httpd服务
文章目录
- httpd服务
- 1. httpd服务介绍
- 2. 常用的web程序
- 3. httpd路径
- 4. rpm安装httpd
-
- 5. 源码安装httpd
-
- 6. 生成证书
1. httpd服务介绍
httpd是Apache超文本传输协议服务器的主程序。被设计为一个独立运行的后台进程,它会建立一个处理请求的子进程或线程的池。通常,httpd不应该被直接调用,而应该在Lunix系统中由 apachectl 调用 ——百度百科
2. 常用的web程序
工具 | 功能 |
---|
htpasswd | 用于生成认证时的账号和密码 |
apachectl | 源码安装后的控制工具 |
apxs | 扩展包,需要安装httpd-devel包 |
rotatelogs | 日志滚动 |
suexec | 临时切换用户 |
ab | 压测工具,测试网站处理用户的请求量 |
3. httpd路径
文件/目录 | 对应的功能 |
---|
/var/log/httpd/access.log | 访问日志 |
/var/log/httpd/error_log | 错误日志 |
/var/www/html/ | 站点文档目录 |
/usr/lib64/httpd/modules/ | 模块文件路径 |
/etc/httpd/conf/httpd.conf | 主配置文件 |
/etc/httpd/conf.modules.d/*.conf | 模块配置文件 |
/etc/httpd/conf.d/*.conf | 辅助配置文件 |
4. rpm安装httpd
httpd服务可以源码安装或者rpm安装
[root@node1 ~]
[root@node1 ~]
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:httpd.service(8)
[root@node1 ~]
[root@node1 ~]
Disabled
[root@node1 ~]
[root@node1 ~]
[root@node1 ~]
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2022-04-14 17:23:59 CST; 4s ago
Docs: man:httpd.service(8)
Main PID: 14674 (httpd)
Status: "Started, listening on: port 80"
Tasks: 213 (limit: 11216)
Memory: 25.1M
CGroup: /system.slice/httpd.service
├─14674 /usr/sbin/httpd -DFOREGROUND
├─14675 /usr/sbin/httpd -DFOREGROUND
├─14676 /usr/sbin/httpd -DFOREGROUND
├─14677 /usr/sbin/httpd -DFOREGROUND
└─14678 /usr/sbin/httpd -DFOREGROUND
用浏览器输入IP地址打开httpd的测试页面
4.1 上传网站
[root@node1 ~]
access_log error_log
[root@node1 ~]
anaconda-ks.cfg html5大气医院网站源码.zip
[root@node1 ~]
Installed:
unzip-6.0-45.el8.x86_64
[root@node1 ~]
[root@node1 ~]
[root@node1 ~]
chuzhen.html index.html js keshiys.html news.html rongyu.html zhuanjia.html
css jianjie.html keshi.html kexue.html newslist.html uploadfiles
images jiuzhen.html keshimx.html kexuelist.html pic ys.html
网站源码版本过低,出现了一些乱码,不过网站源码已经上传成功
[root@node1 ~]
[root@node1 html]
[root@node1 html]
chuzhen.html index.html js keshiys.html news.html rongyu.html zhuanjia.html
css jianjie.html keshi.html kexue.html newslist.html uploadfiles
images jiuzhen.html keshimx.html kexuelist.html pic ys.html
[root@node1 html]
[root@node1 html]
[root@node1 html]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2381 100 2381 0 0 9264 0 --:--:-- --:--:-- --:--:-- 9264
[root@node1 html]
index.html
5. 源码安装httpd
httpd依赖于apr,apr-util
在apache官网下载所需的包(https://apache.org/ )
https://downloads.apache.org/apr/apr-1.7.0.tar.gz
https://downloads.apache.org/apr/apr-util-1.6.1.tar.gz
https://downloads.apache.org/httpd/httpd-2.4.53.tar.gz
[root@node1 ~]
anaconda-ks.cfg apr-1.7.0.tar.gz apr-util-1.6.1.tar.gz httpd-2.4.53.tar.gz
[root@node1 ~]
[root@node1 ~]
[root@node1 ~]
[root@node1 ~]
uid=994(apache) gid=991(apache) groups=991(apache)
[root@node1 ~]
apache:x:991:
[root@node1 ~]
[root@node1 ~]
[root@node1 ~]
[root@node1 ~]
anaconda-ks.cfg apr-1.7.0.tar.gz apr-util-1.6.1.tar.gz httpd-2.4.53.tar.gz
apr-1.7.0 apr-util-1.6.1 httpd-2.4.53
[root@node1 ~]
[root@node1 apr-1.7.0]
cfgfile=${ofile}T
trap "$RM \"$cfgfile\"; exit 1" 1 2 15
[root@node1 apr-1.7.0]
[root@node1 apr-1.7.0]
[root@node1 apr-1.7.0]
[root@node1 apr-util-1.6.1]
[root@node1 apr-util-1.6.1]
[root@node1 apr-util-1.6.1]
[root@node1 httpd-2.4.53]
--enable-so \ //开启so共享对象功能
--enable-ssl \ //开启ssl
--enable-cgi \
--enable-rewrite \
--with-zlib \
--with-pcre \
--with-apr=/usr/local/apr \ //apr的位置
--with-apr-util=/usr/local/apr-util/ \
--enable-modules=most \ //开启多模块模式
--enable-mpms-shared=all \ //mpms共享对象是所有人
--with-mpm=prefork //工作模型是prefork
[root@node1 httpd-2.4.53]
[root@node1 httpd-2.4.53]
apache apr apr-util bin etc games include lib lib64 libexec sbin share src
[root@node1 ~]
[root@node1 apache]
bin build cgi-bin conf error htdocs icons include logs man manual modules
[root@node1 apache]
[root@node1 apache]
[root@node1 apache]
/usr/local/apache/bin/httpd
[root@node1 apache]
[root@node1 apache]
MANDATORY_MANPATH /usr/man
MANDATORY_MANPATH /usr/share/man
MANDATORY_MANPATH /usr/local/share/man
MANDATORY_MANPATH /usr/local/apache/man //加入此行
[root@node1 apache]
AH00558: httpd: Could not reliably determine the server fully
qualified domain name, using fe80::20c:29ff:fe39:9951%ens160.
Set the 'ServerName' directive globally to suppress this message //警告信息,可以无视
[root@node1 apache]
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:80 *:*
在浏览器输入IP地址后可以访问这个页面就说明httpd服务正常
5.1 服务控制
[root@node1 ~]
[root@node1 system]
sshd.service
[root@node1 system]
[root@node1 system]
[root@node1 system]
[Unit]
Description=httpd server daemon
After=network.target sshd-keygen.target
[Service]
Type=forking
ExecStart=/usr/local/apache/bin/apachectl start
ExecStop=/usr/local/apache/bin/apachectl stop
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
[root@node1 apache]
[root@node1 system]
[root@node1 system]
[root@node1 system]
● httpd.service - httpd server daemon
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: active (running) since Sun 2022-04-17 12:24:55 CST; 13s ago
Process: 77572 ExecStart=/usr/local/apache/bin/apachectl start (code=exited, status=0/SUCCESS)
Main PID: 77575 (httpd)
Tasks: 6 (limit: 11216)
Memory: 4.3M
CGroup: /system.slice/httpd.service
├─77575 /usr/local/apache/bin/httpd -k start
├─77576 /usr/local/apache/bin/httpd -k start
├─77577 /usr/local/apache/bin/httpd -k start
├─77578 /usr/local/apache/bin/httpd -k start
├─77579 /usr/local/apache/bin/httpd -k start
└─77580 /usr/local/apache/bin/httpd -k start
Apr 17 12:24:55 node1 systemd[1]: Starting httpd server daemon...
Apr 17 12:24:55 node1 systemd[1]: Started httpd server daemon.
5.2 虚拟主机
在同一台主机中运行多个网站服务需要配置虚拟主机
虚拟主机有三类:
- 相同IP不同端口
- 不同IP相同端口
- 相同IP相同端口不同域名
相同IP不同端口:
[root@node1 ~]
[root@node1 ~]
index.html test.example.com
[root@node1 ~]
[root@node1 test.example.com]
[root@node1 test.example.com]
index.html
[root@node1 test.example.com]
[root@node1 htdocs]
[root@node1 htdocs]
[root@node1 blog.example.com]
[root@node1 blog.example.com]
[root@node1 ~]
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/test.example.com" //服务地址
ServerName test.example.com //服务名称
ErrorLog "logs/test.example.com-error_log" //错误日志位置
CustomLog "logs/test.example.com-access_log" common //正常日志位置
</VirtualHost>
Listen 81 //监听81端口号
<VirtualHost *:81>
DocumentRoot "/usr/local/apache/htdocs/blog.example.com"
ServerName blog.example.com
ErrorLog "logs/blog.example.com-error_log"
CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>
[root@node1 ~]
Include conf/extra/httpd-vhosts.conf //取消此行注释
[root@node1 ~]
[root@node1 ~]
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:81 *:*
不同IP相同端口:
[root@node1 ~]
[root@node1 ~]
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:39:99:51 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.102/24 brd 192.168.10.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 192.168.10.104/24 scope global secondary ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe39:9951/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@node1 ~]
<VirtualHost 192.168.10.102:80>
DocumentRoot "/usr/local/apache/htdocs/test.example.com"
ServerName test.example.com
ErrorLog "logs/test.example.com-error_log"
CustomLog "logs/test.example.com-access_log" common
</VirtualHost>
<VirtualHost 192.168.10.104:80>
DocumentRoot "/usr/local/apache/htdocs/blog.example.com"
ServerName blog.example.com
ErrorLog "logs/blog.example.com-error_log"
CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>
[root@node1 ~]
相同IP相同端口不同域名:
[root@node1 ~]
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/test.example.com"
ServerName test.example.com
ErrorLog "logs/test.example.com-error_log"
CustomLog "logs/test.example.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/blog.example.com"
ServerName blog.example.com
ErrorLog "logs/blog.example.com-error_log"
CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>
Linux目录位置 /etc/hosts Windows目录位置 C:\Windows\System32\drivers\etc\hosts
编辑文件加入此行:192.168.10.102 test.example.com blog.example.com
5.3 访问控制
访问控制法则:
法则 | 功能 |
---|
Require all granted | 允许所有主机访问 |
Require all deny | 拒绝所有主机访问 |
Require ip IPADDR | 授权指定来源地址的主机访问 |
Require not ip IPADDR | 拒绝指定来源地址的主机访问 |
Require host HOSTNAME | 授权指定来源主机名的主机访问 |
Require not host HOSTNAME | 拒绝指定来源主机名的主机访问 |
注意:httpd-2.4版本默认是拒绝所有主机访问的,所以安装以后必须做显示授权访问
[root@node1 ~]
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/test.example.com"
ServerName test.example.com
ErrorLog "logs/test.example.com-error_log"
CustomLog "logs/test.example.com-access_log" common
<Directory "/usr/local/apache/htdocs/test.example.com">
<RequireAll>
require not ip 192.168.10.1 //拒绝192.168.10.1访问
require all granted //允许所有人访问
</RequireAll>
</Directory>
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/blog.example.com"
ServerName blog.example.com
ErrorLog "logs/blog.example.com-error_log"
CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>
[root@node1 ~]
192.168.10.1无权访问test,但是可以访问blog
6. 生成证书
配置https步骤:
[root@node1 ~]
LoadModule ssl_module modules/mod_ssl.so //取消此行注释
[root@node1 ~]
[root@node1 ~]
[root@node1 CA]
[root@node1 CA]
[root@node1 CA]
cakey.pem
[root@node1 CA]
[root@node1 CA]
[root@node1 CA]
[root@node1 CA]
[root@node1 CA]
[root@node1 ssl]
[root@node1 ssl]
[root@node1 ssl]
[root@node1 ssl]
httpd.crt httpd.csr httpd.key
[root@node1 ~]
Include conf/extra/httpd-ssl.conf //取消这两行注释
......
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
- 在httpd-vhosts.conf中配置虚拟主机
require not ip 192.168.10.1
[root@node1 ~]
......
DocumentRoot "/usr/local/apache/htdocs/test.example.com"
ServerName test.example.com:443
ServerAdmin you@example.com
ErrorLog "/usr/local/apache/logs/error_log"
TransferLog "/usr/local/apache/logs/access_log"
......
SSLCertificateFile "/usr/local/apache/ssl/httpd.crt"
......
SSLCertificateKeyFile "/usr/local/apache/ssl/httpd.key"
[root@node1 ~]
Syntax OK
[root@node1 ~]
测试结果
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)