This is the 22nd day of my participation in the August Wen Challenge.More challenges in August

preface

Apache HTTP Server is one of the most widely used Web servers in the industry, supporting HTTP, HTTPS protocol, forward, reverse proxy and other functions. But for its configuration and use there are still a lot of friends are not clear, today we will come to understand the basic configuration and use.

The installation

Yum -y install HTTPD systemctl start HTTPD systemctl enable HTTPD # stop firewalld systemctl disable Firewalld setenforce 0 # modify /etc/selinux/config selinux =disabledCopy the code

The HTTP configuration

After installing HTTPD, the HTTPD service is started. To see the Apache HTTP Server welcome page, visit the Server’s http://{server_ip}.

Modify the welcome page

Create index.html under /var/www/html

<! DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta  name="viewport" content="width=device-width, Initial - scale = 1.0 "> < title > Document < / title > < script SRC =" https://cdn.jsdelivr.net/npm/[email protected]/dist/vue.js "> < / script > The < body > < div id = "appv" > please enter the content: < br > < br > < textarea rows = "" cols =" "v - model =" info "> < / textarea > <! -- <input v-model="info"> --> <p style="white-space: pre-line;" > you input content is: < br > < br > {{info}} < / p > < / div > < script > = new app Vue ({el: "# appv," data: {info: "placeholder", } }) </script> </body> </html>Copy the code

Revisit: http://{server_ip}

You can find 403 Forbidden, the request is rejected, why? Since the default permission for the new index.html file is 640, we need to give the Apache user 646 permission to view the index.html file

chmod 646 index.html
Copy the code

Try again

In fact, in the development and testing phase, we can put the packaged static website directly into the path of /var/www/html, and then realize the site hosting in Apache HTTP Server.

HTTPS configuration

In an HTTP configuration, we try to access https://{server_ip} :

You will find that our request is rejected and the browser cannot access the Web Server through HTTPS. Now let’s configure Apache HTTP Server to support HTTPS.

Install dependencies

yum -y install mod_ssl openssl httpd
Copy the code

Certificate Configuration

Example Create a directory for storing the CA certificate

mkdir /etc/httpd/ca
Copy the code

The HTTPS configuration is displayed

Modify/etc/HTTPD/conf. D/SSL. Conf

Make sure the configuration items are the same as the following.

Listen 443 https DocumentRoot "/var/www/html" ServerName apache.xyc.com:443 ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite HIGH:3DES:! aNULL:! MD5:! SEED:! IDEA SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:! aNULL:! MD5 SSLHonorCipherOrder on SSLCertificateFile /etc/pki/tls/certs/apache.xyc.com.crt SSLCertificateKeyFile /etc/pki/tls/private/apache.xyc.com.keyCopy the code

Create a key certificate

Create a certificate in /etc/httpd/ca/.

cd /etc/httpd/ca/
openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 1000 -out ca.crt

openssl req -newkey rsa:4096 -nodes -sha256 -keyout apache.xyc.com.key -out apache.xyc.com.csr

openssl x509 -req -days 365 -in apache.xyc.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out apache.xyc.com.crt
Copy the code

Copy the certificate to /etc/pki/tls/xx.

cp apache.xyc.com.crt /etc/pki/tls/certs/
cp apache.xyc.com.key /etc/pki/tls/private/
Copy the code

Restart the HTTPD service:

systemctl restart httpd
Copy the code

HTTPS test

Visit https://{server_ip} again:

We click advanced, continue to open our page.

That’s it for Apache HTTP Server. Stay tuned for more.