Инструменты пользователя

Инструменты сайта


сервис_http

Содержание

Сервис HTTP

URL

<схема>://<логин>:<пароль>@<хост>:<порт>/<URL‐путь>?<параметры>#<якорь>

Пример HTTP диалога

# nc -C ya.ru 80

# telnet ya.ru 80
GET / HTTP/1.1
Host: ya.ru
Accept-Encoding: gzip, deflate

Примеры HTML

Статический документ

# cat index.html
<HTML>
  <HEAD>
    <META HTTP-EQUIV="Refresh" CONTENT="4;URL=http://google.ru">
    <META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=UTF-8">
  </HEAD>
  <BODY>
    <!--
      THis is comment
    -->
    <H1>Go to Google</H1>
    <A HREF=http://freebsd.org/>
    <IMG SRC=http://www.freebsd.org/logo/logo-full.png>
    </A> 
  </BODY>
</HTML>

Форма

# mkdir /var/www/html/asterisk/

# cat /var/www/html/asterisk/index.html
<html>
<body>
  <h1>Enter phone number</h1>
  <form action=call.php>
    <input name=phone>
    <input value="Call me" type=submit>
  </form>
</body>
</html>

Установка и запуск сервера Apache

Debian/Ubuntu

root@server:~# apt install apache2

FreeBSD

[server:~] # pkg install apache24

[server:~] # sysrc apache24_enable=yes

[server:~] # service apache24 start

CentOS

[root@server ~]# yum install httpd

[root@server ~]# systemctl status httpd

Windows

Базовая конфигурация

Свойство Indexes каталогов

FreeBSD

[server:~] # rm /usr/local/www/apache24/data/index.html

[server:~] # cp /etc/hosts /usr/local/www/apache24/data/

[server:~] # rcsdiff /usr/local/etc/apache24/httpd.conf
389c389

Debian/Ubuntu

root@server:~# DOCROOT='/var/www/html'

root@server:~# rm $DOCROOT/index.html

root@server:~# cp /etc/hosts $DOCROOT

root@server:~# rcsdiff /etc/apache2/sites-available/default

root@server:~# rcsdiff /etc/apache2/sites-available/*default.conf
11c11

FreeBSD/Ubintu

<     Options Indexes FollowSymLinks 
---
>     Options FollowSymLinks 

Использование алиасов

Alias /share "/usr/share/"

<Directory "/usr/share/">
  Options Indexes FollowSymLinks
  AllowOverride All
  Require all granted
  Allow from all
</Directory>

FreeBSD

[server:~] # cat /usr/local/etc/apache24/httpd.conf
...
Include etc/apache24/extra/httpd-manual.conf
...

http://www.corpX.un/manual/

Debian/Ubuntu

root@server:~# cat /etc/apache2/sites-available/default

root@server:~# cat /etc/apache2/sites-available/*default.conf
...
    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
#        Order deny,allow
#        Deny from all
#        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>
... 

Использование домашних каталогов

FreeBSD

[server:~] # cat /usr/local/etc/apache24/httpd.conf
...
LoadModule userdir_module libexec/apache24/mod_userdir.so
...
Include etc/apache24/extra/httpd-userdir.conf
...

Debian/Ubuntu

root@server:~# a2enmod userdir

root@server:~# service apache2 restart

FreeBSD/Ubuntu

server# mkdir ~user1/public_html/

server# cat ~user1/public_html/index.html
<h1>Hello World from user1</h1>

server# chown -R user1 ~user1/public_html/

Использование виртуальных хостов

FreeBSD

[server:~] # cat /usr/local/etc/apache24/extra/httpd-vhosts.conf
<VirtualHost *>
    DocumentRoot /usr/local/www/apache24/data/
</VirtualHost>

<VirtualHost *>
    ServerName user1.corpX.un
#    ServerAlias www.user1.corpX.un
    DocumentRoot /home/user1/public_html/
</VirtualHost>
[server:~] # cat /usr/local/etc/apache24/httpd.conf
...
LoadModule vhost_alias_module libexec/apache24/mod_vhost_alias.so
...
Include etc/apache24/extra/httpd-vhosts.conf
...

Debian/Ubuntu

root@server:~# cat /etc/apache2/sites-available/user1.conf
<VirtualHost *:80>
     ServerName user1.corpX.un
#    ServerAlias www.user1.corpX.un
     DocumentRoot /home/user1/public_html
</VirtualHost>
root@server:~# a2ensite user1

Использование директивы Redirect

Debian/Ubuntu

root@lan:~# cat /etc/apache2/sites-available/default
#...
  Redirect permanent / https://lan.corpX.un/
#... 

FreeBSD



Сокрытие версии сервиса

Debian/Ubuntu

# cat /etc/apache2/conf-enabled/security.conf
...
ServerTokens Prod
...
ServerSignature Off
...
/etc/init.d/apache2 restart

FreeBSD

# cat /usr/local/etc/apache24/extra/httpd-default.conf
...
ServerTokens Prod
...
ServerSignature Off
...
# cat /usr/local/etc/apache24/httpd.conf
...
Include etc/apache22/extra/httpd-default.conf
...
# /usr/local/etc/rc.d/apache24 restart

SSI интерфейс сервера

Debian/Ubuntu

# a2enmod include

# cat /etc/apache2/sites-available/000-default.conf
...
        <Directory /var/www/html/asterisk/>
             Options +Includes
             DirectoryIndex index.shtml
...
        </Directory>
...
# cat /var/www/html/asterisk/index.shtml
...
  <h1>Your ip address: <!--#echo var="REMOTE_ADDR" --><h1>
  <h1>Your login is: <!--#echo var="REMOTE_USER" --><h1>
<!--#if expr='-R "172.16.48.0/22"' -->
...
<!--#endif -->
...

CGI интерфейс сервера

ScriptAlias

Debian/Ubuntu

root@server:~# a2enmod cgid

root@server:~# cd /usr/lib/cgi-bin/

FreeBSD

[server:~] # cat /usr/local/etc/apache24/httpd.conf
...
LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so
...
<IfModule mpm_prefork_module>
        LoadModule cgi_module libexec/apache24/mod_cgi.so
</IfModule>
...
[server:~] # cd /usr/local/www/apache24/cgi-bin/

Пример скрипта CGI

server# cat test-cgi
#!/bin/sh

echo Content-type: text/plain
echo

echo Hello $REMOTE_ADDR
echo You type: $QUERY_STRING

env
server# chmod 755 test-cgi

Свойство ExecCGI каталогов

FreeBSD

[server:~] # rcsdiff /usr/local/etc/apache24/extra/httpd-userdir.conf
18c18,19
<     Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
---
>     Options ExecCGI MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
>     AddHandler cgi-script .cgi

Ubuntu

root@server:~# rcsdiff /etc/apache2/sites-available/default
11c11,12
<               Options FollowSymLinks MultiViews
---
>               Options ExecCGI FollowSymLinks MultiViews
>               AddHandler cgi-script .cgi .pl

FreeBSD/Ubuntu

server# cd ~user1/public_html/

server# cat test.cgi
#!/bin/sh

echo Content-type: text/plain
echo

echo Hello $REMOTE_ADDR
echo You type: $QUERY_STRING
server# chmod +x test.cgi

Проверки

Управление модулями http сервера

# apachectl -t -D DUMP_MODULES

Модуль php

Debian/Ubuntu

root@server:~# apt install libapache2-mod-php

root@server:~# ls /etc/apache2/mods-enabled/ | grep php
...

root@server:~# cd /var/www/html

FreeBSD

[server:~] # pkg install mod_php56 php56
[server:~] # cat /usr/local/etc/apache24/httpd.conf
...
LoadModule php5_module        libexec/apache2?/libphp5.so
...
<IfModule dir_module>
    DirectoryIndex index.html index.php
...
<IfModule mime_module>
    AddType application/x-httpd-php .php
...
[server:~] # service apache24 restart

[server:~] # cd /usr/local/www/apache24/data/

Windows

Вариант 1

Вариант 2

http://windows.php.net/download/

  • Модуль Apache только в много поточной версии
  • Версия Apache должна совпадать
C:\>notepad++ Apache22\conf\httpd.conf
...
LoadModule php5_module C:\php\php5apache2_2.dll
...
<IfModule dir_module>
    DirectoryIndex index.html index.php
...
<IfModule mime_module>
    AddType application/x-httpd-php .php
...

Настройка

FreeBSD/Ubuntu/Windows

Поддержка протокола HTTPS

FreeBSD

# cat /usr/local/etc/apache24/httpd.conf
...
LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so
...
LoadModule ssl_module libexec/apache24/mod_ssl.so
...
Include etc/apache24/extra/httpd-ssl.conf
...
# cat /usr/local/etc/apache24/extra/httpd-ssl.conf
...
ServerName www.corpX.un:443
ServerAdmin noc@corpX.un
...
#SSLProtocol All -SSLv2 -SSLv3
...
SSLCertificateFile "/root/www.crt"
...
SSLCertificateKeyFile "/root/www.key"
...

Debian/Ubuntu

# a2enmod ssl

# cat /etc/apache2/sites-available/default-ssl*
...
       SSLCertificateFile    /root/www.crt
       SSLCertificateKeyFile /root/www.key
...
       # SSLProtocol All -SSLv2 -SSLv3
...
# a2ensite default-ssl

# service apache2 restart

Управление доступом к HTTP серверу

Управление доступом к HTTP серверу на основе сетевых адресов

Debian/Ubuntu

root@server:~# cat /etc/apache2/sites-available/000-default*
...
        <Directory /var/www/html>
                Order Deny,Allow
                Deny from all
                Allow from 192.168.X.0/24
                Allow from 127.0.0.1
        </Directory>

...

FreeBSD

[server:~] # cat /usr/local/etc/apache24/httpd.conf
...
DocumentRoot "/usr/local/www/apache24/data"
<Directory "/usr/local/www/apache24/data">
        Order Deny,Allow
        Deny from all
        Allow from 192.168.X.0/24
        Allow from 127.0.0.1
...

Управление доступом к HTTP серверу на основе Basic аутентификации

Debian/Ubuntu/FreeBSD

# touch /etc/http_passwd

# htpasswd /etc/http_passwd user1
New password: password1
...

# htpasswd /etc/http_passwd 401
New password: password1
...

# cat /etc/http_passwd
...

# cat /etc/http_group
group1: user1 user2
# htpasswd -D /etc/http_passwd user1

Debian/Ubuntu

root@server:~# cat /etc/apache2/sites-available/000-default.conf
...
        <Directory /var/www/html/asterisk>
#            AllowOverride AuthConfig

#            AuthType Basic
#            AuthName "Require Auth"
#            AuthUserFile /etc/http_passwd
#            Require valid-user
#            Require user user1 user2
#            AuthGroupFile /etc/http_group
#            Require group group1
        </Directory>
...

FreeBSD

[server:~] # cat /usr/local/etc/apache24/extra/httpd-vhosts.conf
...
    <Directory /usr/local/www/apache24/data/asterisk>
#            AllowOverride AuthConfig

#            AuthType Basic
#            AuthName "Require Auth"
#            AuthUserFile /etc/http_passwd
#            Require valid-user
#            Require user user1 user2
#            AuthGroupFile /etc/http_group
#            Require group group1
    </Directory>
...

Debian/Ubuntu/FreeBSD

# cat asterisk/.htaccess
AuthType Basic
AuthName "Require Auth"
AuthUserFile /etc/http_passwd
Require user 401 402

Управление доступом к HTTP серверу на основе сертификатов

Debian/Ubuntu

# cat /etc/apache2/sites-available/default-ssl*
...
       DocumentRoot /var/www/html
       <Directory /var/www/html/>
#               SSLRequire %{SSL_CLIENT_S_DN_CN}  in {"user1","user2"}
#               SSLRequire %{SSL_CLIENT_S_DN_OU}  eq "group1"
       </Directory> 
...
       SSLCertificateFile /root/www.crt
       SSLCertificateKeyFile /root/www.key
...
       SSLCACertificateFile /root/ca.crt
...
       #SSLCARevocationFile /root/ca.crl
...
       SSLVerifyClient require 
... 

FreeBSD

# cat /usr/local/etc/apache24/extra/httpd-ssl.conf
...
<Directory "/usr/local/www/apache24/data">
#               SSLRequire %{SSL_CLIENT_S_DN_CN}  in {"user1","user2"}
#               SSLRequire %{SSL_CLIENT_S_DN_OU}  eq "group1"
</Directory>
...
SSLCertificateFile "/root/www.crt"
...
SSLCertificateKeyFile "/root/www.key"
...
SSLCACertificateFile "/root/ca.crt"
...
#SSLCARevocationFile "/root/ca.crl"
...
SSLVerifyClient require
...

Управление доступом к HTTP серверу с использованием GSSAPI аутентификации

Ubuntu

# apt-get install libapache2-mod-auth-kerb

# cat /etc/apache2/sites-available/default
...
        <Directory />
                AuthType Kerberos
                KrbMethodK5Passwd off
                KrbMethodNegotiate on
                Require valid-user
...

FreeBSD

# pkg_add -r mod_auth_kerb2

или

# cd /usr/ports/www/mod_auth_kerb2/

# make configure

# cat work/mod_auth_kerb-5.4/Makefile
...
#KRB5_LDFLAGS = -L/usr/lib -lgssapi -lheimntlm -lkrb5 -lhx509 -lcom_err -lcrypto -lasn1 -lroken -lcrypt
KRB5_LDFLAGS = -L/usr/lib -lgssapi_krb5 -lgssapi -lheimntlm -lkrb5 -lhx509 -lcom_err -lcrypto -lasn1 -lroken -lcrypt

# make install clean

# cat /usr/local/etc/apache22/httpd.conf
...
LoadModule auth_kerb_module    modules/mod_auth_kerb.so
...
<Directory />
    AuthType Kerberos
    KrbMethodK5Passwd off
    KrbMethodNegotiate on
    Require valid-user
...

Firefox

Протокол WebDAV

Ubuntu

# a2enmod dav

# a2enmod dav_fs

# mkdir /var/www/share
# chown www-data /var/www/share

# cat /etc/apache2/sites-available/default
...
Alias /share /var/www/share

<Directory /var/www/share>
    Options Indexes
    DAV On
    Order allow,deny
    allow from all
</Directory>
...
# service apache2 restart

NGINX

сервис_http.txt · Последние изменения: 2019/04/05 10:25 — val