Apache配置

目录

一、概述

二、应用场景

三、安装流程

四、安装方式

rpm/yum

主配置文件

源码安装

五、配置方法

优化命令路径

配置文件

六、启动测试

七。虚拟主机头

修改方式

修改主配置文件

主配置文件包含虚拟主机配置文件

实现方法

基于不同的IP地址

基于不同的端口

基于不同的域名

八、Apache安全传输

yum安装

安装mod_ssl 

配置本地证书

源码安装

软件版本

软件安装

---

---

一、概述

web服务器的中间件    用于构建静态web站点    默认版本2.4.6

---

二、应用场景

web服务器     后台解析    视频站点    博客   ......

---

三、安装流程

配置静态IP地址    关闭防火墙和SElinux    安装软件

---

四、安装方式

rpm/yum

rpm  -ivh httpd...rpm

yum install httpd

主配置文件

/etc/httpd/conf/httpd.conf

Listen 80  定义apache的监听端口号
User apache  定义运行用户和运行组
Group apache  运行用户：程序需运行时哪个用户打开的程序文件
ServerName www.example.com:80  定义web服务使用域名访问
Require all denied；Require all granted
定义访问权限；  denied：不能访问  granted：可以访问
DocumentRoot "/var/www/html"  定义文档根目录
DirectoryIndex index.html  定义默认访问主页

源码安装

gcc环境    

make环境

依赖关系  yum -y install  apr  apr-util  apr-util-devel  gcc  gcc-c++  pcre-devel  zlib-devel

---

五、配置方法

优化命令路径

将安装目录中的启动命令链接到/usr/local/bin

ln -s /usr/local/apache/bin/apachectl /usr/local/bin/apachectl

配置文件

ServerRoot "/usr/local/apache"  定义apache安装路径
Listen 80  定义apache的监听端口号
LoadModule  加载apache运行时的必要模块文件
User daemon  定义运行用户和运行组
Group daemon  运行用户：程序需运行时哪个用户打开的程序文件
ServerName www.example.com:80  定义web服务使用域名访问 
Require all denied；Require all granted
定义访问权限；  denied：不能访问  granted：可以访问
DocumentRoot "/usr/local/apache/htdocs"  定义文档根目录
DirectoryIndex index.html  定义默认访问主页
ErrorLog "logs/error_log"  错误日志路径；
LogLevel warn  错误日志级别；
LogFormat   日志格式；
CustomLog  访问日志

---

六、启动测试

先测试连通性    使用apachectl命令进行管理

---

七。虚拟主机头

修改方式

修改主配置文件

vim /usr/local/apache/conf/httpd.conf

声明监听不同的IP地址的80端口

开启使用虚拟主机文件的选项

# Virtual hosts
Include conf/extra/httpd-vhosts.conf

主配置文件包含虚拟主机配置文件

vim /usr/local/apache/conf/extra/httpd-vhosts.conf

---

实现方法

基于不同的IP地址

<VirtualHost 192.168.1.1:80>
  ServerAdmin webmaster@dummy-host.example.com
  DocumentRoot"/usr/local/apache/htdocs/web1"
#  ServerName dummy-host.example.com
#  ServerAlias www.dummy-host.example.com
  ErrorLog"logs/1.1-access_log"common
</VirtualHost>

<VirtualHost 192.168.1.2:80>
  ServerAdmin webmaster@dummy-host2.example.com
  DocumentRoot"/usr/local/apache/htdocs/web2"
#  ServerName dummy-host2.example.com
  ErrorLog"logs/1.2-error_log"
  CustomLog"logs/1.2-access_log"common
</VirtualHost>

基于不同的端口

<VirtualHost 192.168.1.1:8081>
  ServerAdmin webmaster@dummy-host.example.com
  DocumentRoot"/usr/local/apache/htdocs/web1"
#  ServerName dummy-host.example.com
#  ServerAlias www.dummy-host.example.com
  ErrorLog"logs/8081-error_log"
  CustomLog"logs/8081-access_log"common
</VirtualHost>

<VirtualHost 192.168.1.2:8082>
  ServerAdmin webmaster@dummy-host2.example.com
  DocumentRoot"/usr/local/apache/htdocs/web2"
#  ServerName dummy-host2.example.com
  ErrorLog"logs/8082-error_log"
  CustomLog"logs/8082-access_log"common
</VirtualHost>

基于不同的域名

<VirtualHost dns.zp.com:80>
  ServerAdmin webmaster@dummy-host.example.com
  DocumentRoot"/usr/local/apache/htdocs/web1"
  ServerName dns.zp.com
#  ServerAlias www.dummy-host.example.com
  ErrorLog"logs/zp-error_log"
  CustomLog"logs/zp-access_log"common
</VirtualHost>

<VirtualHost www.zp.com:80>
  ServerAdmin webmaster@dummy-host2.example.com
  DocumentRoot"/usr/local/apache/htdocs/web2"
  ServerName dummy-www.zp.com
  ErrorLog"logs/zp-error_log"
  CustomLog"logs/zp-access_log"common
</VirtualHost>

---

八、Apache安全传输

Apache Httpd 2.2.29 (http://httpd.apache.org )

OpenSSL 1.0.1h (http://www.openssl.org/source )

SSL-Tools (http://www.openssl.org/contrib/ssl.ca-0.1.tar.gz )

安全套接字：SSL

yum安装

安装mod_ssl 

 安装完成，重新启动httpd服务

配置本地证书

mkdir /etc/httpd/conf.d/rsa
cd /etc/httpd/conf.d/rsa
openssl genrsa -out rsa1024.key 1024
openssl req -new -key rsa1024.key -out rsa1024.csr
openssl x509 -req -days 365 -in rsa1024.csr -signkey rsa1024.key -out rsa1024.crt
vim /etc/httpd/conf.d/ssl.conf
修改    SSLCertificateFile /etc/httpd/conf.d/rsa/rsa1024.crt
        SSLCertificateKeyFile /etc/httpd/conf.d/rsa/rsa1024.key
systemctl restart httpd

源码安装

软件版本

Apache Httpd 2.4.54 (http://httpd.apache.org )
wget https://dlcdn.apache.org/httpd/httpd-2.4.54.tar.gz --no-check-certificate

OpenSSL 1.1.1s (http://www.openssl.org/source )
wget https://www.openssl.org/source/openssl-1.1.1s.tar.gz --no-check-certificate

SSL-Tools (http://www.openssl.org/contrib/ssl.ca-0.1.tar.gz )

软件安装

1、安装Openssl

tar xf openssl-1.1.1s.tar.gz
cd  openssl-1.1.1s
./config && make && make install

2、安装apache

安装依赖关系

yum install -y apr-devel
yum install -y apr-util-devel
yum install -y pcre-devel pcre-util

tar xf httpd-2.4.54.tar.gz
cd httpd-2.4.54/
./configure --prefix=/usr/local/apache --enable-ssl=static --with-ssl=/usr/local/ssl && make && make install

3、生成证书

cp ssl.ca-0.1.tar.gz /usr/local/apache/conf/
cd /usr/local/apache/conf/
tar xf ssl.ca-0.1.tar.gz 
cd ssl.ca-0.1/

配置库文件

ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/
 ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/

生成根证书

./new-root-ca.sh

[ root@juexing ssl.ca-0.1]# ./new- root-ca.sh INo Root CA key round. Generating one
Generating RSA private key, 1024 bit Long modulus(2 primes)
。.。++++++++++
e is 65537 (0x010001)
Enter pass phrase for ca.key:
IVerifying-Enterpassphraseforca.key:Self-sign the root CA... Enter pass phrase for ca.key:
You are about to be asked to enter information that will be incorporated |into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank.
Country Name(2 letter code)[MY]:china
string is too long, it needs to be no more than 2 bytes long Country Name (2 letter code)[MY]:CA
|State or Province Name(full name)[Perak]:zhaoxing Locality Name (eg, city)[Sitiawan]:bj
Organization Name(eg, company) IMy Directory Sdn Bhd]: juexing
Organizational Unit Name (eg, section)[Certification Services Division]:jx |Common Name (eg, MD Root CA)[]:RCA Email Address []:1234@qq.com

生成服务器证书

./new-server-cert.sh