httpd服务

httpd服务

文章目录

  • httpd服务
    • 1. httpd服务介绍
    • 2. 常用的web程序
    • 3. httpd路径
    • 4. rpm安装httpd
      • 4.1 上传网站
    • 5. 源码安装httpd
      • 5.1 服务控制
      • 5.2 虚拟主机
      • 5.3 访问控制
    • 6. 生成证书


1. httpd服务介绍

httpd是Apache超文本传输协议服务器的主程序。被设计为一个独立运行的后台进程,它会建立一个处理请求的子进程或线程的池。通常,httpd不应该被直接调用,而应该在Lunix系统中由 apachectl 调用 ——百度百科


2. 常用的web程序

工具 功能
htpasswd 用于生成认证时的账号和密码
apachectl 源码安装后的控制工具
apxs 扩展包,需要安装httpd-devel包
rotatelogs 日志滚动
suexec 临时切换用户
ab 压测工具,测试网站处理用户的请求量

3. httpd路径

文件/目录 对应的功能
/var/log/httpd/access.log 访问日志
/var/log/httpd/error_log 错误日志
/var/www/html/ 站点文档目录
/usr/lib64/httpd/modules/ 模块文件路径
/etc/httpd/conf/httpd.conf 主配置文件
/etc/httpd/conf.modules.d/*.conf 模块配置文件
/etc/httpd/conf.d/*.conf 辅助配置文件

4. rpm安装httpd

httpd服务可以源码安装或者rpm安装

[root@node1 ~]# dnf -yq install httpd	        //用dnf安装httpd服务
[root@node1 ~]# systemctl status httpd		//服务默认是未开启的
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:httpd.service(8)
[root@node1 ~]# systemctl disable firewalld	//开启服务前关闭防火墙
[root@node1 ~]# getenforce			//关闭selinux
Disabled
[root@node1 ~]# systemctl start httpd	        //开启httpd服务
[root@node1 ~]# systemctl enable httpd	        //设置httpd服务开机自启
[root@node1 ~]# systemctl status httpd	        //查看服务是否开启成功
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2022-04-14 17:23:59 CST; 4s ago
     Docs: man:httpd.service(8)
 Main PID: 14674 (httpd)
   Status: "Started, listening on: port 80"
    Tasks: 213 (limit: 11216)
   Memory: 25.1M
   CGroup: /system.slice/httpd.service
           ├─14674 /usr/sbin/httpd -DFOREGROUND
           ├─14675 /usr/sbin/httpd -DFOREGROUND
           ├─14676 /usr/sbin/httpd -DFOREGROUND
           ├─14677 /usr/sbin/httpd -DFOREGROUND
           └─14678 /usr/sbin/httpd -DFOREGROUND


用浏览器输入IP地址打开httpd的测试页面

httpd服务_第1张图片

4.1 上传网站

[root@node1 ~]# ls /var/log/httpd/      //httpd的日志文件
access_log  error_log
[root@node1 ~]# ls			//下载好网站的源码包
anaconda-ks.cfg  html5大气医院网站源码.zip
[root@node1 ~]# dnf -yq install unzip	//安装解压工具

Installed:
  unzip-6.0-45.el8.x86_64                                                                           
[root@node1 ~]# unzip html5大气医院网站源码.zip	  //解压
[root@node1 ~]# cp -r html5大气医院网站源码/* /var/www/html/
[root@node1 ~]# ls /var/www/html/		  //复制到httpd服务的html目录
chuzhen.html  index.html    js            keshiys.html    news.html      rongyu.html  zhuanjia.html
css           jianjie.html  keshi.html    kexue.html      newslist.html  uploadfiles
images        jiuzhen.html  keshimx.html  kexuelist.html  pic            ys.html

网站源码版本过低,出现了一些乱码,不过网站源码已经上传成功
httpd服务_第2张图片


#还可以使用curl下载网站上传
[root@node1 ~]# cd /var/www/html/
[root@node1 html]# 
[root@node1 html]# ls
chuzhen.html  index.html    js            keshiys.html    news.html      rongyu.html  zhuanjia.html
css           jianjie.html  keshi.html    kexue.html      newslist.html  uploadfiles
images        jiuzhen.html  keshimx.html  kexuelist.html  pic            ys.html
[root@node1 html]# 
[root@node1 html]# rm -rf * 
[root@node1 html]# curl -o index.html http://www.baidu.com
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2381  100  2381    0     0   9264      0 --:--:-- --:--:-- --:--:--  9264
[root@node1 html]# ls
index.html

httpd服务_第3张图片


5. 源码安装httpd

httpd依赖于apr,apr-util

在apache官网下载所需的包(https://apache.org/ )

https://downloads.apache.org/apr/apr-1.7.0.tar.gz
https://downloads.apache.org/apr/apr-util-1.6.1.tar.gz
https://downloads.apache.org/httpd/httpd-2.4.53.tar.gz

# 安装包已下好
[root@node1 ~]# ls
anaconda-ks.cfg  apr-1.7.0.tar.gz  apr-util-1.6.1.tar.gz  httpd-2.4.53.tar.gz
# 安装开发环境
[root@node1 ~]# dnf -y groups mark install "Development Tools"
[root@node1 ~]# dnf -y install gcc gcc-c++ openssl-devel pcre-devel expat-devel
# 编译安装apr
[root@node1 ~]# useradd -r -M -s /sbin/nologin apache	//创建用户和组
[root@node1 ~]# id apache
uid=994(apache) gid=991(apache) groups=991(apache)
[root@node1 ~]# grep apache /etc/group
apache:x:991:
[root@node1 ~]# tar xf apr-1.7.0.tar.gz 	//解压压缩包
[root@node1 ~]# tar xf apr-util-1.6.1.tar.gz 
[root@node1 ~]# tar xf httpd-2.4.53.tar.gz 
[root@node1 ~]# ls
anaconda-ks.cfg  apr-1.7.0.tar.gz  apr-util-1.6.1.tar.gz  httpd-2.4.53.tar.gz
apr-1.7.0        apr-util-1.6.1    httpd-2.4.53
[root@node1 ~]# cd apr-1.7.0
[root@node1 apr-1.7.0]# vim configure
    cfgfile=${ofile}T
    trap "$RM \"$cfgfile\"; exit 1" 1 2 15
#   $RM "$cfgfile"			        //注释此行
[root@node1 apr-1.7.0]# ./configure --prefix=/usr/local/apr
[root@node1 apr-1.7.0]# make && make install	//编译安装
# 编译安装apr-util
[root@node1 apr-1.7.0]# cd /root/apr-util-1.6.1
[root@node1 apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr	
[root@node1 apr-util-1.6.1]# make && make install
# 编译安装httpd
[root@node1 apr-util-1.6.1]# cd /root/httpd-2.4.53
[root@node1 httpd-2.4.53]# ./configure --prefix=/usr/local/apache \
--enable-so \			        //开启so共享对象功能
--enable-ssl \				//开启ssl
--enable-cgi \
--enable-rewrite \
--with-zlib \
--with-pcre \
--with-apr=/usr/local/apr \		//apr的位置
--with-apr-util=/usr/local/apr-util/ \
--enable-modules=most \			//开启多模块模式
--enable-mpms-shared=all \		//mpms共享对象是所有人
--with-mpm=prefork			//工作模型是prefork
[root@node1 httpd-2.4.53]# make && make install
[root@node1 httpd-2.4.53]# ls /usr/local/
apache  apr  apr-util  bin  etc  games  include  lib  lib64  libexec  sbin  share  src
# 设置环境变量
[root@node1 ~]# cd /usr/local/apache/ 
[root@node1 apache]# ls
bin  build  cgi-bin  conf  error  htdocs  icons  include  logs  man  manual  modules 
[root@node1 apache]# echo 'export PATH=/usr/local/apache/bin:$PATH' > /etc/profile.d/apache.sh
[root@node1 apache]# source /etc/profile.d/apache.sh	//重新读取文件 
[root@node1 apache]# which httpd
/usr/local/apache/bin/httpd

# 设置映射关系
[root@node1 apache]# ln -s /usr/local/apache/include/ /usr/include/apache

# 设置man文档
[root@node1 apache]# vim /etc/man_db.conf
MANDATORY_MANPATH                       /usr/man
MANDATORY_MANPATH                       /usr/share/man
MANDATORY_MANPATH                       /usr/local/share/man
MANDATORY_MANPATH                       /usr/local/apache/man        //加入此行

#解决这个警告信息需要在/usr/local/apache/conf/httpd.conf文件中将#ServerName www.example.com:80取消注释
[root@node1 apache]# apachectl start	//开启httpd服务
AH00558: httpd: Could not reliably determine the server fully 
qualified domain name, using fe80::20c:29ff:fe39:9951%ens160. 
Set the 'ServerName' directive globally to suppress this message    //警告信息,可以无视
[root@node1 apache]# ss -antl		   //80端口号已开启
State      Recv-Q     Send-Q         Local Address:Port           Peer Address:Port     Process     
LISTEN     0          128                  0.0.0.0:22                  0.0.0.0:*                    
LISTEN     0          128                     [::]:22                     [::]:*                    
LISTEN     0          128                        *:80                        *:*                    

在浏览器输入IP地址后可以访问这个页面就说明httpd服务正常

httpd服务_第4张图片


5.1 服务控制

# 目前无法使用systemctl命令控制服务,可以设置服务控制
[root@node1 ~]# cd /usr/lib/systemd/system
[root@node1 system]# ls sshd.service 
sshd.service
[root@node1 system]# cp sshd.service httpd.service
[root@node1 system]# vim httpd.service 
[root@node1 system]# cat httpd.service 
[Unit]
Description=httpd server daemon
After=network.target sshd-keygen.target

[Service]
Type=forking
#EnvironmentFile=-/etc/crypto-policies/back-ends/opensshserver.config
#EnvironmentFile=-/etc/sysconfig/sshd
ExecStart=/usr/local/apache/bin/apachectl start
ExecStop=/usr/local/apache/bin/apachectl stop
ExecReload=/bin/kill -HUP $MAINPID
#KillMode=process
#Restart=on-failure
#RestartSec=42s

[Install]
WantedBy=multi-user.target

[root@node1 apache]# apachectl stop		//先用apachectl停止httpd服务
[root@node1 system]# daemon-reload		//重新加载守护进程
[root@node1 system]# systemctl start httpd 	//开启httpd服务
[root@node1 system]# systemctl status httpd
● httpd.service - httpd server daemon
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: active (running) since Sun 2022-04-17 12:24:55 CST; 13s ago
  Process: 77572 ExecStart=/usr/local/apache/bin/apachectl start (code=exited, status=0/SUCCESS)
 Main PID: 77575 (httpd)
    Tasks: 6 (limit: 11216)
   Memory: 4.3M
   CGroup: /system.slice/httpd.service
           ├─77575 /usr/local/apache/bin/httpd -k start
           ├─77576 /usr/local/apache/bin/httpd -k start
           ├─77577 /usr/local/apache/bin/httpd -k start
           ├─77578 /usr/local/apache/bin/httpd -k start
           ├─77579 /usr/local/apache/bin/httpd -k start
           └─77580 /usr/local/apache/bin/httpd -k start

Apr 17 12:24:55 node1 systemd[1]: Starting httpd server daemon...
Apr 17 12:24:55 node1 systemd[1]: Started httpd server daemon.

5.2 虚拟主机

在同一台主机中运行多个网站服务需要配置虚拟主机

虚拟主机有三类:

  • 相同IP不同端口
  • 不同IP相同端口
  • 相同IP相同端口不同域名

相同IP不同端口:

[root@node1 ~]# mkdir /usr/local/apache/htdocs/test.example.com	//创建网站目录
[root@node1 ~]# ls /usr/local/apache/htdocs/
index.html  test.example.com
[root@node1 ~]# cd /usr/local/apache/htdocs/test.example.com/
[root@node1 test.example.com]# echo 'test page' > index.html	//创建测试网页文件
[root@node1 test.example.com]# ls
index.html
[root@node1 test.example.com]# cd ..
[root@node1 htdocs]# mkdir blog.example.com
[root@node1 htdocs]# cd blog.example.com
[root@node1 blog.example.com]# echo 'blog page' > index.html
[root@node1 blog.example.com]# cd
[root@node1 ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf	//配置虚拟主机
<VirtualHost *:80>
#   ServerAdmin [email protected]
    DocumentRoot "/usr/local/apache/htdocs/test.example.com"   	//服务地址
    ServerName test.example.com									//服务名称
#   ServerAlias www.dummy-host.example.com
    ErrorLog "logs/test.example.com-error_log"				//错误日志位置
    CustomLog "logs/test.example.com-access_log" common			//正常日志位置
</VirtualHost>
Listen 81			//监听81端口号
<VirtualHost *:81>
    DocumentRoot "/usr/local/apache/htdocs/blog.example.com"
    ServerName blog.example.com
    ErrorLog "logs/blog.example.com-error_log"
    CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>

[root@node1 ~]# vim /usr/local/apache/conf/httpd.conf 
# Virtual hosts
Include conf/extra/httpd-vhosts.conf		//取消此行注释
[root@node1 ~]# systemctl restart httpd		//重启服务
[root@node1 ~]# ss -anlt			//查看端口号
State      Recv-Q     Send-Q         Local Address:Port           Peer Address:Port     Process     
LISTEN     0          128                  0.0.0.0:22                  0.0.0.0:*                    
LISTEN     0          128                     [::]:22                     [::]:*                    
LISTEN     0          128                        *:80                        *:*                    
LISTEN     0          128                        *:81                        *:*                    

httpd服务_第5张图片

httpd服务_第6张图片


不同IP相同端口:

[root@node1 ~]# ip addr add 192.168.10.104/24 dev ens160	//新增临时IP地址
[root@node1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:39:99:51 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.102/24 brd 192.168.10.255 scope global noprefixroute ens160
       valid_lft forever preferred_lft forever
    inet 192.168.10.104/24 scope global secondary ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe39:9951/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

[root@node1 ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf 	//修改虚拟主机配置文件
<VirtualHost 192.168.10.102:80>
#   ServerAdmin [email protected]
    DocumentRoot "/usr/local/apache/htdocs/test.example.com"
    ServerName test.example.com
#   ServerAlias www.dummy-host.example.com
    ErrorLog "logs/test.example.com-error_log"
    CustomLog "logs/test.example.com-access_log" common
</VirtualHost>
<VirtualHost 192.168.10.104:80>
    DocumentRoot "/usr/local/apache/htdocs/blog.example.com"
    ServerName blog.example.com
    ErrorLog "logs/blog.example.com-error_log"
    CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>
[root@node1 ~]# systemctl restart httpd		//重启服务

httpd服务_第7张图片

httpd服务_第8张图片


相同IP相同端口不同域名:

[root@node1 ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf	//修改虚拟主机配置文件
<VirtualHost *:80>
#   ServerAdmin [email protected]
    DocumentRoot "/usr/local/apache/htdocs/test.example.com"
    ServerName test.example.com
#   ServerAlias www.dummy-host.example.com
    ErrorLog "logs/test.example.com-error_log"
    CustomLog "logs/test.example.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/blog.example.com"
    ServerName blog.example.com
    ErrorLog "logs/blog.example.com-error_log"
    CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>

# 设置hosts以便用域名访问
Linux目录位置 /etc/hosts				Windows目录位置 C:\Windows\System32\drivers\etc\hosts
编辑文件加入此行:192.168.10.102 test.example.com	blog.example.com

httpd服务_第9张图片

httpd服务_第10张图片


5.3 访问控制

访问控制法则:

法则 功能
Require all granted 允许所有主机访问
Require all deny 拒绝所有主机访问
Require ip IPADDR 授权指定来源地址的主机访问
Require not ip IPADDR 拒绝指定来源地址的主机访问
Require host HOSTNAME 授权指定来源主机名的主机访问
Require not host HOSTNAME 拒绝指定来源主机名的主机访问

注意:httpd-2.4版本默认是拒绝所有主机访问的,所以安装以后必须做显示授权访问

[root@node1 ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
#   ServerAdmin [email protected]
    DocumentRoot "/usr/local/apache/htdocs/test.example.com"
    ServerName test.example.com
#   ServerAlias www.dummy-host.example.com
    ErrorLog "logs/test.example.com-error_log"
    CustomLog "logs/test.example.com-access_log" common
    <Directory "/usr/local/apache/htdocs/test.example.com">
        <RequireAll>
                require not ip 192.168.10.1	//拒绝192.168.10.1访问
                require all granted		//允许所有人访问
        </RequireAll>
    </Directory>
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/blog.example.com"
    ServerName blog.example.com
    ErrorLog "logs/blog.example.com-error_log"
    CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>
[root@node1 ~]# systemctl restart httpd

192.168.10.1无权访问test,但是可以访问blog

httpd服务_第11张图片

httpd服务_第12张图片


6. 生成证书

配置https步骤:

  • 生成证书
[root@node1 ~]# vim /usr/local/apache/conf/httpd.conf	//启用模块
LoadModule ssl_module modules/mod_ssl.so		//取消此行注释
# openssl实现私有CA
[root@node1 ~]# mkdir /etc/pki/CA       
[root@node1 ~]# cd /etc/pki/CA/
[root@node1 CA]# mkdir private
[root@node1 CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)	//生成密钥
[root@node1 CA]# ls private/
cakey.pem
[root@node1 CA]# openssl rsa -in private/cakey.pem -pubout		//查看公钥
[root@node1 CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365	//生成自签署证书
[root@node1 CA]# mkdir certs newcerts crl
[root@node1 CA]# touch index.txt && echo 01 > serial
[root@node1 CA]# cd /usr/local/apache && mkdir ssl && cd ssl
[root@node1 ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
[root@node1 ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr    //生成证书签署请求
[root@node1 ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
[root@node1 ssl]# ls
httpd.crt  httpd.csr  httpd.key

  • 配置httpd.conf,取消以下内容的注释
[root@node1 ~]# vim /usr/local/apache/conf/httpd.conf
Include conf/extra/httpd-ssl.conf		//取消这两行注释
......
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so



  • 在httpd-vhosts.conf中配置虚拟主机
# 在httpd-vhosts.conf文件中删除或者注释此行:
require not ip 192.168.10.1

  • 在httpd-ssl.conf中配置证书的位置
[root@node1 ~]# vim /usr/local/apache/conf/extra/httpd-ssl.conf
......
#   General setup for the virtual host
DocumentRoot "/usr/local/apache/htdocs/test.example.com"
ServerName test.example.com:443
ServerAdmin [email protected]
ErrorLog "/usr/local/apache/logs/error_log"
TransferLog "/usr/local/apache/logs/access_log"
......
SSLCertificateFile "/usr/local/apache/ssl/httpd.crt"
......
SSLCertificateKeyFile "/usr/local/apache/ssl/httpd.key"

  • 检查配置文件是否有语法错误
[root@node1 ~]# httpd -t
Syntax OK

  • 启动或重启服务
[root@node1 ~]# systemctl restart httpd	

测试结果
httpd服务_第13张图片

httpd服务_第14张图片

你可能感兴趣的:(Linux,linux,系统架构)