Rhel7 HTTP Instance

Source: Internet
Author: User
Tags ssl certificate

Rhel7 HTTP Instance

    1. Configure Web: Virtual host configuration; https; different Port virtual host

Configure www

/etc/httpd/conf/httpd.conf is the primary configuration file

/etc/httpd/conf.d/*.conf a lot of extra parameter files, the extension is. conf, usually in this configuration, the advantage is that when upgrading the system, do not need to change the original configuration file, as long as the. conf copied to the correct location. Maintenance more Convenient! In particular, virtual hosts often use such settings, which are convenient when migrating.

Server Environment Setting Parameters:

Listen 80

#与监听接口有关, the default is open on all network interfaces. You can also modify the port, such as 8080

LoadModule Auth_basic_module modules/mod_auth_basic.so

......

#加载模块的设置项目. Apache provides a lot of useful modules (which are plug-ins) for us to use

Include conf.d/*.conf

#因为这一行, so the settings placed in the/etc/httpd/conf.d/*.conf will be read into the

User Apach

Group Apache

The owner and genus of the process initiated by the #prework, worker, and other modules are set

#这个设置很重要, because the Web files you provide in the future can be browsed with this identity.

ServerAdmin [email protected]

#系统管理员的E-mail, when a problem occurs on the website, the error message will display the contact email (Error return)

ServerName Server0

#设置主机名, if this value is not specified, the default will be based on the output of hostname

#千万记得, you fill in this hostname to find the IP (DNS or/etc/hosts)

Usecanonicalname OFF

#是否使用标准主机名? If your host has more than one hostname, if this setting is on, then Apache only accepts the hostname connection specified above servername. Please use off

DocumentRoot "/var/www/html"

#主页的放置目录, but you have to pay special attention to this set directory permissions and SELinux related rules and types (type)

DirectoryIndex index.html Index.html.var index.cgi

#首页 the file name setting, Apache defaults to index.* as the switch, and windows to the default.* switch.

Directory-related permissions:

<Directory>

Options Indexes followsymlinks ...

AllowOverride All Authconfig ...

Order, Allow,deny deny, allow ...

Deny, allow from all, 172.25.0.11, 172.25.0.0/24, Valid-user ...

</Directory>

Options (catalog parameters)

This setting value indicates what can be done in this directory for Apache, that is, the permission settings for the Apache program. The main parameter values are:

Indexes:

If the home file cannot be found in this directory (the default is index.html), the file name is displayed in the entire directory, and the home file name is related to the DirectoryIndex setting.

FollowSymLinks:

This is the abbreviation for Follow sysmbolic links, and the literal meaning is that the connection file can take effect. We know the home page directory in/var/www/html, since it is the root directory of WWW, theoretically like being chroot general. Generally the Chroot program will not be able to leave its directory, that is, by default, your connection file under/var/www/html as long as it is linked to a different directory than this directory. The connection file is invalidated by default. Using this setting, however, allows the connection file to effectively leave this directory.

EXECCGL:

It is important to have this directory have permission to execute CGI programs. For example, before the popular Openwebmail used a lot of Perl programs, you want to let Openwebmail can execute, you need to have ececcgi permissions in the directory where the program is located. note, however, that you should not allow all directories to use ececcgi.

Includes:

Allow some server-side include programs to run. Suggestion Plus go!

MultiViews:

This has the support of a multi-lingual language, which is related to language data (languagepriority). In the return content of the error message is the most common, in the same host, can be based on the language of the client to give different language display. The default is in the error return information, you can check the/var/www/error/directory of data.

AllowOverride (allowable override parameter function)

Indicates whether additional configuration files are allowed. Some parameters of the htaccess are overwritten. We can set all the permissions in the httpd.conf, but if the user's own personal page wants to modify the permissions, it will be a problem for the administrator. As a result, Apache defaults to allow users to overwrite certain function parameters within the <Directory> in the. htaccess file below the directory. This project is in the rules. htaccess What types of permissions can be overridden. Common ones are:

All:

All permissions can be overwritten.

Authconfig:

Only Web authentication (account number and password) can be overwritten.

Indexes:

Only indexes coverage is allowed.

Limits:

Allows the user to use Allow, deny, and order to manage browsable permissions.

None:

cannot be overwritten, which means that the. htaccess file is invalidated.

Order, allow, deny (permission to log on to browse)

Determines whether this directory can be set by the permissions that are browsed by the Apache PID. There are two main ways of judging whether you can be browsed:

deny,allow: The default is allow with deny precedence, but no rules are written.

Allow,deny: The default is deny, with allow precedence, but no rule is written.

Instance:

Question 13th http

Build a Web server with a domain name of server0.example.com on Server0. Its home directory location is free, download ftp://server.domain0.example.com/pub/html/ Server0.html to the home directory of the website and change the name to index.html, do not modify the page content.

Server

Yum-y Install http*

Firewall-cmd--per--add-serve=http

Firewall-cmd--relo

Cd/var/www/html

Vim index.html

12

Cd/etc/httpd/conf.d

Cp/usr/share/doc/httpd-2.4.6/httpd-vhosts.conf hrr.conf

Vim hrr.conf

<virtualhost *:80>

DocumentRoot "/var/www/html/"

ServerName server0.example.com

Errorlog "/var/log/httpd/server0.example.com-error_log"

Customlog "/var/log/httpd/server0.example.com-access_log" common

</VirtualHost>

Setsebool-p httpd_read_user_content 1

Systemctl Restart httpd

Client

[Email protected] conf.d]# Curl Http://server0

12

[Email protected] conf.d]#

Question 14th HTTPS

Please turn on SSL for server0.example.com website on Server0, download caert.crt,httpd.crt from ftp://classroom.example.com/pub/http/ssl/ Httpd.key Three certificate files to your local appropriate directory

Server

Yum-y Install *ssl*

Vim/etc/httpd/conf.d/hrr.conf

<virtualhost *:443>

DocumentRoot "/var/www/html/"

ServerName server0.example.com

Errorlog "/var/log/httpd/server0.example.com-error_log"

Customlog "/var/log/httpd/server0.example.com-access_log" common

Sslengine on

Sslprotocol All-sslv2

Sslciphersuite high:medium:!anull:! MD5

Sslhonorcipherorder on

Sslcertificatefile/etc/pki/tls/certs/server0.crt

Sslcertificatekeyfile/etc/pki/tls/private/server0.key

Sslcertificatechainfile/etc/pki/tls/certs/example-ca.crt

</VirtualHost>

Setsebool-p httpd_read_user_content 1

Firefox

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/74/66/wKioL1YcllTAjPnWAAFACAOnFPw046.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/74/66/wKioL1YcllaAd7cLAADs5hOrQfQ600.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/74/6A/wKiom1YcljjxtBx3AAC8wPrhNME970.jpg "/>

Systemctl Restart httpd

Client

[Email protected] conf.d]# Curl https://server0:443

Curl: Peer's certificate issuer have been marked as not trusted by the user.

More details here:http://curl.haxx.se/docs/sslcerts.html

Curl performs SSL certificate verification by default, using a "bundle"

of Certificate Authority (CA) public keys (ca certs). If the default

Bundle fil

Rhel7 HTTP Instance

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.