CentOS7 最小化安裝後,安裝配置並啟動httpd的步驟
記錄供查閱
1 安裝httpd軟體包
yum install httpd
針對CentOS7,httpd有專門的版本,此版本提供了針對systemd的單元檔案,如下所示
-bash-4.2# rpm -ql httpd | grep service
/usr/lib/systemd/system/htcacheclean.service
/usr/lib/systemd/system/httpd.service
2 啟動httpd服務並把此服務單元加入當前執行級
systemctl start httpd.service
systemctl enable httpd
此時,這個配置檔案被連結到了/etc/systemd/system/multi-user.target.wants/httpd.service,如下圖
-bash-4.2# ll /etc/systemd/system/multi-user.target.wants/
total 0
lrwxrwxrwx. 1 root root 38 Sep 16 19:08 auditd.service -> /usr/lib/systemd/system/auditd.service
lrwxrwxrwx. 1 root root 44 Sep 16 19:08 avahi-daemon.service -> /usr/lib/systemd/system/avahi-daemon.service
lrwxrwxrwx. 1 root root 37 Sep 16 19:08 crond.service -> /usr/lib/systemd/system/crond.service
lrwxrwxrwx. 1 root root 37 Sep 17 02:38 httpd.service -> /usr/lib/systemd/system/httpd.service
lrwxrwxrwx. 1 root root 42 Sep 16 19:08 irqbalance.service -> /usr/lib/systemd/system/irqbalance.service
lrwxrwxrwx. 1 root root 37 Sep 16 19:08 kdump.service -> /usr/lib/systemd/system/kdump.service
lrwxrwxrwx. 1 root root 46 Sep 16 19:08 NetworkManager.service -> /usr/lib/systemd/system/NetworkManager.service
lrwxrwxrwx. 1 root root 39 Sep 16 19:08 postfix.service -> /usr/lib/systemd/system/postfix.service
lrwxrwxrwx. 1 root root 40 Sep 16 19:08 remote-fs.target -> /usr/lib/systemd/system/remote-fs.target
lrwxrwxrwx. 1 root root 39 Sep 16 19:08 rsyslog.service -> /usr/lib/systemd/system/rsyslog.service
lrwxrwxrwx. 1 root root 36 Sep 16 19:08 sshd.service -> /usr/lib/systemd/system/sshd.service
lrwxrwxrwx. 1 root root 37 Sep 16 19:08 tuned.service -> /usr/lib/systemd/system/tuned.service
3 開啟firewalld防火牆的80埠
firewall-cmd --add-service=http (即時開啟)
firewall-cmd --permanent --add-service=http (寫入配置檔案)
此時,httpd這個服務新增到了/etc/firewalld/zones/public.xml這個zone配置檔案中,所以firewalld才能夠據此放行。此檔案如下所示:
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="dhcpv6-client"/>
<service name="http"/>
<service name="ssh"/>
<service name="https"/>
</zone>
注意不要將此處firewalld管理的service與systemd中的sevice配置單元混淆,兩者沒有任何關係。
http服務是安裝firewalld時自動安裝的,這個服務的配置檔案為 /usr/lib/firewalld/services/http.xml,我們來看看這個檔案。
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>WWW (HTTP)</short>
<description>HTTP is the protocol used to serve Web pages. If you plan to make your Web server publicly available, enable this option. This option is not required for viewing pages locally or developing Web pages.</description>
<port protocol="tcp" port="80"/>
</service>
據此知道http服務對應的就是tcp協議的80埠。firewalld根據zone配置檔案中的服務名http,依次在/etc/firwalld/services/目錄,/usr/lib/firewalld/services/目錄查詢名為http.xml的檔案,找到即停止繼續查詢,所以位於/etc/firwalld/services/目錄的配置檔案優先順序更高。
4 與CentOS6.5的區別
總體思路是一致的,都是防火牆放行,把服務加入執行級配置檔案。只是CentOS7中防火牆和執行級管理程式均發生徹底改變了。firewalld代替iptables,systemd代替SystemV init,所以需要重新熟悉相關命令。個人感覺新的程式更加人性化,操作也很容易。 配置檔案也都採用了標準的xml格式,放棄了容易出錯的老式配置檔案。