[toc]

Apache用户认证

11.18 Apache用户认证

用户认证功能就是在用户访问网站的时候,需要输入用户名密码才能进行访问。一些比较好总要的站点和网站后台都会加上用户认证,以保证安全。

1.下面对xavi.com站点来做一个全站的用户认证:

vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //把xavi.com那个虚拟主机编辑成如下内容
<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/xavi.com"
    ServerName xavi.com
    <Directory /data/wwwroot/xavi.com> //指定认证的目录
        AllowOverride AuthConfig //这个相当于打开认证的开关
        AuthName "xavi.com user auth" //自定义认证的名字,作用不大
        AuthType Basic //认证的类型,一般为Basic,其他类型阿铭没用过
        AuthUserFile /data/.htpasswd  //指定密码文件所在位置
        require valid-user //指定需要认证的用户为全部可用用户
    </Directory>
</VirtualHost>

2.创建密码htpasswd命令

在创建密码文件先要了解htpasswd命令:
htpasswd命令是Apache的Web服务器内置工具,用于创建和更新储存用户名、域和用户基本认证的密码文件。

[root@xavi ~]# /usr/local/apache2.4/bin/htpasswd -c -m /data/.htpasswd xavi
New password: 
Re-type new password: 
Adding password for user xavi
[root@xavi ~]# ls /data/.htpasswd
/data/.htpasswd
[root@xavi ~]# cat !$
cat /data/.htpasswd
xavi:$apr1$WKpg/kJm$gLaC.HA8/GbaF8g/fSVx/1

2.1 再创建一个用户,重新加载配置-t,graceful

[root@xavi ~]# /usr/local/apache2.4/bin/htpasswd -m /data/.htpasswd lilei
New password: 
Re-type new password: 
Adding password for user lilei
[root@xavi ~]# cat /data/.htpasswd
xavi:$apr1$WKpg/kJm$gLaC.HA8/GbaF8g/fSVx/1
lilei:$apr1$f8p3nVfN$gP/WTgkIpWPTqoTI8V31U1
//重新加载配置-t,graceful
[root@xavi ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@xavi ~]# /usr/local/apache2.4/bin/apachectl graceful

2.2 绑定hosts,浏览器测试,状态码为401,curl -x127.0.0.1:80 xavi.com

[root@xavi ~]# curl -x127.0.0.1:80 xavi.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>
[root@xavi ~]# curl -x127.0.0.1:80 xavi.com -I
HTTP/1.1 401 Unauthorized
Date: Tue, 06 Mar 2018 14:50:18 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
WWW-Authenticate: Basic realm="xavi.com user auth"
Content-Type: text/html; charset=iso-8859-1

mark

mark

mark

3.curl -x127.0.0.1:80 -uaming:passwd www.123.com //状态码为200

[root@xavi ~]# curl -x127.0.0.1:80 -uxavi:xavi2018 xavi.com
xavi.com[root@xavi ~]#
[root@xavi ~]# curl -x127.0.0.1:80 -uxavi:xavi2018 xavi.com -I
HTTP/1.1 200 OK
Date: Tue, 06 Mar 2018 15:12:44 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8

xavi.com[root@xavi ~]# curl -x127.0.0.1:80 -uxavi:xavi xavi.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

4. 单个文件进行认证

4.1 在配置文件中添加以下类似内容(根据自己的目录修改):

[root@xavi ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

mark

4.2 重新加载配置-t,graceful

[root@xavi ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@xavi ~]# /usr/local/apache2.4/bin/apachectl graceful

4.3 编辑一个123.php文件,并认证

[root@xavi ~]# vim /data/wwwroot/xavi.com/123.php

mark

[root@xavi ~]# curl -x127.0.0.1:80 -uxavi:xavi2018 xavi.com/123.php
123.php[root@xavi ~]# 

10.19 域名跳转

301 域名跳转

1 配置域名跳转vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

域名跳转类似于将网页重新指向另一个网站,但区别是域名跳转会将域名本身重新指向网站,而不使用HTML或脚本来进行重新指向。当域名被设置为跳转至另一网站,域名的地址将不会保留在浏览器的URL栏中,该栏显示的会是新页面的URL。如果您希望保留该栏中的URL,则需要使用隐形跳转。

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/xavi.com"
    ServerName xavitest.com
    ServerAlias www.example.com www.xavi.com
    <IfModule mod_rewrite.c>          //需要mod_rewrite模块支持
        RewriteEngine on                   //打开rewrite功能
        RewriteCond %{HTTP_HOST} !^xavitest.com$     //定义rewrite的条件,主机名(域名)不是xavitest.com满足条件
                RewriteRule ^/(.*)$ http://xavitest.com/$1 [R=301,L]     //定义rewrite规则:当满足上面条件时才执行当前规则,即跳转到xavitest.com。状态码301表示永久跳转;302表示临时跳转。L表示last,执行一次,^表示非,(.*)表示123.php,$1表示第一个方括号
   </IfModule>

    ErrorLog "logs/xavi.example.com-error_log"
    CustomLog "logs/xavi.example.com-access_log" common
</VirtualHost>

mark

<VirtualHost *:80>

     DocumentRoot "/data/wwwroot/xavi.com"
    ServerName xavi.com
    ServerAlias www.example.com
    <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{HTTP_HOST} !^xavi.com$
        RewriteRule ^/(.*)$ http://www.xavi.com/$1 [R=301,L]
   </IfModule>

        ErrorLog "logs/xavi-error_log"
    CustomLog "logs/xavi-access_log" common
</VirtualHost>

检查错误,打开httpd服务,重新加载配置-t,graceful

[root@xavi ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
[root@xavi ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@xavi ~]# /usr/local/apache2.4/bin/apachectl graceful
httpd not running, trying to start
[root@xavi ~]# /usr/local/apache2.4/bin/apachectl start
httpd (pid 3152) already running
[root@xavi ~]# /usr/local/apache2.4/bin/apachectl graceful

2.修改httpd.conf文件

[root@xavi ~]# /usr/local/apache2.4/bin/apachectl -M |grep rewrite
[root@xavi ~]# vim /usr/local/apache2.4/conf/httpd.conf

LoadModule rewrite_module modules/mod_rewrite.so     //去掉#,以启用这个模块

mark

/usr/local/apache2/bin/apachectl -M|grep -i rewrite //若无该模块,需要编辑配置文件

[root@xavi ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@xavi ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@xavi ~]# /usr/local/apache2.4/bin/apachectl -M |grep rewrite
 rewrite_module (shared)
[root@xavi ~]# /usr/local/apache2.4/bin/apachectl graceful

3.测试跳转是否成功

mark

80端口有几个冒号就是启动了几个网卡

[root@xavi ~]# curl -x192.168.72.130:80 xavi.com
xavi.com[root@xavi ~]# curl -x192.168.122.1:80 abcd.com
this is a test[root@xavi ~]# 

curl -x192.168.122.1:80 www.example.com -I //-I可直接查看结果

[root@xavi ~]# curl -x192.168.122.1:80 www.example.com -I
HTTP/1.1 301 Moved Permanently
Date: Wed, 07 Mar 2018 13:43:47 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Location: http://www.xavi.com/
Content-Type: text/html; charset=iso-8859-1
[root@xavi ~]# curl -x192.168.122.1:80 www.example.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www.xavi.com/">here</a>.</p>
</body></html>

4.状态码总结 301,200,401

11.21 Apache访问日志

1. Apache访问日志所在位置:

[root@xavi ~]#  ls /usr/local/apache2.4/logs/
abcd-access_log      abcd-error_log  httpd.pid            xavi.com-error_log
abcd.com-access_log  access_log      xavi-access_log      xavi-error_log
abcd.com-error_log   error_log       xavi.com-access_log
[root@xavi ~]# ls /usr/local/apache2.4/logs/xavi.com-access_log
/usr/local/apache2.4/logs/xavi.com-access_log
[root@xavi ~]# cat !$

mark

2. 查看日志格式

2.1 在httpd.conf搜索LogFormat

[root@xavi ~]# vim /usr/local/apache2.4/conf/httpd.conf
<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>

combined和common两种格式,默认使用common格式,Referer上一条访问的网址.

3. 更改日志的格式为combined

[root@xavi ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{HTTP_HOST} !^xavi.com$
        RewriteRule ^/(.*)$ http://www.xavi.com/$1 [R=301,L]
   </IfModule>

        ErrorLog "logs/xavi-error_log"
    CustomLog "logs/xavi-access_log" combined
</VirtualHost>

mark

查看日志文件:cat /usr/local/apache2.4/logs/xavi-access_log

之前未找到原因日志变化的原因是写错了访问名

[root@xavi ~]# cat /usr/local/apache2.4/logs/xavi-access_log