**httpd-2.4基礎特性及SSL,訪問控制,MPM[DSO],status**
HTTP基本特性
0.9
文本
,method
1.0
非持久
, method,mime
,弱緩存
1.1
持久
2.0 mime, method,
引入spdy優勢
,緩存加強
2.4 較 2.2新特性:
1、 MPM
非編譯為核心
: httpd -M查看2、 event在2.4
生產環境
3、 支持
毫秒級別
的保持連接(KeepAlive Off KeepAliveTimeout 0.01?)4、 虛擬主機直接配置,不需要(#NameVirtualHost *:80)
5、
async IO
(由內核決定什麽時候寫入磁盤: async)6、 每個模塊及每個目錄各自獨立的日誌級別
7、 每請求配置;
8、 增強版的表達式分析器;正則表達式解析速度更快
9、 配置文件中自定義變量
2.4 引入模塊
mod_proxy_fcgi //httpd以cgi協議與php結合 mod_ratelimit //支持速率限制 mod_remoteip //遠端ip地址的控制
2.4 修改配置機制
訪問控制指令變化: Order, Deny from, Allow from --> <RequireAll> Require [not] ip|host Require all granted Require all deny </RequireAll>
安裝httpd-2.4
httpd2.4依賴: apr-1.4+, apr-util-1.4+, [apr-icon]
apr
apache portable[環境] runtime[運行]
不同OS平臺提供的庫接口不同,只有調用POSIX規範的庫才能跨平臺編譯,apr運行環境能將庫的不同的差異給抹除[即使開發調用的庫不支持POSIX規範也能跨平臺運行]
,就能實現不同OS平臺運行httpd程序。
CentOS 6安裝編譯安裝httpd-2.4
CentOS 6默認的apr, apr-util程序的版本:1.3
,需要編譯安裝httpd-2.4。
不建議在CentOS 6上使用httpd-2.4
,對大規模布署
自
己定制RPM包
。開發環境
# yum -y groupinstall "Development Tools" "Server Platform Development"
獲取源碼ASF
apr-1.6.2.tar.bz2
apr-util-1.6.0.tar.gz
httpd-2.4.27.tar.bz2
編譯apr-1.4+
# tar xf apr-1.6.2.tar.bz2 # ./configure --prefix=/usr/local/apr # make && make install (--prefix=安裝路徑,方便卸載,避免覆蓋已有的程序)
編譯apr-util-1.4+
# tar xf apr-util-1.6.0.tar.gz # ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr/ # make && make install (--with-<>=/path/to/somewhere: 針對於哪個包來安裝) xml/apr_xml.c:35:19: error: expat.h: No such file or directory xml/apr_xml.c:66: error: expected specifier-qualifier-list before ‘XML_Parser’ # yum -y install expat-devel **註意如果出現錯誤,需要在安裝程序包後,刪除apr-util-1.6.0目錄,重新編譯
編譯httpd-2.4
確認安裝目錄內的文件位置
# ls /usr/local/httpd24/ bin build cgi-bin error htdocs icons include logs man manual modules
導出PATH環境變量
位置:[全局]
/etc/profile.d/*.sh
, [個人]~/.bash_profile
# vim /etc/profile.d/httpd24.sh export PATH=/usr/local/httpd24/bin:$PATH # . /etc/profile.d/httpd24.sh
導出庫文件
位置:
/etc/ld.so.conf.d/*.conf
# vim /etc/ld.so.conf.d/httpd24.conf /usr/local/httpd24/lib # ldconfig [-v]
導出頭文件
位置:
/usr/include/NAME
# ln -sv /usr/local/httpd24/include /usr/include/httpd24
導出man手冊
位置:
/etc/man.conf
# vim /etc/man.config MANPATH /usr/man MANPATH /usr/share/man MANPATH /usr/local/man MANPATH /usr/local/share/man MANPATH /usr/X11R6/man MANPATH /usr/local/httpd24/man //添加的條目
添加用戶apache
* 如果已經存在apache用戶,則不用添加... # groupadd -r apache # useradd -r -g apache apache
安裝依賴
# yum -y install pcre-devel
編譯
# tar xf httpd-2.4.27.tar.bz2 # ./configure --prefix=/usr/local/httpd24 --sysconfdir=/etc/httpd24 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-pcre --with-zlib --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --enable-modules=most --enable-mpms-shared=all --with-mpm=event # make && make install
--prefix: 安裝路徑。 方便卸載,避免覆蓋已有的程序 --with-<>: 針對於哪個包來安裝 --sysconfdir=<>: 避免覆蓋,沖突 --enable-so DSO機制 --enable-ssl SSL --enable-rewrite URL重寫 --with-pcre Perl擴展正則表達式 --with-zlib zlib提供多種壓縮庫,支持壓縮傳輸 --enable-modules DSO --enable-mpm-shared MPM DSO --with-mpm 默認的MPM
測試啟動
查看80是否被占用,Socket會獨占端口 # ss -tnl 啟用服務 # apachectl start # hash /usr/local/httpd24/bin/apachectl //確保啟動是2.4httpd 測試 # iptables -F # setenforce 0
CentOS 7安裝httpd-2.4
CentOS 7 默認安裝httpd-2.4。
rpm安裝
# yum -y install httpd
CentOS 7 對應配置文件
配置路徑:
/etc/httpd/conf/httpd.conf /etc/httpd/conf.d/*.conf
歡迎頁:
/etc/httpd/conf.d/welcome.conf
模塊路徑:
/etc/httpd/conf.modules.d/*.conf /usr/lib64/httpd/modules/mod_mpm_event|prefork|worker
httpd-2.4基本應用
MPM切換及查看
查看編譯進核心的模塊:
# httpd -l
查看動態裝載的模塊及編譯進核心的模塊:
# httpd -M mpm_event_module (shared)
切換模塊
備份配置: # cp -v /etc/httpd24/httpd.conf{,.bak} 進入配置,註釋event.so,起動prefork或worker: #LoadModule mpm_event_module modules/mod_mpm_event.so LoadModule mpm_prefork_module modules/mod_mpm_prefork.so #LoadModule mpm_worker_module modules/mod_mpm_worker.so 退出配置後: # httpd -t # apachectl restart
查看模塊
# httpd -M mpm_prefork_module (shared)
虛擬主機
準備DocumentRoot及默認主頁面
# mkdir -p /vhosts/www # echo "www.mykernel.cn" > /vhosts/www/index.html
添加配置
備份配置: # cp -v /etc/httpd24/extra/httpd-vhosts.conf{,.bak} 僅在配置添加以下內容 # vim /etc/httpd24/extra/httpd-vhosts.conf <VirtualHost *:80> ServerName www.mykernel.cn DocumentRoot /vhosts/www ErrorLog logs/www.err CustomLog logs/www.access combined <Directory "/vhosts/www"> Options None AllowOverride None Require all granted </Directory> <Location /server-status> SetHandler server-status Require all granted </Location> #ExtendedStatus On </VirtualHost>
測試並訪問
# httpd -t # apachectl restart 在windows的解析庫中添加以下內容(C:\Windows\System32\drivers\etc) 172.16.100.1 www.mykernel.cn
啟用虛擬主機
# vim /etc/httpd24/httpd.conf 註釋中心主機 #DocumentRoot "/usr/local/httpd24/htdocs" # Virtual hosts Include /etc/httpd24/extra/httpd-vhosts.conf
配置虛擬主機
訪問控制
本機127.0.0.1訪問
安裝文本協議瀏覽工具 # yum -y install curl elinks telnet # curl 172.16.100.1 www.mykernel.cn # elinks --dump http://172.16.100.1 www.mykernel.cn # telnet 172.16.100.1 80 Trying 172.16.100.1... Connected to 172.16.100.1. Escape character is ‘^]‘. GET / HTTP/1.1 Host: 172.16.100.1 HTTP/1.1 200 OK Date: Sun, 10 Sep 2017 00:37:49 GMT Server: Apache/2.4.27 (Unix) Last-Modified: Sun, 10 Sep 2017 00:20:44 GMT ETag: "10-558cac7f1211e" Accept-Ranges: bytes Content-Length: 16 Content-Type: text/html www.mykernel.cn
在配置文件中修改為禁止本機訪問
# vim /etc/httpd24/extra/httpd-vhosts.conf <RequireAll> Require all granted Require not ip 172.16.100.1 </RequireAll>
測試
# httpd -t # apachectl restart # curl -I 172.16.100.1 HTTP/1.1 403 Forbidden Date: Sun, 10 Sep 2017 00:45:04 GMT Server: Apache/2.4.27 (Unix) Content-Type: text/html; charset=iso-8859-1 # elinks --dump 172.16.100.1 Forbidden You don‘t have permission to access / on this server. # telnet 172.16.100.1 80 Trying 172.16.100.1... Connected to 172.16.100.1. Escape character is ‘^]‘. GET / HTTP/1.1 Host: 172.16.100.1 HTTP/1.1 403 Forbidden Date: Sun, 10 Sep 2017 00:46:02 GMT Server: Apache/2.4.27 (Unix) Content-Length: 209 Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don‘t have permission to access / on this server.<br /> </p> </body></html>
mod_ssl
自建CA
# dir=/etc/pki/CA # touch $dir/index.txt # echo "01" > $dir/serial # (umask 077;openssl genrsa -out $dir/private/cakey.pem 2048) # openssl req -new -x509 -key $dir/private/cakey.pem -out $dir/cacert.pem -days 7300 (SC, ChengDu, ChengDu, MageEdu Ltd, Ops, ca.mykernel.cn, [email protected])
生成請求
# mkdir /etc/httpd24/ssl && cd /etc/httpd24/ssl # (umask 077;openssl genrsa -out httpd.key 2048) # openssl req -new -key httpd.key -out httpd.csr -days 7300 (SC, ChengDu, ChengDu, MageEdu Ltd, Ops, www.mykernel.cn, [email protected])
本機簽署
# openssl ca -in httpd.csr -out $dir/certs/www.mykernel.cn.crt -days 365
獲取證書
# cp -a /etc/pki/CA/certs/www.mykernel.cn.crt .
啟用mod_ssl
# vim /etc/httpd24/httpd.conf LoadModule ssl_module modules/mod_ssl.so //2.4默認不啟用 LoadModule socache_shmcb_module modules/mod_socache_shmcb.so # Secure (SSL/TLS) connections Include /etc/httpd24/extra/httpd-ssl.conf
啟用ssl虛擬主機
# cp -v /etc/httpd24/extra/httpd-ssl.conf{,.bak} # vim /etc/httpd24/extra/httpd-ssl.conf <VirtualHost *:443> DocumentRoot "/vhosts/www" ServerName www.mykernel.cn SSLCertificateFile "/etc/httpd24/ssl/www.mykernel.cn.crt SSLCertificateKeyFile "/etc/httpd24/ssl/httpd.key
測試語法
# httpd -t # apachectl restart //需要監聽新的端口
測試ssl會話是否能建立
在Linux主機: 在CA所在主機的/etc/hosts文件中添加如下行: 172.16.100.1 www.mykernel.cn 測試 # openssl s_client -connect www.mykernel.cn:443 -CAfile /etc/pki/CA/cacert.pem Certificate chain Server certificate subject issuer No client certificate CA names sent New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Compression: NONE Expansion: NONE SSL-Session: TLSv1.2 在Windows主機: 在windows的C:\Windows\System32\drivers\etc文件中添加 172.16.100.1 www.mykernel.cn 將CA證書[公鑰]導入受信任的頒發機構,在瀏覽器中的輸入: https://www.mykernel.cn即可訪問
服務腳本
bash shell編程的資深專家,以rpm,為藍本,修改修改即可
# cp -v /etc/rc.d/init.d/httpd{,24}
修改
# vim /etc/rc.d/init.d/httpd24 apachectl=/usr/local/httpd24/bin/apachectl httpd=${HTTPD-/usr/local/httpd24/bin/httpd} prog=httpd pidfile=${PIDFILE-/var/run/httpd/httpd24.pid} lockfile=${LOCKFILE-/var/lock/subsys/httpd24} # vim /etc/httpd24/httpd.conf PidFile "/var/run/httpd/httpd24.pid"
測試使用
# chkconfig --add httpd24 # killall httpd # service httpd24 {start|stop|restart|status}
有問題反饋
在使用中有任何問題,歡迎反饋給我,可以用以下聯系方式跟我交流
郵件:[email protected]
QQ: 2192383945
感激
本文由我表哥引導制作,在此留下QQ,博客
QQ: 2580259468
博客
本文出自 “Reading” 博客,請務必保留此出處http://sonlich.blog.51cto.com/12825953/1969602
**httpd-2.4基礎特性及SSL,訪問控制,MPM[DSO],status**