Establish lamp Service
One, generate multiple access to the Domain name window
1.yum Install Httpd-y
HTTP and HTTPS are now joined to the firewall, but also set SELinux to remotely access or change the file's label (security context)
Firewalld-cmd--permanent--add-service=http
Firewalld-cmd--permanent--add-service=https
Firewalld-cmd--reload
2.yum Install Mod_ssl-y
Yum Install Crypto-utils-y
Genkey www.mail.com/* Generate an HTTPS authentication certificate
650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M00/8B/94/wKiom1hRYDjS1-0dAAD389mv8x4342.png-wh_500x0-wm_3 -wmp_4-s_1415907789.png "title=" screenshot from 2016-12-12 21_39_39.png "alt=" Wkiom1hrydjs1-0daad389mv8x4342.png-wh _50 "/>
Generate a directory location for the certificate and private key, which you need to remember to modify the ssl.conf configuration file after generating the certificate and private key
650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M02/8B/90/wKioL1hRYUKhqN85AAEDAUVS1oY619.png-wh_500x0-wm_3 -wmp_4-s_2760677041.png "style=" Float:none; "title=" screenshot from 2016-12-12 21_40_06.png "alt=" Wkiol1hryukhqn85aaedauvs1oy619.png-wh_50 "/>
Choose the length of the generated private key, we generally choose 1024 bits, the generation is faster, but this time requires you to move the mouse and keyboard to quickly encrypt the completion
650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M01/8B/94/wKiom1hRYUPzfV_JAABBRcJ5sYY233.png-wh_500x0-wm_3 -wmp_4-s_478600669.png "style=" Float:none; "title=" screenshot from 2016-12-12 21_44_26.png "alt=" wKiom1hRYUPzfV_ Jaabbrcj5syy233.png-wh_50 "/>
This choice no, it doesn't need to be published, because it's just our own experiment.
650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M01/8B/90/wKioL1hRYUPCaMfhAAFLZjiI6BE431.png-wh_500x0-wm_3 -wmp_4-s_1762699616.png "style=" Float:none; "title=" screenshot from 2016-12-12 21_44_52.png "alt=" Wkiol1hryupcamfhaaflzjii6be431.png-wh_50 "/>
Do not set the password for the private key download, direct next
650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M02/8B/94/wKiom1hRYUSyoHuOAAD-7R_cwiU783.png-wh_500x0-wm_3 -wmp_4-s_4140009254.png "style=" Float:none; "title=" screenshot from 2016-12-12 21_45_50.png "alt=" Wkiom1hryusyohuoaad-7r_cwiu783.png-wh_50 "/>
Fill in the certificate information.
3.vim/etc/httpd/conf.d/ssl.conf
SSLCERTIFICATEFILE/ETC/PKI/TLS/CERTS/WWW.MAIL.COM.CRT/* Certificate */
107 Sslcertificatekeyfile/etc/pki/tls/private/www.mail.com.key/* Password */
650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M02/8B/90/wKioL1hRZq-Ax5N8AADEkJYYQCw664.png-wh_500x0-wm_3 -wmp_4-s_1641977129.png "title=" screenshot from 2016-12-12 21_58_57.png "alt=" Wkiol1hrzq-ax5n8aadekjyyqcw664.png-wh _50 "/>
Enter the/ETC/HTTPD/CONF.D directory to build three files into the/ETC/HTTPD/CONF.D directory to create three files
News.conf,default.conf,music.conf
Vim news.conf/* can access multiple websites via one IP, by way of domain name, need to modify Hosts file
1 <virtualhost *:80>
2 Servername news.mail.com
3 documentroot/var/www/virtual/news.mail.com/html
4 Customlog "Logs/news.log" combined
5 </Virtualhost>
6 <directory "/var/www/virtual/news.mail.com/html" >
7 Require All granted
8 </Directory>
9 <virtualhost *:443>
Ten Servername news.mail.com
Documentroot/var/www/virtual/news.mail.com/html
Customlog "Logs/news-443.log" combined
Sslengine on
Sslcertificatefile/etc/pki/tls/certs/www.mail.com.crt
Sslcertificatekeyfile/etc/pki/tls/private/www.mail.com.key
</Virtualhost>
Vim music.conf
1 <virtualhost *:80>/* Convert http-accessed Web pages to HTTPS encryption conversion
2 Servername music.mail.com
3 Rewriteengine on
4 Rewriterule ^ (/.*) $ https://%{http_host}$1 [redirect=301]
5 </Virtualhost>
6 <directory "/var/www/virtual/music.mail.com/html" >
7 Require All granted
8 </Directory>
9 <virtualhost *:443>
Ten Servername music.mail.com
Documentroot/var/www/virtual/music.mail.com/html
Customlog "Logs/music-443.log" combined
Sslengine on
Sslcertificatefile/etc/pki/tls/certs/www.mail.com.crt
Sslcertificatekeyfile/etc/pki/tls/private/www.mail.com.key
</Virtualhost>
Vim default.conf/* Configuration of files in default directory
1 <virtualhost _default_:80>
2 documentroot/var/www/html
3 Customlog "Logs/default.log" combined
4 </Virtualhost>
5 <directory "/var/www/html/cgi" >
6 Options +execcgi
7 AddHandler cgi-script. CGI
8 </Directory>
These three files can be accessed through a domain name/etc/hosts
IP www.mail.com music.mail.com news.mail.com
Create a Index.php,yum install in/var/www/html/php-y write the following code to test HTTP in Firefox
1 <?php
2 phpinfo ();
3?>
650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M00/8B/94/wKiom1hRZu2joHxiAAFHU19a1Tc764.png-wh_500x0-wm_3 -wmp_4-s_1352850943.png "title=" screenshot from 2016-12-12 22_44_07.png "alt=" Wkiom1hrzu2johxiaafhu19a1tc764.png-wh _50 "/>
Second, the test of Web pages in HTTP and the operation of the program
1) Create a CGI directory in/var/www/html/. Touch index.cgi Yum Install httpd-manual-y
Restart httpd service in Firefox login manual
Click Cgi:dynamic Content
2) Copy the program to index.cgi
#!/usr/bin/perl
print "content-type:text/html\n\n";
print ' Date ';
Test Execution command: Perl index.cgi is shown below
[Email protected] cgi]# Perl index.cgi
Content-type:text/html
Mon Dec 09:57:13 EST 2016
chmod +x index.cgi
Then add the programs in the Cgi:dynamic content in default.conf
<Directory/home/*/public_html>
Options +execcgi
AddHandler Cgi-script. CGI
</Directory>
Setenforce 0
Test: Look at the running index.cgi program in Firefox
How to view the security context in the HTTP/var/www
Ls-zd cgi-bin/
Semanage fcontext-a-T httpd_sys_script_exec_t '/var/www/html/cgi (/.*)? '/* Change the security context of the file
restorecon-fvvr/var/www/html/cgi/* Refresh the security context
Third, the establishment of web forums
1). Set MARIADB,PHP,PHP-MYSQL,HTTPD Service
Yum Install Mariadb-server-y
Yum Install Php-mysql-y
2) vim/etc/my.cnf spik-networking /* Turn off the MARIADB 3306 port
Mysql_secure_installation /* Establish a database password
Discuz_x3.2_sc_utf8.zip /* Forum installation package
Unzip Discuz_x3.2_sc_utf8.zip /* Unzip
Less readme/readme.txt /* Read installation details
3) chmod 777 Upload/data upload/config-r /* Execute permissions for data and config
Setenforce 0 /* Turn off SELinux firewall
Running and installing in a browser
172.25.254.150/upload/* In Firefox follow the steps to install
650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M00/8B/94/wKiom1hRZ_6gxcLFAAFd7rSMO74997.png-wh_500x0-wm_3 -wmp_4-s_505448322.png "title=" screenshot from 2016-12-14 20_46_44.png "alt=" Wkiom1hrz_6gxclfaafd7rsmo74997.png-wh_ "/>
Four, turn the wall tool squid, cache resources that other servers can access (forward proxy)
1) Yum Install Squid-y
Vim/etc/squid/squid.conf
56|http_access Enable all /* Allow access
59|http_port 3128 /* Open port 3128
62|cache_dir ufs/var/spool/squid * * Open Cache Directory
Systemctl start Squid
In/var/spool/squid to see if subdirectories have been created
650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M01/8B/90/wKioL1hRaSSggi0IAADXEP5r-jo099.png-wh_500x0-wm_3 -wmp_4-s_4207157102.png "title=" screenshot from 2016-12-14 22_07_08.png "alt=" Wkiol1hrassggi0iaadxep5r-jo099.png-wh _50 "/>
2) on the customer service side of the set to access the server side of the 3128 Port two host as Squid service side (reverse proxy) two hosts as customer service side, one is two IP address
A public network IP, an intranet IP, and install squid.
In/etc/squid/squid.conf
Http_access Allow all
Http_port vhost vport /* Change the original port 3128 to 80 port of HTTP
Cache_peer 172.25.254.4 Parent 0 no-query originserver round-robin name=web1/* Cache 172.25.254.4
Cache_peer 172.25.254.3 Parent 0 no-query originserver round-robin name=web2/* Cache 172.25.254.3
Cache_peer_domain web1 web2 www.taobao.com /* Establish access to Web1 and web2 domain names
Cache_dir UFS/VAR/SPOOL/SQUID 100 16 256
Coredump_dir/var/spool/squid
less/usr/share/doc/squid-3.3.8/squid.conf.documented /* can find out how to set up the reverse proxy service port (above 60 and 61)
650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M00/8B/90/wKioL1hRaTvi4CNRAAD0cf_PDdw979.png-wh_500x0-wm_3 -wmp_4-s_3942584111.png "title=" screenshot from 2016-12-14 22_40_23.png "alt=" Wkiol1hratvi4cnraad0cf_pddw979.png-wh _50 "/>
Lamp service and forward and reverse proxy