httpd服务
httpd服务
文章目录
- httpd服务
-
- 1. httpd服务介绍
- 2. 常用的web程序
- 3. httpd路径
- 4. rpm安装httpd
-
- 4.1 上传网站
- 5. 源码安装httpd
-
- 5.1 服务控制
- 5.2 虚拟主机
- 5.3 访问控制
- 6. 生成证书
1. httpd服务介绍
httpd是Apache超文本传输协议服务器的主程序。被设计为一个独立运行的后台进程,它会建立一个处理请求的子进程或线程的池。通常,httpd不应该被直接调用,而应该在Lunix系统中由 apachectl 调用 ——百度百科
2. 常用的web程序
| 工具 | 功能 |
|---|---|
| htpasswd | 用于生成认证时的账号和密码 |
| apachectl | 源码安装后的控制工具 |
| apxs | 扩展包,需要安装httpd-devel包 |
| rotatelogs | 日志滚动 |
| suexec | 临时切换用户 |
| ab | 压测工具,测试网站处理用户的请求量 |
3. httpd路径
| 文件/目录 | 对应的功能 |
|---|---|
| /var/log/httpd/access.log | 访问日志 |
| /var/log/httpd/error_log | 错误日志 |
| /var/www/html/ | 站点文档目录 |
| /usr/lib64/httpd/modules/ | 模块文件路径 |
| /etc/httpd/conf/httpd.conf | 主配置文件 |
| /etc/httpd/conf.modules.d/*.conf | 模块配置文件 |
| /etc/httpd/conf.d/*.conf | 辅助配置文件 |
4. rpm安装httpd
httpd服务可以源码安装或者rpm安装
[root@node1 ~]# dnf -yq install httpd //用dnf安装httpd服务
[root@node1 ~]# systemctl status httpd //服务默认是未开启的
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:httpd.service(8)
[root@node1 ~]# systemctl disable firewalld //开启服务前关闭防火墙
[root@node1 ~]# getenforce //关闭selinux
Disabled
[root@node1 ~]# systemctl start httpd //开启httpd服务
[root@node1 ~]# systemctl enable httpd //设置httpd服务开机自启
[root@node1 ~]# systemctl status httpd //查看服务是否开启成功
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2022-04-14 17:23:59 CST; 4s ago
Docs: man:httpd.service(8)
Main PID: 14674 (httpd)
Status: "Started, listening on: port 80"
Tasks: 213 (limit: 11216)
Memory: 25.1M
CGroup: /system.slice/httpd.service
├─14674 /usr/sbin/httpd -DFOREGROUND
├─14675 /usr/sbin/httpd -DFOREGROUND
├─14676 /usr/sbin/httpd -DFOREGROUND
├─14677 /usr/sbin/httpd -DFOREGROUND
└─14678 /usr/sbin/httpd -DFOREGROUND
用浏览器输入IP地址打开httpd的测试页面
4.1 上传网站
[root@node1 ~]# ls /var/log/httpd/ //httpd的日志文件
access_log error_log
[root@node1 ~]# ls //下载好网站的源码包
anaconda-ks.cfg html5大气医院网站源码.zip
[root@node1 ~]# dnf -yq install unzip //安装解压工具
Installed:
unzip-6.0-45.el8.x86_64
[root@node1 ~]# unzip html5大气医院网站源码.zip //解压
[root@node1 ~]# cp -r html5大气医院网站源码/* /var/www/html/
[root@node1 ~]# ls /var/www/html/ //复制到httpd服务的html目录
chuzhen.html index.html js keshiys.html news.html rongyu.html zhuanjia.html
css jianjie.html keshi.html kexue.html newslist.html uploadfiles
images jiuzhen.html keshimx.html kexuelist.html pic ys.html
网站源码版本过低,出现了一些乱码,不过网站源码已经上传成功
#还可以使用curl下载网站上传
[root@node1 ~]# cd /var/www/html/
[root@node1 html]#
[root@node1 html]# ls
chuzhen.html index.html js keshiys.html news.html rongyu.html zhuanjia.html
css jianjie.html keshi.html kexue.html newslist.html uploadfiles
images jiuzhen.html keshimx.html kexuelist.html pic ys.html
[root@node1 html]#
[root@node1 html]# rm -rf *
[root@node1 html]# curl -o index.html http://www.baidu.com
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2381 100 2381 0 0 9264 0 --:--:-- --:--:-- --:--:-- 9264
[root@node1 html]# ls
index.html
5. 源码安装httpd
httpd依赖于apr,apr-util
在apache官网下载所需的包(https://apache.org/ )
https://downloads.apache.org/apr/apr-1.7.0.tar.gz
https://downloads.apache.org/apr/apr-util-1.6.1.tar.gz
https://downloads.apache.org/httpd/httpd-2.4.53.tar.gz
# 安装包已下好
[root@node1 ~]# ls
anaconda-ks.cfg apr-1.7.0.tar.gz apr-util-1.6.1.tar.gz httpd-2.4.53.tar.gz
# 安装开发环境
[root@node1 ~]# dnf -y groups mark install "Development Tools"
[root@node1 ~]# dnf -y install gcc gcc-c++ openssl-devel pcre-devel expat-devel
# 编译安装apr
[root@node1 ~]# useradd -r -M -s /sbin/nologin apache //创建用户和组
[root@node1 ~]# id apache
uid=994(apache) gid=991(apache) groups=991(apache)
[root@node1 ~]# grep apache /etc/group
apache:x:991:
[root@node1 ~]# tar xf apr-1.7.0.tar.gz //解压压缩包
[root@node1 ~]# tar xf apr-util-1.6.1.tar.gz
[root@node1 ~]# tar xf httpd-2.4.53.tar.gz
[root@node1 ~]# ls
anaconda-ks.cfg apr-1.7.0.tar.gz apr-util-1.6.1.tar.gz httpd-2.4.53.tar.gz
apr-1.7.0 apr-util-1.6.1 httpd-2.4.53
[root@node1 ~]# cd apr-1.7.0
[root@node1 apr-1.7.0]# vim configure
cfgfile=${ofile}T
trap "$RM \"$cfgfile\"; exit 1" 1 2 15
# $RM "$cfgfile" //注释此行
[root@node1 apr-1.7.0]# ./configure --prefix=/usr/local/apr
[root@node1 apr-1.7.0]# make && make install //编译安装
# 编译安装apr-util
[root@node1 apr-1.7.0]# cd /root/apr-util-1.6.1
[root@node1 apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
[root@node1 apr-util-1.6.1]# make && make install
# 编译安装httpd
[root@node1 apr-util-1.6.1]# cd /root/httpd-2.4.53
[root@node1 httpd-2.4.53]# ./configure --prefix=/usr/local/apache \
--enable-so \ //开启so共享对象功能
--enable-ssl \ //开启ssl
--enable-cgi \
--enable-rewrite \
--with-zlib \
--with-pcre \
--with-apr=/usr/local/apr \ //apr的位置
--with-apr-util=/usr/local/apr-util/ \
--enable-modules=most \ //开启多模块模式
--enable-mpms-shared=all \ //mpms共享对象是所有人
--with-mpm=prefork //工作模型是prefork
[root@node1 httpd-2.4.53]# make && make install
[root@node1 httpd-2.4.53]# ls /usr/local/
apache apr apr-util bin etc games include lib lib64 libexec sbin share src
# 设置环境变量
[root@node1 ~]# cd /usr/local/apache/
[root@node1 apache]# ls
bin build cgi-bin conf error htdocs icons include logs man manual modules
[root@node1 apache]# echo 'export PATH=/usr/local/apache/bin:$PATH' > /etc/profile.d/apache.sh
[root@node1 apache]# source /etc/profile.d/apache.sh //重新读取文件
[root@node1 apache]# which httpd
/usr/local/apache/bin/httpd
# 设置映射关系
[root@node1 apache]# ln -s /usr/local/apache/include/ /usr/include/apache
# 设置man文档
[root@node1 apache]# vim /etc/man_db.conf
MANDATORY_MANPATH /usr/man
MANDATORY_MANPATH /usr/share/man
MANDATORY_MANPATH /usr/local/share/man
MANDATORY_MANPATH /usr/local/apache/man //加入此行
#解决这个警告信息需要在/usr/local/apache/conf/httpd.conf文件中将#ServerName www.example.com:80取消注释
[root@node1 apache]# apachectl start //开启httpd服务
AH00558: httpd: Could not reliably determine the server fully
qualified domain name, using fe80::20c:29ff:fe39:9951%ens160.
Set the 'ServerName' directive globally to suppress this message //警告信息,可以无视
[root@node1 apache]# ss -antl //80端口号已开启
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:80 *:*
在浏览器输入IP地址后可以访问这个页面就说明httpd服务正常
5.1 服务控制
# 目前无法使用systemctl命令控制服务,可以设置服务控制
[root@node1 ~]# cd /usr/lib/systemd/system
[root@node1 system]# ls sshd.service
sshd.service
[root@node1 system]# cp sshd.service httpd.service
[root@node1 system]# vim httpd.service
[root@node1 system]# cat httpd.service
[Unit]
Description=httpd server daemon
After=network.target sshd-keygen.target
[Service]
Type=forking
#EnvironmentFile=-/etc/crypto-policies/back-ends/opensshserver.config
#EnvironmentFile=-/etc/sysconfig/sshd
ExecStart=/usr/local/apache/bin/apachectl start
ExecStop=/usr/local/apache/bin/apachectl stop
ExecReload=/bin/kill -HUP $MAINPID
#KillMode=process
#Restart=on-failure
#RestartSec=42s
[Install]
WantedBy=multi-user.target
[root@node1 apache]# apachectl stop //先用apachectl停止httpd服务
[root@node1 system]# daemon-reload //重新加载守护进程
[root@node1 system]# systemctl start httpd //开启httpd服务
[root@node1 system]# systemctl status httpd
● httpd.service - httpd server daemon
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: active (running) since Sun 2022-04-17 12:24:55 CST; 13s ago
Process: 77572 ExecStart=/usr/local/apache/bin/apachectl start (code=exited, status=0/SUCCESS)
Main PID: 77575 (httpd)
Tasks: 6 (limit: 11216)
Memory: 4.3M
CGroup: /system.slice/httpd.service
├─77575 /usr/local/apache/bin/httpd -k start
├─77576 /usr/local/apache/bin/httpd -k start
├─77577 /usr/local/apache/bin/httpd -k start
├─77578 /usr/local/apache/bin/httpd -k start
├─77579 /usr/local/apache/bin/httpd -k start
└─77580 /usr/local/apache/bin/httpd -k start
Apr 17 12:24:55 node1 systemd[1]: Starting httpd server daemon...
Apr 17 12:24:55 node1 systemd[1]: Started httpd server daemon.
5.2 虚拟主机
在同一台主机中运行多个网站服务需要配置虚拟主机
虚拟主机有三类:
- 相同IP不同端口
- 不同IP相同端口
- 相同IP相同端口不同域名
相同IP不同端口:
[root@node1 ~]# mkdir /usr/local/apache/htdocs/test.example.com //创建网站目录
[root@node1 ~]# ls /usr/local/apache/htdocs/
index.html test.example.com
[root@node1 ~]# cd /usr/local/apache/htdocs/test.example.com/
[root@node1 test.example.com]# echo 'test page' > index.html //创建测试网页文件
[root@node1 test.example.com]# ls
index.html
[root@node1 test.example.com]# cd ..
[root@node1 htdocs]# mkdir blog.example.com
[root@node1 htdocs]# cd blog.example.com
[root@node1 blog.example.com]# echo 'blog page' > index.html
[root@node1 blog.example.com]# cd
[root@node1 ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf //配置虚拟主机
<VirtualHost *:80>
# ServerAdmin [email protected]
DocumentRoot "/usr/local/apache/htdocs/test.example.com" //服务地址
ServerName test.example.com //服务名称
# ServerAlias www.dummy-host.example.com
ErrorLog "logs/test.example.com-error_log" //错误日志位置
CustomLog "logs/test.example.com-access_log" common //正常日志位置
</VirtualHost>
Listen 81 //监听81端口号
<VirtualHost *:81>
DocumentRoot "/usr/local/apache/htdocs/blog.example.com"
ServerName blog.example.com
ErrorLog "logs/blog.example.com-error_log"
CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>
[root@node1 ~]# vim /usr/local/apache/conf/httpd.conf
# Virtual hosts
Include conf/extra/httpd-vhosts.conf //取消此行注释
[root@node1 ~]# systemctl restart httpd //重启服务
[root@node1 ~]# ss -anlt //查看端口号
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:81 *:*
不同IP相同端口:
[root@node1 ~]# ip addr add 192.168.10.104/24 dev ens160 //新增临时IP地址
[root@node1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:39:99:51 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.102/24 brd 192.168.10.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 192.168.10.104/24 scope global secondary ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe39:9951/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@node1 ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf //修改虚拟主机配置文件
<VirtualHost 192.168.10.102:80>
# ServerAdmin [email protected]
DocumentRoot "/usr/local/apache/htdocs/test.example.com"
ServerName test.example.com
# ServerAlias www.dummy-host.example.com
ErrorLog "logs/test.example.com-error_log"
CustomLog "logs/test.example.com-access_log" common
</VirtualHost>
<VirtualHost 192.168.10.104:80>
DocumentRoot "/usr/local/apache/htdocs/blog.example.com"
ServerName blog.example.com
ErrorLog "logs/blog.example.com-error_log"
CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>
[root@node1 ~]# systemctl restart httpd //重启服务
相同IP相同端口不同域名:
[root@node1 ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf //修改虚拟主机配置文件
<VirtualHost *:80>
# ServerAdmin [email protected]
DocumentRoot "/usr/local/apache/htdocs/test.example.com"
ServerName test.example.com
# ServerAlias www.dummy-host.example.com
ErrorLog "logs/test.example.com-error_log"
CustomLog "logs/test.example.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/blog.example.com"
ServerName blog.example.com
ErrorLog "logs/blog.example.com-error_log"
CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>
# 设置hosts以便用域名访问
Linux目录位置 /etc/hosts Windows目录位置 C:\Windows\System32\drivers\etc\hosts
编辑文件加入此行:192.168.10.102 test.example.com blog.example.com
5.3 访问控制
访问控制法则:
| 法则 | 功能 |
|---|---|
| Require all granted | 允许所有主机访问 |
| Require all deny | 拒绝所有主机访问 |
| Require ip IPADDR | 授权指定来源地址的主机访问 |
| Require not ip IPADDR | 拒绝指定来源地址的主机访问 |
| Require host HOSTNAME | 授权指定来源主机名的主机访问 |
| Require not host HOSTNAME | 拒绝指定来源主机名的主机访问 |
注意:httpd-2.4版本默认是拒绝所有主机访问的,所以安装以后必须做显示授权访问
[root@node1 ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
# ServerAdmin [email protected]
DocumentRoot "/usr/local/apache/htdocs/test.example.com"
ServerName test.example.com
# ServerAlias www.dummy-host.example.com
ErrorLog "logs/test.example.com-error_log"
CustomLog "logs/test.example.com-access_log" common
<Directory "/usr/local/apache/htdocs/test.example.com">
<RequireAll>
require not ip 192.168.10.1 //拒绝192.168.10.1访问
require all granted //允许所有人访问
</RequireAll>
</Directory>
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/blog.example.com"
ServerName blog.example.com
ErrorLog "logs/blog.example.com-error_log"
CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>
[root@node1 ~]# systemctl restart httpd
192.168.10.1无权访问test,但是可以访问blog
6. 生成证书
配置https步骤:
- 生成证书
[root@node1 ~]# vim /usr/local/apache/conf/httpd.conf //启用模块
LoadModule ssl_module modules/mod_ssl.so //取消此行注释
# openssl实现私有CA
[root@node1 ~]# mkdir /etc/pki/CA
[root@node1 ~]# cd /etc/pki/CA/
[root@node1 CA]# mkdir private
[root@node1 CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048) //生成密钥
[root@node1 CA]# ls private/
cakey.pem
[root@node1 CA]# openssl rsa -in private/cakey.pem -pubout //查看公钥
[root@node1 CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 //生成自签署证书
[root@node1 CA]# mkdir certs newcerts crl
[root@node1 CA]# touch index.txt && echo 01 > serial
[root@node1 CA]# cd /usr/local/apache && mkdir ssl && cd ssl
[root@node1 ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
[root@node1 ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr //生成证书签署请求
[root@node1 ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
[root@node1 ssl]# ls
httpd.crt httpd.csr httpd.key
- 配置httpd.conf,取消以下内容的注释
[root@node1 ~]# vim /usr/local/apache/conf/httpd.conf
Include conf/extra/httpd-ssl.conf //取消这两行注释
......
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
- 在httpd-vhosts.conf中配置虚拟主机
# 在httpd-vhosts.conf文件中删除或者注释此行:
require not ip 192.168.10.1
- 在httpd-ssl.conf中配置证书的位置
[root@node1 ~]# vim /usr/local/apache/conf/extra/httpd-ssl.conf
......
# General setup for the virtual host
DocumentRoot "/usr/local/apache/htdocs/test.example.com"
ServerName test.example.com:443
ServerAdmin [email protected]
ErrorLog "/usr/local/apache/logs/error_log"
TransferLog "/usr/local/apache/logs/access_log"
......
SSLCertificateFile "/usr/local/apache/ssl/httpd.crt"
......
SSLCertificateKeyFile "/usr/local/apache/ssl/httpd.key"
- 检查配置文件是否有语法错误
[root@node1 ~]# httpd -t
Syntax OK
- 启动或重启服务
[root@node1 ~]# systemctl restart httpd
测试结果
