CentOS 8上安装配置Apache/httpd服务并启用Nginx反向代理
Apache HTTP服务器是世界上使用最广泛的Web服务器。记录下怎么在CentOS 8上安装和配置Apache/Httpd服务器。
主要环境
CentOS Linux release 8.1.1911 (x64)
nginx/1.14.1
必要条件
1.确保防火墙正常运行
以root或具有sudo特权的用户身份运行以下命令:sudo systemctl status firewalld
[dotnba@CentOS8 ~]$ sudo systemctl status firewalld
[sudo] dotnba 的密码:
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2020-02-04 07:55:05 CST; 1min 52s ago
Docs: man:firewalld(1)
Main PID: 1113 (firewalld)
Tasks: 2 (limit: 23820)
Memory: 31.6M
CGroup: /system.slice/firewalld.service
└─1113 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid
2月 04 07:55:04 CentOS8 systemd[1]: Starting firewalld - dynamic firewall daemon...
2月 04 07:55:05 CentOS8 systemd[1]: Started firewalld - dynamic firewall daemon.
2.确保系统保持最新
以root或具有sudo特权的用户身份运行以下命令:sudo yum update
[dotnba@CentOS8 ~]$ sudo yum update
安装步骤
1.安装httpd
yum install httpd
2.启动httpd服务
[dotnba@CentOS8 ~]$ systemctl start httpd
3.启用httpd服务,以使其在系统启动时启动
[dotnba@CentOS8 ~]$ systemctl enable httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
4.检查httpd运行状态
运行service httpd status或者 systemctl status httpd
[dotnba@CentOS8 ~]$ service httpd status
Redirecting to /bin/systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2020-02-04 08:33:29 CST; 18min ago
Docs: man:httpd.service(8)
Main PID: 60936 (httpd)
Status: "Running, listening on: port 443, port 80"
Tasks: 214 (limit: 23820)
Memory: 25.8M
CGroup: /system.slice/httpd.service
├─60936 /usr/sbin/httpd -DFOREGROUND
├─60946 /usr/sbin/httpd -DFOREGROUND
├─60947 /usr/sbin/httpd -DFOREGROUND
├─60948 /usr/sbin/httpd -DFOREGROUND
├─60949 /usr/sbin/httpd -DFOREGROUND
└─60950 /usr/sbin/httpd -DFOREGROUND
2月 04 08:33:29 CentOS8 systemd[1]: Starting The Apache HTTP Server...
2月 04 08:33:29 CentOS8 httpd[60936]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::df54:246d:1b8e:20e2. Set the 'ServerName' directive>
2月 04 08:33:29 CentOS8 systemd[1]: Started The Apache HTTP Server.
2月 04 08:33:29 CentOS8 httpd[60936]: Server configured, listening on: port 443, port 80
5.测试验证服务
为了检查Apache是否正常运行,可以运行简单的curl命令( curl
[dotnba@CentOS8 ~]$ curl localhost:80
为 Apache 配置防火墙
为了使外部主机可以使用Apache服务器,还需要在防火墙上打开特定的端口。
1.授权80和443端口
#打开80端口
[dotnba@CentOS8 ~]$ sudo firewall-cmd --permanent --zone=public --add-service=http
success
#打开443端口
[dotnba@CentOS8 ~]$ sudo firewall-cmd --permanent --zone=public --add-service=https
success
#重新加载配置
[dotnba@CentOS8 ~]$ sudo firewall-cmd --reload
success
2.检查端口开放状况
[dotnba@CentOS8 ~]$ sudo firewall-cmd --list-all | grep services
services: cockpit dhcpv6-client http https ssh
或者:
[dotnba@CentOS8 ~]$ sudo firewall-cmd --service=http --get-ports --permanent
80/tcp
[dotnba@CentOS8 ~]$ sudo firewall-cmd --service=https --get-ports --permanent
443/tcp
当然,最直观的是通过在外部主机上使用浏览器访问来验证是否正常。
3.添加其他端口
当然,除了80端口,也可能需要开放其他端口。
[dotnba@CentOS8 ~]$ sudo firewall-cmd --service=http --add-port=8080/tcp --permanent
success
检查端口添加状况:
[dotnba@CentOS8 ~]$ sudo firewall-cmd --service=http --get-ports --permanent
80/tcp 8080/tcp
Apache 修改端口
1. 修改/etc/httpd/conf/httpd.conf 文件
#把默认80改为你设置的端口,我设置端口为8080
Listen 8080
2.重新加载配置文件
[dotnba@CentOS8 ~]$ service httpd reload
Redirecting to /bin/systemctl reload httpd.service
[dotnba@CentOS8 ~]$ service httpd status
Redirecting to /bin/systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: reloading (reload) (Result: exit-code) since Tue 2020-02-04 08:33:29 CST; 1h 2min ago
Docs: man:httpd.service(8)
Process: 63472 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
Process: 60936 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 60936 (code=exited, status=1/FAILURE)
Status: "Reading configuration..."
Tasks: 0 (limit: 23820)
Memory: 8.4M
CGroup: /system.slice/httpd.service
2月 04 08:33:29 CentOS8 systemd[1]: Started The Apache HTTP Server.
2月 04 08:33:29 CentOS8 httpd[60936]: Server configured, listening on: port 443, port 80
2月 04 09:34:58 CentOS8 systemd[1]: Reloading The Apache HTTP Server.
2月 04 09:34:58 CentOS8 httpd[63140]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::df54:246d:1b8e:20e2. Set the 'ServerName' directive>
2月 04 09:34:58 CentOS8 systemd[1]: Reloaded The Apache HTTP Server.
2月 04 09:34:58 CentOS8 httpd[60936]: Server configured, listening on: port 443, port 8080
2月 04 09:35:35 CentOS8 systemd[1]: Reloading The Apache HTTP Server.
2月 04 09:35:35 CentOS8 httpd[63472]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::df54:246d:1b8e:20e2. Set the 'ServerName' directive>
2月 04 09:35:35 CentOS8 systemd[1]: Reloaded The Apache HTTP Server.
2月 04 09:35:35 CentOS8 systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
此时发现“Main process exited, code=exited, status=1/FAILURE”,经查,原因是是 SELinux 安全机制对于非标准端口有限制。
3.查询允许的端口
[dotnba@CentOS8 ~]$ sudo semanage port -l | grep http
http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
http_cache_port_t udp 3130
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
此时,可以将端口修改成http_port_t/http_cache_port_t允许的端口。比如:8118或者81。
#把默认80改为你设置的端口,我设置端口为81
Listen 81
重新加载配置文件:
[dotnba@CentOS8 ~]$ service httpd reload
Redirecting to /bin/systemctl reload httpd.service
检查状态:
[dotnba@CentOS8 ~]$ service httpd status
Redirecting to /bin/systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2020-02-04 09:48:33 CST; 1min 23s ago
Docs: man:httpd.service(8)
Process: 64233 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
Main PID: 63903 (httpd)
Status: "Configuration loaded."
Tasks: 214 (limit: 23820)
Memory: 27.0M
CGroup: /system.slice/httpd.service
├─63903 /usr/sbin/httpd -DFOREGROUND
├─64252 /usr/sbin/httpd -DFOREGROUND
├─64253 /usr/sbin/httpd -DFOREGROUND
├─64254 /usr/sbin/httpd -DFOREGROUND
├─64255 /usr/sbin/httpd -DFOREGROUND
└─64256 /usr/sbin/httpd -DFOREGROUND
2月 04 09:48:33 CentOS8 systemd[1]: Starting The Apache HTTP Server...
2月 04 09:48:33 CentOS8 httpd[63903]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::df54:246d:1b8e:20e2. Set the 'ServerName' directive>
2月 04 09:48:33 CentOS8 systemd[1]: Started The Apache HTTP Server.
2月 04 09:48:33 CentOS8 httpd[63903]: Server configured, listening on: port 443, port 81
2月 04 09:49:53 CentOS8 systemd[1]: Reloading The Apache HTTP Server.
2月 04 09:49:53 CentOS8 httpd[64233]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::df54:246d:1b8e:20e2. Set the 'ServerName' directive>
2月 04 09:49:53 CentOS8 systemd[1]: Reloaded The Apache HTTP Server.
2月 04 09:49:53 CentOS8 httpd[63903]: Server configured, listening on: port 443, port 81
4.添加其他的端口
当然,我们也可以添加需要的端口,比如:82
[dotnba@CentOS8 ~]$ sudo semanage port -a -t http_port_t -p tcp 82
查看添加后的情况:
[dotnba@CentOS8 ~]$ sudo semanage port -l | grep http
http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
http_cache_port_t udp 3130
http_port_t tcp 82, 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
为 Apache 配置Nginx反向代理
1.安装Nginx
sudo yum install nginx
2.启动Nginx服务
[dotnba@CentOS8 ~]$ systemctl start nginx
3.将Nginx添加至系统服务
[dotnba@CentOS8 ~]$ systemctl enable nginx
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
4.修改Nginx配置文件
[dotnba@CentOS8 ~]$ sudo vim /etc/nginx/nginx.conf
location / {
#使用之前修改的端口
proxy_pass http://localhost:81;
}
5.重新加载Nginx配置文件
[dotnba@CentOS8 ~]$ service nginx reload
Redirecting to /bin/systemctl reload nginx.service
此时,访问发现出现错误页面。这倒不是配置错误,还是因为SELinux安全因素作祟。
6.允许反向代理
[dotnba@CentOS8 ~]$ sudo setsebool -P httpd_can_network_connect 1
再次访问正常。
参考文章:
1.CentOS8下修改Apache端口以及解决SeLinux和Nginx反向代理的相关问题:https://blog.csdn.net/ldy/article/details/104148656
2.5分钟学会在CentOS 8上安装Apache:https://www.linuxidc.com/Linux/2019-11/161439.htm
3.httpd反向代理报错:https://www.cnblogs.com/GYbin/p/9572356.html
4.CentOS 7防火墙快速开放端口配置方法:https://www.linuxidc.com/Linux/2019-06/159104.htm