httpd 2.4 版本需要依赖于apr 1.4版本
httpd 依赖于 apr,apr-util
其安装又先后顺序之分:
1、apr
2、apr-util
3、httpd
[root@localhost httpd]# rpm -q httpd
httpd-2.2.15-39.el6.centos.x86_64
[root@localhost httpd]# service httpd stop
Stopping httpd: [FAILED]
[root@localhost httpd]# chkconfig httpd off
[root@localhost httpd]# chkconfig --list httpd
httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@localhost httpd]#
首先安装开发环境:
Development tools
Server Platform Development
[root@1inux httpd]# yum -y groupinstall "Development tools" "Server Platform Development"
二、编译安装apr
[root@1inux httpd]# tar xf apr-1.5.0.tar.bz2
[root@1inux httpd]# ls
apr-1.5.0 apr-1.5.0.tar.bz2 apr-util-1.5.3.tar.bz2 httpd-2.4.10.tar.bz2
[root@1inux httpd]# cd apr-1.5.0
[root@localhost apr-1.5.0]# ./configure --prefix=/usr/local/apr //安装在/usr/local/apr目录下
[root@localhost apr-1.5.0]# make && make install
三、编译安装apr-util
[root@localhost httpd]# tar -xf apr-util-1.5.3.tar.bz2
[root@localhost httpd]# cd apr-util-1.5.3
[root@localhost apr-util-1.5.3]# ./configure --help //可以获取安装帮助
[root@localhost apr-util-1.5.3]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
//--prefix=/usr/local/apr-util 表示安装路径
//--with-apr 依赖于刚才安装的apr安装路径
[root@localhost apr-util-1.5.3]# make && make install
三、编译安装httpd
+++++++++++++++++++++++++++++++++++++++++++++++++++
注:编译安装Apache 默认使用的是daemon用户也可以在编译时指定,但前提需手工创建指定的用户
# groupadd -r apache
# useradd -r -g apache apahce
[root@localhost httpd]# grep "^apache\b" /etc/passwd
apache:x:48:48:Apache:/var/www:/sbin/nologin
[root@localhost httpd]# grep "^apache\b" /etc/gshadow
apache:!::
[root@localhost httpd]#
------------------
[root@localhost httpd]# tar -xf httpd-2.4.10.tar.bz2
[root@localhost httpd]# cd httpd-2.4.10
[root@localhost httpd-2.4.10]#
[root@localhost httpd-2.4.10]# less INSTALL //获取安装帮助信息
[root@localhost httpd-2.4.10]# ./configure --help
--------------------------------------------
--enable-http //启用对http协议的支持
--enable-ssl //启用支持ssl
--enable-so //支持模块装卸载
--enable-cache //启用动态文件的缓存功能
--enable-cgi //启动对cgi支持
--enable-rewrite //支持url重写功能
--enable-proxy //支持proxy
--enable-proxy-fcgi //表示对fcgi做代理
--enable-proxy-http //启用对http做代理
--with-apr=PATH //指明apr路径
--with-apr-util=PATH //指明apr-util路径
--enable-modules=MODULE-LIST
Space-separated list of modules to enable | "all" |
"most" | "few" | "none" | "reallyall"
all:表示编译所有模块
most:编译大多数模块
few:编译最常用模块
none:一个模块也不编译
reallyall:接近所有
--enable-mpms-shared //把支持mpm的做成共享模块
--with-mpm=MPM //启用默认哪个MPM {event|worker|prefork|winnt} (winnt只能在Windows上用)
--enable-mods-shared=MODULE-LIST //编译成共享模块
--enable-mods-static=MODULE-LIST //编译成静态模块
--disable-authn-file //禁用基于base的认证方式
--enable-authn-dbm //启用基于dbm的认证
--enable-authn-anon //启用匿名认证
--enable-authn-dbd //基于dbd的认证
[root@localhost httpd-2.4.10]# ./configure --prefix=/usr/local/apache --sysconfdir=/etc/httpd24 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/ --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork
__________________________
安装过程中报错 需要安装下面两个程序
[root@localhost httpd-2.4.10]# yum install pcre-devel zlib-devel
_______________________________
启动Apach
启动Apache之前还需要做两件工作
1、将其二进制文件添加至环境变量中
[root@localhost bin]# vim /etc/profile.d/httpd.sh
export PATH=/usr/local/apache/bin:$PATH
[root@localhost bin]# . /etc/profile.d/httpd.sh //重读此配置文件
[root@localhost bin]# echo $PATH //验证
/usr/local/apache/bin:/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
[root@localhost bin]# hash -r //清楚所有hash记录
[root@localhost bin]#
2、为头文件添加软连接
[root@localhost apache]# ln -sv /usr/local/apache/include/ /usr/include/httpd
`/usr/include/httpd' -> `/usr/local/apache/include/'
[root@localhost apache]#
3、编辑man配置文件添加Apache man路径
[root@localhost apache]# vim /etc/man.config
添加如下内容:
MANPATH /usr/local/apache/MAN
================================================
OK 上述步骤完成后 就可以启动Apache了
[root@localhost bin]# apachectl start
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
[root@localhost bin]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :::52949 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 127.0.0.1:631 *:*
LISTEN 0 128 ::1:631 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 127.0.0.1:6010 *:*
LISTEN 0 128 ::1:6010 :::*
LISTEN 0 128 127.0.0.1:6011 *:*
LISTEN 0 128 ::1:6011 :::*
LISTEN 0 128 *:37772 *:*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 *:111 *:*
LISTEN 0 128 :::80 :::*
[root@localhost bin]#
===================================================
[root@localhost ~]# cd /usr/local/apache/
[root@localhost apache]# ls -l
total 52
drwxr-xr-x 2 root root 4096 Mar 25 13:06 bin //Apache 二进制文件
drwxr-xr-x 2 root root 4096 Mar 25 13:06 build //保存安装编译时的选项
drwxr-xr-x 2 root root 4096 Mar 25 13:06 cgi-bin //
drwxr-xr-x 3 root root 4096 Mar 25 13:06 error //错误页面文件
drwxr-xr-x 2 root root 4096 Mar 25 12:31 htdocs //Apache 站点目录,网页文件存放位置
drwxr-xr-x 3 root root 4096 Mar 25 13:06 icons //Apache可能会用到的图标
drwxr-xr-x 2 root root 4096 Mar 25 13:06 include // 头文件
drwxr-xr-x 2 root root 4096 Mar 25 13:17 logs //日志文件
drwxr-xr-x 4 root root 4096 Mar 25 13:06 man //帮助手册
drwxr-xr-x 14 root root 12288 Jul 16 2014 manual
drwxr-xr-x 2 root root 4096 Mar 25 13:06 modules //编译安装的模块
[root@localhost apache]#
***************如何更改MPM*******************************************************************
[root@localhost modules]# httpd -M //查看到我们现在使用的是prefork
注意更配置文件之前应该先关闭Apache
[root@localhost httpd24]# apachectl stop
[root@localhost httpd24]# vim httpd.conf
更改配置文件 [root@localhost httpd24]# vim /etc/httpd24/httpd.conf
将LoadModule mpm_prefork_module modules/mod_mpm_prefork.so 更改为
LoadModule mpm_event_module modules/mod_mpm_event.so
[root@localhost httpd24]# apachectl start //启动Apache
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
[root@localhost httpd24]#
再次查看当前MPM
[root@localhost modules]# httpd -M
mpm_event_module (shared)
OK 已经完成
***********************************************************
************更改Apache 2.4 版本的Web目录*******************
***********************************************************
Apache 2.4 和2.2版本相比一大特性就是 在 Main中如果不是定义允许的都将被拒绝
1、首先我们创建一个目录,作为更改后的网站目录使用
[root@localhost httpd24]# mkdir /data/web/htdocs -pv
mkdir: created directory `/data'
mkdir: created directory `/data/web'
mkdir: created directory `/data/web/htdocs'
[root@localhost httpd24]#
创建默认文件
# vim /data/web/htdocs/index.html
<h1> I LOVE LINUX </h1>
2、更改配置文件:/etc/apache24/httpd.conf
注:更改配置文件之前一定要先备份配置文件,以防止造成无法挽回的损失
2.1、将DocumentRoot "/usr/local/apache/htdocs" 更改为如下:
DocumentRoot "/data/web/htdocs"
然后保存 重启Apache服务,访问站点,发现是Forbidden 没有权限访问
2.2、所以在2.4版本中只更改DocumentRoot还不行
还需要更改<Directory>标签将<Directory "/usr/local/apache/htdocs">更改为<Directory "/data/web/htdocs">
然后保存配置文件,重启Apache
这样就可以看到我们刚才定义的主页文件了
3、在2.4版本中基于IP的访问控制法则不在使用Allow、Deny等而更改为如下:
允许所有主机访问:Require all granted
拒绝所有主机访问:Require all deny
控制特定IP访问:
Require ip IPADDR:授权指定来源地址的主机访问
Require not ip IPADDR:拒绝指定来源地址的主机访问
其中IPADDR格式如下:
IPADDR:
IP: 172.16.100.2
Network/mask: 172.16.0.0/255.255.0.0
Network/Length: 172.16.0.0/16
Net: 172.16
控制特定主机(HOSTNAME)访问
Require host HOSTNAME
Require not host HOSTNAME
HOSTNAME:
FQDN: 特定主机
DOMAIN:指定域内的所有主机
4、虚拟主机的实现
基于IP、Port和FQDN都支持;
基于FQDN的不再需要NameVirtualHost指令
4.1、注释掉配置文件中的DocumentRoot
4.2、在配置文件中找到如下,并启用之
Include /etc/httpd24/extra/httpd-vhosts.conf
4.3、然后编辑httpd-vhosts.conf
__________________
[root@localhost modules]# mkdir -pv /data/{a.com,b.com}/htdocs //创建目录
mkdir: created directory `/data/a.com'
mkdir: created directory `/data/a.com/htdocs'
mkdir: created directory `/data/b.com'
mkdir: created directory `/data/b.com/htdocs'
[root@localhost modules]# echo "<h1>www.a.com</h1>" >> /data/a.com/htdocs/index.html //创建主页
[root@localhost modules]# echo "<h1>www.b.com</h1>" >> /data/b.com/htdocs/index.html
[root@localhost modules]#
___________________
<VirtualHost *:80>
ServerAdmin www.a.com
DocumentRoot "/data/a.com/htdocs"
ServerName www.a.com
ServerAlias a.com
ErrorLog "logs/a.com-error_log"
CustomLog "logs/a.com-access_log" combined
<Directory "/data/a.com/htdocs">
AllowOverride None
Options None
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerAdmin www.b.com
DocumentRoot "/data/b.com/htdocs"
ServerName b.com
ErrorLog "logs/b.com-error_log"
CustomLog "logs/b.com-access_log" common
<Directory "/data/b.com/htdocs">
AllowOverride None
Options None
Require all granted
</Directory>
</VirtualHost>
注:为了使日志更加详细,也可以将common更改为combined
4.4、修改完成后 ,重读配置文件
[root@localhost httpd24]# killall -SIGHUP httpd //重读配置文件
[root@localhost httpd24]# httpd -S //查看虚拟主机信息
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:80 is a NameVirtualHost
default server www.a.com (/etc/httpd24/extra/httpd-vhosts.conf:23)
port 80 namevhost www.a.com (/etc/httpd24/extra/httpd-vhosts.conf:23)
alias a.com
port 80 namevhost b.com (/etc/httpd24/extra/httpd-vhosts.conf:32)
ServerRoot: "/usr/local/apache"
Main DocumentRoot: "/usr/local/apache/htdocs"
Main ErrorLog: "/usr/local/apache/logs/error_log"
Mutex default: dir="/usr/local/apache/logs/" mechanism=default
PidFile: "/usr/local/apache/logs/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="daemon" id=2
Group: name="daemon" id=2
[root@localhost httpd24]#
5、ssl的配置
启用模块:
LoadModule ssl_module modules/mod_ssl.so
Include /etc/httpd24/extra/httpd-ssl.conf
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
# vim /etc/httpd24/extra/httpd-ssl.conf
DocumentRoot "/data/web/htdocs"
ServerName www.a.com:443
ServerAdmin [email protected]
ErrorLog "/usr/local/apache/logs/a.com.443error_log"
TransferLog "/usr/local/apache/logs/a.com.443access_log"
<Directory "/data/web/htdocs">
AllowOverride None
Options None
Require all granted
</Directory>
==========================================
CA 创建
[root@1inux CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
........................................................................................+++
.......................+++
e is 65537 (0x10001)
[root@1inux CA]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 10000
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HN
Locality Name (eg, city) [Default City]:ZZ
Organization Name (eg, company) [Default Company Ltd]:FREELOVE
Organizational Unit Name (eg, section) []:OPS
Common Name (eg, your name or your server's hostname) []:www.freelove.com
Email Address []:[email protected]
2、 生成自签证书
[root@localhost ssl]# (umask 077;openssl genrsa -out httpd.key 1024)
Generating RSA private key, 1024 bit long modulus
............................................++++++
....++++++
e is 65537 (0x10001)
[root@localhost ssl]# openssl req -new -key httpd.key -out httpd.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HN
Locality Name (eg, city) [Default City]:ZZ
Organization Name (eg, company) [Default Company Ltd]:FREELOVE
Organizational Unit Name (eg, section) []:OPS
Common Name (eg, your name or your server's hostname) []:www.a.com
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@localhost ssl]# ls
httpd.csr httpd.key
[root@localhost ssl]# scp httpd.csr [email protected]:/tmp
The authenticity of host '172.16.66.81 (172.16.66.81)' can't be established.
RSA key fingerprint is d6:3b:33:71:32:69:7a:dd:47:c2:49:03:ec:03:a1:5e.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added '172.16.66.81' (RSA) to the list of known hosts.
[email protected]'s password:
httpd.csr 100% 672 0.7KB/s 00:00
[root@localhost ssl]#
--------------------------
3、签发:
--------------------------------
[root@1inux tmp]# openssl ca -in httpd.csr -out httpd.crt -days 3650
Using configuration from /etc/pki/tls/openssl.cnf
/etc/pki/CA/index.txt: No such file or directory
unable to open '/etc/pki/CA/index.txt'
140020295247688:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/pki/CA/index.txt','r')
140020295247688:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
[root@1inux tmp]# touch /etc/pki/CA/index.txt
[root@1inux tmp]# openssl ca -in httpd.csr -out httpd.crt -days 3650
Using configuration from /etc/pki/tls/openssl.cnf
/etc/pki/CA/serial: No such file or directory
error while loading serial number
140189682972488:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/pki/CA/serial','r')
140189682972488:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
[root@1inux tmp]# echo 01 >> /etc/pki/CA/serial
[root@1inux tmp]# openssl ca -in httpd.csr -out httpd.crt -days 3650
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Apr 9 00:28:31 2015 GMT
Not After : Apr 6 00:28:31 2025 GMT
Subject:
countryName = CN
stateOrProvinceName = HN
organizationName = FREELOVE
organizationalUnitName = OPS
commonName = www.a.com
emailAddress = [email protected]
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
F5:2E:C1:AE:18:63:58:F9:85:17:7B:29:F2:C4:F2:3C:69:41:C4:21
X509v3 Authority Key Identifier:
keyid:FA:D9:62:94:D7:AF:C9:D9:02:B5:47:29:22:6A:07:B2:F7:29:E3:57
Certificate is to be certified until Apr 6 00:28:31 2025 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@1inux tmp]#
[root@1inux tmp]# scp httpd.crt [email protected]:/etc/httpd24/ssl
[email protected]'s password:
httpd.crt 100% 3810 3.7KB/s 00:00
[root@1inux tmp]#
========
SSLCertificateKeyFile "/etc/httpd24/ssl/httpd.key"
SSLCertificateFile "/etc/httpd24/ssl/httpd.crt"
# killall -SIGHUP httpd //重新加载httpd配置文件
>> 6、 服务脚本
apachectl=/usr/local/apache/bin/apachectl
httpd=${HTTPD-/usr/local/apache/bin/httpd}
pidfile=${PIDFILE-/usr/local/apache/logs/httpd.pid}
[root@localhost init.d]# chkconfig --add httpd24
[root@localhost init.d]# chkconfig --list | grep httpd24
httpd24 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@localhost init.d]# chkconfig httpd24 on
[root@localhost init.d]# chkconfig --list | grep httpd24
httpd24 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@localhost init.d]#
重启:
[root@localhost init.d]# service httpd24 restart
Stopping httpd: [ OK ]
Starting httpd: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
[ OK ]
[root@localhost init.d]#