##apache##
将實驗機的hostname改為web1.web1.com
1.安裝httpd服務,并啟動httpd
[root@web1 ~]# yum install httpd -y
[root@web1 ~]# systemctl start httpd
cd到/var/www/html
[root@web1 ~]# cd /var/www/html/
編輯一個檔案index.html(該檔案由自己命名)
[root@web1 html]# vim index.html
[root@web1 html]# cat index.html
www.拉閘.com
關閉火牆
[root@web1 html]# firewall-cmd --permanent --add-service=http
success
[root@web1 html]# firewall-cmd --reload
測試
在真機上通路index.html所在的ip
2.cd到/etc/httpd/conf.d
[root@web1 html]# cd /etc/httpd/conf.d
[root@web1 conf.d]# ls
autoindex.conf php.conf readme userdir.conf welcome.conf
安裝mod_ssl ,crypto-utils
[root@web1 conf.d]# yum install mod_ssl -y
loaded plugins: langpacks
rhel_dvd | 4.1 kb 00:00
[root@web1 conf.d]# yum install crypto-utils -y
[root@web1 conf.d]# genkey www.拉閘.com
在此期間頻繁動滑鼠鍵盤,可加快速度
......
subject = cn=www.拉閘.com, ou=linux, o=westos, l=xi'an, st=shannxi, c=cn
valid for 1 months
random seed from /etc/pki/tls/.rand.3458
output will be written to /etc/pki/tls/certs/www.拉閘.com.crt
output key written to /etc/pki/tls/private/www.拉閘.com.key
.......
編輯ssl.conf
加入證書檔案和證書鑰匙檔案
sslcertificatefile /etc/pki/tls/certs/www.拉閘.com.crt
# server private key:
# if the key is not combined with the certificate, use this
# directive to point at the key file. keep in mind that if
# you've both a rsa and a dsa private key you can configure
# both in parallel (to also allow the use of dsa ciphers, etc.)
sslcertificatekeyfile /etc/pki/tls/private/www.拉閘.com.key
[root@web1 conf.d]# systemctl restart httpd.service
建立一個檔案default.conf(自己命名)
[root@web1 conf.d]# vim default.conf
<virtualhost _default_:80>
documentroot /var/www/html
customlog logs/default.logcombined
</virtualhost>
[root@web1 conf.d]# mkdir -p /var/www/virtual/news/html
[root@web1 conf.d]# mkdir -p /var/www/virtual/ent/html
建立一個檔案news.conf(自己命名)
[root@web1 conf.d]# vim news.conf
<virtualhost *:80>
servername news.lazha.com
documentroot /var/www/virtual/news/html
customlog logs/news.log combined
<directory "/var/www/virtual/news/html">
require all granted
</directory>
[root@web1 conf.d]# cp news.conf ent.conf
[root@web1 conf.d]# vim ent.conf
servername ent.lazha.com
documentroot /var/www/virtual/ent/html
customlog logs/ent.log combined
<directory "/var/www/virtual/ent/html">
[root@web1 conf.d]# echo news.lazha.com > /var/www/virtual/news/html/index.html
[root@web1 conf.d]# echo ent.lazha.com > /var/www/virtual/ent/html/index.html
在浏覽器所在主機編輯/etc/hosts
[root@foundation20 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.254.220 www.westos.com westos.com music.westos.com news.westos.com
172.25.254.120 www.拉閘.com news.lazha.com ent.lazha.com##添加
3.網頁重寫
rewriteengine on
rewriterule ^(/.*)$ https://%{http_host}$1 [redirect=301]
<virtualhost *:443>##
servername news.lazha.com ##
documentroot /var/www/virtual/news/html ##
customlog logs/news-443.log combined ##
sslengine on ##子網頁的https登陸
sslcertificatefile /etc/pki/tls/certs/www.拉閘.com.crt##
sslcertificatekeyfile /etc/pki/tls/private/www.拉閘.com.key ##
</virtualhost> ##
測試:
在真機浏覽器輸入:http://news.lazha.com
此時上述輸入的域名會自動變為:https://news.lazha.com
4.php網頁和cgi網頁
建立并編輯檔案index.php
[root@web1 conf.d]# cd /var/www/html/
[root@web1 html]# ls
index.html saozhu
[root@web1 html]# vim index.php
<?php
phpinfo ();
?>
~
~
[root@web1 html]# vim /etc/httpd/conf/httpd.conf
164 directoryindex index.php index.html
[root@web1 html]# systemctl restart httpd.service
[root@web1 html]# yum install php -y
[root@web1 cgi]# yum install php-mysql.x86_64 -y
測試:此時在網頁輸入172.25.254.2顯示頁面為
[root@web1 cgi]# yum install httpd-manual -y
resolving dependencies
--> running transaction check
下載下傳完manual可以在172.25.254.2/manual裡的cgl:dyanmic content裡檢視下面所編輯的檔案的内容
[root@web1 cgi]# vim index.cgi
#!/usr/bin/perl
print "content-type: text/html\n\n";
print `date`;
[root@web1 cgi]# chmod +x index.cgi
[root@web1 cgi]# perl index.cgi
content-type: text/html
sat dec 10 00:00:54 est 2016
customlog "logs/default.log" combined
<directory "/var/www/html/cgi">
options +execcgi
addhandler cgi-script .cgi
在浏覽器輸入172.25.254.2/cgi
重新整理頁面會看到時間的變化
*****
在此項實驗如果未關閉selinux的情況下可做如下操作
[root@web1 conf.d]# cd /var/www
[root@web1 www]# ls
cgi-bin html virtual
[root@web1 www]# ls -zd cgi-bin/
drwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0 cgi-bin/
[root@web1 www]# semanage fcontext -a -t httpd_sys_script_exec_t
[root@web1 www]# semanage fcontext -a -t httpd_sys_script_exec_t '/var/www/html/cgi(/.*)?'
[root@web1 www]# restorecon -fvvr /var/www/html/cgi/##重新整理标簽(将之前的标簽改為改過後的标簽)
restorecon reset /var/www/html/cgi context unconfined_u:object_r:httpd_sys_content_t:s0->system_u:object_r:httpd_sys_script_exec_t:s0
restorecon reset /var/www/html/cgi/index.cgi context unconfined_u:object_r:httpd_sys_content_t:s0->system_u:object_r:httpd_sys_script_exec_t:s0
[root@web1 www]# getenforce
enforcing
5.搭建論壇
[root@web1 www]# yum install mariadb-server -y
[root@web1 www]# systemctl start mariadb
[root@web1 ~]# netstat -antple | grep mysql
tcp 0 0 0.0.0.0:3306 0.0.0.0:* listen 27 94425 6820/mysqld
[root@web1 ~]# vim /etc/my.cnf
# instructions in http://fedoraproject.org/wiki/systemd
skip-networking=1##隐藏mysql的端口,不讓它在網際網路裡暴露,確定資料庫網絡環境安全這行是加入的
[root@web1 ~]# systemctl restart mariadb
沒有顯示
[root@web1 html]# unzip discuz_x3.2_sc_utf8.zip
cgi index.html readme upload
discuz_x3.2_sc_utf8.zip index.php saozhu utility
[root@web1 html]# chmod 777 upload/data/ upload/config/ -r
[root@web1 html]# setenforce 0
squid正向代理
[root@web1 html]# yum install squid -y
[root@web1 squid]# vim /etc/squid/squid.conf
56 http_access allow all
57
58 # squid normally listens to port 3128
59 http_port 3128
60
61 # uncomment and adjust the following to add a disk cache directory.
62 cache_dir ufs /var/spool/squid 100 16 256
[root@web1 squid]# systemctl restart squid.service
squid反向代理
在要做實驗的主機上解除安裝httpd服務并删除殘留檔案
[root@web1 ~]# yum remove httpd -y
..
warning: /etc/httpd/conf/httpd.conf saved as /etc/httpd/conf/httpd.conf.rpmsave
verifying : php-5.4.16-21.el7.x86_64 1/4
verifying : 1:mod_ssl-2.4.6-17.el7.x86_64 2/4
verifying : httpd-manual-2.4.6-17.el7.noarch 3/4
verifying : httpd-2.4.6-17.el7.x86_64 4/4
removed:
httpd.x86_64 0:2.4.6-17.el7
dependency removed:
httpd-manual.noarch 0:2.4.6-17.el7 mod_ssl.x86_64 1:2.4.6-17.el7
php.x86_64 0:5.4.16-21.el7
complete!
[root@web1 ~]#rm -fr /etc/httpd
此時在其他主機上通路不到本主機的ip (通路出錯)
安裝squid服務
[root@web1 ~]# yum install squid -y
[root@web1 ~]# systemctl start squid
[root@web1 etc]# vim /etc/squid/squid.conf
57
59 http_port 80 vhost vport
60 cache_peer 172.25.254.3 parent 80 0 no-query
|||| || || ||
[root@web1 etc]# systemctl restart squid.service
在真機上用浏覽器通路172.25.254.120顯示的結果是172.25.254.3的預設釋出目錄裡的東西
預設釋出目錄在/var/www/html下邊
vim /etc/httpd/conf/httpd.conf
60 cache_peer 172.25.254.3 parent 80 0 no-query originserver round-robin name=web1
61 cache_peer 172.25.254.4 parent 80 0 no-query originserver round-robin name=web2
62 cache_peer_domain web1 web2 www.taobao.com
63 # uncomment and adjust the following to add a disk cache directory.
64 cache_dir ufs /var/spool/squid 100 16 256
[root@web1 etc]# systemctl stop firewalld.service
172.25.254.120 www.westos.com news.westos.com ent.westos.com www.taobao.com
~
在真機上通過浏覽器通路www.taobao.com 重新整理就會看見ip為172.25.254.3和172.25.254.4的預設釋出目錄裡的内容