CentOS8编译安装最新版的httpd2.4.53

1.编译安装最新版的httpd

要安装httpd 它有两个依赖包 Apr和apr-util

安装顺序为: apr apr-util httpd

Apache 官网地址

Apr 下载网址

apr-util 下载网址

httpd 下载网址

1.2安装开发环境

[root@localhost ~]# dnf -y  groups mark install "Development Tools"  //安装开发工具包
[root@localhost ~]# useradd -r -M -s /sbin/nologin  apache   //创建一个系统用户 不生成家目录 拒绝登录/sbin/nologin 
[root@localhost ~]# id apache
uid=995(apache) gid=992(apache) groups=992(apache)
[root@localhost ~]# dnf  -y install openssl-devel pcre-devel expat-devel //安装依赖包
[root@localhost ~]# dnf -y install make  //编译需要make命令
[root@localhost apr-1.7.0]# dnf -y install gcc gcc-c++  //下载gcc和c++
[root@localhost ~]# dnf -y install wget  //下载wget命令
[root@localhost ~]# dnf -y install vim //下载vim命令
[root@localhost apr-1.7.0]# vim configure  
    cfgfile="${ofile}T"
    trap "$RM \"$cfgfile\"; exit 1" 1 2 15
    # $RM "$cfgfile"        //将此行加上注释，或者删除此行

1.3下载源码包并解压

//wget 命令下载
[root@localhost ~]# wget https://downloads.apache.org/apr/apr-1.7.0.tar.gz
[root@localhost ~]#  wget https://downloads.apache.org/apr/apr-util-1.6.1.tar.gz
[root@localhost ~]#  wget https://downloads.apache.org/httpd/httpd-2.4.53.tar.gz
//解压
[root@localhost ~]# tar xf apr-1.7.0.tar.gz   
[root@localhost ~]# tar xf apr-util-1.6.1.tar.gz 
[root@localhost ~]# tar xf httpd-2.4.53.tar.gz 

1.4编译安装源码包

1.4.1安装apr源码包

//第一步 ./configure
[root@localhost ~]# cd apr-1.7.0/
[root@localhost apr-1.7.0]# ./configure --prefix=/usr/local/apr

//第二步 make
[root@localhost apr-1.7.0]# make -j 3  

//第三步 make install
[root@localhost apr-1.7.0]# make install

1.4.2 安装apr-util源码包

//第一步 ./configure
[root@localhost ~]# cd apr-util-1.6.1
[root@localhost apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr

//第二步 make
[root@localhost apr-util-1.6.1]# make -j 3

//第三步 make install
[root@localhost apr-util-1.6.1]# make install

1.4.3安装httpd源码包

//第一步 ./configure
[root@localhost ~]# cd httpd-2.4.53
[root@localhost httpd-2.4.53]# ./configure --prefix=/usr/local/apache \
--enable-so \
--enable-ssl \
--enable-cgi \
--enable-rewrite \
--with-zlib \
--with-pcre \
--with-apr=/usr/local/apr \
--with-apr-util=/usr/local/apr-util/ \
--enable-modules=most \
--enable-mpms-shared=all \
--with-mpm=prefork

//第二步 make
[root@localhost httpd-2.4.53]# make -j 3

//第三步 make install
[root@localhost httpd-2.4.53]# make install

1.5设置环境变量

[root@localhost ~]# ls /usr/local/   //此目录就是安装三个源码包的位置
apache  apr-util  etc    include  lib64    sbin   src
apr     bin       games  lib      libexec  share
[root@localhost ~]# cd /usr/local/apache
[root@localhost apache]# ls   
bin    cgi-bin  error   icons    logs  manual
build  conf     htdocs  include  man   modules

//创建环境变量后httpd和apachectl命令可以使用了
[root@localhost ~]# echo 'export PATH=/usr/local/apache/bin:$PATH' > /etc/profile.d/apache.sh
[root@localhost ~]# source /etc/profile.d/apache.sh 
[root@localhost ~]# which httpd
/usr/local/apache/bin/httpd
[root@localhost ~]# which apachectl
/usr/local/apache/bin/apachectl

//   /usr/local/apache/ 目录下常用目录解释
bin 放命令
conf 放配置文件
htdocs 放网站
logs 放日志
include 头文件
man 帮助文档

1.6设置映射关系

[root@localhost ~]# ls /usr/local/apache/   //有头文件 include 所以需要做链接关系
bin    cgi-bin  error   icons    logs  manual
build  conf     htdocs  include  man   modules
[root@localhost ~]# ln -s /usr/local/apache/include/ /usr/include/apache

1.7设置man文档

[root@localhost ~]# vim /etc/man_db.conf 
MANDATORY_MANPATH                       /usr/local/share/man  //在这个的下面添加下面一条
MANDATORY_MANPATH                       /usr/local/apache/man  //添加

1.8启动服务前把防火墙关了

1.8.1设置防火墙 Selinux httpd

[root@localhost ~]# systemctl disable --now firewalld  //开机不自启，并且立马关闭
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# 
[root@localhost ~]# systemctl status firewalld //查看防火墙状态，开机不自启
● firewalld.service - firewalld - dynamic firewall da>
   Loaded: loaded (/usr/lib/systemd/system/firewalld.>
   Active: inactive (dead)
     Docs: man:firewalld(1)
[root@localhost ~]# getenforce 
Enforcing
[root@localhost ~]# setenforce 0  关闭selinux  当前生效
[root@localhost ~]# getenforce 
Permissive
[root@localhost ~]# vim /etc/selinux/config
SELINUX=disabled  //第一个修改为disabled，永久关闭

[root@localhost ~]# apachectl start  //启动服务(开启80端口号)
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
[root@localhost ~]# ss -antl
State  Recv-Q Send-Q Local Address:Port Peer Address:PortProcess 
LISTEN 0      128          0.0.0.0:22        0.0.0.0:*           
LISTEN 0      128             [::]:22           [::]:*           
LISTEN 0      128                *:80              *:*           
[root@localhost ~]# 
[root@localhost ~]# apachectl stop  //关闭服务(关闭80端口号)

2.真机访问ip地址

2.1解决启动服务和关闭服务的警告信息

[root@localhost ~]# cd /usr/local/apache/conf/   //进到配置文件目录 
[root@localhost conf]# ls
extra  httpd.conf  magic  mime.types  original 
[root@localhost conf]# vim httpd.conf   
ServerName www.example.com:80  //将这一行前面的注释取消掉

2.2使用systemctl命令设置httpd

注意：
使用源码包安装apache服务 默认是不能用systemctl的
下面的操作在任何源码安装的服务都适用

[root@localhost ~]# cd /usr/lib/systemd/system
[root@localhost system]# ls sshd.service 
sshd.service
[root@localhost system]# cp sshd.service httpd.service   //复制一份这个文件改名为httpd.service
[root@localhost system]# vim httpd.service   //编辑这个文件
[root@localhost system]# cat httpd.service 
[Unit]
Description=httpd server daemon  //修改为httpd
After=network.target sshd-keygen.target

[Service]
Type=forking
ExecStart=/usr/local/apache/bin/apachectl start //更改为apachectl的路径 开启
ExecStop=/usr/local/apache/bin/apachectl stop  //关闭
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target
[root@localhost system]# systemctl daemon-reload    //重新加载服务 让其生效
[root@localhost system]# systemctl status httpd  //此时就可以使用systemcl 查看httpd状态了
● httpd.service - httpd server daemon
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; >
   Active: inactive (dead)
lines 1-3/3 (END)
[root@localhost system]# systemctl start httpd  //开启httpd服务
[root@localhost system]# systemctl enable --now httpd //设置为开机自启
[root@localhost system]# systemctl status httpd  //查看状态
● httpd.service - httpd server daemon
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; >
   Active: active (running) since Sat 2022-04-16 21:00:21 >
 Main PID: 57208 (httpd)

3.配置三种不同类型的虚拟主机

虚拟主机可以让一个服务器放多个网站

3.1ip访问

[root@localhost ~]# cd /usr/local/apache/htdocs/   //此目录为存放网站的目录
[root@localhost htdocs]# mkdir test.example.com   //创建一个测试目录用于存放网站
[root@localhost htdocs]# mkdir web.example.com   //创建一个测试目录用于存放网站
[root@localhost htdocs]# cd test.example.com/
[root@localhost test.example.com]# echo 'runtime' > index.html  //创建网站的此时页面
[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf 
<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/test.example.com"   //网站的存放位置
    ServerName test.example.com     //域名
    ErrorLog "logs/test.example.com-error_log"    //错误日志存放位置
    CustomLog "logs/test.example.com-access_log" common     //日常日志存放位置
</VirtualHost>

[root@localhost ~]# vim /usr/local/apache/conf/httpd.conf
Include conf/extra/httpd-vhosts.conf  //找到这一行 注释取消 让其包含虚拟主机文件 使其生效
[root@localhost ~]# systemctl restart httpd  //重启服务

3.2相同IP不同端口

[root@localhost ~]# cd /usr/local/apache/htdocs/
[root@localhost htdocs]# ls
index.html  test.example.com  web.example.com
[root@localhost htdocs]# cd web.example.com/
[root@localhost web.example.com]# echo 'peiqi' > index.html //创建一个新的测试文件
[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf  //修改虚拟主机文件
[root@localhost ~]# cat /usr/local/apache/conf/extra/httpd-vhosts.conf 
<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/test.example.com"
    ServerName test.example.com
    ErrorLog "logs/test.example.com-error_log"
    CustomLog "logs/test.example.com-access_log" common
</VirtualHost>
Listen 81
<VirtualHost *:81>
    DocumentRoot "/usr/local/apache/htdocs/web.example.com"
    ServerName web.example.com
    ErrorLog "logs/web.example.com-error_log"
    CustomLog "logs/web.example.com-access_log" common
</VirtualHost>
[root@localhost ~]# systemctl restart httpd  //重启
[root@localhost ~]# ss -antl  //查看端口号出现了两个端口80 81
State    Recv-Q   Send-Q     Local Address:Port      Peer Address:Port   Process   
LISTEN   0        128              0.0.0.0:22             0.0.0.0:*                
LISTEN   0        128                    *:81                   *:*                
LISTEN   0        128                 [::]:22                [::]:*                
LISTEN   0        128                    *:80                   *:*     

3.3不同IP相同端口

root@localhost ~]# ip addr add 192.168.229.130/24 dev ens160
[root@localhost ~]# ip addr show ens160
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:e4:64:76 brd ff:ff:ff:ff:ff:ff
    inet 192.168.229.129/24 brd 192.168.229.255 scope global dynamic noprefixroute ens160
       valid_lft 1207sec preferred_lft 1207sec
    inet 192.168.229.130/24 scope global secondary ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fee4:6476/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf 
[root@localhost ~]# systemctl restart httpd
[root@localhost ~]# cat /usr/local/apache/conf/extra/httpd-vhosts.conf 
<VirtualHost 192.168.229.129:80>
    DocumentRoot "/usr/local/apache/htdocs/test.example.com"
    ServerName test.example.com
    ErrorLog "logs/test.example.com-error_log"
    CustomLog "logs/test.example.com-access_log" common
</VirtualHost>

<VirtualHost 192.168.229.130:80>
    DocumentRoot "/usr/local/apache/htdocs/web.example.com"
    ServerName web.example.com
    ErrorLog "logs/web.example.com-error_log"
    CustomLog "logs/web.example.com-access_log" common
</VirtualHost>
[root@localhost ~]# 

3.4相同IP相同端口不同域名

[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf 
[root@localhost ~]# systemctl restart httpd
[root@localhost ~]# cat /usr/local/apache/conf/extra/httpd-vhosts.conf 
<VirtualHost *:80>  //修改为*
    DocumentRoot "/usr/local/apache/htdocs/test.example.com"
    ServerName test.example.com  //此处就是域名
    ErrorLog "logs/test.example.com-error_log"
    CustomLog "logs/test.example.com-access_log" common
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/web.example.com"
    ServerName web.example.com
    ErrorLog "logs/web.example.com-error_log"
    CustomLog "logs/web.example.com-access_log" common
</VirtualHost>
[root@localhost ~]# 

3.4.1域名是无法访问的需要修改hosts文件

路径: C:\Windows\System32\drivers\etc

hosts文件内添加这两行
192.168.220.145 test.example.com
192.168.220.145 web.example.com

web.example.com域名访问

test.example.com域名访问

4.配置拒绝指定 ip 访问

[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf 
[root@localhost ~]# cat  /usr/local/apache/conf/extra/httpd-vhosts.conf 
<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/test.example.com"
    ServerName test.example.com
    ErrorLog "logs/test.example.com-error_log"
    CustomLog "logs/test.example.com-access_log" common

<Directory "/usr/local/apache/htdocs/test.example.com/"> //添加要拒绝的网站存放位置
    <RequireAll>
        Require not ip 192.168.229.1  //添加要拒绝的ip 
        Require all granted
    </RequireAll>
</Directory>

</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/web.example.com"
    ServerName web.example.com
    ErrorLog "logs/web.example.com-error_log"
    CustomLog "logs/web.example.com-access_log" common
</VirtualHost>
[root@localhost ~]# 

web是没有做拒绝的所以可以访问

4.1test是被拒绝的（192.168.229.1访问不了）

4.2在本虚拟机访问

[root@localhost ~]# vim /etc/hosts
[root@localhost ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.229.129 test.example.com web.examp.com  //添加
[root@localhost ~]# curl web.example.com
peiqi
[root@localhost ~]# curl test.example.com
runtime

5.httpd配置、访问控制配置

配置httpd.conf，取消以下内容的注释

[root@localhost conf]# vim httpd.conf   //源码安装的服务模块在httpd.conf文件里
LoadModule ssl_module modules/mod_ssl.so  //把前面的注释删了

5.1生成证书

5.1.1 openssl实现私有CA：

[root@localhost ~]# cd /etc/pki/
[root@localhost pki]# mkdir CA
[root@localhost pki]# cd CA/
[root@localhost CA]# mkdir private
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)   //在private目录下生成私钥文件
Generating RSA private key, 2048 bit long modulus (2 primes)
................+++++
..................................................................................+++++
e is 65537 (0x010001)
[root@localhost CA]# ls private/
cakey.pem
[root@localhost CA]# openssl rsa -in private/cakey.pem -pubout   //查看公钥，可以不做

5.1.2 CA生成自签署证书

[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365  //生成一个证书 有效日期为365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN  //国家
State or Province Name (full name) []:HB   //省份
Locality Name (eg, city) [Default City]:WH  //市
Organization Name (eg, company) [Default Company Ltd]:runtime   //公司
Organizational Unit Name (eg, section) []:runtime  //单位
Common Name (eg, your name or your server's hostname) []:web.example.com  //域名
Email Address []:1@123.com  //邮箱

[root@localhost CA]# mkdir certs newcerts crl
[root@localhost CA]# touch index.txt && echo 01 > serial

5.1.3客户端（例如httpd服务器）生成密钥

[root@localhost ~]# cd /usr/local/apache/conf/
[root@localhost conf]# ls
extra  httpd.conf  magic  mime.types  original
[root@localhost conf]# mkdir ssl
[root@localhost conf]# cd ssl/
[root@localhost ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
.............................................................................+++++
..........................+++++
e is 65537 (0x010001)

5.1.4 客户端生成证书签署请求

[root@localhost ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN    
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:runtime
Common Name (eg, your name or your server's hostname) []:test.example.com
Email Address []:1@123.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:  //直接回车就行
An optional company name []:  //直接回车就行
[root@localhost ssl]# ls
httpd.csr  httpd.key

5.5.5 CA签署客户端提交上来的证书

[root@localhost ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Apr 17 02:06:04 2022 GMT
            Not After : Apr 17 02:06:04 2023 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = HB
            organizationName          = runtime
            organizationalUnitName    = runtime
            commonName                = test.example.com
            emailAddress              = 1@123.com
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                91:A6:45:2F:19:E4:02:66:D5:DA:D5:9D:7E:1A:AE:53:50:8B:61:6B
            X509v3 Authority Key Identifier: 
                keyid:C4:8F:47:F7:95:86:84:55:D9:F3:3E:4B:55:FC:59:01:BE:F1:92:28

Certificate is to be certified until Apr 17 02:06:04 2023 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@localhost ssl]# rm -f httpd.csr //这个可以不要了
[root@localhost ssl]# ls
httpd.crt  httpd.key
//证书已生成好

注意：
在公司里面不用生成证书，证书是买的

6.在httpd-vhosts.conf中配置虚拟主机

在httpd-ssl.conf中配置证书的位置

[root@localhost conf]# vim httpd.conf  
Include conf/extra/httpd-ssl.conf   //取消注释 让其包含

[root@localhost ~]# cd /usr/local/apache/conf/extra/
[root@localhost extra]# vim httpd-ssl.conf 

DocumentRoot "/usr/local/apache/htdocs/test.example.com"  //修改为证书的域名
ServerName test.example.com:443  //修改
ServerAdmin you@example.com

SSLCertificateFile "/usr/local/apache/conf/ssl/httpd.crt"  //修改httpd.crt的路径
SSLCertificateKeyFile "/usr/local/apache/conf/ssl/httpd.key" //修改httpd.key的路径

6.1检查配置文件是否有语法错误

检查语法发现有一个模块未打开

[root@localhost extra]#  httpd -t
AH00526: Syntax error on line 92 of /usr/local/apache/conf/extra/httpd-ssl.conf:
SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).

[root@localhost ~]# cd /usr/local/apache/conf/ 
[root@localhost conf]# vim httpd.conf   //修改配置文件
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so  //将此行注释取消 让其启动
[root@localhost conf]#  httpd -t
Syntax OK  //再次检测成功

6.2启动或重启服务

[root@localhost conf]# systemctl restart httpd  //重启服务
[root@localhost conf]# ss -antl
State  Recv-Q Send-Q Local Address:Port  Peer Address:Port Process 
LISTEN 0      128          0.0.0.0:22         0.0.0.0:*            
LISTEN 0      128                *:80               *:*            
LISTEN 0      128             [::]:22            [::]:*            
LISTEN 0      128                *:443              *:*            
[root@localhost conf]# 

• 设置hosts以便用域名访问(仅学习阶段，企业实际工作中无需做此步。)