Apache2.4 Enterprise Seven Simple configuration

1. Apache Service Installation

[[email protected] ~]# yum install httpd-y[[email protected] ~]# systemctl restart Httpd[[email protected] ~]# Systemctl Stopfirewalld.service

After the installation is complete you can open your browser, in the URL section input 172.25.254.231 (that is, your native IP), the default page will appear Apache.

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M02/9E/A6/wKioL1mUHqyg3njIAAHOlAq2Ac0705.png "title=" 1.png "alt=" Wkiol1muhqyg3njiaaholaq2ac0705.png "/>

2.Modify the Site directory and add a secret to the site directory

2.1 Generating Keys

[Email protected] conf]# htpasswd-cm authfile adminnew password:re-type new password:adding password for user Admin[[em AIL protected] conf]# htpasswd-m authfile admin1# If this file appears authfile if you are adding user authentication, you do not need to increase the-C parameter. , new password:re-type new password:adding password for user admin1

3.2 Modifying the Site Directory

[[email protected] conf]# vim/etc/httpd/conf/httpd.conf119 #DocumentRoot "/var/www/html" comment out the default site directory DocumentRoot above, Add a new row of site directories. DocumentRoot "/test/lala/html" Add a new Site Directory/test/lala/html130 <directory "/test/lala/html" >131# Require All granted# allows anyone to access the site directory, in doing this experiment, he needs to comment off authuserfile/etc/httpd/conf/authfile# add a password Authentication 133 AuthName "please input Countand password "#在登陆网址时的提示语134 authtype basic# for Basic authentication 135 Require User admin# when commented out 136 lines, only use Admin key # when commented out 135 lines, Use any key to log in to 136 Require valid-user137 </Directory> At this point, if you access the directory, the following page will appear, let you enter the password

3.3 Modifying the context of a site directory

[Email protected] html]# semanage fcontext-a-T httpd_sys_content_t '/test (/.*)? ' [Email protected] html]# Restorecon-rvvf/testrestorecon reset/test contextunconfined_u:object_r:default_t:s0-> System_u:object_r:httpd_sys_content_t:s0restorecon Reset/test/lala contextunconfined_u:object_r:default_t:s0- >system_u:object_r:httpd_sys_content_t:s0restorecon reset/test/lala/html Contextunconfined_u:object_r:default _t:s0->system_u:object_r:httpd_sys_content_t:s0restorecon reset/test/lala/html/index.ht

If you are in the access then you will see the following interface, let you enter the password:

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M01/9E/A5/wKioL1mUEoWTfcKsAAEL5bZ5Bhk451.png "title=" 2.png "Width=" "height=" 221 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:500px;height:221px; "alt=" Wkiol1mueowtfcksaael5bz5bhk451.png "/>

3.RepairChange the default site directory file

[Email protected] ~]# vim/etc/httpd/conf/httpd.conf

<ifmodule dir_module> directoryindexfei.html index.html #注意以空格隔开, from the trip, first find your fei.html, looking for your index.html</ Ifmodule>

4.configuration of the virtual host

4.1 Adding a virtual host in the Master profile

In the main configuration file, add the following:

[[email protected] ~]# vim/etc/httpd/conf/httpd.conf< virtualhost *:80>  servername www.fei.com  documentroot /var/www/fei/   CustomLog  "Logs/fei.log"  combined</Virtualhost><Directory  "/var/www/fei" >  Require all granted</Directory>   #下面是另一个虚拟主机的配置文件 <virtualhost  *:80>  Servername www.tian.com  DocumentRoot /var/www/tian/   customlog  "Logs/tian.log" combined</virtualhost><directory  "/var/www/tian" >   Require all granted</directory> 

set up 2 directories for /var/www/fei/ and /var/www/tian/, respectively,for the two virtual host Site Directory, under the fei.html or index.html, because we added the Fei.index in front.

[[email protected] html]# mkdir/var/www/fei[[email protected] html]# mkdir/var/www/tian[[email protected] fei]# Cat/va R/www/tian/index.htmlthis is Tian ' s virtulhost[[email protected] fei]# cat/var/www/fei/index.htmlthis is Fei ' s Virtulho st# Add the following in the/etc/hosts to increase the local DNS resolution. [Email protected] ~]# vim/etc/hosts172.25.254.231 www.fei.com www.tian.com

4.2 Add a virtual host under/ETC/HTTPD/CONF.D

   also has a way to add a virtual host: Set up in this directory separately 3

[[email protected] conf.d]# pwd/etc/httpd/conf.d# This is the configuration file for the   virtual host  [[email protected ] conf.d]# vim fei.conf<virtualhost *:80>  servername www.fei.com   DocumentRoot /var/www/fei/  CustomLog  "Logs/fei.log"  combined</ virtualhost><directory  "/var/www/fei" > Require all granted</Directory>       #下面是www. Tain.com Default Host Profile                [[email protected] conf.d]# vim  tian.conf< virtualhost *:80>  servername www.tian.com  documentroot /var/www/tian/   CustomLog  "Logs/tian.log" combined</virtualhost><directory  "/var/www/tian" >  Require all granted</Directory> #这个是默认的配置文件, which is what you enter 172.25.254.231 is the page to visit [[email  Protected] conf.d]# vim default.conf<virtualhost _default_:80> documentroot  "/var/www/html/"  CustomLog  "logs/ Default.log " combind</Virtualhost> #注意: Configuration files can be written in two places, the following is also the establishment of a directory of virtual host, write index.html file.

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M00/9E/A5/wKioL1mUFSOjsR82AABIGdcszqY418.png "title=" 3.png "alt=" Wkiol1mufsojsr82aabigdcszqy418.png "/>650) this.width=650; src=" https://s3.51cto.com/wyfs02/M01/9E/A5/ Wkiol1mufuztwxrdaabpayakguy817.png "title=" 4.png "width=" 335 "height=" 179 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:335px;height:179px; "alt=" Wkiol1mufuztwxrdaabpayakguy817.png "/>

5.httpsthe configuration

5.1 Software Installation

Yum Install mod_ssl-y# installs HTTPS plug-ins, enabling your Apache to support Https.yuminstall crypto-utils.x86_64-y# install plugins to generate keys and locks

5.2 Generating Certificates

[[Email protected] ~]# genkey www.westos.com/usr/bin/keyutil -c makecert -g  1024 -s "Cn=www.westos.com, ou=linux, o=westos, l=xi ' An, ST=Shannxi, C=CN"  -v1 -a -z /etc/pki/tls/.rand.3669 -o /etc/pki/tls/certs/www.westos.com.crt  -k/etc/pki/tls/private/www.westos.com.keycmdstr: makecertcmd_CreateNewCertcommand:  makecertkeysize = 1024 bitssubject = cn=www.westos.com, ou=linux,o=westos,  L=xi ' an, st=shannxi, c=cnvalid for 1 monthsrandom seed from /etc/pki/ tls/.rand.3669output will be written to/etc/pki/tls/certs/www.westos.com.crtoutput  key written to/etc/pki/tls/private/www.westos.com.keygenerating key. this may  Take a fewmoments ... made a keyopened tmprequest for writing/usr/bin/keyutil copying the  Cert pointercreated a certificatewrote 882 bytes of encoded data to/ Etc/pki/tls/private/www.westos.com.keywrote the key to:/etc/pki/tls/private/www.westos.com.key

This page is the information we want to fill in the certificate, but also to note that in the process of generating a certificate do not want to CN certification to send your certificate, this is charged.

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M02/9E/A5/wKioL1mUF9_TgDuCAAKv4Yk_lRk151.png "title=" ~ D0g9oh]9c6k5~s%irs60j5.png "width=" "height=" 345 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:500px;height : 345px; "alt=" Wkiol1muf9_tgducaakv4yk_lrk151.png "/>

5.2 Modifying an HTTP configuration file

My virtual host is in the master profile, so I want to modify the virtual host configuration in the master configuration file

[[email protected] ~]# vim/etc/httpd/conf/httpd.conf<virtualhost *:443> #将这个虚拟网站的端口改为434 because the port of the HTTPS service is at 434 Servername www.fei.com Documentroot/var/www/fei/customlog "Logs/fei.log" combined sslengine on Sslcertificatefile/ ETC/PKI/TLS/CERTS/WWW.WESTOS.COM.CRT #认证证书 Sslcertificatekeyfile/etc/pki/tls/private/www.westos.com.key #钥匙 </ Virtualhost> #下面是对网站的授权, allowing anyone to access <directory "/var/www/fei" > Require all granted </directory># Here are two changes to the site <virtualhost *:80> ServerName www.fei.com rewriteengine on Rewriterule ^ (/.*) $ https://%{http_host}$1 [redirect=301]</virtualhost>

5.3 Modifying the configuration file for HTTPS

[Email protected] ~]# vim/etc/httpd/conf.d/ssl.conf101 sslcertificatefile/etc/pki/tls/certs/www.westos.com.crt109 Sslcertificatekeyfile/etc/pki/tls/private/www.westos.com.key

At this time you are accessing www.fei.com, now the following page automatically converts it to HTTPS protocol encrypted transfer

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M01/9E/A6/wKioL1mUGv7CJVN8AAEXOl9Q1iI483.png "title=" 5.png "Width=" "height=" 303 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:500px;height:303px; "alt=" Wkiol1mugv7cjvn8aaexol9q1ii483.png "/>

Click I understand rhe risks, then click Add execption

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M00/9E/A6/wKioL1mUG1LAR4vbAAEIiTZ7LRo180.png "title=" 6.png "Width=" height= "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:500px;height:270px; "alt=" Wkiol1mug1lar4vbaaeiitz7lro180.png "/>

The following page appears, click Get Certificate, and then click on Confirm Security Exception, the following page will appear, which is the page of our configured virtual host, but he is HTTPS

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M00/9E/A6/wKioL1mUG-HSEKO3AABLVJPZP7o370.png "title=" 8.png "alt=" Wkiol1mug-hseko3aablvjpzp7o370.png "/>

Our certificate information can also be viewed as

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M01/9E/A6/wKioL1mUHDmSGRweAACpUSqqYjo606.png "title=" 9.png "Width=" "height=" 382 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:500px;height:382px; "alt=" Wkiol1muhdmsgrweaacpusqqyjo606.png "/>

6.Apacheforward Proxy

6.1 Modifying your server and client network cards

Modify your server's IP to add another NIC to the Eth1server network card for etho:172.25.254.231 eth1 172.25.31.231Client, respectively ehh0:172.25.31.131

6.2 Installing the Agent software

Installing agent software on the server

[[email protected] ~]# yum install squid-y[[email protected] ~]# vim/etc/squid/squid.conf-http_access allow all + C Ache_dir ufs/var/spool/squid 256[[email protected] ~]# systemctl restart Squid

Open your browser to modify your advanced network configuration

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M02/9E/A6/wKioL1mUHT-wXtf2AAEmIJ-hm8Q773.png "title=" 10. PNG "width=" 480 "height=" "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:480px;height:500px; "alt=" Wkiol1muht-wxtf2aaemij-hm8q773.png "/>

At this point your client can access the Apache of the 172.25.254 network segment that the client cannot access through the server.

7. httpReverse Proxy(need to3Desk)

clear the settings in your browser, and then match the configuration files in the server

[[email protected] ~]# vim/etc/squid/squid.conf 56http_access allow all 59http_port a vhost vport 60cache_peer 172.25.25 4.117 parent 0proxy-only #第三台服务器的ip 62cache_dir ufs/var/spool/squid 100 16 256

turn off Apache for your server, and you will access the 172.25.31.231 when you use the virtual machine to access the 172.25.254.117 of the site.

This article is from the "13122323" blog, please be sure to keep this source http://13132323.blog.51cto.com/13122323/1956866

Apache2.4 Enterprise Seven Simple configuration