apache基本配置管理三：企业中常见基于repo的apache服务环境搭建

chinaab

客户背景操作：

客户需要搭建基于http协议的yum源，存放常用自定义开发的服务软件包，客户主机已经安装了自动化运维工具puppet，该puppet架构，基于forman,forman的页面Web提供了forman的web页面管理,使用了默认的80,由于有ssl协议，开启了443端口。所以此时yum源码服务器需要更换默认的服务端口,需要配置基于端口的apache服务

实验环境：redhat6.7  基于yum源的安装方式

一、由于要yum安装软件包，需要挂载ISO，配置repo文件

[root@puppet yum.repos.d]# pwd

/etc/yum.repos.d

[root@puppet yum.repos.d]# cat rhel6.repo

[rhel6]

name=rhel6

baseurl=file:///mnt

enable=1

gpgcheck=0

yum clean all

yum  repolist

二、用yum –y install httpd安装软件包，rpm –qa查看软件包是否安装

[root@puppet ~]# rpm -qa httpd

httpd-2.2.15-45.el6.x86_64

定义域名解析，以便yum源域名可以访问

[root@puppet conf.d]# cat /etc/hosts：

127.0.0.1  localhost localhost.localdomain localhost4 localhost4.localdomain4

::1        localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.137.10  puppet.rhel6.site   puppet

192.168.137.10  repos.rhel6.site    repos

[root@puppet conf.d]#

[root@puppet conf.d]# pwd

/etc/httpd/conf.

三、配置扩展的内容定义

[root@puppet conf.d]# cat repos.conf

Listen 8090

     DocumentRoot/var/www/html/

     ServerNamerepos.rhel6.site

   Options IndexesFollowSymLinks

   AllowOverrideNone

   Order allow,deny

   Allow from all

[root@puppet conf.d]#

四、默认配置文件通过include加载扩展文件并且注释80端口

[root@puppet conf]# cat httpd.conf

# Security

ServerTokens OS

ServerSignature On

TraceEnable On

ServerName "puppet.rhel6.site"

ServerRoot "/etc/httpd"

PidFile run/httpd.pid

Timeout 120

KeepAlive Off

MaxKeepAliveRequests 100

KeepAliveTimeout 15

User apache

Group apache

AccessFileName .htaccess

     Orderallow,deny

     Deny from all

     Satisfy all

  OptionsFollowSymLinks

  AllowOverrideNone

DefaultType none

HostnameLookups Off

ErrorLog "/var/log/httpd/error_log"

LogLevel warn

EnableSendfile On

#Listen 80

Include "/etc/httpd/conf.d/*.load"

Include "/etc/httpd/conf/ports.conf"

LogFormat "%h %l %u %t \"%r\" %>s %b\"%{Referer}i\" \"%{User-Agent}i\"" combined

LogFormat "%h %l %u %t \"%r\" %>s%b" common

LogFormat "%{Referer}i -> %U" referer

LogFormat "%{User-agent}i" agent

Include"/etc/httpd/conf.d/*.conf"

[root@puppet conf]#

五、把iso镜像挂载在/mnt/下，并把/mnt内容递归复制到/home/repos，并在server同级目录下createrepo –s sha1 .,此时会产生erver.xml，repos下可以分类存放软件包名称、scripts、repo文件等目录的层级结构

[root@puppet html]# cd /home/repos/

[root@puppet repos]# ll

drwxr-xr-x  2 rootroot 4096 Dec 19 20:31 REPO_FILES

drwxr-xr-x  4 rootroot 4096 Nov 17 13:57 rhel5

drwxr-xr-x  4 rootroot 4096 Nov 17 13:58 rhel6

drwxr-xr-x 13 root root 4096 Nov 13 22:41 rhel6_6

[root@puppet repos]# pwd

/home/repos

[root@puppet repos]#

六、把/home/repos链接到/var/www/html因为apache默认的根路径为/var/www/html

ln-s /home/repos /var/www/html/

[root@puppet html]# pwd

/var/www/html

[root@puppet html]# ll

total 0

lrwxrwxrwx 1 root root 11 Dec 19 19:25 repos ->/home/repos

[root@puppet html]#

七：访问效果

、

　　

　　

　　查看puppet的http配置管理：
　　[root@puppet yum.repos.d]# cat foreman-1.5.3.repo
[foreman-1.5.3]
name=foreman 1.5.3 - rhel 6
baseurl=file:///home/foreman-1.5.3/6
enabled=1
gpgcheck=0
[root@puppet yum.repos.d]#
　　[root@puppet yum.repos.d]# cat puppet-3.7.4.repo
[puppet-3.7.4]
name=puppet 3.7.4 - rhel 6
baseurl=file:///home/puppet-3.7.4/6
enabled=1
gpgcheck=0
[root@puppet yum.repos.d]# cat /etc/httpd/conf/httpd.conf
# Security
ServerTokens OS
ServerSignature On
TraceEnable On

ServerName "puppet.rhel6.site"
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 120
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 15

User apache
Group apache

AccessFileName .htaccess

     Order allow,deny
     Deny from all
     Satisfy all



  Options FollowSymLinks
  AllowOverride None


DefaultType none
HostnameLookups Off
ErrorLog "/var/log/httpd/error_log"
LogLevel warn
EnableSendfile On

#Listen 80


Include "/etc/httpd/conf.d/*.load"
Include "/etc/httpd/conf/ports.conf"

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

Include "/etc/httpd/conf.d/*.conf"

[root@puppet yum.repos.d]#

　　

　　[root@puppet yum.repos.d]# cat /etc/httpd/conf.d/puppetmaster.conf
# This Apache 2 virtual host config shows how to use Puppet as a Rack
# application via Passenger. See
# http://docs.puppetlabs.com/guides/passenger.html for more information.

# You can also use the included config.ru file to run Puppet with other Rack
# servers instead of Passenger.

# you probably want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120
#RackAutoDetect Off
#RailsAutoDetect Off

Listen 8140


        SSLEngine on
        SSLProtocol             ALL -SSLv2 -SSLv3
        SSLCipherSuite          EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
        SSLHonorCipherOrder     on

        SSLCertificateFile      /var/lib/puppet/ssl/certs/puppet.rhel6.site.pem
        SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/puppet.rhel6.site.pem
        SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
        SSLCACertificateFile    /var/lib/puppet/ssl/ca/ca_crt.pem
        # If Apache complains about invalid signatures on the CRL, you can try disabling
        # CRL checking by commenting the next line, but this is not recommended.
        SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crt.pem
        # Apache 2.4 introduces the SSLCARevocationCheck directive and sets it to none
        # which effectively disables CRL checking; if you are using Apache 2.4+ you must
        # specify 'SSLCARevocationCheck chain' to actually use the CRL.
        # SSLCARevocationCheck chain
        SSLVerifyClient optional
        SSLVerifyDepth  1
        # The `ExportCertData` option is needed for agent certificate expiration warnings
        SSLOptions +StdEnvVars +ExportCertData

        # This header needs to be set if using a loadbalancer or proxy
        RequestHeader unset X-Forwarded-For

        RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
        RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
        RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

        DocumentRoot /etc/puppet/rack/public/
        RackBaseURI /
        
                Options None
                AllowOverride None
                Order allow,deny
                allow from all
        


[root@puppet yum.repos.d]#
[root@puppet yum.repos.d]# cd /etc/httpd/
[root@puppet httpd]# ll
total 8
drwxr-xr-x. 2 root root 4096 Feb  9 05:47 conf
drwxr-xr-x. 4 root root 4096 Feb  9 03:32 conf.d
lrwxrwxrwx. 1 root root   19 Oct  9 13:10 logs -> ../../var/log/httpd
lrwxrwxrwx. 1 root root   29 Oct  9 13:10 modules -> ../../usr/lib64/httpd/modules
lrwxrwxrwx. 1 root root   19 Oct  9 13:10 run -> ../../var/run/httpd
[root@puppet httpd]# cd conf
[root@puppet conf]# ll
total 24
-rw-r--r--  1 root root   857 Oct 10 10:15 httpd.conf
-rw-r--r--. 1 root root 13139 Mar  4  2015 magic
-rw-r--r--  1 root root   228 Oct 10 10:16 ports.conf
[root@puppet conf]# cat ports.conf
# ************************************
# Listen & NameVirtualHost resources in module puppetlabs-apache
# Managed by Puppet
# ************************************

Listen 443
Listen 80
NameVirtualHost *:443
NameVirtualHost *:80
[root@puppet conf]# pwd
/etc/httpd/conf
[root@puppet conf]#