redhat4 apache简练
server:redhat 4 172.16.12.178
client:本机 172.16.12.78
一、配置IP
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# more ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
HWADDR=00:0C:29:5B:DC:DE
ONBOOT=yes
TYPE=Ethernet
DHCP_HOSTNAME=localhost.localdomain
IPADDR=172.16.12.178
NETMASK=255.255.0.0
GATEWAY=172.16.12.1
[root@localhost sysconfig]# more network
NETWORKING=yes
HOSTNAME=web
[root@localhost sysconfig]#init 6
二、配置DNS
[root@web etc]# cp named.conf named.conf-bak
[root@web etc]# vi named.conf
在最后增加
zone "nagios.com" IN {
type master;
file "nagios.com.dns";
allow-update { none; };
};
[root@web ~]# cd /var/named/chroot/var/named/
[root@web named]# ls
data localdomain.zone localhost.zone named.broadcast named.ca named.ip6.local named.local named.zero slaves
[root@web named]# cp localhost.zone nagios.com.dns
[root@web named]# vi nagios.com.dns
IN MX 10 mail.nagios.com.
$TTL 86400
@ IN SOA @ root.web.nagios.com. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS web.nagios.com.
IN MX 10 web.nagios.com.
web IN A 172.16.12.178
www IN CNAME web.nagios.com.
mail IN CNAME web.nagios.com.
[root@web named]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
[root@web named]# ps -ef|grep named
named 7490 1 0 20:41 ? 00:00:00 /usr/sbin/named -u named -t /var/named/chroot
root 7499 7004 0 20:42 pts/1 00:00:00 grep named
三、测试DNS
[root@web named]# nslookup
> web.nagios.com
Server: 172.16.12.178
Address: 172.16.12.178#53
Name: web.nagios.com
Address: 172.16.12.178
>
Server: 172.16.12.178
Address: 172.16.12.178#53
canonical name = web.nagios.com.
Name: web.nagios.com
Address: 172.16.12.178
> mail.nagios.com
Server: 172.16.12.178
Address: 172.16.12.178#53
mail.nagios.com canonical name = web.nagios.com.
Name: web.nagios.com
Address: 172.16.12.178
>
四、配置apache,系统默认已经装好
[root@web ~]# cd /etc/httpd/conf/
[root@web conf]# cp httpd.conf httpd.conf-bak
[root@web conf]# service httpd start
Starting httpd: [ OK ]
[root@web conf]# ps -ef|grep httpd
root 7524 1 3 20:46 ? 00:00:00 /usr/sbin/httpd
apache 7527 7524 0 20:46 ? 00:00:00 /usr/sbin/httpd
apache 7528 7524 0 20:46 ? 00:00:00 /usr/sbin/httpd
apache 7529 7524 0 20:46 ? 00:00:00 /usr/sbin/httpd
apache 7530 7524 0 20:46 ? 00:00:00 /usr/sbin/httpd
apache 7531 7524 0 20:46 ? 00:00:00 /usr/sbin/httpd
apache 7532 7524 0 20:46 ? 00:00:00 /usr/sbin/httpd
apache 7533 7524 0 20:46 ? 00:00:00 /usr/sbin/httpd
apache 7534 7524 0 20:46 ? 00:00:00 /usr/sbin/httpd
root 7536 7004 0 20:46 pts/1 00:00:00 grep httpd
[root@web conf]# cd /var/www/html
[root@web html]# vi index.html
Title of page
This is my first homepage. This text is bold
通过即可访问该网页,成功
五、更换主目录测试
[root@web html]# vi bt22.html
#
[root@web html]# vi /etc/httpd/conf/httpd.conf
:/DirectoryIndex--->回车,36%处找到如下内容修改成
DirectoryIndex bt22.html index.html.var
[root@web html]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
通过即可访问该网页,成功
[root@web html]# mkdir jesonc
[root@web html]# cd jesonc/
[root@web jesonc]# touch aa bb cc dd
[root@web jesonc]# ls
aa bb cc dd
通过即可访问该网页,成功,能看到aa,bb,cc,dd这几个文件
六、物理目录控制和符号链接
[root@web jesonc]# vi /etc/httpd/conf/httpd.conf
:/Directory-->回车,25%处找到如下内容修改成
#
Options FollowSymLinks indexes
AllowOverride None(若这里改成options也是可以的)
[root@web jesonc]# !service
service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
通过即可访问该网页,成功
若将
#
Options FollowSymLinks indexes
AllowOverride None
中的indexes改成-indexes的话
通过即可访问该网页,不成功,提示
403 Forbidden
You don't have permisson to access /jesonc/ on this server
[root@web jesonc]# ln -s /usr/share/doc/ lianjie
[root@web jesonc]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
通过即可访问该网页,成功,并会发现多了一个lianjie文件夹,而该文件夹里的内容全是从/usr/share/doc里链接过来的
若将
#
Options FollowSymLinks indexes
AllowOverride None
中的FollowSymLinks改成-FollowSymLinks
通过即可访问该网页,只能看到aa,bb,cc,dd这几个文件,而看不到上面链接出来的文件夹lianjie
[root@web jesonc]# vi .htaccess
Options Indexes
[root@web jesonc]# vi /etc/httpd/conf/httpd.conf
#
Options FollowSymLinks indexes
AllowOverride None
通过即可访问该网页,成功,能看到aa,bb,cc,dd和lianjie文件夹
七、虚拟目录
[root@web jesonc]# vi /etc/httpd/conf/httpd.conf
25%处,修改成如下
#
Options FollowSymLinks indexes
AllowOverride None
alias /jesonc/ /usr/share/doc/bind-9.2.4/
Options FollowSymLinks indexes
AllowOverride None
[root@web jesonc]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
通过即可访问该网页,成功,能看到
真实目录/usr/share/doc/bind-9.2.4/下的内容
八、个人站点
[root@web jesonc]# vi /etc/httpd/conf/httpd.conf
25%处,修改成如下
#
...........
UserDir disable root --添加root
...........
#UserDir public_html --去掉前面的#
...........
--去掉前面的#
AllowOverride FileInfo AuthConfig Limit --去掉前面的#
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec --去掉前面的#
--去掉前面的#
Order allow,deny --去掉前面的#
Allow from all --去掉前面的#
--去掉前面的#
--去掉前面的#
Order deny,allow --去掉前面的#
Deny from all --去掉前面的#
--去掉前面的#
--去掉前面的#
[root@web jesonc]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
用另一个普通用户jiajia登录另一终端
[jiajia@web ~]$ mkdir public_html
[jiajia@web ~]$ cd ..
[jiajia@web home]$ chmod 711 jiajia
[jiajia@web home]$ cd jiajia/
[jiajia@web ~]$ cd public_html/
[jiajia@web public_html]$ vi index.html
This is jiajia's private website!!!
通过即可访问该个人网页,成功,看到This is jiajia's private website!!!字样
九、认证和授权
[root@web jesonc]# vi /etc/httpd/conf/httpd.conf
25%处,修改成如下:
#
Options FollowSymLinks indexes
AllowOverride None
AuthType basic
AuthName "test"
AuthUserFile /var/www/passwd/tianyu
require valid-user
#alias /jesonc/ /usr/share/doc/bind-9.2.4/
#
#Options FollowSymLinks indexes
#AllowOverride None
#
[root@web jesonc]# mkdir /var/www/passwd/
[root@web jesonc]# cd /var/www/passwd/
[root@web passwd]# htpasswd -c tianyu test1 --该用户不需要是系统用户
New password:
Re-type new password:
Adding password for user test1
[root@web passwd]# htpasswd tianyu test2 --该用户不需要是系统用户
New password:
Re-type new password:
Adding password for user test2
[root@web passwd]# chown apache.apache tianyu
[root@web passwd]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
通过即可访问该网页,成功,需要输入用户名和密码,可以是test1或test2
在require valid-user下面再写入如下内容
Order deny,allow
deny from all
allow from 172.16.12.179
[root@web jesonc]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
在IP为172.16.12.74上通过即可访问该网页,不成功,提示
403 Forbidden
You don't have permisson to access /jesonc/ on this server
十、虚拟主机
情况1:相同IP,不同端口
[root@web jesonc]# vi /etc/httpd/conf/httpd.conf
10%处,修改成如下:
#
#Listen 12.34.56.78:80
Listen 80
Listen 8888
Listen 6666
在最底端复制两份如下内容,修改成:
# NOTE:The same IP,The different interface
DocumentRoot /www/nagios1
DocumentRoot /www/nagios2
[root@web jesonc]# cd /var/www/html
[root@web html]# mkdir -p /www/nagios1
[root@web html]# mkdir -p /www/nagiso2
[root@web html]# echo "nagios1" >/www/nagios1/index.html
[root@web html]# echo "nagios2">/www/nagios2/index.html
[root@web passwd]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
通过即可访问该网页,成功,看到nagios1字样
即可访问该网页,成功,看到nagios2字样
情况2:不同IP,相同端口
[root@web network-scripts]# cp ifcfg-eth0 ifcfg-eth0:1
[root@web network-scripts]# vi ifcfg-eth0:1
DEVICE=eth0:1
BOOTPROTO=static
HWADDR=00:0C:29:5B:DC:DE
ONBOOT=yes
TYPE=Ethernet
DHCP_HOSTNAME=localhost.localdomain
IPADDR=172.16.12.179
NETMASK=255.255.0.0
GATEWAY=172.16.12.1
[root@web network-scripts]# service network restart
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: [ OK ]
Setting network parameters: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: [ OK ]
[root@web network-scripts]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:5B:DC:DE
inet addr:172.16.12.178 Bcast:172.16.255.255 Mask:255.255.0.0
inet6 addr: fe80::20c:29ff:fe5b:dcde/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:20679 errors:0 dropped:0 overruns:0 frame:0
TX packets:18336 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1836918 (1.7 MiB) TX bytes:2547945 (2.4 MiB)
Interrupt:193 Base address:0x2000
eth0:1 Link encap:Ethernet HWaddr 00:0C:29:5B:DC:DE
inet addr:172.16.12.179 Bcast:172.16.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:193 Base address:0x2000
[root@web jesonc]# vi /etc/httpd/conf/httpd.conf
在最底端复制两份如下内容,修改成:
# NOTE:The different IP,The same interface
DocumentRoot /www/cacti1
DocumentRoot /www/cacti2
[root@web ~]# cd /var/www/html/
[root@web html]# mkdir -p /www/cacti1
[root@web html]# mkdir -p /www/cacti2
[root@web html]# echo "cacti1">/www/cacti1/index.html
[root@web html]# echo "cacti2">/www/cacti2/index.html
[root@web html]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [Thu Oct 22 23:01:19 2009] [error] (EAI 3)Temporary failure in name resolution: Failed to resolve server name for 172.16.12.179 (check DNS) -- or specify an explicit ServerName
通过即可访问该网页,成功,看到cacti1字样
即可访问该网页,成功,看到cacti2字样
情况3:相同IP,不同主机头
[root@web ~]# vi /etc/named.conf
最底端增加
zone "cacti.com" IN {
type master;
file "cacti.com.dns";
allow-update { none; };
};
[root@web ~]# cd /var/named/chroot/var/named/
[root@web named]# cp nagios.com.dns cacti.com.dns
[root@web named]# vi cacti.com.dns
web IN A 172.16.12.178
$TTL 86400
@ IN SOA @ root.web.cacti.com. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS web.cacti.com.
IN MX 10 web.cacti.com.
web IN A 172.16.12.178
www IN CNAME web.cacti.com.
mail IN CNAME web.cacti.com.
[root@web named]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
[root@web html]# vi /etc/httpd/conf/httpd.conf
在1019.1行,去掉#NameVirtualHost *:80前面的#,改成如下
NameVirtualHost 172.16.12.178
在最底端复制两份如下内容,修改成:
# NOTE:The same IP,The different hosthead
ServerName web.nagios.com
DocumentRoot /www/cacti1-nagios1
ServerName web.cacti.com
DocumentRoot /www/cacti2-nagios2
[root@web html]# mkdir -p /www/cacti1-nagios1
[root@web html]# mkdir -p /www/cacti2-nagios2
[root@web html]# echo "cacti1-nagios1">/www/cacti1-nagios1/index.html
[root@web html]# echo "cacti2-nagios2">/www/cacti2-nagios2/index.html
[root@web html]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
通过即可访问该网页,成功,看到cacti1-nagios1字样
即可访问该网页,成功,看到cacti2-nagios2字样
补充:增加对组认证
[root@web passwd]# vi group
awei: cacti1 cacti2 cacti3 cacti4
[root@web passwd]# htpasswd tianyu cacti1
New password:
Re-type new password:
Adding password for user cacti1
[root@web passwd]# htpasswd tianyu cacti2
New password:
Re-type new password:
Adding password for user cacti2
[root@web passwd]# htpasswd tianyu cacti3
New password:
Re-type new password:
Adding password for user cacti3
[root@web passwd]# htpasswd tianyu cacti4
New password:
Re-type new password:
Adding password for user cacti4
[root@web passwd]# ls
group tianyu
[root@web passwd]# vi /etc/httpd/conf/httpd.conf
Options FollowSymLinks indexes
AllowOverride None
AuthType basic
AuthName "test"
AuthUserFile /var/www/passwd/tianyu
AuthGroupFile /var/www/passwd/group
require group awei
通过访问,成功,但只能是组awei中的cacti1,cacti2,cacti3,cacti4这几个用户可以访问,test1,test2不能访问
若 改成require valid-user,则用户文件里的用户都可以访问