[root@root ~]# vim /etc/httpd/conf/httpd.conf ………………省略部分输出信息……………… 113 114 # 115 # DocumentRoot: The directory out of which you will serve your 116 # documents. By default, all requests are taken from this directory, but 117 # symbolic links and aliases may be used to point to other locations. 118 # 119 DocumentRoot "/var/www/html" #将其改为自建站点主目录 120 121 # 122 # Relax access to content within /var/www. 123 # 124 <Directory "/var/www/html"> #将其改为自建站点主目录 125 AllowOverride None 126 # Allow open access: 127 Require all granted 128 </Directory> ………………省略部分输出信息……………… [root@root ~]# systemctl restart httpd #重启服务,使其生效
SELinxu限制Apache服务导致的“Forbidden,You don’t have permission to access /index.html on this server.”解决
[root@root ~]# vim /etc/httpd/conf.d/userdir.conf 1 # 2 # UserDir: The name of the directory that is appended onto a user's home 3 # directory if a ~user request is received. 4 # 5 # The path to the end user account 'public_html' directory must be 6 # accessible to the webserver userid. This usually means that ~userid 7 # must have permissions of 711, ~userid/public_html must have permissions 8 # of 755, and documents contained therein must be world-readable. 9 # Otherwise, the client will only receive a "403 Forbidden" message. 10 # 11 <IfModule mod_userdir.c> 12 # 13 # UserDir is disabled by default since it can confirm the presence 14 # of a username on the system (depending on home directory 15 # permissions). 16 # 17 # UserDir disabled #加上井号 18 19 # 20 # To enable requests to /~user/ to serve the user's public_html 21 # directory, remove the "UserDir disabled" line above, and uncomment 22 # the following line instead: 23 # 24 UserDir public_html #去掉井号 25 </IfModule> 26 27 # 28 # Control access to UserDir directories. The following is an example 29 # for a site where these directories are restricted to read-only. 30 # 31 <Directory "/home/*/public_html"> 32 AllowOverride FileInfo AuthConfig Limit Indexes 33 Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec 34 Require method GET POST OPTIONS 35 </Directory>
在用户家目录中建立用于保存网站数据的目录及首页面文件,并给予权限
1 2 3 4 5 6 7
[root@root home]# su - linuxprobe Last login: Fri May 22 13:17:37 CST 2017 on :0 [linuxprobe@root ~]$ mkdir public_html [linuxprobe@root ~]$ echo "This is linuxprobe's website" > public_html/ index.html [linuxprobe@root ~]$ chmod -Rf 755 /home/linuxprobe [linuxprobe@root ~]# systemctl restart httpd
###使用getsebool 命令查询并过滤出所有与HTTP 协议相关的安全策略 [root@linuxprobe ~]# getsebool -a | grep http httpd_anon_write --> off httpd_builtin_scripting --> on httpd_can_check_spam --> off httpd_can_connect_ftp --> off httpd_can_connect_ldap --> off httpd_can_connect_mythtv --> off httpd_can_connect_zabbix --> off httpd_can_network_connect --> off httpd_can_network_connect_cobbler --> off httpd_can_network_connect_db --> off httpd_can_network_memcache --> off httpd_can_network_relay --> off httpd_can_sendmail --> off httpd_dbus_avahi --> off httpd_dbus_sssd --> off httpd_dontaudit_search_dirs --> off httpd_enable_cgi --> on httpd_enable_ftp_server --> off httpd_enable_homedirs --> off #个人用户禁止状态 httpd_execmem --> off httpd_graceful_shutdown --> on httpd_manage_ipa --> off httpd_mod_auth_ntlm_winbind --> off httpd_mod_auth_pam --> off httpd_read_user_content --> off httpd_run_stickshift --> off httpd_serve_cobbler_files --> off httpd_setrlimit --> off httpd_ssi_exec --> off httpd_sys_script_anon_write --> off httpd_tmp_exec --> off httpd_tty_comm --> off httpd_unified --> off httpd_use_cifs --> off httpd_use_fusefs --> off httpd_use_gpg --> off httpd_use_nfs --> off httpd_use_openstack --> off httpd_use_sasl --> off httpd_verify_dns --> off named_tcp_bind_http_port --> off prosody_bind_http_port --> off [root@root ~]# setsebool -P httpd_enable_homedirs=on #开启个人用户功能
身份验证功能
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
[root@root ~]# htpasswd -c /etc/httpd/passwd linuxprobe #使用htpasswd生成密码数据库 New password:此处输入用于网页验证的密码 Re-type new password:再输入一遍进行确认 Adding password for user linuxprobe [root@linuxprobe ~]# vim /etc/httpd/conf.d/userdir.conf 27 # 28 # Control access to UserDir directories. The following is an example 29 # for a site where these directories are restricted to read-only. 30 # 31 <Directory "/home/*/public_html"> 32 AllowOverride all 33 authuserfile "/etc/httpd/passwd" #刚刚生成出来的密码验证文件保存路径 34 authname "My privately website" #当用户尝试访问个人用户网站时的提示信息 35 authtype basic 36 require user linuxprobe #用户进行账户密码登录时需要验证的用户名称 37 </Directory> [root@linuxprobe ~]# systemctl restart httpd
虚拟主机功能
基于IP地址
使用nmcli配置多ip
1 2
[root@root ~]# nmcli connection add type ethernet con-name [网卡名] ifname [网卡配置文件名] autoconnect yes #为网卡增加配置文件(DHCPi东获取) [root@root ~]# nmcli connection show #查看网卡配置文件是否创建成功