Deployment of Apache Web site services and access control implementations

Webserver commonly used are Apache, IIS, Nginx, Tomcat

• Apache HTTP Server is a modular server that can run on almost any widely used computer platform. It belongs to the application server. Apache supports many modules, stable performance, Apache itself is static parsing, suitable for static HTML, pictures, etc., but can be extended scripts, modules and other support dynamic pages.
• IIS is a Web services component that includes Web servers, FTP servers, NNTP servers, and SMTP servers for Web browsing, file transfer, news services, and mail delivery, which makes it easy to send information on the web. However, IIS can only run on Windows platforms.
• Nginx is a lightweight Web server/reverse proxy server and e-mail (IMAP/POP3) proxy server. Developed by Russian program designer Igor Sysoev for use in Russian large portals and search engine Rambler (Russian: Рамблер). Its features are less memory, concurrency, and support load balancing, in fact, nginx concurrency is actually in the same type of Web server performance better.
• Tomcat is a servlet container developed by Apache that implements support for Servlets and JSPs and provides some unique features as a Web server, such as the Tomcat management and control platform, secure domain management, and tomcat valves. It can be considered an Apache extension, but it can be run independently of Apache. In practice, Apache and Tomcat are often used in combination. If the client is requesting a static page, only the Apache server is required to respond to the request. If the client requests a dynamic page, the Tomcat server responds to the request. Because JSP is the server-side interpretation code, this consolidation reduces the service overhead of Tomcat. An extension of Tomcat to Apache can be understood.

Take RedHat6 as an example first, simply deploy the Apache website

• The first step: source code compilation and installation

Download Good source package Baidu Network disk password: 0x96

• apr-1.4.6.tar.gz
• Apr-util-1.4.1.tar.gz
• Http-2.4.2.tar.gz

The APR, Apr-util package supports Apache top-level applications across platforms and provides the underlying interface library

1. Extract Apr, Apr-util, HTTP package to/opt directory

 tar zxvf apr-1.4.6.tar.gz -C /opt tar zxvf apr-util-1.4.1.tar.gz -C /opt tar zxvf http-2.4.2.tar.gz

2. Copy the extracted APR, Apr-util package to the Srclib directory of the HTTP package

cd /opt           //进入解压后的软件目录cp -R  apr-1.4.6/ /opt/httpd-2.4.2/srclib/aprcp -R  apr-util-1.4.1/ /opt/httpd-2.4.2/srclib/apr-util

3. Install the compilation environment package GCC, gcc-c++, make, Pcre, Pcre-devel,pcre are a Perl library that supports regular expressions (installed with the Yum repository)

To create a Yum warehouse, refer to the Linux remote login Windows system via Rdesktop for detailed steps.

 yum install gcc gcc-c++ make pcre pcre-devel -y

4. According to the actual needs of the server, flexible setting of different customization options, such as specifying the installation path, enable character set support.

cd  /opt/httpd-2.4.2

./configure \
--PREFIX=/USR/LOCAL/HTTPD \
--ENABLE-SO \
--enable-rewrite \
--enable-charset-lite \
--enable-cgi

In the configuration commands above, the meanings of each option are as follows:

• --prefix: Specifies the directory under which the HTTPD service will be installed.
• --ENABLE-SO: Enable dynamic load module support, enabling httpd to further expand capabilities.
• --enable-rewrite: Enable Web page address rewriting for site optimization and directory Migration maintenance.
• --enable-charset-lite: Enable character set support to support Web pages that are encoded using a variety of character sets.
  ---enable-cgi: Enables CGI scripting support to extend the application access capabilities of your Web site.

5. Compiling and installing

After the configuration is complete, execute the "make" command to compile, convert the source code into an executable program, and then execute the "make install" command to complete the final installation process, where the process of make may take a long time.

makemake install

6. Confirm the installation results

[[email protected] ~]# ls /usr/local/httpd/bin  build  cgi-bin  conf  error  htdocs  icons  include  lib  logs  man  manual  modules

• /usr/local/httpd/bin: A variety of executable program files that store httpd services, including the main program httpd, the Service Control tool APACHECTL.
• /usr/local/httpd/conf: A variety of configuration files that store httpd services, including Master profile httpd.conf, enhanced configuration subdirectory extra, and more.
• /usr/local/httpd/htdocs: Store Web documents, including default home page, etc.
• /usr/local/httpd/logs: Log file that holds the HTTPD service.
• /usr/local/httpd/modules: A variety of module files that store httpd services.
• /usr/local/httpd/cgi-bin: Store various CGI program files.

7. Add httpd system service

In order to facilitate the management of HTTPD system services through Chkconfig, a controllable service script needs to be established. You can copy the Apachectl script to/etc/init.d/httpd and add the chkconfig recognition configuration at the beginning of the file.

grep -v "#" /usr/local/httpd/bin/apachectl > /etc/init.d/httpd

vim /etc/init.d/httpd    //在文件的开头添加#!/bin/sh    # chkconfig:2345 85 15    # description:Apache is a World Wide Web server.

chkconfig --add httpdchkconfig --list httpdchkconfig --level 35 httpd on

• Step Two: Configure and start httpd service 1. Establish a soft link for easy management of configuration files

ln -s /usr/local/httpd/conf/httpd.conf /etc/httpd.conf

vim /etc/httpd.conf  ServerName  www.benet.com  //设置网站名称  Listen 192.168.10.10:80   //监听web服务器本机的IPV4地址  #Listen 80 //不监听本机IPV6地址

2. Check the syntax of the configuration file

Use the Apachectl command with the "-t" option to check the configuration content and show "Syntax OK" stating that there are no syntax errors.

[[email protected] ~]# cd /usr/local/httpd/bin/[[email protected] bin]# ./apachectl -tSyntax OK

3. Start the HTTPD service

After you start the httpd service normally, the TCP protocol's port 80 is monitored by default.

[[email protected] ~]# service httpd start[[email protected] ~]# netstat -ntap | grep httpdtcp        0      0 192.168.10.10:80            0.0.0.0:*                   LISTEN      

• Step three: Test Apache web site

  Shutting down the Apache server's firewall

  service iptables stop

Next, access control is implemented on the Apache website

To gain greater control over access to site resources, you can add access authorizations to specific site directories.

• Client Address Restrictions

  By configuring the item order, Deny from, and let from, you can decide whether to allow client access based on the host name or IP address of the client. Where order configuration items are used to set the throttling order, the Deny from and allow from configuration items are used to set the specific throttling content.

vim /etc/httpd.conf  <Directory "/usr/local/httpd/htdocs">      ........     //省略部分内容      Order deny,allow      Deny from 192.168.10.0/24  </Directory>      

service httpd restart   //重启httpd服务

Using the client IP address is the 192.168.10.0 network segment test

• User Authorization Restrictions

User-based access control includes two processes for authentication and authorization, which is the process of identifying a user, and authorization is the process of allowing a specific user to access a particular directory region. The following is a basic authentication method, for example, to add user authorization restrictions.

1. Create a virtual Web site directory (/opt/test)

[[email protected] ~]# mkdir /opt/test[[email protected] ~]# echo "this is test" > /opt/test/index.html

2. Create a user data authentication file

To create an authorized user data file using a dedicated HTPASSWD tool, you must specify the location of the user data file.

[[email protected] ~]# htpasswd -c /etc/httpd/user zhangsanNew password:       //根据提示设置密码Re-type new password: Adding password for user zhangsan[[email protected] ~]# cat /etc/httpd/user  //确认用户数据文件zhangsan:4PzLKuWXoIm4A

3. Add User authorization Configuration

With an authorized account, you also need to load a separate configuration file that allows you to add an authorization configuration to the specific directory area to enable Basic authentication.

[[email protected] ~]# cd /usr/local/httpd/conf/extra/[[email protected] extra]# vim vdir.conf   Alias /test "/opt/test/"           //声明<Directory "/opt/test/">                     //网站目录区域    Options Indexes MultiViews FollowSymLinks //允许使用符号链接    AllowOverride None               //不允许隐含控制文件中的覆盖配置    AuthName "hello"                //定义受保护的领域名称，该内容将在浏览器弹出的认证对话框中显示     authtype basic                 //设置认证的类型是基本认证    authuserfile /etc/httpd/user  //设置用于保存账号、密码的认证文件路径#  authgroupfile /etc/httpd/group    require valid-user           //认证文件中的合法用户才能访问#  require user test#  require group admin</Directory>

service httpd restart   //重启服务使配置生效

4. Client Testing

Deployment of Apache Web site services and access control implementations