此过程经过测试,适用于Centos6和Centos7。
由于当前apache的版本比较老,tls是1.0,chrome最新版本已不再支持tls1.0,导致网面打不开,所以apache必须得升级才行。
通过直接安装较新版本的apache就可以了,apache的安装目录需要区别于旧版本的apache.
1. 卸载系统默认安装的Apache
[root@qht133 apache]# rpm -qa httpd*
httpd-tools-2.2.15-15.el6.centos.x86_64
httpd-2.2.15-15.el6.centos.x86_64
[root@qht133 apache]# rpm -e --nodeps httpd-tools-2.2.15-15.el6.centos.x86_64
[root@qht133 apache]# rpm -e --nodeps httpd-2.2.15-15.el6.centos.x86_64
[root@qht133 apache]# rpm -qa httpd*
2.安装依赖包
必须先用yum把需要的依赖包安装好,再源码编译安装其他的依赖包和Apache软件包,如果先源码编译安装apr,apr-util,再yum安装其他依赖包,最后编译安装Apache时容易安装失败。
[root@qht133 apache]# yum -y install gcc gcc-c++ zlib-devel openssl-devel pcre pcre-devel expat-devel libxml2-devel
3.下载APR和APR-Util和PCRE
免费下载apr-1.5.2.tar.gz、apr-util-1.5.4.tar.gz各个版本的链接
Index of /dist/aprhttp://archive.apache.org/dist/apr/
安装apr
[root@qht133 apache]# tar -zxvf apr-1.6.5.tar.gz
[root@qht133 apache]# cd apr-1.6.5
[root@qht133 apr-1.6.5]# mkdir /usr/local/apr
[root@qht133 apr-1.6.5]# ./configure --prefix=/usr/local/apr
[root@qht133 apr-1.6.5]# make && make install
[root@qht133 apr-1.6.5]# cd /usr/local/apr/
[root@qht133 apr]# ls
bin build-1 include lib
4.安装apr-util
[root@qht133 apache]# tar -zxvf apr-util-1.6.1.tar.gz
[root@qht133 apache]# cd apr-util-1.6.1
[root@qht133 apr-util-1.6.1]# mkdir /usr/local/apr-util
[root@qht133 apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
[root@qht133 apr-util-1.6.1]# make && make install
[root@qht133 apr-util-1.6.1]# ls /usr/local/apr-util/
bin include lib
5.安装pcre
下载地址:
[root@qht133 apache]# tar -zxvf pcre-8.43.tar.gz
[root@qht133 apache]# cd pcre-8.43
[root@qht133 pcre-8.43]# mkdir /usr/local/pcre
[root@qht133 pcre-8.43]# ./configure --prefix=/usr/local/pcre --with-apr=/usr/local/apr/bin/apr-1-config
[root@qht133 pcre-8.43]#m make && make install
[root@qht133 pcre-8.43]# ls /usr/local/pcre/
bin include lib share
6.下载和安装apache
下载地址
Index of /dist/httpdhttps://archive.apache.org/dist/httpd/开始安装
[root@qht133 apache]# tar -zxvf httpd-2.4.37.tar.gz
[root@qht133 apache]# cd httpd-2.4.37
[root@qht133 httpd-2.4.37]# mkdir -p /usr/local/apache2.4
[root@qht133 httpd-2.4.37]# ./configure --prefix=/usr/local/apache2.4 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --enable-modules=most --enable-mpms-shared=all --with-mpm-prefork
[root@qht133 httpd-2.4.37]# make && make install
[root@qht133 httpd-2.4.37]# ll /usr/local/apache2.4/
total 56
drwxr-xr-x. 2 root root 4096 Feb 9 22:55 bin
drwxr-xr-x. 2 root root 4096 Feb 9 22:55 build
drwxr-xr-x. 2 root root 4096 Feb 9 22:55 cgi-bin
drwxr-xr-x. 4 root root 4096 Feb 9 22:55 conf
drwxr-xr-x. 3 root root 4096 Feb 9 22:55 error
drwxr-sr-x. 2 root root 4096 Oct 18 2018 htdocs
drwxr-xr-x. 3 root root 4096 Feb 9 22:55 icons
drwxr-xr-x. 2 root root 4096 Feb 9 22:55 include
drwxr-xr-x. 2 root root 4096 Feb 9 22:55 logs
drwxr-xr-x. 4 root root 4096 Feb 9 22:55 man
drwxr-sr-x. 14 root root 12288 Oct 18 2018 manual
drwxr-xr-x. 2 root root 4096 Feb 9 22:55 modules
[root@qht133 ~]# cd /usr/local/apache2.4/bin
[root@qht133 bin]# ./httpd -v
Server version: Apache/2.4.37 (Unix)
Server built: Feb 9 2022 22:54:04
7.安装成功后的验证
先不改任何配置,试一下80端口能否连接
启动apache
[root@qht133 ~]# /usr/local/httpd/bin/apachectl start
8.配置apache+Tomcat
1.安装mod_jk模块
由于要用到apache要去和tomcat进行连接,需要安装mod_jk
下载链接
安装步骤:
[root@qht133 apache]# tar -zxvf tomcat-connectors-1.2.48-src.tar.gz
[root@qht133 apache]# cd tomcat-connectors-1.2.48-src
[root@qht133 tomcat-connectors-1.2.48-src]# cd native/
[root@qht133 native]# ./configure --with-apxs=/usr/local/apache2.4/bin/apxs
[root@qht133 native]# make && make install
[root@qht133 bin]# ll /usr/local/apache2.4/modules/mod_jk.so
-rwxr-xr-x. 1 root root 1153419 Feb 10 00:38 /usr/local/apache2.4/modules/mod_jk.so
发现modules目录下面有mod_jk.so文件了,说明安装成功
2.修改httpd.conf
2.1. 修改IP以及端口,将端口改成443
[root@qht133 conf]# vi /usr/local/apache2.4/conf/httpd.conf
第52行:Listen 172.17.61.133:443
第204行:ServerName 172.17.61.133:443
由于需要用443端口,所以要将所有ssl相关的模块开启
第136行 LoadModule ssl_module modules/mod_ssl.so
第503行 Include conf/extra/httpd-ssl.conf
最后一行加上
include conf/mod_jk.conf
2.2.编辑conf/mod_jk.conf,作用是加载mod_jk模块,以及指定workers.properties的位置
#load mod_jk
#
LoadModule jk_module modules/mod_jk.so
#LoadModule dav_svn_module modules/mod_dav_svn.so
#LoadModule authz_svn_module modules/mod_authz_svn.so
#AddModule mod_jk.c
# Where to find workers.properties
# Update this path to match your conf directory location (put workers.properties next to httpd.conf)
JkWorkersFile conf/workers.properties
# Where to put jk shared memory
# Update this path to match your local state directory or logs directory
JkShmFile logs/mod_jk.shm
# Where to put jk logs
# Update this path to match your logs directory location (put mod_jk.log next to access_log)
JkLogFile logs/mod_jk1.log
# Set the jk log level [debug/error/info]
JkLogLevel info
# Select the timestamp log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
2.3.编辑 workers.properties
[root@qht131 conf]# cat workers.properties
# Define 3 real worker using ajp13
worker.list=router
# Set properties for qht2501 (ajp13)
worker.qht2501.type=ajp13
worker.qht2501.host=172.17.61.133
worker.qht2501.port=2501
worker.qht2501.lbfactor=1
# Set properties for qht2502 (ajp13)
worker.qht2502.type=ajp13
worker.qht2502.host=172.17.61.133
worker.qht2502.port=2502
worker.qht2502.lbfactor=1
# Define the LB worker
worker.router.type=lb
worker.router.sticky_session=true
worker.router.session_cookie=SSOSESSIONID
worker.router.session_path=;ssosessionid
worker.router.balance_workers=qht2501,qht2502
3.4.编辑extra/httpd-ssl.conf
注意掉第36行的,因为httpd.conf已指定使用443端
#Listen 443
证书的部分改一下
最关键的是这个地方,要在最后的</VirtualHost>上面一行增加JkMount /* router,指定所有的apache服务都由router来运行,router是 workers.properties面面指定的,名字需要一致。
#### JK module ####
# Send everything for context /examples to worker named worker1 (ajp13)
JkMount /* router
如果不是使用443服务,只需要将JkMount /* router放到conf/httpd.conf就可以了。
3.5重启apache后,应该是打开443端口,并且看到TLS的版本是1.2了。
出现证书错误或失效,重新获取证书并更改extra/httpd-ssl.conf里替换新的证书就可以了
参考: