Apache实验集_yum安装版

By | 2019年 11月 23日
0 Comment

源码编译apache

  1. 下载源代码并解压缩:
wget ftp://192.168.99.1/Magedu37/files/lamp/apr-1.7.0.tar.bz2
wget ftp://192.168.99.1/Magedu37/files/lamp/apr-util-1.6.1.tar.bz2
wget ftp://192.168.99.1/Magedu37/files/lamp/httpd-2.4.39.tar.bz2
  1. 安装环境
yum install gcc pcre-devel openssl-devel expat-devel autoconf libtool gcc-c++
  1. 拷贝到httpd的安装目录下,一会一直编译
tar xf apr-util-1.6.1.tar.bz2
tar xf apr-1.7.0.tar.bz2
tar xf httpd-2.4.39.tar.bz2
cp -r apr-1.7.0 httpd-2.4.39/srclib/apr
cp -r apr-util-1.6.1 httpd-2.4.39/srclib/apr-util
  1. 进入目录编译
cd httpd-2.4.34/

./configure \
--prefix=/data/httpd24 \
--enable-so \
--enable-ssl \
--enable-cgi \
--enable-rewrite \
--with-zlib \
--with-pcre \
--with-included-apr \
--enable-modules=most \
--enable-mpms-shared=all \
--with-mpm=prefork

make && make install

Httpd编译过程:/app/httpd24/build/config.nice
自带的服务控制脚本:/app/httpd24/bin/apachectl

  1. 环境变量
echo 'PATH=/data/httpd24/bin:$PATH' > /etc/profile.d/httpd24.sh
source /etc/profile.d/httpd24.sh
  1. 到这里就可以启动了
apachectl start
在这里插入图片描述

实验:httpd 配置 basic 验证

  1. 实验环境:
    网站服务器:192.168.99.101
    客户机:192.168.99.102
  2. 安装httpd
[101]# yum install httpd
  1. 配置文件
[101]# vim /etc/httpd/conf.d/test.conf
DocumentRoot "/data/html"
#这里创建一个主页不用密码访问的,用来对比
<Directory "/data/html">
    require all granted
    AllowOverride All
</Directory>
#这个主页是需要帐号密码验证的
<directory /var/www/html/admin/>
    authtype basic
    AuthName "admin Page"
    AuthUserFile "/etc/httpd/conf.d/.httpuser"
    Require user bob
</directory>
  1. 设置主页
[101]# echo ' normal page ' > /data/html/index.html
[101]# echo " admin page " > /data/html/admin/index.html
  1. 创建网站的帐号密码,用来登录的
[101]# htpasswd -c /etc/httpd/conf.d/.httpuser bob
New password: 
Re-type new password: 
Adding password for user gordon
  1. 创建其它帐号用来比对的
[101]# htpasswd /etc/httpd/conf.d/.httpuser alice
New password: 
Re-type new password: 
Adding password for user gordon
#创建好了。注意-c是如果文件不存在则创建,所有,第二次创建帐号的时候就不用了
[101]# cat .httpuser
alice:$apr1$L6DKffOJ$OQGGXY7sVrHAnnrj3lGFO.
bob:$apr1$Z1HGoQHF$9CZHizsbmE21wpasHy0Gm1
  1. 为了安全性,我们还可以多加一步
[101]# chmod 600 /etc/httpd/conf.d/.httpuser
[101]# setfacl -m u:apache:r /etc/httpd/conf.d/.httpuser
  1. 重启服务
[101]# systemctl restart httpd
  1. 测试下吧
还可以这样写:

在原来的基础上修改
1. 修改配置文件

[101]# cat /etc/httpd/conf.d/test.conf 
<directory /var/www/html/admin/>
    allowoverride authconfig
</directory>
  1. 创建访问控制文件
[root@localhost ~]# cat /var/www/html/admin/.htaccess
authtype basic
AuthName "admin Page"
AuthUserFile "/etc/httpd/conf.d/.httpuser"
Require user gordon
上面是基于单用户的,下面是基于组的
  1. 添加个用户
[101]# htpasswd  /etc/httpd/conf.d/.httpuser admin
New password: 
Re-type new password: 
Adding password for user admin
  1. 这样就有3个用户了
[101]$ cat /etc/httpd/conf.d/.httpuser
alice:$apr1$L6DKffOJ$OQGGXY7sVrHAnnrj3lGFO.
bob:$apr1$Z1HGoQHF$9CZHizsbmE21wpasHy0Gm1
admin:$apr1$yq/KZ0wX$J054.zQTIfFLzKxBEYF601
  1. 添加个组的配置文件
[101]$ cat /etc/httpd/conf.d/.httpgroup
g1: admin bob
g2: admin alice
  1. 修改下.htaccess这个配置文件
[101]$ cat /data/html/admin/.htaccess
authtype basic
AuthName "admin Page"
AuthUserFile "/etc/httpd/conf.d/.httpuser"
AuthGroupFile "/etc/httpd/conf.d/.httpgroup"
Require group g1
  1. 重启下服务,
[101]$ systemctl restart httpd
  1. 测试下吧

httpd 开启传输数据压缩功能

webserver:192.168.99.102
  1. 先安装httpd
[102]$ yum install httpd
  1. 创建网页
[102]$ cd /data/
[102]$ mkdir -p web{a,b}
[102]$ echo "www.aaaaa.com" > weba/index.html
[102]$ echo "www.bbbbb.com" > webb/index.html
  1. 配置文件
[102]$ vim /etc/httpd/conf.d/test.conf

<virtualhost *:80>
    documentroot /data/weba
    servername www.a.com
    <directory /data/weba>
        require all granted
    </directory>
    Customlog "logs/a_access_log" combined
    addoutputfilterbytype deflate text/plain
    addoutputfilterbybype deflate text/html
    deflatecompressionlevel 9
</virtualhost>

<virtualhost>
    documentroot /data/webb
    servername www.b.com
    <directory /data/webb>
        require all granted
    </directory>
    customlog "logs/a_access_log" combined
</virtualhost>
  1. 重启服务
[102]$ systemctl restart httpd
  1. 准备要用的文本
[102]$ cp /var/log/messages /data/weba/m.html
[102]$ cp /var/log/messages /data/webb/m.html
[102]$ chmod +r /data/weba/m.html
[102]$ chmod +r /data/webb/m.html
client: 192.168.99.103
  1. 在另外个主机上测试,先配置hosts
[103]$ vim /etc/hosts
192.168.99.102 www.a.com www.b.com
  1. curl测试工具
[103]$ curl -I --compressed www.a.com/m.html
HTTP/1.1 200 OK
Date: Tue, 23 Jul 2019 13:34:57 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Last-Modified: Tue, 23 Jul 2019 13:34:25 GMT
ETag: "4cf26-58e5940497f66-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip    #看这里,压缩了
Content-Length: 43028
Content-Type: text/html; charset=UTF-8

#另外一个网址就没有压缩
[103]$ curl -I --compressed www.b.com/m.html
HTTP/1.1 200 OK
Date: Tue, 23 Jul 2019 13:35:01 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Last-Modified: Tue, 23 Jul 2019 13:34:29 GMT
ETag: "4cf26-58e59408fef39"
Accept-Ranges: bytes
Content-Length: 315174
Content-Type: text/html; charset=UTF-8

实验:httpd 配置 https 协议

  1. 安装httpd和mod_ssl
[102]$ yum install httpd
[102]$ yum install mod_ssl
  1. 启动来看看
[102]$ systemctl restart httpd
在这里插入图片描述

这时候已经可以用https来连接了,但是会提示

  1. 建个目录来放ssl文件
[102]$ mkdir -p /etc/httpd/conf.d/ssl
[102]$ cd /etc/httpd/conf.d/ssl
  1. 创建CA密钥
[102]$ (umask 066; openssl genrsa 2048 > cakey.pem)
Generating RSA private key, 2048 bit long modulus
..........................................................+++
.............................................+++
e is 65537 (0x10001)
  1. 创建CA证书
[102]$ openssl req -new -x509 -key cakey.pem -out cacert.pem -days 888
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:baidu
Organizational Unit Name (eg, section) []:devops
Common Name (eg, your name or your server's hostname) []:www.baidu.com
Email Address []:
  1. 生成证书申请文件
[102]$ openssl req -newkey rsa:1024 -nodes -keyout httpd.key > httpd.csr
Generating a 1024 bit RSA private key
......................................................++++++
......++++++
writing new private key to 'httpd.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:baidu
Organizational Unit Name (eg, section) []:devops
Common Name (eg, your name or your server's hostname) []:www.baidu.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
  1. 颁发证书
[102]$ openssl x509 -req -in httpd.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 > httpd.crt
Signature ok
subject=/C=CN/ST=beijing/L=beijing/O=baidu/OU=devops/CN=www.baidu.com
Getting CA Private Key
  1. 看看。有这些文件
[102]$ ls
cacert.pem  cakey.pem  httpd.crt  httpd.csr  httpd.key
  1. 修改下SSL配置文件
[102]$ vim /etc/httpd/conf.d/ssl.conf
...
59 DocumentRoot "/var/www/html"
60 ServerName www.s.com:443
...
100 SSLCertificateFile /etc/httpd/conf.d/ssl/httpd.crt
...
107 SSLCertificateKeyFile /etc/httpd/conf.d/ssl/httpd.key
...
122 SSLCACertificateFile /etc/httpd/conf.d/ssl/cacert.pem
...
  1. 创建个网页
[102]$ echo "www.sssss.com" > /var/www/html/index.html
  1. 启动服务
[102]$ systemctl restart httpd
  1. 端口已经启动了
[102]$ ss -tnl
State      Recv-Q Send-Q Local Address:Port               Peer Address:Port     
....
LISTEN     0      128         :::22                      :::*
LISTEN     0      100        ::1:25                      :::*
LISTEN     0      128         :::443                     :::*
  1. 自己测试下
[102]$ curl -k https://127.0.0.1:443
www.sssss.com

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注