CentOS 7 安裝 Apache 2.4 (httpd)
Apache算是Linux最古老穩定的服務之一。
但是,Apache的設定也因為SELinux整合至Linux kernel之後有所改變!因此,本文也會多加介紹幾個與SELinux相關的常用設定!
(本範例使用CentOS 7 安裝 Apache 2.4)
安裝Apache
就順便安裝支援https的模組吧!現在架站都會用到https了~
|
1 |
[andy@www ~]$ sudo yum install httpd mod_ssl openssl |
啟動Apache,並且設定為開機自動啟動
|
1 2 |
[andy@www ~]$ sudo systemctl start httpd [andy@www ~]$ sudo systemctl enable httpd |
確認Apache執行權限
|
1 |
[andy@www ~]$ sudo vim /etc/httpd/conf/httpd.conf |
尋找關鍵字『User 』
(尾端加上一個空白鍵)
|
1 |
/User\ |
|
1 2 3 4 5 6 7 8 9 10 |
# # If you wish httpd to run as a different user or group, you must run # httpd as root initially and it will switch. # # User/Group: The name (or #number) of the user/group to run httpd as. # It is usually good practice to create a dedicated user and group for # running httpd, as with most system services. # User apache Group apache |
如此一來,便可確定Apache執行者是apache,想要讓Apache擁有權限的檔案或目錄,就要變更擁有者為apache!
設定或修改Apache目錄
|
1 |
[andy@www ~]$ sudo vim /etc/httpd/conf/httpd.conf |
尋找『DocumentRoot 』
(尾端加上一個空白鍵)
|
1 |
/DocumentRoot\ |
|
1 2 3 4 5 6 |
# # DocumentRoot: The directory out of which you will serve your # documents. By default, all requests are taken from this directory, but # symbolic links and aliases may be used to point to other locations. # DocumentRoot "/var/www/html" |
為了讓Apache可以支援.htaccess,請加入AllowOverride All
搜尋『<directory 』,可能會找到好幾個,要修改的是後方雙引號內容為Apache預設目錄的那一個
(尾端加上一個空白鍵)
|
1 |
/<directory\ |
|
1 2 3 |
<directory "/var/www/html"> AllowOverride All </Directory> |
一般而言,Apache Http Server預設監聽80 port,想要修改的話可以搜尋『Listen 80』
|
1 2 3 4 5 6 7 8 9 10 |
# # Listen: Allows you to bind Apache to specific IP addresses and/or # ports, instead of the default. See also the <VirtualHost> # directive. # # Change this to Listen on specific IP addresses as shown below to # prevent Apache from glomming onto all bound IP addresses. # #Listen 12.34.56.78:80 Listen 80 |
有修改設定的話,記得存檔離開!
|
1 |
:wq |
如果伺服器已啟動SELinux的話,這個步驟一定不能漏!
怎麼確認?請看這篇文章:CentOS 7 開啟/關閉SELinux
因為,SELinux限制很嚴格,所以必須在Apache的預設目錄上額外加入SELinux的識別label,這樣才不會出現『Permission Denied』!
|
1 2 3 4 5 |
[andy@www ~]$ ls -Z /var/www/html drwxr-xr-x root root user_u:object_r:default_t /var/www/html [andy@www ~]$ chcon -R --type=httpd_sys_content_t /var/www/html [andy@www ~]$ ls -Z /var/www/html drwxr-xr-x root root user_u:object_r:httpd_sys_content_t /var/www/html |
如果Apache不是監聽80 port,還需要讓SELinux認得一個新的Port,而不只是預設的80 port!
|
1 |
[andy@www ~]$ sudo semanage port -a -t http_port_t -p tcp 1234 |
允許http服務通過防火牆
|
1 |
[andy@www ~]$ firewall-cmd --permanent --zone=public --add-service=http |
如果Apache監聽的不是預設80 port,建議再加上下列設定
|
1 2 |
[andy@www ~]$ sudo cp /usr/lib/firewalld/services/http.xml /etc/firewalld/services/http.xml [andy@www ~]$ sudo vim /etc/firewalld/services/http.xml |
可以複製第5行的格式,來新增別的http port!或是將80 port修改成你自訂的port號!
修改完後記得存擋!
|
1 2 3 4 5 6 |
<?xml version="1.0" encoding="utf-8"?> <service> <short>WWW (HTTP)</short> <description>HTTP is the protocol used to serve Web pages. If you plan to make your Web server publicly available, enable this option. This option is not required for viewing pages locally or developing Web pages.</description> <port protocol="tcp" port="80"/> </service> |
再檢查一次防火牆設定
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
[andy@www ~]$ firewall-cmd --zone=public --list-all public (active) target: default icmp-block-inversion: no interfaces: eth0 sources: services: dhcpv6-client http https ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: |
重啟Apache服務
|
1 |
[andy@www ~]$ sudo systemctl restart httpd.service |
Pingback:CentOS 7 架站教學彙整 (Apache 2.4 + MySQL 5.7 + php 7 + phpMyAdmin + SSH + sFTP) - BrilliantCode.net