下载apr apr-util httpd 源码包
1 [root@localhost ~]# dnf -y install wget下载wget 2 [root@localhost ~]# wget https://downloads.apache.org/apr/apr-1.7.0.tar.gz 3 [root@localhost ~]# wget https://downloads.apache.org/apr/apr-util-1.6.1.tar.gz 4 [root@localhost ~]# wget https://downloads.apache.org/httpd/httpd-2.4.53.tar.gz 5 [root@localhost ~]# yum groups mark install "Development Tools" 6 看需要那些工具包
安装开发环境
1 [root@localhost ~]# useradd -r -M -s /sbin/nologin apache 2 [root@localhost ~]# id apache 创建一个apache系统用户不加目录不允许登录 3 uid=995(apache) gid=992(apache) 组=992(apache) 4 [root@localhost ~]# yum -y install openssl-devel pcre-devel expat-devel libtool 安装依赖包
解压apr apr-util httpd
1 [root@localhost ~]# ls 2 anaconda-ks.cfg apr-1.7.0.tar.gz apr-util-1.6.1.tar.gz httpd-2.4.53.tar.gz 3 [root@localhost ~]# tar xf apr-1.7.0.tar.gz 4 [root@localhost ~]# tar xf apr-util-1.6.1.tar.gz 5 [root@localhost ~]# tar xf httpd-2.4.53.tar.gz 6 [root@localhost ~]# ls 7 anaconda-ks.cfg apr-1.7.0 apr-1.7.0.tar.gz apr-util-1.6.1 apr-util-1.6.1.tar.gz httpd-2.4.53 httpd-2.4.53.tar.gz
安装编译apr
1 [root@localhost ~]# cd apr-1.7.0 2 [root@localhost apr-1.7.0]# ./configure --prefix=/usr/local/apr 3 configure: error: in `/root/apr-1.7.0': 报错 4 configure: error: no acceptable C compiler found in $PATH 5 处理 6 [root@localhost apr-1.7.0]# dnf -y install gcc gcc-c++ --allowerasing --nobest 7 [root@localhost apr-1.7.0]# ./configure --prefix=/usr/local/apr 8 rm: cannot remove 'libtoolT': No such file or directory 继续报错 9 [root@localhost apr-1.7.0]# dnf -y install vim 下载vim 10 [root@localhost apr-1.7.0]# vim configure 11 # $RM "$cfgfile" 注释掉或者删除 12 [root@localhost apr-1.7.0]# dnf -y install make 安装make 13 [root@localhost apr-1.7.0]# make -j 4 编译安装 14 [root@localhost apr-1.7.0]# make install
安装编译apr-util
1 [root@localhost apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr 编译子包的时候要告诉主包的位子 2 [root@localhost apr-util-1.6.1]# make -j 4 编译 3 [root@localhost apr-util-1.6.1]# make install 安装
安装编译apache
1 [root@localhost httpd-2.4.53]# ./configure --prefix=/usr/local/apache / 2 > --enable-so / 3 > --enable-ssl / 4 > --enable-cgi / 5 > --enable-rewrite / 6 > --with-zlib / 7 > --with-pcre / 8 > --with-apr=/usr/local/apr / 9 > --with-apr-util=/usr/local/apr-util/ / 10 > --enable-modules=most / 11 > --enable-mpms-shared=all / 12 > --with-mpm=prefork 13 [root@localhost httpd-2.4.53]# make -j 4 14 [root@localhost httpd-2.4.53]# make install
设置环境变量,头文件,man文件
1 [root@localhost ~]# echo 'export PATH=/usr/local/apache/bin:$PATH' >/etc/profile.d/apache.sh 2 [root@localhost ~]# source /etc/profile.d/apache.sh 读以下 3 [root@localhost ~]# which httpd 生成httpd命令 4 /usr/local/apache/bin/httpd 5 [root@localhost ~]# which apachectl 生成apachectl命令 6 /usr/local/apache/bin/apachectl 7 [root@localhost ~]# ln -s /usr/local/apache/include/ /usr/include/apache 设置头文件 8 [root@localhost ~]# vim /etc/man_db.conf 设置man文档 9 MANDATORY_MANPATH /usr/local/apache/man
关闭防火墙
1 [root@localhost ~]# systemctl disable --now firewalld 2 Removed /etc/systemd/system/multi-user.target.wants/firewalld.service. 3 Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. 开机不自启,立马关闭 4 [root@localhost ~]# setenforce 0 关闭立即生效 5 [root@localhost ~]# getenforce 6 Permissive 7 [root@localhost ~]# vim /etc/selinux/config 8 SELINUX=disabled 修改之后下次重启就可以永久生效
启动服务
1 [root@localhost ~]# apachectl start 2 AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message 此处警告无视,等下处理 3 [root@localhost ~]# ss -antl 4 State Recv-Q Send-Q Local Address:Port Peer Address:Port Process 5 LISTEN 0 128 0.0.0.0:22 0.0.0.0:* 6 LISTEN 0 128 *:80 *:* 7 LISTEN 0 128 [::]:22 [::]:* 有80端口号
处理警告
1 [root@localhost conf]# vim httpd.conf 2 ServerName 注释取消掉 3 [root@localhost conf]# apachectl start 没有警告了 4 [root@localhost conf]# ss -antl 5 State Recv-Q Send-Q Local Address:Port Peer Address:Port Process 6 LISTEN 0 128 0.0.0.0:22 0.0.0.0:* 7 LISTEN 0 128 *:80 *:* 8 LISTEN 0 128 [::]:22 [::]:*
设置systemctl控制httpd
1 写一个服务文件 2 [root@localhost system]# ls sshd.service 3 sshd.service 复制一个叫httpd.生成service文件 4 [root@localhost system]# cp sshd.service httpd.service 5 [root@localhost system]# vim httpd.service 6 [Unit] 7 Description=httpd server daemon 8 After=network.target sshd-keygen.target 9 10 [Service] 修改成这样 11 Type=forking 12 EnvironmentFile=-/etc/sysconfig/sshd 13 ExecStart=/usr/local/apache/bin/apachectl start 14 ExecStop=/usr/local/apache/bin/apachectl stop 15 ExecReload=/bin/kill -HUP $MAINPID 16 17 [Install] 18 WantedBy=multi-user.target 19 [root@localhost system]# systemctl daemon-reload重新加载一下 20 [root@localhost system]# cd 21 [root@localhost ~]# systemctl status httpd 22 ● httpd.service - httpd server daemon 23 Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled) 24 Active: inactive (dead) 25 [root@localhost ~]# systemctl start httpd 26 [root@localhost ~]# ss -antl 27 State Recv-Q Send-Q Local Address:Port Peer Address:Port Process 28 LISTEN 0 128 0.0.0.0:22 0.0.0.0:* 29 LISTEN 0 128 *:80 *:* 30 LISTEN 0 128 [::]:22 [::]:* 31 [root@localhost ~]# systemctl enable httpd 32 Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service. 设置开机自启 33 [root@localhost ~]# systemctl status httpd 34 ● httpd.service - httpd server daemon 35 Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) 36 Active: active (running) since Sun 2022-04-17 15:15:06 CST; 2min 48s ago 37 Main PID: 67806 (httpd) 38 Tasks: 6 (limit: 11175) 39 Memory: 4.2M 40 CGroup: /system.slice/httpd.service 41 ├─67806 /usr/local/apache/bin/httpd -k start 42 ├─67807 /usr/local/apache/bin/httpd -k start 43 ├─67808 /usr/local/apache/bin/httpd -k start 44 ├─67809 /usr/local/apache/bin/httpd -k start 45 ├─67810 /usr/local/apache/bin/httpd -k start 46 └─67811 /usr/local/apache/bin/httpd -k start 47 48 4月 17 15:15:06 localhost.localdomain systemd[1]: Starting httpd server daemon... 49 4月 17 15:15:06 localhost.localdomain systemd[1]: Started httpd server daemon.
配置虚拟主机 ip访问
1 [root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf 虚拟主机文件 2 <VirtualHost *:80> 3 ServerAdmin webmaster@dummy-host.example.com 4 DocumentRoot "/usr/local/apache/docs/dummy-host.example.com" 5 ServerName dummy-host.example.com 6 ServerAlias www.dummy-host.example.com 7 ErrorLog "logs/dummy-host.example.com-error_log" 8 CustomLog "logs/dummy-host.example.com-access_log" common 9 </VirtualHost> 10 保留一个,后面的删除 11 <VirtualHost *:80> 12 DocumentRoot "/usr/local/apache/htdocs/test.example.com" 13 ServerName test.example.com 14 ErrorLog "logs/test.example.com-error_log"放错误日志 15 CustomLog "logs/test.example.com-access_log" common正确日志 16 修改成这样 17 [root@localhost ~]# vim /usr/local/apache/conf/httpd.conf 主配置文件 18 #Include conf/extra/httpd-vhosts.conf 取消注释让虚拟主机配置生效 19 [root@localhost ~]# systemctl restart httpd重启服务 20 [root@localhost ~]# systemctl status httpd 21 ● httpd.service - httpd server daemon 22 Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) 23 Active: active (running) since Sun 2022-04-17 15:48:13 CST; 1min 19s ago 24 Process: 67870 ExecStop=/usr/local/apache/bin/apachectl stop (code=exited, status=0/SUCCESS) 25 Process: 67874 ExecStart=/usr/local/apache/bin/apachectl start (code=exited, status=0/SUCCESS) 26 Main PID: 67879 (httpd) 27 Tasks: 6 (limit: 11175) 28 Memory: 4.3M 29 CGroup: /system.slice/httpd.service 30 ├─67879 /usr/local/apache/bin/httpd -k start 31 ├─67880 /usr/local/apache/bin/httpd -k start 32 ├─67881 /usr/local/apache/bin/httpd -k start 33 ├─67882 /usr/local/apache/bin/httpd -k start 34 ├─67883 /usr/local/apache/bin/httpd -k start 35 └─67884 /usr/local/apache/bin/httpd -k start 36 37 4月 17 15:48:13 localhost.localdomain systemd[1]: Starting httpd server daemon... 38 4月 17 15:48:13 localhost.localdomain systemd[1]: Started httpd server daemon. 39 [root@localhost test.example.com]# echo "test page" > abc.html 40 [root@localhost test.example.com]# ls 41 abc.html 42 [root@localhost test.example.com]# mv abc.html index.html 43 [root@localhost test.example.com]# ls 44 index.html 网站首页的名字一定要叫index.html才可以直接访问
刷新就可以看到内容
相同ip不同端口号访问
1 [root@localhost htdocs]# cd blog.example.com/ 另外一个网站 2 [root@localhost blog.example.com]# echo "bolg page" > index.html 3 [root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf 写blog的配置文件 4 <VirtualHost *:80> 5 DocumentRoot "/usr/local/apache/htdocs/test.example.com" 6 ServerName test.example.com 7 ErrorLog "logs/test.example.com-error_log" 8 CustomLog "logs/test.example.com-access_log" common 9 </VirtualHost> 10 Listen 81加一给监听 11 <VirtualHost *:81> 配置一个新的81端口号 12 DocumentRoot "/usr/local/apache/htdocs/blog.example.com" 13 ServerName blog.example.com 14 ErrorLog "logs/blog.example.com-error_log" 15 CustomLog "logs/blog.example.com-access_log" common 16 </VirtualHost> 17 [root@localhost ~]# systemctl restart httpd重启服务 18 [root@localhost ~]# ss -antl 19 State Recv-Q Send-Q Local Address:Port Peer Address:Port Process 20 LISTEN 0 128 0.0.0.0:22 0.0.0.0:* 21 LISTEN 0 128 *:80 *:* 22 LISTEN 0 128 *:81 *:* 23 LISTEN 0 128 [::]:22 [::]:* 80 81端口号都有了
默认是80端口号,:加上81就是81端口号
不同ip相同端口号
1 [root@localhost ~]# ip addr add 192.168.149.84/24 dev ens33 2 [root@localhost ~]# ip a s ens33 3 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 4 link/ether 00:0c:29:bc:11:bf brd ff:ff:ff:ff:ff:ff 5 inet 192.168.149.85/24 brd 192.168.149.255 scope global noprefixroute ens33 6 valid_lft forever preferred_lft forever 7 inet 192.168.149.84/24 scope global secondary ens33 8 valid_lft forever preferred_lft forever 9 inet6 fe80::20c:29ff:febc:11bf/64 scope link 10 valid_lft forever preferred_lft forever 添加一个84的新ip 11 12 [root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf 13 <VirtualHost 192.168.149.85:80> 14 DocumentRoot "/usr/local/apache/htdocs/test.example.com" 15 ServerName test.example.com 16 ErrorLog "logs/test.example.com-error_log" 17 CustomLog "logs/test.example.com-access_log" common 18 </VirtualHost> 19 <VirtualHost 192.168.149.84:80> 20 DocumentRoot "/usr/local/apache/htdocs/blog.example.com" 21 ServerName blog.example.com 22 ErrorLog "logs/blog.example.com-error_log" 23 CustomLog "logs/blog.example.com-access_log" common 24 </VirtualHost> 把*号去掉输入要访问的ip 25 [root@localhost ~]# systemctl stop httpd 先停掉 26 [root@localhost ~]# ss -antl 27 State Recv-Q Send-Q Local Address:Port Peer Address:Port Process 28 LISTEN 0 128 0.0.0.0:22 0.0.0.0:* 29 LISTEN 0 128 [::]:22 [::]:* 30 [root@localhost ~]# systemctl start httpd在启动 31 [root@localhost ~]# ss -antl 32 State Recv-Q Send-Q Local Address:Port Peer Address:Port Process 33 LISTEN 0 128 0.0.0.0:22 0.0.0.0:* 34 LISTEN 0 128 *:80 *:* 35 LISTEN 0 128 [::]:22 [::]:* 36
相同ip相同端口号不同域名
[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf <VirtualHost *:80> ip去掉,端口号一样,域名本来就不一样 DocumentRoot "/usr/local/apache/htdocs/test.example.com" ServerName test.example.com ErrorLog "logs/test.example.com-error_log" CustomLog "logs/test.example.com-access_log" common </VirtualHost> <VirtualHost *:80> DocumentRoot "/usr/local/apache/htdocs/blog.example.com" ServerName blog.example.com ErrorLog "logs/blog.example.com-error_log" CustomLog "logs/blog.example.com-access_log" common </VirtualHost> [root@localhost ~]# systemctl stop httpd 停掉 [root@localhost ~]# systemctl start httpd 启动 [root@localhost ~]# ss -antl State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 *:80 *:* LISTEN 0 128 [::]:22 [::]:*
在电脑的C:/windows/systenm32/drivers/etc/hosts里打开记事本更改
访问控制
1 [root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf 2 3 4 <VirtualHost *:80> 5 DocumentRoot "/usr/local/apache/htdocs/test.example.com" 6 ServerName test.example.com 7 ErrorLog "logs/test.example.com-error_log" 8 CustomLog "logs/test.example.com-access_log" common 9 <Directory "/usr/local/apache/htdocs/test.example.com"> 10 <RequireAll> 11 Require not ip 192.168.149.1 12 Require all granted 13 </RequireAll> 14 </Directory> 15 </VirtualHost> 16 <VirtualHost *:80> 17 DocumentRoot "/usr/local/apache/htdocs/blog.example.com" 18 ServerName blog.example.com 19 ErrorLog "logs/blog.example.com-error_log" 20 CustomLog "logs/blog.example.com-access_log" common 21 </VirtualHost> 22 [root@localhost ~]# systemctl start httpd 23 [root@localhost ~]# ss -antl 24 State Recv-Q Send-Q Local Address:Port Peer Address:Port Process 25 LISTEN 0 128 0.0.0.0:22 0.0.0.0:* 26 LISTEN 0 128 *:80 *:* 27 LISTEN 0 128 [::]:22 [::]:*
ssl:
启用模块,如果已经有了但是注释了,则取消注释即可
1 [root@localhost conf]# vim httpd.conf 2 LoadModule ssl_module modules/mod_ssl.so
生成证书
1 a)CA生成一对密钥 2 [root@localhost conf]# cd /etc/pki 3 [root@localhost pki]# mkdir CA 创建CA目录 4 [root@localhost pki]# cd CA 5 [root@localhost CA]# mkdir private 创建private目录 6 [root@localhost CA]# ls 7 private 8 [root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048) 生成密钥 9 [root@localhost CA]# ls private/ 10 cakey.pem 11 [root@localhost CA]# openssl rsa -in private/cakey.pem -pubout提取公钥 12 b) CA生成自签署证书 13 [root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 14 [root@localhost CA]# ls 15 cacert.pem private 生成证书 16 [root@localhost CA]# mkdir certs newcerts crl 17 [root@localhost CA]# ls 创建目录 18 cacert.pem certs crl newcerts private 生成两个文件 19 [root@localhost CA]# touch index.txt && echo 01 > serial 20 c) 客户端(例如httpd服务器)生成密钥 21 [root@localhost CA]# mkdir certs newcerts crl 22 [root@localhost conf]# mkdir ssl 23 [root@localhost conf]# ls 24 extra httpd.conf magic mime.types original ssl 25 [root@localhost conf]# cd ssl/ 26 [root@localhost ssl]# (umask 077;openssl genrsa -out httpd.key 2048)生成httpd.key的文件 27 [root@localhost ssl]# ls 28 httpd.key 29 d) 客户端生成证书签署请求 30 [root@localhost ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr 和刚才生成证书所填都一致 31 [root@localhost ssl]# ls 32 httpd.csr httpd.key 33 f) CA签署客户端提交上来的证书 34 [root@localhost ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365 35 [root@localhost ssl]# ls 36 httpd.crt httpd.key 完成 一给公钥一个私钥
配置httpd
1 [root@localhost conf]# vim httpd.conf 2 Include conf/extra/httpd-ssl.conf 注释取消掉 3 [root@localhost conf]# ls extra/ 4 [root@localhost conf]# vim extra/httpd-ssl.conf修改配置文件 5 DocumentRoot "/usr/local/apache/htdocs/test.example.com" 6 ServerName test.example.com:443 7 SSLCertificateFile "/usr/local/apache/conf/ssl/httpd.crt" 8 SSLCertificateKeyFile "/usr/local/apache/conf/ssl/httpd.key"
[root@localhost ~]# httpd -t 检查语法
AH00526: Syntax error on line 92 of /usr/local/apache/conf/extra/httpd-ssl.conf:
SSLSessionCache: ‘shmcb’ session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).
[root@localhost ~]# vim /usr/local/apache/conf/httpd.conf
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so 注释取消掉
[root@localhost ~]# httpd -t
Syntax OK
启动服务
1 [root@localhost ~]# systemctl restart httpd 2 [root@localhost ~]# ss -antl 3 State Recv-Q Send-Q Local Address:Port Peer Address:Port Process 4 LISTEN 0 128 0.0.0.0:22 0.0.0.0:* 5 LISTEN 0 128 *:80 *:* 6 LISTEN 0 128 [::]:22 [::]:* 7 LISTEN 0 128 *:443 *:* 443有了 8 [root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf 把拒绝的删除点 9 [root@localhost ~]# http://test.example.com/
原创文章,作者:6024010,如若转载,请注明出处:https://blog.ytso.com/245494.html