apache related experiments

Installing apache will not be introduced. If you install yum, you can run it directly

yum install httpd

Configuration file location / etc / httpd / conf / httpd conf
Log directory location / var/log/httpd

Experiment 1: apache directory alias

By default, the files in the DocumentRoot directory will be sent to the client. If they are not in this location, do not want to move the location, and can be accessed, we can set the apache directory alias.
In / etc / httpd / conf.d/autoindex.com Configuring aliases in conf

Alias /hbk/ "/a/b/c/"
<Directory "/a/b/c/">
    Options Indexes MultiViews FollowSymlinks
    AllowOverride None
    Require all granted
</Directory>

Write the test page index. In the / a/b/c directory HTML, fill in test html
Restart apache and test as follows

Experiment 2: apache user authentication

Before accessing a background management login page, if the user has a background program management account and password, he can log in to the background system. We can set more secure user authentication and set apache user authentication before accessing the login page.
Set the authentication mode in the directory where authentication is required and set htaccess file
In the main configuration file, http Set in conf

<Directory "/var/www/html/admin">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

Create test page / var / www / HTML / admin / index html

Create in the certification directory htaccess file, as follows

[root@k8s-master conf]# cd /var/www/html/admin/
[root@k8s-master admin]# vi .htaccess

#Prompt information
AuthName "Welcome to huangbaokang System"
#Encryption type
AuthType basic
#Password file
AuthUserFile /var/www/html/admin/apache.passwd
#Allow access to all users in the password file
require valid-user

Create a password file, use the - c parameter for the first time, and create more users to use - m
htpasswd -c /var/www/html/admin/apache.passwd test1
htpasswd -m /var/www/html/admin/apache.passwd test2

Under normal circumstances, you can directly access / admin to access index. Under the admin directory html

Restart apache for testing. Authentication is required

You can access the background login page only after passing the authentication.

Experiment 3: virtual host

There are three categories
IP based virtual host: one server, multiple IPS, multiple websites
Port based virtual host: one server, one ip, build multiple websites, and each website uses different ports for access
Domain name based virtual host: one server, one ip, build multiple websites, and each website uses different domain names for access.
As follows, we use domain name based virtual host

Create Vhost. In the conf.d directory conf

[root@k8s-master conf.d]# cat vhost.conf 
<Directory "/var/www/html/hbk">
	Options Indexes FollowSymLinks
	AllowOverride None
	Require all granted
</Directory>
<VirtualHost 192.168.37.100:80>
	ServerAdmin webmaster@hbk.com
	DocumentRoot "/var/www/html/hbk"
	ServerName www.hbk.com
	ErrorLog "logs/hbk-error.log"
	CustomLog "logs/hbk-access.log" common
</VirtualHost>


<Directory "/var/www/html/zll">
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>
<VirtualHost 192.168.37.100:80>
        ServerAdmin webmaster@zll.com
        DocumentRoot "/var/www/html/zll"
        ServerName www.zll.com
        ErrorLog "logs/zll-error.log"
        CustomLog "logs/zll-access.log" common
</VirtualHost>

Restart apache and test

Log generated

Experiment 4: domain name jump

On the basis of Experiment 3, let's visit http://www.hbk.com All flow steering http://www.zll.com

This problem usually exists when the domain name is online. The new and old domain names are online at the same time, but accessing the old domain name will automatically jump to the new domain name.
Modify the previous experiment Vhost Conf file, set www.hbk Com certification is All

And create a new one in / var/www/html/hbk directory htaccess file. The file content rules are as follows:

#Enable rewrite function
RewriteEngine on
#Put www.hbk The content beginning with com is assigned to HTTP_HOST variable
RewriteCond %{HTTP_HOST} ^www.hbk.com
RewriteRule ^(.*)$ http://www.zll.com/$1 [R=permanent,L]
# R=permanent redirection = 301
#L specifies this rule as the last effective rule, and subsequent rules will no longer be effective

Restart the test, you can see the jump, you can directly see the effect in the browser, and use curl to display the jump code.

Experiment 5: implementing https with apache+openssl

apache installed using yum, mod not installed_ ssl. So, you can also use the following command to check

apachectl -M | grep ssl

Execute the following command

yum -y install mod_ssl

After installing yum, you will find that a module will be generated under / etc/httpd/modules /_ ssl. So, and in / etc / httpd / conf.modules d/00-ssl. Conf loads the SSL module. There was no such profile before yum.

To apply for CA certificate, you need to spend money to buy the certificate online
Create a new directory of cert under / etc/httpd directory, and generate local CA certificate under cert directory

mkdir cert

Generate rsa secret key

openssl genrsa -out ca.key 1024
openssl req -new -key ca.key -out huangbaokang.csr

You need to input the country, region, city, organization, organization unit, email and other information in turn. The most important thing is that common name can write your name or domain name. If you apply for https, this must match the domain name.

Generate certificate

openssl x509 -req -days 365 -sha256 -in huangbaokang.csr -signkey ca.key -out huangbaokang.crt

Modify SSL Conf file, in < virtualhost_ default_: 443 > is configured as follows, and some initial can be annotated

DocumentRoot "/var/www/html"
ServerName localhost:443
SSLProtocol all -SSLv2 -SSLv3  
# Add SSL protocol support protocol and remove unsafe protocols.  
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM   
# Use this encryption suite.   
SSLHonorCipherOrder on
SSLCertificateFile cert/huangbaokang.crt   
# Certificate file name.
SSLCertificateKeyFile cert/ca.key   
# Secret key file name. 
SSLCertificateChainFile cert/huangbaokang.crt


Restart apache for testing
Restart failure found

This experiment failed, to be continued....

Experiment 6: apache log cutting

In the main configuration file, httpd Configuration in conf
which rotatelogs can be used for the location of rotatelogs

ErrorLog "|/usr/sbin/rotatelogs -l /var/log/httpd/error_%Y%m%d.log 86400"
CustomLog "|/usr/sbin/rotatelogs -l /var/log/httpd/access_%Y%m%d.log 86400" combined

Restart apache and you can see that the cutting log of mm / DD / yy is generated in the directory of / var/log/httpd.

It can also be configured in a separate configuration file.

Tags: Apache

Posted by jmboblee on Wed, 11 May 2022 06:51:00 +0300