apache

##apache##

将实验机的hostname改为web1.web1.com

1.安装httpd服务，并启动httpd

[root@web1 ~]# yum install httpd -y

[root@web1 ~]# systemctl start httpd

cd到/var/www/html

[root@web1 ~]# cd /var/www/html/

编辑一个文件index.html(该文件由自己命名)

[root@web1 html]# vim index.html

[root@web1 html]# cat index.html

www.拉闸.com

关闭火墙

[root@web1 html]# firewall-cmd --permanent --add-service=http

success

[root@web1 html]# firewall-cmd --reload

测试

在真机上访问index.html所在的ip

2.cd到/etc/httpd/conf.d

[root@web1 html]# cd /etc/httpd/conf.d

[root@web1 conf.d]# ls

autoindex.conf  php.conf  readme  userdir.conf  welcome.conf

安装mod_ssl  ，crypto-utils

[root@web1 conf.d]# yum install mod_ssl -y

loaded plugins: langpacks

rhel_dvd            | 4.1 kb     00:00     

[root@web1 conf.d]# yum install crypto-utils -y

[root@web1 conf.d]# genkey www.拉闸.com

在此期间频繁动鼠标键盘，可加快速度

......

subject = cn=www.拉闸.com, ou=linux, o=westos, l=xi'an, st=shannxi, c=cn

valid for 1 months

random seed from /etc/pki/tls/.rand.3458

output will be written to /etc/pki/tls/certs/www.拉闸.com.crt

output key written to /etc/pki/tls/private/www.拉闸.com.key

.......

编辑ssl.conf

加入证书文件和证书钥匙文件

sslcertificatefile /etc/pki/tls/certs/www.拉闸.com.crt

#   server private key:

#   if the key is not combined with the certificate, use this

#   directive to point at the key file.  keep in mind that if

#   you've both a rsa and a dsa private key you can configure

#   both in parallel (to also allow the use of dsa ciphers, etc.)

sslcertificatekeyfile /etc/pki/tls/private/www.拉闸.com.key

[root@web1 conf.d]# systemctl restart httpd.service

新建一个文件default.conf（自己命名）

[root@web1 conf.d]# vim default.conf

<virtualhost _default_:80>

        documentroot /var/www/html

        customlog logs/default.logcombined

</virtualhost>

[root@web1 conf.d]# mkdir -p /var/www/virtual/news/html

[root@web1 conf.d]# mkdir -p /var/www/virtual/ent/html

新建一个文件news.conf(自己命名)

[root@web1 conf.d]# vim news.conf

<virtualhost *:80>

        servername news.lazha.com

        documentroot /var/www/virtual/news/html

        customlog logs/news.log combined

<directory "/var/www/virtual/news/html">

        require all granted

</directory>

[root@web1 conf.d]# cp news.conf ent.conf

[root@web1 conf.d]# vim ent.conf

        servername ent.lazha.com

        documentroot /var/www/virtual/ent/html

        customlog logs/ent.log  combined

<directory "/var/www/virtual/ent/html">

[root@web1 conf.d]# echo news.lazha.com > /var/www/virtual/news/html/index.html

[root@web1 conf.d]# echo ent.lazha.com > /var/www/virtual/ent/html/index.html

在浏览器所在主机编辑/etc/hosts

[root@foundation20 ~]# vim /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

172.25.254.220 www.westos.com  westos.com music.westos.com news.westos.com

172.25.254.120 www.拉闸.com   news.lazha.com  ent.lazha.com##添加

3.网页重写

        rewriteengine on

        rewriterule ^(/.*)$ https://%{http_host}$1 [redirect=301]

<virtualhost *:443>##

        servername news.lazha.com   ##

        documentroot /var/www/virtual/news/html   ##

        customlog logs/news-443.log     combined   ##

        sslengine on   ##子网页的https登陆

        sslcertificatefile /etc/pki/tls/certs/www.拉闸.com.crt##

        sslcertificatekeyfile /etc/pki/tls/private/www.拉闸.com.key  ##

</virtualhost> ##

测试：

在真机浏览器输入：http://news.lazha.com

此时上述输入的域名会自动变为：https://news.lazha.com

4.php网页和cgi网页

新建并编辑文件index.php

[root@web1 conf.d]# cd /var/www/html/

[root@web1 html]# ls

index.html  saozhu

[root@web1 html]# vim index.php

<?php

phpinfo ();

?>

~                                                                       

~      

[root@web1 html]# vim /etc/httpd/conf/httpd.conf

164     directoryindex index.php index.html

[root@web1 html]# systemctl restart httpd.service

[root@web1 html]# yum install php -y

[root@web1 cgi]# yum install php-mysql.x86_64 -y

测试：此时在网页输入172.25.254.2显示页面为

[root@web1 cgi]# yum install httpd-manual -y

resolving dependencies

--> running transaction check

下载完manual可以在172.25.254.2/manual里的cgl:dyanmic content里查看下面所编辑的文件的内容

[root@web1 cgi]# vim index.cgi

#!/usr/bin/perl

print "content-type: text/html\n\n";

print `date`;

[root@web1 cgi]# chmod +x index.cgi

[root@web1 cgi]# perl index.cgi

content-type: text/html

sat dec 10 00:00:54 est 2016

        customlog "logs/default.log"    combined

<directory "/var/www/html/cgi">

        options +execcgi

        addhandler cgi-script .cgi

在浏览器输入172.25.254.2/cgi

刷新页面会看到时间的变化

*****

在此项实验如果未关闭selinux的情况下可做如下操作

[root@web1 conf.d]# cd /var/www

[root@web1 www]# ls

cgi-bin  html  virtual

[root@web1 www]# ls -zd cgi-bin/

drwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0 cgi-bin/

[root@web1 www]# semanage fcontext -a -t httpd_sys_script_exec_t

[root@web1 www]# semanage fcontext -a -t httpd_sys_script_exec_t '/var/www/html/cgi(/.*)?'

[root@web1 www]# restorecon -fvvr /var/www/html/cgi/##刷新标签（将之前的标签改为改过后的标签）

restorecon reset /var/www/html/cgi context unconfined_u:object_r:httpd_sys_content_t:s0->system_u:object_r:httpd_sys_script_exec_t:s0

restorecon reset /var/www/html/cgi/index.cgi context unconfined_u:object_r:httpd_sys_content_t:s0->system_u:object_r:httpd_sys_script_exec_t:s0

[root@web1 www]# getenforce

enforcing

5.搭建论坛

[root@web1 www]# yum install mariadb-server -y

[root@web1 www]# systemctl start mariadb

[root@web1 ~]# netstat  -antple | grep mysql

tcp        0      0 0.0.0.0:3306            0.0.0.0:*               listen      27         94425      6820/mysqld         

[root@web1 ~]# vim /etc/my.cnf

# instructions in http://fedoraproject.org/wiki/systemd    

skip-networking=1##隐藏mysql的端口,不让它在互联网里暴露，确保数据库网络环境安全这行是加入的

[root@web1 ~]# systemctl restart mariadb

没有显示

[root@web1 html]# unzip discuz_x3.2_sc_utf8.zip

cgi                      index.html  readme  upload

discuz_x3.2_sc_utf8.zip  index.php   saozhu  utility

[root@web1 html]# chmod 777 upload/data/ upload/config/ -r

[root@web1 html]# setenforce 0

squid正向代理

[root@web1 html]# yum install squid -y

[root@web1 squid]# vim /etc/squid/squid.conf

 56 http_access allow all

  57

 58 # squid normally listens to port 3128

 59 http_port 3128

  60

 61 # uncomment and adjust the following to add a disk cache directory.

 62 cache_dir ufs /var/spool/squid 100 16 256

[root@web1 squid]# systemctl restart squid.service

squid反向代理

在要做实验的主机上卸载httpd服务并删除残留文件

[root@web1 ~]# yum remove httpd -y

..

warning: /etc/httpd/conf/httpd.conf saved as /etc/httpd/conf/httpd.conf.rpmsave

  verifying  : php-5.4.16-21.el7.x86_64                                     1/4

  verifying  : 1:mod_ssl-2.4.6-17.el7.x86_64                                2/4

  verifying  : httpd-manual-2.4.6-17.el7.noarch                             3/4

  verifying  : httpd-2.4.6-17.el7.x86_64                                    4/4

removed:

  httpd.x86_64 0:2.4.6-17.el7                                                   

dependency removed:

  httpd-manual.noarch 0:2.4.6-17.el7        mod_ssl.x86_64 1:2.4.6-17.el7       

  php.x86_64 0:5.4.16-21.el7               

complete!

[root@web1 ~]#rm -fr /etc/httpd

此时在其他主机上访问不到本主机的ip （访问出错）

安装squid服务

[root@web1 ~]# yum install squid -y

[root@web1 ~]# systemctl start squid

[root@web1 etc]# vim /etc/squid/squid.conf

 57

 59 http_port 80 vhost vport

 60 cache_peer 172.25.254.3 parent 80 0 no-query

     |||| || || ||

[root@web1 etc]# systemctl restart squid.service

在真机上用浏览器访问172.25.254.120显示的结果是172.25.254.3的默认发布目录里的东西

默认发布目录在/var/www/html下边

vim /etc/httpd/conf/httpd.conf

 60 cache_peer 172.25.254.3 parent 80 0 no-query originserver round-robin name=web1

 61 cache_peer 172.25.254.4 parent 80 0 no-query originserver round-robin name=web2

 62 cache_peer_domain web1 web2 www.taobao.com

 63 # uncomment and adjust the following to add a disk cache directory.

 64 cache_dir ufs /var/spool/squid 100 16 256

[root@web1 etc]# systemctl stop firewalld.service

172.25.254.120 www.westos.com   news.westos.com  ent.westos.com www.taobao.com

~   

在真机上通过浏览器访问www.taobao.com 刷新就会看见ip为172.25.254.3和172.25.254.4的默认发布目录里的内容