httpd-上课内容

配置文件：/etc/httpd/conf/httpd.conf

<IfModule dir_module>
DirectoryIndex index.html text.html
#此处会优先读取前面一个文件。如果index文件不存在，就读取text文件。如果都没有，显示测试页 </IfModule>

/etc/httpd/conf.d/*.conf conf.d目录下的所有conf文件
虚拟主机

基于主机名：

<VirtualHost *:80>
ServerName localhost.localdomain
DocumentRoot /var/www/local
</VirtualHost>

添加字段，控制文件访问权限：

创建2个用户（不是系统用户，是访问html的用户）
httpd-manual里面 Authentication and Authorization 中有

[root@localhost conf]# htpasswd -c /etc/httpd/.htpasswd user1
New password:
Re-type new password:
Adding password for user user1
[root@localhost conf]# htpasswd /etc/httpd/.htpasswd user2
New password:
Re-type new password:
Adding password for user user2
[root@localhost conf]# cat /etc/httpd/.htpasswd
user1:$apr1$/HcTzDUm$16tL9pldhS4YV7i1E6GKU0
user2:$apr1$qTaxMLFd$1YtqCEglB1e5lNyjUbuec1

<VirtualHost *:80>
ServerName localhost.localdomain
DocumentRoot /var/www/local
<Directory /var/www/local>
AuthType basic
AuthName "Please Input Your Name&Passwd!"
AuthUserFile /etc/httpd/.htpasswd
Require user user1     #只有user1能访问
Require valid-user     #.htpasswd中的用户都能访问
</Directory>
</VirtualHost>

以索引的方式显示文件，并且可以显示链接文件
Mapping URLs to the Filesystem 手册中有

<Directory /var/www/local/file>
Options Indexes FollowSymlinks
</Directory>

Options -Indexes -FollowSymlinks    #要关闭功能在前面加上-

添加IP限制
Access Control 手册

<Directory /var/www/local/allow>
Order allow,deny   ##后面的优先级高！！如果allow在后面，allow的优先级高
allow from 10.42.1.0/24
deny from 10.42.1.14
</Directory>

https
默认端口：443
安装包：mod_ssl

ssl的配置文件
/etc/httpd/conf.d/ssl.conf

Listen 443
<VirtualHost *:443>
ServerName localhost.localdomain
DocumentRoot /var/www/ssl
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
#服务端的证书
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
#服务端的私钥
SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
#CA的证书
</VirtualHost>

不要CA的证书，自己签名

[root@localhost certs]# ls
ca-bundle.crt        localhost.crt    Makefile
ca-bundle.trust.crt  make-dummy-cert  renew-dummy-cert
[root@localhost certs]# pwd
/etc/pki/tls/certs
[root@localhost certs]# make chomper.crt

生成一个私钥（需要输入密码），

生成一个公钥（证书）（需要输入私钥的密码）。
然后填写证书的信息（#主机名#）

Listen 443
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
<VirtualHost *:443>
ServerName www.chomper.com
DocumentRoot /var/www/ssl
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile /etc/pki/tls/certs/chomper.crt
SSLCertificateKeyFile /etc/pki/tls/private/chomper.key
</VirtualHost>

安装包 mod_wsgi

<VirtualHost *:80>
ServerName localhost.localdomain
DocumentRoot /var/www/ssl
WSGIScriptAlias / /var/www/ssl/webapp.wsgi
</VirtualHost>

基于端口的虚拟主机：添加8899端口

Listen 8899
<VirtualHost *:8899>
ServerName www.chomper.com
DocumentRoot /var/www/ssl
</VirtualHost>

[root@localhost conf.d]# semanage port -l | grep http
http_cache_port_t              tcp      8080, 8118, 8123, 10001-10010
http_cache_port_t              udp      3130
http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t            tcp      5988
pegasus_https_port_t           tcp      5989
[root@localhost conf.d]# semanage port -a -t http_port_t -p tcp 8899

[root@localhost conf.d]# semanage port -l | grep http
http_cache_port_t              tcp      8080, 8118, 8123, 10001-10010
http_cache_port_t              udp      3130
http_port_t                    tcp      8899, 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t            tcp      5988
pegasus_https_port_t           tcp      5989