1)安装前准备工作
[root@nfsserver ~]#uname -a
Linux nfsserver 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
[root@nfsserver ~]#cat /etc/redhat-release
CentOS release 6.9 (Final)
关闭iptables及selinux
[root@nfsserver ~]#/etc/init.d/iptables stop
[root@nfsserver ~]#setenforce 0
yum remove httpd apr apr-util
yum install pcre pcre-devel zlib zlib-devel -y
yum groupinstall "Development Tools" -y
wget http://mirror.bit.edu.cn/apache/httpd/httpd-2.4.28.tar.gz
wget http://archive.apache.org/dist/apr/apr-1.4.5.tar.gz
wget http://archive.apache.org/dist/apr/apr-util-1.3.12.tar.gz
tar zxvf httpd-2.4.28.tar.gz
tar zxvf apr-1.4.5.tar.gz
tar zxvf apr-util-1.3.12.tar.gz
2)开始安装:
cd apr-1.4.5
./configure --prefix=/usr/local/apr-1.4.5
make && make install
cd ../apr-util-1.3.12
./configure --prefix=/usr/local/apr-util-1.3.12 --with-apr=/usr/local/apr-1.4.5
make && make install
cd ../httpd-2.4.28
./configure --prefix=/usr/local/httpd-2.4.28 \
--enable-modules=most --enable-so --with-mpm=worker --enable-rewrite
make && make install
安装完毕
3)基础设置:
ln -s /usr/local/httpd-2.4.28 /usr/local/httpd
echo "export PATH=$PATH:/usr/local/httpd/bin" >> /etc/profile
source /etc/profile
httpd -k start
设置Apache开机自启动
默认我们源码编译安装apache,是不能使用service这个命令来启动的
cp /usr/local/httpd-2.4.28/bin/apache /etc/init.d/httpd
vim /etc/init.d/apache2
在前面一大段注释中任意地方加入这2行:
# chkconfig: 35 20 80
# description: Apache2
第一行后面的3个数字的意思分别是:在哪些运行级别启动apache(3,5);启动序号(S20);关闭序号(K80)。
3和5也就是说在第三启动级别和第五启动级别的时候会默认启动apache
20就是指系统起来的时候有很多的服务需要启动,而这个程序排在第二十位启动,以此类推
80就是指系统关闭的时候,这个服务顺序排在第80位关闭
4)基本安全优化
隐藏系统及Apache的版本信息
编译前编辑安装包文件http-2.2.22/include/ap_release.h文件
44 #define AP_SERVER_BASEPRODUCT "IIS"
45
46 #define AP_SERVER_MAJORVERSION_NUMBER 7
47 #define AP_SERVERMINORVERSION_NUMBER 0
48 #define AP_SERVER_PATCHLEVEL_NUMBER 0
49 #define AP_SERVER_DEVBUILD_BOOLEAN 0
编辑http-2.2.22/os/unix/os.h文件,修改此行为
35 #define PLATFORM "Win32"
修改ServerSignature Off
[root@nfsserver ~]#uname -a
Linux nfsserver 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
[root@nfsserver ~]#cat /etc/redhat-release
CentOS release 6.9 (Final)
关闭iptables及selinux
[root@nfsserver ~]#/etc/init.d/iptables stop
[root@nfsserver ~]#setenforce 0
yum remove httpd apr apr-util
yum install pcre pcre-devel zlib zlib-devel -y
yum groupinstall "Development Tools" -y
wget http://mirror.bit.edu.cn/apache/httpd/httpd-2.4.28.tar.gz
wget http://archive.apache.org/dist/apr/apr-1.4.5.tar.gz
wget http://archive.apache.org/dist/apr/apr-util-1.3.12.tar.gz
tar zxvf httpd-2.4.28.tar.gz
tar zxvf apr-1.4.5.tar.gz
tar zxvf apr-util-1.3.12.tar.gz
2)开始安装:
cd apr-1.4.5
./configure --prefix=/usr/local/apr-1.4.5
make && make install
cd ../apr-util-1.3.12
./configure --prefix=/usr/local/apr-util-1.3.12 --with-apr=/usr/local/apr-1.4.5
make && make install
cd ../httpd-2.4.28
./configure --prefix=/usr/local/httpd-2.4.28 \
--with-apr=/usr/local/apr-1.4.5 \
--with-apr-util=/usr/local/apr-util-1.3.12 \
--enable-deflate --enable-expires --enable-headers \--enable-modules=most --enable-so --with-mpm=worker --enable-rewrite
make && make install
安装完毕
3)基础设置:
ln -s /usr/local/httpd-2.4.28 /usr/local/httpd
echo "export PATH=$PATH:/usr/local/httpd/bin" >> /etc/profile
source /etc/profile
httpd -k start
设置Apache开机自启动
默认我们源码编译安装apache,是不能使用service这个命令来启动的
cp /usr/local/httpd-2.4.28/bin/apache /etc/init.d/httpd
vim /etc/init.d/apache2
在前面一大段注释中任意地方加入这2行:
# chkconfig: 35 20 80
# description: Apache2
第一行后面的3个数字的意思分别是:在哪些运行级别启动apache(3,5);启动序号(S20);关闭序号(K80)。
3和5也就是说在第三启动级别和第五启动级别的时候会默认启动apache
20就是指系统起来的时候有很多的服务需要启动,而这个程序排在第二十位启动,以此类推
80就是指系统关闭的时候,这个服务顺序排在第80位关闭
4)基本安全优化
隐藏系统及Apache的版本信息
编译前编辑安装包文件http-2.2.22/include/ap_release.h文件
44 #define AP_SERVER_BASEPRODUCT "IIS"
45
46 #define AP_SERVER_MAJORVERSION_NUMBER 7
47 #define AP_SERVERMINORVERSION_NUMBER 0
48 #define AP_SERVER_PATCHLEVEL_NUMBER 0
49 #define AP_SERVER_DEVBUILD_BOOLEAN 0
编辑http-2.2.22/os/unix/os.h文件,修改此行为
35 #define PLATFORM "Win32"
修改ServerSignature Off
ServerTokens Prod
5)用cronolog做apache日志轮询
安装cronolog
tar zxvf cronolog-1.6.2.tar.gz
cd cronolog-1.6.2
./configure
make && make install
按天轮询(生产环境常见用法,推荐使用,不会自动覆盖)
CustomLog "|/usr/local/sbin/cronolog /etc/httpd/logs/access_www_%Y%m%d.log" combined
按周轮询
CustomLog "|/usr/local/sbin/cronolog /etc/httpd/logs/access_www_%w.log" combined
日志只保留七天,自动覆盖