11.18 Apache用户认证 - 11.19/11.20 域名跳转 - 11.21 Apache访问日志

-11.18Apache用户认证-11.19/11.20域名跳转-11.21Apache访问日志-扩展-apache虚拟主机开启php的短标签http://ask.apelearn.com/question/5370#11.18apache用户认证###httpd的用户认证-vim/usr/local/apache2.4/conf/extra/httpd-vhosts.conf//把123.com那个虚拟主机编辑成如下内容```<VirtualHost*:80>DocumentRoot"/data/wwwroot/www.123.com"ServerNamewww.123.com<Directory/data/wwwroot/www.123.com>//指定认证的目录AllowOverrideAuthConfig//这个相当于打开认证的开关AuthName"123.comuserauth"//自定义认证的名字，作用不大AuthTypeBasic//认证的类型，一般为Basic，其他类型阿铭没用过AuthUserFile/data/.htpasswd//指定密码文件所在位置requirevalid-user//指定需要认证的用户为全部可用用户</Directory></VirtualHost>/usr/local/apache2.4/bin/htpasswd-cm/data/.htpasswdaming```-先开打虚拟主机配置文件```[root@localhost~]#vim/usr/local/apache2.4/conf/extra/httpd-vhosts.conf#Pleaseseethedocumentationat#<URL:http://httpd.apache.org/docs/2.4/vhosts/>#forfurtherdetailsbeforeyoutrytosetupvirtualhosts.##Youmayusethecommandlineoption‘-S‘toverifyyourvirtualhost#configuration.##VirtualHostexample:#AlmostanyApachedirectivemaygointoaVirtualHostcontainer.#ThefirstVirtualHostsectionisusedforallrequeststhatdonot#matchaServerNameorServerAliasinany<VirtualHost>block.#<VirtualHost*:80>DocumentRoot"/data/wwwroot/abc.com"ServerNameabc.comServerAliaswww.abc.comwww.123.comErrorLog"logs/abc.com-error_log"CustomLog"logs/abc.com-access_log"common</VirtualHost><VirtualHost*:80>DocumentRoot"/data/wwwroot/111.com"ServerName111.comServerAliaswww.example.comErrorLog"logs/111.com-error_log"CustomLog"logs/111.com-access_log"common</VirtualHost>37,593%```-把文件内容改为```#VirtualHostexample:#AlmostanyApachedirectivemaygointoaVirtualHostcontainer.#ThefirstVirtualHostsectionisusedforallrequeststhatdonot#matchaServerNameorServerAliasinany<VirtualHost>block.#<VirtualHost*:80>DocumentRoot"/data/wwwroot/abc.com"ServerNameabc.comServerAliaswww.abc.comwww.123.comErrorLog"logs/abc.com-error_log"CustomLog"logs/abc.com-access_log"common</VirtualHost><VirtualHost*:80>DocumentRoot"/data/wwwroot/111.com"ServerName111.comServerAliaswww.example.com<Directory/data/wwwroot/111.com>AllowOverrideAuthConfigAuthName"111.comuserauth"AuthTypeBasicAuthUserFile/data/.htpasswdrequirevalid-user</Directory>ErrorLog"logs/111.com-error_log"CustomLog"logs/111.com-access_log"common</VirtualHost>:wq```-/usr/local/apache2.4/bin/htpasswd-c-m/data/.htpasswdaming--c是creaate创建用户-m是使用MD5方式加密/data/.htpasswd指定密码文件目录aming是创建的新用户```[root@localhost~]#vim/usr/local/apache2.4/conf/extra/httpd-vhosts.conf[root@localhost~]#/usr/local/apache2.4/bin/htpasswd-c-m/data/.htpasswdamingNewpassword:Re-typenewpassword:Addingpasswordforuseraming[root@localhost~]#[root@localhost~]#cat/data/.htpasswdaming:$apr1$EXwYfiem$WmlVecIGEuLU781VJMO6y/[root@localhost~]#ls/data/.htpasswd/data/.htpasswd[root@localhost~]#```-再增加一个用户zhangsan```[root@localhost~]#/usr/local/apache2.4/bin/htpasswd-m/data/.htpasswdzhangsanNewpassword:Re-typenewpassword:Addingpasswordforuserzhangsan[root@localhost~]#[root@localhost~]#cat/data/.htpasswdaming:$apr1$hRjEjYks$LpCPxZ/PUOvox0ZE5Qea9.zhangsan:$apr1$cwKQ8Lwu$P.iw/DySVIn2sBrAF3AUb0[root@localhost~]#```-重新加载配置-t,graceful绑定hosts，浏览器测试-curl-x127.0.0.1:80www.123.com//状态码为401-curl-x127.0.0.1:80-uaming:passwdwww.123.com//状态码为200```[root@localhost~]#/usr/local/apache2.4/bin/apachectl-tSyntaxOK[root@localhost~]#/usr/local/apache2.4/bin/apachectlgraceful[root@localhost~]#[root@localhost~]#curl-x127.0.0.1:80111.com<!DOCTYPEHTMLPUBLIC"-//IETF//DTDHTML2.0//EN"><html><head><title>401Unauthorized</title></head><body><h1>Unauthorized</h1><p>Thisservercouldnotverifythatyouareauthorizedtoaccessthedocumentrequested.Eitheryousuppliedthewrongcredentials(e.g.,badpassword),oryourbrowserdoesn‘tunderstandhowtosupplythecredentialsrequired.</p></body></html>[root@localhost~]#[root@localhost~]#curl-x127.0.0.1:80111.com-IHTTP/1.1401UnauthorizedDate:Sun,08Oct201714:59:22GMTServer:Apache/2.4.27(Unix)PHP/7.1.6WWW-Authenticate:Basicrealm="111.comuserauth"Content-Type:text/html;charset=iso-8859-1[root@localhost~]#```-401这个状态码，是说明你访问的内容需要做用户验证-同样也可以在浏览器里面看下，前提你要在windowshosts文件里定义111.com-![mark](http://oqxf7c508.bkt.clouddn.com/blog/20171008/230249462.png?imageslim)```[root@localhost~]#curl-x127.0.0.1:80-uaming:123456111.com-IHTTP/1.1200OKDate:Sun,08Oct201715:50:41GMTServer:Apache/2.4.27(Unix)PHP/7.1.6X-Powered-By:PHP/7.1.6Content-Type:text/html;charset=UTF-8[root@localhost~]#curl-x127.0.0.1:80-uaming:123456111.com111.com[root@localhost~]#```-故意输错密码,又是这样```111.com[root@localhost~]#curl-x127.0.0.1:80-uaming:12345111.com<!DOCTYPEHTMLPUBLIC"-//IETF//DTDHTML2.0//EN"><html><head><title>401Unauthorized</title></head><body><h1>Unauthorized</h1><p>Thisservercouldnotverifythatyouareauthorizedtoaccessthedocumentrequested.Eitheryousuppliedthewrongcredentials(e.g.,badpassword),oryourbrowserdoesn‘tunderstandhowtosupplythecredentialsrequired.</p></body></html>[root@localhost~]#```-关于用户认证还有另一种需求，不想针对所有的目录，一个网站总有一个敏感信息，比如一些后台访问的数据，做一个认证，针对某一个文件，做一个认证-打开配置文件```<VirtualHost*:80>DocumentRoot"/data/wwwroot/111.com"ServerName111.comServerAliaswww.example.com#<Directory/data/wwwroot/111.com><FilesMatch123.php>AllowOverrideAuthConfigAuthName"111.comuserauth"AuthTypeBasicAuthUserFile/data/.htpasswdrequirevalid-user<FilesMatch>#</Directory>ErrorLog"logs/111.com-error_log"CustomLog"logs/111.com-access_log"common</VirtualHost>:wq```-把diretory注释掉，换上<FilesMatch123.php>```[root@localhost~]#!vivim/usr/local/apache2.4/conf/extra/httpd-vhosts.conf[root@localhost~]#/usr/local/apache2.4/bin/apachectl-t[root@localhost~]#/usr/local/apache2.4/bin/apachectlgraceful[root@localhost~]#vim/data/wwwroot/111.com/123.php<?echo"123.php";~~[root@localhost~]#vim/data/wwwroot/111.com/123.php[root@localhost~]#!curlcurl-x127.0.0.1:80-uaming:12345111.com111.com[root@localhost~]#curl-x127.0.0.1:80111.com111.com[root@localhost~]#curl-x127.0.0.1:80111.com-IHTTP/1.1200OKDate:Sun,08Oct201716:20:06GMTServer:Apache/2.4.27(Unix)PHP/7.1.6X-Powered-By:PHP/7.1.6Content-Type:text/html;charset=UTF-8[root@localhost~]#```-当使用123.php的时候```[root@localhost~]#curl-x127.0.0.1:80-uaming:123456111.com/123.php-IHTTP/1.1200OKDate:Sun,08Oct201716:21:36GMTServer:Apache/2.4.27(Unix)PHP/7.1.6X-Powered-By:PHP/7.1.6Content-Type:text/html;charset=UTF-8[root@localhost~]#[root@localhost~]#curl-x127.0.0.1:80-uaming:123456111.com/123.php123.php[root@localhost~]#[root@localhost~]#[root@localhost~]#[root@localhost~]#[root@localhost~]#```#11.19域名跳转上-需求，把123.com域名跳转到www.123.com，配置如下：```<VirtualHost*:80>DocumentRoot"/data/wwwroot/www.123.com"ServerNamewww.123.comServerAlias123.com<IfModulemod_rewrite.c>//需要mod_rewrite模块支持RewriteEngineon//打开rewrite功能RewriteCond%{HTTP_HOST}!^www.123.com$//定义rewrite的条件，主机名（域名）不是www.123.com满足条件RewriteRule^/(.*)$http://www.123.com/$1[R=301,L]//定义rewrite规则，当满足上面的条件时，这条规则才会执行</IfModule></VirtualHost>```-/usr/local/apache2/bin/apachectl-M|grep-irewrite//若无该模块，需要编辑配置文件httpd.conf，删除rewrite_module(shared)前面的#curl-x127.0.0.1:80-I123.com//状态码为301-首先打开虚拟主机配置文件,把之前的配置的参数注释掉，暂时不用它了```[root@localhost~]#vim/usr/local/apache2.4/conf/extra/httpd-vhosts.conf#Youmayusethecommandlineoption‘-S‘toverifyyourvirtualhost#configuration.##VirtualHostexample:#AlmostanyApachedirectivemaygointoaVirtualHostcontainer.#ThefirstVirtualHostsectionisusedforallrequeststhatdonot#matchaServerNameorServerAliasinany<VirtualHost>block.#<VirtualHost*:80>DocumentRoot"/data/wwwroot/abc.com"ServerNameabc.comServerAliaswww.abc.comwww.123.comErrorLog"logs/abc.com-error_log"CustomLog"logs/abc.com-access_log"common</VirtualHost><VirtualHost*:80>DocumentRoot"/data/wwwroot/111.com"ServerName111.comServerAliaswww.example.com#<Directory/data/wwwroot/111.com><FilesMatch123.php>AllowOverrideAuthConfigAuthName"111.comuserauth"AuthTypeBasicAuthUserFile/data/.htpasswdrequirevalid-user</FilesMatch>#</Directory>ErrorLog"logs/111.com-error_log"CustomLog"logs/111.com-access_log"common</VirtualHost>46,195%```-打开注释掉之前配置的，```</VirtualHost><VirtualHost*:80>DocumentRoot"/data/wwwroot/111.com"ServerName111.comServerAliaswww.example.com#<Directory/data/wwwroot/111.com>#<FilesMatch123.php>#AllowOverrideAuthConfig#AuthName"111.comuserauth"#AuthTypeBasic#AuthUserFile/data/.htpasswd#requirevalid-user#</FilesMatch>#</Directory><IfModulemod_rewrite.c>//需要mod_rewrite模块支持RewriteEngineon//打开rewrite功能on表示打开RewriteCond%{HTTP_HOST}!^111.com$//定义rewrite的条件，主机名（域名）不是111.com满足条件！表示取反的意思，不是111.comRewriteRule^/(.*)$http://www.123.com/$1[R=301,L]//定义rewrite规则，当满>足上面的条件时，这条规则才会执行</IfModule>```-写好后，退出保存```<VirtualHost*:80>DocumentRoot"/data/wwwroot/111.com"ServerName111.comServerAliaswww.example.com2111.com.cn#<Directory/data/wwwroot/111.com>#<FilesMatch123.php>#AllowOverrideAuthConfig#AuthName"111.comuserauth"#AuthTypeBasic#AuthUserFile/data/.htpasswd#requirevalid-user#</FilesMatch>#</Directory><IfModulemod_rewrite.c>RewriteEngineonRewriteCond%{HTTP_HOST}!^111.com$RewriteRule^/(.*)$http://111.com/$1[R=301,L]</IfModule>ErrorLog"logs/111.com-error_log"CustomLog"logs/111.com-access_log"common</VirtualHost>:wq[root@localhost~]#vim/usr/local/apache2.4/conf/extra/httpd-vhosts.conf[1]+已停止vim/usr/local/apache2.4/conf/extra/httpd-vhosts.conf[root@localhost~]#ls/data/wwwroot/111.com/123.phpindex.php[root@localhost~]#fgvim/usr/local/apache2.4/conf/extra/httpd-vhosts.conf[root@localhost~]#```#11.20域名跳转下-改好配置文件需要重新检测加载一下```vim/usr/local/apache2.4/conf/extra/httpd-vhosts.conf[root@localhost~]#/usr/local/apache2.4/bin/apachectl-tSyntaxOK[root@localhost~]#/usr/local/apache2.4/bin/apachectlgracefulhttpdnotrunning,tryingtostart[root@localhost~]#/usr/local/apache2.4/bin/apachectlstarthttpd(pid2297)alreadyrunning[root@localhost~]#/usr/local/apache2.4/bin/apachectlgraceful[root@localhost~]#```-需要先检测一下apache有没有加载rewrite模块```[root@localhost~]#/usr/local/apache2.4/bin/apachectl-M|greprewrite```-因为我们在编译的时候指定了most，所有这个模块一定存在的，如果没有，那就需要打开配置文件，搜下rewrite```[root@localhost~]#vi/usr/local/apache2.4/conf/httpd.conf#LoadModulespeling_modulemodules/mod_speling.so#LoadModuleuserdir_modulemodules/mod_userdir.soLoadModulealias_modulemodules/mod_alias.so#LoadModulerewrite_modulemodules/mod_rewrite.so#LoadModulephp5_modulemodules/libphp5.soLoadModulephp7_modulemodules/libphp7.so<IfModuleunixd_module>##Ifyouwishhttpdtorunasadifferentuserorgroup,youmustrun#httpdasrootinitiallyanditwillswitch.##User/Group:Thename(or#number)oftheuser/grouptorunhttpdas.#Itisusuallygoodpracticetocreateadedicateduserandgroupfor#runninghttpd,aswithmostsystemservices.#```-把#LoadModulerewrite_modulemodules/mod_rewrite.so这一行#去掉，让这个模块可以加载出来```LoadModulerewrite_modulemodules/mod_rewrite.so#LoadModulephp5_modulemodules/libphp5.soLoadModulephp7_modulemodules/libphp7.so<IfModuleunixd_module>##Ifyouwishhttpdtorunasadifferentuserorgroup,youmustrun#httpdasrootinitiallyanditwillswitch.##User/Group:Thename(or#number)oftheuser/grouptorunhttpdas.#Itisusuallygoodpracticetocreateadedicateduserandgroupfor#runninghttpd,aswithmostsystemservices.#:wq[root@localhost~]#vi/usr/local/apache2.4/conf/httpd.conf[root@localhost~]#/usr/local/apache2.4/bin/apachectl-tSyntaxOK[root@localhost~]#/usr/local/apache2.4/bin/apachectlgraceful[root@localhost~]#/usr/local/apache2.4/bin/apachectl-M|greprewriterewrite_module(shared)[root@localhost~]#```-模块现在加载出来了-cat下虚拟主机配置文件内容```[root@localhost~]#cat/usr/local/apache2.4/conf/extra/httpd-vhosts.conf<VirtualHost*:80>DocumentRoot"/data/wwwroot/111.com"ServerName111.comServerAliaswww.example.com2111.com.cn#<Directory/data/wwwroot/111.com>#<FilesMatch123.php>#AllowOverrideAuthConfig#AuthName"111.comuserauth"#AuthTypeBasic#AuthUserFile/data/.htpasswd#requirevalid-user#</FilesMatch>#</Directory><IfModulemod_rewrite.c>RewriteEngineonRewriteCond%{HTTP_HOST}!^111.com$RewriteRule^/(.*)$http://111.com/$1[R=301,L]</IfModule>ErrorLog"logs/111.com-error_log"CustomLog"logs/111.com-access_log"common</VirtualHost>[root@localhost~]#```-再来看下```[root@localhost~]#netstat-lntpActiveInternetconnections(onlyservers)ProtoRecv-QSend-QLocalAddressForeignAddressStatePID/Programnametcp000.0.0.0:220.0.0.0:*LISTEN839/sshdtcp00127.0.0.1:250.0.0.0:*LISTEN1605/mastertcp600:::3306:::*LISTEN1257/mysqldtcp600:::80:::*LISTEN2297/httpdtcp600:::22:::*LISTEN839/sshdtcp600::1:25:::*LISTEN1605/master[root@localhost~]#ifconfigens33:flags=4163<UP,BROADCAST,RUNNING,MULTICAST>mtu1500inet192.168.202.131netmask255.255.255.0broadcast192.168.202.255inet6fe80::ecdd:28b7:612b:cb7prefixlen64scopeid0x20<link>ether00:0c:29:2e:28:f2txqueuelen1000(Ethernet)RXpackets2376bytes228809(223.4KiB)RXerrors0dropped0overruns0frame0TXpackets1777bytes244117(238.3KiB)TXerrors0dropped0overruns0carrier0collisions0lo:flags=73<UP,LOOPBACK,RUNNING>mtu65536inet127.0.0.1netmask255.0.0.0inet6::1prefixlen128scopeid0x10<host>looptxqueuelen1(LocalLoopback)RXpackets72bytes6260(6.1KiB)RXerrors0dropped0overruns0frame0TXpackets72bytes6260(6.1KiB)TXerrors0dropped0overruns0carrier0collisions0[root@localhost~]#curl-x192.168.202.131:80111.com111.com[root@localhost~]#[root@localhost~]#curl-x192.168.202.131:802111.com.cn-IHTTP/1.1200OKDate:Mon,09Oct201712:30:02GMTServer:Apache/2.4.27(Unix)PHP/7.1.6X-Powered-By:PHP/7.1.6Content-Type:text/html;charset=UTF-8[root@localhost~]#curl-x192.168.202.131:802111.com.cnabc.com[root@localhost~]#[root@localhost~]#curl-x192.168.202.131:80111.com/123.php-IHTTP/1.1200OKDate:Mon,09Oct201712:32:46GMTServer:Apache/2.4.27(Unix)PHP/7.1.6X-Powered-By:PHP/7.1.6Content-Type:text/html;charset=UTF-8```-如果把配置文件里面的granted改为denied就会变成403```[root@localhost~]#vim/usr/local/apache2.4/conf/httpd.conf#Denyaccesstotheentiretyofyourserver‘sfilesystem.Youmust#explicitlypermitaccesstowebcontentdirectoriesinother#<Directory>blocksbelow.#<Directory/>AllowOverridenone#RequireallgrantedRequirealldenied</Directory>[root@localhost~]#/usr/local/apache2.4/bin/apachectl-tSyntaxOK[root@localhost~]#/usr/local/apache2.4/bin/apachectlgraceful[root@localhost~]#curl-x192.168.202.131:80http://111.com/123.php-IHTTP/1.1403ForbiddenDate:Mon,09Oct201712:37:18GMTServer:Apache/2.4.27(Unix)PHP/7.1.6Content-Type:text/html;charset=iso-8859-1[root@localhost~]#```-再进入配置文件把它改回granted```<Directory/>AllowOverridenoneRequireallgranted</Directory>##Notethatfromthispointforwardyoumustspecificallyallow#particularfeaturestobeenabled-soifsomething‘snotworkingas#youmightexpect,makesurethatyouhavespecificallyenabledit#below.###DocumentRoot:Thedirectoryoutofwhichyouwillserveyour#documents.Bydefault,allrequestsaretakenfromthisdirectory,but#symboliclinksandaliasesmaybeusedtopointtootherlocations.:wq```-现在再来访问就好了```[root@localhost~]#vim/usr/local/apache2.4/conf/httpd.conf[root@localhost~]#/usr/local/apache2.4/bin/apachectl-tSyntaxOK[root@localhost~]#/usr/local/apache2.4/bin/apachectlgraceful[root@localhost~]#curl-x192.168.202.131:80http://111.com/123.php-IHTTP/1.1200OKDate:Mon,09Oct201712:41:18GMTServer:Apache/2.4.27(Unix)PHP/7.1.6X-Powered-By:PHP/7.1.6Content-Type:text/html;charset=UTF-8[root@localhost~]#```