httpd
目录1. httpd基础
1.1 httpd自带的工具程序
| 工具 | 功能 |
|---|---|
| htpasswd | basic认证基于文件实现时,用到的帐号密码生成工具 |
| apachectl | httpd自带的服务控制脚本,支持start,stop,restart |
| apxs | 由httpd-devel包提供的,扩展httpd使用第三方模块的工具 |
| rotatelogs | 日志滚动工具 |
| suexec | 访问某些有特殊权限配置的资源时,临时切换至指定用户运行的工具 |
| ab | apache benchmark,httpd的压力测试工具 |
1.2 rpm包安装的httpd程序环境
| 文件/目录 | 对应的功能 |
|---|---|
| /var/log/httpd/access.log | 访问日志 |
| /var/log/httpd/error_log | 错误日志 |
| /var/www/html/ | 站点文档目录 |
| /usr/lib64/httpd/modules/ | 模块文件路径 |
| /etc/httpd/conf/httpd.conf | 主配置文件 |
| /etc/httpd/conf.modules.d/*.conf | 模块配置文件 |
| /etc/httpd/conf.d/*.conf | 辅助配置文件 |
1.3 web相关的命令
curl命令
语法:curl [options] [URL ...]
-o/--output //把输出写到文件中
[root@z1 ~]# curl -o 123 https://mirrors.aliyun.com/apache/apr/apr-1.7.0.tar.gz?spm=a2c6h.25603864.0.0.74997c9ciWwxSV
[root@z1 ~]# tar -xf 123
[root@z1 ~]# ls
123 abc.gz anaconda-ks.cfg apr-1.7.0
httpd命令
语法:httpd [options]
-l //查看静态编译的模块,列出核心中编译了哪些模块
[root@z1 ~]# httpd -l
Compiled in modules:
core.c
mod_so.c
http_core.c
-M //输出一个已经启用的模块列表,包括静态编译在服务
[root@z1 ~]# httpd -M
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::aa3a:17cb:8fee:9827. Set the 'ServerName' directive globally to suppress this message
Loaded Modules:
core_module (static)
so_module (static)
http_module (static)
access_compat_module (shared)
actions_module (shared)
-v //显示httpd的版本,然后退出
-V //显示httpd和apr/apr-util的版本和编译参数,然后退出
[root@z1 ~]# httpd -v
Server version: Apache/2.4.37 (centos)
Server built: Jul 31 2020 20:44:41
[root@z1 ~]# httpd -V
Server version: Apache/2.4.37 (centos)
Server built: Jul 31 2020 20:44:41
Server's Module Magic Number: 20120211:83
Server loaded: APR 1.6.3, APR-UTIL 1.6.1
Compiled using: APR 1.6.3, APR-UTIL 1.6.1
Architecture: 64-bit
-t //检查配置文件是否有语法错误
[root@z1 ~]# httpd -t
Syntax OK
2. 编译安装httpd
安装开发环境
[root@z1 html]# yum groups mark install "Development Tools"
Last metadata expiration check: 2:36:12 ago on Thu 21 Jul 2022 07:18:04 PM CST.
Dependencies resolved.
=============================================================================
Package Architecture Version Repository Size
=============================================================================
Installing Groups:
Development Tools
Transaction Summary
=============================================================================
Is this ok [y/N]: y
Complete!
yum -y install openssl-devel pcre-devel expat-devel libtool
perl-libnet-3.11-3.el8.noarch
perl-libs-4:5.26.3-416.el8.x86_64
perl-macros-4:5.26.3-416.el8.x86_64
perl-parent-1:0.237-1.el8.noarch
perl-podlators-4.11-1.el8.noarch
perl-threads-1:2.21-2.el8.x86_64
perl-threads-shared-1.58-2.el8.x86_64
pkgconf-1.4.2-1.el8.x86_64
pkgconf-m4-1.4.2-1.el8.noarch
pkgconf-pkg-config-1.4.2-1.el8.x86_64
zlib-devel-1.2.11-17.el8.x86_64
Complete!
下载并安装apr-1.4+和apr-util-1.4+
[root@z1 src]# wget https://mirrors.aliyun.com/apache/apr/apr-1.7.0.tar.gz
--2022-07-21 21:59:59-- https://mirrors.aliyun.com/apache/apr/apr-1.7.0.tar.gz
Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 119.96.204.210, 119.96.204.211, 119.96.138.214, ...
Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|119.96.204.210|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1093896 (1.0M) [application/octet-stream]
Saving to: ‘apr-1.7.0.tar.gz’
apr-1.7.0.tar.gz 100%[================>] 1.04M --.-KB/s in 0.07s
2022-07-21 21:59:59 (14.4 MB/s) - ‘apr-1.7.0.tar.gz’ saved [1093896/1093896]
[root@z1 src]# wget https://mirrors.aliyun.com/apache/apr/apr-util-1.6.1.tar.gz
--2022-07-21 22:01:26-- https://mirrors.aliyun.com/apache/apr/apr-util-1.6.1.tar.gz
Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 119.96.204.210, 119.96.204.211, 119.96.138.214, ...
Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|119.96.204.210|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 554301 (541K) [application/octet-stream]
Saving to: ‘apr-util-1.6.1.tar.gz’
apr-util-1.6.1.tar. 100%[================>] 541.31K --.-KB/s in 0.06s
2022-07-21 22:01:26 (8.63 MB/s) - ‘apr-util-1.6.1.tar.gz’ saved [554301/554301]
解压apr apr-util
[root@z1 src]# tar -xf apr-1.7.0.tar.gz //解压
[root@z1 src]# tar -xf apr-util-1.6.1.tar.gz
[root@z1 src]# ls
apr-1.7.0 apr-util-1.6.1 debug
apr-1.7.0.tar.gz apr-util-1.6.1.tar.gz kernels
编译apr apr-util
root@z1 src]# cd apr-1.7.0
[root@z1 apr-1.7.0]# vim configure
cfgfile=${ofile}T
trap "$RM \"$cfgfile\"; exit 1" 1 2 15
#$RM "$cfgfile" //注释此行
[root@z1 apr-1.7.0]# ./configure --prefix=/usr/local/apr
config.status: creating Makefile
config.status: creating include/apr.h
config.status: creating build/apr_rules.mk
config.status: creating build/pkg/pkginfo
config.status: creating apr-1-config
config.status: creating apr.pc
config.status: creating test/Makefile
config.status: creating test/internal/Makefile
config.status: creating include/arch/unix/apr_private.h
config.status: executing libtool commands
config.status: executing default commands
[root@z1 apr-1.7.0]# make && make install
/usr/bin/install -c -m 644 /usr/src/apr-1.7.0/build/${f} /usr/local/apr/build-1; \
done
/usr/bin/install -c -m 644 build/apr_rules.out /usr/local/apr/build-1/apr_rules.mk
/usr/bin/install -c -m 755 apr-config.out /usr/local/apr/bin/apr-1-config
[root@z1 apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
config.status: creating include/private/apu_select_dbm.h
config.status: creating include/apr_ldap.h
config.status: creating include/apu.h
config.status: creating include/apu_want.h
config.status: creating test/Makefile
config.status: creating include/private/apu_config.h
config.status: executing default commands
[root@z1 apr-util-1.6.1]# make && make install
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
/usr/bin/install -c -m 644 aprutil.exp /usr/local/apr-util/lib
/usr/bin/install -c -m 755 apu-config.out /usr/local/apr-util/bin/apu-1-conf
编译安装httpd
[root@z1 apr-util-1.6.1]# wget https://mirrors.aliyun.com/apache/httpd/httpd-2.4.54.tar.gz
--2022-07-21 22:12:17-- https://mirrors.aliyun.com/apache/httpd/httpd-2.4.54.tar.gz
[root@z1 ~]# ls
123 abc.gz anaconda-ks.cfg httpd-2.4.54.tar.gz
[root@z1 ~]# tar xf httpd-2.4.54.tar.gz
[root@z1 ~]# cd httpd-2.4.54
[root@z1 httpd-2.4.54]# ./configure --prefix=/usr/local/apache --sysconfdir=/etc/httpd24 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/ --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork
[root@z1 httpd-2.4.54]# make && make install
配置环境变量
[root@z1 ~]# echo 'export PATH=/usr/local/hpptd/bin:$PATH' > /etc/profil e.d/apache.sh
[root@z1 ~]# source /etc/profile.d/apache.sh
[root@z1 ~]# which httpd /usr/local/httpd/bin/httpd
[root@z1 ~]# vim /etc/man_db.conf MANDATORY_MANPATH /usr/man MANDATORY_MANPATH /usr/share/man MANDATORY_MANPATH /usr/local/share/man MANDATORY_MANPATH /usr/local/httpd/man$(添加这一行)
启动apache
[root@z1 ~]# /usr/local/httpd/bin/httpd AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::c03b:9260:8f20:64cc. Set the 'ServerName' direc tive globally to suppress this message
3. httpd常用配置
创建index.html文件
[root@z1 ~]# cd /var/www/html/
[root@z1 html]# touch index.html
[root@z1 html]# echo "xixi" > index.html
默认访问index.html文件
指定访问123.html文件
[root@z1 html]# echo "hello" > 123.html
编辑主配置文件来修改访问权限
[root@z1 html]# vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html">
<RequireAll>
Require not ip 192.168.26.1 //本地ip禁止访问
Require all granted
</RequireAll>
</Directory>
[root@z1 html]# curl http://192.168.26.134 //虚拟机能访问
xixi
[root@z1 html]# vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/html">
<RequireAll>
Require not ip 192.168.26.134 //虚拟机禁止访问
Require all granted
</RequireAll>
</Directory>
[root@z1 html]# curl http://192.168.26.134/123.html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
</body></html>
4. 虚拟主机
虚拟主机有三类:
相同IP不同端口
不同IP相同端口
相同IP相同端口不同域名
//查找当前虚拟主机文件
[root@z1 ~]# find / -name *vhosts.conf
/usr/share/doc/httpd/httpd-vhosts.conf
//将查找到的虚拟主机文件复制到 /etc/httpd/conf.d中
[root@z1 conf.d]# cp /usr/share/doc/httpd/httpd-vhosts.conf .
[root@z1 conf.d]# ls
autoindex.conf httpd-vhosts.conf README userdir.conf welcome.conf
//创建飞机和坦克游戏测试文件
[root@z1 ~]# cd /var/www/html/
[root@z1 html]# ls
fj tk
[root@z1 html]# ls fj/
css img index.html js
[root@z1 html]# ls tk/
audio css images index.html js
测试相同IP不同端口 禁止本虚拟机访问其他都能访问
[root@z1 ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/var/www/html/fj"
ServerName www.fj.com
ErrorLog "/var/log/httpd/www.fj.com-error_log"
CustomLog "/var/log/httpd/www.fj.com-access_log" common
<Directory /var/www/html/www>
<RequireAll>
Require not ip 192.168.26.134
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
listen 81
<VirtualHost *:81>
DocumentRoot "/var/www/html/tk"
ServerName www.tk.com
ErrorLog "/var/log/httpd/www.tk.com-error_log"
CustomLog "/var/log/httpd/www.tk.com-access_log" common
<Directory /var/www/html/www>
<RequireAll>
Require not ip 192.168.26.134
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
//检查配置文件
[root@z1 ~]# httpd -t
Syntax OK
//重启服务
[root@z1 ~]# systemctl restart httpd
//虚拟机禁止访问
[root@z1 ~]# curl http://192.168.26.134/fj
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
</body></html>
[root@z1 ~]# curl http://192.168.26.134/tk
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
</body></html>
不同IP相同端口 禁止本虚拟机访问其他都能访问
//添加临时ip
[root@z1 ~]# ip addr add 192.168.26.135/24 dev ens192
[root@z1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:b2:71:39 brd ff:ff:ff:ff:ff:ff
inet 192.168.26.134/24 brd 192.168.26.255 scope global dynamic noprefixroute ens192
valid_lft 1324sec preferred_lft 1324sec
inet 192.168.26.135/24 scope global secondary ens192
valid_lft forever preferred_lft forever
inet6 fe80::dad8:5e4c:7a6b:13cc/64 scope link dadfailed tentative noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::aa3a:17cb:8fee:9827/64 scope link noprefixroute
valid_lft forever preferred_lft forever
//更改配置文件
<VirtualHost 192.168.26.134:80>
DocumentRoot "/var/www/html/fj"
ServerName www.fj.com
ErrorLog "/var/log/httpd/www.fj.com-error_log"
CustomLog "/var/log/httpd/www.fj.com-access_log" common
<Directory /var/www/html/www>
<RequireAll>
Require not ip 192.168.26.134
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
listen 81
<VirtualHost 192.168.26.135:80>
DocumentRoot "/var/www/html/tk"
ServerName www.tk.com
ErrorLog "/var/log/httpd/www.tk.com-error_log"
CustomLog "/var/log/httpd/www.tk.com-access_log" common
<Directory /var/www/html/www>
<RequireAll>
Require not ip 192.168.26.134
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
//检查配置文件
[root@z1 ~]# httpd -t
Syntax OK
//重启服务
[root@z1 ~]# systemctl restart httpd
//虚拟机访问
[root@z1 ~]# curl http://192.168.26.134/fj
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
</body></html>
[root@z1 ~]# curl http://192.168.26.134/tk
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
</body></html>
相同IP相同端口不同域名 允许所有访问
[root@z1 ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf
<VirtualHost 192.168.26.134:80>
DocumentRoot "/var/www/html/fj"
ServerName www.fj.com
ErrorLog "/var/log/httpd/www.fj.com-error_log"
CustomLog "/var/log/httpd/www.fj.com-access_log" common
</VirtualHost>
listen 81
<VirtualHost 192.168.26.134:80>
DocumentRoot "/var/www/html/tk"
ServerName www.tk.com
ErrorLog "/var/log/httpd/www.tk.com-error_log"
CustomLog "/var/log/httpd/www.tk.com-access_log" common
</VirtualHost>
//检查配置文件
[root@z1 ~]# httpd -t
Syntax OK
//重启服务
[root@z1 ~]# systemctl restart httpd
//添加本地域名解析
[root@z1 ~]# vim /etc/hosts
192.168.26.134 www.fj.com
192.168.26.134 www.tk.com
windows添加域名解析:
修改文件地址:C:\Windows\System32\drivers\etc\hosts
添加这二行
192.168.26.134 www.fj.com
192.168.26.134 www.tk.com
5. https配置
//安装mod_ssl模块
[root@z1 html]# yum -y install mod_ssl
Last metadata expiration check: 3:22:44 ago on Sat 23 Jul 2022 05:07:20 PM CST.
Dependencies resolved.
//重启服务
[root@z1 html]# systemctl restart httpd
生成证书
CA生成一对密钥
[root@z1 pki]# cd /etc/pki/CA/
[root@z1 CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
.....................................+++++
.....+++++
e is 65537 (0x010001)
CA生成自签署证书
[root@z1 CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:peixun
Common Name (eg, your name or your server's hostname) []:www.fj.com
Email Address []:1@2.com
[root@z1 CA]# mkdir certs newcerts crl
[root@z1 CA]# touch index.txt && echo 01 > serial
[root@z1 CA]# ls
cacert.pem certs crl index.txt newcerts private serial
客户端(例如httpd服务器)生成密钥
[root@z1 CA]# cd /etc/httpd && mkdir ssl && cd ssl
[root@z1 ssl]# pwd
/etc/httpd/ssl
[root@z1 ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
..+++++
...............................+++++
e is 65537 (0x010001)
客户端生成证书签署请求
[root@z1 ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:peixun
Common Name (eg, your name or your server's hostname) []:www.fj.com
Email Address []:1@2.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
CA签署客户端提交上来的证书
[root@z1 ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Jul 23 12:54:57 2022 GMT
Not After : Jul 23 12:54:57 2023 GMT
Subject:
countryName = cn
stateOrProvinceName = hb
organizationName = runtime
organizationalUnitName = peixun
commonName = www.fj.com
emailAddress = 1@2.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
B1:D9:C7:EB:29:97:7E:75:C1:70:69:37:C1:31:4B:9D:E5:B0:64:7D
X509v3 Authority Key Identifier:
keyid:78:AF:93:56:7A:2A:DC:29:89:0A:D9:DD:54:ED:B0:39:15:F1:21:01
Certificate is to be certified until Jul 23 12:54:57 2023 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@z1 ssl]# ls
httpd.crt httpd.csr httpd.key
修改配置文件
[root@z1 conf.d]# cd /etc/httpd/conf.d/
[root@z1 conf.d]# vim ssl.conf
<VirtualHost _default_:443>
DocumentRoot "/var/www/html/tk"
ServerName www.tk.com:443
SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
[root@z1 conf.d]# httpd -t
Syntax OK
[root@z1 conf.d]# systemctl restart httpd
标签:httpd,www,apr,root,com,z1 来源: https://www.cnblogs.com/z696/p/16513084.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。