目 录
系统环境
系统:Centos6.x
Apache 2.2.x 源码升级至2.4.x (因Apache最新版本不提供centos6 RPM包以及与php的调用关联性问题,不建议使用新版本源码封装RPM)
Apache 2.2.x 默认使用的php5模块,2.4.x 需使用php7模块 (后续编译安装PHP7)
Apache编译安装
准备软件包:
pcre-devel-7.8-6.el6.x86_64 (centso6 镜像自带)
pcre-7.8-6.el6.x86_64 (centso6 镜像自带)
expat-devel-2.0.1-11.el6_2.x86_64 (centso6 镜像自带)
libiconv-1.15-1.el6.x86_64.rpm (https://centos.pkgs.org/6/forensics-x86_64/libiconv-1.15-1.el6.x86_64.rpm.html)
apr-1.7.0.tar.gz (http://apr.apache.org/download.cgi)
apr-util-1.6.1.tar.gz (http://apr.apache.org/download.cgi)
httpd-2.4.39.tar.gz (http://httpd.apache.org/download.cgi)
1. rpm 安装pcre、expat、libiconv
2. 编译安装apr-1.7.0.tar.gz (安装到指定目录/usr/local/apr)
tar -xvf apr-1.7.0.tar.gz; cd apr-1.7.0/; ./configure --prefix=/usr/local/apr ; make -j 4 && make install
3. 编译安装apr-util-1.6.1.tar.gz (安装到指定目录/usr/local/apr-util并依赖/usr/local/apr/)
tar -xvf apr-util-1.6.1.tar.gz; cd apr-util-1.6.1; ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr/ ; make -j 4 && make instal
4. 编译安装httpd-2.4.39.tar.gz (安装到指定目录/usr/local/httpd,指定配置目录/etc/httpd)
tar -xvf httpd-2.4.39.tar.gz; cd httpd-2.4.39 ; ./configure --prefix=/usr/local/httpd --sysconfdir=/etc/httpd --enable-so --enable-ssl=/usr/local/openssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr --with-apr-util=/usr --enable-modules=most --enable-mpms-shared=all --with-event
make -j 4 && make install
5. httpd 配置
a. 导出头文件
[root@usr/local/httpd ~]# ln -sv /usr/local/httpd/include /usr/include/httpd
`/usr/include/httpd' -> `/usr/local/httpd/include'
b. 添加man 文档
[root@usr/local/httpd ~]# echo 'MANPATH /usr/local/httpd/man' >>/etc/man.config
c. 添加程序的path环境
[root@usr/local/httpd ~]# echo 'export PATH=/usr/local/httpd/bin:$PATH' >> /etc/profile.d/httpd.sh;sh /etc/profile.d/httpd.sh
d. ls -lstr /usr/local/httpd/ 目录说明
drwxr-xr-x. 2 root root 4096 Apr 9 21:28 bin ---->可以使用的工具,基本上都是可执行脚本
drwxr-xr-x. 2 root root 4096 Apr 9 21:28 build ----->编译时的一些工具;
drwxr-xr-x. 2 root root 4096 Apr 9 21:28 cgi-bin ------>存放CGI执行脚本的目录;
drwxr-xr-x. 3 root root 4096 Apr 9 21:28 error ------->存放错误页面的目录;
drwxr-sr-x. 2 root root 4096 Mar 27 23:05 htdocs ------>存放网页的目录;
drwxr-xr-x. 3 root root 4096 Apr 9 21:28 icons ------->存放一些二进制文件的目录;
drwxr-xr-x. 2 root root 4096 Apr 9 21:28 include ------->存放头部文件的目录;
drwxr-xr-x. 2 root root 4096 Apr 9 21:54 logs -------->存放日志的目录;
drwxr-xr-x. 4 root root 4096 Apr 9 21:28 man -------->存放帮助文档目录;
drwxr-sr-x. 14 root root 12288 Mar 27 23:05 manual -------->存放手册的目录;
drwxr-xr-x. 2 root root 4096 Apr 9 21:28 modules -------->存放模块的目录;
e. 默认到sbin路径,查看Apache 版本
[root@usr/local/httpd ~]# cp /usr/local/httpd/bin/httpd /usr/sbin/ ; httpd -V
PHP 7 编译安装
PHP7 编译安装,适配Apache 2.4.x版本
准备软件包:
freetype-2.3.11-14.el6_3.1.x86_64.rpm (centos6镜像自带)
freetype-devel-2.3.11-14.el6_3.1.x86_64.rpm (centos6镜像自带)
apr>1.6.x apr-devel>1.6.x apr-util>1.6.x (上面Apache已安装apr)
php-7.x.tar.gz (https://www.php.net/downloads.php)
编译PHP7支持Apache 2.4.x (指定安装目录/usr/local/php,指定配置目录/etc/php.d,指定Apache调用模块关联/usr/local/httpd/bin/apxs)
1. tar -xvf php-7.x.tar.gz ; cd php-7.x ;
2. ./configure --prefix=/usr/local/php --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --with-apxs2=/usr/local/httpd/bin/apxs --enable-mysqlnd --with-mysqli=mysqlnd --with-openssl --with-pdo-mysql=mysqlnd --enable-mbstring --with-iconv --enable-bcmath --with-gettext --with-gd --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --enable-sockets --enable-fpm --enable-maintainer-zts --disable-fileinfo
常见报错:cannot find -liconv (确认上面Apache已经安装libconv,并找到libconv.so.xx所在目录)
创建软链 ln -s /usr/libiconv/libiconv.so.xx /usr/lib64/libiconv.so
3. 查看/etc/httpd/httpd.conf 是否启用相关模块(根据需要启用)
LoadModule proxy_module modules/mod_proxy.so
LoadModule alias_module modules/mod_alias.so
LoadModule php7_module modules/libphp7.so
Require all granted
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
Include /etc/httpd/conf.d/vhost.conf //(根据需要自定义虚拟主机配置文件)
###################################################################################
虚拟主机
根据需要业务配置的/etc/httpd/conf.d/vhost.conf
1. zabbix虚拟路径 2. bx.grafana.net 虚拟主机域名转发
<VirtualHost *:80>
Alias /zabbix "/usr/share/zabbix"
<Directory "/usr/share/zabbix">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Order deny,allow
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerAdmin admin@test.com
DocumentRoot "/var/www/html"
ServerName bx.grafana.net
ProxyRequests Off
<Proxy />
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:3000/
</VirtualHost>
###################################################################################
常见问题
zabbix 调用php 常见问题:
1. 访问目录http://ip/zabbix会显示:
Forbidden
You don‘t have permission to access /test/ on this server.
在httpd.conf的配置中找到,其中定义了Deny from all,可以将其注释,就不会封网段
2. zabbix在安装过程中出现无法找到sock文件的问题
创建软链 ln -s /var/lib/mysql/mysql.sock /tmp/mysql.sock
3. 登录进zabbix页面中,页面显示错误:
ini_set(): Use of mbstring.internal_encoding is deprecated [dashboard.php:21 → require_once() →
ZBase->run() → ZBase>initLocales() → init_mbstrings() →
ini_set() in /var/www/html/zabbix/include/locales.inc.php:25]
zabbix安装路径中include/locales.inc.php的第25行数据注释,查看include/func.inc.php代码,跳转到报错的位置#410,val这个变量类型问题,在403行后添加一行 $val = substr($val,0,-1);
###################################################################################
Apache 漏洞
远端WWW服务支持TRACE请求漏洞
1. 2.0.55以上版本的Apache服务器,可以在httpd.conf的尾部添加:TraceEnable off
2. 确认rewrite模块激活(httpd.conf):
LoadModule rewrite_module modules/mod_rewrite.so
在vhost.conf配置文件中每个虚拟主机里面加入
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
###################################################################################