一、常用httpd-2.4新特性
1) MPM支持在运行时装载;
编译时加上此,支持mpm:--enable-mpms-shared=all --with-mpm=event
2) 支持event
3) 异步读写
4) 在每模块及每目录上指定日志级别
5) 每请求配置
6) 增强版的表达式分析器
7) 毫秒级的keepalive timeout
8) 基于FQDN的虚拟主机不再需要NameVirtualHost指令
9) 支持使用自定义变量
10)新增了一些模块:mod_proxy_fcgi, mod_ratelimit, mod_request, mod_remoteip
11)对于基于IP的访问控制做了修改,不再支持使用order, allow, deny这些机制;而是统一使用require进行
二、安装httpd-2-4
注意:在centos6.x上默认的apr版本为apr-1.3.9,而httpd-2.4需apr1.4以上。
实验准备:
①平台:centos6.8
②软件:apr1.5.0.tar.gz apr-utils-1.5.2.tar.gz httpd-2.4.10.tar.gz
③安装开发环境:Development Tools,Server Platform Development
步骤如下:
1)安装开发包组及其pcre-devel、openssl-devel包
yum -y groupinstall "Development Tools" "Server Platform Development"
yum -y install pcre-devel openssl-devel
2)编译安装apr-1.5.0.tar.gz及其apr-utils-1.5.2.tar.gz
tar xf apr-1.50.tar.gz
cd apr-1.5.0
./configure --prefix=/usr/local/apr
make && make install
编译安装apr-utils同理:./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr make && make install
3)编译httpd-2.4.10
tar xf httpd-2.4.10.tar.gz
cd httpd-2.4.10
./configure --prefix=/usr/local/httpd24 --sysconfigdir=/etc/httpd24 --enable-so --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork
make && make install
如编译出错或想重新编译需执行,删除安装目录:make clean all
4)导出头文件
ln -sv /usr/local/httpd24/include /usr/include/httpd
5)导出库文件
echo "/usr/local/httpd24/lib" >/etc/ld.so.conf.d/httpd.conf
6)导入man手册
vi /etc/man.config 加入MANPATH /usr/local/httpd/man
7)导入环境变量
echo "PATH=/usr/local/httpd/bin/:$PATH" >/etc/init.d/httpd.sh
8)配置启动脚本
vi /etc/init.d/httpd24.sh
代码演示:
# config: /etc/sysconfig/httpd
# pidfile: /var/run/httpd/httpd.pid
#
### BEGIN INIT INFO
# Provides: httpd
# Required-Start: $local_fs $remote_fs $network $named
# Required-Stop: $local_fs $remote_fs $network
# Should-Start: distcache
# Short-Description: start and stop Apache HTTP Server
# Description: The Apache HTTP Server is an extensible server
# implementing the current HTTP standards.
### END INIT INFO
# Source function library.
. /etc/rc.d/init.d/functions
#if [ -f /etc/sysconfig/httpd ]; then
# . /etc/sysconfig/httpd
#fi
# Start httpd in the C locale by default.
HTTPD_LANG=${HTTPD_LANG-"C"}
# This will prevent initlog from swallowing up a pass-phrase prompt if
# mod_ssl needs a pass-phrase from the user.
INITLOG_ARGS=""
# Set HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server
# with the thread-based "worker" MPM; BE WARNED that some modules may not
# work correctly with a thread-based MPM; notably PHP will refuse to start.
# Path to the apachectl script, server binary, and short-form for messages.
apachectl=/usr/local/httpd24/bin/apachectl
httpd=${HTTPD-/usr/local/httpd24/bin/httpd}
prog=httpd
pidfile=${PIDFILE-/usr/local/httpd24/logs/httpd.pid}
lockfile=${LOCKFILE-/var/lock/subsys/httppd24}
RETVAL=0
STOP_TIMEOUT=${STOP_TIMEOUT-10}
# The semantics of these two functions differ from the way apachectl does
# things -- attempting to start while running is a failure, and shutdown
# when not running is also a failure. So we just do it the way init scripts
# are expected to behave here.
start() {
echo -n $"Starting $prog: "
LANG=$HTTPD_LANG daemon --pidfile=${pidfile} $httpd $OPTIONS
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch ${lockfile}
return $RETVAL
}
# When stopping httpd, a delay (of default 10 second) is required
# before SIGKILLing the httpd parent; this gives enough time for the
# httpd parent to SIGKILL any errant children.
stop() {
status -p ${pidfile} $httpd > /dev/null
if [[ $? = 0 ]]; then
echo -n $"Stopping $prog: "
killproc -p ${pidfile} -d ${STOP_TIMEOUT} $httpd
else
echo -n $"Stopping $prog: "
success
fi
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}
}
reload() {
echo -n $"Reloading $prog: "
if ! LANG=$HTTPD_LANG $httpd $OPTIONS -t >&/dev/null; then
RETVAL=6
echo $"not reloading due to configuration syntax error"
failure $"not reloading $httpd due to configuration syntax error"
else
# Force LSB behaviour from killproc
LSB=1 killproc -p ${pidfile} $httpd -HUP
RETVAL=$?
if [ $RETVAL -eq 7 ]; then
failure $"httpd shutdown"
fi
fi
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status -p ${pidfile} $httpd
RETVAL=$?
;;
restart)
stop
start
;;
condrestart|try-restart)
if status -p ${pidfile} $httpd >&/dev/null; then
stop
start
fi
;;
force-reload|reload)
reload
;;
graceful|help|configtest|fullstatus)
$apachectl [email protected]
RETVAL=$?
;;
*)
echo $"Usage: $prog {start|stop|restart|condrestart|try-restart|force-reload|reload|status|fullstatus|graceful|help|configtest}"
RETVAL=2
esac
exit $RETVAL
9)加入开机自启动,测试页面
chkconfig --add httpd24
chkconfig httpd 24 on
10)测试
echo "10.1.1.1 www.blog.com" >> /etc/hosts
curl -I www.blog.com
三、配置虚拟主机及其给文本站点提供ssl加密
1、开启httpd-vhosts,及其注释站点中心目录
Include /etc/httpd24/extra/httpd-vhosts.conf
2、配置/etc/httpd24/extra/httpd-vhots.conf
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "/website/"
ServerName www.chen.com
ServerAlias chen.com
ErrorLog "logs/www.chen.com-error_log"
CustomLog "logs/www.chen.com-access_log" common
</VirtualHost>
3、ssl加密如下步骤:
生成密钥对儿: # (umask 077; openssl genrsa -out private/cakey.pem 2048) 如果想查看公钥: # openssl rsa -in private/cakey.pem -pubout -text -noout 生成自签证书: # openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3655 创建需要的文件: # touch index.txt serial crlnumber 用openssl实现证书申请: 在主机上生成密钥,保存至应用此证书的服务的配置文件目录下, 例如: # mkdir /etc/httpd/ssl # cd /etc/httpd/ssl # (umask 077; openssl genrsa -out httpd.key 1024) 生成证书签署请求: # openssl req -new -key httpd.key -out httpd.csr 将请求文件发往CA; CA签署证书: 签署: # openssl ca -in /path/to/somefile.csr -out /path/to/somefile.crt -days DAYS