Lamp service and forward and reverse proxy

Establish lamp Service

One, generate multiple access to the Domain name window

1.yum Install Httpd-y

HTTP and HTTPS are now joined to the firewall, but also set SELinux to remotely access or change the file's label (security context)

Firewalld-cmd--permanent--add-service=http

Firewalld-cmd--permanent--add-service=https

Firewalld-cmd--reload

2.yum Install Mod_ssl-y

Yum Install Crypto-utils-y

Genkey www.mail.com/* Generate an HTTPS authentication certificate

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M00/8B/94/wKiom1hRYDjS1-0dAAD389mv8x4342.png-wh_500x0-wm_3 -wmp_4-s_1415907789.png "title=" screenshot from 2016-12-12 21_39_39.png "alt=" Wkiom1hrydjs1-0daad389mv8x4342.png-wh _50 "/>

Generate a directory location for the certificate and private key, which you need to remember to modify the ssl.conf configuration file after generating the certificate and private key

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M02/8B/90/wKioL1hRYUKhqN85AAEDAUVS1oY619.png-wh_500x0-wm_3 -wmp_4-s_2760677041.png "style=" Float:none; "title=" screenshot from 2016-12-12 21_40_06.png "alt=" Wkiol1hryukhqn85aaedauvs1oy619.png-wh_50 "/>

Choose the length of the generated private key, we generally choose 1024 bits, the generation is faster, but this time requires you to move the mouse and keyboard to quickly encrypt the completion

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M01/8B/94/wKiom1hRYUPzfV_JAABBRcJ5sYY233.png-wh_500x0-wm_3 -wmp_4-s_478600669.png "style=" Float:none; "title=" screenshot from 2016-12-12 21_44_26.png "alt=" wKiom1hRYUPzfV_ Jaabbrcj5syy233.png-wh_50 "/>

This choice no, it doesn't need to be published, because it's just our own experiment.

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M01/8B/90/wKioL1hRYUPCaMfhAAFLZjiI6BE431.png-wh_500x0-wm_3 -wmp_4-s_1762699616.png "style=" Float:none; "title=" screenshot from 2016-12-12 21_44_52.png "alt=" Wkiol1hryupcamfhaaflzjii6be431.png-wh_50 "/>

Do not set the password for the private key download, direct next

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M02/8B/94/wKiom1hRYUSyoHuOAAD-7R_cwiU783.png-wh_500x0-wm_3 -wmp_4-s_4140009254.png "style=" Float:none; "title=" screenshot from 2016-12-12 21_45_50.png "alt=" Wkiom1hryusyohuoaad-7r_cwiu783.png-wh_50 "/>

Fill in the certificate information.

3.vim/etc/httpd/conf.d/ssl.conf

SSLCERTIFICATEFILE/ETC/PKI/TLS/CERTS/WWW.MAIL.COM.CRT/* Certificate */

107 Sslcertificatekeyfile/etc/pki/tls/private/www.mail.com.key/* Password */

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M02/8B/90/wKioL1hRZq-Ax5N8AADEkJYYQCw664.png-wh_500x0-wm_3 -wmp_4-s_1641977129.png "title=" screenshot from 2016-12-12 21_58_57.png "alt=" Wkiol1hrzq-ax5n8aadekjyyqcw664.png-wh _50 "/>

Enter the/ETC/HTTPD/CONF.D directory to build three files into the/ETC/HTTPD/CONF.D directory to create three files

News.conf,default.conf,music.conf

Vim news.conf/* can access multiple websites via one IP, by way of domain name, need to modify Hosts file

1 <virtualhost *:80>

2 Servername news.mail.com

3 documentroot/var/www/virtual/news.mail.com/html

4 Customlog "Logs/news.log" combined

5 </Virtualhost>

6 <directory "/var/www/virtual/news.mail.com/html" >

7 Require All granted

8 </Directory>

9 <virtualhost *:443>

Ten Servername news.mail.com

Documentroot/var/www/virtual/news.mail.com/html

Customlog "Logs/news-443.log" combined

Sslengine on

Sslcertificatefile/etc/pki/tls/certs/www.mail.com.crt

Sslcertificatekeyfile/etc/pki/tls/private/www.mail.com.key

</Virtualhost>

Vim music.conf

1 <virtualhost *:80>/* Convert http-accessed Web pages to HTTPS encryption conversion

2 Servername music.mail.com

3 Rewriteengine on

4 Rewriterule ^ (/.*) $ https://%{http_host}$1 [redirect=301]

5 </Virtualhost>

6 <directory "/var/www/virtual/music.mail.com/html" >

7 Require All granted

8 </Directory>

9 <virtualhost *:443>

Ten Servername music.mail.com

Documentroot/var/www/virtual/music.mail.com/html

Customlog "Logs/music-443.log" combined

Sslengine on

Sslcertificatefile/etc/pki/tls/certs/www.mail.com.crt

Sslcertificatekeyfile/etc/pki/tls/private/www.mail.com.key

</Virtualhost>

Vim default.conf/* Configuration of files in default directory

1 <virtualhost _default_:80>

2 documentroot/var/www/html

3 Customlog "Logs/default.log" combined

4 </Virtualhost>

5 <directory "/var/www/html/cgi" >

6 Options +execcgi

7 AddHandler cgi-script. CGI

8 </Directory>

These three files can be accessed through a domain name/etc/hosts

IP www.mail.com music.mail.com news.mail.com

Create a Index.php,yum install in/var/www/html/php-y write the following code to test HTTP in Firefox

1 <?php

2 phpinfo ();

3?>

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M00/8B/94/wKiom1hRZu2joHxiAAFHU19a1Tc764.png-wh_500x0-wm_3 -wmp_4-s_1352850943.png "title=" screenshot from 2016-12-12 22_44_07.png "alt=" Wkiom1hrzu2johxiaafhu19a1tc764.png-wh _50 "/>

Second, the test of Web pages in HTTP and the operation of the program

1) Create a CGI directory in/var/www/html/. Touch index.cgi Yum Install httpd-manual-y

Restart httpd service in Firefox login manual

Click Cgi:dynamic Content

2) Copy the program to index.cgi

#!/usr/bin/perl

print "content-type:text/html\n\n";

print ' Date ';

Test Execution command: Perl index.cgi is shown below

[Email protected] cgi]# Perl index.cgi

Content-type:text/html

Mon Dec 09:57:13 EST 2016

chmod +x index.cgi

Then add the programs in the Cgi:dynamic content in default.conf

<Directory/home/*/public_html>

Options +execcgi

AddHandler Cgi-script. CGI

</Directory>

Setenforce 0

Test: Look at the running index.cgi program in Firefox

How to view the security context in the HTTP/var/www

Ls-zd cgi-bin/

Semanage fcontext-a-T httpd_sys_script_exec_t '/var/www/html/cgi (/.*)? '/* Change the security context of the file

restorecon-fvvr/var/www/html/cgi/* Refresh the security context

Third, the establishment of web forums

1). Set MARIADB,PHP,PHP-MYSQL,HTTPD Service

Yum Install Mariadb-server-y

Yum Install Php-mysql-y

2) vim/etc/my.cnf spik-networking /* Turn off the MARIADB 3306 port

Mysql_secure_installation /* Establish a database password

Discuz_x3.2_sc_utf8.zip /* Forum installation package

Unzip Discuz_x3.2_sc_utf8.zip /* Unzip

Less readme/readme.txt /* Read installation details

3) chmod 777 Upload/data upload/config-r /* Execute permissions for data and config

Setenforce 0 /* Turn off SELinux firewall

Running and installing in a browser

172.25.254.150/upload/* In Firefox follow the steps to install

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M00/8B/94/wKiom1hRZ_6gxcLFAAFd7rSMO74997.png-wh_500x0-wm_3 -wmp_4-s_505448322.png "title=" screenshot from 2016-12-14 20_46_44.png "alt=" Wkiom1hrz_6gxclfaafd7rsmo74997.png-wh_ "/>

Four, turn the wall tool squid, cache resources that other servers can access (forward proxy)

1) Yum Install Squid-y

Vim/etc/squid/squid.conf

56|http_access Enable all /* Allow access

59|http_port 3128 /* Open port 3128

62|cache_dir ufs/var/spool/squid * * Open Cache Directory

Systemctl start Squid

In/var/spool/squid to see if subdirectories have been created

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M01/8B/90/wKioL1hRaSSggi0IAADXEP5r-jo099.png-wh_500x0-wm_3 -wmp_4-s_4207157102.png "title=" screenshot from 2016-12-14 22_07_08.png "alt=" Wkiol1hrassggi0iaadxep5r-jo099.png-wh _50 "/>

2) on the customer service side of the set to access the server side of the 3128 Port two host as Squid service side (reverse proxy) two hosts as customer service side, one is two IP address

A public network IP, an intranet IP, and install squid.

In/etc/squid/squid.conf

Http_access Allow all

Http_port vhost vport /* Change the original port 3128 to 80 port of HTTP

Cache_peer 172.25.254.4 Parent 0 no-query originserver round-robin name=web1/* Cache 172.25.254.4

Cache_peer 172.25.254.3 Parent 0 no-query originserver round-robin name=web2/* Cache 172.25.254.3

Cache_peer_domain web1 web2 www.taobao.com /* Establish access to Web1 and web2 domain names

Cache_dir UFS/VAR/SPOOL/SQUID 100 16 256

Coredump_dir/var/spool/squid

less/usr/share/doc/squid-3.3.8/squid.conf.documented /* can find out how to set up the reverse proxy service port (above 60 and 61)

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M00/8B/90/wKioL1hRaTvi4CNRAAD0cf_PDdw979.png-wh_500x0-wm_3 -wmp_4-s_3942584111.png "title=" screenshot from 2016-12-14 22_40_23.png "alt=" Wkiol1hratvi4cnraad0cf_pddw979.png-wh _50 "/>

Lamp service and forward and reverse proxy