CentOS 7.2 Configure the Apache service httpd (top) _linux

Source: Internet
Author: User
Tags auth install php openssl openssl rsa openssl x509 touch install perl ssl certificate


First, Apache Introduction



Apache HTTP Server(Apache) is an open source Web server software for the Apache Software Foundation that can be run on most computer operating systems because of its cross-platform and security (despite persistent new vulnerabilities being discovered, However, due to the characteristics of its open source code, vulnerabilities can always be repaired quickly. Therefore, the overall security is still quite high. )。 Widely used, is one of the most popular Web server software. It is fast, reliable, and can be compiled into the server by a simple API extension, such as Perl/python.



Software icon






Second, the installation of Apache HTTPD



Install httpd to configure the Web server, HTTP uses 80/tcp


[1] Install httpd.
[root @ linuxprobe ~] # yum -y install httpd
# Delete the default welcome page
[root @ linuxprobe ~] # rm -f /etc/httpd/conf.d/welcome.conf
[2] Configure httpd and replace the server name with your own environment
[root @ linuxprobe ~] # vi /etc/httpd/conf/httpd.conf
# line 86: Change the email address of the administrator
ServerAdmin root@linuxprobe.org
# line 95: Change domain name information
ServerName www.linuxprobe.org:80
# line 151: none becomes All
AllowOverride All
# line 164: Add a file name that can only be accessed using the directory name
DirectoryIndex index.html index.cgi index.php
# add follows to the end
# server's response header (security)
ServerTokens Prod
# keepalive is ON
KeepAlive On
[root @ linuxprobe ~] # systemctl start httpd
[root @ linuxprobe ~] # systemctl enable httpd
[3] If Firewalld is running, please allow HTTP service. , HTTP uses 80 / TCP
[root @ linuxprobe ~] # firewall-cmd --add-service = http --permanent
success
[root @ linuxprobe ~] # firewall-cmd --reload
success
[4] Create an HTML test page and use a web browser to access it from the client PC. If the following page is displayed, it is correct
[root @ linuxprobe ~] # vi /var/www/html/index.html
<html>
<body>
<div style = "width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Welcome access LinuxProbe.org, This is Test Page!
</ div>
</ body>
</ html>
[1] Install Perl. 
[Root@linuxprobe ~]# yum-y Install Perl perl-cgi [2] By default, CGI is allowed under the "/var/www/cgi-bin" directory. You can use the Perl scripts in the directory.
However, all of the files underneath it are processed as CGI. # The settings below are CGI settings [root@linuxprobe ~]# grep-n " ^="" *scriptalias="" '="" etc="" httpd="" conf="" httpd.conf="" 247:scriptalias="" cgi-bin="" var="" w="" ww="" "[3]="" if="" you="" want="" to="" allow="" cgi="" in="" other="" directories,="" configure="" the="" following.="" for="" example,="" "="" www="" html="" cgi-enabled".="" [root@linuxprobe="" ~]#="" vi="" conf.d="" cgi-enabled.conf="" #="" create="" new="" processes.="" and.="" pl="" as="" scripts="" <direct="" ory="" cgi-enabled"="" >="" options="" +execcgi="" addhandler="" cgi-script.="" cgi.="" <="" directory>="" [root@linuxprob="" e="" systemctl="" restart="" [4]="" selinux="" is="" enabled="" and="" allows="" be="" a="" default="" directory="" that="" not="" like="" above="" [3],="" change="" rule="" follows.="" chcon-r-t="" httpd_sys_script_exec_t="" linuxprobe="" cgi-enabled="" fcontext-a-t="" [5]="" creates="" test="" page="" uses="" web="" browser="" access="" it="" from="" client="" pc.="" following="" displayed,="" configuration="" correct.="" index.cgi="" #!="" usr="" bin="" perl="" print="" content-type:="" text="" html\n\n="" ";="" "





Four, support PHP



Configure HTTPD to use PHP scripts
[1] Install PHP.


[Root@linuxprobe ~]# yum-y install php php-mbstring php-pear
[root@linuxprobe ~]# vi/etc/php.ini
# line 878: Cancel Note Release, set time zone
date.timezone = "Asia/shanghai"
[root@linuxprobe ~]# systemctl Restart


[2] Create a PHP test page and use a Web browser to access it from the client PC. If the following page is displayed, it is OK.


[Root@linuxprobe ~]# vi/var/www/html/index.php





[3] Create Phpinfo test page to confirm that PHP support is all open
[Root@linuxprobe ~]# echo <?php phpinfo ()?> ">/var/www/html/phpinfo.php






V. Support Ruby



Configure HTTPD to use Ruby script as a CGI
[1] Install Ruby.
[root@linuxprobe ~]# yum-y install ruby



[2] By default, CGI is allowed under the "/var/www/cgi-bin" directory.
You can use the Perl scripts in the directory. However, all of the files underneath it are processed as CGI.


# The settings below are CGI settings
[root@linuxprobe ~]# grep-n ' ^ *scriptalias '/etc/httpd/conf/httpd.conf
247:scriptalias/ cgi-bin/"/var/www/cgi-bin/"


[3] If you want to allow CGI in other directories, configure the following.
For example, allow in "/var/www/html/cgi-enabled".


[Root@linuxprobe ~]# vi/etc/httpd/conf.d/cgi-enabled.conf
# Create new
# processes. RB as CGI scripts
< Directory "/var/www/html/cgi-enabled" >
  Options +execcgi
  AddHandler cgi-script. RB
</directory >
[root@linuxprobe ~]# systemctl Restart httpd


[4] If the SELinux is enabled and the CGI is allowed in a default directory that is not like the above [3], change the rule as follows.


[Root@linuxprobe ~]# chcon-r-t httpd_sys_script_exec_t/var/www/html/cgi-enabled

[Root@linuxprobe ~]# Fcontext-a-T httpd_sys_script_exec_t/var/www/html/cgi-enabled


[5] Create a CGI test page and access to it from the client PC with Web browser. It ' s OK if following page is shown.


[Root@linuxprobe ~]# vi/var/www/html/cgi-enabled/index.rb

#!/usr/bin/ruby
print ' content-type:text/html\n \ n "
print" 





Six, support Python



Enable CGI execution and use Python scripts


[1] Install Python. 
[Root@linuxprobe ~]# yum-y install python [2] By default, CGI is allowed under the "/var/www/cgi-bin" directory. You can use the Perl scripts in the directory.
However, all of the files underneath it are processed as CGI. # The settings below are CGI settings [root@linuxprobe ~]# grep-n ' ^ *scriptalias '/etc/httpd/conf/httpd.conf 247:scriptalias/cgi-bin/'/var/w 
Ww/cgi-bin/"[3] if you want to allow CGI in other directories, configure the following.
For example, allow in "/var/www/html/cgi-enabled". [Root@linuxprobe ~]# vi/etc/httpd/conf.d/cgi-enabled.conf # Create new # processes. py as CGI scripts <directory '/var /www/html/cgi-enabled "> Options +execcgi AddHandler cgi-script. py </Directory> [Root@linuxprobe ~]# systemct
L restart httpd [4] If SELinux is enabled and allows CGI to be in the default directory that is not like the above [3], change the rule as follows. [Root@linuxprobe ~]# chcon-r-t httpd_sys_script_exec_t/var/www/html/cgi-enabled [Root@linuxprobe ~]# Fcontext-a-T httpd_sys_script_exec_t/var/www/html/cgi-enabled [5] Create a CGI test page and access to it from Clien T PC with Web browser.
It ' s OK if following page is shown. [Root@linuxprobe ~]# Vi/var/www/html/cgi-enabled/index. py #!/usr/bin/env python print "content-type:text/html\n\n" print "





Vii. support of Userdir



Enable Userdir, which allows users to create sites using this setting


[1] Configure httpd.
[Root@linuxprobe ~]# vi/etc/httpd/conf.d/userdir.conf
# line 17:comment out
#UserDir disabled
# line 24:un Comment
userdir public_html
# line 31-35

<directory "/home/*/public_html" >
  allowoverride all< c10/># change

  options None
# Change

  Require method get POST Options
</Directory>
[ Root@linuxprobe ~]# systemctl Restart httpd

[2] Create a test page that uses a client PC with a Web browser and access it, if the following page is displayed, that is correct
[ Cent@linuxprobe ~]$ mkdir public_html

[cent@linuxprobe ~]$ chmod 711/home/cent

[cent@linuxprobe ~]$ chmod 755 /home/cent/public_html

[cent@linuxprobe ~]$ vi./public_html/index.html



Browser access:http://linuxprobe.org/~wang/, the following interface appears






Eight, set up a virtual host



Configure the virtual host to use multiple domain names.
The following example is set in an environment where the domain name is [linuxprobe.org] and the virtual domain name is [virtual.host (Root [/home/wang/public_html]].
You must set the Userdir setting for this example


 [1] Configure virtual host [Root@linuxprobe ~]# vi/etc/httpd/conf.d/vhost.conf # for original Domain & Lt VirtualHost *:80> documentroot/var/www/html ServerName www.linuxprobe.org </VirtualHost> # for Virtual Domai n <virtualhost *:80> documentroot/home/cent/public_html ServerName www.virtual.host ServerAdmin
Rtual.host ErrorLog logs/virtual.host-error_log customlog logs/virtual.host-access_log combined </VirtualHost> [Root@linuxprobe ~]# systemctl restart httpd [2] creates a test page and accesses it from the client computer using a Web browser. If the following page is displayed, it is correct: [Cent@linuxprobe ~]$ VI ~/public_html/virtual.php 


Ix. Creating an SSL Certificate



Create your own SSL certificate. However, if you use your server as a business, it is best to purchase and use a formal certificate from Verisigh, etc.


[Root@linuxprobe ~]# cd/etc/pki/tls/cert cert.pem certs/[root@linuxprobe ~]# cd/etc/pki/tls/certs/] [root@linuxprobe certs]# make Server.key Umask 77; \/usr/bin/openssl genrsa-aes128 2048 > Server.key generating RSA private key, 2048 bit long modulus ........ ..............................................+++
....................................................................... .... +++ E is 65537 (0x10001) Enter pass Phrase:verifying-enter Pass phrase: [Root@linuxprobe c]. [d]. F. D. (...) erts]# OpenSSL rsa-in server.key-out server.key Enter Pass phrase for server.key:writing RSA key [Root@linuxprobe certs ]# make SERVER.CSR Umask 77;  \/usr/bin/openssl Req-utf8-new-key server.key-out SERVER.CSR You are about to is asked to enter information
be incorporated into your certificate request.
What you are about to enter the What is called a distinguished Name or a DN. There are quite a few fields but you can leave some blank for some fields ThereWould be a default value and If you enter '. ', the field would be left blank. -----Country Name (2 letter code) [XX]:CN #国家后缀 State or province name (full name) []:shanghai #省 locality name (eg, CIT y) [Default City]:shanghai #市 organization Name (eg, company) [Default company Ltd]:linuxprobe #公司 organizational unit Nam E (eg, section) []:D evops #部门 Common name (eg, your name or your server ' s hostname) []:linuxprobe.org #主机名 Email Address [ ]:root@linuxprobe.org #邮箱 Please enter the following ' extra ' attributes to be sent with your certificate request A Challe nge Password []: #默认 a optional company name []: #默认 # [Root@linuxprobe certs]# OpenSSL x509-in server.csr-out server . crt-req-signkey server.key-days 3650 Signature OK subject=/c=cn/st=shanghai/l=shanghai/o=linuxprobe/ou=devops/cn=

 linuxprobe.org/emailaddress=root@linuxprobe.org getting Private Key


X. Configuring SSL



[1] Configure SSL.


[Root@linuxprobe ~]# yum-y Install mod_ssl
[root@linuxprobe ~]# vi/etc/httpd/conf.d/ssl.conf
# line 59: Uncommentdocumentroot "/var/www/html"
# line 60: Uncomment, define domain name
ServerName linuxprobe.org:443
# line 75: Change Sslprotocol
sslprotocol-all +tlsv1 +tlsv1.1 +tlsv1.2

# line 100: Change to the SERVER.CRT sslcertificatefile/etc/pki/tls/that you just created
CERTS/SERVER.CRT
# Line 107: Change to the Server.key
Sslcertificatekeyfile/etc/pki/tls/certs/server.key
just created [root@www ~]# systemctl Restart httpd


[2] If FIREWALLD is running, please allow HTTPS service. HTTPS using 443/TCP


[Root@www ~]# firewall-cmd--add-service=https--permanent
Success [Root@www ~]# Firewall-cmd]--reload
success


[3] Use a Web browser to access a test page from a client computer through HTTPS. The following example is Fiorefix. The following screen appears because the certificate was created by itself, but it is not ploblem and continues to the next step.






Xi. Enabling Basic Authentication



Enable Basic authentication to restrict access to specific Web pages



[1] For example, set Basic authentication settings under directory [/var/www/html/auth-basic].


 [Root@linuxprobe ~]# vi/etc/httpd/conf.d/auth_basic.conf
# Create a new profile
<directory/var/www/html/auth-basic >
  authtype Basic
  authname "Basic Authentication"
  authuserfile/etc/httpd/conf/.htpasswd
  require Valid-user
</Directory>
# Add User: Create a new file with "-C" (add "-C" option only for initial registration)
[root@linuxprobe ~]# htpasswd-c/etc/  HTTPD/CONF/.HTPASSWD Wang

New password: # Set password

re-type New Password: # Confirm adding for

User Wang
[root@linuxprobe ~]# systemctl restart httpd
[root@linuxprobe ~]# mkdir/var/www/html/auth-basic< C15/>[root@linuxprobe ~]# vi/var/www/html/auth-basic/index.html
# Create a test page



[2] Access a test page from a client computer using a Web browser. Then you need to authenticate, as shown below as settings, with users added in [1] to answer






12, basic Auth + PAM



Restrict access to specific Web pages and authenticate using an OS user over an SSL connection
[1] To create a certificate, refer to the above.
[2] For example, set basic Auth in the [/var/www/html/auth-pam] directory.


# Install from Epel
[root@linuxprobe ~]# yum--enablerepo=epel-y install mod_authnz_external pwauth
[ Root@linuxprobe ~]# vi/etc/httpd/conf.d/authnz_external.conf
# Add to the end

<directory/var/www/html/ auth-pam>
  sslrequiressl
  authtype Basic
  authname "Pam Authentication"
  Authbasicprovider External
  authexternal pwauth
  require valid-user
</Directory>

[root@linuxprobe ~]# mkdir/var/www/ Html/auth-pam

[Root@linuxprobe ~]# vi/var/www/html/auth-pam/index.html
# Create a test page


[3] Use a Web browser on the client to access the test page https://linuxprobe.org/auth-pam/and authenticate with the users on the operating system.






13. Use WebDAV



The following is an example of configuring WebDAV settings using an SSL connection
[1] To create a certificate, refer to the preceding
[2] For example, create a directory [WebDAV] that makes it possible to connect to a WebDAV directory only through SSL.


[Root@linuxprobe ~]# Mkdir/home/webdav
[root@linuxprobe ~]# chown Apache./home/webdav
[Root@linuxprobe ~]# chmod 770/home/webdav
[root@linuxprobe ~]# vi/etc/httpd/conf.d/webdav.conf
# Create new
davlockdb "/tmp/ Davlock "
alias/webdav/home/webdav
<Location/webdav>
  DAV on
  sslrequiressl
  Options None
  authtype Basic
  AuthName WebDAV
  authuserfile/etc/httpd/conf/.htpasswd
  <RequireAny>
    Require method Get POST OPTIONS
    Require valid-user
  </RequireAny>
</Location>

# Add Users: Create a new file with "-C" (Add for initial registration only "-C" option)
[root@linuxprobe ~]# htpasswd-c/etc/httpd/conf/.htpasswd Wang
New password:   # Set Password
re-type New Password:
Adding password for user Wang
# * * Note: User Wang's htpasswd has already been created and does not need to be repeatedly created * *
[root@linuxprobe ~]# systemctl Restart httpd


[3] If SELinux is enabled, please change the following rules.


[Root@linuxprobe ~]# chcon-r-t Httpd_sys_rw_content_t/home/webdav
[root@linuxprobe ~]# semanage fcontext-a-T http D_sys_rw_content_t/home/webdav


[4] This is the setting for the WebDAV client on the PC (Windows 10).
Download "Carotdav", which is a free WebDAV client, from the following website ⇒http://www.rei.to/carotdav_en.html, after downloading, install and start Carotdav, then display the following screen, click the "File" button and select " WebDAV ".






[5] Enter any name in the "Set name" field, enter [server name/WebDAV directory] in the URI field, and enter a username and password






[7] The configuration is added as follows, click it to connect to the server.






[8] Waring display as follows, its SSL certificate is not installed on your computer, it does not ploblem, click "Ignore", then go next.






[9] Create test directories and files in a WebDAV directory


[Root@linuxprobe tmp]# cd/home/webdav/
[root@linuxprobe webdav]# mkdir linuxprobe
[Root@linuxprobe webdav]# mkdir linuxcool
[root@linuxprobe webdav]# touch vdevops.txt
[root@linuxprobe webdav]# Touch Linuxcool.txt





The above is the entire content of this article, I hope to help you learn, but also hope that we support the cloud habitat community.


Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.