Deployment and configuration of Apache service under Linux

1 The role of Apache

• Parse web page languages, such as html, php, jsp, etc.
• Receive requests from web users and give certain responses

2 Apache Installation

Install apche software: dnf install httpd.x86_64 -y

3. Enable Apache

• Enable the Apache service and set it to start at boot: systemctl enable --now httpd
• Check the status of the Apache service: systemctl enable --now httpd

• View the firewall information: firewall-cmd --list-all Permanently enable the http service in the firewall: firewall-cmd --permanent --add-service=http http
• Permanently enable irewall-cmd --permanent --add-service=https https
• Refresh the firewall without changing the current firewall status: firewall-cmd --reload

4 Basic information of Apache

Basic information of apche

• Service Name: httpd
• Main configuration file: /etc/httpd/conf/httpd.conf
• Sub-configuration files: /etc/httpd/conf.d/*.conf
• Default publishing directory: /var/www/html
• Default port: 80 (http), 443 (https)
• Log files: /etc/httpd/logs
• After starting the apche service, enter the IP address to view the default publishing page:

(1) Change the port number of the apche service

• View the default port number of the httpd service: netstat -antlupe |grep httpd

• Edit the configuration file: /etc/httpd/conf/httpd.conf and change the port number

• Restart the httpd service: systemctl restart httpd
• Check the port number of the httpd service: netsat -antlupe | grep httpd

• After changing the port number, the connection cannot be made after entering the IP address because port 8080 is not added to the firewall.

• Add firewall-cmd --permanent --add-port=888/tcp
• Refresh the firewall without changing the current firewall status: firewall-cmd --reload

• Enter the IP address: port number and you can access it normally

(2) Modify the default release file of apche

• Default directory: cd /var/www/html
• Create a new file index.html in the default publishing directory

• Enter: http://172.25.254.144 to view

The default release file is the file that is accessed by default when no file name is specified when accessing Apache. Multiple files can be specified, but there is an access order.

• Create a new file and edit it: westo.html

• Edit the configuration file: /etc/httpd/conf/httpd.conf

• Restart the httpd service: systemctl restart httpd

(3) Modify the default release directory of apche

• Create a new directory: mkdir -p /westos/html/
• Create a file: vim /westos/html/index.html

• Edit the apche configuration file: /etc/httpd/conf/httpd.conf

• Restart the service: systemctl restart httpd
• Test: Enter http://172.25.254.144 in the browser, and you will see the default published file in the /westos/html/ directory.

• Create a new release directory: mkdir /var/www/html/westos
• Create a new release file: vim /var/www/html/westos/index.html

• Edit the configuration file: vim /etc/httpd/conf/httpd.conf

• Restart the service: systemctl restart httpd
• Test: http://172.25.254.144/westos/

5 Apache access control

5.1 Access control based on client IP

• Based on IP access, it specifies which IPs can access and which IPs cannot access. The order of deny and allow in the configuration file directly determines the properties of the blacklist and whitelist.

(1) Whitelist

• IP whitelist: Only users in the list can access
• Edit the configuration file: vim /etc/httpd/conf/httpd.conf

• Restart the service: systemctl restart httpd
• Test: ip=172.25.254.44 is in the ip whitelist, and you can access http://172.25.254.44/westos normally

The host with ip=172.25.254.144 is not in the whitelist and cannot access http://172.25.254.44/westos

(2) IP blacklist

• IP blacklist: Only users in the list cannot access
• Edit the configuration file: vim /etc/httpd/conf/httpd.conf

• Test: ip=172.25.254.44 is in the ip blacklist, and you can access http://172.25.254.44/westos normally

IP=172.25.254.144 is not in the blacklist and can access http://172.25.254.44/westos normally

5.2 Access Control Based on User Authentication

(1) Allow some users to access shared directories through authentication

• Generate an authentication file and create an admin user: htpasswd -cm /etc/httpd/htpasswdfile linux

• Create a linux user, -c will re-create the user authentication file, overwriting the previous admin user, and entering the password will overwrite the previous user: htpasswd -m /etc/httpd/htpasswdfile westos

• To allow only certain users to pass authentication, edit the configuration file: vim /etc/httpd/conf/httpd.conf

• Restart the service: systemctl restart httpd
• Test: Only authenticated users can access the shared directory

(2) Allow all users to access the shared directory through authentication

• Edit the configuration file: vim /etc/httpd/conf/httpd.conf

• Restart the service: systemctl restart httpd
• Test: All users can access the shared directory through authentication

6 Apache virtual hosts

Virtual host: multiple sites (multiple domain names) are established on a real host. Different web pages of a host are accessed through domain names. From the network address, it seems that there are multiple hosts. These hosts are called virtual hosts.

DNS resolves the domain name's IP

Create the default release directory for linux, news, and media: mkdir /var/www/westos.com/{linux,news,media}
The default release file for Linux: echo "<h1>hello linux</h1>" > /var/www/westos.com/news/index.html
The default publishing file for news: echo "<h1>hello news </h1>" > /var/www/westos.com/news/index.html
The default publishing file of media: echo "<h1>hello media </h1>" > /var/www/westos.com/media/index.html

• Create a new apche sub-configuration file and edit it: /etc/httpd/conf.d/vhost.conf

• Edit the local domain name resolution file: /etc/hosts

• Test results:

7 Apache encrypted access

(1) Install the encryption plug-in

• View Apache's encryption plugin: dnf search apache

• Install the encryption plugin

(2) Generate a private key: openssl genrsa -out /etc/pki/tls/private/www.westos.com.key

(3) Generate a certificate signature file: openssl req -new -key /etc/pki/tls/private/www.westos.com.key -out /etc/pki/tls/cert/www.westos.com.csr

(4) Generate a certificate:

openssl x509 -req -days 365 -in /etc/pki/tls/certs/www.westos.com.csr -signkey /etc/pki/tls/private/www.westos.com.key -out /etc/pki/tls/certs/www.westos.com.crt
## x509:certificate format ## -req request ## -in load visa name ## -signkey 

• Edit the configuration file: /etc/httpd/conf.d/ssl.conf

• Edit apche's sub-configuration file and edit: /etc/httpd/conf.d/vhost.conf

• Restart the service: systemctl restart httpd

• Test: Now you can use the https encryption service normally

8. Web page rewrite

Enter media.westos.com in the browser and it will automatically jump to the following interface

• If you want to redirect to https://media.westos.com after entering media.westos.com, you can do this by rewriting the web page, that is, automatically redirecting to https (port 443) when accessing http (port 80)
• Steps to implement web page rewriting

(1) Edit the apche sub-configuration file: /etc/httpd/conf.d/vhost.conf

(2) Restart the service: systemctl restart httpd

(3) Test, enter the domain name and https will be automatically loaded

9 Forward Proxy

(1) Configure the squid client (the host can access the Internet)

• Edit the configuration file: /etc/squid/squid.conf

• Start the squid service: systemctl start squid.service

(2) Client: Test on a host that cannot access the Internet, and enter the following in the browser: www.baidu.com cannot be accessed

• Add proxy: Preference -> Network settings -> Manual proxy configuration

• Fill in the host and port number of the squid service. After the settings are completed, although the host is not connected to the Internet, it can access www.baidu.com and other websites through the proxy.

• Tested on the client, can access www.baidu.com normally

However, the client host still cannot ping www.baidu.com

10 Reverse Proxy

node1: virtual machine 172.25.254.244 without apache service

node2: The virtual machine 172.25.254.193 that can use the Apache service normally, configure the Apache release file

• Download the proxy: dnf install squid -y

• Edit the configuration file: vim /etc/squid/squid.conf

• Restart the squid service: systemctl restart squid
  The host 172.25.254.244, which originally did not have Apache service, can cache data through port 80 (http) of 172.25.254.193

11 Languages ​​supported by Apache

php

Restart the apache service: systemctl restart httpd.service

Test: http://172.25.254.144/index.php

cgi

mkdir /var/www/html/cgi

vim /var/www/html/cgi/index.cgi

cd /var/www/html/cgi

chmod +x index.cgi

./var/www/html/cgi/index.cgi

Test: http://172.25.254.144/cgi/index.cgi

Edit the virtual host configuration file: vim /etc/httpd/conf.d/vhost.conf

Restart the service: systemctl restart httpd.service

Test: http://172.25.254.144/cgi/index.cgi

This concludes this article on the deployment and configuration of Apache services under Linux. I hope it will be helpful for everyone’s study, and I also hope that everyone will support 123WORDPRESS.COM.