一、常用httpd-2.4新特性
1) MPM支持在运行时装载;
编译时加上此,支持mpm:--enable-mpms-shared=all --with-mpm=event
2) 支持event
3) 异步读写
4) 在每模块及每目录上指定日志级别
5) 每请求配置
6) 增强版的表达式分析器
7) 毫秒级的keepalive timeout
8) 基于FQDN的虚拟主机不再需要NameVirtualHost指令
9) 支持使用自定义变量
10)新增了一些模块:mod_proxy_fcgi, mod_ratelimit, mod_request, mod_remoteip
11)对于基于IP的访问控制做了修改,不再支持使用order, allow, deny这些机制;而是统一使用require进行
二、安装httpd-2-4
注意:在centos6.x上默认的apr版本为apr-1.3.9,而httpd-2.4需apr1.4以上。
实验准备:
①平台:centos6.8
②软件:apr1.5.0.tar.gz apr-utils-1.5.2.tar.gz httpd-2.4.10.tar.gz
③安装开发环境:Development Tools,Server Platform Development
步骤如下:
1)安装开发包组及其pcre-devel、openssl-devel包
yum -y groupinstall "Development Tools" "Server Platform Development"
yum -y install pcre-devel openssl-devel
2)编译安装apr-1.5.0.tar.gz及其apr-utils-1.5.2.tar.gz
tar xf apr-1.50.tar.gz
cd apr-1.5.0
./configure --prefix=/usr/local/apr
make && make install
编译安装apr-utils同理:./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr make && make install
3)编译httpd-2.4.10
tar xf httpd-2.4.10.tar.gz
cd httpd-2.4.10
./configure --prefix=/usr/local/httpd24 --sysconfigdir=/etc/httpd24 --enable-so --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork
make && make install
如编译出错或想重新编译需执行,删除安装目录:make clean all
4)导出头文件
ln -sv /usr/local/httpd24/include /usr/include/httpd
5)导出库文件
echo "/usr/local/httpd24/lib" >/etc/ld.so.conf.d/httpd.conf
6)导入man手册
vi /etc/man.config 加入MANPATH /usr/local/httpd/man
7)导入环境变量
echo "PATH=/usr/local/httpd/bin/:$PATH" >/etc/init.d/httpd.sh
8)配置启动脚本
vi /etc/init.d/httpd24.sh
代码演示:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
# config: /etc/sysconfig/httpd
# pidfile: /var/run/httpd/httpd.pid
#
### BEGIN INIT INFO
# Provides: httpd
# Required-Start: $local_fs $remote_fs $network $named
# Required-Stop: $local_fs $remote_fs $network
# Should-Start: distcache
# Short-Description: start and stop Apache HTTP Server
# Description: The Apache HTTP Server is an extensible server
# implementing the current HTTP standards.
### END INIT INFO
# Source function library.
.
/etc/rc
.d
/init
.d
/functions
#if [ -f /etc/sysconfig/httpd ]; then
# . /etc/sysconfig/httpd
#fi
# Start httpd in the C locale by default.
HTTPD_LANG=${HTTPD_LANG-
"C"
}
# This will prevent initlog from swallowing up a pass-phrase prompt if
# mod_ssl needs a pass-phrase from the user.
INITLOG_ARGS=
""
# Set HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server
# with the thread-based "worker" MPM; BE WARNED that some modules may not
# work correctly with a thread-based MPM; notably PHP will refuse to start.
# Path to the apachectl script, server binary, and short-form for messages.
apachectl=
/usr/local/httpd24/bin/apachectl
httpd=${HTTPD-
/usr/local/httpd24/bin/httpd
}
prog=httpd
pidfile=${PIDFILE-
/usr/local/httpd24/logs/httpd
.pid}
lockfile=${LOCKFILE-
/var/lock/subsys/httppd24
}
RETVAL=0
STOP_TIMEOUT=${STOP_TIMEOUT-10}
# The semantics of these two functions differ from the way apachectl does
# things -- attempting to start while running is a failure, and shutdown
# when not running is also a failure. So we just do it the way init scripts
# are expected to behave here.
start() {
echo
-n $
"Starting $prog: "
LANG=$HTTPD_LANG daemon --pidfile=${pidfile} $httpd $OPTIONS
RETVAL=$?
echo
[ $RETVAL = 0 ] &&
touch
${lockfile}
return
$RETVAL
}
# When stopping httpd, a delay (of default 10 second) is required
# before SIGKILLing the httpd parent; this gives enough time for the
# httpd parent to SIGKILL any errant children.
stop() {
status -p ${pidfile} $httpd >
/dev/null
if
[[ $? = 0 ]];
then
echo
-n $
"Stopping $prog: "
killproc -p ${pidfile} -d ${STOP_TIMEOUT} $httpd
else
echo
-n $
"Stopping $prog: "
success
fi
RETVAL=$?
echo
[ $RETVAL = 0 ] &&
rm
-f ${lockfile} ${pidfile}
}
reload() {
echo
-n $
"Reloading $prog: "
if
! LANG=$HTTPD_LANG $httpd $OPTIONS -t >&
/dev/null
;
then
RETVAL=6
echo
$
"not reloading due to configuration syntax error"
failure $
"not reloading $httpd due to configuration syntax error"
else
# Force LSB behaviour from killproc
LSB=1 killproc -p ${pidfile} $httpd -HUP
RETVAL=$?
if
[ $RETVAL -
eq
7 ];
then
failure $
"httpd shutdown"
fi
fi
# See how we were called.
case
"$1"
in
start)
start
;;
stop)
stop
;;
status)
status -p ${pidfile} $httpd
RETVAL=$?
;;
restart)
stop
start
;;
condrestart|try-restart)
if
status -p ${pidfile} $httpd >&
/dev/null
;
then
stop
start
fi
;;
force-reload|reload)
reload
;;
graceful|help|configtest|fullstatus)
$apachectl $@
RETVAL=$?
;;
*)
echo
$
"Usage: $prog {start|stop|restart|condrestart|try-restart|force-reload|reload|status|fullstatus|graceful|help|configtest}"
RETVAL=2
esac
exit
$RETVAL
|
9)加入开机自启动,测试页面
chkconfig --add httpd24
chkconfig httpd 24 on
10)测试
echo "10.1.1.1 www.blog.com" >> /etc/hosts
curl -I www.blog.com
三、配置虚拟主机及其给文本站点提供ssl加密
1、开启httpd-vhosts,及其注释站点中心目录
Include /etc/httpd24/extra/httpd-vhosts.conf
2、配置/etc/httpd24/extra/httpd-vhots.conf
<VirtualHost *:80>
ServerAdmin chen@qq.com
DocumentRoot "/website/"
ServerName www.chen.com
ServerAlias chen.com
ErrorLog "logs/www.chen.com-error_log"
CustomLog "logs/www.chen.com-access_log" common
</VirtualHost>
3、ssl加密如下步骤:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
生成密钥对儿:
# (umask 077; openssl genrsa -out private/cakey.pem 2048)
如果想查看公钥:
# openssl rsa -in private/cakey.pem -pubout -text -noout
生成自签证书:
# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3655
创建需要的文件:
# touch index.txt serial crlnumber
用openssl实现证书申请:
在主机上生成密钥,保存至应用此证书的服务的配置文件目录下, 例如:
# mkdir /etc/httpd/ssl
# cd /etc/httpd/ssl
# (umask 077; openssl genrsa -out httpd.key 1024)
生成证书签署请求:
# openssl req -new -key httpd.key -out httpd.csr
将请求文件发往CA;
CA签署证书:
签署:
# openssl ca -in /path/to/somefile.csr -out /path/to/somefile.crt -days DAYS
|
