apache配置

apache安装

安装依赖和其他软件

[root@host ~]# yum -y install openssl-devel pcre-devel expat-devel libtool wget make

解压安装包

[root@host src]# wget https://mirrors.bfsu.edu.cn/apache/apr/apr-1.7.0.tar.gz
[root@host src]# wget https://mirrors.bfsu.edu.cn/apache/apr/apr-util-1.6.1.tar.gz
[root@host src]# wget https://mirrors.bfsu.edu.cn/apache/httpd/httpd-2.4.46.tar.gz
[root@host src]# tar xf apr-1.7.0.tar.gz 
[root@host src]# tar xf apr-util-1.6.1.tar.gz 
[root@host src]# tar xf httpd-2.4.46.tar.gz 

编辑,配置,安装

[root@host src]#cd apr-1.7.0/
[root@host apr-1.7.0]# vim configure
# $RM "$cfgfile"  //将此行加上注释，或者删除此行

配置
[root@host apr-1.7.0]# ./configure --prefix=/usr/local/apr
安装
[root@host apr-1.7.0]# make && make install

[root@host apr-1.7.0]# cd /usr/src/apr-util-1.6.1/
配置
[root@host apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
安装
[root@host apr-util-1.6.1]# make && make install

编译安装apache
[root@host src]# cd  httpd-2.4.46 
[root@host httpd-2.4.46]# ./configure --prefix=/usr/local/apache \
--sysconfdir=/etc/httpd24 \
--enable-so \
--enable-ssl \
--enable-cgi \
--enable-rewrite \
--with-zlib \
--with-pcre \
--with-apr=/usr/local/apr \
--with-apr-util=/usr/local/apr-util/ \
--enable-modules=most \
--enable-mpms-shared=all \
--with-mpm=prefork
[root@host httpd-2.4.46]# make && make install

关闭防火墙

[root@host ~]# systemctl stop firewalld
[root@host ~]# setenforce 0

启动apache

[root@host ~]# /usr/local/apache/bin/apachectl start

测试

虚拟主机配置

先源码安装apache
虚拟主机分为

• 相同IP不同端口
• 不同IP相同端口
• 相同IP相同端口不同域名

更改配置

[root@host ~]# cd /etc/httpd24/
[root@host httpd24]# ls
extra  httpd.conf  magic  mime.types  original
[root@host httpd24]# vim httpd.conf 
......
# Virtual hosts  
Include /etc/httpd24/extra/httpd-vhosts.conf       将这一行的#取消

[root@host httpd24]# cd extra/
[root@host extra]# ls
httpd-autoindex.conf  httpd-info.conf       httpd-mpm.conf                 httpd-userdir.conf
httpd-dav.conf        httpd-languages.conf  httpd-multilang-errordoc.conf  httpd-vhosts.conf
httpd-default.conf    httpd-manual.conf     httpd-ssl.conf                 proxy-html.conf
[root@host extra]# vim httpd-vhosts.conf 
.......
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/xialuo1"    这里改为自己网站放的文件
    ServerName xialuo1.example.com                     更改域命
    ErrorLog "logs/xialuo1.example.com-error_log"      错误日志也进行更改
    CustomLog "logs/xialuo1.example.com-access_log" common    日常日志也进行更改
</VirtualHost>

去/etc/profile.d下创建一个httpd.sh ,并写入文件
[root@host ~]# cat /etc/profile.d/httpd.sh 
export PATH=/usr/local/apache/bin:$PATH
[root@host ~]# source /etc/profile.d/httpd.sh 
[root@host ~]# apachectl restart       重启后去网页查看

相同IP不同端口

[root@host extra]# vim httpd-vhosts.conf 
#
<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/xialuo1"
    ServerName xialuo1.example.com
    ErrorLog "logs/xialuo1.example.com-error_log"
    CustomLog "logs/xialuo1.example.com-access_log" common
</VirtualHost>

Listen 81
<VirtualHost *:81>
    DocumentRoot "/usr/local/apache/htdocs/xialuo2"
    ServerName xialuo1.example.com
    ErrorLog "logs/xialuo2.example.com-error_log"
    CustomLog "logs/xialuo2.example.com-access_log" common
</VirtualHost>
保存并退出
[root@host extra]# apachectl restart                   重启服务           

不同IP相同端口

添加ip
[root@host ~]# ip addr add 192.168.149.150/24 dev ens160
[root@host extra]# vim httpd-vhosts.conf 

<VirtualHost 192.168.149.133:80>
    DocumentRoot "/usr/local/apache/htdocs/xialuo1"
    ServerName xialuo1.example.com
    ErrorLog "logs/xialuo1.example.com-error_log"
    CustomLog "logs/xialuo1.example.com-access_log" common
</VirtualHost>

<VirtualHost 192.168.149.150:80>
    DocumentRoot "/usr/local/apache/htdocs/xialuo2"
    ServerName xialuo1.example.com
    ErrorLog "logs/xialuo2.example.com-error_log"
    CustomLog "logs/xialuo2.example.com-access_log" common
</VirtualHost>
保存
[root@host extra]# apachectl restart    重启服务

相同IP相同端口不同域名

[root@host extra]# vim httpd-vhosts.conf 
[root@host extra]# vim httpd-vhosts.conf 
......
<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/xialuo1"
    ServerName xialuo1.example.com
    ErrorLog "logs/xialuo1.example.com-error_log"
    CustomLog "logs/xialuo1.example.com-access_log" common
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/xialuo2"
    ServerName xialuo1.example.com
    ErrorLog "logs/xialuo2.example.com-error_log"
    CustomLog "logs/xialuo2.example.com-access_log" common
</VirtualHost>

[root@host extra]# apachectl restart 重启服务
进入真机下的c:\window\system32\drivers\etc\hosts
拖到桌面上
右键以管理员的形式用写字板打开,写入一下内容
192.168.149.133 xialuo2.example.com xialu1.example.com
然后把文件拖回原位置

CA证书的配置(https)

启用ssl模块,编辑httpd.conf

[root@host httpd24]# vim httpd.conf
将这两行注释取消
......  
Include /etc/httpd24/extra/httpd-ssl.conf   
LoadModule ssl_module modules/mod_ssl.so       

这里注意,没有模块的要进行下载

[root@host extra]# dnf -y install mod_ssl

编辑

[root@host extra]# vim httpd-ssl.conf 

这一行取消注释
 92 #SSLSessionCache        "shmcb:/usr/local/apache/logs/ssl_scache(512000)"\
 .......
修改配置
121 <VirtualHost _default_:443>
122 
123 #   General setup for the virtual host
124 DocumentRoot "/usr/local/apache/htdocs/xialuo2"     文件路径修改为自己设置的
125 ServerName www.xialuo2.example.com:443              修改域命为自己设置的
126 ErrorLog "/usr/local/apache/logs/xialuo2.example.com-error_log"    错误日志修改为自己设置的
127 TransferLog "/usr/local/apache/logs/xialuo2.example.com-access_log"   正常日志修改为自己设置的
.......
143 SSLCertificateFile "/etc/httpd24/httpd.crt"    设置证书的放置地址
......
153 SSLCertificateKeyFile "/etc/httpd24/httpd.key"   设置证书的放置地址

检查语法是否有错
[root@host extra]# apachectl -t
AH00526: Syntax error on line 143 of /etc/httpd24/extra/httpd-ssl.conf:
SSLCertificateFile: file '/etc/httpd24/httpd.crt' does not exist or is empty

//这里是因为我们的证书还没有生成到目标文件才会出现错误提示

CA密钥生成

生成公钥
创建文件

[root@host ~]# mkdir /etc/pki/CA
[root@host CA]# mkdir private
[root@host CA]#  umask 077;openssl genrsa -out private/cakey.pem 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
..+++++
........................................+++++
e is 65537 (0x010001)

生成自签署证书

[root@host CA]#  openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:ltyj        
Organizational Unit Name (eg, section) []:ltyj
Common Name (eg, your name or your server's hostname) []: xialuo2.example.com
Email Address []:1@1.com

生成密钥

[root@host CA]#  mkdir certs newcerts crl
[root@host CA]# touch index.txt && echo 01 > serial
[root@host CA]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
........+++++
...............................................................................+++++
e is 65537 (0x010001)

客户端生成证书签署请求

[root@host CA]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:ltyj
Organizational Unit Name (eg, section) []:ltyj
Common Name (eg, your name or your server's hostname) []:xialuo2.example.com
Email Address []:1@1.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

CA签署客户端提交上来的证书

[root@host CA]# openssl ca -in httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Apr 27 11:47:50 2021 GMT
            Not After : Apr 27 11:47:50 2022 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = HB
            organizationName          = ltyj
            organizationalUnitName    = ltyj
            commonName                = xialuo2.example.com
            emailAddress              = 1@1.com
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                75:CD:78:EE:05:0A:CA:CC:68:7D:5F:F9:DA:AD:E2:0C:05:C9:FB:AE
            X509v3 Authority Key Identifier: 
                keyid:7F:70:C2:23:2A:E8:8D:80:3A:80:DA:AE:D3:68:4D:77:33:C7:D4:0A

Certificate is to be certified until Apr 27 11:47:50 2022 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

将证书移动到设置的目录下

[root@host CA]# mv httpd.key httpd.crt /etc/httpd24/
[root@host CA]# apachectl restart

测试: