如何在CentOS 8上安装Apache Web服务器

介绍 (Introduction)

The Apache HTTP server is the most widely-used web server in the world. It provides many powerful features including dynamically loadable modules, robust media support, and extensive integration with other popular software.

Apache HTTP服务器是世界上使用最广泛的Web服务器。 它提供了许多强大的功能，包括可动态加载的模块，强大的媒体支持以及与其他流行软件的广泛集成。

In this guide, you will install an Apache web server with virtual hosts on your CentOS 8 server.

在本指南中，您将在CentOS 8服务器上安装具有虚拟主机的Apache Web服务器。

先决条件 (Prerequisites)

You will need the following to complete this guide:

您将需要以下内容才能完成本指南：

• A non-root user with sudo privileges configured on your server, set up by following the initial server setup guide for CentOS 8.

  在服务器上配置了具有sudo特权的非root用户，请按照CentOS 8的初始服务器设置指南进行设置 。

• Ensure that a basic firewall is configured by following Step 4 of the Initial Server Setup with CentOS 8 (recommended) in the above guide.

  通过遵循上述指南中的“ 使用CentOS 8进行初始服务器设置” (推荐)来确保配置了基本防火墙。

第1步-安装Apache (Step 1 — Installing Apache)

Apache is available within CentOS’s default software repositories, which means you can install it with the dnf package manager.

CentOS的默认软件存储库中提供了Apache，这意味着您可以使用dnf软件包管理器进行安装。

As the non-root sudo user configured in the prerequisites, install the Apache package:

作为先决条件中配置的非root sudo用户，请安装Apache软件包：

• sudo dnf install httpd
  须藤dnf安装httpd

After confirming the installation, dnf will install Apache and all required dependencies.

确认安装后， dnf将安装Apache和所有必需的依赖项。

By completing Step 4 of the Initial Server Setup with CentOS 8 guide mentioned in the prerequisites section, you will have already installed firewalld on your server to serve requests over HTTP.

通过完成先决条件部分中提到的“ 使用CentOS 8进行初始服务器设置”指南的步骤4 ，您将已经在服务器上安装了firewalld以通过HTTP服务请求。

If you also plan to configure Apache to serve content over HTTPS, you will also want to open up port 443 by enabling the https service:

如果您还计划将Apache配置为通过HTTPS提供内容，那么您还希望通过启用https服务来打开端口443 ：

• sudo firewall-cmd --permanent --add-service=https
  sudo Firewall-cmd-永久--add-service = https

Next, reload the firewall to put these new rules into effect:

接下来，重新加载防火墙以使这些新规则生效：

• sudo firewall-cmd --reload
  sudo firewall-cmd-重新加载

After the firewall reloads, you are ready to start the service and check the web server.

重新加载防火墙后，即可开始启动服务并检查Web服务器。

步骤2 —检查您的Web服务器 (Step 2 — Checking your Web Server)

Apache does not automatically start on CentOS once the installation completes, so you will need to start the Apache process manually:

安装完成后，Apache不会自动在CentOS上启动，因此您需要手动启动Apache进程：

• sudo systemctl start httpd
  sudo systemctl启动httpd

Verify that the service is running with the following command:

使用以下命令验证服务是否正在运行：

• sudo systemctl status httpd
  sudo systemctl状态httpd

You will receive an active status when the service is running:

服务运行时，您将收到active状态：

   
   

    
    Output
   
   
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disa>
   Active: active (running) since Thu 2020-04-23 22:25:33 UTC; 11s ago
     Docs: man:httpd.service(8)
 Main PID: 14219 (httpd)
   Status: "Running, listening on: port 80"
    Tasks: 213 (limit: 5059)
   Memory: 24.9M
   CGroup: /system.slice/httpd.service
           ├─14219 /usr/sbin/httpd -DFOREGROUND
           ├─14220 /usr/sbin/httpd -DFOREGROUND
           ├─14221 /usr/sbin/httpd -DFOREGROUND
           ├─14222 /usr/sbin/httpd -DFOREGROUND
           └─14223 /usr/sbin/httpd -DFOREGROUND

...

As this output indicates, the service has started successfully. However, the best way to test this is to request a page from Apache.

如此输出所示，该服务已成功启动。 但是，最好的测试方法是从Apache请求一个页面。

You can access the default Apache landing page to confirm that the software is running properly through your IP address. If you do not know your server’s IP address, you can get it a few different ways from the command line.

您可以访问默认的Apache登录页面，以通过您的IP地址确认软件是否正常运行。 如果您不知道服务器的IP地址，则可以从命令行以几种不同的方式获取它。

Type q to return to the command prompt and then type:

键入q返回命令提示符，然后键入：

• hostname -I
  主机名-I

This command will display all of the host’s network addresses, so you will get back a few IP addresses separated by spaces. You can try each in your web browser to determine whether they work.

该命令将显示主机的所有网络地址，因此您将获得一些用空格分隔的IP地址。 您可以尝试在网络浏览器中确定它们是否起作用。

Alternatively, you can use curl to request your IP from icanhazip.com, which will give you your public IPv4 address as read from another location on the internet:

或者，您可以使用curl从icanhazip.com请求IP，这将为您提供从Internet上其他位置读取的公共IPv4地址：

• curl -4 icanhazip.com
  卷曲-4 icanhazip.com

When you have your server’s IP address, enter it into your browser’s address bar:

拥有服务器的IP地址后，将其输入到浏览器的地址栏中：

http://your_server_ip

You’ll see the default CentOS 8 Apache web page:

您将看到默认的CentOS 8 Apache网页：

This page indicates that Apache is working correctly. It also includes some basic information about important Apache files and directory locations.

此页面表明Apache正常工作。 它还包括有关重要Apache文件和目录位置的一些基本信息。

第3步-管理Apache进程 (Step 3 — Managing the Apache Process)

Now that the service is installed and running, you can now use different systemctl commands to manage the service.

现在已经安装并运行了该服务，您现在可以使用不同的systemctl命令来管理该服务。

To stop your web server, type:

要停止您的Web服务器，请输入：

• sudo systemctl stop httpd
  sudo systemctl停止httpd

To start the web server when it is stopped, type:

要在停止时启动Web服务器，请键入：

• sudo systemctl start httpd
  sudo systemctl启动httpd

To stop and then start the service again, type:

要停止然后再次启动该服务，请键入：

• sudo systemctl restart httpd
  sudo systemctl重新启动httpd

If you are simply making configuration changes, Apache can often reload without dropping connections. To do this, use this command:

如果您只是在更改配置，Apache经常可以重新加载而无需断开连接。 为此，请使用以下命令：

• sudo systemctl reload httpd
  须藤systemctl重新加载httpd

By default, Apache is configured to start automatically when the server boots. If this is not what you want, disable this behavior by typing:

默认情况下，Apache配置为在服务器启动时自动启动。 如果这不是您想要的，请通过键入以下内容禁用此行为：

• sudo systemctl disable httpd
  sudo systemctl禁用httpd

To re-enable the service to start up at boot, type:

要重新启用该服务以在引导时启动，请键入：

• sudo systemctl enable httpd
  sudo systemctl启用httpd

Apache will now start automatically when the server boots again.

现在，当服务器再次启动时，Apache将自动启动。

The default configuration for Apache will allow your server to host a single website. If you plan on hosting multiple domains on your server, you will need to configure virtual hosts on your Apache web server.

Apache的默认配置将允许您的服务器托管一个网站。 如果计划在服务器上托管多个域，则需要在Apache Web服务器上配置虚拟主机。

步骤4 —设置虚拟主机(推荐) (Step 4 — Setting Up Virtual Hosts (Recommended))

When using the Apache web server, you can use virtual hosts (if you are more familiar with Nginx, these are similar to server blocks) to encapsulate configuration details and host more than one domain from a single server. In this step, you will set up a domain called example.com, but you should replace this with your own domain name. If you are setting up a domain name with DigitalOcean, please refer to our Networking Documentation.

使用Apache Web服务器时，可以使用虚拟主机 (如果您对Nginx更为熟悉，它们类似于服务器块)来封装配置详细信息，并在一台服务器中承载多个域。 在此步骤中，您将设置一个名为example.com的域，但应将其替换为您自己的域名。 如果您要使用DigitalOcean设置域名，请参阅我们的网络文档 。

Apache on CentOS 8 has one virtual host enabled by default that is configured to serve documents from the /var/www/html directory. While this works well for a single site, it can become unwieldy if you are hosting multiple sites. Instead of modifying /var/www/html, you will create a directory structure within /var/www for the example.com site, leaving /var/www/html in place as the default directory to be served if a client request doesn’t match any other sites.

默认情况下，CentOS 8上的Apache启用了一个虚拟主机，该虚拟主机被配置为提供/var/www/html目录中的文档。 尽管这对于单个站点非常有效，但是如果您托管多个站点，则可能变得笨拙。 而不是修改的/var/www/html ，您将创建一个目录结构中/var/www为example.com的网站，留下/var/www/html在地方作为默认目录送达，如果客户端请求没有按”与任何其他网站匹配。

Create the html directory for example.com as follows, using the -p flag to create any necessary parent directories:

使用-p标志创建所有必需的父目录，如下所示为example.com创建html目录：

• sudo mkdir -p /var/www/example.com/html

  须藤mkdir -p / var / www / example.com / html

Create an additional directory to store log files for the site:

创建一个附加目录来存储站点的日志文件：

• sudo mkdir -p /var/www/example.com/log

  须藤mkdir -p / var / www / example.com / log

Next, assign ownership of the html directory with the $USER environmental variable:

接下来，使用$USER环境变量分配html目录的所有权：

• sudo chown -R $USER:$USER /var/www/example.com/html

  须藤chown -R $ USER：$ USER / var / www / example.com / html

Make sure that your web root has the default permissions set:

确保您的Web根拥有默认权限集：

• sudo chmod -R 755 /var/www
  须藤chmod -R 755 / var / www

Next, create a sample index.html page using vi or your favorite editor:

接下来，使用vi或您喜欢的编辑器创建一个示例index.html页面：

• sudo vi /var/www/example.com/html/index.html

  须藤vi / var / www / example.com /html/index.html

Press i to switch to INSERT mode and add the following sample HTML to the file:

按i切换到INSERT模式，然后将以下示例HTML添加到文件中：

/var/www/example.com/html/index.html

/var/www/example.com/html/index.html

<html>
  <head>
    <title>Welcome to Example.com!</title>
  </head>
  <body>
    <h1>Success! The example.com virtual host is working!</h1>
  </body>
</html>

Save and close the file by pressing ESC, typing :wq, and pressing ENTER.

通过按ESC ，键入:wq并按ENTER来保存并关闭文件。

With your site directory and sample index file in place, you are almost ready to create the virtual host files. Virtual host files specify the configuration of your separate sites and tell the Apache web server how to respond to various domain requests.

有了您的站点目录和样本索引文件，您几乎可以创建虚拟主机文件了。 虚拟主机文件指定单独站点的配置，并告诉Apache Web服务器如何响应各种域请求。

Before you create your virtual hosts, you will need to create a sites-available directory to store them in. You will also create the sites-enabled directory that tells Apache that a virtual host is ready to serve to visitors. The sites-enabled directory will hold symbolic links to virtual hosts that we want to publish. Create both directories with the following command:

在创建虚拟主机之前，您将需要创建一个sites-available目录来存储它们。您还将创建一个sites-enabled目录，该目录告诉Apache虚拟主机已准备好为访问者提供服务。 sites-enabled目录将包含指向我们要发布的虚拟主机的符号链接。 使用以下命令创建两个目录：

• sudo mkdir /etc/httpd/sites-available /etc/httpd/sites-enabled
  sudo mkdir / etc / httpd / sites-available / etc / httpd / sites-enabled

Next, you will tell Apache to look for virtual hosts in the sites-enabled directory. To accomplish this, edit Apache’s main configuration file using vi or your favorite text editor and add a line declaring an optional directory for additional configuration files:

接下来，您将告诉Apache在sites-enabled目录中寻找虚拟主机。 为此，请使用vi或您喜欢的文本编辑器编辑Apache的主要配置文件，并添加一行以声明其他配置文件的可选目录：

• sudo vi /etc/httpd/conf/httpd.conf
  须藤vi /etc/httpd/conf/httpd.conf

Press capital G to navigate towards the end of the file. Then press i to switch to INSERT mode and add the following line to the very end of the file:

按大写G导航到文件末尾。 然后按i切换到INSERT模式，并将以下行添加到文件的末尾：

/etc/httpd/conf/httpd.conf

/etc/httpd/conf/httpd.conf

...
# Supplemental configuration
#
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf
IncludeOptional sites-enabled/*.conf

Save and close the file when you are done adding that line. Now that you have your virtual host directories in place, you will create your virtual host file.

完成添加该行后，保存并关闭文件。 现在您已经有了虚拟主机目录，您将创建虚拟主机文件。

Start by creating a new file in the sites-available directory:

首先在sites-available目录中创建一个新文件：

• sudo vi /etc/httpd/sites-available/example.com.conf

  须藤vi / etc / httpd / sites-available / example.com .conf

Add in the following configuration block, and change the example.com domain to your domain name:

添加以下配置块，然后将example.com域更改为您的域名：

/etc/httpd/sites-available/example.com.conf

/etc/httpd/sites-available/example.com.conf

<VirtualHost *:80>
    ServerName www.example.com
    ServerAlias example.com
    DocumentRoot /var/www/example.com/html
    ErrorLog /var/www/example.com/log/error.log
    CustomLog /var/www/example.com/log/requests.log combined
</VirtualHost>

This will tell Apache where to find the root directly that holds the publicly accessible web documents. It also tells Apache where to store error and request logs for this particular site.

这将告诉Apache在哪里直接找到包含公共可访问Web文档的根。 它还告诉Apache该特定站点的错误存储位置和请求日志。

Save and close the file when you are finished.

完成后保存并关闭文件。

Now that you have created the virtual host files, you will enable them so that Apache knows to serve them to visitors. To do this, create a symbolic link for each virtual host in the sites-enabled directory:

现在，您已经创建了虚拟主机文件，您将启用它们，以便Apache知道将其提供给访问者。 为此，请在sites-enabled目录中为每个虚拟主机创建一个符号链接：

• sudo ln -s /etc/httpd/sites-available/example.com.conf /etc/httpd/sites-enabled/example.com.conf

  sudo ln -s / etc / httpd / sites-available / example.com .conf / etc / httpd / sites-enabled / example.com .conf

Your virtual host is now configured and ready to serve content. Before restarting the Apache service, let’s make sure that SELinux has the correct policies in place for your virtual hosts.

现在，您的虚拟主机已配置完毕，可以开始提供内容了。 在重新启动Apache服务之前，请确保SELinux已为您的虚拟主机设置了正确的策略。

步骤5 —调整虚拟主机的SELinux权限(推荐) (Step 5 — Adjusting SELinux Permissions for Virtual Hosts (Recommended))

SELinux is a Linux kernel security module that brings heightened security for Linux systems. CentOS 8 comes equipped with SELinux configured to work with the default Apache configuration. Since you changed the default configuration by setting up a custom log directory in the virtual hosts configuration file, you will receive an error if you attempt to start the Apache service. To resolve this, you need to update the SELinux policies to allow Apache to write to the necessary files.

SELinux是Linux内核安全模块，可为Linux系统带来更高的安全性。 CentOS 8配备了SELinux，该Linux配置为与默认的Apache配置一起使用。 由于通过在虚拟主机配置文件中设置自定义日志目录来更改默认配置，因此，如果尝试启动Apache服务，则会收到错误消息。 要解决此问题，您需要更新SELinux策略以允许Apache写入必要的文件。

There are different ways to set policies based on your environment’s needs as SELinux allows you to customize your security level. This step will cover two methods of adjusting Apache policies: universally and on a specific directory. Adjusting policies on directories is more secure, and is therefore the recommended approach.

SELinux允许您自定义安全级别，因此有多种方法可以根据您的环境需求设置策略。 此步骤将介绍两种调整Apache策略的方法：通用方法和特定目录中的方法。 调整目录策略更加安全，因此是推荐的方法。

普遍调整Apache策略 (Adjusting Apache Policies Universally)

Setting the Apache policy universally will tell SELinux to treat all Apache processes identically by using the httpd_unified Boolean. While this approach is more convenient, it will not give you the same level of control as an approach that focuses on a file or directory policy.

普遍设置Apache策略将使SELinux通过使用httpd_unified布尔值来httpd_unified对待所有Apache进程。 尽管此方法更为方便，但它无法为您提供与专注于文件或目录策略的方法相同的控制级别。

Run the following command to set a universal Apache policy:

运行以下命令来设置通用Apache策略：

• sudo setsebool -P httpd_unified 1
  sudo setsebool -P httpd_unified 1

The setsebool command changes SELinux Boolean values. The -P flag will update the boot-time value, making this change persist across reboots. httpd_unified is the Boolean that will tell SELinux to treat all Apache processes as the same type, so you enabled it with a value of 1.

setsebool命令更改SELinux布尔值。 -P标志将更新引导时间值，从而使此更改在重新引导后持续存在。 httpd_unified是布尔值，它将告诉SELinux将所有Apache进程视为同一类型，因此您将其启用为1 。

调整目录上的Apache策略 (Adjusting Apache Policies on a Directory)

Individually setting SELinux permissions for the /var/www/example.com/log directory will give you more control over your Apache policies, but may also require more maintenance. Since this option is not universally setting policies, you will need to manually set the context type for any new log directories specified in your virtual host configurations.

单独为/var/www/ example.com /log目录设置SELinux权限将为您提供对Apache策略的更多控制，但可能还需要更多维护。 由于此选项不是通用设置策略，因此您需要为虚拟主机配置中指定的任何新日志目录手动设置上下文类型。

First, check the context type that SELinux gave the /var/www/example.com/log directory:

首先，检查SELinux提供给/var/www/ example.com /log目录的上下文类型：

• sudo ls -dlZ /var/www/example.com/log/

  须藤ls -dlZ / var / www / example.com / log /

This command lists and prints the SELinux context of the directory. You will receive output similar to the following:

此命令列出并打印目录的SELinux上下文。 您将收到类似于以下内容的输出：

   
   

    
    Output
   
   
drwxr-xr-x. 2 root root unconfined_u:object_r:httpd_sys_content_t:s0 6 Apr 23 23:51 /var/www/example.com/log/

The current context is httpd_sys_content_t, which tells SELinux that the Apache process can only read files created in this directory. In this tutorial, you will change the context type of the /var/www/example.com/log directory to httpd_log_t. This type will allow Apache to generate and append to web application log files:

当前上下文是httpd_sys_content_t ，它告诉SELinux Apache进程只能读取在此目录中创建的文件。 在本教程中，您将/var/www/ example.com /log目录的上下文类型更改为httpd_log_t 。 此类型将允许Apache生成并附加到Web应用程序日志文件：

• sudo semanage fcontext -a -t httpd_log_t "/var/www/example.com/log(/.*)?"

  sudo semanage fcontext -a -t httpd_log_t “ / var / www / example.com /log(/.*)？”

Next, use the restorecon command to apply these changes and have them persist across reboots:

接下来，使用restorecon命令应用这些更改并使它们在重新引导后仍然存在：

• sudo restorecon -R -v /var/www/example.com/log

  sudo restorecon -R -v / var / www / example.com / log

The -R flag runs this command recursively, meaning it will update any existing files to use the new context. The -v flag will print the context changes the command made. You will receive the following output confirming the changes:

-R标志以递归方式运行此命令，这意味着它将更新所有现有文件以使用新上下文。 -v标志将打印命令所做的上下文更改。 您将收到以下输出，确认更改：

   
   

    
    Output
   
   
Relabeled /var/www/example.com/log from unconfined_u:object_r:httpd_sys_content_t:s0 to unconfined_u:object_r:httpd_log_t:s0

You can list the contexts once more to see the changes:

您可以再次列出上下文以查看更改：

• sudo ls -dlZ /var/www/example.com/log/

  须藤ls -dlZ / var / www / example.com / log /

The output reflects the updated context type:

输出反映了更新的上下文类型：

   
   

    
    Output
   
   
drwxr-xr-x. 2 root root unconfined_u:object_r:httpd_log_t:s0 6 Apr 23 23:51 /var/www/example.com/log/

Now that the /var/www/example.com/log directory is using the httpd_log_t type, you are ready to test your virtual host configuration.

既然/var/www/ example.com /log目录正在使用httpd_log_t类型，您就可以测试虚拟主机配置了。

步骤6 —测试虚拟主机(推荐) (Step 6 — Testing the Virtual Host (Recommended))

Once the SELinux context has been updated with either method, Apache will be able to write to the /var/www/example.com/log directory. You can now successfully restart the Apache service:

使用任何一种方法更新SELinux上下文之后，Apache都将能够写入/var/www/ example.com /log目录。 现在，您可以成功地重新启动Apache服务：

• sudo systemctl restart httpd
  sudo systemctl重新启动httpd

List the contents of the /var/www/example.com/log directory to see if Apache created the log files:

列出/var/www/ example.com /log目录的内容，以查看Apache是​​否创建了日志文件：

• ls -lZ /var/www/example.com/log

  ls -lZ / var / www / example.com / log

You’ll receive confirmation that Apache was able to create the error.log and requests.log files specified in the virtual host configuration:

您会收到确认阿帕奇能够创建error.log和requests.log在虚拟主机配置指定的文件：

   
   

    
    Output
   
   
-rw-r--r--. 1 root root system_u:object_r:httpd_log_t:s0 0 Apr 24 00:06 error.log
-rw-r--r--. 1 root root system_u:object_r:httpd_log_t:s0 0 Apr 24 00:06 requests.log

Now that you have your virtual host set up and SELinux permissions updated, Apache will now serve your domain name. You can test this by navigating to http://example.com, where you should see something like this:

现在您已经设置了虚拟主机并更新了SELinux权限，Apache现在将为您的域名提供服务。 您可以通过导航到http:// example.com ，您应该会在其中看到以下内容：

This confirms that your virtual host is successfully configured and serving content. Repeat Steps 4 and 5 to create new virtual hosts with SELinux permissions for additional domains.

这确认您的虚拟主机已成功配置并提供内容。 重复步骤4和5，为其他域创建具有SELinux权限的新虚拟主机。

结论 (Conclusion)

In this tutorial, you installed and managed the Apache web server. Now that you have your web server installed, you have many options for the type of content you can serve and the technologies you can use to create a richer experience.

在本教程中，您安装并管理了Apache Web服务器。 现在，您已经安装了Web服务器，对于可以提供的内容类型以及可以用来创建更丰富体验的技术，有了很多选择。

If you’d like to build out a more complete application stack, you can look at this article on how to configure a LAMP stack on CentOS 8.

如果您想构建一个更完整的应用程序堆栈，可以查看有关如何在CentOS 8上配置LAMP堆栈的本文。

翻译自: https://www.digitalocean.com/community/tutorials/how-to-install-the-apache-web-server-on-centos-8