鏈接:https://blog.csdn.net/tladagio/article/details/80760261
正文內容
一、虛機主機的三種方式
1、基於IP
2、基於IP+端口
3、基於域名
官網文檔:http://httpd.apache.org/docs/2.4/
二、安裝Apache
1、系統環境
[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
[root@localhost ~]# ip ad
1: lo: <loopback> mtu 65536 qdisc noqueue state UNKNOWN /<loopback>
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736: <broadcast> mtu 1500 qdisc pfifo_fast state UP qlen 1000/<broadcast>
link/ether 00:0c:29:5c:ff:91 brd ff:ff:ff:ff:ff:ff
inet 192.168.253.128/24 brd 192.168.253.255 scope global dynamic eno16777736
valid_lft 1388sec preferred_lft 1388sec
inet6 fe80::20c:29ff:fe5c:ff91/64 scope link
valid_lft forever preferred_lft forever
2、yum安裝
[root@localhost ~]# yum install -y httpd
*****
======================================================================================================================================================
Package 架構 版本 源 大小
======================================================================================================================================================
正在安裝:
httpd x86_64 2.4.6-80.el7.centos base 2.7 M
為依賴而安裝:
apr x86_64 1.4.8-3.el7_4.1 base 103 k
apr-util x86_64 1.5.2-6.el7 base 92 k
httpd-tools x86_64 2.4.6-80.el7.centos base 89 k
mailcap noarch 2.1.41-2.el7 base 31 k
***
已安裝:
httpd.x86_64 0:2.4.6-80.el7.centos
作為依賴被安裝:
apr.x86_64 0:1.4.8-3.el7_4.1 apr-util.x86_64 0:1.5.2-6.el7 httpd-tools.x86_64 0:2.4.6-80.el7.centos mailcap.noarch 0:2.1.41-2.el7
完畢!
可以查看安裝了內容
[root@localhost ~]# rpm -ql httpd | less
3、配置Selinux文件,SELINUX=disabled。
[root@localhost ~]# vim /etc/selinux/config
SELINUX=disabled
SELINUXTYPE=targeted
或者臨時關閉
[root@localhost ~]# setenforce 0
4、關閉防火牆
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
5、啟動httpd服務,訪問測試
[root@localhost ~]# systemctl start httpd
三、修改主配置文件
1、查看apache主配置文件,確保存在以下配置,因為等下需要在conf.d/創建虛機主機配置。
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
IncludeOptional conf.d/*.conf
2、另外,把 Require all denied默認拒絕訪問設置為允許訪問: Require all granted,方便測試。
<directory>
AllowOverride none
# Require all denied
Require all granted
四、新增虛擬主機配置文件
1、添加基於多個IP的虛擬主機
1)創建配置文件
[root@localhost ~]# cd /etc/httpd/conf.d/
[root@localhost conf.d]# vim virtual.conf
<virtualhost>
ServerName a.com
DocumentRoot "/www/a.com/" #網頁路徑
<virtualhost>
ServerName b.com
DocumentRoot "/www/b.com/" #網頁路徑
2)網卡綁定多個IP(我的網卡名是eno16777736,不是eth0)
[root@localhost conf.d]# ip addr add 192.168.253.129 dev eno16777736
[root@localhost conf.d]# ip add
1: lo: <loopback> mtu 65536 qdisc noqueue state UNKNOWN /<loopback>
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736: <broadcast> mtu 1500 qdisc pfifo_fast state UP qlen 1000/<broadcast>
link/ether 00:0c:29:5c:ff:91 brd ff:ff:ff:ff:ff:ff
inet 192.168.253.128/24 brd 192.168.253.255 scope global dynamic eno16777736
valid_lft 1542sec preferred_lft 1542sec
inet 192.168.253.129/32 scope global eno16777736
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe5c:ff91/64 scope link
valid_lft forever preferred_lft forever
3)創建虛機主機a.com和b.com的主頁面
[root@localhost conf.d]# mkdir -pv /www/{a.com,b.com}
mkdir: 已創建目錄 "/www"
mkdir: 已創建目錄 "/www/a.com"
mkdir: 已創建目錄 "/www/b.com"
[root@localhost conf.d]# vim /www/a.com/index.html
Hello,a.com
[root@localhost conf.d]# vim /www/b.com/index.html
Hello,b.com
4)檢查配置文件是否正常
[root@localhost conf.d]# httpd -t
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
Syntax OK
5)重啟httpd服務
[root@localhost conf.d]# systemctl restart httpd
6)打開瀏覽器,查看結果
2、配置基於IP+端口的虛擬主機
1)創建配置文件
[root@localhost ~]# cd /etc/httpd/conf.d/
[root@localhost conf.d]# vim virtual.conf
<virtualhost>
ServerName a.com
DocumentRoot "/www/a.com/"
<virtualhost>
ServerName b.com
DocumentRoot "/www/b.com/"
2)修改httpd主配置文件,在Listen 80下面添加一行監控8080端口
[root@localhost conf.d]# vim /etc/httpd/conf/httpd.conf
Listen 8080
3)創建虛機主機a.com和b.com的主頁面(如果前面已經創建就不用重複)
[root@localhost conf.d]# mkdir -pv /www/{a.com,b.com}
mkdir: 已創建目錄 "/www"
mkdir: 已創建目錄 "/www/a.com"
mkdir: 已創建目錄 "/www/b.com"
[root@localhost conf.d]# vim /www/a.com/index.html
Hello,a.com
[root@localhost conf.d]# vim /www/b.com/index.html
Hello,b.com
4)檢查配置文件
[root@localhost conf.d]# httpd -t
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
Syntax OK
5)重啟httpd服務
[root@localhost conf.d]# systemctl restart httpd
6)打開瀏覽器,查看結果
3、基於域名的虛擬主機
1)創建配置文件
[root@localhost ~]# cd /etc/httpd/conf.d/
[root@localhost conf.d]# vim virtual.conf
<virtualhost>
ServerName a.com
DocumentRoot "/www/a.com/"
<virtualhost>
ServerName b.com
DocumentRoot "/www/b.com/"
2)修改物理主機hosts文件(C:\\Windows\\System32\\drivers\\etc),因為這裡是因為物理機去訪問Apache服務器
添加:
192.168.253.128a.com
192.168.253.128b.com
3)物理主機ping域名測試
4)創建虛機主機a.com和b.com的主頁面(如果前面已經創建就不用重複)
[root@localhost conf.d]# mkdir -pv /www/{a.com,b.com}
mkdir: 已創建目錄 "/www"
mkdir: 已創建目錄 "/www/a.com"
mkdir: 已創建目錄 "/www/b.com"
[root@localhost conf.d]# vim /www/a.com/index.html
Hello,a.com
[root@localhost conf.d]# vim /www/b.com/index.html
Hello,b.com
5)檢查配置文件
[root@localhost conf.d]# httpd -t
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
Syntax OK
6)重啟httpd服務
[root@localhost conf.d]# systemctl restart httpd
7)打開瀏覽器,查看結果
五、擴展虛機主機配置文件
1、先修改回apache主配置文件,設置 Require all denied默認拒絕訪問
<directory>
AllowOverride none
Require all denied
這時候再去訪問以上的三種配置虛機主機,會全部訪問不了。因此需要針對虛機目錄設置訪問權限。
2、修改虛擬主機配置文件
[root@localhost ~]# cd /etc/httpd/conf.d/
[root@localhost conf.d]# vim virtual.conf
<virtualhost>
#綁定的主域
ServerName a.com
#綁定的子域名
ServerAlias www.test.com
#網站主目錄
DocumentRoot "/www/a.com/"
#錯誤日誌目錄
ErrorLog "/var/log/httpd/a.com/error.log"
#訪問日誌目錄
CustomLog "/va/log/httpd/a.com.access.log"
<directory>
Options FollowSymLinks
AllowOverride All
#允許任意訪問
Require all granted
3、創建日誌目錄
[root@localhost b.com]# cd /var/log/httpd/
[root@localhost httpd]# mkdir a.com
[root@localhost httpd]# ll
總用量 60
-rw-r--r--. 1 root root 37976 1月 23 22:26 access_log
drwxr-xr-x. 2 root root 6 1月 23 22:41 a.com
-rw-r--r--. 1 root root 17795 1月 23 22:38 error_log
[root@localhost httpd]# cd a.com/
[root@localhost a.com]# touch error.log
[root@localhost a.com]# touch access.log
日誌目錄記得更改屬主和屬組為Apache,否則httpd啟動失敗
[root@localhost httpd]# chown -R apache:apache a.com/
4、配置指定IP可以訪問虛擬主機(可以單個IP,也可以是一個網段)
[root@localhost conf.d]# vim /etc/httpd/conf.d/virtual.conf
<virtualhost>
#綁定的主域
ServerName a.com
#綁定的子域名
ServerAlias www.test.com
#網站主目錄
DocumentRoot "/www/a.com/"
#錯誤日誌目錄
ErrorLog "/var/log/httpd/a.com/error.log"
#訪問日誌目錄
CustomLog "/va/log/httpd/a.com.access.log"
<directory>
Options FollowSymLinks
AllowOverride All
#允許任意訪問
Require ip 192.168.253.0/24
5、配置指定用戶可以訪問虛擬主機
[root@localhost conf.d]# vim /etc/httpd/conf.d/virtual.conf
<virtualhost>
#綁定的主域
ServerName a.com
#綁定的子域名
ServerAlias www.test.com
#網站主目錄
DocumentRoot "/www/a.com/"
#錯誤日誌目錄
ErrorLog "/var/log/httpd/a.com/error.log"
#訪問日誌目錄
CustomLog "/va/log/httpd/a.com.access.log"
<directory>
Options FollowSymLinks
AllowOverride authconfig
AuthType basic
AuthName "Restrict area"
AuthUserFile "etc/httpd/.htpasswd"
Require valid-user
創建用戶文件,第一次創建的時候要加-c,以後創建都不用加-c,否則會覆蓋原數據
[root@localhost conf.d]# pwd
/etc/httpd/conf.d
[root@localhost conf.d]# htpasswd -h
htpasswd: illegal option -- h
Usage:
htpasswd [-cimBdpsDv] [-C cost] passwordfile username
htpasswd -b[cmBdpsDv] [-C cost] passwordfile username password
htpasswd -n[imBdps] [-C cost] username
htpasswd -nb[mBdps] [-C cost] username password
-c Create a new file.
-n Don't update file; display results on stdout.
-b Use the password from the command line rather than prompting for it.
-i Read password from stdin without verification (for>
-m Force MD5 encryption of the password (default).
-B Force bcrypt encryption of the password (very secure).
-C Set the computing time used for the bcrypt algorithm
(higher is more secure but slower, default: 5, valid: 4 to 31).
-d Force CRYPT encryption of the password (8 chars max, insecure).
-s Force SHA encryption of the password (insecure).
-p Do not encrypt the password (plaintext, insecure).
-D Delete the specified user.
-v Verify password for the specified user.
On other systems than Windows and NetWare the '-p' flag will probably not work.
The SHA algorithm does not use a salt and is less secure than the MD5 algorithm.
[root@localhost conf.d]# htpasswd -c -m /etc/httpd/.htpasswd tom
New password:
Re-type new password:
Adding password for user tom
重啟httpd服務
[root@localhost conf.d]# httpd -t
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
Syntax OK
[root@localhost conf.d]# systemctl restart httpd
在瀏覽器測試登錄
6、Require參考
Require all granted
無條件允許訪問。
Require all denied
訪問被無條件拒絕。
Require env env-var [env-var] ...
只有在給定的環境變量之一被設置的情況下才允許訪問。
Require method http-method [http-method] ...
只有給定的HTTP方法才允許訪問。
Require expr expression
如果表達式計算結果為true,則允許訪問。
Require user userid [userid] ...
只有指定的用戶才能訪問資源。
Require group group-name [group-name] ...
只有指定組中的用戶才能訪問資源。
Require valid-user
所有有效的用戶都可以訪問資源。
Require ip 10 172.20 192.168.2
指定IP地址範圍內的客戶端可以訪問資源。
7、Options
None:不支持任何選項
Indexes:允許索引目錄
FollowSymLinks:允許訪問符號鏈接指向的原文件
Includes:允許執行服務端包含(SSI)
ExecCGI:允許允許CGI腳本
ALL:支持所有選項
閱讀更多 龍城勇哥 的文章
