其他分享
首页 > 其他分享> > httpd

httpd

作者:互联网

httpd

目录

1. httpd基础

1.1 httpd自带的工具程序

工具 功能
htpasswd basic认证基于文件实现时,用到的帐号密码生成工具
apachectl httpd自带的服务控制脚本,支持start,stop,restart
apxs 由httpd-devel包提供的,扩展httpd使用第三方模块的工具
rotatelogs 日志滚动工具
suexec 访问某些有特殊权限配置的资源时,临时切换至指定用户运行的工具
ab apache benchmark,httpd的压力测试工具

1.2 rpm包安装的httpd程序环境

文件/目录 对应的功能
/var/log/httpd/access.log 访问日志
/var/log/httpd/error_log 错误日志
/var/www/html/ 站点文档目录
/usr/lib64/httpd/modules/ 模块文件路径
/etc/httpd/conf/httpd.conf 主配置文件
/etc/httpd/conf.modules.d/*.conf 模块配置文件
/etc/httpd/conf.d/*.conf 辅助配置文件

1.3 web相关的命令

curl命令
语法:curl [options] [URL ...]
-o/--output //把输出写到文件中

[root@z1 ~]# curl -o 123 https://mirrors.aliyun.com/apache/apr/apr-1.7.0.tar.gz?spm=a2c6h.25603864.0.0.74997c9ciWwxSV
[root@z1 ~]# tar -xf 123 
[root@z1 ~]# ls
123  abc.gz  anaconda-ks.cfg  apr-1.7.0

httpd命令
语法:httpd [options]
-l //查看静态编译的模块,列出核心中编译了哪些模块

[root@z1 ~]# httpd -l
Compiled in modules:
  core.c
  mod_so.c
  http_core.c

-M //输出一个已经启用的模块列表,包括静态编译在服务

[root@z1 ~]# httpd -M
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::aa3a:17cb:8fee:9827. Set the 'ServerName' directive globally to suppress this message
Loaded Modules:
 core_module (static)
 so_module (static)
 http_module (static)
 access_compat_module (shared)
 actions_module (shared)

-v //显示httpd的版本,然后退出
-V //显示httpd和apr/apr-util的版本和编译参数,然后退出

[root@z1 ~]# httpd -v
Server version: Apache/2.4.37 (centos)
Server built:   Jul 31 2020 20:44:41
[root@z1 ~]# httpd -V
Server version: Apache/2.4.37 (centos)
Server built:   Jul 31 2020 20:44:41
Server's Module Magic Number: 20120211:83
Server loaded:  APR 1.6.3, APR-UTIL 1.6.1
Compiled using: APR 1.6.3, APR-UTIL 1.6.1
Architecture:   64-bit

-t //检查配置文件是否有语法错误

[root@z1 ~]# httpd -t
Syntax OK

2. 编译安装httpd

安装开发环境

[root@z1 html]# yum groups mark install "Development Tools"
Last metadata expiration check: 2:36:12 ago on Thu 21 Jul 2022 07:18:04 PM CST.
Dependencies resolved.
=============================================================================
 Package          Architecture    Version             Repository        Size
=============================================================================
Installing Groups:
 Development Tools
                                                                            

Transaction Summary
=============================================================================
Is this ok [y/N]: y
Complete!

yum -y install openssl-devel pcre-devel expat-devel libtool
perl-libnet-3.11-3.el8.noarch                                              
  perl-libs-4:5.26.3-416.el8.x86_64                                          
  perl-macros-4:5.26.3-416.el8.x86_64                                        
  perl-parent-1:0.237-1.el8.noarch                                           
  perl-podlators-4.11-1.el8.noarch                                           
  perl-threads-1:2.21-2.el8.x86_64                                           
  perl-threads-shared-1.58-2.el8.x86_64                                      
  pkgconf-1.4.2-1.el8.x86_64                                                 
  pkgconf-m4-1.4.2-1.el8.noarch                                              
  pkgconf-pkg-config-1.4.2-1.el8.x86_64                                      
  zlib-devel-1.2.11-17.el8.x86_64                                            
Complete!

下载并安装apr-1.4+和apr-util-1.4+

[root@z1 src]# wget https://mirrors.aliyun.com/apache/apr/apr-1.7.0.tar.gz
--2022-07-21 21:59:59--  https://mirrors.aliyun.com/apache/apr/apr-1.7.0.tar.gz
Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 119.96.204.210, 119.96.204.211, 119.96.138.214, ...
Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|119.96.204.210|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1093896 (1.0M) [application/octet-stream]
Saving to: ‘apr-1.7.0.tar.gz’

apr-1.7.0.tar.gz    100%[================>]   1.04M  --.-KB/s    in 0.07s   
2022-07-21 21:59:59 (14.4 MB/s) - ‘apr-1.7.0.tar.gz’ saved [1093896/1093896]


[root@z1 src]# wget https://mirrors.aliyun.com/apache/apr/apr-util-1.6.1.tar.gz
--2022-07-21 22:01:26--  https://mirrors.aliyun.com/apache/apr/apr-util-1.6.1.tar.gz
Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 119.96.204.210, 119.96.204.211, 119.96.138.214, ...
Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|119.96.204.210|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 554301 (541K) [application/octet-stream]
Saving to: ‘apr-util-1.6.1.tar.gz’

apr-util-1.6.1.tar. 100%[================>] 541.31K  --.-KB/s    in 0.06s   

2022-07-21 22:01:26 (8.63 MB/s) - ‘apr-util-1.6.1.tar.gz’ saved [554301/554301]

解压apr apr-util

[root@z1 src]# tar -xf apr-1.7.0.tar.gz       //解压
[root@z1 src]# tar -xf apr-util-1.6.1.tar.gz 
[root@z1 src]# ls
apr-1.7.0         apr-util-1.6.1         debug
apr-1.7.0.tar.gz  apr-util-1.6.1.tar.gz  kernels

编译apr apr-util

root@z1 src]# cd apr-1.7.0
[root@z1 apr-1.7.0]# vim configure
cfgfile=${ofile}T
    trap "$RM \"$cfgfile\"; exit 1" 1 2 15
   #$RM "$cfgfile"             //注释此行


[root@z1 apr-1.7.0]# ./configure --prefix=/usr/local/apr
config.status: creating Makefile
config.status: creating include/apr.h
config.status: creating build/apr_rules.mk
config.status: creating build/pkg/pkginfo
config.status: creating apr-1-config
config.status: creating apr.pc
config.status: creating test/Makefile
config.status: creating test/internal/Makefile
config.status: creating include/arch/unix/apr_private.h
config.status: executing libtool commands
config.status: executing default commands

[root@z1 apr-1.7.0]# make && make install
   /usr/bin/install -c -m 644 /usr/src/apr-1.7.0/build/${f} /usr/local/apr/build-1; \
done
/usr/bin/install -c -m 644 build/apr_rules.out /usr/local/apr/build-1/apr_rules.mk
/usr/bin/install -c -m 755 apr-config.out /usr/local/apr/bin/apr-1-config

[root@z1 apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
config.status: creating include/private/apu_select_dbm.h
config.status: creating include/apr_ldap.h
config.status: creating include/apu.h
config.status: creating include/apu_want.h
config.status: creating test/Makefile
config.status: creating include/private/apu_config.h
config.status: executing default commands

[root@z1 apr-util-1.6.1]# make && make install
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
/usr/bin/install -c -m 644 aprutil.exp /usr/local/apr-util/lib
/usr/bin/install -c -m 755 apu-config.out /usr/local/apr-util/bin/apu-1-conf

编译安装httpd

[root@z1 apr-util-1.6.1]# wget https://mirrors.aliyun.com/apache/httpd/httpd-2.4.54.tar.gz
--2022-07-21 22:12:17--  https://mirrors.aliyun.com/apache/httpd/httpd-2.4.54.tar.gz
[root@z1 ~]# ls
123  abc.gz  anaconda-ks.cfg  httpd-2.4.54.tar.gz
[root@z1 ~]# tar xf httpd-2.4.54.tar.gz 
[root@z1 ~]# cd httpd-2.4.54

[root@z1 httpd-2.4.54]# ./configure --prefix=/usr/local/apache --sysconfdir=/etc/httpd24 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/ --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork
[root@z1 httpd-2.4.54]# make && make install

配置环境变量

[root@z1 ~]# echo 'export PATH=/usr/local/hpptd/bin:$PATH' > /etc/profil e.d/apache.sh
[root@z1 ~]# source /etc/profile.d/apache.sh
[root@z1 ~]# which httpd /usr/local/httpd/bin/httpd
[root@z1 ~]# vim /etc/man_db.conf MANDATORY_MANPATH /usr/man MANDATORY_MANPATH /usr/share/man MANDATORY_MANPATH /usr/local/share/man MANDATORY_MANPATH /usr/local/httpd/man$(添加这一行)

启动apache

[root@z1 ~]# /usr/local/httpd/bin/httpd AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::c03b:9260:8f20:64cc. Set the 'ServerName' direc tive globally to suppress this message

Alt text

3. httpd常用配置

创建index.html文件

[root@z1 ~]# cd /var/www/html/
[root@z1 html]# touch index.html
[root@z1 html]# echo "xixi" > index.html  

默认访问index.html文件
Alt text

指定访问123.html文件

[root@z1 html]# echo "hello" > 123.html 

Alt text

编辑主配置文件来修改访问权限

[root@z1 html]# vim /etc/httpd/conf/httpd.conf 
<Directory "/var/www/html">
        <RequireAll>
                Require not ip 192.168.26.1   //本地ip禁止访问
                Require all granted       
        </RequireAll>
</Directory>
[root@z1 html]# curl http://192.168.26.134  //虚拟机能访问
xixi

Alt text

[root@z1 html]# vim /etc/httpd/conf/httpd.conf 
<Directory "/var/www/html">
        <RequireAll>
                Require not ip 192.168.26.134   //虚拟机禁止访问
                Require all granted       
        </RequireAll>
</Directory>
[root@z1 html]# curl http://192.168.26.134/123.html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
</body></html>

Alt text

4. 虚拟主机

虚拟主机有三类:
相同IP不同端口
不同IP相同端口
相同IP相同端口不同域名

//查找当前虚拟主机文件
[root@z1 ~]# find / -name *vhosts.conf
/usr/share/doc/httpd/httpd-vhosts.conf

//将查找到的虚拟主机文件复制到 /etc/httpd/conf.d中
[root@z1 conf.d]# cp /usr/share/doc/httpd/httpd-vhosts.conf .
[root@z1 conf.d]# ls
autoindex.conf  httpd-vhosts.conf  README  userdir.conf  welcome.conf

//创建飞机和坦克游戏测试文件
[root@z1 ~]# cd /var/www/html/
[root@z1 html]# ls
fj  tk
[root@z1 html]# ls fj/
css  img  index.html  js
[root@z1 html]# ls tk/
audio  css  images  index.html  js

测试相同IP不同端口 禁止本虚拟机访问其他都能访问

[root@z1 ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf 
<VirtualHost *:80>
    DocumentRoot "/var/www/html/fj"
    ServerName www.fj.com
    ErrorLog "/var/log/httpd/www.fj.com-error_log"
    CustomLog "/var/log/httpd/www.fj.com-access_log" common
        <Directory /var/www/html/www>
                <RequireAll>
                        Require not ip 192.168.26.134
                        Require all granted
                </RequireAll>
        </Directory>
</VirtualHost>

listen 81
<VirtualHost *:81>
    DocumentRoot "/var/www/html/tk"
    ServerName www.tk.com
    ErrorLog "/var/log/httpd/www.tk.com-error_log"
    CustomLog "/var/log/httpd/www.tk.com-access_log" common
        <Directory /var/www/html/www>
                <RequireAll>
                        Require not ip 192.168.26.134
                        Require all granted
                </RequireAll>
        </Directory>
</VirtualHost>

//检查配置文件
[root@z1 ~]# httpd -t
Syntax OK
//重启服务
[root@z1 ~]# systemctl restart httpd

//虚拟机禁止访问
[root@z1 ~]# curl http://192.168.26.134/fj
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
</body></html>
[root@z1 ~]# curl http://192.168.26.134/tk
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
</body></html>

Alt text
Alt text

不同IP相同端口 禁止本虚拟机访问其他都能访问

//添加临时ip
[root@z1 ~]# ip addr add 192.168.26.135/24 dev ens192
[root@z1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:b2:71:39 brd ff:ff:ff:ff:ff:ff
    inet 192.168.26.134/24 brd 192.168.26.255 scope global dynamic noprefixroute ens192
       valid_lft 1324sec preferred_lft 1324sec
    inet 192.168.26.135/24 scope global secondary ens192
       valid_lft forever preferred_lft forever
    inet6 fe80::dad8:5e4c:7a6b:13cc/64 scope link dadfailed tentative noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::aa3a:17cb:8fee:9827/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

//更改配置文件
<VirtualHost 192.168.26.134:80>
    DocumentRoot "/var/www/html/fj"
    ServerName www.fj.com
    ErrorLog "/var/log/httpd/www.fj.com-error_log"
    CustomLog "/var/log/httpd/www.fj.com-access_log" common
        <Directory /var/www/html/www>
                <RequireAll>
                        Require not ip 192.168.26.134
                        Require all granted
                </RequireAll>
        </Directory>
</VirtualHost>

listen 81
<VirtualHost 192.168.26.135:80>
    DocumentRoot "/var/www/html/tk"
    ServerName www.tk.com
    ErrorLog "/var/log/httpd/www.tk.com-error_log"
    CustomLog "/var/log/httpd/www.tk.com-access_log" common
        <Directory /var/www/html/www>
                <RequireAll>
                        Require not ip 192.168.26.134
                        Require all granted
                </RequireAll>
        </Directory>
</VirtualHost>

//检查配置文件
[root@z1 ~]# httpd -t
Syntax OK
//重启服务
[root@z1 ~]# systemctl restart httpd

//虚拟机访问
[root@z1 ~]# curl http://192.168.26.134/fj
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
</body></html>
[root@z1 ~]# curl http://192.168.26.134/tk
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
</body></html>

Alt text
Alt text

相同IP相同端口不同域名 允许所有访问

[root@z1 ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf
<VirtualHost 192.168.26.134:80>
    DocumentRoot "/var/www/html/fj"
    ServerName www.fj.com
    ErrorLog "/var/log/httpd/www.fj.com-error_log"
    CustomLog "/var/log/httpd/www.fj.com-access_log" common
</VirtualHost>

listen 81
<VirtualHost 192.168.26.134:80>
    DocumentRoot "/var/www/html/tk"
    ServerName www.tk.com
    ErrorLog "/var/log/httpd/www.tk.com-error_log"
    CustomLog "/var/log/httpd/www.tk.com-access_log" common
</VirtualHost>

//检查配置文件
[root@z1 ~]# httpd -t
Syntax OK
//重启服务
[root@z1 ~]# systemctl restart httpd

//添加本地域名解析
[root@z1 ~]# vim /etc/hosts
192.168.26.134 www.fj.com
192.168.26.134 www.tk.com

windows添加域名解析:
修改文件地址:C:\Windows\System32\drivers\etc\hosts
添加这二行

192.168.26.134 www.fj.com
192.168.26.134 www.tk.com

Alt text

5. https配置

//安装mod_ssl模块
[root@z1 html]# yum -y install mod_ssl
Last metadata expiration check: 3:22:44 ago on Sat 23 Jul 2022 05:07:20 PM CST.
Dependencies resolved.
//重启服务
[root@z1 html]# systemctl restart httpd

生成证书

CA生成一对密钥

[root@z1 pki]# cd /etc/pki/CA/
[root@z1 CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048) 
Generating RSA private key, 2048 bit long modulus (2 primes)
.....................................+++++
.....+++++
e is 65537 (0x010001)

CA生成自签署证书

[root@z1 CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:peixun
Common Name (eg, your name or your server's hostname) []:www.fj.com
Email Address []:1@2.com

[root@z1 CA]# mkdir certs newcerts crl
[root@z1 CA]# touch index.txt && echo 01 > serial
[root@z1 CA]# ls
cacert.pem  certs  crl  index.txt  newcerts  private  serial

客户端(例如httpd服务器)生成密钥

[root@z1 CA]# cd /etc/httpd && mkdir ssl && cd ssl
[root@z1 ssl]# pwd
/etc/httpd/ssl
[root@z1 ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
..+++++
...............................+++++
e is 65537 (0x010001)

客户端生成证书签署请求

[root@z1 ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:peixun
Common Name (eg, your name or your server's hostname) []:www.fj.com
Email Address []:1@2.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

CA签署客户端提交上来的证书

[root@z1 ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Jul 23 12:54:57 2022 GMT
            Not After : Jul 23 12:54:57 2023 GMT
        Subject:
            countryName               = cn
            stateOrProvinceName       = hb
            organizationName          = runtime
            organizationalUnitName    = peixun
            commonName                = www.fj.com
            emailAddress              = 1@2.com
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                B1:D9:C7:EB:29:97:7E:75:C1:70:69:37:C1:31:4B:9D:E5:B0:64:7D
            X509v3 Authority Key Identifier: 
                keyid:78:AF:93:56:7A:2A:DC:29:89:0A:D9:DD:54:ED:B0:39:15:F1:21:01

Certificate is to be certified until Jul 23 12:54:57 2023 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@z1 ssl]# ls
httpd.crt  httpd.csr  httpd.key

修改配置文件

[root@z1 conf.d]# cd /etc/httpd/conf.d/
[root@z1 conf.d]# vim ssl.conf 
<VirtualHost _default_:443>
DocumentRoot "/var/www/html/tk"
ServerName www.tk.com:443

SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
[root@z1 conf.d]# httpd -t
Syntax OK
[root@z1 conf.d]# systemctl restart httpd

Alt text

标签:httpd,www,apr,root,com,z1
来源: https://www.cnblogs.com/z696/p/16513084.html