httpd-2.4 功能生動實現 （Blog 13）

概述

超文本：用超文本格式標簽組織的文本
超文本標簽：類似于<font=, <color=, <h1>, <body>, <title>
超鏈接：點擊后，可以引用到另一個文檔；

http協議：Hyper Text Transfer Protocol，超文本傳輸協議
MIME(Multipurpose多目的 Internet Mail Extension)：將非文本信息編碼為文本格式，傳送到目的端可以還原成還有格式；
HTTP/1.1：引入MIME，支持長連接，最為廣泛使用；

http協議開源實現：httpd(ASF:apache Software Fundation)，nginx，lighttpd

內核中內存中找一段內存空間，記錄了客戶端ip,port,服務器端的ip,port：連接什么時候建立，什么時候斷開；映射為一個socket文件：

一次完整的httpd協議請求；

為了解決c10k問題引入并發響應模型

并發響應模型：

單進程：串行響應請求；
多進程：兩級結構；主控進程接收請求；每個子進程串行處理、響應請求；
復用單進程I/O模型：兩級結構；
多線程: 一個進程內生成N個線程，每個線程串行處理、響應請求；
event: 一個進程內只能有一個(執行流)線程，此進程并行響應N個請求；
多進程多線程模型：三級結構
啟動多個進程，每個進程生成N個線程；每個線程串行響應請求；

http2.4

高度模塊化且支持動態裝卸載
支持多種MPM

MPM：

event 生產可用；二級結構；主控進程管理子進程,子進程基于event機制并行響應請求;
prefork 多進程模型：二級結構; 主控進程管理子進程,子進程串行響應請求;
worker: 三級模型；主控進程管理子進程,子進程管理線程,每個線程串行響應請求;

安裝使用httpd

不建議編譯安裝，C7默認自帶httpd-2.4

1、獲取程序

yum list all httpd*
可安裝的軟件包
httpd.x86_64
httpd-devel.x86_64 <– 二次開發的庫
httpd-manual.noarch
httpd-tools.x86_64 <– 測試工具

2、獲取程序包的功能性描述

[root@localhost ~]# yum info httpd
已加載插件：fastestmirror, langpacks
Loading mirror speeds from cached hostfile
可安裝的軟件包 <– 程序包是否安裝
版本 ：2.4.6 <– 程序包的版本
源 ：base <– 程序包所在的源
簡介 ： Apache HTTP Server
描述 ： The Apache HTTP Server is a powerful, efficient, and extensible
: web server.

3、安裝程序包

yum -y install httpd httpd-tools

4、查看生成的文件：rpm -ql

FHS規范可知：
/etc下的是配置
/usr/lib/是庫(公共功能性程序 或 模塊)
/var/下是可變數據, 例如：log日志；

rpm -ql httpd
/etc/httpd/conf 主配置
/etc/httpd/conf.d 模塊化配置
/var/www/html URL路徑映射的路徑；

5、啟動服務

C7: systemctl start httpd.service
C6: service httpd start

6、查看80端口是否監聽
ss -tnl

7、測試訪問：
C7: Testing 123..
C6: Apache 2 Test Page

注意以下的C7：172.16.0.8, C6: 172.16.0.16

（1） 什么是/var/www/html URL路徑映射的目錄？

on 7

[root@localhost ~]# mv /etc/httpd/conf.d/welcome.conf{,.bak}
[root@localhost ~]# systemctl restart httpd.service
將測試訪問的歡迎頁移除：

再次測試，可以看見以下內容，處于根之下：也就是處于/var/www/html目錄下。其實可以驗證；
Index of /

[ICO] Name Last modified Size Description

將/etc/fstab文件復制到/var/www/html目錄中，刷新瀏覽器如果出現fstab文件，則可以說明確實在此目錄中；

[root@localhost ~]# cp /etc/fstab /var/www/html
Index of /

[ICO] Name Last modified Size Description
[ ] fstab 2017-11-30 18:55 541

注意: 將文件復制到/var/www/html目錄下, 訪問時就在/下說明，URL的資源路徑的根 是 映射到文件系統路徑/var/www/html路徑;

例如：
訪問http://172.16.0.8/ –> 其實就是訪問 /var/www/html
http://172.16.0.8/images –> /var/www/html/images

on 6

[root@localhost ~]# vim /var/www/html/index.html
test page

訪問的結果
test page

（3）如何離線使用手冊？注意首頁的右上腳有Directives，點開為指令的首字母的縮寫；

yum install httpd-manual
rpm -ql httpd-manual | less
/etc/httpd/conf.d/manual.conf
cat /etc/httpd/conf.d/manual.conf
AliasMatch ^/manual(?:/(?:de|en|fr|ja|ko|ru))?(/.*)?$ “/var/www/manual$1” <– 訪問方式

<Directory “/var/www/manual”>
Options Indexes
AllowOverride None
Order allow,deny
Allow from all
</Directory>

# service httpd restart
測試訪問： http://172.16.0.16/manual/

httpd功能? 運行特性；通過一些選項即可啟用；

CGI：支持動態網站接口
虛擬主機：一臺主機提供多個網頁
反向代理：代理性能沒有被認可；
負載均衡
路徑別名
豐富用戶認證
支持第三方模塊

（4）服務器是創建、綁定、監聽在某個socket之上，如何添加或刪除監聽的端口？

Listen [IP-address:]portnumber [protocol]
接受所有地址的連接
Listen 80
Listen 8000
接受指定地址的連接
Listen 192.170.2.1:80
Listen 192.170.2.5:8000

添加端口
[root@localhost ~]# vim /etc/httpd/conf.d/port.conf
Listen 10080
[root@localhost ~]# httpd -t

[root@localhost ~]# systemctl restart httpd.service
[root@localhost ~]# ss -tnl

移除端口
[root@localhost ~]# rm -f /etc/httpd/conf.d/port.conf
[root@localhost ~]# systemctl restart httpd.service

配置文件格式

#注釋
</> </> 配置塊 或 容器，其中配置生效范圍為此塊描述的范圍；
<Directory /> 表示對/目錄下所有內容的配置
AllowOverride none
Require all denied
</Directory>

<IfModule dir_module> 如果此模塊存在時，表示配置生效；
DirectoryIndex index.html
</IfModule>

IncludeOptional conf.d/*.conf 加載配置

（5）保持連接

網頁：多個資源單獨請求，每次建立連接，拆除連接；
保持連接；多個資源單獨請求，第一次建立連接，傳輸完成后再拆除連接；
(建立 –> 請求 –> 處理 –> 加載 –> 響應 –> 關閉)
劣勢：建立后不會釋放連接；后面的人不能訪問；
KeepAlive On|Off (Default: KeepAlive On)
KeepAliveTimeout num[ms] <– 2.4支持ms級別,默認為s;
MaxKeepAliveRequests number

測試默認連接狀態:
on 7

[root@localhost ~]# systemctl restart httpd.service
[root@localhost ~]# vim /var/www/html/index.html
test page
[root@localhost ~]# yum -y -q install telnet
[root@localhost ~]# telnet 172.16.0.8 80
Trying 172.16.0.8…
Connected to 172.16.0.8.
Escape character is ‘^]’.
GET /index.html HTTP/1.1
Host: 172.16.0.8

HTTP/1.1 200 OK
Date: Thu, 30 Nov 2017 11:32:53 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Thu, 30 Nov 2017 11:32:08 GMT
ETag: “a-55f319a37a8bd”
Accept-Ranges: bytes
Content-Length: 10
Content-Type: text/html; charset=UTF-8

test page
<– 注意此處不會斷開連接;

關閉KeepAlive功能再測試:

[root@localhost ~]# vim /etc/httpd/conf.d/keepalive.conf
KeepAlive off
[root@localhost ~]# systemctl restart httpd.service

[root@localhost ~]# telnet 172.16.0.8 80
Trying 172.16.0.8…
Connected to 172.16.0.8.
Escape character is ‘^]’.
GET /index.html HTTP/1.1
Host: 172.16.0.8

HTTP/1.1 200 OK
Date: Thu, 30 Nov 2017 11:34:43 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Thu, 30 Nov 2017 11:32:08 GMT
ETag: “a-55f319a37a8bd”
Accept-Ranges: bytes
Content-Length: 10
Connection: close
Content-Type: text/html; charset=UTF-8

test page
Connection closed by foreign host. <— 立即斷開
[root@localhost ~]#

啟用此功能:

[root@localhost ~]# vim /etc/httpd/conf.d/keepalive.conf
KeepAlive off
KeepAliveTimeout 30
MaxKeepAliveRequests 100
[root@localhost ~]# systemctl restart httpd.service

（6）切換MPM

C6 MPM是編譯進核心
C7 MPM是動態裝卸載
查看所有模塊：httpd -M
查看編譯進核心的模塊：httpd -l

on 6

[root@localhost ~]# httpd.worker -l
Compiled in modules:
core.c
worker.c
http_core.c
mod_so.c
[root@localhost ~]# httpd -l
Compiled in modules:
core.c
prefork.c
http_core.c
mod_so.c
[root@localhost ~]# httpd.event -l
Compiled in modules:
core.c
event.c
http_core.c
mod_so.c

切換MPM

[root@localhost ~]# vim /etc/sysconfig/httpd
#HTTPD=/usr/sbin/httpd.worker <–在此行下添加如下指令
HTTPD=/usr/sbin/httpd.worker
[root@localhost ~]# service httpd restart; watch -n0.1 ‘ps axu | fgrep httpd’
然后用此命令即可查看此work模塊的配置驗證；
<IfModule worker.c> <– 裝載此模塊時應用容器中的描述的配置
StartServers 4 <– 啟動服務時，先啟動4個進程
MaxClients 300 <– 并發數
MinSpareThreads 25 <– 最小空閑線程數
MaxSpareThreads 75 <– 最大空閑線程數
ThreadsPerChild 25 <– 每個進程的線程數；啟動4個100個線程，最大75個所以會銷毀一個；
MaxRequestsPerChild 0 <– 單個進程最大請求數，無限制；
</IfModule>

<IfModule prefork.c> <– 裝載此模塊時應用容器中的描述的配置
StartServers 8 <– 啟用服務時，預啟動8個進程；
MinSpareServers 5 <– 最小空閑進程數；
MaxSpareServers 20 <– 最大空閑進程數；
ServerLimit 256 <– 服務器生命周期內,MaxClients的最大值；一般相等；
MaxClients 256 <– 最大并發數；
MaxRequestsPerChild 4000 <– 單個進程的最大處理請求數；到達最大值時，會被銷毀；
</IfModule>

apache 14676 0.0 0.5 519860 5356 ? Sl 23:52 0:00 /usr/sbin/httpd.worker

修改為event模型：
[root@localhost ~]# vim /etc/sysconfig/httpd
#HTTPD=/usr/sbin/httpd.worker
HTTPD=/usr/sbin/httpd.event
# service httpd restart
# ps axu | fgrep httpd

on 7

[root@localhost ~]# httpd -M | fgrep mpm
mpm_prefork_module (shared)
[root@localhost ~]# httpd -l
Compiled in modules:
core.c
mod_so.c
http_core.c

查看當前模型：
ps axu
修改模型：2.4沒有編譯進核心，故而只需要裝載模塊即可；
[root@localhost ~]# vim /etc/httpd/conf.modules.d/00-mpm.conf
LoadModule mpm_event_module modules/mod_mpm_event.so
[root@localhost ~]# systemctl restart httpd.service
[root@localhost ~]# httpd -M | fgrep ev
mpm_event_module (shared)

（7）DSO 模塊的動態裝載和卸載；

格式：LoadModule module filename
filename相對于httpd的根目錄(ServerRoot)起始；
[root@localhost ~]# fgrep ServerRoot /etc/httpd/conf/httpd.conf
ServerRoot “/etc/httpd”
[root@localhost ~]# ls -l /etc/httpd/
總用量 0
drwxr-xr-x 2 root root 35 11月 30 19:28 conf
drwxr-xr-x 2 root root 121 11月 30 19:35 conf.d
drwxr-xr-x 2 root root 139 11月 30 19:59 conf.modules.d
lrwxrwxrwx 1 root root 19 11月 30 18:46 logs -> ../../var/log/httpd
lrwxrwxrwx 1 root root 29 11月 30 18:46 modules -> ../../usr/lib64/httpd/modules
lrwxrwxrwx 1 root root 10 11月 30 18:46 run -> /run/httpd

注意：modules -> ../../usr/lib64/httpd/modules

例如：LoadModule status_module modules/mod_status.so

[root@localhost ~]# httpd -M
proxy_fdpass_module (shared)
proxy_ftp_module (shared) <– 例如此模塊；
proxy_http_module (shared)

[root@localhost ~]# vim /etc/httpd/conf.modules.d/00-proxy.conf
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
[root@localhost ~]# systemctl restart httpd.service

再次獲?。簺]有 proxy_ftp_module 模塊
[root@localhost ~]# httpd -M

（8）DocumentRoot 和 別名

格式： DocumentRoot directory-path
URL 路徑與 文件系統 路徑不是等同的，而是存在一種映射關系；
例如：http://172.16.0.8/ –> /var/www/html

on 7 DocumentRoot

[root@localhost ~]# mkdir -pv /data/web/www
[root@localhost ~]# echo “<h1>Main Server</h1>” > /data/web/www/index.html
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
#DocumentRoot “/var/www/html” <– 注釋原來的行，在下附加一行
DocumentRoot “/data/web/www”
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

測試：
You don’t have permission to access / on this server.

CentOS 7限制嚴格，對目錄沒有顯式授權不能訪問目錄下的文件：
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
#<Directory “/var/www”> <– 注釋原來的行，在下附加一行
<Directory “/data/web/www”>
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

測試：
Main Server

on 6 DocumentRoot

[root@localhost ~]# mkdir -pv /data/web/www
[root@localhost ~]# echo “<h1>Main Server</h1>” > /data/web/www/index.html
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
#DocumentRoot “/var/www/html” <– 注釋原來的行，在下附加一行
DocumentRoot “/data/web/www”
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

測試：
Main Server

格式：Alias URL-path file-path|directory-path
定義方法例如：
Alias /image/ /ftp/pub/image/
<Directory /ftp/pub/image>
Require all granted
</Directory>

on 7 Alias

[root@localhost ~]# find /usr/share -iname “*.jpg”
/usr/share/backgrounds/morning.jpg <– 不在DocumentRoot定義的目錄下
/usr/share/backgrounds/night.jpg
/usr/share/backgrounds/day.jpg
/usr/share/backgrounds/default.jpg

[root@localhost ~]# mkdir /data/web/www/images
[root@localhost ~]# echo “<h1>images</h1>” > /data/web/www/images/index.html
訪問：http://172.16.0.8/images/
images

添加別名: 添加在此容器中
<IfModule alias_module>
#
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
#
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
Alias /images/ “/usr/share/backgrounds/”
</IfModule>

[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

測試:
You don’t have permission to access /images/ on this server.

給目錄授權: 并支持索引;
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
<Directory “/usr/share/backgrounds/”>
AllowOverride None
Options Indexes FollowSymLinks
Require all granted
</Directory>
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

測試:http://172.16.0.8/images/

Index of /images
[ICO] Name Last modified Size Description
[PARENTDIR] Parent Directory –
[IMG] 7lines-bottom.png 2014-06-11 00:55 6.7M
[IMG] 7lines-top.png 2014-06-11 00:54 6.7M
[IMG] day.jpg 2014-06-11 00:19 939K
[IMG] default.jpg 2014-06-11 00:19 939K
[IMG] default.png 2014-03-08 13:32 2.6M
[TXT] default.xml 2014-06-11 00:19 1.5K
[IMG] morning.jpg 2014-06-11 00:19 957K
[IMG] night.jpg 2014-06-11 00:19 556K

注釋alias
# Alias /images/ “/usr/share/backgrounds/”
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service
測試:http://172.16.0.8/images/
images

on 6 Alias

[root@localhost ~]# find /usr/share -iname “*.jpg”
/usr/share/backgrounds/centos_1920x1200_logoonly.jpg
/usr/share/backgrounds/simple_waves.jpg
/usr/share/backgrounds/centos_2048x1536_logoonly.jpg
/usr/share/wallpapers/CentOS6/contents/images/simple_waves.jpg
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
Alias /images/ “/usr/share/wallpapers/CentOS6/contents/images/”
[root@localhost ~]# httpd -t
[root@localhost ~]# service httpd restart

測試訪問:
http://172.16.0.16/images/simple_waves.jpg

（9）訪問控制

文件系統路徑
Directory匹配目錄;
File 匹配文件,glob;
FileMatch “PATTERN” 匹配文件，正則表達式；
URL路徑
Location URL控制,glob；
LocationMatch “PATTERN”
來源地址
協議認證：basic, digest

來源地址：

CentOS 6:

order allow,deny 在后的默認行為；此處表示默認所有拒絕；
Allow from 地址
Deny from 地址
地址：
all：所有
單個主機
一個網絡：例如172.16.0.0/16
172.16
172.16.0.0/16

僅允許172.16.0.179主機訪問：
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
<Directory “/data/web/www”>
Order allow,deny
Allow from 172.16.0.179
</Directory>
[root@localhost ~]# httpd -t
[root@localhost ~]# service httpd restart
179測試：http://172.16.0.16/
通過：
100測試：http://172.16.0.16/
只能看到主頁

允許172.16.0.0網絡訪問，但拒絕172.16.0.179訪問：
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
<Directory “/data/web/www”>
Order allow,deny
Deny from 172.16.0.179
Allow from 172.16.0.0
</Directory>
[root@localhost ~]# httpd -t
[root@localhost ~]# service httpd restart
179測試：http://172.16.0.16/
只能看到主頁
100測試：http://172.16.0.16/
通過：

CentOS 7

Require all granted 所有通過
基于IP地址控制
Require ip ip地址或網絡地址
Require not ip ip地址或網絡地址
基于HOST訪問控制
Require host 主機名或域名
Require not host 主機名或域名

在c6訪問c7
[root@localhost ~]# curl http://172.16.0.8
<h1>Main Server</h1>

配置c7
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
<RequireAll>
Require not ip 172.16.0.16
Require ip 172.16
</RequireAll>
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

在c6訪問c7
[root@localhost ~]# curl http://172.16.0.8
<!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”>
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don’t have permission to access /
on this server.</p>
</body></html>

在179訪問：http://172.16.0.8/
沒有問題

（10）Options指令

注意：不定義時會繼承上級目錄的特性
Indexes：指明的URL路徑下不存在與定義的主頁面資源相符的資源文件時，返回索引列表給用戶；
FollowSymLinks：允許跟蹤符號鏈接文件所指向的源文件；

[root@localhost ~]# rm -f /data/web/www/images/index.html
[root@localhost ~]# find /usr/share -iname “*.jpg” -exec cp {} /data/web/www/images/ \;

主機可以訪問；http://172.16.0.8/images/ <– 默認開啟索引

[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
<Directory “/data/web/www”>
Options FollowSymLinks
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

測試：http://172.16.0.8/images/
You don’t have permission to access /images/ on this server.

[root@localhost ~]# ln -s /etc/init.d /data/web/www/images/init.d
測試：http://172.16.0.8/images/init.d可以訪問
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
Options Indexes
httpd -t
systemctl restart httpd.service

http://172.16.0.8/images/init.d
You don’t have permission to access /images/init.d on this server.

安全配置:
Options None

（11）日志定義 (Log Files –> format strings.)

# CustomLog with format nickname
LogFormat “%h %l %u %t \”%r\” %>s %b” common
CustomLog logs/access_log common

宏定義
%h 客戶端主機名；但不會反解；
%l 客戶端登陸名；一般不用；- 表示沒有登陸
%u 認證登陸的用戶名； – 表示沒有認證登陸；
%t 時間
\”\” 顯示引號自身
%r 請求報文首部：method URL VERSION
%s 狀態碼，2成功，4客戶端錯誤請求，5服務器錯誤響應
%s? 重定向前的狀態碼
%>s 重定向后的狀態碼

%b 響應報文大小，- 表示沒有大小
%{VARNAME}i 記錄請求報文固定首部的值；
www.sohu.com
referer 從哪個頁面跳轉至當前頁面；
user-agent 客戶端瀏覽器類型：分析客戶端安裝率和打開率；

（12）認證登陸

[root@localhost ~]# mkdir /data/web/www/admin
[root@localhost ~]# echo “Admin” > /data/web/www/admin/index.html
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

測試訪問：
[root@localhost ~]# curl http://172.16.0.8/admin/index.html
Admin

<Directory “/data/web/www/admin”>
Options None
AllowOverride None
AuthType basic
AuthName “Admin Area,plz enter…”
AuthUserFile “conf.d/.htpasswd”
Require user tom
</Directory>

[root@localhost ~]# rpm -ql httpd-tools
/usr/bin/htpasswd
[root@localhost ~]# htpasswd -b -c -m /etc/httpd/conf.d/.htpasswd tom magedu
[root@localhost ~]# htpasswd -b -m /etc/httpd/conf.d/.htpasswd jerry magedu
[root@localhost ~]# htpasswd -b -m /etc/httpd/conf.d/.htpasswd obama magedu
[root@localhost ~]# cat /etc/httpd/conf.d/.htpasswd
tom:$apr1$3W8NfD2u$f..08fp9fG6/gOgblC3PE1
jerry:$apr1$pHPm7ofr$YNQG583Ym6cEVVjsSd86f.
obama:$apr1$.eXRI5nE$AsFZA6vjFwRWEBPiqHF6o0
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service
Request Headers中定義了
Authorization:Basic dG9tOm1hZ2VkdQ==

[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
<Directory “/data/web/www/admin”>
Options None
AllowOverride None
AuthType basic
AuthName “Admin Area,plz enter…”
AuthUserFile “conf.d/.htpasswd”
AuthGROUPFile “conf.d/.grppasswd”
Require group mygrp
</Directory>
[root@localhost ~]# vim /etc/httpd/conf.d/.grppasswd
mygrp: obama jerry
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

（13）虛擬主機

C7直接添加；
C6 需要添加指令：NameVirtualHost *:80, 注釋中心主機

c7

基于IP的虛擬主機；
添加ip地址
[root@localhost ~]# ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
inet 172.16.0.8/16 brd 172.16.255.255 scope global eno16777736
valid_lft forever preferred_lft forever

[root@localhost ~]# ip addr add 172.16.100.8/16 dev eno16777736

[root@localhost ~]# ip a l
inet 172.16.0.8/16 brd 172.16.255.255 scope global eno16777736
valid_lft forever preferred_lft forever
inet 172.16.100.8/16 scope global secondary eno16777736

創建文檔目錄及生成主頁面
[root@localhost ~]# mkdir -pv /data/web/www/{ilinux,iunix}
[root@localhost ~]# echo “<h1>ilinux.io</h1>” > /data/web/www/ilinux/index.html
[root@localhost ~]# echo “<h1>iunix.io</h1>” > /data/web/www/iunix/index.html

配置基于IP的虛擬主機
[root@localhost ~]# vim /etc/httpd/conf.d/ilinux.conf
<VirtualHost 172.16.0.8:80>
ServerName www.ilinux.io
DocumentRoot “/data/web/www/ilinux”
<Directory “/data/web/www/ilinux”>
Options None
AllowOverride None
Require all granted
</Directory>
CustomLog logs/ilinux_access_log combined
</VirtualHost>

[root@localhost ~]# cp /etc/httpd/conf.d/ilinux.conf /etc/httpd/conf.d/iunix.conf
[root@localhost ~]# vim /etc/httpd/conf.d/iunix.conf
<VirtualHost 172.16.0.8:80>
ServerName www.ilinux.io
DocumentRoot “/data/web/www/ilinux”
<Directory “/data/web/www/ilinux”>
Options None
AllowOverride None
Require all granted
</Directory>
CustomLog logs/ilinux_access_log combined
ErrorLog logs/iunix_error_log
</VirtualHost>

注意：僅需執行 :%s@ilinux@iunix@g 和 修改IP

[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

測試訪問：
OK…
[root@localhost ~]# ip addr del 172.16.100.8/16 dev eno16777736
[root@localhost ~]# ip addr a l

配置基于PORT的虛擬主機

[root@localhost ~]# vim /etc/httpd/conf.d/ilinux.conf
<VirtualHost 172.16.0.8:80>
ServerName www.ilinux.io
DocumentRoot “/data/web/www/ilinux”
<Directory “/data/web/www/ilinux”>
Options None
AllowOverride None
Require all granted
</Directory>
CustomLog logs/ilinux_access_log combined
ErrorLog logs/iunix_error_log
</VirtualHost>
[root@localhost ~]# vim /etc/httpd/conf.d/iunix.conf
Listen 10080
<VirtualHost 172.16.0.8:10080>
ServerName www.iunix.io
DocumentRoot “/data/web/www/iunix”
<Directory “/data/web/www/iunix”>
Options None
AllowOverride None
Require all granted
</Directory>
CustomLog logs/iunix_access_log combined
ErrorLog logs/iunix_error_log
</VirtualHost>
[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service
[root@localhost ~]# ss -tnl

測試：
http://172.16.0.8/
http://172.16.0.8:10080

配置基于HOST的虛擬主機
一次完整的請求中，主機間真正的通信是 CIP:PORT — SIP:PORT，如何識別主機？
通過請求報文的首部：Host：的值來識別；

 

[root@localhost ~]# cat /etc/httpd/conf.d/ilinux.conf
<VirtualHost 172.16.0.8:80>
ServerName www.ilinux.io
DocumentRoot “/data/web/www/ilinux”
<Directory “/data/web/www/ilinux”>
Options None
AllowOverride None
Require all granted
</Directory>
CustomLog logs/ilinux_access_log combined
ErrorLog logs/iunix_error_log
</VirtualHost>
[root@localhost ~]# vim /etc/httpd/conf.d/iunix.conf
<VirtualHost 172.16.0.8:80>
ServerName www.iunix.io
DocumentRoot “/data/web/www/iunix”
<Directory “/data/web/www/iunix”>
Options None
AllowOverride None
Require all granted
</Directory>
CustomLog logs/iunix_access_log combined
ErrorLog logs/iunix_error_log
</VirtualHost>

[root@localhost ~]# httpd -t
[root@localhost ~]# systemctl restart httpd.service

搭建DNS用于解析兩個域名：
[root@localhost ~]# rpm -q bind
bind-9.8.2-0.62.rc1.el6.x86_64
10 options {
11 directory “/var/named”;
12 dump-file “/var/named/data/cache_dump.db”;
13 statistics-file “/var/named/data/named_stats.txt”;
14 memstatistics-file “/var/named/data/named_mem_stats.txt”;
15 recursion yes;
16
17 dnssec-enable no;
18 dnssec-validation no;
19
20 /* Path to ISC DLV key */
21 };
[root@localhost ~]# named-checkconf
[root@localhost ~]# service named restart
[root@localhost ~]# vim + /etc/named.rfc1912.zones
43 zone “ilinux.io” IN {
44 type master;
45 file “ilinux.io.zone”;
46 allow-update { none; };
47 allow-transfer { localhost; };
48 };
49 zone “iunix.io” IN {
50 type master;
51 file “iunix.io.zone”;
52 allow-update { none; };
53 allow-transfer { localhost; };
54 };
[root@localhost ~]# cd /var/named
[root@localhost named]# ll
total 28
drwxrwx— 2 named named 4096 Nov 28 21:15 data
drwxrwx— 2 named named 4096 Nov 28 21:15 dynamic
-rw-r—– 1 root named 3171 Jan 11 2016 named.ca
-rw-r—– 1 root named 152 Dec 15 2009 named.empty
-rw-r—– 1 root named 152 Jun 21 2007 named.localhost
-rw-r—– 1 root named 168 Dec 15 2009 named.loopback
drwxrwx— 2 named named 4096 Nov 28 21:17 slaves
[root@localhost named]# vim ilinux.io.zone
[root@localhost named]# vim ilinux.io.zone <– 重啟有語法著色
$TTL 3600
$ORIGIN ilinux.io.
@ IN SOA @ nsadmin.magedu.com. (
2017113001
1H
10M
1W
1D)
IN NS ns1
ns1 IN A 172.16.0.16
www IN A 172.16.0.8

[root@localhost named]# chown .named ilinux.io.zone
[root@localhost named]# chmod o= ilinux.io.zone
[root@localhost named]# cp -p ilinux.io.zone iunix.io.zone <– 保持權限和屬主屬組
[root@localhost named]# ll
total 36
drwxrwx— 2 named named 4096 Nov 28 21:15 data
drwxrwx— 2 named named 4096 Nov 28 21:15 dynamic
-rw-r—– 1 root named 146 Nov 29 04:03 ilinux.io.zone
-rw-r—– 1 root named 146 Nov 29 04:03 iunix.io.zone
-rw-r—– 1 root named 3171 Jan 11 2016 named.ca
-rw-r—– 1 root named 152 Dec 15 2009 named.empty
-rw-r—– 1 root named 152 Jun 21 2007 named.localhost
-rw-r—– 1 root named 168 Dec 15 2009 named.loopback
drwxrwx— 2 named named 4096 Nov 28 21:17 slaves

[root@localhost named]# sed -i ‘s@linux@unix@g’ iunix.io.zone

[root@localhost named]# named-checkzone ilinux.io ilinux.io.zone
[root@localhost named]# named-checkzone iunix.io iunix.io.zone
[root@localhost named]# rndc status
number of zones: 20
[root@localhost named]# rndc reload
[root@localhost named]# rndc status
number of zones: 21

dig -t A www.ilinux.io @172.16.0.16
dig -t A www.iunix.io @172.16.0.16
[root@localhost named]# host -t A www.ilinux.io 172.16.0.16
[root@localhost named]# host -t A www.iunix.io 172.16.0.16
[root@localhost named]# nslookup
> server 172.16.0.16
Default server: 172.16.0.16
Address: 172.16.0.16#53
> set q=A
> www.ilinux.io
Server: 172.16.0.16
Address: 172.16.0.16#53

Name: www.ilinux.io
Address: 172.16.0.8
> www.iunix.io
Server: 172.16.0.16
Address: 172.16.0.16#53

Name: www.iunix.io
Address: 172.16.0.8
> exit

使用此DNS解析域名，在Windows中添加DNS
在瀏覽器中打開F12

www.iunix.io
Host:www.iunix.io

www.ilinux.io
Host:www.ilinux.io