標籤:http 反向 Proxy 正向 Proxy 虛擬機器主機的加密
http(二)650) this.width=650;" src="http://img.baidu.com/hi/jx2/j_0038.gif" alt="j_0038.gif" />
apache虛擬機器主機的加密(https:加密有CA認證)
<Virtualhost *:80>
servername music.westos.com
Documentroot/var/www/virtual/music.westos.com/html
Customlog "logs/music.log" combined
</Virtualhost>
<Directory"/var/www/virtual/music.westos.com/html"
Require all granted
</Directory>
<Virtualhost *:443> (https是443連接埠)
servername music.westos.com
Documentroot/var/www/virtual/music.westos.com/html
Customlog "logs/music-443.log"combined
SSLEngine on
SSLCertificateFile/etc/pki/tls/certs/www.westos.com.crt
SSLCertificateKeyFile/etc/pki/tls/private/www.westos.com.key
</Virtualhost>
(測試時記得清空瀏覽器緩衝哦~)
650) this.width=650;" src="http://s5.51cto.com/wyfs02/M02/8B/68/wKioL1hOBuaiK-9-AABldhYAAUk556.png-wh_500x0-wm_3-wmp_4-s_3726145280.png" title="1.png" alt="wKioL1hOBuaiK-9-AABldhYAAUk556.png-wh_50" />
頁面重寫:
vim /etc/httpd/conf.d/music.conf
<Virtualhost *:80>
servername music.westos.com
RewriteEngine on
RewriteRule^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301](訪問 http時動跳轉到https)
</Virtualhost>
<Directory "/var/www/virtual/music.westos.com/html">
Require all granted
</Directory>
<Virtualhost *:443> (https是443連接埠)
servername music.westos.com
Documentroot/var/www/virtual/music.westos.com/html
Customlog"logs/music-443.log" combined
SSLEngine on
SSLCertificateFile/etc/pki/tls/certs/www.westos.com.crt
SSLCertificateKeyFile/etc/pki/tls/private/www.westos.com.key
</Virtualhost>
650) this.width=650;" src="http://s1.51cto.com/wyfs02/M00/8B/6B/wKiom1hOBvKDZ3OwAAGywWtqKv8645.png-wh_500x0-wm_3-wmp_4-s_2782493156.png" title="2.png" alt="wKiom1hOBvKDZ3OwAAGywWtqKv8645.png-wh_50" />
注意: 我們在另一台沒有做設定的虛擬機器主機測試(news.westos.com )測試https時,它所訪問的頁面是 music.westos.com的首頁(雖然有認證,但沒有443連接埠沒有做設定)
650) this.width=650;" src="http://s4.51cto.com/wyfs02/M01/8B/6B/wKiom1hOBvuCPmHRAAA9fuia_64537.png-wh_500x0-wm_3-wmp_4-s_3824035229.png" title="3.png" alt="wKiom1hOBvuCPmHRAAA9fuia_64537.png-wh_50" />
http預設情況下只支援:php cgi html wsgi
測試php:650) this.width=650;" src="http://img.baidu.com/hi/jx2/j_0040.gif" alt="j_0040.gif" />cd /var/www/html
vim index.php
<?php
phpinfo ();
?>
650) this.width=650;" src="http://s3.51cto.com/wyfs02/M02/8B/6B/wKiom1hOBwST2l90AABCWy1Hfx0709.png-wh_500x0-wm_3-wmp_4-s_1704494003.png" title="4.png" alt="wKiom1hOBwST2l90AABCWy1Hfx0709.png-wh_50" />
yum install php -y (編譯執行php語言)
vim /etc/httpd/conf/httpd.conf
<IfModule dir_module>
DirectoryIndex index.php index.html
</IfModule>
650) this.width=650;" src="http://s5.51cto.com/wyfs02/M00/8B/6B/wKiom1hOBw2Ccs4MAACxU-yIKsA822.png-wh_500x0-wm_3-wmp_4-s_1911496136.png" title="5.png" alt="wKiom1hOBw2Ccs4MAACxU-yIKsA822.png-wh_50" />
systemclt restart httpd
瀏覽器測試:
650) this.width=650;" src="http://s4.51cto.com/wyfs02/M01/8B/68/wKioL1hOBxqjG84KAAGUJiZNPIw717.png-wh_500x0-wm_3-wmp_4-s_2713613309.png" title="6.png" alt="wKioL1hOBxqjG84KAAGUJiZNPIw717.png-wh_50" />
cgi:650) this.width=650;" src="http://img.baidu.com/hi/jx2/j_0039.gif" alt="j_0039.gif" />
cd /var/www/html
mkdir cgi
(cgi指令碼可以參考 http manual : yum install http-manual -y)
vim index.cgi
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print `date`;
650) this.width=650;" src="http://s4.51cto.com/wyfs02/M02/8B/6B/wKiom1hOBy3iQ-IMAABnqYWa3OY826.png-wh_500x0-wm_3-wmp_4-s_460091863.png" title="7.png" alt="wKiom1hOBy3iQ-IMAABnqYWa3OY826.png-wh_50" />
chmod +x index.cgi
650) this.width=650;" src="http://s3.51cto.com/wyfs02/M02/8B/68/wKioL1hOBzWyMPxNAACvHVW1ttY558.png-wh_500x0-wm_3-wmp_4-s_1657376748.png" title="8.png" alt="wKioL1hOBzWyMPxNAACvHVW1ttY558.png-wh_50" />
vim /etc/httpd/conf.d/default.conf
650) this.width=650;" src="http://s5.51cto.com/wyfs02/M00/8B/6B/wKiom1hOBz3jjQBmAADUkXPHh88229.png-wh_500x0-wm_3-wmp_4-s_1981965064.png" title="9.png" alt="wKiom1hOBz3jjQBmAADUkXPHh88229.png-wh_50" />
selinux(請注意安全上下文)
cd /var/www
ls -Zd cgi-bin/
drwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0 cgi-bin/
semanage fcontext -a -thttpd_sys_script_exec_t ‘/var/www/html/cgi(/.*)?‘
restorecon -FvvR /var/www/html/cgi/
650) this.width=650;" src="http://s1.51cto.com/wyfs02/M00/8B/68/wKioL1hOB0SQOD5_AAID1Hsm3kY426.png-wh_500x0-wm_3-wmp_4-s_2391540903.png" title="10.png" alt="wKioL1hOB0SQOD5_AAID1Hsm3kY426.png-wh_50" />
systemclt restart httpd
測試:
650) this.width=650;" src="http://s3.51cto.com/wyfs02/M01/8B/68/wKioL1hOB07CG2zXAABVZz62IWw813.png-wh_500x0-wm_3-wmp_4-s_3689997999.png" title="11.png" alt="wKioL1hOB07CG2zXAABVZz62IWw813.png-wh_50" />
搭建一個論壇:
下載一個安裝包:
Discuz_X3.2_SC_UTF8.zip
( yum install php/php-mysql -y)
解壓:
unzip Discuz_X3.2_SC_UTF8.zip
注意要讀:less readme/readme.txt
chmod 777 upload/data/upload/config/
注意:selinux (警告模式)
172.25.254.231/upload/install
安裝:
650) this.width=650;" src="http://s4.51cto.com/wyfs02/M02/8B/6C/wKiom1hOB1jR3Q9sAAJBqFo6WuM881.png-wh_500x0-wm_3-wmp_4-s_2012486756.png" title="12.png" alt="wKiom1hOB1jR3Q9sAAJBqFo6WuM881.png-wh_50" />
登陸:
650) this.width=650;" src="http://s5.51cto.com/wyfs02/M02/8B/68/wKioL1hOB2Lh4ulZAAGyAOa8V-A764.png-wh_500x0-wm_3-wmp_4-s_4214011863.png" title="13.png" alt="wKioL1hOB2Lh4ulZAAGyAOa8V-A764.png-wh_50" />
正向 Proxy:工作原理就像一個跳板。簡單的說,我是一個使用者,我訪問不了某網站,但我能訪問一個Proxy 伺服器(Proxy 伺服器可以訪問這個網站)。於是,我先連上Proxy 伺服器,告訴他我無法訪問的網站內容,Proxy 伺服器去訪問,然後返還給我。有時候並不知道使用者的請求是什麼,也隱藏了使用者資訊,這取決於代理搞不告訴網站(用戶端必須進行設定)650) this.width=650;" src="http://img.baidu.com/hi/jx2/j_0033.gif" alt="j_0033.gif" />
用兩台虛擬機器做類比測試:
在server裡面加一塊網卡:
ip1:172.25.254.231(與真機同一個網段)
ip2:172.25.31.10(與desktop同一個網段)
650) this.width=650;" src="http://s5.51cto.com/wyfs02/M00/8B/6C/wKiom1hOB2-igKR4AAJ1YGsELmU138.png-wh_500x0-wm_3-wmp_4-s_4192541037.png" title="14.png" alt="wKiom1hOB2-igKR4AAJ1YGsELmU138.png-wh_50" />
在desktop裡面
ip:172.25.31.10
真機ip:172.25.254.31
測試:server 可以ping通真機
desktop不可以ping通真機
650) this.width=650;" src="http://s1.51cto.com/wyfs02/M01/8B/6C/wKiom1hOB3mQ9PQXAAK8nNZgmPo866.png-wh_500x0-wm_3-wmp_4-s_2817669492.png" title="15.png" alt="wKiom1hOB3mQ9PQXAAK8nNZgmPo866.png-wh_50" />
server:(可以ping通真機的那台虛擬機器)
yum install squid -y
vim /etc/squid/squid.conf
http_access allow all
cache_dir ufs /var/spool/squid 100 16 256
650) this.width=650;" src="http://s2.51cto.com/wyfs02/M02/8B/6C/wKiom1hOB4bheqNxAAJo-0LI2Uo679.png-wh_500x0-wm_3-wmp_4-s_3066664702.png" title="16.png" alt="wKiom1hOB4bheqNxAAJo-0LI2Uo679.png-wh_50" />
(在 /var/spool/squid 裡面 會產生16個A記錄檔案,每個A記錄檔案裡面有256個二級目錄)
650) this.width=650;" src="http://s1.51cto.com/wyfs02/M01/8B/68/wKioL1hOB5DQ_GUfAAD_Y4Ec5pQ284.png-wh_500x0-wm_3-wmp_4-s_949695238.png" title="17.png" alt="wKioL1hOB5DQ_GUfAAD_Y4Ec5pQ284.png-wh_50" />
systemctl start squid
測試:ping不通的虛擬機器也可以訪問真機器的apache網頁(此時desktop還是ping 不通真機噠~)
650) this.width=650;" src="http://s4.51cto.com/wyfs02/M02/8B/6C/wKiom1hOB5iQ48vuAACWr1wpCHY766.png-wh_500x0-wm_3-wmp_4-s_3594587169.png" title="18.png" alt="wKiom1hOB5iQ48vuAACWr1wpCHY766.png-wh_50" />
(server在裡面充當了翻牆工具 ^_^ 帶你去看你本來看不到的東西~~)
反向 Proxy:(伺服器裡面不裝https)企業做的,用戶端不做任何設定明確告訴上級伺服器要拿什麼
squid (主要做加速的)
yum install squid -y
vim /etc/squid/squid.conf
cache_peer 172.25.254.4 parent80 0 no-query
650) this.width=650;" src="http://s5.51cto.com/wyfs02/M00/8B/6C/wKiom1hOB63xssT0AAF961VK_4E636.png-wh_500x0-wm_3-wmp_4-s_3120376543.png" title="19.png" alt="wKiom1hOB63xssT0AAF961VK_4E636.png-wh_50" />
systemctl start squid
netstat -antlpe | grep 80
tcp 0 0 172.25.254.231:22 172.25.254.31:48992 ESTABLISHED 0 28081 1585/sshd: [email protected]
tcp6 0 0 :::80 :::* LISTEN 0 191797 4659/(squid-1)
tcp6 0 0 ::1:6010 ::1:38780 ESTABLISHED 0 28373 1585/sshd: [email protected]
tcp6 0 0 ::1:38780 ::1:6010 ESTABLISHED 0 28372 1621/dbus-launch
注意:伺服器裡面沒有httpd 這個80 連接埠是squid開的
在另一台虛擬機器裡面測試:
650) this.width=650;" src="http://s3.51cto.com/wyfs02/M00/8B/68/wKioL1hOB8LinzUhAACCfhb2N7A134.png-wh_500x0-wm_3-wmp_4-s_2529094891.png" title="20.png" alt="wKioL1hOB8LinzUhAACCfhb2N7A134.png-wh_50" />
反向 Proxy輪詢機制:650) this.width=650;" src="http://img.baidu.com/hi/jx2/j_0042.gif" alt="j_0042.gif" />cache_peer 172.25.254.4 parent 80 0 no-query originserver round-robin name=web1
cache_peer 172.25.254.3 parent 80 0 no-query originserver round-robin name=web2
cache_peer_domain web1 web2 650) this.width=650;" src="http://s1.51cto.com/wyfs02/M01/8B/6C/wKiom1hOB9jz9jqyAAFNzvAOYxM532.png-wh_500x0-wm_3-wmp_4-s_2952214839.png" title="21.png" alt="wKiom1hOB9jz9jqyAAFNzvAOYxM532.png-wh_50" />www.taobao.com
systemctl restart squid
在另一台機器上測試:www.taobao.com
重新整理兩次:得到不同的頁面
650) this.width=650;" src="http://s5.51cto.com/wyfs02/M02/8B/68/wKioL1hOB-Pw0ElFAABE5XiKOxg761.png-wh_500x0-wm_3-wmp_4-s_1721831935.png" style="float:none;" title="22.png" alt="wKioL1hOB-Pw0ElFAABE5XiKOxg761.png-wh_50" />
650) this.width=650;" src="http://s2.51cto.com/wyfs02/M02/8B/6C/wKiom1hOB-SyCcUXAABnW5kfm5c137.png-wh_500x0-wm_3-wmp_4-s_3421774497.png" style="float:none;" title="23.png" alt="wKiom1hOB-SyCcUXAABnW5kfm5c137.png-wh_50" />
http伺服器的搭建(二)
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
