chinaab 发表于 2018-11-19 06:22:39

apache基本配置管理三:企业中常见基于repo的apache服务环境搭建

客户背景操作:
客户需要搭建基于http协议的yum源,存放常用自定义开发的服务软件包,客户主机已经安装了自动化运维工具puppet,该puppet架构,基于forman,forman的页面Web提供了forman的web页面管理,使用了默认的80,由于有ssl协议,开启了443端口。所以此时yum源码服务器需要更换默认的服务端口,需要配置基于端口的apache服务
实验环境:redhat6.7基于yum源的安装方式
一、由于要yum安装软件包,需要挂载ISO,配置repo文件
# pwd
/etc/yum.repos.d
# cat rhel6.repo

name=rhel6
baseurl=file:///mnt
enable=1
gpgcheck=0
yum clean all
yumrepolist
二、用yum –y install httpd安装软件包,rpm –qa查看软件包是否安装
# rpm -qa httpd
httpd-2.2.15-45.el6.x86_64
定义域名解析,以便yum源域名可以访问
# cat /etc/hosts:
127.0.0.1localhost localhost.localdomain localhost4 localhost4.localdomain4
::1      localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.137.10puppet.rhel6.site   puppet
192.168.137.10repos.rhel6.site    repos
#
# pwd
/etc/httpd/conf.
三、配置扩展的内容定义
# cat repos.conf
Listen 8090

   DocumentRoot/var/www/html/
   ServerNamerepos.rhel6.site



   Options IndexesFollowSymLinks
   AllowOverrideNone
   Order allow,deny
   Allow from all

#

四、默认配置文件通过include加载扩展文件并且注释80端口
# cat httpd.conf
# Security
ServerTokens OS
ServerSignature On
TraceEnable On

ServerName "puppet.rhel6.site"
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 120
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 15

User apache
Group apache

AccessFileName .htaccess

   Orderallow,deny
   Deny from all
   Satisfy all



OptionsFollowSymLinks
AllowOverrideNone


DefaultType none
HostnameLookups Off
ErrorLog "/var/log/httpd/error_log"
LogLevel warn
EnableSendfile On

#Listen 80


Include "/etc/httpd/conf.d/*.load"
Include "/etc/httpd/conf/ports.conf"

LogFormat "%h %l %u %t \"%r\" %>s %b\"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s%b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

Include"/etc/httpd/conf.d/*.conf"
#

五、把iso镜像挂载在/mnt/下,并把/mnt内容递归复制到/home/repos,并在server同级目录下createrepo –s sha1 .,此时会产生erver.xml,repos下可以分类存放软件包名称、scripts、repo文件等目录的层级结构
# cd /home/repos/
# ll
drwxr-xr-x2 rootroot 4096 Dec 19 20:31 REPO_FILES
drwxr-xr-x4 rootroot 4096 Nov 17 13:57 rhel5
drwxr-xr-x4 rootroot 4096 Nov 17 13:58 rhel6
drwxr-xr-x 13 root root 4096 Nov 13 22:41 rhel6_6
# pwd
/home/repos
#

六、把/home/repos链接到/var/www/html因为apache默认的根路径为/var/www/html
ln-s /home/repos /var/www/html/
# pwd
/var/www/html
# ll
total 0
lrwxrwxrwx 1 root root 11 Dec 19 19:25 repos ->/home/repos
#
七:访问效果

  

  

  查看puppet的http配置管理:
  # cat foreman-1.5.3.repo

name=foreman 1.5.3 - rhel 6
baseurl=file:///home/foreman-1.5.3/6
enabled=1
gpgcheck=0
#
  # cat puppet-3.7.4.repo

name=puppet 3.7.4 - rhel 6
baseurl=file:///home/puppet-3.7.4/6
enabled=1
gpgcheck=0
# cat /etc/httpd/conf/httpd.conf
# Security
ServerTokens OS
ServerSignature On
TraceEnable On

ServerName "puppet.rhel6.site"
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 120
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 15

User apache
Group apache

AccessFileName .htaccess

   Order allow,deny
   Deny from all
   Satisfy all



Options FollowSymLinks
AllowOverride None


DefaultType none
HostnameLookups Off
ErrorLog "/var/log/httpd/error_log"
LogLevel warn
EnableSendfile On

#Listen 80


Include "/etc/httpd/conf.d/*.load"
Include "/etc/httpd/conf/ports.conf"

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

Include "/etc/httpd/conf.d/*.conf"

#

  

  # cat /etc/httpd/conf.d/puppetmaster.conf
# This Apache 2 virtual host config shows how to use Puppet as a Rack
# application via Passenger. See
# http://docs.puppetlabs.com/guides/passenger.html for more information.

# You can also use the included config.ru file to run Puppet with other Rack
# servers instead of Passenger.

# you probably want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120
#RackAutoDetect Off
#RailsAutoDetect Off

Listen 8140


      SSLEngine on
      SSLProtocol             ALL -SSLv2 -SSLv3
      SSLCipherSuite          EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
      SSLHonorCipherOrder   on

      SSLCertificateFile      /var/lib/puppet/ssl/certs/puppet.rhel6.site.pem
      SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/puppet.rhel6.site.pem
      SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
      SSLCACertificateFile    /var/lib/puppet/ssl/ca/ca_crt.pem
      # If Apache complains about invalid signatures on the CRL, you can try disabling
      # CRL checking by commenting the next line, but this is not recommended.
      SSLCARevocationFile   /var/lib/puppet/ssl/ca/ca_crt.pem
      # Apache 2.4 introduces the SSLCARevocationCheck directive and sets it to none
      # which effectively disables CRL checking; if you are using Apache 2.4+ you must
      # specify 'SSLCARevocationCheck chain' to actually use the CRL.
      # SSLCARevocationCheck chain
      SSLVerifyClient optional
      SSLVerifyDepth1
      # The `ExportCertData` option is needed for agent certificate expiration warnings
      SSLOptions +StdEnvVars +ExportCertData

      # This header needs to be set if using a loadbalancer or proxy
      RequestHeader unset X-Forwarded-For

      RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
      RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
      RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

      DocumentRoot /etc/puppet/rack/public/
      RackBaseURI /
      
                Options None
                AllowOverride None
                Order allow,deny
                allow from all
      


#
# cd /etc/httpd/
# ll
total 8
drwxr-xr-x. 2 root root 4096 Feb9 05:47 conf
drwxr-xr-x. 4 root root 4096 Feb9 03:32 conf.d
lrwxrwxrwx. 1 root root   19 Oct9 13:10 logs -> ../../var/log/httpd
lrwxrwxrwx. 1 root root   29 Oct9 13:10 modules -> ../../usr/lib64/httpd/modules
lrwxrwxrwx. 1 root root   19 Oct9 13:10 run -> ../../var/run/httpd
# cd conf
# ll
total 24
-rw-r--r--1 root root   857 Oct 10 10:15 httpd.conf
-rw-r--r--. 1 root root 13139 Mar42015 magic
-rw-r--r--1 root root   228 Oct 10 10:16 ports.conf
# cat ports.conf
# ************************************
# Listen & NameVirtualHost resources in module puppetlabs-apache
# Managed by Puppet
# ************************************

Listen 443
Listen 80
NameVirtualHost *:443
NameVirtualHost *:80
# pwd
/etc/httpd/conf
#


  

  

  

  




页: [1]
查看完整版本: apache基本配置管理三:企业中常见基于repo的apache服务环境搭建