目录
一、概述
web服务器的中间件 用于构建静态web站点 默认版本2.4.6
二、应用场景
web服务器 后台解析 视频站点 博客 ......
三、安装流程
配置静态IP地址 关闭防火墙和SElinux 安装软件
四、安装方式
rpm/yum
rpm -ivh httpd...rpm
yum install httpd
主配置文件
/etc/httpd/conf/httpd.conf
Listen 80 定义apache的监听端口号 User apache 定义运行用户和运行组 Group apache 运行用户:程序需运行时哪个用户打开的程序文件 ServerName www.example.com:80 定义web服务使用域名访问 Require all denied;Require all granted 定义访问权限; denied:不能访问 granted:可以访问 DocumentRoot "/var/www/html" 定义文档根目录 DirectoryIndex index.html 定义默认访问主页
源码安装
gcc环境
make环境
依赖关系 yum -y install apr apr-util apr-util-devel gcc gcc-c++ pcre-devel zlib-devel
五、配置方法
优化命令路径
将安装目录中的启动命令链接到/usr/local/bin
ln -s /usr/local/apache/bin/apachectl /usr/local/bin/apachectl
配置文件
ServerRoot "/usr/local/apache" 定义apache安装路径 Listen 80 定义apache的监听端口号 LoadModule 加载apache运行时的必要模块文件 User daemon 定义运行用户和运行组 Group daemon 运行用户:程序需运行时哪个用户打开的程序文件 ServerName www.example.com:80 定义web服务使用域名访问 Require all denied;Require all granted 定义访问权限; denied:不能访问 granted:可以访问 DocumentRoot "/usr/local/apache/htdocs" 定义文档根目录 DirectoryIndex index.html 定义默认访问主页 ErrorLog "logs/error_log" 错误日志路径; LogLevel warn 错误日志级别; LogFormat 日志格式; CustomLog 访问日志
六、启动测试
先测试连通性 使用apachectl命令进行管理
七。虚拟主机头
修改方式
修改主配置文件
vim /usr/local/apache/conf/httpd.conf
声明监听不同的IP地址的80端口
开启使用虚拟主机文件的选项
# Virtual hosts Include conf/extra/httpd-vhosts.conf
主配置文件包含虚拟主机配置文件
vim /usr/local/apache/conf/extra/httpd-vhosts.conf
实现方法
基于不同的IP地址
<VirtualHost 192.168.1.1:80> ServerAdmin webmaster@dummy-host.example.com DocumentRoot"/usr/local/apache/htdocs/web1" # ServerName dummy-host.example.com # ServerAlias www.dummy-host.example.com ErrorLog"logs/1.1-access_log"common </VirtualHost> <VirtualHost 192.168.1.2:80> ServerAdmin webmaster@dummy-host2.example.com DocumentRoot"/usr/local/apache/htdocs/web2" # ServerName dummy-host2.example.com ErrorLog"logs/1.2-error_log" CustomLog"logs/1.2-access_log"common </VirtualHost>
基于不同的端口
<VirtualHost 192.168.1.1:8081> ServerAdmin webmaster@dummy-host.example.com DocumentRoot"/usr/local/apache/htdocs/web1" # ServerName dummy-host.example.com # ServerAlias www.dummy-host.example.com ErrorLog"logs/8081-error_log" CustomLog"logs/8081-access_log"common </VirtualHost> <VirtualHost 192.168.1.2:8082> ServerAdmin webmaster@dummy-host2.example.com DocumentRoot"/usr/local/apache/htdocs/web2" # ServerName dummy-host2.example.com ErrorLog"logs/8082-error_log" CustomLog"logs/8082-access_log"common </VirtualHost>
基于不同的域名
<VirtualHost dns.zp.com:80> ServerAdmin webmaster@dummy-host.example.com DocumentRoot"/usr/local/apache/htdocs/web1" ServerName dns.zp.com # ServerAlias www.dummy-host.example.com ErrorLog"logs/zp-error_log" CustomLog"logs/zp-access_log"common </VirtualHost> <VirtualHost www.zp.com:80> ServerAdmin webmaster@dummy-host2.example.com DocumentRoot"/usr/local/apache/htdocs/web2" ServerName dummy-www.zp.com ErrorLog"logs/zp-error_log" CustomLog"logs/zp-access_log"common </VirtualHost>
八、Apache安全传输
Apache Httpd 2.2.29 (http://httpd.apache.org )
OpenSSL 1.0.1h (http://www.openssl.org/source )
SSL-Tools (http://www.openssl.org/contrib/ssl.ca-0.1.tar.gz )
安全套接字:SSLyum安装
安装mod_ssl
安装完成,重新启动httpd服务
配置本地证书
mkdir /etc/httpd/conf.d/rsa cd /etc/httpd/conf.d/rsa openssl genrsa -out rsa1024.key 1024 openssl req -new -key rsa1024.key -out rsa1024.csr openssl x509 -req -days 365 -in rsa1024.csr -signkey rsa1024.key -out rsa1024.crt vim /etc/httpd/conf.d/ssl.conf 修改 SSLCertificateFile /etc/httpd/conf.d/rsa/rsa1024.crt SSLCertificateKeyFile /etc/httpd/conf.d/rsa/rsa1024.key systemctl restart httpd
源码安装
软件版本
Apache Httpd 2.4.54 (http://httpd.apache.org ) wget https://dlcdn.apache.org/httpd/httpd-2.4.54.tar.gz --no-check-certificate
OpenSSL 1.1.1s (http://www.openssl.org/source ) wget https://www.openssl.org/source/openssl-1.1.1s.tar.gz --no-check-certificate
SSL-Tools (http://www.openssl.org/contrib/ssl.ca-0.1.tar.gz )
软件安装
1、安装Openssl
tar xf openssl-1.1.1s.tar.gz cd openssl-1.1.1s ./config && make && make install
2、安装apache
安装依赖关系
yum install -y apr-devel yum install -y apr-util-devel yum install -y pcre-devel pcre-util
tar xf httpd-2.4.54.tar.gz cd httpd-2.4.54/ ./configure --prefix=/usr/local/apache --enable-ssl=static --with-ssl=/usr/local/ssl && make && make install
3、生成证书
cp ssl.ca-0.1.tar.gz /usr/local/apache/conf/ cd /usr/local/apache/conf/ tar xf ssl.ca-0.1.tar.gz cd ssl.ca-0.1/
配置库文件
ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/ ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/
生成根证书
./new-root-ca.sh
[ root@juexing ssl.ca-0.1]# ./new- root-ca.sh INo Root CA key round. Generating one Generating RSA private key, 1024 bit Long modulus(2 primes) 。.。++++++++++ e is 65537 (0x010001) Enter pass phrase for ca.key: IVerifying-Enterpassphraseforca.key:Self-sign the root CA... Enter pass phrase for ca.key: You are about to be asked to enter information that will be incorporated |into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. Country Name(2 letter code)[MY]:china string is too long, it needs to be no more than 2 bytes long Country Name (2 letter code)[MY]:CA |State or Province Name(full name)[Perak]:zhaoxing Locality Name (eg, city)[Sitiawan]:bj Organization Name(eg, company) IMy Directory Sdn Bhd]: juexing Organizational Unit Name (eg, section)[Certification Services Division]:jx |Common Name (eg, MD Root CA)[]:RCA Email Address []:1234@qq.com
生成服务器证书
./new-server-cert.sh