文章目录
编译安装httpd
编译安装apache需要三个源码包
安装顺序为: apr apr-util httpd
准备工作
[root@localhost ~]# yum groups mark install "Development Tools" //安装开发工具包
[root@localhost ~]# useradd -r -M -s /sbin/nologin apache //创建一个系统用户 不生成家目录 拒绝登录/sbin/nologin
[root@localhost ~]# id apache
uid=975(apache) gid=973(apache) 组=973(apache)
[root@localhost ~]# yum -y install openssl-devel pcre-devel expat-devel libtool //安装依赖包
[root@localhost ~]# yum - y install make //编译需要make命令
//依赖包要提前装进去
//apr的依赖包要在httpd包之前装上去,编译安装的时候会引用进去,要不然就会报错。报错就只能重新装apache了
下载源码包并解压
源码包地址:https://downloads.apache.org/
//wget命令下载
[root@localhost ~]# wget https://downloads.apache.org/httpd/httpd-2.4.53.tar.gz
[root@localhost ~]# wget https://downloads.apache.org/apr/apr-1.7.0.tar.gz
[root@localhost ~]# wget https://downloads.apache.org/apr/apr-util-1.6.1.tar.gz
//解压
[root@localhost ~]# tar -xf apr-1.7.0.tar.gz
[root@localhost ~]# tar -xf apr-util-1.6.5.tar.gz
[root@localhost ~]# tar -xf httpd-2.4.53.tar.gz
编译安装apr-1.7.0
[root@localhost apr-1.7.0]# cd apr-1.7.0/
[root@localhost apr-1.7.0]# vim configure
[root@localhost apr-1.7.0]# sed -i 's/$RM "$cfgfile"/# $RM "$cfgfile"/g' configure
$RM "$cfgfile"
//注释或者删除这个
[root@localhost apr-1.7.0]# ./configure --prefix=/usr/local/apr
[root@localhost apr-1.7.0]# make && make install
编译安装apr-util-1.6.1
[root@localhost apr-util-1.6.1]# cd apr-util-1.6.1/
[root@localhost apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr //apr-util是apr的子包 所以需要指定指定主包的位置
[root@localhost apr-util-1.6.1]# make && make install
#子包指定主包
–with-apr=/usr/local/apr
编译安装httpd源码包
[root@localhost ~]# cd httpd-2.4.53/
[root@localhost httpd-2.4.53]# ./configure --prefix=/usr/local/apache \
--enable-so \
--enable-ssl \
--enable-cgi \
--enable-rewrite \
--with-zlib \
--with-pcre \
--with-apr=/usr/local/apr \
--with-apr-util=/usr/local/apr-util/ \
--enable-modules=most \
--enable-mpms-shared=all \
--with-mpm=prefork
[root@localhost httpd-2.4.54]# make && make install
设置环境变量
[root@localhost ~]# ls /usr/local/ //此目录就是安装三个源码包的位置
apache apr-util etc include lib64 sbin src
apr bin games lib libexec share
[root@localhost ~]# cd /usr/local/apache/
[root@localhost apache]# ls //环境变量的目录
bin cgi-bin error icons logs manual
build conf htdocs include man modules
//创建环境变量后httpd和apachectl命令就可以使用了
[root@localhost ~]# echo 'export PATH=/usr/local/apache/bin:$PATH' > /etc/profile.d/apache.sh
[root@localhost ~]# source /etc/profile.d/apache.sh
[root@localhost ~]# which httpd
/usr/local/apache/bin/httpd
[root@localhost ~]# which apachectl
/usr/local/apache/bin/apachectl
// /usr/local/apache/ 目录下常用目录解释
bin 命令
conf 配置文件
htdocs 网站
logs 日志
include 头文件
man 帮助文档
配置映射关系
[root@localhost ~]# ls /usr/local/apache/ //有头文件include所以需要做链接
bin cgi-bin error icons logs manual
build conf htdocs include man modules
[root@localhost ~]# ln -s /usr/local/apache/include/ /usr/include/apache
配置man文档
[root@localhost ~]# vim /etc/man_db.conf //添加下面一条
MANDATORY_MANPATH /usr/local/share/apache
配置防火墙 Selinux httpd
[root@localhost ~]# systemctl disable --now firewalld.service //关闭防火墙
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# setenforce 0 //关闭selinux 当前生效
[root@localhost ~]# getenforce
Permissive
[root@localhost ~]# vim /etc/selinux/config //永久关闭
SELINUX=disabled //第一个修改为disabled
#提前关闭告警信息
[root@localhost ~]# cd /usr/local/apache/
[root@localhost apache]# cd conf/ //进到配置文件目录
[root@localhost conf]# ls
extra httpd.conf magic mime.types original
[root@localhost conf]# vim httpd.conf //将下面一行的注释取消掉
ServerName www.example.com:80
//开启80端口号
[root@localhost ~]# ss -antl //查看端口号80是否开启
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
[root@localhost ~]# apachectl start //开启80端口号
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message //警告信息可以无视
[root@localhost ~]# ss -antl //再次查看80端口已经开启了
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
使用systemctl命令设置httpd
使用源码包安装apache服务 默认是不能用systemctl的
任何源码安装的服务都适用
[root@localhost ~]# cd /usr/lib/systemd/system
[root@localhost system]# ls sshd.service
sshd.service
[root@localhost system]# cp sshd.service httpd.service //复制一份这个文件改名为httpd.service
[root@localhost system]# vim httpd.service //编辑这个文件
[root@localhost system]# cat httpd.service
[Unit]
Description=httpd server daemon //修改为httpd
After=network.target sshd-keygen.target
[Service]
Type=forking
ExecStart=/usr/local/apache/bin/apachectl start //更改为apachectl的路径 开启
ExecStop=/usr/local/apache/bin/apachectl stop //关闭
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
[root@localhost ~]# systemctl daemon-reload //重启让其生效
配置三种不同的虚拟主机
虚拟主机可使一个服务器放多个网站
正常配置个虚拟主机
[root@localhost extra]# cd /usr/local/apache/htdocs/ //此目录为存放完网站的目录
[root@localhost htdocs]# mkdir web1 //创建一个测试目录用于存放网站
[root@localhost htdocs]# ls
index.html web1
[root@localhost htdocs]# cd web1/
[root@localhost web1]# echo 'hello web1' > index.html //创建网站的此时页面
[root@localhost web1]# cd ..
[root@localhost ~]# cd /usr/local/apache/conf/extra/ //虚拟主机文件存放路径
[root@localhost extra]# ls
httpd-autoindex.conf httpd-languages.conf httpd-ssl.conf
httpd-dav.conf httpd-manual.conf httpd-userdir.conf
httpd-default.conf httpd-mpm.conf httpd-vhosts.conf
httpd-info.conf httpd-multilang-errordoc.conf proxy-html.conf
[root@localhost extra]# vim httpd-vhosts.conf //修改虚拟主机文件
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/web1" //网站的存放位置
ServerName web1.example.com //域名
ErrorLog "logs/test.example.com-error_log" //错误日志存放位置
CustomLog "logs/test.example.com-access_log" common //日常日志存放位置
</VirtualHost>
//主配置文件未生效
[root@localhost extra]# vim /usr/local/apache/conf/httpd.conf //将此文件的下面一行 注释取消 让其包含虚拟主机文件 使其生效
Include conf/extra/httpd-vhosts.conf
[root@localhost extra]# systemctl restart httpd //重启服务
再次访问虚拟机ip地址 就能看到测试页面
如果你创建的文件不是叫index.html需要,单击*.html就可以看到写入的hello web1
虽然访问到了但是需要点击一下才能访问测试页面,与平时访问网站并不一样
[root@localhost htdocs]# cd test.example.com/
[root@localhost web1]# mv abc.html index.html //只需要将abc.html修改为index.html 即可
//修改为index.html是因为主配置文件内 规定了必须为index.html才可直接跳转为网页
[root@localhost ~]# vim /usr/local/apache/conf/httpd.conf
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
即可访问ip地址成功
ip加端口号访问
相同ip不同端口
[root@localhost ~]# cd /usr/local/apache/htdocs/
[root@localhost htdocs]# mkdir web.example.com //创建一个新的存放网站的目录
[root@localhost htdocs]# ls
index.html web1 web2
[root@localhost htdocs]# cd web2/
[root@localhost web2]# echo "hello web2" > index.html //创建一个新的测试文件
[root@localhost web2]# cat index.html
hello web2
//修改虚拟主机文件
[root@localhost ~]# cd /usr/local/apache/conf/extra/
[root@localhost extra]# vim httpd-vhosts.conf
[root@localhost extra]# cat httpd-vhosts.conf
<VirtualHost *:80> //此为web1网站的配置
DocumentRoot "/usr/local/apache/htdocs/web1"
ServerName web1.example.com
ErrorLog "logs/test.example.com-error_log"
CustomLog "logs/test.example.com-access_log" common
</VirtualHost>
Listen 81 //为其添加81的监听
<VirtualHost *:81> //将端口号修改为81
DocumentRoot "/usr/local/apache/htdocs/web2"
ServerName web2.example.com
ErrorLog "logs/web.example.com-error_log"
CustomLog "logs/web.example.com-access_log" common
</VirtualHost>
[root@localhost extra]# systemctl restart httpd.service //重启服务
[root@localhost htdocs]# httpd -t //检查配置文件
Syntax OK
[root@localhost extra]# ss -antl //查看端口号出现了两个端口80 81
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:81 *:*
[root@localhost extra]# ls
httpd-autoindex.conf httpd-languages.conf httpd-ssl.conf
httpd-dav.conf httpd-manual.conf httpd-userdir.conf
httpd-default.conf httpd-mpm.conf httpd-vhosts.conf
httpd-info.conf httpd-multilang-errordoc.conf proxy-html.conf
conf(主配置文件) conf.d(辅助配置文件) conf.modules.d(辅助配置文件,以模块配置文件为主)
再次输入ip地址
加上端口号即可访问不同的测试页面
80是默认的可以不需要接端口号
不同ip访问
不同ip相同端口
[root@localhost htdocs]# ip addr add 192.168.70.149/24 dev ens160 //为ens160添加一个新的ip 此添加为临时添加
[root@localhost htdocs]# ip addr show ens160
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:2a:4f:f5 brd ff:ff:ff:ff:ff:ff
inet 192.168.70.130/24 brd 192.168.70.255 scope global dynamic noprefixroute ens160
valid_lft 1758sec preferred_lft 1758sec
inet 192.168.70.149/24 scope global secondary ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe2a:4ff5/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@localhost htdocs]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf
[root@localhost htdocs]# cat /usr/local/apache/conf/extra/httpd-vhosts.conf
<VirtualHost 192.168.70.130:80> //固定IP
DocumentRoot "/usr/local/apache/htdocs/web1"
ServerName web1.example.com
ErrorLog "logs/test.example.com-error_log"
CustomLog "logs/test.example.com-access_log" common
</VirtualHost>
<VirtualHost 192.168.70.149:80> //新添加的IP,端口改为80
DocumentRoot "/usr/local/apache/htdocs/web2"
ServerName web2.example.com
ErrorLog "logs/web.example.com-error_log"
CustomLog "logs/web.example.com-access_log" common
</VirtualHost>
[root@localhost htdocs]# systemctl restart httpd
192.168.220.130 的测试页面
192.168.70.149的测试页面
相同ip端口不同域名
//修改成这样
[root@localhost htdocs]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/web1"
ServerName web1.example.com //域名位置
ErrorLog "logs/test.example.com-error_log"
CustomLog "logs/test.example.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/web2"
ServerName web2.example.com //域名位置
ErrorLog "logs/web.example.com-error_log"
CustomLog "logs/web.example.com-access_log" common
</VirtualHost>
//重启httpd
[root@localhost htdocs]# systemctl restart httpd
域名是无法访问的需要修改hosts文件
路径: C:\Windows\System32\drivers\etc
hosts文件内添加这两行
192.168.70.130 web1.example.com
192.168.70.130 web2.example.com
web1.example.com域名访问
web2.example.com域名访问
配置拒绝指定ip访问
[root@localhost htdocs]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf
<VirtualHost 192.168.70.130>
DocumentRoot "/usr/local/apache/htdocs/web1"
ServerName web1.example.com
ErrorLog "logs/test.example.com-error_log"
CustomLog "logs/test.example.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/web2"
ServerName web2.example.com
ErrorLog "logs/web.example.com-error_log"
CustomLog "logs/web.example.com-access_log" common
</VirtualHost>
<Directory "/usr/local/apache/htdocs/web1"> //网页存放的位置
<RequireAll>
Require ip 192.168.70.130 //拒绝的IP
Require all granted
</RequireAll>
</Directory>
[root@localhost htdocs]# systemctl restart httpd
[root@localhost htdocs]# httpd -t
Syntax OK
192.168.70.149是没有做拒绝的所以可以访问
192.168.70.130被拒绝无法访问
就算把192.168.70.130的网页存放目录改为htdocs目录,192.168.70.130访问有web1,和web2的网页文件,但只能访问web2,拒绝的web1是没有的,因为前面拒绝了
[root@localhost htdocs]# ls
web1 web2
配置https步骤
配置httpd.conf,取消以下内容的注释
[root@localhost conf]# vim httpd.conf //源码安装的服务模块在httpd.conf文件里
LoadModule ssl_module modules/mod_ssl.so //注释掉这一行
生成证书
openssl实现私有CA:
[root@localhost ~]# cd /etc/pki/
[root@localhost pki]# mkdir CA
[root@localhost pki]# cd CA/
[root@localhost CA]# mkdir private
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048) //在private目录下生成私钥文件
Generating RSA private key, 2048 bit long modulus (2 primes)
.....................+++++
...............................................+++++
e is 65537 (0x010001)
[root@localhost CA]# ls private/
cakey.pem
[root@localhost CA]# openssl rsa -in private/cakey.pem -pubout //查看公钥 可不做
CA生成自签署证书
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 //生成一个证书 有效日期为365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN //国家
State or Province Name (full name) []:HB //省份
Locality Name (eg, city) [Default City]:WH //市
Organization Name (eg, company) [Default Company Ltd]:kurumi //公司
Organizational Unit Name (eg, section) []:kurumi //单位
Common Name (eg, your name or your server's hostname) []:web.example.com //域名
Email Address []:1@123.com //邮箱
[root@localhost CA]# mkdir certs newcerts crl
[root@localhost CA]# touch index.txt && echo 01 > serial
客户端(例如httpd服务器)生成密钥
生成的秘钥想给哪个用哪个就是客户端
[root@localhost ~]# cd /usr/local/apache/conf/
[root@localhost conf]# ls
extra httpd.conf magic mime.types original
[root@localhost conf]# mkdir ssl
[root@localhost conf]# cd ssl/
[root@localhost ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
.............................................................................+++++
..........................+++++
e is 65537 (0x010001)
客户端生成证书签署请求
[root@localhost ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:kurumi
Organizational Unit Name (eg, section) []:kurumi
Common Name (eg, your name or your server's hostname) []:web.example.com
Email Address []:1@123.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@localhost ssl]# ls
httpd.csr httpd.key
CA签署客户端提交上来的证书
[root@localhost ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Apr 15 13:58:39 2022 GMT
Not After : Apr 15 13:58:39 2023 GMT
Subject:
countryName = CN
stateOrProvinceName = HB
organizationName = kurumi
organizationalUnitName = kurumi
commonName = web.example.com
emailAddress = 1@123.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
8F:D1:86:60:47:6A:E9:20:B8:97:90:8C:32:1C:54:8E:7F:B4:4F:11
X509v3 Authority Key Identifier:
keyid:40:1B:42:0B:EF:88:2B:F5:BA:76:17:9B:C5:48:60:1C:82:B5:D7:83
Certificate is to be certified until Apr 15 13:58:39 2023 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@localhost ssl]# ls
httpd.crt httpd.csr httpd.key
在企业只需要配置一下即可
在httpd-vhosts.conf中配置虚拟主机
在httpd-ssl.conf中配置证书的位置
[root@localhost conf]# vim httpd.conf //取消注释 让其包含
Include conf/extra/httpd-ssl.conf
[root@localhost conf]# vim extra/httpd-ssl.conf
DocumentRoot "/usr/local/apache/htdocs/web.example.com" //修改为证书的域名
ServerName web.example.com:443 //修改
ServerAdmin you@example.com
ErrorLog "/usr/local/apache/logs/error_log"
TransferLog "/usr/local/apache/logs/access_log"
SSLCertificateFile "/usr/local/apache/conf/ssl/httpd.crt" //修改httpd.crt证书的路径
SSLCertificateKeyFile "/usr/local/apache/conf/ssl/httpd.key" //修改httpd.key密钥的路径
检查配置文件是否有语法错误
检查语法发现有一个模块未打开
[root@localhost conf]# httpd -t
AH00526: Syntax error on line 92 of /usr/local/apache/conf/extra/httpd-ssl.conf:
SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).
[root@localhost conf]# vim extra/httpd-ssl.conf
[root@localhost conf]# vim /usr/local/apache/conf/httpd.conf //修改配置文件
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so //将此行注释取消 让其启动
[root@localhost conf]# httpd -t //再次检测成功
AH00112: Warning: DocumentRoot [/usr/local/apache/web.example.com] does not exist
Syntax OK
启动或重启服务
设置hosts以便用域名访问(仅学习阶段,企业实际工作中无需做此步。)
[root@localhost conf]# systemctl restart httpd
[root@localhost conf]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
LISTEN 0 128 *:443 *:* //重启后端口有了443
此时就可以使用https访问