httpd服务

httpd服务

1.安装httpd服务

[root@lc ~]# yum -y install httpd
（省略）
1
2

2.开启服务，设置服务开机自启立马生效，并查看服务状态

[root@lc ~]# systemctl start httpd
[root@lc ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@lc ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor pres>
   Active: active (running) since Tue 2023-07-11 04:33:45 EDT; 1min 58s ago
     Docs: man:httpd.service(8)
 Main PID: 37451 (httpd)
   Status: "Running, listening on: port 443, port 80"
    Tasks: 213 (limit: 23648)
   Memory: 41.7M
   CGroup: /system.slice/httpd.service
           ├─37451 /usr/sbin/httpd -DFOREGROUND
           ├─37453 /usr/sbin/httpd -DFOREGROUND
           ├─37454 /usr/sbin/httpd -DFOREGROUND
           ├─37455 /usr/sbin/httpd -DFOREGROUND
           └─37456 /usr/sbin/httpd -DFOREGROUND

7月 11 04:33:45 lc systemd[1]: Starting The Apache HTTP Server...
7月 11 04:33:45 lc httpd[37451]: AH00558: httpd: Could not reliably determine >
7月 11 04:33:45 lc systemd[1]: Started The Apache HTTP Server.
7月 11 04:33:45 lc httpd[37451]: Server configured, listening on: port 443, po>
lines 1-19/19 (END)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

3.查看监听端口

[root@lc ~]# ss -antl | grep 80
LISTEN    0         128                      *:80                     *:*       
[root@lc ~]# 
1
2
3

4.关闭防火墙，设置防火墙开机不自启立马生效；关闭selinux

[root@lc ~]# systemctl stop firewalld.service 
[root@lc ~]# systemctl disable --now firewalld.service 
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@lc ~]# 

[root@lc ~]# setenforce 0           //临时关闭selinux，重启失效
1
2
3
4
5
6
7

5.写一个index.html文件，在真机浏览器访问测试效果

[root@lc ~]# ls /var/www/html/
[root@lc ~]# vim /var/www/html/index.html
[root@lc ~]# cat /var/www/html/index.html
<html>
<head>
<title>你看月亮好美</title>
</head>
<body>
<h1>给你拍个月亮</h1>
</body>
</html>
[root@lc ~]# 
1
2
3
4
5
6
7
8
9
10
11
12

6.查看httpd的配置文件

[root@lc ~]# cd /etc/httpd
[root@lc httpd]# ls
conf  conf.d  conf.modules.d  logs  modules  run  state
[root@lc httpd]# ls conf
httpd.conf  magic
[root@lc httpd]# grep -i 'include' /etc/httpd/conf/httpd.conf 
Include conf.modules.d/*.conf
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
# Possible values include: debug, info, notice, warn, error, crit,
    # If you include a trailing / on /webpath then the server will
    # To parse .shtml files for server-side includes (SSI):
    # (You will also need to add "Includes" to the "Options" directive.)
    AddOutputFilter INCLUDES .shtml
IncludeOptional conf.d/*.conf
[root@lc httpd]# 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

7.复制vhosts.conf模板到/etc/httpd/conf.d下，等一会配置虚拟主机

[root@lc ~]# cd /etc/httpd/conf.d/
[root@lc conf.d]# ls
autoindex.conf  README   userdir.conf  welcome.conf
[root@lc conf.d]# 


[root@lc conf.d]# find / -name *vhosts.conf
/usr/share/doc/httpd/httpd-vhosts.conf
[root@lc conf.d]# 


[root@lc conf.d]# cp /usr/share/doc/httpd/httpd-vhosts.conf vhosts.conf
[root@lc conf.d]# ls
autoindex.conf  README   userdir.conf  vhosts.conf  welcome.conf
[root@lc conf.d]# 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

8.修改vhosts.conf，配置虚拟主机

虚拟主机有三种类型：

相同IP不同端口
不同IP相同端口
相同IP相同端口不同域名
1
2
3

第一种：相同IP不同端口

修改vhosts.conf配置

[root@lc conf.d]# vim vhosts.conf 
[root@lc conf.d]# cat vhosts.conf 
<VirtualHost *:80>
    DocumentRoot "/var/www/html/www.wanfeng.com"
    ServerName www.wanfeng.com
    ErrorLog "/var/log/httpd/www.wanfeng.com-error_log"
    CustomLog "/var/log/httpd/www.wanfeng.com-access_log" common
</VirtualHost>
Listen 82
<VirtualHost *:82>
    DocumentRoot "/var/www/html/www.yueliang.com"
    ServerName www.yueliang.com
    ErrorLog "/var/log/httpd/www.yueliang.com-error_log"
    CustomLog "/var/log/httpd/www.yueliang.com-access_log" common
</VirtualHost>
[root@lc conf.d]# 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

查看82端口是否监听

[root@lc conf.d]# ss -antl | grep 82
LISTEN    0         128                      *:82                     *:*     
1
2

把写好的网站文件上传到虚拟机里面，放到www.wanfeng.com的目录里面

//www.wanfeng.com的

[root@lc conf.d]# mkdir -p /var/www/html/www.wanfeng.com
[root@lc conf.d]# ls www.wanfeng.com/
6c224f4a20a44623058cb92d9e22720e0cf3d73e.jpg  姜云升.html    GAI.html
7哥.html                                      浪漫主义.html  hiphop.html
歌单内部.html                                 首页.html      img首页
歌手介绍.html                                 新说唱内.html  wewe.html
更多.html                                     音乐曲库.html
姜哥.html                                     css首页
1
2
3
4
5
6
7
8

//www.yueliang.com的

[root@lc conf.d]# mkdir -p /var/www/html/www.yueliang.com
[root@lc conf.d]# echo 'The moon is very beautiful' > /var/www/html/www.yueliang.com/yueliang.html
[root@lc conf.d]# cat /var/www/html/www.yue.com/yue.html
The moon is very beautiful
1
2
3
4

重启服务，并在真机浏览器上通过同一个ip不同端口访问两个网站

[root@lc conf.d]# systemctl restart httpd
1

通过80端口访问

通过82端口访问

第二种：不同IP相同端口

注意：另一个ip要存在，要提前配置在网卡上

修改vhost.conf配置

[root@lc conf.d]# vim vhosts.conf 
[root@lc conf.d]# cat vhosts.conf 
<VirtualHost 192.168.179.88:80>
    DocumentRoot "/var/www/html/www.wanfeng.com"
    ServerName www.wanfeng.com
    ErrorLog "/var/log/httpd/www.wanfeng.com-error_log"
    CustomLog "/var/log/httpd/www.wanfeng.com-access_log" common
</VirtualHost>
<VirtualHost 192.168.179.99:80>
    DocumentRoot "/var/www/html/www.yueliang.com"
    ServerName www.yueliang.com
    ErrorLog "/var/log/httpd/www.yueliang.com-error_log"
    CustomLog "/var/log/httpd/www.yueliang.com-access_log" common
</VirtualHost>
[root@lc conf.d]# 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

重启服务，在真机浏览器上通过不同的ip进行访问

[root@lc conf.d]# systemctl restart httpd
1

通过192.168.179.88访问www.wanfeng.com

通过192.168.179.99访问www.yueliang.com

第三种：相同IP相同端口，不同域名

修改vhosts.conf进行配置

[root@lc conf.d]# vim vhosts.conf 
[root@lc conf.d]# cat vhosts.conf 
<VirtualHost *:80>
    DocumentRoot "/var/www/html/www.wanfeng.com"
    ServerName www.wanfeng.com
    ErrorLog "/var/log/httpd/www.wanfeng.com-error_log"
    CustomLog "/var/log/httpd/www.wanfeng.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
    DocumentRoot "/var/www/html/www.yueliang.com"
    ServerName www.yueliang.com
    ErrorLog "/var/log/httpd/www.yueliang.com-error_log"
    CustomLog "/var/log/httpd/www.yueliang.com-access_log" common
</VirtualHost>
[root@lc conf.d]# 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

在真机里面修改hosts文件，绑定ip和域名

用写字板打开C:\Windows\System32\drivers\etc里面的hosts文件

重启服务，在真机浏览器上测试访问

[root@lc conf.d]# systemctl restart httpd
1

访问www.wanfeng.com

访问www.yueliang.com

https证书配置

配置ssl证书

[root@lc ~]# mkdir -p /etc/pki/CA        
[root@lc ~]# cd /etc/pki/CA/

[root@lc CA]# mkdir private

[root@lc CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
...................................................+++++
..............................+++++
e is 65537 (0x010001)

[root@lc CA]# ls private/
cakey.pem
[root@lc CA]# 
1
2
3
4
5
6
7
8
9
10
11
12
13
14

[root@lc CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:www.wanfeng.com
Organizational Unit Name (eg, section) []:www.wanfeng.com
Common Name (eg, your name or your server's hostname) []:www.wanfeng.com
Email Address []:
[root@lc CA]# 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

客户端（例如httpd服务器）生成密钥

[root@lc CA]# mkdir certs newcerts crl
[root@lc CA]# touch index.txt && echo 01 > serial
[root@lc CA]# cd /etc/httpd/ && mkdir ssl && cd ssl
[root@lc ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
.............................................................+++++
....................................................................+++++
e is 65537 (0x010001)
[root@lc ssl]# 
1
2
3
4
5
6
7
8
9

客户端生成证书签署请求

[root@lc ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN         
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:www.wanfeng.com
Organizational Unit Name (eg, section) []:www.wanfeng.com
Common Name (eg, your name or your server's hostname) []:www.wanfeng.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@lc ssl]# 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

CA签署客户端提交上来的证书

[root@lc ssl]# ls
httpd.csr  httpd.key
[root@lc ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Jul 11 10:50:21 2023 GMT
            Not After : Jul 10 10:50:21 2024 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = HB
            organizationName          = www.wanfeng.com
            organizationalUnitName    = www.wanfeng.com
            commonName                = www.wanfeng.com
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                E0:AC:96:E8:D6:5D:6C:D5:0F:38:AE:56:99:00:B3:49:28:1B:A0:44
            X509v3 Authority Key Identifier: 
                keyid:BD:76:00:6F:81:29:5B:49:5C:F4:A5:F2:65:F2:FF:C7:C0:47:25:B9

Certificate is to be certified until Jul 10 10:50:21 2024 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@lc ssl]# ls
httpd.crt  httpd.csr  httpd.key
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

安装证书服务

[root@lc ~]# yum -y install httpd-devel
[root@lc ~]# yum -y install mod_ssl
1
2

[root@lc ssl]# vim /etc/httpd/conf.d/ssl.conf 
[root@lc ssl]# grep -Ev '^$|^#' /etc/httpd/conf.d/ssl.conf
Listen 443 https
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout  300
SSLCryptoDevice builtin

DocumentRoot "/var/www/html/www.wanfeng.com"           //修改为自己域名
ServerName www.wanfeng.com:443                           //取消注释，修改为自己域名
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLHonorCipherOrder on
SSLCipherSuite PROFILE=SYSTEM
SSLProxyCipherSuite PROFILE=SYSTEM
SSLCertificateFile /etc/httpd/ssl/httpd.crt           //修改成对应路径
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key           //修改成对应路径
"\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
"/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
[root@lc ssl]# 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

重启服务，通过https访问测试

[root@lc ssl]# systemctl restart httpd
1

---