Configure network
(1) Select host only mode for virtual switch and network adapter, and configure it as 192.168.100.0 network segment;
(2) To edit a network profile:
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33 Modification: BOOTPROTO=static #Change to static IP address ONBOOT=yes #Change to automatic startup IPADDR=192.168.100.10 PREFIX=24 perhaps NETMASK=255.255.255.0
(3) Restart network service:
[root@localhost ~]# systemctl restart network
3. Configure yum source
(1) First, connect the system image file to the optical drive of the virtual machine in VMware;
(2) Mount the image in the optical drive:
[root@localhost ~]# mount /dev/cdrom /media
(3) Modify yum source configuration file:
[root@localhost ~]# vim /etc/yum.repos.d/local.repo [rhel] name=rhel baseurl=file:///media enabled=1 gpgcheck=0
(4) Empty yum source cache information:
[root@localhost ~]# yum clean all
(5) Retrieve current yum source information:
[root@localhost ~]# yum repolist
Task 1: configure a simple httpd service
1. Install httpd service
[root@server ~]# yum -y install httpd
2. Start httpd service
[root@server ~]# systemctl restart httpd [root@server ~]# systemctl enable httpd
3. Configure firewall
[root@server ~]# firewall-cmd --permanent --add-service=http [root@server ~]# firewall-cmd --reload
4. Close SELinux
[root@server ~]# setenforce 0
5. Client test
[root@client ~]# firefox http://IP Address or curl http://IP address
Task 2: configure user based personal website
Note: the user must exist in the Linux system
1. Create a new user (the site is based on this user)
[root@server ~]# useradd user0 [root@server ~]# passwd user0
2. Modify the user's home directory permissions so that other users have read and execute permissions
[root@server ~]# chmod -R 705 /home/user0
3. Create a directory to store the user's personal home page space and write the web page file of user0
[root@server ~]# mkdir /home/user0/public_html [root@server ~]# cd /home/user0/public_html [root@server ~]# echo "this is user0's web">>index.html
4. Modifying user based httpd profiles
[root@server ~]# vim /etc/httpd/conf.d/userdir.conf Modification: UserDir enabled #When enabled, it means that the httpd service program enables the function of personal user home page UserDir public_html #To annotate, the UserDir parameter indicates the name of the directory where the website data is saved in the user's home directory
5. Configure firewall (ditto)
[root@server ~]# firewall-cmd --permanent --add-service=http [root@server ~]# firewall-cmd --reload
6. Modify selinux permissions
[root@server ~]# getsebool -a|grep home [root@server ~]# setsebool httpd_enable_homedirs
7. Restart service
[root@server ~]# systemctl restart httpd
8. Client test
[root@client ~]# firefox http://IP Address / ~ username or curl http://IP Address / ~ username
Task 3: configure the virtual host based on domain name access
1. New web page file for virtual host
[root@server ~]# mkdir /www/one /www/two [root@server ~]# cd /www/one [root@server ~]# echo "this is a web for virtual host one">>index.html [root@server ~]# cd /www/two [root@server ~]# echo "this is a web for virtual host two">>index.html [root@server ~]# chmod o+x /www
2. Configure files for virtual hosts
[root@server ~]# cd /etc/httpd/conf.d [root@server ~]# vim vhost.conf <Directory /www/one> #Set site directory permissions Require all granted #Turn on all client access </Directory> <VirtualHost 192.168.100.10> #Virtual host ServerName one.example.com #Define server name DocumentRoot /www/one/ #Site data directory </VirtualHost> <Directory /www/two> Require all granted </Directory> <VirtualHost 192.168.100.11> ServerName two.example.com DocumentRoot /www/two/ </VirtualHost>
3. Do domain name resolution file
server/client
[root@server ~]# vim /etc/hosts 192.168.100.10 one.example.com 192.168.100.11 two.example.com
4. Configure firewall (ditto)
[root@server ~]# firewall-cmd --permanent --add-service=http [root@server ~]# firewall-cmd --reload
5. Modify selinux context type of web page file of virtual host
[root@server ~]# semanage fcontext -a -t httpd_sys_content_t '/www(/.*)?' [root@server ~]# restorecon -RFv /www
6. Restart service
[root@server ~]# systemctl restart httpd
7. Access with browser
http://one.example.com
http://two.example.com
Task 4: configure virtual host based on port access
1 - create a web page file for the virtual host
[root@server ~]# mkdir /www/8088 [root@server ~]# echo "this is a web for port 8088 ">>index.html [root@server ~]# mkdir /www/8089 [root@server ~]# echo "this is a web for port 8089 ">>index.html
2 -- file for configuring virtual host
[root@server ~]# cd /etc/httpd/conf.d [root@server ~]# vim vhost.conf <Directory /www/8088/> Require all granted </Directory> <virtualHost 192.168.100.10:8088> DocumentRoot /www/8088/ </virtualHost> <Directory /www/8089/> Require all granted </Directory> <virtualHost 192.168.100.10:8089> DocumentRoot /www/8089/ </virtualHost>
3. Configure firewall
[root@server ~]# firewall-cmd --permanent --zone=public --add-port=8089/tcp [root@server ~]# firewall-cmd --permanent --zone=public --add-port=8088/tcp [root@server ~]# firewall-cmd --reload
4. Close SELinux
[root@server ~]# setenforce 0
5. Restart service
[root@server ~]# systemctl restart httpd
6. Access with browser
http://192.168.100.10:8088
http://192.168.100.10:8089
Task 5: configure the virtual host based on TLS encryption
Note: the hypertext transmission protocol encrypted by TLS/SSL uses port 443/TCP by default
1. Install TLS encryption software, and the website content does not need to be transmitted in clear text
[root@server ~]# yum -y install mod_ssl
2. Generate key
[root@server ~]# openssl genrsa >tlsweb.key
3. Generate certificate request file
[root@server ~]# openssl req -new -key tlsweb.key > tlsweb.csr
4. Generate certificate file
[root@server ~]# openssl req -x509 -days 365 -key tlsweb.key -in tlsweb.csr >tlsweb.crt
5. Modify the ssl.conf configuration file
[root@server ~]# vim /etc/httpd/conf.d/ssl.conf SSLCertificateFile /etc/pki/tls/certs/tlsweb.crt SSLCertificateKeyFile /etc/pki/tls/private/tlsweb.key
6. Copy the certificate file to the corresponding path in the ssl.conf configuration file
[root@server ~]# cp tlsweb.crt /etc/pki/tls/certs/
7. Copy the secret key file to the corresponding path in the ssl.conf configuration file
[root@server ~]# cp tlsweb.key /etc/pki/tls/private/
8. Access with browser
https://192.168.100.10