Installing apache will not be introduced. If you install yum, you can run it directly
yum install httpd
Configuration file location / etc / httpd / conf / httpd conf
Log directory location / var/log/httpd
Experiment 1: apache directory alias
By default, the files in the DocumentRoot directory will be sent to the client. If they are not in this location, do not want to move the location, and can be accessed, we can set the apache directory alias.
In / etc / httpd / conf.d/autoindex.com Configuring aliases in conf
Alias /hbk/ "/a/b/c/" <Directory "/a/b/c/"> Options Indexes MultiViews FollowSymlinks AllowOverride None Require all granted </Directory>
Write the test page index. In the / a/b/c directory HTML, fill in test html
Restart apache and test as follows
Experiment 2: apache user authentication
Before accessing a background management login page, if the user has a background program management account and password, he can log in to the background system. We can set more secure user authentication and set apache user authentication before accessing the login page.
Set the authentication mode in the directory where authentication is required and set htaccess file
In the main configuration file, http Set in conf
<Directory "/var/www/html/admin"> Options Indexes FollowSymLinks AllowOverride All Require all granted </Directory>
Create test page / var / www / HTML / admin / index html
Create in the certification directory htaccess file, as follows
[root@k8s-master conf]# cd /var/www/html/admin/ [root@k8s-master admin]# vi .htaccess #Prompt information AuthName "Welcome to huangbaokang System" #Encryption type AuthType basic #Password file AuthUserFile /var/www/html/admin/apache.passwd #Allow access to all users in the password file require valid-user
Create a password file, use the - c parameter for the first time, and create more users to use - m
htpasswd -c /var/www/html/admin/apache.passwd test1
htpasswd -m /var/www/html/admin/apache.passwd test2
Under normal circumstances, you can directly access / admin to access index. Under the admin directory html
Restart apache for testing. Authentication is required
You can access the background login page only after passing the authentication.
Experiment 3: virtual host
There are three categories
IP based virtual host: one server, multiple IPS, multiple websites
Port based virtual host: one server, one ip, build multiple websites, and each website uses different ports for access
Domain name based virtual host: one server, one ip, build multiple websites, and each website uses different domain names for access.
As follows, we use domain name based virtual host
Create Vhost. In the conf.d directory conf
[root@k8s-master conf.d]# cat vhost.conf <Directory "/var/www/html/hbk"> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> <VirtualHost 192.168.37.100:80> ServerAdmin webmaster@hbk.com DocumentRoot "/var/www/html/hbk" ServerName www.hbk.com ErrorLog "logs/hbk-error.log" CustomLog "logs/hbk-access.log" common </VirtualHost> <Directory "/var/www/html/zll"> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> <VirtualHost 192.168.37.100:80> ServerAdmin webmaster@zll.com DocumentRoot "/var/www/html/zll" ServerName www.zll.com ErrorLog "logs/zll-error.log" CustomLog "logs/zll-access.log" common </VirtualHost>
Restart apache and test
Log generated
Experiment 4: domain name jump
On the basis of Experiment 3, let's visit http://www.hbk.com All flow steering http://www.zll.com
This problem usually exists when the domain name is online. The new and old domain names are online at the same time, but accessing the old domain name will automatically jump to the new domain name.
Modify the previous experiment Vhost Conf file, set www.hbk Com certification is All
And create a new one in / var/www/html/hbk directory htaccess file. The file content rules are as follows:
#Enable rewrite function RewriteEngine on #Put www.hbk The content beginning with com is assigned to HTTP_HOST variable RewriteCond %{HTTP_HOST} ^www.hbk.com RewriteRule ^(.*)$ http://www.zll.com/$1 [R=permanent,L] # R=permanent redirection = 301 #L specifies this rule as the last effective rule, and subsequent rules will no longer be effective
Restart the test, you can see the jump, you can directly see the effect in the browser, and use curl to display the jump code.
Experiment 5: implementing https with apache+openssl
apache installed using yum, mod not installed_ ssl. So, you can also use the following command to check
apachectl -M | grep ssl
Execute the following command
yum -y install mod_ssl
After installing yum, you will find that a module will be generated under / etc/httpd/modules /_ ssl. So, and in / etc / httpd / conf.modules d/00-ssl. Conf loads the SSL module. There was no such profile before yum.
To apply for CA certificate, you need to spend money to buy the certificate online
Create a new directory of cert under / etc/httpd directory, and generate local CA certificate under cert directory
mkdir cert
Generate rsa secret key
openssl genrsa -out ca.key 1024
openssl req -new -key ca.key -out huangbaokang.csr
You need to input the country, region, city, organization, organization unit, email and other information in turn. The most important thing is that common name can write your name or domain name. If you apply for https, this must match the domain name.
Generate certificate
openssl x509 -req -days 365 -sha256 -in huangbaokang.csr -signkey ca.key -out huangbaokang.crt
Modify SSL Conf file, in < virtualhost_ default_: 443 > is configured as follows, and some initial can be annotated
DocumentRoot "/var/www/html" ServerName localhost:443 SSLProtocol all -SSLv2 -SSLv3 # Add SSL protocol support protocol and remove unsafe protocols. SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM # Use this encryption suite. SSLHonorCipherOrder on SSLCertificateFile cert/huangbaokang.crt # Certificate file name. SSLCertificateKeyFile cert/ca.key # Secret key file name. SSLCertificateChainFile cert/huangbaokang.crt
Restart apache for testing
Restart failure found
This experiment failed, to be continued....
Experiment 6: apache log cutting
In the main configuration file, httpd Configuration in conf
which rotatelogs can be used for the location of rotatelogs
ErrorLog "|/usr/sbin/rotatelogs -l /var/log/httpd/error_%Y%m%d.log 86400" CustomLog "|/usr/sbin/rotatelogs -l /var/log/httpd/access_%Y%m%d.log 86400" combined
Restart apache and you can see that the cutting log of mm / DD / yy is generated in the directory of / var/log/httpd.
It can also be configured in a separate configuration file.