httpd-2.4源码编译安装
一、httpd-2.4的新特性1)MPM支持在运行时装载; --enable-mpms-shared=all --with-mpm={prefork|worker|event}2)支持event mpm3)异步读写4)在每模块及每目录分别使用不同的日志级别5)每请求的配置;<If>,<Elseif>6)增强版的表达式分析器7)毫秒级的keep alive的timeout8)基于FQDN的虚拟主机不再需要NameVirtualHost指令;9)支持用户使用自定义变量 10)新增了一些模块:mod_proxy_fcgi, mode_ratelimit, mod_request, mod_remoteip 11)修改了一些配置机制。不再支持使用order, allow, deny定义基于ip的访问控制,改为require二、安装配置开始1、解决依赖关系安装 apr
# cd apr-1.5.0
# ./configure --prefix=/usr/local/apr
# make && make install
安装 apr-util
# tarxf apr-util-1.5.3.tar.bz2
# cd apr-util-1.5.3
# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr/
#make && make install
安装openssl
yum install openssl-devel
2、安装 http 2.4.9
# tar xf httpd-2.4.9.tar.bz2
# cd httpd-2.4.9
# ./configure --prefix=/usr/local/apache24 --sysconfdir=/etc/httpd24 --enable-modules=most --enable-so--enable-deflate --enable-ssl --enable-cgi --enable-rewrite--with-apr=/usr/local/apr/ --with-apr-util=/usr/local/apr-util/ --with-mpm=event--enable-mpms-shared=all
# make && make install
3、导出二进制文件和帮助手册
vim /etc/profile.d/apache.sh
PATH=/usr/local/apache24/bin:$PATH
. /etc/profile.d/apache.sh
vim /etc/man.config
MANPATH /usr/local/apache24/man
4、提供服控制动脚本:
# cat /etc/init.d/httpd24
#!/bin/bash
#
# httpd24 Startup script for the Apache HTTP Server
#
# chkconfig: - 85 15
# Source function library.
. /etc/rc.d/init.d/functions
HTTPD_LANG=${HTTPD_LANG-"C"}
INITLOG_ARGS=""
apachectl=/usr/local/apache24/bin/apachectl
httpd=${HTTPD-/usr/local/apache24/bin/httpd}
prog=httpd
pidfile=${PIDFILE-/usr/local/apache24/logs/httpd.pid}
lockfile=${LOCKFILE-/var/lock/subsys/httpd}
RETVAL=0
STOP_TIMEOUT=${STOP_TIMEOUT-10}
start() {
echo -n $"Starting $prog: "
LANG=$HTTPD_LANG daemon --pidfile=${pidfile} $httpd $OPTIONS
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch ${lockfile}
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
killproc -p ${pidfile} -d ${STOP_TIMEOUT} $httpd
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}
}
reload() {
echo -n $"Reloading $prog: "
if ! LANG=$HTTPD_LANG $httpd $OPTIONS -t >&/dev/null; then
RETVAL=6
echo $"not reloading due to configuration syntax error"
failure $"not reloading $httpd due to configuration syntax error"
else
# Force LSB behaviour from killproc
LSB=1 killproc -p ${pidfile} $httpd -HUP
RETVAL=$?
if [ $RETVAL -eq 7 ]; then
failure $"httpd shutdown"
fi
fi
echo
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status -p ${pidfile} $httpd
RETVAL=$?
;;
restart)
stop
start
;;
condrestart|try-restart)
if status -p ${pidfile} $httpd >&/dev/null; then
stop
start
fi
;;
force-reload|reload)
reload
;;
graceful|help|configtest|fullstatus)
$apachectl $@
RETVAL=$?
;;
*)
echo $"Usage: $prog {start|stop|restart|condrestart|try-restart|force-reload|reload|status|fullstatus|graceful|help|configtest}"
RETVAL=2
esac
exit $RETVAL
5、虚拟主机 和 SSL 的实现
虚拟主机:
vim /etc/http24/http.conf
注释:DocumentRoot "/usr/local/apache24/htdocs"
开启:Include "extra/httpd-vhosts.conf"
vim /etc/http24/extra/httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin webmaster@guoting.com
DocumentRoot "/web/vhosts/www1"
ServerName www1.guoting.com
<Directory "/web/vhosts/www1">
Require all granted
</Directory>
ErrorLog "logs/www1.guoting.com.error_log"
CustomLog "logs/www1.guoting.com.access_log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster2@guoting.com
DocumentRoot "/web/vhosts/www2"
ServerName www2.guoting.com
<Directory "/web/vhosts/www2">
Require all granted
</Directory>
ErrorLog "logs/www2.guoting.com.error_log"
CustomLog "logs/www2.guoting.com.access_log" common
</VirtualHost>
##############################
mkdir /web/vhosts/www1/ -p
mkdir /web/vhosts/www2/ -p
echo "<h1>welcom www1.guotig.com<h1>" > /web/vhosts/www1/index.html
echo "<h1>welcom www2.guotig.com<h1>" > /web/vhosts/www2/index.html
在测试客户端:以Linux为例:
vim /etc/hosts 添加:
172.16.10.9 www1.guoting.com www2.guoting.com
启动服务:
/etc/init.d/httpd24 start
开始测试:
crul: http://www1.guoting.com
##########################################################################
在上一步的基础上:
ssl:
#############################################################################
vim /etc/http24/http.conf
开启:Include "extra/httpd-ssl.conf"
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
当然可以动态添加 MPM 的方式:(选择添加)
LoadModule mpm_event_module modules/mod_mpm_event.so
############制作证书###############################
在服务端:
(umask 077;openssl genrsa -out /etc/pki/CA/private/cacert.key 2048)
openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 1000
touch index.txt
echo "01" > serial
在客户端:
(umask 077;openssl genrsa -out /etc/httpd24/httpd.key 2048)
openssl req -new -key /etc/httpd24/httpd.key -out /etc/httpd24/httpd.csr
将 httpd.csr 传到服务端签名:
在服务端:
openssl ca -in /root/httpd.csr -out /root/httpd.crt -days 1000
将签好的证书,httpd.crt 传回到客户端,放到 etc/httpd24/ 目录下
##################################################
vim /etc/http24/extra/httpd-ssl.conf
# 添加:
<VirtualHost *:443>
DocumentRoot "/web/vhosts/www1"
<Directory "/web/vhosts/www1">
Options none
Require all granted
</Directory>
ServerName www1.guoting.com:443
ServerAdmin root@guoting.com
ErrorLog "/web/vhosts/www1/logs/error_log"
TransferLog "/web/vhosts/www1/logs/access_log"
SSLEngine on
SSLCertificateFile "/etc/httpd24/httpd.crt"
SSLCertificateKeyFile "/etc/httpd24/httpd.key"
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "/web/vhosts/www2"
<Directory "/web/vhosts/www2">
Options none
Require all granted
</Directory>
ServerName www2.guoting.com:443
ServerAdmin root@guoting.com
ErrorLog "/web/vhosts/www2/logs/error_log"
TransferLog "/web/vhosts/www2/logs/access_log"
SSLEngine on
SSLCertificateFile "/etc/httpd24/httpd.crt"
SSLCertificateKeyFile "/etc/httpd24/httpd.key"
</VirtualHost>
#######################
mkdir /web/vhosts/www1/logs -p
mkdir /web/vhosts/www2/logs -p
###################
在浏览器中输入测试,以 Linux 为例:
输入:https://www1.guoting.com,导入证书即可访问。
页:
[1]