Chapter 6 web website service 2)
HTTP Introduction
The full name of HTTP is Hyper Text Transfer Protocol (Hypertext Transfer Protocol)
Apache is usually used to implement web services in linux. Apache has always been the most popular web server on the Internet.
About the attributes of the HTTP service
HTTP-related software packages
Httpd
HTTP daemon
/Usr/sbin/httpd
HTTP script
/Etc/init. d/httpd
HTTP port
80 (http) 443 (https)
HTTP configuration file
/Etc/http/*/var/www /*
IP address of the current server: 192.168.200.102
I. build and test the dns server
[Root @ crushlinux2 ~] # Yum-y install bind-chroot caching-nameserver
[Root @ crushlinux2 ~] # Cd/var/named/chroot/etc
[Root @ crushlinux2 etc] # cp-p named. caching-nameserver.conf named. conf
[Root @ crushlinux2 etc] # vim named. conf
Options {
Listen-on port 53 {any ;};
Listen-on-v6 port 53 {: 1 ;};
Directory "/var/named ";
Dump-file "/var/named/data/cache_dump.db ";
Statistics-file "/var/named/data/named_stats.txt ";
Memstatistics-file "/var/named/data/named_mem_stats.txt ";
// Those options shocould be used carefully because they disable port
// Randomization
// Query-source port 53;
// Query-source-v6 port 53;
Allow-query {192.168.200.0/24 ;};
Allow-query-cache {any ;};
};
Logging {
Channel default_debug {
File "data/named. run ";
Severity dynamic;
};
};
View localhost_resolver {
Match-clients {192.168.200.0/24 ;};
Match-destinations {any ;};
Recursion yes;
Include "/etc/named. rfc1912.zones ";
};
[Root @ crushlinux2 etc] # vim named. rfc1912.zones
Zone "0. in-addr.arpa" IN {
Type master;
File "named. zero ";
Allow-update {none ;};
Zone "." IN {
Type hint;
File "named. ca ";
};
Zone "baidu.com" IN {
Type master;
File "baidu. zone ";
Allow-update {none ;};
};
Zone "200.168.192.in-addr. arpa" IN {
Type master;
File "named. baidu ";
Allow-update {none ;};
};
[Root @ crushlinux2 etc] # cd/var/named/chroot/var/named/
[Root @ crushlinux2 named] # cp-p localhost. zone baidu. zone
[Root @ crushlinux2 named] # cp-p named. local named. baidu
[Root @ crushlinux2 named] # vim baidu. zone
In aaaa: 1
$ TTL 86400
@ In soa www1.baidu.com root.baidu.com (
42; serial (d. adams)
3 H; refresh
15 M; retry
1 W; expiry
1D); minimum
@ In ns www1.baidu.com
Www1 in a 192.168.200.102
Www2 in a 192.168.200.102
Www3 in a 192.168.200.102
[Root @ crushlinux2 named] # vim named. baidu
$ TTL 86400
@ In soa www1.baidu.com. root.baidu.com .(
1997022700; Serial
28800; Refresh
14400; Retry
3600000; Expire
86400); Minimum
@ In ns www1.baidu.com.
102 in ptr www1.baidu.com.
102 in ptr www2.baidu.com.
102 in ptr www3.baidu.com.
[Root @ crushlinux2 named] # service named restart
[Root @ crushlinux2 named] # vim/etc/resolv. conf
Search com
Nameserver 192.168.200.102
[Root @ crushlinux2 named] # nslookup www1.baidu.com
Server: 192.168.200.102
Address: 192.168.200.102 #53
Name: www1.baidu.com
Address: 192.168.200.102
[Root @ crushlinux2 named] # nslookup www2.baidu.com
Server: 192.168.200.102
Address: 192.168.200.102 #53
Name: www2.baidu.com
Address: 192.168.200.102
[Root @ crushlinux2 named] # nslookup www3.baidu.com
Server: 192.168.200.102
Address: 192.168.200.102 #53
Name: www3.baidu.com
Address: 192.168.200.102
[Root @ crushlinux2 named] # nslookup 192.168.200.102
Server: 192.168.200.102
Address: 192.168.200.102 #53
102.200.168.192.in-addr. arpa name = www1.baidu.com.
102.200.168.192.in-addr. arpa name = www2.baidu.com.
102.200.168.192.in-addr. arpa name = www3.baidu.com.
A vm can run multiple sites on a server without affecting each other. This greatly reduces costs. The VM technology can be implemented in three ways:
Virtual Host Based on domain name, IP, and port.
Ii. Install the apache Software Package and configure the virtual host
[Root @ crushlinux2 ~] # Yum-y install httpd
1. Domain Name-based VM:
[Root @ crushlinux2 ~] # Vim/etc/httpd/conf/httpd. conf
NameVirtualHost 192.168.200.102: 80
<VirtualHost 192.168.200.102: 80>
DocumentRoot/var/www/Example 1
ServerName www1.baidu.com
ServerAlias www3.baidu.com
</VirtualHost>
<VirtualHost 192.168.200.102: 80>
DocumentRoot/var/www/Example 2
ServerName www2.baidu.com
</VirtualHost>
Create a root directory in a domain name-based Virtual Site:
[Root @ crushlinux2 ~] # Cd/var/www/
[Root @ crushlinux2 www] # mkdir limit 1
[Root @ crushlinux2 www] # mkdir limit 2
A test page is created:
[Root @ crushlinux2 www] # echo "Hello I am www1">./Rewrite 1/index.html
[Root @ crushlinux2 www] # echo "Hello I am www2">./Rewrite 2/index.html
[Root @ crushlinux2 www] # service httpd restart
Test:
[Root @ crushlinux2 www] # elinks -- dump http://www1.baidu.com
Hello I am www1
[Root @ crushlinux2 www] # elinks -- dump http://www2.baidu.com
Hello I am www2
[Root @ crushlinux2 www] # elinks -- dump http://www3.baidu.com
Hello I am www1
2. IP-based VM:
Configure multiple IP addresses for this Nic
[Root @ crushlinux2 www] # ifconfig eth0 192.168.200.102
[Root @ crushlinux2 www] # ifconfig eth0: 1 192.168.200.103
[Root @ crushlinux2 ~] # Vim/etc/httpd/conf/httpd. conf
NameVirtualHost 192.168.200.102: 80
<VirtualHost 192.168.200.102: 80>
DocumentRoot/var/www/Example 1
ServerName www.baidu.com
</VirtualHost>
<VirtualHost 192.168.200.103: 80>
DocumentRoot/var/www/Example 2
ServerName www.baidu.com
</VirtualHost>
[Root @ crushlinux2 www] # service httpd restart
Test:
[Root @ crushlinux2 www] # elinks -- dump http: // 192.168.200.102
Hello I am www1
[Root @ crushlinux2 www] # elinks -- dump http: // 192.168.200.103
Hello I am www2
3. Port-based VM:
Allow apache to listen on multiple ports
134 Listen 192.168.200.102: 8001
135 Listen 192.168.200.102: 8002
NameVirtualHost 192.168.200.102: 8001
<VirtualHost 192.168.200.102: 8001>
DocumentRoot/var/www/Example 1
ServerName www1.baidu.com
</VirtualHost>
NameVirtualHost 192.168.200.102: 8002
<VirtualHost 192.168.200.102: 8002>
DocumentRoot/var/www/Example 2
ServerName www2.baidu.com
</VirtualHost>
[Root @ crushlinux2 www] # service httpd restart
Test:
[Root @ crushlinux2 www] # elinks -- dump http: // 192.168.200.102: 8001
Hello I am www1
[Root @ crushlinux2 www] # elinks -- dump http: // 192.168.200.102: 8002
Hello I am www2
Iii. httpd service access control
1. restrict network segments or IP addresses
[Root @ crushlinux2 ~] # Vim/etc/httpd/conf/httpd. conf
NameVirtualHost 192.168.200.102: 8001
<VirtualHost 192.168.200.102: 8001>
DocumentRoot/var/www/Example 1
ServerName www1.baidu.com
<Directory "/var/www/Example 1">
Options-Indexes-Followsymlinks
Order allow, deny
Allow from all
Deny from 192.168.200.102
</Directory>
</VirtualHost>
NameVirtualHost 192.168.200.102: 8002
<VirtualHost 192.168.200.102: 8002>
DocumentRoot/var/www/Example 2
ServerName www2.baidu.com
<Directory "/var/www/Example 2">
Options-Indexes-Followsymlinks
Order deny, allow
Deny from all
Allow from 192.168.200.102
</Directory>
</VirtualHost>
[Root @ crushlinux2 www] # service httpd restart
[Root @ crushlinux2 www] # elinks -- dump http: // 192.168.200.102: 8001
[Root @ crushlinux2 www] # elinks -- dump http: // 192.168.200.102: 8002
2. restrict users
Now we have created two users, bob and jack. These two users do not need to exist locally, but are only used to log on to the http service.
When creating a user for the first time, you must add the-c parameter to create an ID-authenticated database.
However, do not use the-c parameter when creating a user for the second time. Otherwise, it will overwrite the previous user's.
[Root @ crushlinux2 www] # htpasswd-cm/etc/httpd/. htpasswd bob
New password:
Re-type new password:
Adding password for user bob
[Root @ crushlinux2 www] # htpasswd-m/etc/httpd/. htpasswd jack
New password:
Re-type new password:
Adding password for user jack
[Root @ crushlinux2 www] # cat/etc/httpd/. htpasswd
Bob: $ apr1 $ GZGVy... $ qHSci8W7z5nrASwE3z1ie0
Jack: $ apr1 $ nO7oG/.. $ hsciam69242543izmr5cr51
Method 1:
[Root @ crushlinux2 www] # vim/etc/httpd/conf/httpd. conf
NameVirtualHost 192.168.200.102: 8001
<VirtualHost 192.168.200.102: 8001>
DocumentRoot/var/www/Example 1
ServerName www1.baidu.com
<Directory "/var/www/Example 1">
AuthName "Crushlinux"
AuthType Basic
AuthUserFile/etc/httpd/. htpasswd
Require valid-user
</Directory>
</VirtualHost>
[Root @ crushlinux2 www] # service httpd restart
Browser test: http: // 192.168.200.102: 8001
Method 2:
[Root @ crushlinux2 www] # vi/var/www/users 1/. htaccess
AuthName "berg"
AuthType basic
AuthUserFile/etc/httpd/. htpasswd
Require user bob jack
Require vaid-user
[Root @ crushlinux2 www] # vim/etc/httpd/conf/httpd. conf
NameVirtualHost 192.168.200.102: 8001
<VirtualHost 192.168.200.102: 8001>
DocumentRoot/var/www/Example 1
ServerName www1.baidu.com
<Directory "/var/www/Example 1">
Allowoverride Authconfig
</Directory>
</VirtualHost>
[Root @ crushlinux2 www] # service httpd restart
Browser test: http: // 192.168.200.102: 8001
Bytes -----------------------------------------------------------------------------------
Explanation of http service syntax parameters:
NameVirtualHost 192.168.0.254: 80
Advertise the virtual host on the server and the port,
<VirtualHost 192.168.0.254: 80>
Site of the first Vm,
DocumentRoot/var/www/Example 1
Root directory of the VM site,
ServerName station1.example.com
Defines the domain name of a VM site,
ServerAlias server1.example.com
Defines the alias of a VM domain name,
<Directory/var/www/Example 1>
Defines access control for a VM site,
Options-Indexes-Followsymlinks
Remove the Indexes and Followsymlinks functions,
Order allow, deny
Allow from all
Deny from 192.168.0.10
Allow all and deny specific hosts. (This is ordered)
Order deny, allow
Deny from all
Allow from 192.168.0.10
Deny all and allow specific hosts. (This is ordered)
</Directory>
This is the syntax, which corresponds to <Directory/var/www/scripts 1> and indicates the end.
</VirtualHost>
This is the syntax, which corresponds to <VirtualHost 192.168.0.254: 80>, indicating the end.
Http service authentication
1. generate an Identity Authentication database
# Htpasswd-cm/etc/httpd/. htpasswd bob
-C create-m md5 Encryption
# Htpasswd-m/etc/httpd/. htpasswd alice
AuthName "website"
Name used for authentication
AuthType basic
The authentication type is basic.
AuthUserFile/etc/httpd/. htpasswd
Call the Authentication database file just defined
Require user bob alice
Bob and Alice are allowed to access the http service and must be authenticated.
Require valid-user
All users in the authenticated database access the http service.
This article is from the "Crushlinux Studio" blog, please be sure to keep this http://crushlinux.blog.51cto.com/2663646/1305562