Centos7系統下httpd各種方式實現與配置
-
1、 Centos7系統下實現httpd-2.2的安裝,並分別實現prefork、worker、event等幾種工作方式
Centos 7上若yum安裝httpd程式,預設的是2.4的版本,因此無法用yum 直接安裝,我這裡採取原始碼安裝httpd-2.2
安裝前準備
[[email protected] ~]# systemctl stop firewalld.service
[[email protected] ~]# vi /etc/sysconfig/selinux
[[email protected] ~]# setenforce 0
[[email protected] ~]# getenforce
Permissive
安裝相應元件包
[[email protected] ~]# yum groupinstall "Development Tools" "Serverplatform Development" -y
[[email protected] ~]# wget http://archive.apache.org/dist/httpd/httpd-2.2.32.tar.gz
編譯安裝
[[email protected] ~]# tar -zxf httpd-2.2.32.tar.gz
[[email protected] ~]# cd httpd-2.2.32
[[email protected] httpd-2.2.32]# ./configure --prefix=/usr/local/apache2/ --sysconfdir=/etc/httpd2 --with-mpm=worker
[[email protected] httpd-2.2.32]# make && make install
設定環境變數與systemd
[[email protected] httpd-2.2.32]# cat /etc/profile.d/httpd.sh
export PATH=$PATH:/usr/local/apache2/bin
[ [email protected] httpd-2.2.32]# ln -sv /usr/local/apache2/include /usr/include//httpd
‘/usr/include//httpd’ -> ‘/usr/local/apache2/include’
[[email protected] httpd-2.2.32]# cat /etc/man_config
MANPATH /usr/local/apache2/man
[[email protected] httpd-2.2.32]# cat /lib/systemd/system/httpd.service
[Unit]
Description=The httpd service
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/apache2/bin/apachectl start
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/usr/local/apache2/bin/apachectl stop
Restart=/usr/local/apache2/bin/apachectl restart
[Install]
WantedBy=multi-user.target
啟動服務與驗證
[[email protected] httpd-2.2.32]# systemctl daemon-reload
[[email protected] httpd-2.2.32]# systemctl start httpd.service
[[email protected] httpd-2.2.32]# ss -tan
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
ESTAB 0 0 192.168.10.10:22 192.168.10.1:57790
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[[email protected] httpd-2.2.32]# httpd -l
Compiled in modules:
core.c
mod_authn_file.c
mod_authn_default.c
mod_authz_host.c
mod_authz_groupfile.c
mod_authz_user.c
mod_authz_default.c
mod_auth_basic.c
mod_include.c
mod_filter.c
mod_log_config.c
mod_env.c
mod_setenvif.c
mod_version.c
worker.c
http_core.c
mod_mime.c
mod_status.c
mod_autoindex.c
mod_asis.c
mod_cgid.c
mod_negotiation.c
mod_dir.c
mod_actions.c
mod_userdir.c
mod_alias.c
mod_so.c
按照以上方式即可實現prefork和event兩種方式(預設為prefork方式)
./configure --prefix=/usr/local/apache2/ --sysconfdir=/etc/httpd --with-mpm=prefork
./configure --prefix=/usr/local/apache2/ --sysconfdir=/etc/httpd --with-mpm=event
prefork: 預先建立程序,兩級程序模型,父程序負責建立子程序,每個子程序響應一個使用者請求
worker:父程序管理子程序,子程序通過執行緒響應使用者請求,每執行緒處理一個使用者請求
event:兩級模型,父程序管理子程序,子程序通過event-driver機制直接響應n個請求
-
2、 簡述request報文請求方法和狀態響應碼
-
請求方法(method):
GET:從伺服器獲取一個資源;
HEAD:只從伺服器獲取文件的響應首部;
POST:向伺服器傳送要處理的資料;
PUT:將請求的主體部分儲存在伺服器上;
DELETE:請求刪除伺服器上指定的文件;
TRACE:追蹤請求到達伺服器中間經過的代理伺服器;
OPTIONS:請求伺服器返回對指定資源支援使用的請求方法; -
Status(狀態碼):
1xx: 100-101,資訊提示;
2xx: 200-206,成功
3xx: 300-305,重定向
4xx: 400-415,錯誤類資訊,客戶端錯誤
5xx: 500-505,伺服器端錯誤 -
常用的狀態碼:
200: 成功,請求的所有資料通過響應報文的entity-body部分發送;OK
301: 請求的URL指向的資源的已經被刪除;但在響應報文中通過首部Location指明瞭資源現在所處的新位置;Moved Permanently
302: 與301相似,但在響應報文中通過Location指明資源現在所處臨時新位置;Found
304: 客戶端發出了條件式請求,但伺服器上的資源未曾發生改變,則通過響應此響應狀態碼通知客戶端;Not Modified
401: 需要輸入賬號和密碼認證方能訪問資源;Unauthorzed
403: 請求被禁止;Forbidden
404: 伺服器無法找到客戶端請求的資源;Not Found
500: 伺服器內部錯誤;Internal Server Error
502: 代理伺服器從後端伺服器收到了一條偽響應; Bad Gateway -
3、詳細描述httpd虛擬主機、站點訪問控制、基於使用者的訪問控制、持久連結等應用配置例項
虛擬主機的實現方案:
基於IP地址
基於埠號(port)
基於主機域名(FQDN)
注意點:
- 一般虛擬主機不要與中心主機混用,要使用虛擬主機,得先禁用“main”主機,禁用方法:註釋中心主機的DocumentRoot指令即可
- 配置VirtualHost,在httpd2.2中,NameVirtualHost這一項需啟用2.2以上版本不需要
-
基於IP地址
[[email protected] ~]# yum -y install httpd [[email protected] ~]# ip addr add 192.168.10.30/24 dev ens32 [[email protected] ~]# ip addr add 192.168.10.31/24 dev ens32 [[email protected] ~]# mkdir -p /var/www/html/30 [[email protected] ~]# mkdir -p /var/www/html/31 [[email protected] ~]# echo "hello,ip address is "192.168.10.30"" > /var/www/html/30/index.html [[email protected] ~]# echo "hello,ip address is "192.168.10.31"" > /var/www/html/31/index.html [[email protected] ~]# vi /etc/httpd/conf.d/virtualhost.conf <VirtualHost 192.168.10.30:80> DocumentRoot "/var/www/html/30" ServerName www.magedu30.com <Directory "/var/www/html/30"> AllowOverride None Require all granted </Directory> </VirtualHost> <VirtualHost 192.168.10.31:80> DocumentRoot "/var/www/html/31" ServerName www.magedu31.com <Directory "/var/www/html/31"> AllowOverride None Require all granted </Directory> </VirtualHost> [[email protected] ~]# httpd -t Syntax OK [[email protected] ~]# systemctl restart httpd.service #最後測試結果 [email protected] ~]# curl 192.168.10.30 hello,ip address is 192.168.10.30 [[email protected] ~]# curl 192.168.10.31 hello,ip address is 192.168.10.31
- 基於埠號:
[[email protected] ~]# mkdir -p /var/www/html/80 [[email protected] ~]# mkdir -p /var/www/html/10080 [[email protected] ~]# echo "hi,the ip port is '80'" >/var/www/html/80/index.html [[email protected] ~]# echo "hi,the ip port is '10080'" >/var/www/html/10080/index.html [[email protected] ~]# vi /etc/httpd/conf.d/test1.conf <VirtualHost 192.168.10.10:80> ServerName www.magedu10.com DocumentRoot "/var/www/html/80" <Directory "/var/www/html/80"> Options None AllowOverride None Require all granted </Directory> CustomLog "logs/test1_access_log" combined </VirtualHost> [[email protected] ~]# vi /etc/httpd/conf.d/test2.conf Listen 10080 <VirtualHost 192.168.10.10:10080> ServerName www.test2.com DocumentRoot "/var/www/html/10080" <Directory "/var/www/html/10080"> Options None AllowOverride None Require all granted </Directory> CustomLog "Logs/test2_access_log" combined </VirtualHost> [email protected] ~]# httpd -t Syntax OK [[email protected] ~]# systemctl restart httpd #最後驗證結果: [[email protected] ~]# curl 192.168.10.10:80 hi,the ip port is '80' [[email protected] ~]# curl 192.168.10.10:8080 hi,the ip port is '10080'
- 基於主機域名
[[email protected] ~]# mkdir -p /var/www/html/ilinux [[email protected] ~]# mkdir -p /var/www/html/iunix [[email protected] ~]# echo "domain name is 'www.ilinux.com'" >/var/www/html/ilinux/index.html [[email protected] ~]# echo "domain name is 'www.iunix.com'" >/var/www/html/iunix/index.html [[email protected] ~]# vi /etc/httpd/conf.d/virtualhost.conf <VirtualHost 192.168.10.10:80> DocumentRoot "/var/www/html/ilinux" ServerName www.ilinux.com <Directory "</var/www/html/ilinux"> AllowOverride None Require all granted </Directory> </VirtualHost> <VirtualHost 192.168.10.10:80> DocumentRoot "/var/www/html/iunix" ServerName www.iunix.com <Directory "/var/www/html/iunix"> AllowOverride None Require all granted </Directory> </VirtualHost> [[email protected] ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.10.10 www.ilinux.com www.iunix.com [[email protected] ~]# httpd -t Syntax OK [[email protected] ~]# systemctl restart httpd #最後測試結果: [[email protected] ~]# curl www.ilinux.com domain name is 'www.ilinux.com' [[email protected] ~]# curl www.iunix.com domain name is 'www.iunix.com'
- 站點訪問控制
禁止192.168.10.20訪問[[email protected] ~]# cat /etc/httpd/conf.d/deny.conf <VirtualHost 192.168.10.10:80> ServerName www.ilinux.com DocumentRoot "/var/www/html" <Directory "/var/www/html"> <Requireall> Require all granted Require not ip 192.168.10.20 </Requireall> </Directory> </VirtualHost>
-
基於使用者的訪問控制
[[email protected] ~]# htpasswd -c /tmp/test.users tom New password: Re-type new password: Adding password for user tom [[email protected] ~]# htpasswd -m /tmp/test.users jerry New password: Re-type new password: Adding password for user jerry [[email protected] ~]# htpasswd -m /tmp/test.users xiaochen New password: Re-type new password: Adding password for user xiaochen [[email protected] ~]# mv /tmp/test.users /etc/httpd/conf.d/.htpasswd [[email protected] ~]# mkdir -p /var/www/html/testusers [[email protected] ~]# echo "Testusers Area" > /var/www/html/testusers/index.html [[email protected] ~]# cat /etc/httpd/conf.d/testusers.conf <Directory "/var/www/html/testusers"> Options None AllowOverride None AuthType basic AuthName "Test Area,pls enter your username and password" AuthUserFile "/etc/httpd/conf.d/.htpasswd" Require user tom jerry obama </Directory> [[email protected] ~]# cat /etc/httpd/conf.d/virtualhost.conf <VirtualHost 192.168.10.10:80> DocumentRoot "/var/www/html/testusers" ServerName www.ilinux.com <Directory "</var/www/html/testusers"> AllowOverride None Require all granted </Directory> </VirtualHost> <VirtualHost 192.168.10.10:80> DocumentRoot "/var/www/html/testusers" ServerName www.iunix.com <Directory "/var/www/html/testusers"> AllowOverride None Require all granted </Directory> </VirtualHost> [[email protected] ~]# httpd -t Syntax OK [[email protected] ~]# systemctl restart httpd
最後測試:
- 持久連結
持久連結是建立連結後持續獲取資源不斷開,一直響應到把需要獲取的資源都成功獲取了以後才終止連結#建立模組化檔案 [[email protected] ~]# cat /etc/httpd/conf.d/keepalive.conf KeepAlive On KeepAliveTimeout 35 MaxKeepAliveRequests 100 [[email protected] ~]# httpd -t Syntax OK [[email protected] ~]# systemctl restart httpd