编译安装httpd
编译安装一个apache 安装三个源码包
先后安装apr,apr-util,httpd
准备
[root@localhost ~]# yum groups mark install "Development Tools"
[root@localhost ~]# useradd -r -M -s /sbin/nologin apache
[root@localhost ~]# id apache
uid=988(apache) gid=984(apache) 组=984(apache)
[root@localhost ~]# yum -y install openssl-devel pcre-devel expat-devel libtool
[root@localhost ~]# dnf -y install yum
[root@localhost ~]# yum - y install make
源码包下载和解压
[root@localhost ~]# wget https://downloads.apache.org/httpd/httpd-2.4.53.tar.gz
[root@localhost ~]# wget https://downloads.apache.org/apr/apr-1.7.0.tar.gz
[root@localhost ~]# wget https://downloads.apache.org/apr/apr-util-1.6.1.tar.gz
[root@localhost ~]# tar -xf apr-1.7.0.tar.gz
[root@localhost ~]# tar -xf apr-util-1.6.1.tar.gz
[root@localhost ~]# tar -xf httpd-2.4.53.tar.gz
编译安装
[root@rookie ~]# cd apr-1.7.0
[root@rookie apr-1.7.0]# vim configure
# $RM "$cfgfile" //将此行加上注释,或者删除此行
[root@localhost apr-1.7.0]# ./configure --prefix=/usr/local/apr
[root@localhost apr-1.7.0]# make && make install
[root@localhost apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr/
[root@localhost apr-util-1.6.1]# make && make install
[root@localhost httpd-2.4.53]# cd httpd-2.4.53/
[root@localhost httpd-2.4.53]# ./configure --prefix=/usr/local/apache --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/ --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork
[root@localhost httpd-2.4.53]# make && make install
设置环境变量
[root@localhost ~]# echo 'export PATH=/usr/local/apache/bin:$PATH' > /etc/profile.d/apache.sh
[root@localhost ~]# source /etc/profile.d/apache.sh
[root@localhost ~]# which httpd
/usr/local/apache/bin/httpd
[root@localhost ~]# which httpd
/usr/local/apache/bin/httpd
[root@localhost ~]# ln -s /usr/local/apache/include/ /usr/include/apache
[root@localhost ~]# ll /usr/include/|grep apache
lrwxrwxrwx. 1 root root 26 4月 17 12:58 apache -> /usr/local/apache/include/
[root@localhost ~]# vim /etc/man_db.conf
#MANDATORY_MANPATH /usr/src/pvm3/man
#
MANDATORY_MANPATH /usr/man
MANDATORY_MANPATH /usr/share/man
MANDATORY_MANPATH /usr/local/share/man
MANDATORY_MANPATH /usr/local/apache/man //添加这一行
配置防火墙
[root@localhost ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# setenforce 0
[root@localhost ~]# getenforce
Permissive
[root@localhost ~]# vim /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@localhost ~]# apachectl start
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
[root@localhost ~]# apachectl stop //无论在开启还是关闭都会出来提示
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
[root@localhost ~]# cd /usr/local/apache/
[root@localhost apache]# cd conf/ //进到配置文件目录
[root@localhost conf]# ls
extra httpd.conf magic mime.types original
[root@localhost conf]# vim httpd.conf //将下面一行的注释取消掉
ServerName www.example.com:80
[root@localhost conf]# apachectl start //此时就不会出现警告信息了
[root@localhost conf]# cd /usr/lib/systemd/system
[root@localhost system]# ls sshd.service
sshd.service
[root@localhost system]# cp sshd.service httpd.service
[root@localhost system]# vim httpd.service
[root@localhost system]# systemctl daemon-reload
[root@localhost system]# systemctl status httpd
● httpd.service - httpd server daemon
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: inactive (dead)
[root@localhost system]# systemctl start httpd
[root@localhost system]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@localhost system]# systemctl status httpd
● httpd.service - httpd server daemon
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2022-04-17 15:24:40 CST; 29s ago
Main PID: 81423 (httpd)
Tasks: 6 (limit: 11175)
Memory: 4.2M
CGroup: /system.slice/httpd.service
├─81423 /usr/local/apache/bin/httpd -k start
├─81424 /usr/local/apache/bin/httpd -k start
├─81425 /usr/local/apache/bin/httpd -k start
├─81426 /usr/local/apache/bin/httpd -k start
├─81427 /usr/local/apache/bin/httpd -k start
└─81428 /usr/local/apache/bin/httpd -k start
4月 17 15:24:40 localhost.localdomain systemd[1]: Starting httpd server daemon...
4月 17 15:24:40 localhost.localdomain systemd[1]: Started httpd server daemon.
配置三台虚拟机
[root@localhost system]# cd /usr/local/apache/htdocs/
[root@localhost htdocs]# mkdir test.example.com
[root@localhost htdocs]# ls
index.html test.example.com
[root@localhost htdocs]# cd test.example.com/
[root@localhost test.example.com]# echo 'tjf' > abc.html
[root@localhost test.example.com]# cd
[root@localhost ~]# cd /usr/local/apache/conf/extra/
[root@localhost extra]# vim httpd-vhosts.conf
[root@localhost extra]# ls
httpd-autoindex.conf httpd-info.conf httpd-mpm.conf httpd-userdir.conf
httpd-dav.conf httpd-languages.conf httpd-multilang-errordoc.conf httpd-vhosts.conf
httpd-default.conf httpd-manual.conf httpd-ssl.conf proxy-html.conf
[root@localhost extra]# cd
[root@localhost ~]# cd /usr/local/apache/conf/extra/、
[root@localhost extra]# ls
httpd-autoindex.conf httpd-info.conf httpd-mpm.conf httpd-userdir.conf
httpd-dav.conf httpd-languages.conf httpd-multilang-errordoc.conf httpd-vhosts.conf
httpd-default.conf httpd-manual.conf httpd-ssl.conf proxy-html.conf
[root@localhost extra]# vim httpd-vhosts.conf
[root@localhost extra]# cat httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/usr/local/apachedocs/test.example.com"
ServerName test.example.com
ErrorLog "logs/test.example.com-error_log"
CustomLog "logs/test.example.com-access_log" common
</VirtualHost>
[root@localhost extra]# vim /usr/local/apache/conf/httpd.conf //将此文件的下面一行 注释取消 让其包含虚拟主机文件 使其生效
Include conf/extra/httpd-vhosts.conf
[root@localhost extra]# systemctl restart httpd //重启服务
[root@localhost htdocs]# cd test.example.com/
[root@localhost test.example.com]# mv abc.html index.html
[root@localhost ~]# cd /usr/local/apache/htdocs/
[root@localhost htdocs]# mkdir web.example.com
[root@localhost htdocs]# cd web.example.com/
[root@localhost web.example.com]# echo "123" > index.html
[root@localhost web.example.com]# cd
[root@localhost ~]# cd /usr/local/apache/conf/extra/
[root@localhost extra]# vim httpd-vhosts.conf
[root@localhost extra]# cat httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/test.example.com"
ServerName test.example.com
ErrorLog "logs/test.example.com-error_log"
CustomLog "logs/test.example.com-access_log" common
</VirtualHost>
Listen 81
<VirtualHost *:81>
DocumentRoot "/usr/local/apache/htdocs/web.example.com"
ServerName web.example.com
ErrorLog "logs/web.example.com-error_log"
CustomLog "logs/web.example.com-access_log" common
</VirtualHost>
[root@localhost extra]# systemctl restart httpd.service
[root@localhost extra]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:81 *:*
LISTEN 0 128 [::]:22 [::]:*
[root@localhost extra]#
[root@localhost ~]# ip addr show ens160
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:75:2d:a2 brd ff:ff:ff:ff:ff:ff
inet 192.168.183.137/24 brd 192.168.183.255 scope global dynamic noprefixroute ens160
valid_lft 1663sec preferred_lft 1663sec
inet 192.168.220.146/24 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe75:2da2/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@localhost ~]# cd /usr/local/apache/conf/extra/
[root@localhost extra]# vim httpd-vhosts.conf
[root@localhost extra]# systemctl restart httpd
域名是无法访问的需要修改hosts文件
路径: C:\Windows\System32\drivers\etc
配置https步骤
配置httpd.conf,取消以下内容的注释
[root@localhost conf]# vim httpd.conf //源码安装的服务模块在httpd.conf文件里
LoadModule ssl_module modules/mod_ssl.so //注释掉这一行
生成证书
[root@localhost ~]# cd /etc/pki/
[root@localhost pki]# mkdir CA
[root@localhost pki]# cd CA/
[root@localhost CA]# mkdir private
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048) //在private目录下生成私钥文件
Generating RSA private key, 2048 bit long modulus (2 primes)
.....................+++++
...............................................+++++
e is 65537 (0x010001)
[root@localhost CA]# ls private/
cakey.pem
CA生成自签署证书
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 //生成一个证书 有效日期为365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN //国家
State or Province Name (full name) []:HB //省份
Locality Name (eg, city) [Default City]:WH //市
Organization Name (eg, company) [Default Company Ltd]:kurumi //公司
Organizational Unit Name (eg, section) []:kurumi //单位
Common Name (eg, your name or your server's hostname) []:web.example.com //域名
Email Address []:1@123.com //邮箱
[root@localhost CA]# mkdir certs newcerts crl
[root@localhost CA]# touch index.txt && echo 01 > serial
客户端(例如httpd服务器)生成密钥
[root@localhost ~]# cd /usr/local/apache/conf/
[root@localhost conf]# ls
extra httpd.conf magic mime.types original
[root@localhost conf]# mkdir ssl
[root@localhost conf]# cd ssl/
[root@localhost ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
.............................................................................+++++
..........................+++++
e is 65537 (0x010001)
客户端生成证书签署请求
[root@localhost ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:kurumi
Organizational Unit Name (eg, section) []:kurumi
Common Name (eg, your name or your server's hostname) []:web.example.com
Email Address []:1@123.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@localhost ssl]# ls
httpd.csr httpd.key
CA签署客户端提交上来的证书
[root@localhost ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Apr 15 13:58:39 2022 GMT
Not After : Apr 15 13:58:39 2023 GMT
Subject:
countryName = CN
stateOrProvinceName = HB
organizationName = kurumi
organizationalUnitName = kurumi
commonName = web.example.com
emailAddress = 1@123.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
8F:D1:86:60:47:6A:E9:20:B8:97:90:8C:32:1C:54:8E:7F:B4:4F:11
X509v3 Authority Key Identifier:
keyid:40:1B:42:0B:EF:88:2B:F5:BA:76:17:9B:C5:48:60:1C:82:B5:D7:83
Certificate is to be certified until Apr 15 13:58:39 2023 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@localhost ssl]# ls
httpd.crt httpd.csr httpd.key
在httpd-vhosts.conf中配置虚拟主机
在httpd-ssl.conf中配置证书的位置
[root@localhost conf]# vim extra/httpd-ssl.conf
DocumentRoot "/usr/local/apache/htdocs/web.example.com" //修改为证书的域名
ServerName web.example.com:443 //修改
ServerAdmin you@example.com
ErrorLog "/usr/local/apache/logs/error_log"
TransferLog "/usr/local/apache/logs/access_log"
SSLCertificateFile "/usr/local/apache/conf/ssl/httpd.crt" //修改httpdctl的路径
SSLCertificateKeyFile "/usr/local/apache/conf/ssl/httpd.key" //修改httpd.key的路径
[root@localhost conf]# systemctl restart httpd