使用Apache部署静态网站_apache配置静态资源目录

配置服务文件参数-Linux系统中的配置文件

服务目录：/etc/httpd

主配置文件：/etc/httpd/conf/httpd.conf

网站数据目录：/var/www/html

访问日志：/var/log/httpd/access_log

错误日志：/var/log/httpd/error_log

HTTP服务主配置文件的参数结构

//全局配置
ServerName    www.linuxprobe.com
ServerRoot    /etc/httpd
........
//区域配置
<Directory>
....
</Directory>
....
//区域配置
<Location /server-status>
....
</Location>
....

配置httpd服务程序时最常用的参数以及用途描述

//ServerRoot：服务目录
//ServerAdmin：管理员邮箱
//User：运行服务的用户
//Group：运行服务的用户组
//ServerName：网站服务器的域名
//DocumentRoot：网站数据目录
//Listen：监听的IP地址与端口
//DirectoryIndex：默认的索引页页面
//ErrorLog：错误日志文件
//CustomLog：访问日志文件
//Timeout：网页超时时间，默认为300秒
//修改默认页面
[root@localhost ~]# echo "Welcome to 192.168.95.100 LinuxProbe.com" > /var/www/html/index.html
 
//建立网站数据目录
[root@localhost ~]# echo "Welcome to 192.168.95.100 LinuxProbe.com" > /var/www/html/index.html
[root@localhost ~]# mkdir /home/wwwroot
[root@localhost ~]# echo "The New Web Directory" > /home/wwwroot/index.html
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
DocumentRoot "/home/wwwroot"
 
#
# Relax access to content within /var/www.
#
<Directory "/home/wwwroot">
    AllowOverride None
    # Allow open access:
    Require all granted
</Directory>
 
# Further relax access to the default document root:
<Directory "/home/wwwroot">
.....省略部分输出信息.....
</Directory>
 
//SELinux三种配置模式
1.enforcing：强制启用安全策略模式，将拦截服务的不合法请求。
2.permissive：遇到服务越权访问时，只发出警告而不拦截
3.disbaled：对于越权行为不警告也不拦截
 
//查看SELinux运行模式，定义的是SELinux的默认运行状态，它不会再更改后立即生效
[root@localhost ~]# vim /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
 
//使用getenforce命令获得当前SELinux运行模式
[root@localhost ~]# getenforce
Enforcing
 
//使用setenforce [0/1]修改当前运行模式(0为禁用，1为启用)
[root@localhost ~]# setenforce 0
[root@localhost ~]# getenforce
Permissive
 
//再次刷新网页可正常显示内容
//semanage命令：用于管理SELinux的策略，语法格式为"semanage [参数] [文件]"
//semanage命令中的常用参数及作用
//-l：查询
//-a：添加
//-m：修改
//-d：删除

向新的网站数据目录中新添加一条SELinux安全上下文，让这个目录以及里面的所有文件能够被httpd服务程序访问到

[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot
[root@localhost ~]# semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/*

//执行上述设置之后，还无法立即访问网站，还需要使用restorecon命令将设置好的SELinux安全上下文立即生效。使用-Rv参数对指定的目录进行递归操作，以及显示SELinux安全上下文的修改过程

[root@localhost ~]# restorecon -Rv /home/wwwroot/
Relabeled /home/wwwroot from unconfined_u:object_r:user_home_dir_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0
Relabeled /home/wwwroot/index.html from unconfined_u:object_r:user_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0

个人用户主页功能

httpd服务程序中，默认没有开启个人用户主页功能。为此，我们需要编辑下面的配置文件，在UserDir disabled参数前面加上#，表示让httpd服务程序开启个人用户主页功能;同时把UserDir public_html参数前面的#去掉，UserDir参数表示网站数据在用户家目录中的保存目录名称，即public_html目录。

[root@localhost wwwroot]# vim /etc/httpd/conf.d/userdir.conf
#
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
# The path to the end user account 'public_html' directory must be
# accessible to the webserver userid.  This usually means that ~userid
# must have permissions of 711, ~userid/public_html must have permissions
# of 755, and documents contained therein must be world-readable.
# Otherwise, the client will only receive a "403 Forbidden" message.
#
<IfModule mod_userdir.c>
    #
    # UserDir is disabled by default since it can confirm the presence
    # of a username on the system (depending on home directory
    # permissions).
    #
    # UserDir disabled
 
    #
    # To enable requests to /~user/ to serve the user's public_html
    # directory, remove the "UserDir disabled" line above, and uncomment
    # the following line instead:
    #
    UserDir public_html
</IfModule>
 
#
# Control access to UserDir directories.  The following is an example
# for a site where these directories are restricted to read-only.
#
<Directory "/home/*/public_html">
    AllowOverride FileInfo AuthConfig Limit Indexes
    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    Require method GET POST OPTIONS
</Directory>

//在用户家目录中建立用于保存网站数据的目录及首页面信息。另外，还需要把家目录的权限修改为755，保证其他人也有权限读取里面的内容

[root@localhost wwwroot]# su - linuxprobe
[linuxprobe@localhost ~]$ mkdir public_html
[linuxprobe@localhost ~]$ echo "This is linuxprobe's website" > public_html/index.html
[linuxprobe@localhost ~]$ chmod -R 755 /home/linuxprobe/
[linuxprobe@localhost ~]$ exit
logout
[root@localhost wwwroot]# systemctl restart httpd

//此次报错的原因：SELinux域的概念。SELinux域确保服务程序不能执行违规的操作，只能本本分分地为用户提供服务。httpd服务中突然开启的这项个人用户主页功能到底有没有被SELinux域默认允许

[root@localhost wwwroot]# getsebool -a | grep http
httpd_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_dontaudit_search_dirs --> off
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> off
httpd_execmem --> off
httpd_graceful_shutdown --> off
httpd_manage_ipa --> off
[root@localhost wwwroot]# setsebool -P httpd_enable_homedirs=on

//生成密码文件

//让用户通过身份验证才能看到里面的内容

[root@localhost wwwroot]# htpasswd -c /etc/httpd/passwd linuxprobe
New password:
Re-type new password:
Adding password for user linuxprobe
 
[root@localhost wwwroot]# vim /etc/httpd/conf.d/userdir.conf
31 <Directory "/home/*/public_html">
32     AllowOverride all
33     #刚刚生成出的密码验证文件保存路径
34     authuserfile "/etc/httpd/passwd"
35     #当用户访问网站时的提示信息
36     authname "My Privately website"
37     #验证方式为密码模式
38     authtype basic
39     #访问网站时需要验证的用户名称
40     require user linuxprobe
41 </Directory>

虚拟主机

[root@localhost ~]# mkdir -p /home/wwwroot/10
[root@localhost ~]# mkdir -p /home/wwwroot/20
[root@localhost ~]# mkdir -p /home/wwwroot/30
[root@localhost ~]# echo "IP:192.168.10.10" > /home/wwwroot/10/index.html
[root@localhost ~]# echo "IP:192.168.10.20" > /home/wwwroot/20/index.html
[root@localhost ~]# echo "IP:192.168.10.30" > /home/wwwroot/30/index.html
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
<VirtualHost 192.168.95.102>
        DocumentRoot /home/wwwroot/10
        ServerName www.linuxprobe.com
        <Directory /home/wwwroot/10>
        AllowOverride None
        Require all granted
        </Directory>
</VirtualHost>
 
<VirtualHost 192.168.95.104>
         DocumentRoot /home/wwwroot/20
         ServerName www.linuxcool.com
         <Directory /home/wwwroot/10>
         AllowOverride None
         Require all granted
         </Directory>
</VirtualHost>
 
<VirtualHost 192.168.95.105>
          DocumentRoot /home/wwwroot/30
          ServerName www.linuxdown.com
          <Directory /home/wwwroot/10>
          AllowOverride None
          Require all granted
          </Directory>
</VirtualHost>

当服务器无法为每个网站都分配一个独立IP地址的时候，可以尝试让Apache自动识别用户请求的域名

[root@localhost conf]# vim /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.95.102 www.linuxprobe.com www.linuxcool.com www.linuxdown.com
 
 
[root@localhost conf]# ping -c 4 www.linuxprobe.com
PING www.linuxprobe.com (192.168.95.102) 56(84) bytes of data.
64 bytes from www.linuxprobe.com (192.168.95.102): icmp_seq=1 ttl=64 time=0.039 ms
64 bytes from www.linuxprobe.com (192.168.95.102): icmp_seq=2 ttl=64 time=0.058 ms
64 bytes from www.linuxprobe.com (192.168.95.102): icmp_seq=3 ttl=64 time=0.048 ms
64 bytes from www.linuxprobe.com (192.168.95.102): icmp_seq=4 ttl=64 time=0.049 ms
 
--- www.linuxprobe.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3068ms
rtt min/avg/max/mdev = 0.039/0.048/0.058/0.009 ms

//基于主机域名

[root@localhost ~]# mkdir -p /home/wwwroot/linuxprobe
[root@localhost ~]# mkdir -p /home/wwwroot/linuxcool
[root@localhost ~]# mkdir -p /home/wwwroot/linuxdown
[root@localhost ~]# echo "www.linuxprobe.com" > /home/wwwroot/linuxprobe/index.html
[root@localhost ~]# echo "www.linuxcool.com" > /home/wwwroot/linuxcool/index.html
[root@localhost ~]# echo "www.linuxdown.com" > /home/wwwroot/linuxdown/index.html
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
<VirtualHost 192.168.95.102>
        DocumentRoot /home/wwwroot/linuxprobe
        ServerName www.linuxprobe.com
        <Directory /home/wwwroot/linuxprobe>
        AllowOverride None
        Require all granted
        </Directory>
</VirtualHost>
<VirtualHost 192.168.95.102>
         DocumentRoot /home/wwwroot/linuxcool
         ServerName www.linuxcool.com
         <Directory /home/wwwroot/linuxcool>
         AllowOverride None
         Require all granted
         </Directory>
</VirtualHost>
<VirtualHost 192.168.95.102>
          DocumentRoot /home/wwwroot/linuxdown
          ServerName www.linuxdown.com
          <Directory /home/wwwroot/linuxdown>
          AllowOverride None
          Require all granted
          </Directory>
</VirtualHost>

//基于主机端口

[root@localhost ~]# mkdir -p /home/wwwroot/6111
[root@localhost ~]# mkdir -p /home/wwwroot/6222
[root@localhost ~]# mkdir -p /home/wwwroot/6333
[root@localhost ~]# echo "port:6111" > /home/wwwroot/6111/index.html
[root@localhost ~]# echo "port:6222" > /home/wwwroot/6222/index.html
[root@localhost ~]# echo "port:6333" > /home/wwwroot/6333/index.html
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
<VirtualHost 192.168.95.102:6111>
        DocumentRoot /home/wwwroot/6111
        ServerName www.linuxprobe.com
        <Directory /home/wwwroot/6111>
        AllowOverride None
        Require all granted
        </Directory>
</VirtualHost>
<VirtualHost 192.168.95.102:6222>
         DocumentRoot /home/wwwroot/6222
         ServerName www.linuxcool.com
         <Directory /home/wwwroot/6222>
         AllowOverride None
         Require all granted
         </Directory>
</VirtualHost>
<VirtualHost 192.168.95.102:6333>
          DocumentRoot /home/wwwroot/6333
          ServerName www.linuxdown.com
          <Directory /home/wwwroot/6333>
          AllowOverride None
          Require all granted
          </Directory>
</VirtualHost>
 
#Listen 12.34.56.78:80
Listen 80
Listen 6111
Listen 6222
Listen 6333
 
[root@localhost ~]# semanage port -a -t http_port_t -p tcp 6111
[root@localhost ~]# semanage port -a -t http_port_t -p tcp 6222
[root@localhost ~]# semanage port -a -t http_port_t -p tcp 6333
[root@localhost ~]# systemctl restart httpd.service