源码编译安装httpd-2.4.39
#下载源代码并解压缩:
httpd-2.4.39.tar.bz2
apr-1.7.0.tar.bz2
apr-util-1.6.1.tar.bz2
#安装编译依赖包
[root@Centos7 ~]# yum install -y gcc pcre-devel openssl-devel expat-devel
#编译准备
[root@Centos7 ~]# ls *.bz2 | xargs -n1 tar xf
[root@Centos7 ~]# mv apr-1.7.0 httpd-2.4.39/srclib/apr
[root@Centos7 ~]# mv apr-util-1.6.1 httpd-2.4.39/srclib/apr-util
[root@Centos7 ~]# cd httpd-2.4.39/
[root@Centos7 ~]# useradd -r -s /sbin/nologin apache
#开始编译安装
[root@Centos7 httpd-2.4.39]# ./configure \
--prefix=/app/httpd24 \
--enable-so \
--enable-ssl \
--enable-cgi \
--enable-rewrite \
--with-zlib \
--with-pcre \
--with-included-apr \
--enable-modules=most \
--enable-mpms-shared=all \
--with-mpm=prefork
[root@Centos7 httpd-2.4.39]# make && make install
#修改配置文件
[root@Centos7 httpd-2.4.39]# sed -r -i 's/User daemon/User apache/' /app/httpd24/conf/httpd.conf
[root@Centos7 httpd-2.4.39]# sed -r -i 's/Group daemon/Group apache/p' /app/httpd24/conf/httpd.conf
#添加环境变量
[root@Centos7 httpd-2.4.39]# echo 'PATH=/app/http24/bin:$PATH' > /etc/profile.d/httpd24.sh
[root@Centos7 httpd-2.4.39]# . /etc/profile.d/httpd24.sh
#添加一个服务启动文件
[root@Centos7 httpd-2.4.39]# vim /usr/lib/systemd/system/httpd24.service
[Unit]
Description=The Apache HTTP Server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
Environment=APACHE_STARTED_BY_SYSTEMD=true
ExecStart=/app/httpd24/bin/apachectl start
ExecStop=/app/httpd24/bin/apachectl stop
ExecReload=/app/httpd24/bin/apachectl graceful
PrivateTmp=true
Restart=on-abort
[Install]
WantedBy=multi-user.target
#启动测试
[root@Centos7 ~]# systemctl start httpd24
实现basic用户验证
[root@Centos7 ~]# yum install httpd -y
#创建用户
[root@Centos7 ~]# cd /etc/httpd/conf.d/
[root@Centos7 conf.d]# htpasswd -c .httpuser bob
New password:
Re-type new password:
Adding password for user bob
[root@Centos7 conf.d]# htpasswd .httpuser alice
New password:
Re-type new password:
Adding password for user alice
#配置验证
[root@Centos7 conf.d]# vim test.conf
servertokens prod #精简显示的信息
<directory "/var/www/html/admin">
authtype basic
authname "admin page"
authuserfile "/etc/httpd/conf.d/.httpuser"
require user alice #仅限alice
#require valid-user #去掉注释就是httpuser文件里的都可以登录
</directory>
[root@Centos7 conf.d]# mkdir /var/www/html/admin
[root@Centos7 conf.d]# touch /var/www/html/admin/abc
#重启服务
[root@Centos7 conf.d]# systemctl restart httpd
实现家目录的共享
#再创建两个用户
root@Centos7 conf.d]# htpasswd .httpuser rose
New password:
Re-type new password:
Adding password for user rose
[root@Centos7 conf.d]# htpasswd .httpuser jack
New password:
Re-type new password:
htpasswd: password verification error
[root@Centos7 conf.d]# htpasswd .httpuser jack
New password:
Re-type new password:
Adding password for user jack
#创建分组
[root@Centos7 conf.d]# vim .httpgroup
g1: bob alice
g2: rose jack
#共享家目录
[root@Centos7 conf.d]# vim /var/www/html/.htaccess
authtype basic
authname "admin page"
#authuserfile "/etc/httpd/conf.d/.httpuser"
authgroupfile "/etc/httpd/conf.d/.httpgroup"
require group g2
#require valid-user
[root@Centos7 conf.d]# vim userdir.conf
<IfModule mod_userdir.c>
UserDir public_html
</IfModule>
#<Directory "/home/*/public_html">
# AllowOverride FileInfo AuthConfig Limit Indexes
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
# Require method GET POST OPTIONS
#</Directory>
<Directory "/home/liangjc/public_html">
AuthType Basic
AuthName "liangjc_home"
AuthUserFile "/etc/httpd/conf.d/.httpuser"
#Require valid-user
AuthGroupFile "/etc/httpd/conf.d/.httpgroup"
Require group g2
</Directory>
#家目录创建相应文件夹和文件
[root@Centos7 conf.d]# mkdir /home/liangjc/public_html
[root@Centos7 conf.d]# echo welcome > /home/liangjc/public_html/index.html
[root@Centos7 conf.d]# setfacl -m u:apache:x /home/liangjc/
#重新加载配置文件
[root@Centos7 conf.d]# systemctl reload httpd 或者 apachectl graceful
#测试
http://192.168.37.7/~liangjc/
实现状态页面
#仅允许特定ip访问status页面
<Location "/status">
SetHandler server-status
<requireany>
require all denied
require ip 192.168.37.0/24
</requireany>
</Location>
基于IP的多虚拟主机
#添加3个IP模拟
[root@Centos7 conf.d]# ip addr add 192.168.37.101/24 dev eth0
[root@Centos7 conf.d]# ip addr add 192.168.37.102/24 dev eth0
[root@Centos7 conf.d]# ip addr add 192.168.37.103/24 dev eth0
#创建目录和网页文件
[root@Centos7 conf.d]# cd /data
[root@Centos7 data]# mkdir {a,b,c}site
[root@Centos7 data]# echo a.com > asite/index.html
[root@Centos7 data]# echo b.com > bsite/index.html
[root@Centos7 data]# echo c.com > csite/index.html
#修改配置文件
[root@Centos7 data]# vim /etc/httpd/conf.d/test.conf
<virtualhost 192.168.37.101:80>
documentroot "/data/asite"
customlog "logs/asite_access_log" combined
<directory "/data/asite">
require all granted
</directory>
</virtualhost>
<virtualhost 192.168.37.102:80>
documentroot "/data/bsite"
customlog "logs/bsite_access_log" combined
<directory "/data/bsite">
require all granted
</directory>
</virtualhost>
<virtualhost 192.168.37.103:80>
documentroot "/data/csite"
customlog "logs/csite_access_log" combined
<directory "/data/csite">
require all granted
</directory>
</virtualhost>
[root@Centos7 data]# apachectl graceful
#客户端测试
[root@Centos7 html]#vim /etc/hosts
192.168.37.101 a.com
192.168.37.102 b.com
192.168.37.103 c.com
[root@Centos7 html]#curl 192.168.37.101
a.com
[root@Centos7 html]#curl 192.168.37.102
b.com
[root@Centos7 html]#curl 192.168.37.103
c.com
基于port的多虚拟主机
#修改配置文件
[root@Centos7 data]# vim /etc/httpd/conf.d/test.conf
listen 81
listen 82
listen 83
<virtualhost *:81>
documentroot "/data/asite"
customlog "logs/asite_access_log" combined
<directory "/data/asite">
require all granted
</directory>
</virtualhost>
<virtualhost *:82>
documentroot "/data/bsite"
customlog "logs/bsite_access_log" combined
<directory "/data/bsite">
require all granted
</directory>
</virtualhost>
<virtualhost *:83>
documentroot "/data/csite"
customlog "logs/csite_access_log" combined
<directory "/data/csite">
require all granted
</directory>
</virtualhost>
[root@Centos7 data]# apachectl graceful
#客户端测试
[root@Centos7 html]#curl 192.168.37.7:81
a.com
[root@Centos7 html]#curl 192.168.37.7:82
b.com
[root@Centos7 html]#curl 192.168.37.7:83
c.com
基于主机头的多虚拟主机
#修改配置文件
[root@Centos7 data]# vim /etc/httpd/conf.d/test.conf
<virtualhost *:80>
documentroot "/data/asite"
servername a.com
customlog "logs/asite_access_log" combined
<directory "/data/asite">
require all granted
</directory>
</virtualhost>
<virtualhost *:80>
documentroot "/data/bsite"
servername b.com
customlog "logs/bsite_access_log" combined
<directory "/data/bsite">
require all granted
</directory>
</virtualhost>
<virtualhost *:80>
documentroot "/data/csite"
servername c.com
customlog "logs/csite_access_log" combined
<directory "/data/csite">
require all granted
</directory>
</virtualhost>
[root@Centos7 data]# apachectl graceful
#客户端测试
[root@Centos7 html]#vim /etc/hosts
192.168.37.7 a.com b.com c.com
[root@Centos7 html]#curl a.com
a.com
[root@Centos7 html]#curl b.com
b.com
[root@Centos7 html]#curl c.com
c.com
压缩
#网站开启压缩
#修改配置文件
[root@Centos7 data]# vim /etc/httpd/conf.d/test.conf
<virtualhost *:80>
documentroot "/data/asite"
servername a.com
customlog "logs/asite_access_log" combined
<directory "/data/asite">
require all granted
</directory>
#开启压缩
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
DeflateCompressionLevel 9
</virtualhost>
[root@Centos7 data]# apachectl graceful
[root@Centos7 data]# cp /var/log/httpd/error_log asite/m.txt
#客户端测试
[root@Centos7 html]#curl -I 192.168.37.7/m.txt
HTTP/1.1 200 OK
Date: Fri, 03 Apr 2020 10:26:39 GMT
Server: Apache
Last-Modified: Fri, 03 Apr 2020 10:23:27 GMT
ETag: "899c-5a2604ee1f20b"
Accept-Ranges: bytes
Content-Length: 35228
Vary: Accept-Encoding
Content-Type: text/plain; charset=UTF-8
[root@Centos7 html]#curl -I --compress 192.168.37.7/m.txt
HTTP/1.1 200 OK
Date: Fri, 03 Apr 2020 10:26:43 GMT
Server: Apache
Last-Modified: Fri, 03 Apr 2020 10:23:27 GMT
ETag: "899c-5a2604ee1f20b-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3491
Content-Type: text/plain; charset=UTF-8
实现https 安全网站
#安装ssl模块
[root@Centos7 data]# yum install -y mod_ssl
[root@Centos7 data]# systemctl restart httpd
/etc/httpd/conf.d/ssl.conf #ssl配置文件
openssl x509 -in /etc/pki/tls/certs/localhost.crt -noout -text #查看证书
#测试
curl -kL https://192.168.37.7
利用私有CA,实现HTTPS
#1台服务器即当CA,又当http_server
#建立CA
[root@Centos7 data]# cd /etc/pki/CA/
[root@Centos7 CA]# (umask 077;openssl genrsa -out private/cakey.pem 4096)
[root@Centos7 CA]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3650 <<EOF
CN
GD
GZ
magedu
devops
ca.magedu.com
admin@magedu.com
EOF
[root@Centos7 CA]# touch index.txt
[root@Centos7 CA]# echo 01 > /etc/pki/CA/serial
#申请证书
[root@Centos7 CA]# mkdir /etc/httpd/conf.d/ssl
[root@Centos7 CA]# cd /etc/httpd/conf.d/ssl
[root@Centos7 ssl]# (umask 066;openssl genrsa -out httpd.key 1024 )
[root@Centos7 ssl]# openssl req -new -key httpd.key -out httpd.csr <<EOF
CN
GD
GZ
magedu
devops
a.com
admin@magedu.com
EOF
[root@Centos7 ssl]# cp httpd.csr /etc/pki/CA/
#颁发证书
[root@Centos7 ssl]# cd -
[root@Centos7 CA]# openssl ca -in httpd.csr -out certs/httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Apr 3 13:50:03 2020 GMT
Not After : Apr 3 13:50:03 2021 GMT
Subject:
countryName = CN
stateOrProvinceName = GD
organizationName = magedu
organizationalUnitName = devops
commonName = a.com
emailAddress = admin@magedu.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
52:A6:B1:68:67:64:3C:6F:80:E9:0D:46:88:13:46:37:B9:F1:45:E6
X509v3 Authority Key Identifier:
keyid:04:BC:EA:1A:F9:D6:CC:A2:E2:B0:DE:A9:B9:08:A4:1D:6B:C6:3C:99
Certificate is to be certified until Apr 3 13:50:03 2021 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@Centos7 CA]# cp cacert.pem certs/httpd.crt /etc/httpd/conf.d/ssl
#更改http的ssl配置文件
[root@Centos7 CA]# vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/httpd/conf.d/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/conf.d/ssl/httpd.key
SSLCACertificateFile /etc/httpd/conf.d/ssl/cacert.pem
[root@Centos7 CA]# apachectl graceful
#客户端测试
[root@Centos7 ~]# curl --cacert cacert.pem https://a.com
[root@Centos7 ~]# openssl s_client -connect a.com:443 #可以查看到证书内容
实现http到https的重定向
#基于虚拟主机的https跳转
[root@Centos7 ~]# vim /etc/httpd/conf/httpd.conf
#DocumentRoot "/var/www/html" #把它注释掉
[root@Centos7 ~]# vim /etc/httpd/conf.d/test.conf
<virtualhost *:80>
servername a.com
customlog "logs/asite_access_log" combined
errorlog "logs/asite_error_log"
redirect permanent / https://b.com/
</virtualhost>
<virtualhost *:443>
servername a.com
customlog "logs/asite_access_log" combined
errorlog "logs/asite_error_log"
redirect permanent / https://b.com/
</virtualhost>
<virtualhost *:443>
documentroot "/data/bsite"
servername b.com
customlog "logs/bsite_access_log" combined
errorlog "logs/bsite_error_log"
<Directory "/data/bsite">
Require all granted
Options Indexes FollowSymLinks
</Directory>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
DeflateCompressionLevel 9
</virtualhost>
网友评论