文章 > RedHat > Linux8 搭建apache web服务器

Linux8 搭建apache web服务器

泡杯长岛冰茶 · 2021-09-16 1264 RedHat

i.IT运维上分入门篇

a)【常用软件镜像站地址

b)【VMware Workstation pro下载与安装

c)【Redhat8.4安装& VM Workstation安装系统

d)【VMware Workstation虚拟机快照版本管理

e)【VMware Workstation pro网络配置

f)【Linux8常用网络配置命令汇总

g)【Linux 磁盘管理】  

ii.IT运维上分初级篇

a)【Linux8 搭建缓存DNS服务器

b)【Linux8 BIND搭建DNS高可用

c)【Linux8 搭建apache web服务器

d)【Linux8 搭建nginx web服务器

【正在更新】

e)【VMware虚拟化架构概述与兼容性查询】

f)【VMware虚拟化esxi安装】

g)【VMware虚拟化vCenter安装】




Linux 8 web apache 配置

1.1. 配置网络

[root@localhost ~]# nmcli device status
DEVICE      TYPE      STATE                   CONNECTION    
ens192      ethernet  connected               --  
virbr0      bridge    connected (externally)  virbr0        
lo          loopback  unmanaged               --            
virbr0-nic  tun       unmanaged               --          
[root@localhost ~]# nmcli connection add con-name ens192 type ethernet ipv4.addresses 172.16.50.176/24 ipv4.gateway 172.16.50.1 ipv4.method manual
[root@localhost ~]# nmcli connection up ens192 ;
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
[root@localhost ~]# ip a s |grep -i ens192 |grep inet
   inet 172.16.50.176/24 brd 172.16.50.255 scope global noprefixroute ens192
[root@localhost ~]# hostnamectl set-hostname web-apache  

1.2. DNS服务解析(上章节内容)

修改zone文件信息

[root@bind-dns1 named]# hostname
bind-dns1
[root@bind-dns1 named]# cat yunbee.net.zone    
www.yunbee.net.         IN      A       172.16.50.176
www0.yunbee.net.        IN      A       172.16.50.176
www1.yunbee.net.        IN      A       172.16.50.176
ftp.yunbee.net.         IN      CNAME   www0

1.3. 安装apache 软件包

[root@localhost ~]# yum install httpd -y
[root@localhost ~]# rpm -qd httpd
/usr/share/doc/httpd/ABOUT_APACHE
/usr/share/doc/httpd/CHANGES
/usr/share/doc/httpd/LICENSE
/usr/share/doc/httpd/NOTICE
/usr/share/doc/httpd/README
/usr/share/doc/httpd/VERSIONING
/usr/share/doc/httpd/httpd-autoindex.conf
/usr/share/doc/httpd/httpd-dav.conf
/usr/share/doc/httpd/httpd-default.conf
/usr/share/doc/httpd/httpd-info.conf
/usr/share/doc/httpd/httpd-languages.conf
/usr/share/doc/httpd/httpd-manual.conf
/usr/share/doc/httpd/httpd-mpm.conf
/usr/share/doc/httpd/httpd-multilang-errordoc.conf
/usr/share/doc/httpd/httpd-vhosts.conf
/usr/share/doc/httpd/instance.conf
/usr/share/doc/httpd/proxy-html.conf

1.3. apache 主配置文件概述

[root@localhost ~]# egrep -vn "^$|#" /etc/httpd/conf/httpd.conf 
34:ServerRoot "/etc/httpd"              ## apache主配置文件根目录
45:Listen 80                            ## 定义监听80端口
59:Include conf.modules.d/*.conf        ## 定义模块存放位置
69:User apache                          ##  web 管理用户              
70:Group apache                         ## web 管理所属组
89:ServerAdmin root@localhost           ## 定义管理员邮箱
105:<Directory />                       ## 定义根目录(容器)
106:    AllowOverride none              ## 定义web访问控制,none是不定义
107:    Require all denied              ## 定义目录拒绝访问
108:</Directory>                        ## 定义目录(容器) 前面加"/"结尾是准备语法
122:DocumentRoot "/var/www/html"        ## 定义apache服务根目录
127:<Directory "/var/www">              ## 定义目录
128:    AllowOverride None              ## 定义web访问控制,none是不定义
130:    Require all granted             ## 定义目录允许访问
131:</Directory>                        ## 定义目录(容器) /结尾是准备语法
134:<Directory "/var/www/html">        
147:    Options Indexes FollowSymLinks  ## Indexes当找不到index文件时列举下面的文件,FollowSymLinks软连接访问
154:    AllowOverride None
159:    Require all granted
160:</Directory>
166:<IfModule dir_module>              ## 模块dir_module
167:    DirectoryIndex index.html      ## 定义apache Web访问时的默认文件
168:</IfModule>
174:<Files ".ht*">                     ## 定义文件访问控制
175:    Require all denied             ## 拒绝访问
176:</Files>
185:ErrorLog "logs/error_log"          ## 定义日志目录    
192:LogLevel warn                      ## 定义日志级别,默认警告级别
194:<IfModule log_config_module>       ## 定义日志格式
199:    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
200:    LogFormat "%h %l %u %t \"%r\" %>s %b" common
202:    <IfModule logio_module>
204:      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
205:    </IfModule>
220:    CustomLog "logs/access_log" combined       ## 定义访问日志
221:</IfModule>
223:<IfModule alias_module>                        ## 定义用户自定义模块路径
250:    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
252:</IfModule>
258:<Directory "/var/www/cgi-bin">
259:    AllowOverride None
260:    Options None
261:    Require all granted
262:</Directory>
264:<IfModule mime_module>
269:    TypesConfig /etc/mime.types
286:    AddType application/x-compress .Z
287:    AddType application/x-gzip .gz .tgz
308:    AddType text/html .shtml
309:    AddOutputFilter INCLUDES .shtml
310:</IfModule>
319:AddDefaultCharset UTF-8        ## 定义编码格式
321:<IfModule mime_magic_module>
327:    MIMEMagicFile conf/magic
328:</IfModule>
351:EnableSendfile on               ## 递送使用内存映射(memory-mapping)来读取文件
356:IncludeOptional conf.d/*.conf   ## 定义自定义配置文件目录

1.4. 创建http虚拟主机

[root@localhost conf.d]# pwd
/etc/httpd/conf.d
[root@localhost conf.d]#  rpm -ql httpd|grep vhosts
/usr/share/doc/httpd/httpd-vhosts.conf
[root@localhost conf.d]# cp /usr/share/doc/httpd/httpd-vhosts.conf ./
[root@localhost conf.d]#cat httpd-vhosts.conf
<Directory "/software">      ## 定义目录(容器)在/software目录下
AllowOverride None          
Require all granted
</Directory>
listen 8989                  ## 定义一个8989监听端口
<VirtualHost *:8989>
   ServerAdmin root@yunbee.com   ## 管理员邮箱
   DocumentRoot "/software/site1"
   ServerName  www.yunbee.net   ## 虚拟主机名
   ServerAlias  ftp.yunbee.net  ## 虚拟主机别名
   ErrorLog "/var/log/httpd/www.example.com-error_log"
   CustomLog "/var/log/httpd/www.example.com-access_log" common
</VirtualHost>

[root@localhost conf.d]# httpd -t           检查配置文件是否正确
Syntax OK
[root@localhost conf.d]# echo "www.yunbee.net 8989 Port! " >/software/site1/index.html
[root@localhost conf.d]# curl  http://www.yunbee.net:8989                              
www.yunbee.net 8989 Port!

1.4.1 创建虚拟主机

[root@localhost conf.d]#cat httpd-vhosts.conf 
<Directory "/software">
AllowOverride None
Require all granted      ## 受权所有用户访问
</Directory>
<VirtualHost 172.16.50.176:80>
   ServerAdmin root@yunbee.net
   DocumentRoot "/software/site2"
   ServerName  www0.yunbee.net
   ErrorLog "/var/log/httpd/www0.example.com-error_log"
   CustomLog "/var/log/httpd/www0.example.com-access_log" common
</VirtualHost>
[root@webserver site2]# echo "www0.yunbee.net! and ftp server" >/software/site2/index.html
[root@localhost conf.d]# curl http://www0.yunbee.net
www0.yunbee.net! and ftp server

1.4.2. 以别名方式创建Wbe 文件服务器,并与ftp服务访问目录相同

[root@localhost conf.d]#cat httpd-vhosts.conf  
<Directory "/software">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/ftp/pub">
Options indexes                 ## 当找不能index.html时例举文件与目录
AllowOverride None
Require all granted
</Directory>
<VirtualHost _default_:80>
   ServerAdmin root@yunbee.net
   DocumentRoot "/software/site2"
   alias /ftp /var/ftp/pub          ##定义路径别名
   ServerName  www0.yunbee.net
   ErrorLog "/var/log/httpd/www0.example.com-error_log"
   CustomLog "/var/log/httpd/www0.example.com-access_log" common
</VirtualHost>
[root@localhost conf.d]# yum install vsftpd
[root@localhost conf.d]# sed -i 's/^anonymous_enable=no/anonymous_enable=yes/' /etc/vsftpd/vsftpd.conf
[root@localhost conf.d]# touch  /var/ftp/pub/ftpfile{1..3}
[root@localhost conf.d]# ll /var/ftp/pub/              
-rw-r--r--. 1 root root 0 Sep 15 20:22 ftpfile1
-rw-r--r--. 1 root root 0 Sep 15 20:22 ftpfile2
-rw-r--r--. 1 root root 0 Sep 15 20:22 ftpfile3
[root@localhost conf.d]# ftp 172.16.50.176
ftp> cd /var/ftp/pub/
ftp> ls
227 Entering Passive Mode (172,16,50,176,163,126).
150 Here comes the directory listing.
-rw-r--r--    1 0        0               0 Sep 15 12:22 ftpfile1
-rw-r--r--    1 0        0               0 Sep 15 12:22 ftpfile2
-rw-r--r--    1 0        0               0 Sep 15 12:22 ftpfile3

测试站点访问是否正常

image-20210915205108736

测试站点文件服务器是否访问正常

image-20210915212315832

1.4.3. 以软连接方式创建Wbe 文件服务器,并与ftp服务访问目录相同 定义虚拟主机

[root@localhost site2]# vim /etc/httpd/conf.d/httpd-vhosts.conf 
<Directory "/software">
AllowOverride None
Require all granted
</Directory>
<Directory "/software/site2">
Options Indexes FollowSymLinks         ## Indexes:例出定义目录下的文件与目录,FollowSymLinks:并允许软连接目录访问
AllowOverride None
Require all granted
</Directory>
<VirtualHost _default_:80>
   ServerAdmin www0.yunbee.net
   DocumentRoot "/software/site2"    
   ServerName  root@yunbee.com
   ErrorLog "/var/log/httpd/www0.example.com-error_log"
   CustomLog "/var/log/httpd/www0.example.com-access_log" common
</VirtualHost>
[root@localhost pub]# cd /software/site2/
[root@localhost site2]# ll
lrwxrwxrwx. 1 root root 12 Sep 15 20:53 ftp -> /var/ftp/pub
-rw-r--r--. 1 root root 32 Sep 15 20:14 index.html

1.5 配置一个tls的WEB站点

1.5.1. 创建 一个自签名证书

创建一个自签名的证书
Redhat 7
yum install crypto-utils  -y
genkey --days 90  FQDN

Redhat 7/8
#生成私钥文件
openssl genrsa 2048 > myserver.key
openssl genrsa 4096 > myserver.key
#生成csr
openssl req -new -key myserver.key -out myserver.csr
#生成自签名证书文件
openssl x509 -req -days 90 -in myserver.csr -signkey myserver.key -out myserver.crt
#查看证书文件
openssl x509 -in myserver.crt -noout -text
#查看csr文件
openssl req -in myserver.csr -noout -text

1.5.2 安装ssl模块并配置

[root@localhost site2]# yum install mod_ssl -y
[root@webserver software]# vim /etc/httpd/conf.d/httpd-vhosts.conf
[root@webserver software]# egrep -ni "^SSLCerti" /etc/httpd/conf.d/httpd-vhosts.conf
92:SSLCertificateFile  /software/server.crt
93:SSLCertificateKeyFile /software/server.key

1.5.3. 创建一个TLS虚拟主机

cat /etc/httpd/conf.d/httpd-vhosts.conf
<Directory "/software">
AllowOverride None
Require all granted
</Directory>

<VirtualHost *:443>
ServerAdmin  www1.yunbee.net
DocumentRoot "/software/site3"
SSLEngine on
SSLProtocol all -SSLv2  -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNull:!MD5
SSLHonorCipherOrder on
SSLCertificateFile  /software/server.crt
SSLCertificateKeyFile /software/server.key
</VirtualHost>

[root@localhost site3]# cat /software/site3/index.html
This ssl

https访问测试

image-20210915231140523

image-20210915231434938

1.6. 配置http虚拟主机重定向到https(TLS)

<VirtualHost _default_:80>
   ServerAdmin www1.yunbee.net
   Redirect / https://www1.yunbee.net
</VirtualHost>
<VirtualHost *:443>
ServerAdmin  root@yunbee.net
DocumentRoot "/software/site3"
ServerName www1.yunbee.net
SSLEngine on
SSLProtocol all -SSLv2  -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNull:!MD5
SSLHonorCipherOrder on
SSLCertificateFile  /software/server.crt
SSLCertificateKeyFile /software/server.key
</VirtualHost>

本篇完






点击加载更多