====== Сервис HTTP ====== * [[http://ru.wikipedia.org/wiki/HTTP|HyperText Transfer Protocol — протокол передачи гипертекста]] ===== URL ===== * [[http://ru.wikipedia.org/wiki/URL|Uniform Resource Locator, URL — единообразный локатор (определитель местонахождения) ресурса]] <схема>://<логин>:<пароль>@<хост>:<порт>/?<параметры>#<якорь> ===== Пример HTTP диалога ===== # nc -C ya.ru 80 # telnet ya.ru 80 GET / HTTP/1.1 Host: ya.ru Accept-Encoding: gzip, deflate ===== Примеры HTML ===== ==== Статический документ ===== # cat /var/www/html/index.html 
text
  as
    is

Go to Google

 ==== Форма ==== * [[http://server.corpX.un/asterisk/]] # mkdir /var/www/html/asterisk/ # cat /var/www/html/asterisk/index.html

Enter phone number

 ===== Установка и запуск сервера Apache ===== ==== Debian/Ubuntu ==== root@server:~# apt install apache2 ==== FreeBSD ==== [server:~] # pkg install apache24 [server:~] # sysrc apache24_enable=yes [server:~] # service apache24 start ==== CentOS ==== * Сервис Firewall [[Сервис Firewall#CentOS]] [root@server ~]# yum install httpd [root@server ~]# systemctl status httpd ==== Windows ==== * [[http://httpd.apache.org/docs/current/platform/windows.html|Using Apache HTTP Server on Microsoft Windows]] * [[http://www.apachefriends.org/en/xampp.html|XAMPP Apache + MariaDB + PHP + Perl]] ===== Базовая конфигурация ===== ==== Управление кодировкой ==== # cat /etc/apache2/sites-available/000-default.conf ... AddDefaultCharset utf-8 ... ==== Изменение порта ==== * [[https://www.tecmint.com/change-apache-port-in-linux/|How to Change Apache HTTP Port in Linux]] ==== Свойство Indexes каталогов ==== * [[http://www.corpX.un/]] * [[http://www.corpX.un/hosts]] === FreeBSD === [server:~] # rm /usr/local/www/apache24/data/index.html [server:~] # cp /etc/hosts /usr/local/www/apache24/data/ [server:~] # rcsdiff /usr/local/etc/apache24/httpd.conf 389c389 === Debian/Ubuntu === root@server:~# DOCROOT='/var/www/html' root@server:~# rm $DOCROOT/index.html root@server:~# cp /etc/hosts $DOCROOT root@server:~# rcsdiff /etc/apache2/sites-available/default root@server:~# rcsdiff /etc/apache2/sites-available/*default.conf 11c11 === FreeBSD/Ubintu === < Options Indexes FollowSymLinks --- > Options FollowSymLinks ==== Использование алиасов ==== Alias /share "/usr/share/" Options Indexes FollowSymLinks AllowOverride All Require all granted Allow from all * [[http://www.corpX.un/share]] === FreeBSD === [server:~] # cat /usr/local/etc/apache24/httpd.conf ... Include etc/apache24/extra/httpd-manual.conf ... http://www.corpX.un/manual/ === Debian/Ubuntu === root@server:~# cat /etc/apache2/sites-available/default root@server:~# cat /etc/apache2/sites-available/*default.conf ... Alias /doc/ "/usr/share/doc/" Options Indexes MultiViews FollowSymLinks AllowOverride None # Order deny,allow # Deny from all # Allow from 127.0.0.0/255.0.0.0 ::1/128 ... * [[http://www.corpX.un/doc]] ==== Использование домашних каталогов ==== * [[http://www.corpX.un/~user1/]] === Debian/Ubuntu === root@server:~# a2enmod userdir root@server:~# service apache2 restart === Debian/Ubuntu=== server# mkdir ~user1/public_html/ server# cat ~user1/public_html/index.html

Hello World from user1

 server# chown -R user1 ~user1/public_html/ ===== Использование виртуальных хостов ===== * [[http://user1.corpX.un/]] ==== Debian/Ubuntu ==== root@server:~# cat /etc/apache2/sites-available/mail.conf ServerName mail.corpX.un # ServerAlias www.mail.corpX.un DocumentRoot /var/lib/roundcube root@server:~# a2ensite mail root@server:~# apachectl -t root@server:~# cat /etc/apache2/sites-available/user1.conf ServerName user1.corpX.un # ServerAlias www.user1.corpX.un DocumentRoot /home/user1/public_html root@server:~# a2ensite user1 root@server:~# apachectl -t ==== FreeBSD ==== [server:~] # cat /usr/local/etc/apache24/extra/httpd-vhosts.conf DocumentRoot /usr/local/www/apache24/data/ ServerName user1.corpX.un # ServerAlias www.user1.corpX.un DocumentRoot /home/user1/public_html/ [server:~] # cat /usr/local/etc/apache24/httpd.conf ... LoadModule vhost_alias_module libexec/apache24/mod_vhost_alias.so ... Include etc/apache24/extra/httpd-vhosts.conf ... ===== Использование директивы Redirect ===== * [[http://www.yolinux.com/TUTORIALS/ApacheRedirect.html|List of methods used to redirect a web site using Apache]] ==== Debian/Ubuntu ==== root@lan:~# cat /etc/apache2/sites-available/000-default.conf #... Redirect permanent / https://www.corpX.un/ #... ==== FreeBSD ==== ===== Сокрытие версии сервиса ===== * [[http://nxlinuxadmin.blogspot.com/2011/01/how-to-hide-apache-version-server-info.html| How to hide Apache Version | Server Info | Signature | Header Information | Httpd Php Version]] ==== Debian/Ubuntu ==== # cat /etc/apache2/conf-enabled/security.conf ... ServerTokens Prod ... ServerSignature Off ... /etc/init.d/apache2 restart ==== FreeBSD ==== # cat /usr/local/etc/apache24/extra/httpd-default.conf ... ServerTokens Prod ... ServerSignature Off ... # cat /usr/local/etc/apache24/httpd.conf ... Include etc/apache22/extra/httpd-default.conf ... # /usr/local/etc/rc.d/apache24 restart ===== SSI интерфейс сервера ===== * [[https://httpd.apache.org/docs/current/mod/mod_include.html|Apache Module mod_include]] ==== Debian/Ubuntu ==== # a2enmod include # cat /etc/apache2/sites-available/000-default.conf ... Options +Includes DirectoryIndex index.shtml ... ... # cat /var/www/html/asterisk/index.shtml ...

Your ip address:

Your login is:

... ... ===== CGI интерфейс сервера ===== * [[http://lectureswww.readthedocs.io/5.web.server/cgi.html|CGI — Основы Веб-программирования]] * [[http://httpd.apache.org/docs/1.3/howto/cgi.html|Dynamic Content with CGI]] * [[http://www.cgi101.com/book/ch3/text.html|CGI Environment Variables]] ==== ScriptAlias ==== === Debian/Ubuntu === root@server:~# a2enmod cgid root@server:~# cd /usr/lib/cgi-bin/ === FreeBSD === [server:~] # cat /usr/local/etc/apache24/httpd.conf ... LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so ... LoadModule cgi_module libexec/apache24/mod_cgi.so ... [server:~] # cd /usr/local/www/apache24/cgi-bin/ === Пример скрипта CGI === server# cat test-cgi #!/bin/sh echo Content-type: text/plain echo echo Hello $REMOTE_ADDR echo You type: $QUERY_STRING env server# chmod 755 test-cgi * [[http://server.corpX.un/cgi-bin/test-cgi]] * [[http://server.corpX.un/cgi-bin/test-cgi?qwerty]] ==== Свойство ExecCGI каталогов ==== === FreeBSD === [server:~] # rcsdiff /usr/local/etc/apache24/extra/httpd-userdir.conf 18c18,19 < Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec --- > Options ExecCGI MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec > AddHandler cgi-script .cgi === Ubuntu === root@server:~# rcsdiff /etc/apache2/sites-available/default 11c11,12 < Options FollowSymLinks MultiViews --- > Options ExecCGI FollowSymLinks MultiViews > AddHandler cgi-script .cgi .pl === FreeBSD/Ubuntu === server# cd ~user1/public_html/ server# cat test.cgi #!/bin/sh echo Content-type: text/plain echo echo Hello $REMOTE_ADDR echo You type: $QUERY_STRING server# chmod +x test.cgi * Язык программирования Perl [[Язык программирования Perl#Пример 6]] === Проверки === * http://server.corpX.un/test.cgi * http://server.corpX.un/hosts * http://server.corpX.un/ * http://server.corpX.un/hello.pl?name=ivanov ===== Управление модулями http сервера ===== # apachectl -t -D DUMP_MODULES ===== Модуль php ===== ==== Debian/Ubuntu ==== root@server:~# apt install libapache2-mod-php root@server:~# ls /etc/apache2/mods-enabled/ | grep php ... root@server:~# cd /var/www/html ==== FreeBSD ==== [server:~] # pkg install mod_php56 php56 * Язык программирования PHP ([[Язык программирования PHP#Настройка]]) [server:~] # cat /usr/local/etc/apache24/httpd.conf ... LoadModule php5_module libexec/apache2?/libphp5.so ... DirectoryIndex index.html index.php ... AddType application/x-httpd-php .php ... [server:~] # service apache24 restart [server:~] # cd /usr/local/www/apache24/data/ ==== Windows ==== === Вариант 1 === [[http://www.apachefriends.org/en/xampp.html]] === Вариант 2 === [[http://windows.php.net/download/]] * Модуль Apache только в много поточной версии * Версия Apache должна совпадать C:\>notepad++ Apache22\conf\httpd.conf ... LoadModule php5_module C:\php\php5apache2_2.dll ... DirectoryIndex index.html index.php ... AddType application/x-httpd-php .php ... === Настройка === * Язык программирования PHP ([[Язык программирования PHP#Настройка]]) ==== FreeBSD/Ubuntu/Windows ==== * Пример WEB скрипта ([[Язык программирования PHP#Использование phpinfo]]) ===== Поддержка протокола HTTPS ===== * [[Letsencrypt Certbot]] * [[https://stackoverflow.com/questions/31370454/sslcertificatechainfile-is-obsolete|SSLCertificateChainFile is now obsolete, and any intermediate certificates are supposed to be included in the server certificate file]] ==== Debian/Ubuntu ==== # a2enmod ssl # cat /etc/apache2/sites-available/default-ssl* ... SSLCertificateFile /root/www.crt SSLCertificateKeyFile /root/www.key ... # SSLProtocol All -SSLv2 -SSLv3 ... # a2ensite default-ssl # service apache2 restart ==== Редирект HTTP на HTTPS ==== # a2enmod rewrite # cat /etc/apache2/sites-available/000-default.conf ... RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} ... # service apache2 restart ==== FreeBSD ==== # cat /usr/local/etc/apache24/httpd.conf ... LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so ... LoadModule ssl_module libexec/apache24/mod_ssl.so ... Include etc/apache24/extra/httpd-ssl.conf ... # cat /usr/local/etc/apache24/extra/httpd-ssl.conf ... ServerName www.corpX.un:443 ServerAdmin noc@corpX.un ... #SSLProtocol All -SSLv2 -SSLv3 ... SSLCertificateFile "/root/www.crt" ... SSLCertificateKeyFile "/root/www.key" ... ===== Управление доступом к HTTP серверу ===== ==== Управление доступом к HTTP серверу на основе сетевых адресов ==== * [[https://httpd.apache.org/docs/current/upgrading.html|Upgrading to 2.4 from 2.2]] === Debian/Ubuntu === root@server:~# cat /etc/apache2/sites-available/000-default* ... #Order Deny,Allow #Deny from all #Allow from 192.168.X.0/24 #Allow from 127.0.0.1 Require ip 127.0.0.1 192.168.X.0/24 ... === FreeBSD === [server:~] # cat /usr/local/etc/apache24/httpd.conf ... DocumentRoot "/usr/local/www/apache24/data" Order Deny,Allow Deny from all Allow from 192.168.X.0/24 Allow from 127.0.0.1 ... ==== Управление доступом к HTTP серверу на основе Basic аутентификации ==== === Debian/Ubuntu/FreeBSD === # touch /etc/http_passwd # htpasswd /etc/http_passwd user1 New password: password1 ... # htpasswd /etc/http_passwd 401 New password: password1 ... # cat /etc/http_passwd ... # cat /etc/http_group group1: user1 user2 # htpasswd -D /etc/http_passwd user1 === Debian/Ubuntu === root@server:~# cat /etc/apache2/sites-available/000-default.conf ... # AllowOverride AuthConfig # AuthType Basic # AuthName "Require Auth" # AuthUserFile /etc/http_passwd # Require valid-user # Require user user1 user2 # AuthGroupFile /etc/http_group # Require group group1 ... === FreeBSD === [server:~] # cat /usr/local/etc/apache24/extra/httpd-vhosts.conf ... # AllowOverride AuthConfig # AuthType Basic # AuthName "Require Auth" # AuthUserFile /etc/http_passwd # Require valid-user # Require user user1 user2 # AuthGroupFile /etc/http_group # Require group group1 ... === Debian/Ubuntu/FreeBSD === # cat asterisk/.htaccess AuthType Basic AuthName "Require Auth" AuthUserFile /etc/http_passwd Require user 401 402 ==== Управление доступом к HTTP серверу на основе сертификатов ==== * [[http://www.garex.net/apache/|Client certificates with apache]] * [[Пакет OpenSSL#Интерактивное подключение по ssl]] === Debian/Ubuntu === # cat /etc/apache2/sites-available/default-ssl* ... DocumentRoot /var/www/html # SSLRequire %{SSL_CLIENT_S_DN_CN} in {"user1","user2"} # SSLRequire %{SSL_CLIENT_S_DN_OU} eq "group1" ... SSLCertificateFile /root/www.crt SSLCertificateKeyFile /root/www.key ... SSLCACertificateFile /root/ca.crt ... #SSLCARevocationFile /root/ca.crl ... SSLVerifyClient require ... === FreeBSD === # cat /usr/local/etc/apache24/extra/httpd-ssl.conf ... # SSLRequire %{SSL_CLIENT_S_DN_CN} in {"user1","user2"} # SSLRequire %{SSL_CLIENT_S_DN_OU} eq "group1" ... SSLCertificateFile "/root/www.crt" ... SSLCertificateKeyFile "/root/www.key" ... SSLCACertificateFile "/root/ca.crt" ... #SSLCARevocationFile "/root/ca.crl" ... SSLVerifyClient require ... ==== Управление доступом к HTTP серверу с использованием GSSAPI аутентификации ==== * [[http://modauthkerb.sourceforge.net/configure.html|Kerberos Moduse for Apache]] * [[http://port25.technet.com/archive/2008/01/25/technical-analysis-apache-with-mod-auth-kerb-and-windows-server.aspx|echnical Analysis: Apache with mod_auth_kerb and Windows Server]] * Регистрация принципала: [[Аутентификация доступа к SQUID#Kerberos GSSAPI аутентификация]] === Ubuntu === # apt-get install libapache2-mod-auth-kerb # cat /etc/apache2/sites-available/default ... AuthType Kerberos KrbMethodK5Passwd off KrbMethodNegotiate on Require valid-user ... === FreeBSD === # pkg_add -r mod_auth_kerb2 или # cd /usr/ports/www/mod_auth_kerb2/ # make configure # cat work/mod_auth_kerb-5.4/Makefile ... #KRB5_LDFLAGS = -L/usr/lib -lgssapi -lheimntlm -lkrb5 -lhx509 -lcom_err -lcrypto -lasn1 -lroken -lcrypt KRB5_LDFLAGS = -L/usr/lib -lgssapi_krb5 -lgssapi -lheimntlm -lkrb5 -lhx509 -lcom_err -lcrypto -lasn1 -lroken -lcrypt # make install clean # cat /usr/local/etc/apache22/httpd.conf ... LoadModule auth_kerb_module modules/mod_auth_kerb.so ... AuthType Kerberos KrbMethodK5Passwd off KrbMethodNegotiate on Require valid-user ... === Firefox === [[http://grolmsnet.de/kerbtut/firefox.html]] ==== Управление доступом к HTTP серверу с использованием OpenID аутентификации ==== * [[https://github.com/zmartzone/mod_auth_openidc/wiki/GitLab-OAuth2]] * [[Инструмент GitLab#Сервер OpenID]] из GitLab * [[Сервис Keycloak]] * [[https://www.janua.fr/using-apache2-mod_auth_openidc-module-with-keycloak-openid-connect/|Using apache2 mod_auth_openidc module with Keycloak (OpenID Connect)]] gate# apt install libapache2-mod-auth-openidc # cat /etc/apache2/conf-available/serve-cgi-bin.conf ... ## GitLab OIDCSSLValidateServer Off OIDCProviderMetadataURL https://server.corpX.un/.well-known/openid-configuration OIDCRedirectURI http://gate.corpX.un/cgi-bin/test-cgi OIDCClientID e...............................................4 #Application ID OIDCClientSecret 7.................................................4 #Secret OIDCCryptoPassphrase anystring ## Keycloak OIDCSSLValidateServer Off OIDCProviderMetadataURL https://keycloak.corpX.un/realms/corpX/.well-known/openid-configuration OIDCRedirectURI http://gate.corpX.un/cgi-bin/test-cgi #OIDCClientID test-cgi OIDCClientID any-client OIDCCryptoPassphrase anystring ... #Require all granted AuthType openid-connect Require valid-user ... # a2enmod auth_openidc Проверка: http://gate.corpX.un/cgi-bin/test-cgi/ !!! Последний / обязательно !!! ===== Протокол WebDAV ===== ==== Ubuntu ==== * [[https://www.digitalocean.com/community/tutorials/how-to-configure-webdav-access-with-apache-on-ubuntu-14-04|How To Configure WebDAV Access with Apache on Ubuntu 14.04]] * [[http://stackoverflow.com/questions/29379321/webdav-a-directory-per-user|webdav: a directory per-user]] # a2enmod dav # a2enmod dav_fs # mkdir /var/www/share # chown www-data /var/www/share # cat /etc/apache2/sites-available/default ... Alias /share /var/www/share Options Indexes DAV On Order allow,deny allow from all ... # service apache2 restart ===== NGINX ===== * [[https://mail.bmstu.ru:9100/~val/Mastering%20NGINX%20RUS.pdf]] * [[https://blog.sefdar.ru/nginx-%D0%BF%D0%B5%D1%80%D0%B5%D0%BD%D0%B0%D0%BF%D1%80%D0%B0%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F-proxy_redirect-%D0%B8-redirect/|NGINX перенаправления proxy_redirect и redirect]] gate# apt install nginx ==== Прокси "красивого" URL в приложение (пример 1) ==== gate# cat /etc/nginx/sites-available/user1 server { listen 80; server_name server.corpX.un corpX.un; location / { proxy_pass http://server.corpX.un/~user1/; } } === Подключение, тестирование, применение и мониторинг конфигурации === # ln -s /etc/nginx/sites-available/user1 /etc/nginx/sites-enabled/user1 # service nginx configtest # tail /var/log/nginx/error.log или # nginx -t #-c /etc/nginx/nginx.conf или # nginx -T # service nginx restart # tail -f /var/log/nginx/access.log -f /var/log/nginx/error.log gate.isp.un$ wget -O - -q http://server.corpX.un ==== Прокси с балансировкой (пример 2) ==== # cat /etc/nginx/sites-available/myapp1 upstream myapp1 { server server.corpX.un; server server2.corpX.un; } server { listen 80; server_name server.corpX.un corpX.un; location / { proxy_pass http://myapp1; } } * [[#Подключение, тестирование, применение и мониторинг конфигурации]] ==== Прокси "красивого" URL в приложение (пример 3) ==== # host mail # host webd # host www # host autoconfig # host corpX.un ... has address 192.168.X.10 root@server# cat /var/opt/gitlab/nginx/conf/corpX.conf server { listen 80; server_name webd.corpX.un; location / { proxy_pass http://192.168.49.2:30111/; } } server { listen 80; server_name mail.corpX.un; return 301 http://server.corpX.un:81/mail; # return 301 http://gate.corpX.un:81/mail; } server { listen 80; server_name corpX.un www.corpX.un; location / { proxy_pass http://server.corpX.un:81/; } } # server { # listen 80; # server_name autoconfig.corpX.un; # location / { # proxy_pass http://gate.corpX.un:81/; # } # } # cat /etc/gitlab/gitlab.rb ... nginx['custom_nginx_config'] = "include /var/opt/gitlab/nginx/conf/corpX.conf;" ... * [[Инструмент GitLab#Проверка конфигурации и перезапуск]] root@server# less /var/opt/gitlab/nginx/conf/nginx.conf ... include /var/opt/gitlab/nginx/conf/corpX.conf; } root@server# /opt/gitlab/embedded/sbin/nginx -p /var/opt/gitlab/nginx -t root@server# gitlab-ctl restart nginx ==== HTTPS Прокси (пример 4) ==== gate1.corp13.un:~# cat /etc/nginx/sites-available/gowebd server { listen 80; server_name gowebd.corp13.un; return 301 https://gowebd.corp13.un$request_uri; } server { listen 443 ssl; server_name gowebd.corp13.un; ssl_certificate /root/gowebd.crt; ssl_certificate_key /root/gowebd.key; location / { proxy_pass http://192.168.13.64; # proxy_set_header Host $host; # proxy_set_header X-Forwarded-For $remote_addr; # proxy_set_header X-Forwarded-Proto $scheme; # proxy_set_header X-Forwarded-Port $server_port; } } * [[#Подключение, тестирование, применение и мониторинг конфигурации]]