httpd
作者:互联网
httpd
目录1. httpd基础
1.1 httpd自带的工具程序
| 工具 | 功能 |
|---|---|
| htpasswd | basic认证基于文件实现时,用到的帐号密码生成工具 |
| apachectl | httpd自带的服务控制脚本,支持start,stop,restart |
| apxs | 由httpd-devel包提供的,扩展httpd使用第三方模块的工具 |
| rotatelogs | 日志滚动工具 |
| suexec | 访问某些有特殊权限配置的资源时,临时切换至指定用户运行的工具 |
| ab | apache benchmark,httpd的压力测试工具 |
1.2 rpm包安装的httpd程序环境
| 文件/目录 | 对应的功能 |
|---|---|
| /var/log/httpd/access.log | 访问日志 |
| /var/log/httpd/error_log | 错误日志 |
| /var/www/html/ | 站点文档目录 |
| /usr/lib64/httpd/modules/ | 模块文件路径 |
| /etc/httpd/conf/httpd.conf | 主配置文件 |
| /etc/httpd/conf.modules.d/*.conf | 模块配置文件 |
| /etc/httpd/conf.d/*.conf | 辅助配置文件 |
1.3 web相关的命令
curl命令
语法:curl [options] [URL ...]
-o/--output //把输出写到文件中
[root@z1 ~]# curl -o 123 https://mirrors.aliyun.com/apache/apr/apr-1.7.0.tar.gz?spm=a2c6h.25603864.0.0.74997c9ciWwxSV
[root@z1 ~]# tar -xf 123
[root@z1 ~]# ls
123 abc.gz anaconda-ks.cfg apr-1.7.0
httpd命令
语法:httpd [options]
-l //查看静态编译的模块,列出核心中编译了哪些模块
[root@z1 ~]# httpd -l
Compiled in modules:
core.c
mod_so.c
http_core.c
-M //输出一个已经启用的模块列表,包括静态编译在服务
[root@z1 ~]# httpd -M
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::aa3a:17cb:8fee:9827. Set the 'ServerName' directive globally to suppress this message
Loaded Modules:
core_module (static)
so_module (static)
http_module (static)
access_compat_module (shared)
actions_module (shared)
-v //显示httpd的版本,然后退出
-V //显示httpd和apr/apr-util的版本和编译参数,然后退出
[root@z1 ~]# httpd -v
Server version: Apache/2.4.37 (centos)
Server built: Jul 31 2020 20:44:41
[root@z1 ~]# httpd -V
Server version: Apache/2.4.37 (centos)
Server built: Jul 31 2020 20:44:41
Server's Module Magic Number: 20120211:83
Server loaded: APR 1.6.3, APR-UTIL 1.6.1
Compiled using: APR 1.6.3, APR-UTIL 1.6.1
Architecture: 64-bit
-t //检查配置文件是否有语法错误
[root@z1 ~]# httpd -t
Syntax OK
2. 编译安装httpd
安装开发环境
[root@z1 html]# yum groups mark install "Development Tools"
Last metadata expiration check: 2:36:12 ago on Thu 21 Jul 2022 07:18:04 PM CST.
Dependencies resolved.
=============================================================================
Package Architecture Version Repository Size
=============================================================================
Installing Groups:
Development Tools
Transaction Summary
=============================================================================
Is this ok [y/N]: y
Complete!
yum -y install openssl-devel pcre-devel expat-devel libtool
perl-libnet-3.11-3.el8.noarch
perl-libs-4:5.26.3-416.el8.x86_64
perl-macros-4:5.26.3-416.el8.x86_64
perl-parent-1:0.237-1.el8.noarch
perl-podlators-4.11-1.el8.noarch
perl-threads-1:2.21-2.el8.x86_64
perl-threads-shared-1.58-2.el8.x86_64
pkgconf-1.4.2-1.el8.x86_64
pkgconf-m4-1.4.2-1.el8.noarch
pkgconf-pkg-config-1.4.2-1.el8.x86_64
zlib-devel-1.2.11-17.el8.x86_64
Complete!
下载并安装apr-1.4+和apr-util-1.4+
[root@z1 src]# wget https://mirrors.aliyun.com/apache/apr/apr-1.7.0.tar.gz
--2022-07-21 21:59:59-- https://mirrors.aliyun.com/apache/apr/apr-1.7.0.tar.gz
Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 119.96.204.210, 119.96.204.211, 119.96.138.214, ...
Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|119.96.204.210|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1093896 (1.0M) [application/octet-stream]
Saving to: ‘apr-1.7.0.tar.gz’
apr-1.7.0.tar.gz 100%[================>] 1.04M --.-KB/s in 0.07s
2022-07-21 21:59:59 (14.4 MB/s) - ‘apr-1.7.0.tar.gz’ saved [1093896/1093896]
[root@z1 src]# wget https://mirrors.aliyun.com/apache/apr/apr-util-1.6.1.tar.gz
--2022-07-21 22:01:26-- https://mirrors.aliyun.com/apache/apr/apr-util-1.6.1.tar.gz
Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 119.96.204.210, 119.96.204.211, 119.96.138.214, ...
Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|119.96.204.210|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 554301 (541K) [application/octet-stream]
Saving to: ‘apr-util-1.6.1.tar.gz’
apr-util-1.6.1.tar. 100%[================>] 541.31K --.-KB/s in 0.06s
2022-07-21 22:01:26 (8.63 MB/s) - ‘apr-util-1.6.1.tar.gz’ saved [554301/554301]
解压apr apr-util
[root@z1 src]# tar -xf apr-1.7.0.tar.gz //解压
[root@z1 src]# tar -xf apr-util-1.6.1.tar.gz
[root@z1 src]# ls
apr-1.7.0 apr-util-1.6.1 debug
apr-1.7.0.tar.gz apr-util-1.6.1.tar.gz kernels
编译apr apr-util
root@z1 src]# cd apr-1.7.0
[root@z1 apr-1.7.0]# vim configure
cfgfile=${ofile}T
trap "$RM \"$cfgfile\"; exit 1" 1 2 15
#$RM "$cfgfile" //注释此行
[root@z1 apr-1.7.0]# ./configure --prefix=/usr/local/apr
config.status: creating Makefile
config.status: creating include/apr.h
config.status: creating build/apr_rules.mk
config.status: creating build/pkg/pkginfo
config.status: creating apr-1-config
config.status: creating apr.pc
config.status: creating test/Makefile
config.status: creating test/internal/Makefile
config.status: creating include/arch/unix/apr_private.h
config.status: executing libtool commands
config.status: executing default commands
[root@z1 apr-1.7.0]# make && make install
/usr/bin/install -c -m 644 /usr/src/apr-1.7.0/build/${f} /usr/local/apr/build-1; \
done
/usr/bin/install -c -m 644 build/apr_rules.out /usr/local/apr/build-1/apr_rules.mk
/usr/bin/install -c -m 755 apr-config.out /usr/local/apr/bin/apr-1-config
[root@z1 apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
config.status: creating include/private/apu_select_dbm.h
config.status: creating include/apr_ldap.h
config.status: creating include/apu.h
config.status: creating include/apu_want.h
config.status: creating test/Makefile
config.status: creating include/private/apu_config.h
config.status: executing default commands
[root@z1 apr-util-1.6.1]# make && make install
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
/usr/bin/install -c -m 644 aprutil.exp /usr/local/apr-util/lib
/usr/bin/install -c -m 755 apu-config.out /usr/local/apr-util/bin/apu-1-conf
编译安装httpd
[root@z1 apr-util-1.6.1]# wget https://mirrors.aliyun.com/apache/httpd/httpd-2.4.54.tar.gz
--2022-07-21 22:12:17-- https://mirrors.aliyun.com/apache/httpd/httpd-2.4.54.tar.gz
[root@z1 ~]# ls
123 abc.gz anaconda-ks.cfg httpd-2.4.54.tar.gz
[root@z1 ~]# tar xf httpd-2.4.54.tar.gz
[root@z1 ~]# cd httpd-2.4.54
[root@z1 httpd-2.4.54]# ./configure --prefix=/usr/local/apache --sysconfdir=/etc/httpd24 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/ --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork
[root@z1 httpd-2.4.54]# make && make install
配置环境变量
[root@z1 ~]# echo 'export PATH=/usr/local/hpptd/bin:$PATH' > /etc/profil e.d/apache.sh
[root@z1 ~]# source /etc/profile.d/apache.sh
[root@z1 ~]# which httpd /usr/local/httpd/bin/httpd
[root@z1 ~]# vim /etc/man_db.conf MANDATORY_MANPATH /usr/man MANDATORY_MANPATH /usr/share/man MANDATORY_MANPATH /usr/local/share/man MANDATORY_MANPATH /usr/local/httpd/man$(添加这一行)
启动apache
[root@z1 ~]# /usr/local/httpd/bin/httpd AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::c03b:9260:8f20:64cc. Set the 'ServerName' direc tive globally to suppress this message
3. httpd常用配置
创建index.html文件
[root@z1 ~]# cd /var/www/html/
[root@z1 html]# touch index.html
[root@z1 html]# echo "xixi" > index.html
默认访问index.html文件
指定访问123.html文件
[root@z1 html]# echo "hello" > 123.html
编辑主配置文件来修改访问权限
[root@z1 html]# vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html">
<RequireAll>
Require not ip 192.168.26.1 //本地ip禁止访问
Require all granted
</RequireAll>
</Directory>
[root@z1 html]# curl http://192.168.26.134 //虚拟机能访问
xixi
[root@z1 html]# vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html">
<RequireAll>
Require not ip 192.168.26.134 //虚拟机禁止访问
Require all granted
</RequireAll>
</Directory>
[root@z1 html]# curl http://192.168.26.134/123.html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
</body></html>
4. 虚拟主机
虚拟主机有三类:
相同IP不同端口
不同IP相同端口
相同IP相同端口不同域名
//查找当前虚拟主机文件
[root@z1 ~]# find / -name *vhosts.conf
/usr/share/doc/httpd/httpd-vhosts.conf
//将查找到的虚拟主机文件复制到 /etc/httpd/conf.d中
[root@z1 conf.d]# cp /usr/share/doc/httpd/httpd-vhosts.conf .
[root@z1 conf.d]# ls
autoindex.conf httpd-vhosts.conf README userdir.conf welcome.conf
//创建飞机和坦克游戏测试文件
[root@z1 ~]# cd /var/www/html/
[root@z1 html]# ls
fj tk
[root@z1 html]# ls fj/
css img index.html js
[root@z1 html]# ls tk/
audio css images index.html js
测试相同IP不同端口 禁止本虚拟机访问其他都能访问
[root@z1 ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/var/www/html/fj"
ServerName www.fj.com
ErrorLog "/var/log/httpd/www.fj.com-error_log"
CustomLog "/var/log/httpd/www.fj.com-access_log" common
<Directory /var/www/html/www>
<RequireAll>
Require not ip 192.168.26.134
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
listen 81
<VirtualHost *:81>
DocumentRoot "/var/www/html/tk"
ServerName www.tk.com
ErrorLog "/var/log/httpd/www.tk.com-error_log"
CustomLog "/var/log/httpd/www.tk.com-access_log" common
<Directory /var/www/html/www>
<RequireAll>
Require not ip 192.168.26.134
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
//检查配置文件
[root@z1 ~]# httpd -t
Syntax OK
//重启服务
[root@z1 ~]# systemctl restart httpd
//虚拟机禁止访问
[root@z1 ~]# curl http://192.168.26.134/fj
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
</body></html>
[root@z1 ~]# curl http://192.168.26.134/tk
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
</body></html>
不同IP相同端口 禁止本虚拟机访问其他都能访问
//添加临时ip
[root@z1 ~]# ip addr add 192.168.26.135/24 dev ens192
[root@z1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:b2:71:39 brd ff:ff:ff:ff:ff:ff
inet 192.168.26.134/24 brd 192.168.26.255 scope global dynamic noprefixroute ens192
valid_lft 1324sec preferred_lft 1324sec
inet 192.168.26.135/24 scope global secondary ens192
valid_lft forever preferred_lft forever
inet6 fe80::dad8:5e4c:7a6b:13cc/64 scope link dadfailed tentative noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::aa3a:17cb:8fee:9827/64 scope link noprefixroute
valid_lft forever preferred_lft forever
//更改配置文件
<VirtualHost 192.168.26.134:80>
DocumentRoot "/var/www/html/fj"
ServerName www.fj.com
ErrorLog "/var/log/httpd/www.fj.com-error_log"
CustomLog "/var/log/httpd/www.fj.com-access_log" common
<Directory /var/www/html/www>
<RequireAll>
Require not ip 192.168.26.134
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
listen 81
<VirtualHost 192.168.26.135:80>
DocumentRoot "/var/www/html/tk"
ServerName www.tk.com
ErrorLog "/var/log/httpd/www.tk.com-error_log"
CustomLog "/var/log/httpd/www.tk.com-access_log" common
<Directory /var/www/html/www>
<RequireAll>
Require not ip 192.168.26.134
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
//检查配置文件
[root@z1 ~]# httpd -t
Syntax OK
//重启服务
[root@z1 ~]# systemctl restart httpd
//虚拟机访问
[root@z1 ~]# curl http://192.168.26.134/fj
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
</body></html>
[root@z1 ~]# curl http://192.168.26.134/tk
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
</body></html>
相同IP相同端口不同域名 允许所有访问
[root@z1 ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf
<VirtualHost 192.168.26.134:80>
DocumentRoot "/var/www/html/fj"
ServerName www.fj.com
ErrorLog "/var/log/httpd/www.fj.com-error_log"
CustomLog "/var/log/httpd/www.fj.com-access_log" common
</VirtualHost>
listen 81
<VirtualHost 192.168.26.134:80>
DocumentRoot "/var/www/html/tk"
ServerName www.tk.com
ErrorLog "/var/log/httpd/www.tk.com-error_log"
CustomLog "/var/log/httpd/www.tk.com-access_log" common
</VirtualHost>
//检查配置文件
[root@z1 ~]# httpd -t
Syntax OK
//重启服务
[root@z1 ~]# systemctl restart httpd
//添加本地域名解析
[root@z1 ~]# vim /etc/hosts
192.168.26.134 www.fj.com
192.168.26.134 www.tk.com
windows添加域名解析:
修改文件地址:C:\Windows\System32\drivers\etc\hosts
添加这二行
192.168.26.134 www.fj.com
192.168.26.134 www.tk.com
5. https配置
//安装mod_ssl模块
[root@z1 html]# yum -y install mod_ssl
Last metadata expiration check: 3:22:44 ago on Sat 23 Jul 2022 05:07:20 PM CST.
Dependencies resolved.
//重启服务
[root@z1 html]# systemctl restart httpd
生成证书
CA生成一对密钥
[root@z1 pki]# cd /etc/pki/CA/
[root@z1 CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
.....................................+++++
.....+++++
e is 65537 (0x010001)
CA生成自签署证书
[root@z1 CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:peixun
Common Name (eg, your name or your server's hostname) []:www.fj.com
Email Address []:1@2.com
[root@z1 CA]# mkdir certs newcerts crl
[root@z1 CA]# touch index.txt && echo 01 > serial
[root@z1 CA]# ls
cacert.pem certs crl index.txt newcerts private serial
客户端(例如httpd服务器)生成密钥
[root@z1 CA]# cd /etc/httpd && mkdir ssl && cd ssl
[root@z1 ssl]# pwd
/etc/httpd/ssl
[root@z1 ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
..+++++
...............................+++++
e is 65537 (0x010001)
客户端生成证书签署请求
[root@z1 ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:peixun
Common Name (eg, your name or your server's hostname) []:www.fj.com
Email Address []:1@2.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
CA签署客户端提交上来的证书
[root@z1 ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Jul 23 12:54:57 2022 GMT
Not After : Jul 23 12:54:57 2023 GMT
Subject:
countryName = cn
stateOrProvinceName = hb
organizationName = runtime
organizationalUnitName = peixun
commonName = www.fj.com
emailAddress = 1@2.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
B1:D9:C7:EB:29:97:7E:75:C1:70:69:37:C1:31:4B:9D:E5:B0:64:7D
X509v3 Authority Key Identifier:
keyid:78:AF:93:56:7A:2A:DC:29:89:0A:D9:DD:54:ED:B0:39:15:F1:21:01
Certificate is to be certified until Jul 23 12:54:57 2023 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@z1 ssl]# ls
httpd.crt httpd.csr httpd.key
修改配置文件
[root@z1 conf.d]# cd /etc/httpd/conf.d/
[root@z1 conf.d]# vim ssl.conf
<VirtualHost _default_:443>
DocumentRoot "/var/www/html/tk"
ServerName www.tk.com:443
SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
[root@z1 conf.d]# httpd -t
Syntax OK
[root@z1 conf.d]# systemctl restart httpd
标签:httpd,www,apr,root,com,z1 来源: https://www.cnblogs.com/z696/p/16513084.html