HTTPD
服务名称:httpd
概述:httpd是Apache超文本传输协议(HTTP)服务器的主程序。被设计为一个独立运行的后台进程,它会建立一个处理请求的子进程或线程的池。
通常,httpd不应该被直接调用,而应该在类Unix系统中由apachectl调用,在Windows中作为服务运行。
httpd的特性:
| 工作模型 | 工作方式 |
|---|---|
| prefork | 多进程模型,预先生成进程,一个请求用一个进程响应一个主进程负责生成n个子进程,子进程也称为工作进程每个子进程处理一个用户请求,即使没有用户请求,也会预先生成多个空闲进程,随时等待请求到达,最大不会超过1024个 |
| worker | 基于线程工作,一个请求用一个线程响应(启动多个进程,每个进程生成多个线程) |
| event | 基于事件的驱动,一个进程处理多个请求 |
httpd-2.4新增的模块
| 模块 | 功能 |
|---|---|
| mod_proxy_fcgi | 反向代理时支持apache服务器后端协议的模块 |
| mod_ratelimit | 提供速率限制功能的模块 |
| mod_remoteip | 基于ip的访问控制机制被改变,不再支持使用Order,Deny,Allow来做基于IP的访问控制 |
httpd基础
1.httpd自带的工具程序
| 工具 | 功能 |
|---|---|
| htpasswd | basic认证基于文件实现时,用到的帐号密码生成工具 |
| apachectl | httpd自带的服务控制脚本,支持start,stop,restart |
| apxs | 由httpd-devel包提供的,扩展httpd使用第三方模块的工具 |
| rotatelogs | 日志滚动工具 |
| suexec | 访问某些有特殊权限配置的资源时,临时切换至指定用户运行的工具 |
| ab | apache benchmark,httpd的压力测试工具 |
2.rpm包安装的httpd程序环境
| 文件/目录 | 对应的功能 |
|---|---|
| /var/log/httpd/access.log | 访问日志 |
| /var/log/httpd/error_log | 错误日志 |
| /var/www/html/ | 站点文档目录 |
| /usr/lib64/httpd/modules/ | 模块文件路径 |
| /etc/httpd/conf/httpd.conf | 主配置文件 |
| /etc/httpd/conf.modules.d/*.conf | 模块配置文件 |
| /etc/httpd/conf.d/*.conf | 辅助配置文件 |
3.httpd命令
-l //查看静态编译的模块,列出核心中编译了哪些模块。 \
//它不会列出使用LoadModule指令动态加载的模块
-M //输出一个已经启用的模块列表,包括静态编译在服务 \
//器中的模块和作为DSO动态加载的模块
-v //显示httpd的版本,然后退出
-V //显示httpd和apr/apr-util的版本和编译参数,然后退出
-X //以调试模式运行httpd。仅启动一个工作进程,并且 \
//服务器不与控制台脱离
-t //检查配置文件是否有语法错误
安装配置:
源码编译安装
[[email protected] ~]# yum install bzip2 bzip2-devel -y
[[email protected] ~]# yum groups mark install "Development Tools" -y
[[email protected] ~]# groupadd -r apache
[[email protected] ~]# useradd -r -M -s /sbin/nologin -g apache apache
[[email protected] ~]# yum install openssl-devel pcre-devel expat-devel libtool -y
[[email protected] ~]# yum install gcc gcc-c++ -y
[[email protected] ~]# mkdir /src
[[email protected] ~]# cd /src/
[[email protected] src]# ls
apr-1.6.3.tar.bz2 apr-util-1.6.1.tar.bz2 httpd-2.4.34.tar.bz2
(注意:这些包要按顺序编译安装)
[[email protected] src]# tar xf apr-1.6.3.tar.bz2
[[email protected] src]# ls
apr-1.6.3 apr-1.6.3.tar.bz2 apr-util-1.6.1.tar.bz2 httpd-2.4.34.tar.bz2
[[email protected] src]# cd apr-1.6.3/
[[email protected] apr-1.6.3]# ls |grep configure
configure
configure.in
[[email protected] apr-1.6.3]# vim configure
$RM "$cfgfile"
(找到这行并将其删除或注释)
[[email protected] apr-1.6.3]# ./configure --prefix=/usr/local/apr
[[email protected] apr-1.6.3]# make
[[email protected] apr-1.6.3]# make install
[[email protected] apr-1.6.3]# cd ..
[[email protected] src]# ls
apr-1.6.3 apr-1.6.3.tar.bz2 apr-util-1.6.1.tar.bz2 httpd-2.4.34.tar.bz2
[[email protected] src]# tar xf apr-util-1.6.1.tar.bz2
[[email protected] src]# ls
apr-1.6.3 apr-1.6.3.tar.bz2 apr-util-1.6.1 apr-util-1.6.1.tar.bz2 httpd-2.4.34.tar.bz2
[[email protected] src]# cd apr-util-1.6.1/
[[email protected] apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
[[email protected] apr-util-1.6.1]# make
[[email protected] apr-util-1.6.1]# make install
[[email protected] apr-util-1.6.1]# cd ..
[[email protected] src]# tar xf httpd-2.4.34.tar.bz2
[[email protected] src]# ls
apr-1.6.3 apr-util-1.6.1 httpd-2.4.34
apr-1.6.3.tar.bz2 apr-util-1.6.1.tar.bz2 httpd-2.4.34.tar.bz2
[[email protected] src]# cd httpd-2.4.34/
[[email protected] httpd-2.4.34]# ./configure --prefix=/usr/local/apache \
--sysconfdir=/etc/httpd24 \
--enable-so \
--enable-ssl \
--enable-cgi \
--enable-rewrite \
--with-zlib \
--with-pcre \
--with-apr=/usr/local/apr \
--with-apr-util=/usr/local/apr-util/ \
--enable-modules=most \
--enable-mpms-shared=all \
--with-mpm=prefork
(最后见到这个界面说明成功了)
Server Version: 2.4.34
Install prefix: /usr/local/apache
C compiler: gcc -std=gnu99
CFLAGS: -g -O2 -pthread
CPPFLAGS: -DLINUX -D_REENTRANT -D_GNU_SOURCE
LDFLAGS:
LIBS:
C preprocessor: gcc -E
[[email protected] httpd-2.4.34]# make
[[email protected] httpd-2.4.34]# make install
[[email protected] ~]# ls /usr/local/apache/ |grep bin
bin
cgi-bin
[[email protected] ~]# vim /etc/profile.d/httpd.sh
export PATH=/usr/local/apache/bin:$PATH
[[email protected] ~]# . /etc/profile.d/httpd.sh
[[email protected] ~]# ls /usr/local/apache/bin/
ab apxs dbmmanage envvars-std htcacheclean htdigest httpd logresolve
apachectl checkgid envvars fcgistarter htdbm htpasswd httxt2dbm rotatelogs
[[email protected] ~]# apachectl start
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::43af:dd39:8d70:9d71. Set the 'ServerName' directive globally to suppress this message
[[email protected] ~]# ss -antlp
LISTEN 0 128 :::80 :::* users:(("httpd",pid=33800,fd=4),("httpd",pid=33799,fd=4),("httpd",pid=33798,fd=4),("httpd",pid=33797,fd=4),("httpd",pid=33796,fd=4),("httpd",pid=33794,fd=4))
[[email protected] ~]# apachectl stop
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::43af:dd39:8d70:9d71. Set the 'ServerName' directive globally to suppress this message
[[email protected] ~]# vim /etc/httpd24/httpd.conf
ServerName www.example.com:80
(把这行的注释去掉,启动的时候就不会出现那个警告了)
[[email protected] ~]# apachectl start
[[email protected] ~]# ss -antlp
LISTEN 0 128 :::80 :::* users:(("httpd",pid=33846,fd=4),("httpd",pid=33845,fd=4),("httpd",pid=33844,fd=4),("httpd",pid=33843,fd=4),("httpd",pid=33842,fd=4),("httpd",pid=33841,fd=4))
[[email protected] ~]# systemctl stop firewalld.service
(现在可以访问验证一下)
基础使用
一些配置文件:
[[email protected] ~]# ls /usr/local/apache/htdocs/
index.html
(这是它的站点目录)
[[email protected] ~]# vim /etc/httpd24/httpd.conf
(这是主配置文件)
配置三种虚拟主机:
基于不同端口访问配置:
[[email protected] ~]# vim /etc/httpd24/httpd.conf
#virtual host 1 # 虚拟主机1的配置
<VirtualHost 192.168.230.16:80>
ServerName www.chen.com
DocumentRoot "/usr/local/apache/htdocs/chen"
ErrorLog "logs/chen_error_log"
CustomLog "logs/chen_access_log" combined
<Directory /usr/local/apache/htdocs/chen>
<RequireAll>
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
#virtual host 2 # 虚拟主机2的配置
<VirtualHost 192.168.230.16:8080>
ServerName www.shuai.com
DocumentRoot "/usr/local/apache/htdocs/shuai"
ErrorLog "logs/shuai_error_log"
CustomLog "logs/shuai_access_log" combined
<Directory /usr/local/apache/htdocs/shaui>
<RequireAll>
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
[[email protected] ~]# vim /etc/httpd24/httpd.conf
Listen 80
Listen 8080
(加上监听8080端口)
[[email protected] ~]# apachectl -t (配置完了一定要检测一下,看配置有没有错误)
[[email protected] ~]# mkdir /usr/local/apache/htdocs/chen
[[email protected] ~]# mkdir /usr/local/apache/htdocs/shaui
[[email protected] ~]# echo "Hello I'm chen" > /usr/local/apache/htdocs/chen/index.html
[[email protected] ~]# echo "Hello I'm shuai" > /usr/local/apache/htdocs/shuai/index.html
[[email protected] ~]# chown -R apache.apache /usr/local/apache/htdocs/
[[email protected] ~]# apachectl stop
[[email protected] ~]# apachectl start
[[email protected] ~]# ss -antl
LISTEN 0 128 :::8080 :::*
LISTEN 0 128 :::80 :::*
基于不同IP配置访问
[[email protected] ~]# vim /etc/httpd24/httpd.conf
Listen 80
Listen 8080
(删除8080这一行)
#virtual host 1 # 虚拟主机1的配置
<VirtualHost 192.168.230.16:80>
ServerName www.chen.com
DocumentRoot "/usr/local/apache/htdocs/chen"
ErrorLog "logs/chen_error_log"
CustomLog "logs/chen_access_log" combined
<Directory /usr/local/apache/htdocs/chen>
<RequireAll>
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
#virtual host 2 # 虚拟主机2的配置
<VirtualHost 192.168.230.20:80>
ServerName www.shuai.com
DocumentRoot "/usr/local/apache/htdocs/shuai"
ErrorLog "logs/shuai_error_log"
CustomLog "logs/shuai_access_log" combined
<Directory /usr/local/apache/htdocs/shaui>
<RequireAll>
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
[[email protected] ~]# apachectl -t
Syntax OK
[[email protected] ~]# ip addr add 192.168.230.20/24 dev ens32
[[email protected] ~]# ip a
[[email protected] ~]# apachectl stop
[[email protected] ~]# apachectl start
[[email protected] ~]# ss -antl
LISTEN 0 128 :::80 :::*
基于不同域名
[[email protected] ~]# vim /etc/httpd24/httpd.conf
#virtual host 1 # 虚拟主机1的配置
<VirtualHost 192.168.230.16:80>
ServerName www.chen.com
DocumentRoot "/usr/local/apache/htdocs/chen"
ErrorLog "logs/chen_error_log"
CustomLog "logs/chen_access_log" combined
<Directory /usr/local/apache/htdocs/chen>
<RequireAll>
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
#virtual host 2 # 虚拟主机2的配置
<VirtualHost 192.168.230.16:80>
ServerName www.shuai.com
DocumentRoot "/usr/local/apache/htdocs/shuai"
ErrorLog "logs/shuai_error_log"
CustomLog "logs/shuai_access_log" combined
<Directory /usr/local/apache/htdocs/shaui>
<RequireAll>
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
[[email protected] ~]# apachectl -t
Syntax OK
[[email protected] ~]# apachectl stop
[[email protected] ~]# apachectl start
[[email protected] ~]# ss -antl
LISTEN 0 128 :::80 :::*
配置之前先修改宿主机的hosts文件
五个小实例
注:以下实例皆使用yum安装httpd
实例1:
在server上配置一个web站点http://server.example.com;
从http://ldap.example.com/pub/example.html下载文件,并重命名为index.html,
不要修改文件内容,将文件index.html拷贝到您的DocumentRoot目录下
来自于example.com的客户端可以访问该web服务器
来自于my133t.org的客户端的访问会被拒绝
[[email protected] ~]# yum install httpd -y
[[email protected] ~]# cd /var/www/html/
[[email protected] html]# wget http://ldap.example.com/pub/example.html
[[email protected] html]# mv example.html index.html
[[email protected] html]# cat index.html
server30.example.com
[[email protected] html]# systemctl start httpd
[[email protected] html]# systemctl enable httpd
[[email protected] ~]# systemctl mask iptables.service ebtables.service
[[email protected] ~]# firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 service name=http accept'
[[email protected] ~]# firewall-cmd --reload
实例2:
为站点http://server.example.com配置TLS加密;
已签名证书从http://ldap.example.com/pub/server30.crt获取
证书的**从http://ldap.example.com/pub/server30.key获取
证书的签名授权信息从http://ldap.example.com/pub/group30.crt获取
[[email protected] ~]# yum install mod_ssl -y
[[email protected] ~]# vim /etc/httpd/conf.d/ssl.conf
#ServerName www.example.com:443
ServerName server30.example.com:443
(把这行注释去掉,并修改域名)
[[email protected] ~]# cd /etc/pki/tls/certs/
[[email protected] certs]# wget http://ldap.example.com/pub/server30.crt
[[email protected] certs]# wget http://ldap.example.com/pub/group30.crt
[[email protected] certs]# vim /etc/httpd/conf.d/ssl.conf
SSLCACertificateFile /etc/pki/tls/certs/group30.crt
SSLCertificateFile /etc/pki/tls/certs/server30.crt
[[email protected] certs]# cd ../private/
[[email protected] private]# wget http://ldap.example.com/pub/server30.key
[[email protected] private]# vim /etc/httpd/conf.d/ssl.conf
SSLCertificateKeyFile /etc/pki/tls/private/server30.key
[[email protected] ~]# systemctl restart httpd
[[email protected] ~]# firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 service name=https accept'
[[email protected] ~]# firewall-cmd --reload
[[email protected] ~]# systemctl restart httpd
实例3:
在server上扩展您的web服务器;
为站点http://www.example.com创建一个虚拟主机
设置DocumentRoot为/var/www/virtual
从http://ldap.example.com/pub/www.html下载文件,并重命名为index.html,不要修改文件内容
将文件index.html拷贝到DocumentRoot目录下
确保Floyd用户能够在/var/www/virtual下创建文件
[[email protected] ~]# cd /var/www/
[[email protected] www]# mkdir virtual
[[email protected] www]# wget -O virtual/index.html http://ldap.example.com/pub/www.html
[[email protected] www]# chown -R apache.apache /var/www/
[[email protected] www]# useradd floyd
[[email protected] www]# setfacl -m u:floyd:rwx virtual/
[[email protected] www]# find / -name *vhosts*
/usr/share/doc/httpd-2.4.6/httpd-vhosts.conf
[[email protected] www]# cd /etc/httpd/conf.d/
[[email protected] conf.d]# cp /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf .
[[email protected] conf.d]# vim httpd-vhosts.conf
(把最后两段换成下面两段)
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName server30.example.com
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/var/www/virtual"
ServerName www.example.com
</VirtualHost>
[[email protected] conf.d]# systemctl restart httpd
[[email protected] ~]# su - floyd
[[email protected] ~]$ cd /var/www/virtual/
[[email protected] virtual]$ touch haha
[[email protected] virtual]$ ll
total 4
-rw-rw-r--. 1 floyd floyd 0 Jan 8 03:03 haha
-rw-r--r--. 1 apache apache 16 Nov 28 13:11 index.html
实例4:
web访问控制;
在您server上的web服务器的DocumentRoot目录下创建一个名为private的目录
从http://ldap.example.com/pub/private.html下载文件到这个目录,并重命名为
index.html,不要修改文件内容
从server上,任何人都可以浏览private的内容,但是从其他系统不能访问这个目录的内容
[[email protected] ~]# cd /var/www/html/
[[email protected] html]# mkdir private
[[email protected] html]# wget -O private/index.html http://ldap.example.com/pub/private.html
[[email protected] html]# vim /etc/httpd/conf.d/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName server30.example.com
<Directory "/var/www/html/private">
Require ip 172.16.30.130
</Directory>
</VirtualHost>
[[email protected] html]# httpd -t
[[email protected] html]# systemctl restart httpd
客户端验证
服务端访问验证
实例5:
在server上实现动态web内容;
动态内容由名为alt.example.com的虚拟主机提供
虚拟主机监听端口为8909
从http://ldap.example.com/pub/webapp.wsgi下载一个脚本,然后放在适当的位置,不要修改文件内容
客户端访问http://alt.example.com:8909时,应该接受到动态生成的web页面
此http://alt.example.com:8909必须能被example.com内所有的系统访问
[[email protected] ~]# cd /var/www/
[[email protected] www]# mkdir wsgi
[[email protected] www]# wget -O wsgi/webapp.wsgi http://ldap.example.com/pub/webapp.wsgi
[[email protected] www]# chown -R apache.apache wsgi/
[[email protected] www]# vim /etc/httpd/conf.d/httpd-vhosts.conf
Listen 8909
<VirtualHost *:8909>
WSGIScriptAlias / "/var/www/wsgi/webapp.wsgi"
ServerName alt.example.com
</VirtualHost>
(这里配置完了服务并不能起来,因为selinux还没配置,它不会放行)
[[email protected] www]# yum install mod_wsgi -y
[[email protected] www]# systemctl stop httpd
[[email protected] www]# semanage port -l |grep http
http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
http_cache_port_t udp 3130
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
[[email protected] www]# semanage port -a -t http_port_t -p tcp 8909
[[email protected] www]# systemctl start httpd
[[email protected] www]# firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 port protocol=tcp port=8909 accept'
[[email protected] www]# firewall-cmd --reload