Deployment of Apache website services and implementation of access control

WebServer Commonly used Apache、IIS、nginx、Tomcat

• Apache HTTP The server It's a modular The server , It can run on almost all widely used computer platforms . It belongs to application The server .Apache There are many supporting modules , Stable performance ,Apache It's static parsing , Suitable for static HTML、 Pictures, etc , But you can extend the script 、 Modules support dynamic pages, etc .
• IIS It's a kind of web Service components , These include Web The server 、FTP The server 、NNTP The server and SMTP The server , For web browsing 、 File transfer 、 News service and email delivery , It makes it easy to send information on the network . but IIS It can only run on Windows platform .
• Nginx It's a lightweight model Web The server / Reverse proxy server and email （IMAP/POP3） proxy server . By Russian programmers Igor Sysoev The development of , For Russia's large-scale portal websites and search engines Rambler（ ru ：Рамблер） Use . It is characterized by less memory , Strong concurrency , And support load balancing , in fact nginx The concurrency of, and indeed in the same type of web server performance better .
• Tomcat By Apache One developed Servlet Containers , Realized with Servlet and JSP Support for , And offered as Web Some unique features of the server , Such as Tomcat Management and control platform 、 Security domain management and Tomcat Valve, etc . Think of it as Apache An extension of , But it can be independent of Apache function . In practice Apache And Tomcat It's often integrated use . If the client requests a static page , You just need to Apache Server responds to requests . If the client requests a dynamic page , It is Tomcat Server responds to requests . because JSP The server interprets the code , So consolidation can reduce Tomcat Service cost of . You can understand Tomcat by Apache An extension of .

With RedHat Linux 6 For example

First, simply deploy Apache Website

• First step ： Source code compilation and installation

Download the source package Baidu disk password ：0x96

• apr-1.4.6.tar.gz
• apr-util-1.4.1.tar.gz
• http-2.4.2.tar.gz

among apr、apr-util Package support Apache The upper application is cross platform , Provide the underlying interface library

1. decompression apr、apr-util、http Package to /opt Under the table of contents

.tar.gz -C /opt
 tar zxvf apr-util-.tar.gz -C /opt
 tar zxvf http-

2. After decompressing apr、apr-util Copy the package to http Package's srclib Under the table of contents

cp -R  apr/srclib/apr
cp -R  apr-util

3. Install the compilation environment software package gcc 、 gcc-c++ 、 make 、 pcre、pcre-devel,pcre yes One Perl library , regular expression （ use yum Warehouse installation ）

establish yum For detailed steps of warehouse, please refer to Linux Pass through rdesktop Remote login Windows System

4. According to the actual needs of the server , Flexibly set different customization options , Such as specifying the installation path , Enable character set support .

./configure \ --prefix=/usr/local/httpd \ --enable-so \ --enable-rewrite \ --enable-charset-lite \ --enable-cgi

In the above configuration command , The meaning of each option is as follows ：

• --prefix: Specify the httpd Under which directory is the service program installed .
• --enable-so: Enable dynamic load module support , send httpd With the ability to further expand functions .
• --enable-rewrite: Enable Web address rewriting , For website optimization and directory migration and maintenance .
• --enable-charset-lite: Enable character set support , In order to support the use of a variety of character set encoding web pages . ---enable-cgi: Enable CGI Scripting support , Easy to expand the application access ability of the website .

5. Compile and install

After configuration , perform “make” Command to compile , Convert source code into executable programs , And then execute “make install” Command to complete the final installation process , among make The process may take a long time .

make install

6. Confirm the installation result

bin  build  cgi-bin  conf  error  htdocs  icons  

• /usr/local/httpd/bin: Deposit httpd Various executable program files of the service , Including main program httpd、 Service control tools apachectl.
• /usr/local/httpd/conf: Deposit httpd Various configuration files of services , Include master configuration file httpd.conf、 Enhanced configuration subdirectory extra etc. .
• /usr/local/httpd/htdocs: Store web documents , Including the default homepage .
• /usr/local/httpd/logs: Deposit httpd Log files for services .
• /usr/local/httpd/modules: Deposit httpd Various module files of the service .
• /usr/local/httpd/cgi-bin: Store all kinds of CGI Program files .

7. add to httpd system service

In order to facilitate the passage chkconfig Conduct management httpd system service , You need to build controllable service scripts . Can be apachectl The script is copied as /etc/init.d/httpd, And add... At the beginning of the file chkconfig Identify the configuration .

vim /etc/init.d/httpd    // Add... At the beginning of the file 

chkconfig 
chkconfig 

• The second step : Configure and start httpd service 1. Establish soft links to facilitate the management of configuration files

 /etc/httpd.conf
    www.benet.com  // Set the site name 
   192.168.10.10:80   // monitor web Server native IPV4 Address 

2. Check the syntax of the configuration file

use “-t” Option apachectl Command to syntax check the configuration content , Show “Syntax OK” Description no syntax error .

[[email protected]
Syntax OK

3. start-up httpd service

Normal start httpd After the service , By default, it will listen tcp Agreed 80 port .

[[email protected]
tcp        

• The third step ： test Apache Website close Apache The firewall of the server

And then to Apache Website access control

In order to better control the access to website resources , You can add access authorization for specific website directories .

• Client address restrictions Through configuration items Order、Deny from 、Allow from, It can be based on the host name of the client or ip The address determines whether clients are allowed to access . among Order The configuration item is used to set the restriction order ,Deny from and Allow from Configuration items are used to set specific restrictions .

vim /etc/httpd.conf
  <Directory >
      ........     
      Order deny,allow
      Deny 
  </Directory>      

Use the client ip The address is 192.168.10.0 Network segment test

• User authorization restrictions

User based access control includes authentication and authorization , Authentication is the process of identifying users , Authorization is the process of allowing specific users to access specific directory areas . Take the basic authentication method as an example , Add user authorization restrictions .

1. Create a virtual site directory （/opt/test）

[[email protected]

2. Create user data authentication file

Use special htpasswd Tools create authorized user data files , You must specify the location of the user data file .

New password:        Set the password according to the prompt 
Re-type  password: 
Adding password  user zhangsan
[[email protected]
zhangsan:

3. Add user authorization configuration

After having an authorized account , You also need to load a separate configuration file , Enable it to add authorization configuration in a specific directory area , To enable basic authentication .

[[email protected]
  Alias /test 

<Directory 
    Options Indexes MultiViews FollowSymLinks 
    AllowOverride None               
    AuthName 
    authtype basic                 
    authuserfile /etc/httpd/user  

    


</Directory>

4. Client test