httpd-2.4 功能生动实现 (Blog 13)

CentOS 7 与 CentOS 6 访问控制区别、虚拟主机

概述

超文本:用超文本格式标签组织的文本
超文本标签:类似于<font=, <color=, <h1>, <body>, <title>
超链接:点击后,可以引用到另一个文档;

http协议:Hyper Text Transfer Protocol,超文本传输协议
MIME(Multipurpose多目的 Internet Mail Extension):将非文本信息编码为文本格式,传送到目的端可以还原成还有格式;
HTTP/1.1:引入MIME,支持长连接,最为广泛使用;

http协议开源实现:httpd(ASF:apache Software Fundation),nginx,lighttpd

内核中内存中找一段内存空间,记录了客户端ip,port,服务器端的ip,port:连接什么时候建立,什么时候断开;映射为一个socket文件:

一次完整的httpd协议请求;
SCOKET

为了解决c10k问题引入并发响应模型

并发响应模型:

单进程:串行响应请求;
多进程:两级结构;主控进程接收请求;每个子进程串行处理、响应请求;
复用单进程I/O模型:两级结构;
多线程: 一个进程内生成N个线程,每个线程串行处理、响应请求;
event: 一个进程内只能有一个(执行流)线程,此进程并行响应N个请求;
多进程多线程模型:三级结构
启动多个进程,每个进程生成N个线程;每个线程串行响应请求;

http2.4

高度模块化且支持动态装卸载
支持多种MPM

MPM:

event 生产可用;二级结构;主控进程管理子进程,子进程基于event机制并行响应请求;
prefork 多进程模型:二级结构; 主控进程管理子进程,子进程串行响应请求;
worker: 三级模型;主控进程管理子进程,子进程管理线程,每个线程串行响应请求;

安装使用httpd

不建议编译安装,C7默认自带httpd-2.4

1、获取程序

yum list all httpd*
可安装的软件包
httpd.x86_64
httpd-devel.x86_64 <– 二次开发的库
httpd-manual.noarch
httpd-tools.x86_64 <– 测试工具

2、获取程序包的功能性描述

[root@localhost ~]# yum info httpd
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
可安装的软件包 <– 程序包是否安装
版本 :2.4.6 <– 程序包的版本
源 :base <– 程序包所在的源
简介 : Apache HTTP Server
描述 : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.

3、安装程序包

yum -y install httpd httpd-tools

4、查看生成的文件:rpm -ql

FHS规范可知:
/etc下的是配置
/usr/lib/是库(公共功能性程序 或 模块)
/var/下是可变数据, 例如:log日志;

rpm -ql httpd
/etc/httpd/conf 主配置
/etc/httpd/conf.d 模块化配置
/var/www/html URL路径映射的路径;

5、启动服务

C7: systemctl start httpd.service
C6: service httpd start

6、查看80端口是否监听
ss -tnl

7、测试访问:
C7: Testing 123..
C6: Apache 2 Test Page

注意以下的C7:172.16.0.8, C6: 172.16.0.16

(1) 什么是/var/www/html URL路径映射的目录?

on 7

[root@localhost ~]# mv /etc/httpd/conf.d/welcome.conf{,.bak}
[root@localhost ~]# systemctl restart httpd.service
将测试访问的欢迎页移除:

再次测试,可以看见以下内容,处于根之下:也就是处于/var/www/html目录下。其实可以验证;
Index of /

[ICO] Name Last modified Size Description

将/etc/fstab文件复制到/var/www/html目录中,刷新浏览器如果出现fstab文件,则可以说明确实在此目录中;

[root@localhost ~]# cp /etc/fstab /var/www/html
Index of /

[ICO] Name Last modified Size Description
[ ] fstab 2017-11-30 18:55 541

注意: 将文件复制到/var/www/html目录下, 访问时就在/下说明,URL的资源路径的根 是 映射到文件系统路径/var/www/html路径;

例如:
访问http://172.16.0.8/ –> 其实就是访问 /var/www/html
http://172.16.0.8/images –> /var/www/html/images

on 6

[root@localhost ~]# vim /var/www/html/index.html
test page

访问的结果
test page

(3)如何离线使用手册?注意首页的右上脚有Directives,点开为指令的首字母的缩写;

yum install httpd-manual
rpm -ql httpd-manual | less
/etc/httpd/conf.d/manual.conf
cat /etc/httpd/conf.d/manual.conf
AliasMatch ^/manual(?:/(?:de|en|fr|ja|ko|ru))?(/.*)?$ “/var/www/manual$1” <– 访问方式

<Directory “/var/www/manual”>
Options Indexes
AllowOverride None
Order allow,deny
Allow from all
</Directory>

# service httpd restart
测试访问: http://172.16.0.16/manual/

httpd功能  运行特性;通过一些选项即可启用;

CGI:支持动态网站接口
虚拟主机:一台主机提供多个网页
反向代理:代理性能没有被认可;
负载均衡
路径别名
丰富用户认证
支持第三方模块

(4)服务器是创建、绑定、监听在某个socket之上,如何添加或删除监听的端口?

Listen [IP-address:]portnumber [protocol]
接受所有地址的连接
Listen 80
Listen 8000
接受指定地址的连接
Listen 192.170.2.1:80
Listen 192.170.2.5:8000

添加端口
[root@localhost ~]# vim /etc/httpd/conf.d/port.conf
Listen 10080
[root@localhost ~]# httpd -t

[root@localhost ~]# systemctl restart httpd.service
[root@localhost ~]# ss -tnl

移除端口
[root@localhost ~]# rm -f /etc/httpd/conf.d/port.conf
[root@localhost ~]# systemctl restart httpd.service

配置文件格式

#注释
</> </> 配置块 或 容器,其中配置生效范围为此块描述的范围;
<Directory /> 表示对/目录下所有内容的配置
AllowOverride none
Require all denied
</Directory>

<IfModule dir_module> 如果此模块存在时,表示配置生效;
DirectoryIndex index.html
</IfModule>

IncludeOptional conf.d/*.conf 加载配置

(5)保持连接

网页:多个资源单独请求,每次建立连接,拆除连接;
保持连接;多个资源单独请求,第一次建立连接,传输完成后再拆除连接;
(建立 –> 请求 –> 处理 –> 加载 –> 响应 –> 关闭)
劣势:建立后不会释放连接;后面的人不能访问;
KeepAlive On|Off (Default: KeepAlive On)
KeepAliveTimeout num[ms] <– 2.4支持ms级别,默认为s;
MaxKeepAliveRequests number

测试默认连接状态:
on 7

[root@localhost ~]# systemctl restart httpd.service
[root@localhost ~]# vim /var/www/html/index.html
test page
[root@localhost ~]# yum -y -q install telnet
[root@localhost ~]# telnet 172.16.0.8 80
Trying 172.16.0.8…
Connected to 172.16.0.8.
Escape character is ‘^]’.
GET /index.html HTTP/1.1
Host: 172.16.0.8

HTTP/1.1 200 OK
Date: Thu, 30 Nov 2017 11:32:53 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Thu, 30 Nov 2017 11:32:08 GMT
ETag: “a-55f319a37a8bd”
Accept-Ranges: bytes
Content-Length: 10
Content-Type: text/html; charset=UTF-8

test page
<– 注意此处不会断开连接;

关闭KeepAlive功能再测试:

[root@localhost ~]# vim /etc/httpd/conf.d/keepalive.conf
KeepAlive off
[root@localhost ~]# systemctl restart httpd.service

[root@localhost ~]# telnet 172.16.0.8 80
Trying 172.16.0.8…
Connected to 172.16.0.8.
Escape character is ‘^]’.
GET /index.html HTTP/1.1
Host: 172.16.0.8

HTTP/1.1 200 OK
Date: Thu, 30 Nov 2017 11:34:43 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Thu, 30 Nov 2017 11:32:08 GMT
ETag: “a-55f319a37a8bd”
Accept-Ranges: bytes
Content-Length: 10
Connection: close
Content-Type: text/html; charset=UTF-8

test page
Connection closed by foreign host. <— 立即断开
[root@localhost ~]#

启用此功能:

[root@localhost ~]# vim /etc/httpd/conf.d/keepalive.conf
KeepAlive off
KeepAliveTimeout 30
MaxKeepAliveRequests 100
[root@localhost ~]# systemctl restart httpd.service

(6)切换MPM

C6 MPM是编译进核心
C7 MPM是动态装卸载
查看所有模块:httpd -M
查看编译进核心的模块:httpd -l

on 6

[root@localhost ~]# httpd.worker -l
Compiled in modules:
core.c
worker.c
http_core.c
mod_so.c
[root@localhost ~]# httpd -l
Compiled in modules:
core.c
prefork.c
http_core.c
mod_so.c
[root@localhost ~]# httpd.event -l
Compiled in modules:
core.c
event.c
http_core.c
mod_so.c

切换MPM

[root@localhost ~]# vim /etc/sysconfig/httpd
#HTTPD=/usr/sbin/httpd.worker <–在此行下添加如下指令
HTTPD=/usr/sbin/httpd.worker
[root@localhost ~]# service httpd restart; watch -n0.1 ‘ps axu | fgrep httpd’
然后用此命令即可查看此work模块的配置验证;
<IfModule worker.c> <– 装载此模块时应用容器中的描述的配置
StartServers 4 <– 启动服务时,先启动4个进程
MaxClients 300 <– 并发数
MinSpareThreads 25 <– 最小空闲线程数
MaxSpareThreads 75 <– 最大空闲线程数
ThreadsPerChild 25 <– 每个进程的线程数;启动4个100个线程,最大75个所以会销毁一个;
MaxRequestsPerChild 0 <– 单个进程最大请求数,无限制;
</IfModule>

<IfModule prefork.c> <– 装载此模块时应用容器中的描述的配置
StartServers 8 <– 启用服务时,预启动8个进程;
MinSpareServers 5 <– 最小空闲进程数;
MaxSpareServers 20 <– 最大空闲进程数;
ServerLimit 256 <– 服务器生命周期内,MaxClients的最大值;一般相等;
MaxClients 256 <– 最大并发数;
MaxRequestsPerChild 4000 <– 单个进程的最大处理请求数;到达最大值时,会被销毁;
</IfModule>

apache 14676 0.0 0.5 519860 5356 ? Sl 23:52 0:00 /usr/sbin/httpd.worker

修改为event模型:
[root@localhost ~]# vim /etc/sysconfig/httpd
#HTTPD=/usr/sbin/httpd.worker
HTTPD=/usr/sbin/httpd.event
# service httpd restart
# ps axu | fgrep httpd

on 7

[root@localhost ~]# httpd -M | fgrep mpm
mpm_prefork_module (shared)
[root@localhost ~]# httpd -l
Compiled in modules:
core.c
mod_so.c
http_core.c

查看当前模型:
ps axu
修改模型:2.4没有编译进核心,故而只需要装载模块即可;
[root@localhost ~]# vim /etc/httpd/conf.modules.d/00-mpm.conf
LoadModule mpm_event_module modules/mod_mpm_event.so
[root@localhost ~]# systemctl restart httpd.service
[root@localhost ~]# httpd -M | fgrep ev
mpm_event_module (shared)

(7)DSO 模块的动态装载和卸载;

格式:LoadModule module filename
filename相对于httpd的根目录(ServerRoot)起始;
[root@localhost ~]# fgrep ServerRoot /etc/httpd/conf/httpd.conf
ServerRoot “/etc/httpd”
[root@localhost ~]# ls -l /etc/httpd/
总用量 0
drwxr-xr-x 2 root root 35 11月 30 19:28 conf
drwxr-xr-x 2 root root 121 11月 30 19:35 conf.d
drwxr-xr-x 2 root root 139 11月 30 19:59 conf.modules.d
lrwxrwxrwx 1 root root 19 11月 30 18:46 logs -> ../../var/log/httpd
lrwxrwxrwx 1 root root 29 11月 30 18:46 modules -> ../../usr/lib64/httpd/modules
lrwxrwxrwx 1 root root 10 11月 30 18:46 run -> /run/httpd

注意:modules -> ../../usr/lib64/httpd/modules

例如:LoadModule status_module modules/mod_status.so

[root@localhost ~]# httpd -M
proxy_fdpass_module (shared)
proxy_ftp_module (shared) <– 例如此模块;
proxy_http_module (shared)

[root@localhost ~]# vim /etc/httpd/conf.modules.d/00-proxy.conf
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
[root@localhost ~]# systemctl restart httpd.service

再次获取:没有 proxy_ftp_module 模块
[root@localhost ~]# httpd -M

(8)DocumentRoot 和 别名

格式: DocumentRoot directory-path
URL 路径与 文件系统 路径不是等同的,而是存在一种映射关系;
例如:http://172.16.0.8/ –> /var/www/html

on 7 DocumentRoot

[root@localhost ~]# mkdir -pv /data/web/www
[root@localhost ~]# echo “<h1>Main Server</h1>” > /data/web/www/index.html
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
#DocumentRoot “/var/www/html” <– 注释原来的行,在下附加一行
DocumentRoot “/data/web/www”
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

测试:
You don’t have permission to access / on this server.

CentOS 7限制严格,对目录没有显式授权不能访问目录下的文件:
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
#<Directory “/var/www”> <– 注释原来的行,在下附加一行
<Directory “/data/web/www”>
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

测试:
Main Server

on 6 DocumentRoot

[root@localhost ~]# mkdir -pv /data/web/www
[root@localhost ~]# echo “<h1>Main Server</h1>” > /data/web/www/index.html
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
#DocumentRoot “/var/www/html” <– 注释原来的行,在下附加一行
DocumentRoot “/data/web/www”
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

测试:
Main Server

格式:Alias URL-path file-path|directory-path
定义方法例如:
Alias /image/ /ftp/pub/image/
<Directory /ftp/pub/image>
Require all granted
</Directory>

on 7 Alias

[root@localhost ~]# find /usr/share -iname “*.jpg”
/usr/share/backgrounds/morning.jpg <– 不在DocumentRoot定义的目录下
/usr/share/backgrounds/night.jpg
/usr/share/backgrounds/day.jpg
/usr/share/backgrounds/default.jpg

[root@localhost ~]# mkdir /data/web/www/images
[root@localhost ~]# echo “<h1>images</h1>” > /data/web/www/images/index.html
访问:http://172.16.0.8/images/
images

添加别名: 添加在此容器中
<IfModule alias_module>
#
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
#
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
Alias /images/ “/usr/share/backgrounds/”
</IfModule>

[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

测试:
You don’t have permission to access /images/ on this server.

给目录授权: 并支持索引;
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
<Directory “/usr/share/backgrounds/”>
AllowOverride None
Options Indexes FollowSymLinks
Require all granted
</Directory>
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

测试:http://172.16.0.8/images/

Index of /images
[ICO] Name Last modified Size Description
[PARENTDIR] Parent Directory –
[IMG] 7lines-bottom.png 2014-06-11 00:55 6.7M
[IMG] 7lines-top.png 2014-06-11 00:54 6.7M
[IMG] day.jpg 2014-06-11 00:19 939K
[IMG] default.jpg 2014-06-11 00:19 939K
[IMG] default.png 2014-03-08 13:32 2.6M
[TXT] default.xml 2014-06-11 00:19 1.5K
[IMG] morning.jpg 2014-06-11 00:19 957K
[IMG] night.jpg 2014-06-11 00:19 556K

注释alias
# Alias /images/ “/usr/share/backgrounds/”
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service
测试:http://172.16.0.8/images/
images

on 6 Alias

[root@localhost ~]# find /usr/share -iname “*.jpg”
/usr/share/backgrounds/centos_1920x1200_logoonly.jpg
/usr/share/backgrounds/simple_waves.jpg
/usr/share/backgrounds/centos_2048x1536_logoonly.jpg
/usr/share/wallpapers/CentOS6/contents/images/simple_waves.jpg
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
Alias /images/ “/usr/share/wallpapers/CentOS6/contents/images/”
[root@localhost ~]# httpd -t
[root@localhost ~]# service httpd restart

测试访问:
http://172.16.0.16/images/simple_waves.jpg

(9)访问控制

文件系统路径
Directory匹配目录;
File 匹配文件,glob;
FileMatch “PATTERN” 匹配文件,正则表达式;
URL路径
Location URL控制,glob;
LocationMatch “PATTERN”
来源地址
协议认证:basic, digest

来源地址:

CentOS 6:

order allow,deny 在后的默认行为;此处表示默认所有拒绝;
Allow from 地址
Deny from 地址
地址:
all:所有
单个主机
一个网络:例如172.16.0.0/16
172.16
172.16.0.0/16

仅允许172.16.0.179主机访问:
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
<Directory “/data/web/www”>
Order allow,deny
Allow from 172.16.0.179
</Directory>
[root@localhost ~]# httpd -t
[root@localhost ~]# service httpd restart
179测试:http://172.16.0.16/
通过:
100测试:http://172.16.0.16/
只能看到主页

允许172.16.0.0网络访问,但拒绝172.16.0.179访问:
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
<Directory “/data/web/www”>
Order allow,deny
Deny from 172.16.0.179
Allow from 172.16.0.0
</Directory>
[root@localhost ~]# httpd -t
[root@localhost ~]# service httpd restart
179测试:http://172.16.0.16/
只能看到主页
100测试:http://172.16.0.16/
通过:

CentOS 7

Require all granted 所有通过
基于IP地址控制
Require ip ip地址或网络地址
Require not ip ip地址或网络地址
基于HOST访问控制
Require host 主机名或域名
Require not host 主机名或域名

在c6访问c7
[root@localhost ~]# curl http://172.16.0.8
<h1>Main Server</h1>

配置c7
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
<RequireAll>
Require not ip 172.16.0.16
Require ip 172.16
</RequireAll>
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

在c6访问c7
[root@localhost ~]# curl http://172.16.0.8
<!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”>
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don’t have permission to access /
on this server.</p>
</body></html>

在179访问:http://172.16.0.8/
没有问题

(10)Options指令

注意:不定义时会继承上级目录的特性
Indexes:指明的URL路径下不存在与定义的主页面资源相符的资源文件时,返回索引列表给用户;
FollowSymLinks:允许跟踪符号链接文件所指向的源文件;

[root@localhost ~]# rm -f /data/web/www/images/index.html
[root@localhost ~]# find /usr/share -iname “*.jpg” -exec cp {} /data/web/www/images/ \;

主机可以访问;http://172.16.0.8/images/ <– 默认开启索引

[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
<Directory “/data/web/www”>
Options FollowSymLinks
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

测试:http://172.16.0.8/images/
You don’t have permission to access /images/ on this server.

[root@localhost ~]# ln -s /etc/init.d /data/web/www/images/init.d
测试:http://172.16.0.8/images/init.d可以访问
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
Options Indexes
httpd -t
systemctl restart httpd.service

http://172.16.0.8/images/init.d
You don’t have permission to access /images/init.d on this server.

安全配置:
Options None

(11)日志定义 (Log Files –> format strings.)

# CustomLog with format nickname
LogFormat “%h %l %u %t \”%r\” %>s %b” common
CustomLog logs/access_log common

宏定义
%h 客户端主机名;但不会反解;
%l 客户端登陆名;一般不用;- 表示没有登陆
%u 认证登陆的用户名; – 表示没有认证登陆;
%t 时间
\”\” 显示引号自身
%r 请求报文首部:method URL VERSION
%s 状态码,2成功,4客户端错误请求,5服务器错误响应
%s  重定向前的状态码
%>s 重定向后的状态码

%b 响应报文大小,- 表示没有大小
%{VARNAME}i 记录请求报文固定首部的值;
www.sohu.com
referer 从哪个页面跳转至当前页面;
user-agent 客户端浏览器类型:分析客户端安装率和打开率;

(12)认证登陆

[root@localhost ~]# mkdir /data/web/www/admin
[root@localhost ~]# echo “Admin” > /data/web/www/admin/index.html
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

测试访问:
[root@localhost ~]# curl http://172.16.0.8/admin/index.html
Admin

<Directory “/data/web/www/admin”>
Options None
AllowOverride None
AuthType basic
AuthName “Admin Area,plz enter…”
AuthUserFile “conf.d/.htpasswd”
Require user tom
</Directory>

[root@localhost ~]# rpm -ql httpd-tools
/usr/bin/htpasswd
[root@localhost ~]# htpasswd -b -c -m /etc/httpd/conf.d/.htpasswd tom magedu
[root@localhost ~]# htpasswd -b -m /etc/httpd/conf.d/.htpasswd jerry magedu
[root@localhost ~]# htpasswd -b -m /etc/httpd/conf.d/.htpasswd obama magedu
[root@localhost ~]# cat /etc/httpd/conf.d/.htpasswd
tom:$apr1$3W8NfD2u$f..08fp9fG6/gOgblC3PE1
jerry:$apr1$pHPm7ofr$YNQG583Ym6cEVVjsSd86f.
obama:$apr1$.eXRI5nE$AsFZA6vjFwRWEBPiqHF6o0
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service
Request Headers中定义了
Authorization:Basic dG9tOm1hZ2VkdQ==

[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
<Directory “/data/web/www/admin”>
Options None
AllowOverride None
AuthType basic
AuthName “Admin Area,plz enter…”
AuthUserFile “conf.d/.htpasswd”
AuthGROUPFile “conf.d/.grppasswd”
Require group mygrp
</Directory>
[root@localhost ~]# vim /etc/httpd/conf.d/.grppasswd
mygrp: obama jerry
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

(13)虚拟主机

C7直接添加;
C6 需要添加指令:NameVirtualHost *:80, 注释中心主机

c7

基于IP的虚拟主机;
添加ip地址
[root@localhost ~]# ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
inet 172.16.0.8/16 brd 172.16.255.255 scope global eno16777736
valid_lft forever preferred_lft forever

[root@localhost ~]# ip addr add 172.16.100.8/16 dev eno16777736

[root@localhost ~]# ip a l
inet 172.16.0.8/16 brd 172.16.255.255 scope global eno16777736
valid_lft forever preferred_lft forever
inet 172.16.100.8/16 scope global secondary eno16777736

创建文档目录及生成主页面
[root@localhost ~]# mkdir -pv /data/web/www/{ilinux,iunix}
[root@localhost ~]# echo “<h1>ilinux.io</h1>” > /data/web/www/ilinux/index.html
[root@localhost ~]# echo “<h1>iunix.io</h1>” > /data/web/www/iunix/index.html

配置基于IP的虚拟主机
[root@localhost ~]# vim /etc/httpd/conf.d/ilinux.conf
<VirtualHost 172.16.0.8:80>
ServerName www.ilinux.io
DocumentRoot “/data/web/www/ilinux”
<Directory “/data/web/www/ilinux”>
Options None
AllowOverride None
Require all granted
</Directory>
CustomLog logs/ilinux_access_log combined
</VirtualHost>

[root@localhost ~]# cp /etc/httpd/conf.d/ilinux.conf /etc/httpd/conf.d/iunix.conf
[root@localhost ~]# vim /etc/httpd/conf.d/iunix.conf
<VirtualHost 172.16.0.8:80>
ServerName www.ilinux.io
DocumentRoot “/data/web/www/ilinux”
<Directory “/data/web/www/ilinux”>
Options None
AllowOverride None
Require all granted
</Directory>
CustomLog logs/ilinux_access_log combined
ErrorLog logs/iunix_error_log
</VirtualHost>

注意:仅需执行 :%s@ilinux@iunix@g 和 修改IP

[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

测试访问:
OK…
[root@localhost ~]# ip addr del 172.16.100.8/16 dev eno16777736
[root@localhost ~]# ip addr a l

配置基于PORT的虚拟主机

[root@localhost ~]# vim /etc/httpd/conf.d/ilinux.conf
<VirtualHost 172.16.0.8:80>
ServerName www.ilinux.io
DocumentRoot “/data/web/www/ilinux”
<Directory “/data/web/www/ilinux”>
Options None
AllowOverride None
Require all granted
</Directory>
CustomLog logs/ilinux_access_log combined
ErrorLog logs/iunix_error_log
</VirtualHost>
[root@localhost ~]# vim /etc/httpd/conf.d/iunix.conf
Listen 10080
<VirtualHost 172.16.0.8:10080>
ServerName www.iunix.io
DocumentRoot “/data/web/www/iunix”
<Directory “/data/web/www/iunix”>
Options None
AllowOverride None
Require all granted
</Directory>
CustomLog logs/iunix_access_log combined
ErrorLog logs/iunix_error_log
</VirtualHost>
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service
[root@localhost ~]# ss -tnl

测试:
http://172.16.0.8/
http://172.16.0.8:10080

配置基于HOST的虚拟主机
一次完整的请求中,主机间真正的通信是 CIP:PORT — SIP:PORT,如何识别主机?
通过请求报文的首部:Host:的值来识别;

 

[root@localhost ~]# cat /etc/httpd/conf.d/ilinux.conf
<VirtualHost 172.16.0.8:80>
ServerName www.ilinux.io
DocumentRoot “/data/web/www/ilinux”
<Directory “/data/web/www/ilinux”>
Options None
AllowOverride None
Require all granted
</Directory>
CustomLog logs/ilinux_access_log combined
ErrorLog logs/iunix_error_log
</VirtualHost>
[root@localhost ~]# vim /etc/httpd/conf.d/iunix.conf
<VirtualHost 172.16.0.8:80>
ServerName www.iunix.io
DocumentRoot “/data/web/www/iunix”
<Directory “/data/web/www/iunix”>
Options None
AllowOverride None
Require all granted
</Directory>
CustomLog logs/iunix_access_log combined
ErrorLog logs/iunix_error_log
</VirtualHost>

[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

搭建DNS用于解析两个域名:
[root@localhost ~]# rpm -q bind
bind-9.8.2-0.62.rc1.el6.x86_64
10 options {
11 directory “/var/named”;
12 dump-file “/var/named/data/cache_dump.db”;
13 statistics-file “/var/named/data/named_stats.txt”;
14 memstatistics-file “/var/named/data/named_mem_stats.txt”;
15 recursion yes;
16
17 dnssec-enable no;
18 dnssec-validation no;
19
20 /* Path to ISC DLV key */
21 };
[root@localhost ~]# named-checkconf
[root@localhost ~]# service named restart
[root@localhost ~]# vim + /etc/named.rfc1912.zones
43 zone “ilinux.io” IN {
44 type master;
45 file “ilinux.io.zone”;
46 allow-update { none; };
47 allow-transfer { localhost; };
48 };
49 zone “iunix.io” IN {
50 type master;
51 file “iunix.io.zone”;
52 allow-update { none; };
53 allow-transfer { localhost; };
54 };
[root@localhost ~]# cd /var/named
[root@localhost named]# ll
total 28
drwxrwx— 2 named named 4096 Nov 28 21:15 data
drwxrwx— 2 named named 4096 Nov 28 21:15 dynamic
-rw-r—– 1 root named 3171 Jan 11 2016 named.ca
-rw-r—– 1 root named 152 Dec 15 2009 named.empty
-rw-r—– 1 root named 152 Jun 21 2007 named.localhost
-rw-r—– 1 root named 168 Dec 15 2009 named.loopback
drwxrwx— 2 named named 4096 Nov 28 21:17 slaves
[root@localhost named]# vim ilinux.io.zone
[root@localhost named]# vim ilinux.io.zone <– 重启有语法着色
$TTL 3600
$ORIGIN ilinux.io.
@ IN SOA @ nsadmin.magedu.com. (
2017113001
1H
10M
1W
1D)
IN NS ns1
ns1 IN A 172.16.0.16
www IN A 172.16.0.8

[root@localhost named]# chown .named ilinux.io.zone
[root@localhost named]# chmod o= ilinux.io.zone
[root@localhost named]# cp -p ilinux.io.zone iunix.io.zone <– 保持权限和属主属组
[root@localhost named]# ll
total 36
drwxrwx— 2 named named 4096 Nov 28 21:15 data
drwxrwx— 2 named named 4096 Nov 28 21:15 dynamic
-rw-r—– 1 root named 146 Nov 29 04:03 ilinux.io.zone
-rw-r—– 1 root named 146 Nov 29 04:03 iunix.io.zone
-rw-r—– 1 root named 3171 Jan 11 2016 named.ca
-rw-r—– 1 root named 152 Dec 15 2009 named.empty
-rw-r—– 1 root named 152 Jun 21 2007 named.localhost
-rw-r—– 1 root named 168 Dec 15 2009 named.loopback
drwxrwx— 2 named named 4096 Nov 28 21:17 slaves

[root@localhost named]# sed -i ‘s@linux@unix@g’ iunix.io.zone

[root@localhost named]# named-checkzone ilinux.io ilinux.io.zone
[root@localhost named]# named-checkzone iunix.io iunix.io.zone
[root@localhost named]# rndc status
number of zones: 20
[root@localhost named]# rndc reload
[root@localhost named]# rndc status
number of zones: 21

dig -t A www.ilinux.io @172.16.0.16
dig -t A www.iunix.io @172.16.0.16
[root@localhost named]# host -t A www.ilinux.io 172.16.0.16
[root@localhost named]# host -t A www.iunix.io 172.16.0.16
[root@localhost named]# nslookup
> server 172.16.0.16
Default server: 172.16.0.16
Address: 172.16.0.16#53
> set q=A
> www.ilinux.io
Server: 172.16.0.16
Address: 172.16.0.16#53

Name: www.ilinux.io
Address: 172.16.0.8
> www.iunix.io
Server: 172.16.0.16
Address: 172.16.0.16#53

Name: www.iunix.io
Address: 172.16.0.8
> exit

使用此DNS解析域名,在Windows中添加DNS
在浏览器中打开F12

www.iunix.io
Host:www.iunix.io

www.ilinux.io
Host:www.ilinux.io

本文来自投稿,不代表Linux运维部落立场,如若转载,请注明出处:http://www.178linux.com/89108

(1)
逆神阳逆神阳
上一篇 2017-11-30 14:19
下一篇 2017-12-01 20:24

相关推荐

  • 第三周:文本处理工具wc,cut,sort,uniq,tr,tee命令练习和用户及组相关命令练习

    1、列出当前系统上所有已经登录的用户的用户名,注意:同一个用户登录多次,则只显示一次即可; [root@app1 tmp]# who | cut -d" " -f1| uniq root dts centos 2、取出最后登录到当前系统的用户的相关信息; [r…

    Linux干货 2016-09-27
  • HAProxy 入门及基础负载应用

    A、首介 。。。         HAProxy——开放源代码软件,是一款代理服务器和伪4层的负载均衡软件解决方案。基于TCP(第四层)和HTTP(第七层)应用的代理软件,支持高并发链接,它的工作模式可以将其简单而安全地整合到当前的服务架构中,同时可以保护你的WEB服务器不暴露到…

    Linux干货 2017-05-17
  • 马哥教育网络班21期-第五周课程练习

    1、显示/boot/grub/grub.conf中以至少一个空白字符开头的行; grep ^[[:space:]] /boot/grub/grub.conf 2、显示/etc/rc.d/rc.sysinit文件中以#开头,后面跟至少一个空白字符,而后又有至少一个非空白字符的行; egrep "^#[[:space:]]{1,}[[:alnum:]]…

    Linux干货 2016-08-08
  • 马哥教育网络班22期+第1周课程练习

    1.描述计算机的组成及其功能。    组成:CPU (运算器+控制器),存诸器(内存与硬盘),输入设备,输出设备。    运算器:对数据进行加工处理的部件(包括算述运算与逻辑运算)。    控制器:负责从存储器取出指令,按指令的要求发出控制信号,使各部件协调的,一步步的完成各种操作。   …

    Linux干货 2016-08-22
  • Linux 用户, 组和权限

    用户, 组和权限 Linux登陆需要用户名、密码。/etc/passwd 文件保存用户名。登录linux时,Linux 先查找 /etc/passwd 文件中是否有这个用户名,没有则跳出,有则读取用户名的user ID 、 group ID 、用户名对应的根目录路径以及所使用的 shell ,最后在 /etc/shadow 中核对该 UI…

    2017-07-22
  • 单用户模式破解密码与密码的加密

    当你坐在一台CentOS 6主机前,但是却不知道密码,要怎样破解掉密码进入系统呢? 答案很简单: 1、启动系统,当出现如下界面时,按任意键 2、你会看到这个画面 3、敲击“a”键,执行modifiy the kernel arguments 4、键入“1”键,进入单用户模式 5、至此,你已经成功进入系统,并修改了密码! 是不是觉得Centos6的系统这样安全…

    Linux干货 2016-09-13