交流群:692356620,有不同的问题或见解可以来群里讨论,或者私聊我qq:1251611916
编译安装httpd
//下载安装httpd所需的源码包
[root@duanruhui ~]# ls
anaconda-ks.cfg apr-1.7.0.tar.gz apr-util-1.6.1.tar.gz httpd-2.4.53.tar.gz
//安装开发环境
//创建与apach同名的用户和组
[root@duanruhui ~]# yum groups mark install "Development Tools"
[root@duanruhui ~]# useradd -r -M -s /sbin/nologin apache
[root@duanruhui ~]# id apache
uid=992(apache) gid=992(apache) groups=992(apache)
[root@duanruhui ~]# grep apach /etc/group
apache x:992:
//安装开发工具包
[root@duanruhui ~]# yum -y install openssl-devel pcre-devel expat-devel libtool
//编译apr
[root@duanruhui ~]# tar xf apr-1.7.0.tar.gz
[root@duanruhui ~]# cd apr-1.7.0
[root@duanruhui apr-1.7.0]# vi configure//删除或者注释掉$RM "$cfgfile"
[root@duanruhui apr-1.7.0]# ./configure --prefix=/usr/local/apr//设置路径
[root@duanruhui apr-1.7.0]# make//编译
[root@duanruhui apr-1.7.0]# make install//二次编译
//编译apr-util
[root@duanruhui ~]# tar xf apr-util-1.6.1.tar.gz
[root@duanruhui ~]# cd apr-util-1.6.1
[root@duanruhui apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr//设置路径,开启apr功能
[root@duanruhui apr-util-1.6.1]# make//编译
[root@duanruhui apr-util-1.6.1]# make install//二次编译
//编译httpd
[root@duanruhui ~]# tar xf httpd-2.4.5tar.gz
[root@duanruhui ~]# cd httpd-2.4.53
[root@duanruhui httpd-2.4.53]# ./configure --prefix=/usr/local/apache --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork//设置路径,开启功能
--enable-so //开启so共享对象功能
--enable-ssl//开启ssl加密
--enable-cgi//开启公共网关接口
--enable-rewrite//开启重写功能
--with-zlib //开启压缩功能
--with-pcre //开启pre工具包
--with-apr=/usr/local/apr //开启apr功能
--with-apr-util=/usr/local/apr-util //开启apr-util功能
--enable-modules=most //开启模块模式为多个
--enable-mpms-shared=all//开启共享对象的功能为all
--with-mpm=prefork//工作模式为prefork
[root@duanruhui httpd-2.4.53]# make//编译
[root@duanruhui httpd-2.4.53]# make install//二次编译
//查看是否成功
[root@duanruhui ~]# ls /usr/local/
apache apr apr-util bin etc games include lib lib64 libexec sbin share src
//设置环境变量
[root@duanruhui ~]# echo 'export PATH=/usr/local/apache/bin:$PATH'> /etc/profile.d/apache.sh
[root@duanruhui ~]# source /etc/profile.d/apache.sh
[root@duanruhui ~]# which httpd
/usr/local/apache/bin/httpd
[root@duanruhui ~]# which apachectl
/usr/local/apache/bin/apachectl
//设置头文件
[root@duanruhui ~]# ln -s /usr/local/apache/include /usr/include/apache
//设置man文档
[root@duanruhui ~]# vi /etc/man_db.conf
//关闭防火墙
systemctl disable --now firewalld 关闭防火墙
[root@duanruhui ~]# setenforce 0//上一条命令此次生效,即立马关闭防火墙
[root@duanruhui ~]# vi /etc/selinux/config //次重启生效
//开启httpd
[root@duanruhui ~]# apachectl start
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::20c:29ff:fe1e:3a97%eth0. Set the 'ServerName' directive globally to suppress this message
[root@duanruhui ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
//设置httpd开机自启
cd /usr/lib/systemd/system
[root@duanruhui system]# ls sshd.service
sshd.service
[root@duanruhui system]# cp sshd.service httpd.servic
[root@duanruhui system]# vi httpd.service
[root@duanruhui system]# cat httpd.service
[Unit]
Description=httpd server daemon
After=network.target sshd-keygen.target
[Service]
Type=forking
ExecStart=/usr/local/apache/bin/apachectl start
Execstop=/usr/local/apache/bin/apachectl stop
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
[root@duanruhui system]# systemctl daemon-reload
[root@duanruhui system]# systemctl enable httpd
配置三种不同类型的虚拟主机
虚拟主机:一个虚拟机部署多个网站
//创建两个目录,并且往里面添加内容
[root@duanruhui htdocs]# mkdir hjl1.example.com
[root@duanruhui htdocs]# mkdir hjl2.example.com
[root@duanruhui htdocs]# ls
hjl1.example.com hjl2.example.com
index.html
[root@duanruhui htdocs]# mv index.html hjl1.example.com/
[root@duanruhui htdocs]# ls
hjl1.example.com hjl2.example.com
[root@duanruhui htdocs]# cd hjl2.example.com/
[root@duanruhui hjl2.example.com]# echo "dabao page">index.html
[root@duanruhui hjl2.example.com]# ls
index.html
//主配置文件引用虚拟主机的配置
[root@duanruhui ~]# cd /usr/local/apache/conf/
[root@duanruhui conf]# ls
extra httpd.conf magic mime.types original
[root@duanruhui conf]# vi httpd.conf
[root@duanruhui conf]# systemctl restart httpd
//配置虚拟主机
[root@duanruhui ~]# cd /usr/local/apache/conf
[root@duanruhui conf]# ls
extra httpd.conf magic mime.types original
[root@duanruhui conf]# ls extra/
httpd-autoindex.conf httpd-mpm.conf
httpd-dav.conf httpd-multilang-errordoc.conf
httpd-default.conf httpd-ssl.conf
httpd-info.conf httpd-userdir.conf
httpd-languages.conf httpd-vhosts.conf
httpd-manual.conf proxy-html.conf
//相同ip,不同端口
[root@duanruhui conf]# cat extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/hjl1.example.com"
ServerName hjl1.example.com
ErrorLog "logs/hjl1.example.com-error_log"
CustomLog "logs/hjl1.example.com-access_log" common
</VirtualHost>
Listen 81
<VirtualHost *:81>
DocumentRoot "/usr/local/apache/htdocs/hjl2.example.com"
ServerName hjl2.example.com
ErrorLog "logs/hjl2.example.com-error_log"
CustomLog "logs/hjl2.example.com-access_log" common
</VirtualHost>
[root@duanruhui ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:81 *:*
LISTEN 0 128 [::]:22 [::]:*
//不同ip,相同端口
[root@duanruhui apache]# cat conf/extra/httpd-vhosts.conf
<VirtualHost 192.168.140.130:80>
DocumentRoot "/usr/local/apache/htdocs/hjl1.example.com"
ServerName hjl1.example.com
ErrorLog "logs/hjl1.example.com-error_log"
CustomLog "logs/hjl1.example.com-access_log" common
</VirtualHost>
Listen 81
<VirtualHost 192.168.140.131:80>
DocumentRoot "/usr/local/apache/htdocs/hjl2.example.com"
ServerName hjl2.example.com
ErrorLog "logs/hjl2.example.com-error_log"
CustomLog "logs/hjl2.example.com-access_log" common
</VirtualHost>
//相同ip,相同端口,不同域名
[root@duanruhui apache]# cat conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/test.example.com"
ServerName test.example.com
ErrorLog "logs/test.example.com-error_log"
CustomLog "logs/test.example.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/dabao.example.com"
ServerName dabao.example.com
ErrorLog "logs/dabao.example.com-error_log"
CustomLog "logs/dabao.example.com-access_log" common
</VirtualHost>
https配置
[root@duanruhui ~]# cd /etc/pki
[root@duanruhui pki]# mkdir CA
[root@duanruhui pki]# cd CA/
[root@duanruhui CA]# mkdir private
[root@duanruhui CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
.+++++
....................+++++
e is 65537 (0x010001)
[root@duanruhui CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:RUNTIME
Organizational Unit Name (eg, section) []:RUNTIME
Common Name (eg, your name or your server's hostname) []:RUMTIME
Email Address []:TIME@123
[root@duanruhui CA]# mkdir certs newcerts crl
[root@duanruhui CA]# touch index.txt && echo 01 > serial
[root@duanruhui CA]# cd
[root@duanruhui ~]# cd /usr/local/apache/conf/
[root@duanruhui conf]# mkdir ssl
[root@duanruhui conf]# cd ssl
[root@duanruhui ssl]# (umask 077;openssl genrsa -out httpd.key 2048)Generating RSA private key, 2048 bit long modulus (2 primes)
......................................+++++
....................................................................+++++
e is 65537 (0x010001)
root@duanruhui ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:RUNTIME
Organizational Unit Name (eg, section) []:RUNTIME
Common Name (eg, your name or your server's hostname) []:RUNTIME
Email Address []:TIME@123
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@duanruhui ssl]# openssl ca -in httpd.csr -out httpd.crt -days 165
[root@duanruhui ssl]# ls
httpd.crt httpd.csr httpd.key
[root@duanruhui conf]# vi httpd.conf
[root@duanruhui conf]# vi extra/httpd-ssl.conf
[root@duanruhui ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:443 *:*
访问控制配置
[root@duanruhui apache]# cat conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/test.example.com"
ServerName test.example.com
ErrorLog "logs/test.example.com-error_log"
CustomLog "logs/test.example.com-access_log" common
<Directory "/usr/local/apache/htdocs/test.example.com">
<RequireAll>
Require not ip 192.168.138.202
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/dabao.example.com"
ServerName dabao.example.com
ErrorLog "logs/dabao.example.com-error_log"
CustomLog "logs/dabao.example.com-access_log" common
</VirtualHost>