httpd
编译安装httpd
httpd依赖于apr,apr-util,httpd三个包
包下载位置:apache.org
下载依赖的三个包
[root@localhost ~]# dnf -y install wget
[root@localhost ~]# wget https://downloads.apache.org/apr/apr-1.7.0.tar.gz
[root@localhost ~]# wget https://downloads.apache.org/apr/apr-util-1.6.1.tar.gz
[root@localhost ~]# wget https://downloads.apache.org/httpd/httpd-2.4.53.tar.gz
[root@localhost ~]# yum -y install openssl-devel pcre-devel expat-devel libtool make //安装依赖包
安装开发环境
[root@localhost ~]# yum groups mark install "Development Tools" //安装开发工具包
[root@localhost ~]# useradd -r -M -s /sbin/nologin apache //创建系统用户
[root@localhost ~]# id apache
uid=995(apache) gid=992(apache) groups=992(apache)
解压
[root@localhost ~]# ls
anaconda-ks.cfg apr-1.7.0.tar.gz apr-util-1.6.1.tar.gz httpd-2.4.53.tar.gz
[root@localhost ~]# tar xf apr-1.7.0.tar.gz
[root@localhost ~]# tar xf apr-util-1.6.1.tar.gz
[root@localhost ~]# tar xf httpd-2.4.53.tar.gz
[root@localhost ~]# ls
anaconda-ks.cfg apr-1.7.0 apr-1.7.0.tar.gz apr-util-1.6.1 apr-util-1.6.1.tar.gz httpd-2.4.53 httpd-2.4.53.tar.gz
安装apr
[root@localhost ~]# cd apr-1.7.0
[root@localhost apr-1.7.0]# vim configure
# $RM "$cfgfile" //注释掉或者删除这一行
[root@localhost apr-1.7.0]# .configure --prefix=/usr/local/apr
[root@localhost apr-1.7.0]# make
[root@localhost apr-1.7.0]# make install
安装apr-util
[root@localhost ~]# cd apr-util-1.6.1
[root@localhost apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
[root@localhost apr-util-1.6.1]# make
[root@localhost apr-util-1.6.1]# make install
安装httpd
root@localhost ~]# cd httpd-2.4.53
[root@localhost httpd-2.4.53]# ./configure --prefix=/usr/local/apache \
> --enable-so \
> --enable-ssl \
> --enable-cgi \
> --enable-rewrite \
> --with-zlib \
> --with-pcre \
> --with-apr=/usr/local/apr \
> --with-apr-util=/usr/local/apr-util/ \
> --enable-modules=most \
> --enable-mpms-shared=all \
> --with-mpm=prefork
[root@localhost httpd-2.4.53]# make
[root@localhost httpd-2.4.53]# make install
设置环境变量
[root@localhost ~]# ls /usr/local //安装apache源码包的位置
apache apr-util etc include lib64 sbin src
apr bin games lib libexec share
[root@localhost ~]# cd /usr/local/apache/
[root@localhost apache]# ls //htdocs源码安装网站放这里
bin cgi-bin error icons logs manual
build conf htdocs include man modules
[root@localhost ~]# echo 'export PATH=/usr/local/apache/bin:$PATH' > /etc/profile.d/apache.sh //配置环境变量
[root@localhost ~]# source /etc/profile.d/apache.sh
[root@localhost ~]# which httpd
/usr/local/apache/bin/httpd
[root@localhost ~]# which apachectl
/usr/local/apache/bin/apachectl
include头文件,拥有头文件需要做映射关系
[root@localhost ~]# ln -s /usr/local/apache/include /usr/include/apache //软连接
配置man文档
[root@localhost ~]# vim /etc/man_db.conf
MANDATORY_MANPATH /usr/local/apache/man
//添加一行内容
关闭防火墙
[root@localhost ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
关闭selinux
[root@localhost ~]# setenforce 0 //当前生效,当前关闭
[root@localhost ~]# getenforce
Permissive
[root@localhost ~]# vim /etc/selinux/config //重启生效
SELINUX=disabled //修改
开启80端口号
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
[root@localhost ~]# which apachectl
/usr/local/apache/bin/apachectl
[root@localhost ~]# apachectl start //开启apachectl
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message //警示信息
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
取消警示信息
[root@localhost ~]# apachectl stop
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
[root@localhost ~]# cd /usr/local/apache/conf/ //conf放配置文件的地方
[root@localhost conf]# ls
extra httpd.conf magic mime.types original
[root@localhost conf]# vim httpd.conf
#ServerName www.example.com:80 //取消这行注释
[root@localhost conf]# apachectl start //没有警告信息
[root@localhost conf]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
用systemctl设置开机自启
适用于所有用源码安装的服务
[root@localhost ~]# cd /usr/lib/systemd/system
[root@localhost system]# ls sshd.service
sshd.service
[root@localhost system]# cp sshd.service httpd.service
[root@localhost system]# vim httpd.service
[root@localhost system]# cat httpd.service
[Unit]
Description=httpd server daemon
After=network.target sshd-keygen.target
[Service]
Type=forking
ExecStart=/usr/local/apache/bin/apachectl start
ExecStop=/usr/local/apache/bin/apachectl stop
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
[root@localhost system]# systemctl daemon-reload //重新加载
[root@localhost system]# cd
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
[root@localhost ~]# systemctl status httpd //查看状态
● httpd.service - httpd server daemon
Loaded: loaded (/usr/lib/systemd/system/httpd.service;>
Active: inactive (dead)
[root@localhost ~]# systemctl start httpd //启动httpd服务
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
[root@localhost ~]# systemctl status httpd
● httpd.service - httpd server daemon
Loaded: loaded (/usr/lib/systemd/system/httpd.service;>
Active: active (running) since Sun 2022-04-17 05:22:27>
Process: 86066 ExecStart=/usr/local/apache/bin/apachect>
Main PID: 86069 (httpd)
Tasks: 6 (limit: 11217)
Memory: 4.2M
CGroup: /system.slice/httpd.service
├─86069 /usr/local/apache/bin/httpd -k start
├─86070 /usr/local/apache/bin/httpd -k start
├─86071 /usr/local/apache/bin/httpd -k start
├─86072 /usr/local/apache/bin/httpd -k start
├─86073 /usr/local/apache/bin/httpd -k start
└─86074 /usr/local/apache/bin/httpd -k start
Apr 17 05:22:27 localhost.localdomain systemd[1]: Startin>
Apr 17 05:22:27 localhost.localdomain systemd[1]: Started>
[root@localhost ~]# systemctl enable httpd //设置开机自启
[root@localhost ~]# systemctl status httpd
● httpd.service - httpd server daemon
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2022-04-17 05:22:27 CST; 2min 12s ago
Main PID: 86069 (httpd)
Tasks: 6 (limit: 11217)
Memory: 4.2M
CGroup: /system.slice/httpd.service
├─86069 /usr/local/apache/bin/httpd -k start
├─86070 /usr/local/apache/bin/httpd -k start
├─86071 /usr/local/apache/bin/httpd -k start
├─86072 /usr/local/apache/bin/httpd -k start
├─86073 /usr/local/apache/bin/httpd -k start
└─86074 /usr/local/apache/bin/httpd -k start
Apr 17 05:22:27 localhost.localdomain systemd[1]: Starting httpd server daemon...
Apr 17 05:22:27 localhost.localdomain systemd[1]: Started httpd server daemon.
配置虚拟主机:
虚拟主机有三类:
相同IP不同端口
不同IP相同端口
相同IP相同端口不同域名
创建放网站的目录
[root@localhost ~]# cd /usr/local/apache/htdocs //源码安装网站存放地方
[root@localhost htdocs]# ls
index.html
[root@localhost htdocs]# mkdir test.example.com //创建目录
[root@localhost htdocs]# ls
index.html test.example.com
[root@localhost htdocs]# cd test.example.com/
[root@localhost test.example.com]# ls
修改虚拟主机配置文件
[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf //部署网站
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/test.example.com" // 网站存放的位置
ServerName test.example.com //域名
ErrorLog "logs/test.example.com-error_log" //错误日志文件位置
CustomLog "logs/test.example.com-access_log" common //日志文件位置
</VirtualHost>
//此时主配置文件未生效
[root@localhost ~]# vim /usr/local/apache/conf/httpd.conf //修改主配置文件
#Include conf/extra/httpd-vhosts.conf //取消这行注释,让它包含进来,生效
[root@localhost ~]# systemctl restart httpd //重启
此时访问网站是空的没有内容,因为网站目录没有内容
配置网站目录内容
[root@localhost test.example.com]# ls
[root@localhost test.example.com]# echo "yyqx yyds" > abc.html
[root@localhost test.example.com]# ls
abc.html
点击abc.html
首页文件必须要叫index.html,不然不能直接跳转,需要手动点,因为在主配置文件里面规定了
[root@localhost test.example.com]# ls
abc.html
[root@localhost test.example.com]# mv abc.html index.html
[root@localhost test.example.com]# ls
index.html
直接跳转
配置相同ip不同端口号访问
[root@localhost htdocs]# ls
index.html test.example.com
[root@localhost htdocs]# mkdir blog.example.com
[root@localhost htdocs]# ls
blog.example.com index.html test.example.com
[root@localhost htdocs]# cd blog.example.com/
[root@localhost blog.example.com]# echo "yyqx yyqx" > index.html
[root@localhost blog.example.com]# ls
index.html
只能访问到第一次的,因为只配置了一个虚拟主机
配置虚拟主机
[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf
[root@localhost ~]# cat /usr/local/apache/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/test.example.com"
ServerName test.example.com
ErrorLog "logs/test.example.com-error_log"
CustomLog "logs/test.example.com-access_log" common
</VirtualHost>
Listen 81 //监听端口号
<VirtualHost *:81> //修改端口号
DocumentRoot "/usr/local/apache/htdocs/blog.example.com"
ServerName blog.example.com
ErrorLog "logs/blog.example.com-error_log"
CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>
[root@localhost ~]# systemctl restart httpd //重启
[root@localhost ~]# ss -antl //81端口号开启了
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:81 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
通过端口号访问
配置不同ip相同端口号
[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf
[root@localhost ~]# cat /usr/local/apache/conf/extra/httpd-vhosts.conf
<VirtualHost 192.168.50.128:80>
DocumentRoot "/usr/local/apache/htdocs/test.example.com"
ServerName test.example.com
ErrorLog "logs/test.example.com-error_log"
CustomLog "logs/test.example.com-access_log" common
</VirtualHost>
<VirtualHost 192.168.50.129:80>
DocumentRoot "/usr/local/apache/htdocs/blog.example.com"
ServerName blog.example.com
ErrorLog "logs/blog.example.com-error_log"
CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>
添加ip地址
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:70:bc:8f brd ff:ff:ff:ff:ff:ff
inet 192.168.50.128/24 brd 192.168.50.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
[root@localhost ~]# ip addr add 192.168.50.129/24 dev ens160 //添加ip地址
[root@localhost ~]# ip a s ens160
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:70:bc:8f brd ff:ff:ff:ff:ff:ff
inet 192.168.50.128/24 brd 192.168.50.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 192.168.50.129/24 scope global secondary ens160
valid_lft forever preferred_lft forever
[root@localhost ~]# systemctl stop httpd
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
配置相同ip相同端口不同域名
[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf
[root@localhost ~]# cat /usr/local/apache/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/test.example.com"
ServerName test.example.com
ErrorLog "logs/test.example.com-error_log"
CustomLog "logs/test.example.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/blog.example.com"
ServerName blog.example.com
ErrorLog "logs/blog.example.com-error_log"
CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>
[root@localhost ~]# systemctl stop httpd
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
域名是无法直接访问的,要把真机上的c:\windows\system32\drivers\etc\hosts文件拖到桌面上面修改,然后拖回去
访问控制法则:
法则 | 功能 |
---|---|
Require all granted | 允许所有主机访问 |
Require all deny | 拒绝所有主机访问 |
Require ip IPADDR | 授权指定来源地址的主机访问 |
Require not ip IPADDR | 拒绝指定来源地址的主机访问 |
Require host HOSTNAME | 授权指定来源主机名的主机访问 |
Require not host HOSTNAME | 拒绝指定来源主机名的主机访问 |
配置拒绝指定ip访问
[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf
[root@localhost ~]# cat /usr/local/apache/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/test.example.com"
ServerName test.example.com
ErrorLog "logs/test.example.com-error_log"
CustomLog "logs/test.example.com-access_log" common
<Directory "/usr/local/apache/htdocs/test.example.com">
<RequireAll>
Require not ip 192.168.50.1 //添加拒绝访问的ip
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/blog.example.com"
ServerName blog.example.com
ErrorLog "logs/blog.example.com-error_log"
CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>
[root@localhost ~]# systemctl stop httpd
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
在真机上test做了限制所以不能访问
blog没有做限制所以可以访问
配置httpds
启用ssl
[root@localhost conf]# vim httpd.conf
#LoadModule ssl_module modules/mod_ssl.so //取消注释
生成证书
openssl实现私有CA:
CA的配置文件:/etc/pki/tls/openssl.cnf
a) CA生成一对密钥
[root@localhost conf]# cd /etc/pki
[root@localhost pki]# mkdir CA
[root@localhost pki]# cd /etc/pki/CA
[root@localhost CA]# mkdir private
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048) //生成密钥括号必须要
Generating RSA private key, 2048 bit long modulus (2 primes)
.......................+++++
...............................+++++
e is 65537 (0x010001)
[root@localhost CA]# ls
private
[root@localhost CA]# ls private/
cakey.pem
[root@localhost CA]# ls
private
[root@localhost CA]# ls private/
cakey.pem
[root@localhost CA]# openssl rsa -in private/cakey.pem -pubout //提取公钥,显示一下没有意义
b) CA生成自签署证书
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN //用两个字母表示国家名称
State or Province Name (full name) []:HB //哪个省份
Locality Name (eg, city) [Default City]:WH //城市
Organization Name (eg, company) [Default Company Ltd]:runtime //公司
Organizational Unit Name (eg, section) []:runtime //单位
Common Name (eg, your name or your server's hostname) []:test.example.com //域名
Email Address []:1@2.com //邮箱
[root@localhost CA]# ls
cacert.pem private
[root@localhost CA]# mkdir certs newcerts crl
[root@localhost CA]# ls
cacert.pem certs crl newcerts private
[root@localhost CA]# touch index.txt && echo 01 > serial
c) 客户端(例如httpd服务器)生成密钥
[root@localhost ~]# cd /usr/local/apache/
[root@localhost apache]# ls
bin cgi-bin error icons logs manual
build conf htdocs include man modules
[root@localhost apache]# cd conf/
[root@localhost conf]# ls
extra httpd.conf magic mime.types original
[root@localhost conf]# mkdir ssl
[root@localhost conf]# cd ssl
[root@localhost ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
........................................+++++
...........................................+++++
e is 65537 (0x010001)
[root@localhost ssl]# ls
httpd.key
d) 客户端生成证书签署请求
[root@localhost ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN //和上面内容填写一致
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:runtime
Common Name (eg, your name or your server's hostname) []:test.example.com
Email Address []:1@2.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: //密码
An optional company name []:
[root@localhost ssl]# ls
httpd.csr httpd.key
e) CA签署客户端提交上来的证书
[root@localhost ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Apr 17 00:47:15 2022 GMT
Not After : Apr 17 00:47:15 2023 GMT
Subject:
countryName = CN
stateOrProvinceName = HB
organizationName = runtime
organizationalUnitName = runtime
commonName = test.example.com
emailAddress = 1@2.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
9B:4B:C0:61:4F:80:3D:E4:33:EF:7A:C9:A4:F7:95:10:2A:EC:C0:86
X509v3 Authority Key Identifier:
keyid:83:A1:59:47:B1:81:78:BF:54:13:39:F8:46:C9:5C:44:15:FC:BC:68
Certificate is to be certified until Apr 17 00:47:15 2023 GMT (365 days)
Sign the certificate? [y/n]:y //要不要签名
1 out of 1 certificate requests certified, commit? [y/n]y //要不要提交请求
Write out database with 1 new entries
Data Base Updated
[root@localhost ssl]# ls
httpd.crt httpd.csr httpd.key
[root@localhost ssl]# rm -f httpd.csr
[root@localhost ssl]# ls
httpd.crt httpd.key
配置httpd.conf,取消以下内容的注释
[root@localhost conf]# vim httpd.conf
#Include conf/extra/httpd-ssl.conf //取消注释
在httpd-ssl.conf中配置证书的位置
[root@localhost conf]# ls extra/
httpd-autoindex.conf httpd-mpm.conf
httpd-dav.conf httpd-multilang-errordoc.conf
httpd-default.conf httpd-ssl.conf
httpd-info.conf httpd-userdir.conf
httpd-languages.conf httpd-vhosts.conf
httpd-manual.conf proxy-html.conf
[root@localhost conf]# vim extra/httpd-ssl.conf
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "/usr/local/apache/htdocs/test.example.com" //网站位置
ServerName test.example.com:443 //域名
ServerAdmin you@example.com //邮箱
ErrorLog "/usr/local/apache/logs/error_log"
TransferLog "/usr/local/apache/logs/access_log"
SSLCertificateFile "/usr/local/apache/conf/ssl/httpd.crt" //修改
SSLCertificateKeyFile "/usr/local/apache/conf/ssl/httpd.key" //修改
检查配置文件是否有语法错误
[root@localhost conf]# httpd -t //语法错误,要打开模块
AH00526: Syntax error on line 92 of /usr/local/apache/conf/extra/httpd-ssl.conf:
SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).
[root@localhost ~]# vim /usr/local/apache/conf/httpd.conf
#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so //取消注释
[root@localhost ~]# httpd -t //语法正确
Syntax OK
[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf
[root@localhost ~]# cat /usr/local/apache/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/test.example.com"
ServerName test.example.com
ErrorLog "logs/test.example.com-error_log"
CustomLog "logs/test.example.com-access_log" common
<Directory "/usr/local/apache/htdocs/test.example.com">
<RequireAll>
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/blog.example.com"
ServerName blog.example.com
ErrorLog "logs/blog.example.com-error_log"
CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>
启动或重启服务
设置hosts以便用域名访问(仅学习阶段,企业实际工作中无需做此步。)
[root@localhost ~]# systemctl restart httpd
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:443 *:*
通过https访问