Httpd (1)-basics and authentication

WWW Service overview and working principles

The WWW (World Wide Web) service is one of the most widely used services in the network. It is required for searching and browsing online content, it allows users to obtain information and other services through the Interactive Graphic Interface. WWW Service is an application that implements Browser/Server mode based on WEB technology. It is provided by Web servers. Users can send and accept HTML (Hypertext Markup Language) through a general browser on the client) format File. users usually regard the Web service as the specific implementation of the WWW Service.

A web system is client/server-based and consists of two parts: server programs and client programs. Client programs, such as IE. In the address bar of the browser, the user enters the consent resource location address (URL) to access the Web page. Communication process between the client and the server

650) This. width = 650; "Title =" b6hskwxu1i % x {599 ~ 2n1iev.jpg "src =" http://s3.51cto.com/wyfs02/M02/46/3F/wKioL1PwiP_DISXkAAEMNZiJf1c705.jpg "alt =" wkiol1pwip_disxkaaemnzijf1c705.jpg "/>

Httpd installation and startup

1. Install httpd. Configure the yum source first.

#yum install httpd

 

2. Start and test httpd

After the httpd server is installed, a series of directories and files are automatically generated, including a default site. Httpd main directory

Yes/var/www/. There are also a series of subdirectories in this directory, as shown below:

/Var/www/html: the default website page storage directory. Save externally published web content and files. /Var/www/cgi-bin: stores executable programs, including CGI scripts and Perl scripts. /Var/www/manual: Save the HTML Help manual. /Var/www/error: stores the error prompt file. /Var/www/icons: stores the server's Icon files. /Var/www/MRTG: traffic monitor file storage directory

 

Httpd server startup and other related commands are:

# Service httpd START | stop | restart | status | reload // run | disable | restart the service | view the current status | reload

 

3. Simple page implementation

Edit the configuration file, move the cursor to the end, and modify the configuration file.

#vim /etc/httpd/conf/httpd.conf

650) This. width = 650; "Title =" @2m744244c%%b6w'30%k8%%a.jpg "src =" http://s3.51cto.com/wyfs02/M01/46/3D/wKiom1PwiWOhSwPNAACvGxhBqtw393.jpg "alt =" wkiom1pwiwohswpnaacvgxhbqtw393.jpg "/>

 

First, define the path of a page. The domain name points to www.ky.com. Here, my DNS has been configured. Therefore, you only need to direct the DNS to the DNS server on the local machine, if no DNS is configured, change "*" to the IP address of your server. Next we will create a simple page to verify it, as shown below:

Edit configuration file

#vim /var/www/html/index.html

650) This. width = 650; "Title =" Too oduq1_mr2q1_1_0bp'tev11_l6.jpg "src =" http://s3.51cto.com/wyfs02/M02/46/3D/wKiom1PwigGSsztEAAA-5QemGSw094.jpg "alt =" wKiom1PwigGSsztEAAA-5QemGSw094.jpg "/>

Create a home page and test it on the local machine.

650) This. width = 650; "Title =" 0ulnkmbw.g7nt%0j_s%f%1@e.jpg "src =" http://s3.51cto.com/wyfs02/M00/46/3F/wKioL1PwjSbzkrEiAABkr374Bf0155.jpg "alt =" wkiol1pwjsbzkreiaabkr374bf0155.jpg "/>

650) This. width = 650; "Title =" _xxyxza641_d('{'{hewl.jpg "src =" http://s3.51cto.com/wyfs02/M01/46/3F/wKioL1PwjWSzDQH8AACkOTl8GE0320.jpg "alt =" wkiol1pwjwszdqh8aackotl8ge0320.jpg "/>

In this way, a simple web page is generated.

 

Default Configuration File and comment

Serverroot "/etc/httpd" // specifies the file that records the server startup process number in the root directory pidfile run/httpd. PID of the server that stores its configuration, errors, and log files. This file will be created after the service process starts and the file disappears after the service process is closed. timeout 60 // The number of seconds the server waits before determining whether the request fails, if no data is received or sent after 60 s, the server automatically disconnects the keepalive off // enables the HTTP persistent connection. We recommend that you change off to on to enable the persistent connection, avoid the maximum number of HTTP requests allowed by each connection in maxkeepaliverequests 100. If you set this value to 0, the number of requests is not limited. We recommend that you set this value to a relatively large value to ensure optimal server performance. This item is valid only when keepalive on is used. keepalivetimeout 15 // the number of seconds that Apache waits for the next HTTP request before closing the persistent connection. If the interval between two adjacent HTTP requests exceeds 15 s, the connection is closed. For high-load servers, the keepalivetimeout value is too large to cause some performance problems. startservers 8 // Number of child processes generated when the server is started. This value should be between minspareserver and maxspareservers. minspareservers 5 // Apache automatically adjusts the number of idle sub-processes according to the weight of the load when running. If there are less than five idle sub-processes, create a new sub-process to serve the customer maxspareservers 20 // if there are more than 20 idle sub-processes, delete sub-processes one by one to improve system performance. serverlimit 256 // The maximum number of processes allowed by the server. The maximum value is 20000. maxclients 256. // limit the maximum number of concurrent access customers. The default value is 256. any request that exceeds the maxclients limit will enter the waiting queue. Once a connection is released, the request in the queue will be served. If the maxclients value exceeds 256, you must set serverlimit to the same value as maxrequestsperchild 4000 // specify the maximum number of requests allowed by each sub-process during its lifetime. When maxrequestsperchild is reached, the sub-process will never end listen 80 // specify the service listening port include Conf. d /*. conf // set/etc/httpd/CONF. all configuration files ending with conf in the d directory include user Apache // specify the owner and group of related processes during Apache running apacheserveradmin [email protected] // specify the Administrator's mailbox # servername www.example.com: 80 // specify how the server identifies its own name and port number UseCanonicalName off // configure how the server determines its own domain name. When the value is off, the server uses the host name and port number provided by the client. When it is set to on, use the servername value DocumentRoot "/var/www/html" // to set the root directory path, when DocumentRoot is specified, the last "/" <directory "/var/www/html"> // encapsulate a group of commands, make it only effective for a directory and Its subdirectories options indexes followsymlinks // allows symbolic links to access files not in this directory AllowOverride NONE // prohibit reading. the content of the htaccess configuration file is order allow, deny // specify to execute the allow (allowed) access rule first, and set the allow (allowed) access rule in the execution of the deny access rule allow from all, allow all connections </directory> // encapsulate the end # namevirtualhost *: 80 // listen to port 80 of all IP addresses. The comment is used by default and the VM is required, this option must be enabled # serveradmin [email protected] // website administrator mailbox # DocumentRoot/www/docs/dummy-host.example.com // location where the website is stored # servername dummy-host.example.com // server name, domain name # errorlog logs/dummy-host.example.com-access_log comman // Error Log Path # customlog logs/dummy-host.example.com-access_log common // access Log Path

 

User-Based Access Control of httpd

Access Control for users based on files

1. Edit the configuration file, add the following information to it, and create an Admin directory under the corresponding directory in advance.

Homepage.

#vim /etc/httpd/conf/httpd.conf

650) This. width = 650; "Title =" axfm2h4t%qskx%(y%_7%vy.jpg "src =" http://s3.51cto.com/wyfs02/M01/46/3E/wKiom1Pwji-yQcgtAAD9Dx0bkfY420.jpg "alt =" wKiom1Pwji-yQcgtAAD9Dx0bkfY420.jpg "/>

<Directory "/var/www/html/admin"> during access by the optinos none user, AllowOverride authconfig is not allowed for authentication-related configuration. The authtype basic authentication type is basic authname "Admin area. "Authentication Name authuserfile/etc/httpd/CONF /. htpasswd authentication restricts the locations where users are stored. require valid-users are allowed to access users </directory>

2. Create a user. The user here has nothing to do with the System user.

Htpasswd

-C: if this file event does not exist, create it. Note: it can only be used when the first user is created.

-C is definitely not used, because it will overwrite the user in the original htpasswd file, which is quite dangerous.

-M: stores the user's password information in MD5 format.

-D: delete a specified user.

 

Generate files and add users

#htpasswd -c –m  /etc/httpd/conf/.htpasswd ky

650) This. width = 650; "Title =" h8(ga%w7mw8%95%zs%7ksc.jpg "src =" http://s3.51cto.com/wyfs02/M01/46/3E/wKiom1Pwj2ezlA_BAABugefysYU821.jpg "alt =" wkiom1pwj2ezla_baabugefysyu821.jpg "/>

Check this file.

650) This. width = 650; "Title =" W] $ ajat] 2bviv ~ Phyr9gxjl.jpg "src =" http://s3.51cto.com/wyfs02/M00/46/40/wKioL1PwkLjQV7LFAAB3rx_0fS4279.jpg "alt =" wkiol1pwkljqv7lfaab3rx_0fs4279.jpg "/>

This file stores both the user and password, so the file is hidden during creation and the user is written into it.

Do not use Vim. You can only use the following commands. After compiling, you must repeat the configuration file by # service httpd reload.

At this time, we use the client to access the following admin file

650) This. width = 650; "Title =" %qs%acquyg2q9g'gu%8_drj.jpg "src =" http://s3.51cto.com/wyfs02/M02/46/40/wKioL1PwkQzRnlVQAAELsdADiZU106.jpg "alt =" wkiol1pwkqzrnlvqaaelsdadizu106.jpg "/>

650) This. width = 650; "Title = "~ 'O % 5 $) mx7 @ dn3) dL % Tm ~ $ I .jpg "src =" http://s3.51cto.com/wyfs02/M01/46/3E/wKiom1PwkAPyiTRKAACtYqWRZw4323.jpg "alt =" wkiom1pwkapyitrkaactyqwrzw4323.jpg "/>

This completes file-based access control for users.

 

Group-Based Access Control

1. create two new users ky2 and ky3

650) This. width = 650; "Title =" 51f} [G {o)] ~ X(qn0000@6b00000000g.jpg "src =" http://s3.51cto.com/wyfs02/M01/46/40/wKioL1Pwk0iwPNJ5AACxpdFe-RQ696.jpg "alt =" wKioL1Pwk0iwPNJ5AACxpdFe-RQ696.jpg "/>

Create a. htgroup file to store group information

650) This. width = 650; "Title =" '{u65q0fag?up4sdk1v=qbs.jpg "src =" http://s3.51cto.com/wyfs02/M00/46/40/wKioL1Pwk4GhsOllAAAge8ha9MY861.jpg "alt =" wkiol1pwk4ghsollaaage8ha9my861.jpg "/>

Add a group and specify the group file name. The require group kytest file must be specified in the group file.

Group name.

650) This. width = 650; "Title =" I {Ra % ~] 20176ks0000dg82108wfbid.jpg "src =" http://s3.51cto.com/wyfs02/M00/46/3E/wKiom1Pwkq7TDR7GAAEyrKBsSPw184.jpg "alt =" wkiom1pwkq7tdr7gaaeyrkbsspw184.jpg "/>

In this way, you can implement group-based authentication.

This article from the fish blog, please be sure to keep this source http://kyfish.blog.51cto.com/1570421/1541332