httpd-2.4 功能生动实现 （Blog 13）

概述

超文本：用超文本格式标签组织的文本
超文本标签：类似于<font=, <color=, <h1>, <body>, <title>
超链接：点击后，可以引用到另一个文档；

http协议：Hyper Text Transfer Protocol，超文本传输协议
MIME(Multipurpose多目的 Internet Mail Extension)：将非文本信息编码为文本格式，传送到目的端可以还原成还有格式；
HTTP/1.1：引入MIME，支持长连接，最为广泛使用；

http协议开源实现：httpd(ASF:apache Software Fundation)，nginx，lighttpd

内核中内存中找一段内存空间，记录了客户端ip,port,服务器端的ip,port：连接什么时候建立，什么时候断开；映射为一个socket文件：

一次完整的httpd协议请求；

为了解决c10k问题引入并发响应模型

并发响应模型：

单进程：串行响应请求；
多进程：两级结构；主控进程接收请求；每个子进程串行处理、响应请求；
复用单进程I/O模型：两级结构；
多线程: 一个进程内生成N个线程，每个线程串行处理、响应请求；
event: 一个进程内只能有一个(执行流)线程，此进程并行响应N个请求；
多进程多线程模型：三级结构
启动多个进程，每个进程生成N个线程；每个线程串行响应请求；

http2.4

高度模块化且支持动态装卸载
支持多种MPM

MPM：

event 生产可用；二级结构；主控进程管理子进程,子进程基于event机制并行响应请求;
prefork 多进程模型：二级结构; 主控进程管理子进程,子进程串行响应请求;
worker: 三级模型；主控进程管理子进程,子进程管理线程,每个线程串行响应请求;

安装使用httpd

不建议编译安装，C7默认自带httpd-2.4

1、获取程序

yum list all httpd*
可安装的软件包
httpd.x86_64
httpd-devel.x86_64 <– 二次开发的库
httpd-manual.noarch
httpd-tools.x86_64 <– 测试工具

2、获取程序包的功能性描述

[root@localhost ~]# yum info httpd
已加载插件：fastestmirror, langpacks
Loading mirror speeds from cached hostfile
可安装的软件包 <– 程序包是否安装
版本 ：2.4.6 <– 程序包的版本
源 ：base <– 程序包所在的源
简介 ： Apache HTTP Server
描述 ： The Apache HTTP Server is a powerful, efficient, and extensible
: web server.

3、安装程序包

yum -y install httpd httpd-tools

4、查看生成的文件：rpm -ql

FHS规范可知：
/etc下的是配置
/usr/lib/是库(公共功能性程序 或 模块)
/var/下是可变数据, 例如：log日志；

rpm -ql httpd
/etc/httpd/conf 主配置
/etc/httpd/conf.d 模块化配置
/var/www/html URL路径映射的路径；

5、启动服务

C7: systemctl start httpd.service
C6: service httpd start

6、查看80端口是否监听
ss -tnl

7、测试访问：
C7: Testing 123..
C6: Apache 2 Test Page

注意以下的C7：172.16.0.8, C6: 172.16.0.16

（1） 什么是/var/www/html URL路径映射的目录？

on 7

[root@localhost ~]# mv /etc/httpd/conf.d/welcome.conf{,.bak}
[root@localhost ~]# systemctl restart httpd.service
将测试访问的欢迎页移除：

再次测试，可以看见以下内容，处于根之下：也就是处于/var/www/html目录下。其实可以验证；
Index of /

[ICO] Name Last modified Size Description

将/etc/fstab文件复制到/var/www/html目录中，刷新浏览器如果出现fstab文件，则可以说明确实在此目录中；

[root@localhost ~]# cp /etc/fstab /var/www/html
Index of /

[ICO] Name Last modified Size Description
[ ] fstab 2017-11-30 18:55 541

注意: 将文件复制到/var/www/html目录下, 访问时就在/下说明，URL的资源路径的根 是 映射到文件系统路径/var/www/html路径;

例如：
访问http://172.16.0.8/ –> 其实就是访问 /var/www/html
http://172.16.0.8/images –> /var/www/html/images

on 6

[root@localhost ~]# vim /var/www/html/index.html
test page

访问的结果
test page

（3）如何离线使用手册？注意首页的右上脚有Directives，点开为指令的首字母的缩写；

yum install httpd-manual
rpm -ql httpd-manual | less
/etc/httpd/conf.d/manual.conf
cat /etc/httpd/conf.d/manual.conf
AliasMatch ^/manual(?:/(?:de|en|fr|ja|ko|ru))?(/.*)?$ “/var/www/manual$1” <– 访问方式

<Directory “/var/www/manual”>
Options Indexes
AllowOverride None
Order allow,deny
Allow from all
</Directory>

# service httpd restart
测试访问： http://172.16.0.16/manual/

httpd功能  运行特性；通过一些选项即可启用；

CGI：支持动态网站接口
虚拟主机：一台主机提供多个网页
反向代理：代理性能没有被认可；
负载均衡
路径别名
丰富用户认证
支持第三方模块

（4）服务器是创建、绑定、监听在某个socket之上，如何添加或删除监听的端口？

Listen [IP-address:]portnumber [protocol]
接受所有地址的连接
Listen 80
Listen 8000
接受指定地址的连接
Listen 192.170.2.1:80
Listen 192.170.2.5:8000

添加端口
[root@localhost ~]# vim /etc/httpd/conf.d/port.conf
Listen 10080
[root@localhost ~]# httpd -t

[root@localhost ~]# systemctl restart httpd.service
[root@localhost ~]# ss -tnl

移除端口
[root@localhost ~]# rm -f /etc/httpd/conf.d/port.conf
[root@localhost ~]# systemctl restart httpd.service

配置文件格式

#注释
</> </> 配置块 或 容器，其中配置生效范围为此块描述的范围；
<Directory /> 表示对/目录下所有内容的配置
AllowOverride none
Require all denied
</Directory>

<IfModule dir_module> 如果此模块存在时，表示配置生效；
DirectoryIndex index.html
</IfModule>

IncludeOptional conf.d/*.conf 加载配置

（5）保持连接

网页：多个资源单独请求，每次建立连接，拆除连接；
保持连接；多个资源单独请求，第一次建立连接，传输完成后再拆除连接；
(建立 –> 请求 –> 处理 –> 加载 –> 响应 –> 关闭)
劣势：建立后不会释放连接；后面的人不能访问；
KeepAlive On|Off (Default: KeepAlive On)
KeepAliveTimeout num[ms] <– 2.4支持ms级别,默认为s;
MaxKeepAliveRequests number

测试默认连接状态:
on 7

[root@localhost ~]# systemctl restart httpd.service
[root@localhost ~]# vim /var/www/html/index.html
test page
[root@localhost ~]# yum -y -q install telnet
[root@localhost ~]# telnet 172.16.0.8 80
Trying 172.16.0.8…
Connected to 172.16.0.8.
Escape character is ‘^]’.
GET /index.html HTTP/1.1
Host: 172.16.0.8

HTTP/1.1 200 OK
Date: Thu, 30 Nov 2017 11:32:53 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Thu, 30 Nov 2017 11:32:08 GMT
ETag: “a-55f319a37a8bd”
Accept-Ranges: bytes
Content-Length: 10
Content-Type: text/html; charset=UTF-8

test page
<– 注意此处不会断开连接;

关闭KeepAlive功能再测试:

[root@localhost ~]# vim /etc/httpd/conf.d/keepalive.conf
KeepAlive off
[root@localhost ~]# systemctl restart httpd.service

[root@localhost ~]# telnet 172.16.0.8 80
Trying 172.16.0.8…
Connected to 172.16.0.8.
Escape character is ‘^]’.
GET /index.html HTTP/1.1
Host: 172.16.0.8

HTTP/1.1 200 OK
Date: Thu, 30 Nov 2017 11:34:43 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Thu, 30 Nov 2017 11:32:08 GMT
ETag: “a-55f319a37a8bd”
Accept-Ranges: bytes
Content-Length: 10
Connection: close
Content-Type: text/html; charset=UTF-8

test page
Connection closed by foreign host. <— 立即断开
[root@localhost ~]#

启用此功能:

[root@localhost ~]# vim /etc/httpd/conf.d/keepalive.conf
KeepAlive off
KeepAliveTimeout 30
MaxKeepAliveRequests 100
[root@localhost ~]# systemctl restart httpd.service

（6）切换MPM

C6 MPM是编译进核心
C7 MPM是动态装卸载
查看所有模块：httpd -M
查看编译进核心的模块：httpd -l

on 6

[root@localhost ~]# httpd.worker -l
Compiled in modules:
core.c
worker.c
http_core.c
mod_so.c
[root@localhost ~]# httpd -l
Compiled in modules:
core.c
prefork.c
http_core.c
mod_so.c
[root@localhost ~]# httpd.event -l
Compiled in modules:
core.c
event.c
http_core.c
mod_so.c

切换MPM

[root@localhost ~]# vim /etc/sysconfig/httpd
#HTTPD=/usr/sbin/httpd.worker <–在此行下添加如下指令
HTTPD=/usr/sbin/httpd.worker
[root@localhost ~]# service httpd restart; watch -n0.1 ‘ps axu | fgrep httpd’
然后用此命令即可查看此work模块的配置验证；
<IfModule worker.c> <– 装载此模块时应用容器中的描述的配置
StartServers 4 <– 启动服务时，先启动4个进程
MaxClients 300 <– 并发数
MinSpareThreads 25 <– 最小空闲线程数
MaxSpareThreads 75 <– 最大空闲线程数
ThreadsPerChild 25 <– 每个进程的线程数；启动4个100个线程，最大75个所以会销毁一个；
MaxRequestsPerChild 0 <– 单个进程最大请求数，无限制；
</IfModule>

<IfModule prefork.c> <– 装载此模块时应用容器中的描述的配置
StartServers 8 <– 启用服务时，预启动8个进程；
MinSpareServers 5 <– 最小空闲进程数；
MaxSpareServers 20 <– 最大空闲进程数；
ServerLimit 256 <– 服务器生命周期内,MaxClients的最大值；一般相等；
MaxClients 256 <– 最大并发数；
MaxRequestsPerChild 4000 <– 单个进程的最大处理请求数；到达最大值时，会被销毁；
</IfModule>

apache 14676 0.0 0.5 519860 5356 ? Sl 23:52 0:00 /usr/sbin/httpd.worker

修改为event模型：
[root@localhost ~]# vim /etc/sysconfig/httpd
#HTTPD=/usr/sbin/httpd.worker
HTTPD=/usr/sbin/httpd.event
# service httpd restart
# ps axu | fgrep httpd

on 7

[root@localhost ~]# httpd -M | fgrep mpm
mpm_prefork_module (shared)
[root@localhost ~]# httpd -l
Compiled in modules:
core.c
mod_so.c
http_core.c

查看当前模型：
ps axu
修改模型：2.4没有编译进核心，故而只需要装载模块即可；
[root@localhost ~]# vim /etc/httpd/conf.modules.d/00-mpm.conf
LoadModule mpm_event_module modules/mod_mpm_event.so
[root@localhost ~]# systemctl restart httpd.service
[root@localhost ~]# httpd -M | fgrep ev
mpm_event_module (shared)

（7）DSO 模块的动态装载和卸载；

格式：LoadModule module filename
filename相对于httpd的根目录(ServerRoot)起始；
[root@localhost ~]# fgrep ServerRoot /etc/httpd/conf/httpd.conf
ServerRoot “/etc/httpd”
[root@localhost ~]# ls -l /etc/httpd/
总用量 0
drwxr-xr-x 2 root root 35 11月 30 19:28 conf
drwxr-xr-x 2 root root 121 11月 30 19:35 conf.d
drwxr-xr-x 2 root root 139 11月 30 19:59 conf.modules.d
lrwxrwxrwx 1 root root 19 11月 30 18:46 logs -> ../../var/log/httpd
lrwxrwxrwx 1 root root 29 11月 30 18:46 modules -> ../../usr/lib64/httpd/modules
lrwxrwxrwx 1 root root 10 11月 30 18:46 run -> /run/httpd

注意：modules -> ../../usr/lib64/httpd/modules

例如：LoadModule status_module modules/mod_status.so

[root@localhost ~]# httpd -M
proxy_fdpass_module (shared)
proxy_ftp_module (shared) <– 例如此模块；
proxy_http_module (shared)

[root@localhost ~]# vim /etc/httpd/conf.modules.d/00-proxy.conf
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
[root@localhost ~]# systemctl restart httpd.service

再次获取：没有 proxy_ftp_module 模块
[root@localhost ~]# httpd -M

（8）DocumentRoot 和 别名

格式： DocumentRoot directory-path
URL 路径与 文件系统 路径不是等同的，而是存在一种映射关系；
例如：http://172.16.0.8/ –> /var/www/html

on 7 DocumentRoot

[root@localhost ~]# mkdir -pv /data/web/www
[root@localhost ~]# echo “<h1>Main Server</h1>” > /data/web/www/index.html
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
#DocumentRoot “/var/www/html” <– 注释原来的行，在下附加一行
DocumentRoot “/data/web/www”
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

测试：
You don’t have permission to access / on this server.

CentOS 7限制严格，对目录没有显式授权不能访问目录下的文件：
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
#<Directory “/var/www”> <– 注释原来的行，在下附加一行
<Directory “/data/web/www”>
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

测试：
Main Server

on 6 DocumentRoot

[root@localhost ~]# mkdir -pv /data/web/www
[root@localhost ~]# echo “<h1>Main Server</h1>” > /data/web/www/index.html
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
#DocumentRoot “/var/www/html” <– 注释原来的行，在下附加一行
DocumentRoot “/data/web/www”
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

测试：
Main Server

格式：Alias URL-path file-path|directory-path
定义方法例如：
Alias /image/ /ftp/pub/image/
<Directory /ftp/pub/image>
Require all granted
</Directory>

on 7 Alias

[root@localhost ~]# find /usr/share -iname “*.jpg”
/usr/share/backgrounds/morning.jpg <– 不在DocumentRoot定义的目录下
/usr/share/backgrounds/night.jpg
/usr/share/backgrounds/day.jpg
/usr/share/backgrounds/default.jpg

[root@localhost ~]# mkdir /data/web/www/images
[root@localhost ~]# echo “<h1>images</h1>” > /data/web/www/images/index.html
访问：http://172.16.0.8/images/
images

添加别名: 添加在此容器中
<IfModule alias_module>
#
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
#
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
Alias /images/ “/usr/share/backgrounds/”
</IfModule>

[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

测试:
You don’t have permission to access /images/ on this server.

给目录授权: 并支持索引;
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
<Directory “/usr/share/backgrounds/”>
AllowOverride None
Options Indexes FollowSymLinks
Require all granted
</Directory>
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

测试:http://172.16.0.8/images/

Index of /images
[ICO] Name Last modified Size Description
[PARENTDIR] Parent Directory –
[IMG] 7lines-bottom.png 2014-06-11 00:55 6.7M
[IMG] 7lines-top.png 2014-06-11 00:54 6.7M
[IMG] day.jpg 2014-06-11 00:19 939K
[IMG] default.jpg 2014-06-11 00:19 939K
[IMG] default.png 2014-03-08 13:32 2.6M
[TXT] default.xml 2014-06-11 00:19 1.5K
[IMG] morning.jpg 2014-06-11 00:19 957K
[IMG] night.jpg 2014-06-11 00:19 556K

注释alias
# Alias /images/ “/usr/share/backgrounds/”
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service
测试:http://172.16.0.8/images/
images

on 6 Alias

[root@localhost ~]# find /usr/share -iname “*.jpg”
/usr/share/backgrounds/centos_1920x1200_logoonly.jpg
/usr/share/backgrounds/simple_waves.jpg
/usr/share/backgrounds/centos_2048x1536_logoonly.jpg
/usr/share/wallpapers/CentOS6/contents/images/simple_waves.jpg
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
Alias /images/ “/usr/share/wallpapers/CentOS6/contents/images/”
[root@localhost ~]# httpd -t
[root@localhost ~]# service httpd restart

测试访问:
http://172.16.0.16/images/simple_waves.jpg

（9）访问控制

文件系统路径
Directory匹配目录;
File 匹配文件,glob;
FileMatch “PATTERN” 匹配文件，正则表达式；
URL路径
Location URL控制,glob；
LocationMatch “PATTERN”
来源地址
协议认证：basic, digest

来源地址：

CentOS 6:

order allow,deny 在后的默认行为；此处表示默认所有拒绝；
Allow from 地址
Deny from 地址
地址：
all：所有
单个主机
一个网络：例如172.16.0.0/16
172.16
172.16.0.0/16

仅允许172.16.0.179主机访问：
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
<Directory “/data/web/www”>
Order allow,deny
Allow from 172.16.0.179
</Directory>
[root@localhost ~]# httpd -t
[root@localhost ~]# service httpd restart
179测试：http://172.16.0.16/
通过：
100测试：http://172.16.0.16/
只能看到主页

允许172.16.0.0网络访问，但拒绝172.16.0.179访问：
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
<Directory “/data/web/www”>
Order allow,deny
Deny from 172.16.0.179
Allow from 172.16.0.0
</Directory>
[root@localhost ~]# httpd -t
[root@localhost ~]# service httpd restart
179测试：http://172.16.0.16/
只能看到主页
100测试：http://172.16.0.16/
通过：

CentOS 7

Require all granted 所有通过
基于IP地址控制
Require ip ip地址或网络地址
Require not ip ip地址或网络地址
基于HOST访问控制
Require host 主机名或域名
Require not host 主机名或域名

在c6访问c7
[root@localhost ~]# curl http://172.16.0.8
<h1>Main Server</h1>

配置c7
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
<RequireAll>
Require not ip 172.16.0.16
Require ip 172.16
</RequireAll>
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

在c6访问c7
[root@localhost ~]# curl http://172.16.0.8
<!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”>
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don’t have permission to access /
on this server.</p>
</body></html>

在179访问：http://172.16.0.8/
没有问题

（10）Options指令

注意：不定义时会继承上级目录的特性
Indexes：指明的URL路径下不存在与定义的主页面资源相符的资源文件时，返回索引列表给用户；
FollowSymLinks：允许跟踪符号链接文件所指向的源文件；

[root@localhost ~]# rm -f /data/web/www/images/index.html
[root@localhost ~]# find /usr/share -iname “*.jpg” -exec cp {} /data/web/www/images/ \;

主机可以访问；http://172.16.0.8/images/ <– 默认开启索引

[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
<Directory “/data/web/www”>
Options FollowSymLinks
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

测试：http://172.16.0.8/images/
You don’t have permission to access /images/ on this server.

[root@localhost ~]# ln -s /etc/init.d /data/web/www/images/init.d
测试：http://172.16.0.8/images/init.d可以访问
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
Options Indexes
httpd -t
systemctl restart httpd.service

http://172.16.0.8/images/init.d
You don’t have permission to access /images/init.d on this server.

安全配置:
Options None

（11）日志定义 (Log Files –> format strings.)

# CustomLog with format nickname
LogFormat “%h %l %u %t \”%r\” %>s %b” common
CustomLog logs/access_log common

宏定义
%h 客户端主机名；但不会反解；
%l 客户端登陆名；一般不用；- 表示没有登陆
%u 认证登陆的用户名； – 表示没有认证登陆；
%t 时间
\”\” 显示引号自身
%r 请求报文首部：method URL VERSION
%s 状态码，2成功，4客户端错误请求，5服务器错误响应
%s  重定向前的状态码
%>s 重定向后的状态码

%b 响应报文大小，- 表示没有大小
%{VARNAME}i 记录请求报文固定首部的值；
www.sohu.com
referer 从哪个页面跳转至当前页面；
user-agent 客户端浏览器类型：分析客户端安装率和打开率；

（12）认证登陆

[root@localhost ~]# mkdir /data/web/www/admin
[root@localhost ~]# echo “Admin” > /data/web/www/admin/index.html
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

测试访问：
[root@localhost ~]# curl http://172.16.0.8/admin/index.html
Admin

<Directory “/data/web/www/admin”>
Options None
AllowOverride None
AuthType basic
AuthName “Admin Area,plz enter…”
AuthUserFile “conf.d/.htpasswd”
Require user tom
</Directory>

[root@localhost ~]# rpm -ql httpd-tools
/usr/bin/htpasswd
[root@localhost ~]# htpasswd -b -c -m /etc/httpd/conf.d/.htpasswd tom magedu
[root@localhost ~]# htpasswd -b -m /etc/httpd/conf.d/.htpasswd jerry magedu
[root@localhost ~]# htpasswd -b -m /etc/httpd/conf.d/.htpasswd obama magedu
[root@localhost ~]# cat /etc/httpd/conf.d/.htpasswd
tom:$apr1$3W8NfD2u$f..08fp9fG6/gOgblC3PE1
jerry:$apr1$pHPm7ofr$YNQG583Ym6cEVVjsSd86f.
obama:$apr1$.eXRI5nE$AsFZA6vjFwRWEBPiqHF6o0
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service
Request Headers中定义了
Authorization:Basic dG9tOm1hZ2VkdQ==

[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
<Directory “/data/web/www/admin”>
Options None
AllowOverride None
AuthType basic
AuthName “Admin Area,plz enter…”
AuthUserFile “conf.d/.htpasswd”
AuthGROUPFile “conf.d/.grppasswd”
Require group mygrp
</Directory>
[root@localhost ~]# vim /etc/httpd/conf.d/.grppasswd
mygrp: obama jerry
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

（13）虚拟主机

C7直接添加；
C6 需要添加指令：NameVirtualHost *:80, 注释中心主机

c7

基于IP的虚拟主机；
添加ip地址
[root@localhost ~]# ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
inet 172.16.0.8/16 brd 172.16.255.255 scope global eno16777736
valid_lft forever preferred_lft forever

[root@localhost ~]# ip addr add 172.16.100.8/16 dev eno16777736

[root@localhost ~]# ip a l
inet 172.16.0.8/16 brd 172.16.255.255 scope global eno16777736
valid_lft forever preferred_lft forever
inet 172.16.100.8/16 scope global secondary eno16777736

创建文档目录及生成主页面
[root@localhost ~]# mkdir -pv /data/web/www/{ilinux,iunix}
[root@localhost ~]# echo “<h1>ilinux.io</h1>” > /data/web/www/ilinux/index.html
[root@localhost ~]# echo “<h1>iunix.io</h1>” > /data/web/www/iunix/index.html

配置基于IP的虚拟主机
[root@localhost ~]# vim /etc/httpd/conf.d/ilinux.conf
<VirtualHost 172.16.0.8:80>
ServerName www.ilinux.io
DocumentRoot “/data/web/www/ilinux”
<Directory “/data/web/www/ilinux”>
Options None
AllowOverride None
Require all granted
</Directory>
CustomLog logs/ilinux_access_log combined
</VirtualHost>

[root@localhost ~]# cp /etc/httpd/conf.d/ilinux.conf /etc/httpd/conf.d/iunix.conf
[root@localhost ~]# vim /etc/httpd/conf.d/iunix.conf
<VirtualHost 172.16.0.8:80>
ServerName www.ilinux.io
DocumentRoot “/data/web/www/ilinux”
<Directory “/data/web/www/ilinux”>
Options None
AllowOverride None
Require all granted
</Directory>
CustomLog logs/ilinux_access_log combined
ErrorLog logs/iunix_error_log
</VirtualHost>

注意：仅需执行 :%s@ilinux@iunix@g 和 修改IP

[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

测试访问：
OK…
[root@localhost ~]# ip addr del 172.16.100.8/16 dev eno16777736
[root@localhost ~]# ip addr a l

配置基于PORT的虚拟主机

[root@localhost ~]# vim /etc/httpd/conf.d/ilinux.conf
<VirtualHost 172.16.0.8:80>
ServerName www.ilinux.io
DocumentRoot “/data/web/www/ilinux”
<Directory “/data/web/www/ilinux”>
Options None
AllowOverride None
Require all granted
</Directory>
CustomLog logs/ilinux_access_log combined
ErrorLog logs/iunix_error_log
</VirtualHost>
[root@localhost ~]# vim /etc/httpd/conf.d/iunix.conf
Listen 10080
<VirtualHost 172.16.0.8:10080>
ServerName www.iunix.io
DocumentRoot “/data/web/www/iunix”
<Directory “/data/web/www/iunix”>
Options None
AllowOverride None
Require all granted
</Directory>
CustomLog logs/iunix_access_log combined
ErrorLog logs/iunix_error_log
</VirtualHost>
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service
[root@localhost ~]# ss -tnl

测试：
http://172.16.0.8/
http://172.16.0.8:10080

配置基于HOST的虚拟主机
一次完整的请求中，主机间真正的通信是 CIP:PORT — SIP:PORT，如何识别主机？
通过请求报文的首部：Host：的值来识别；

 

[root@localhost ~]# cat /etc/httpd/conf.d/ilinux.conf
<VirtualHost 172.16.0.8:80>
ServerName www.ilinux.io
DocumentRoot “/data/web/www/ilinux”
<Directory “/data/web/www/ilinux”>
Options None
AllowOverride None
Require all granted
</Directory>
CustomLog logs/ilinux_access_log combined
ErrorLog logs/iunix_error_log
</VirtualHost>
[root@localhost ~]# vim /etc/httpd/conf.d/iunix.conf
<VirtualHost 172.16.0.8:80>
ServerName www.iunix.io
DocumentRoot “/data/web/www/iunix”
<Directory “/data/web/www/iunix”>
Options None
AllowOverride None
Require all granted
</Directory>
CustomLog logs/iunix_access_log combined
ErrorLog logs/iunix_error_log
</VirtualHost>

[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

搭建DNS用于解析两个域名：
[root@localhost ~]# rpm -q bind
bind-9.8.2-0.62.rc1.el6.x86_64
10 options {
11 directory “/var/named”;
12 dump-file “/var/named/data/cache_dump.db”;
13 statistics-file “/var/named/data/named_stats.txt”;
14 memstatistics-file “/var/named/data/named_mem_stats.txt”;
15 recursion yes;
16
17 dnssec-enable no;
18 dnssec-validation no;
19
20 /* Path to ISC DLV key */
21 };
[root@localhost ~]# named-checkconf
[root@localhost ~]# service named restart
[root@localhost ~]# vim + /etc/named.rfc1912.zones
43 zone “ilinux.io” IN {
44 type master;
45 file “ilinux.io.zone”;
46 allow-update { none; };
47 allow-transfer { localhost; };
48 };
49 zone “iunix.io” IN {
50 type master;
51 file “iunix.io.zone”;
52 allow-update { none; };
53 allow-transfer { localhost; };
54 };
[root@localhost ~]# cd /var/named
[root@localhost named]# ll
total 28
drwxrwx— 2 named named 4096 Nov 28 21:15 data
drwxrwx— 2 named named 4096 Nov 28 21:15 dynamic
-rw-r—– 1 root named 3171 Jan 11 2016 named.ca
-rw-r—– 1 root named 152 Dec 15 2009 named.empty
-rw-r—– 1 root named 152 Jun 21 2007 named.localhost
-rw-r—– 1 root named 168 Dec 15 2009 named.loopback
drwxrwx— 2 named named 4096 Nov 28 21:17 slaves
[root@localhost named]# vim ilinux.io.zone
[root@localhost named]# vim ilinux.io.zone <– 重启有语法着色
$TTL 3600
$ORIGIN ilinux.io.
@ IN SOA @ nsadmin.magedu.com. (
2017113001
1H
10M
1W
1D)
IN NS ns1
ns1 IN A 172.16.0.16
www IN A 172.16.0.8

[root@localhost named]# chown .named ilinux.io.zone
[root@localhost named]# chmod o= ilinux.io.zone
[root@localhost named]# cp -p ilinux.io.zone iunix.io.zone <– 保持权限和属主属组
[root@localhost named]# ll
total 36
drwxrwx— 2 named named 4096 Nov 28 21:15 data
drwxrwx— 2 named named 4096 Nov 28 21:15 dynamic
-rw-r—– 1 root named 146 Nov 29 04:03 ilinux.io.zone
-rw-r—– 1 root named 146 Nov 29 04:03 iunix.io.zone
-rw-r—– 1 root named 3171 Jan 11 2016 named.ca
-rw-r—– 1 root named 152 Dec 15 2009 named.empty
-rw-r—– 1 root named 152 Jun 21 2007 named.localhost
-rw-r—– 1 root named 168 Dec 15 2009 named.loopback
drwxrwx— 2 named named 4096 Nov 28 21:17 slaves

[root@localhost named]# sed -i ‘s@linux@unix@g’ iunix.io.zone

[root@localhost named]# named-checkzone ilinux.io ilinux.io.zone
[root@localhost named]# named-checkzone iunix.io iunix.io.zone
[root@localhost named]# rndc status
number of zones: 20
[root@localhost named]# rndc reload
[root@localhost named]# rndc status
number of zones: 21

dig -t A www.ilinux.io @172.16.0.16
dig -t A www.iunix.io @172.16.0.16
[root@localhost named]# host -t A www.ilinux.io 172.16.0.16
[root@localhost named]# host -t A www.iunix.io 172.16.0.16
[root@localhost named]# nslookup
> server 172.16.0.16
Default server: 172.16.0.16
Address: 172.16.0.16#53
> set q=A
> www.ilinux.io
Server: 172.16.0.16
Address: 172.16.0.16#53

Name: www.ilinux.io
Address: 172.16.0.8
> www.iunix.io
Server: 172.16.0.16
Address: 172.16.0.16#53

Name: www.iunix.io
Address: 172.16.0.8
> exit

使用此DNS解析域名，在Windows中添加DNS
在浏览器中打开F12

www.iunix.io
Host:www.iunix.io

www.ilinux.io
Host:www.ilinux.io