Apache实验集_源码编译版

By | 2019年 11月 23日
0 Comment

源码编译apache

  1. 下载源代码并解压缩:
wget ftp://192.168.99.1/Magedu37/files/lamp/apr-1.7.0.tar.bz2
wget ftp://192.168.99.1/Magedu37/files/lamp/apr-util-1.6.1.tar.bz2
wget ftp://192.168.99.1/Magedu37/files/lamp/httpd-2.4.39.tar.bz2
  1. 安装环境
yum install gcc pcre-devel openssl-devel expat-devel autoconf libtool gcc-c++
  1. 拷贝到httpd的安装目录下,一会一直编译
tar xf apr-util-1.6.1.tar.bz2
tar xf apr-1.7.0.tar.bz2
tar xf httpd-2.4.39.tar.bz2
cp -r apr-1.7.0 httpd-2.4.39/srclib/apr
cp -r apr-util-1.6.1 httpd-2.4.39/srclib/apr-util
  1. 进入目录编译
cd httpd-2.4.39

./configure \
--prefix=/data/httpd24 \
--enable-so \
--enable-ssl \
--enable-cgi \
--enable-rewrite \
--with-zlib \
--with-pcre \
--with-included-apr \
--enable-modules=most \
--enable-mpms-shared=all \
--with-mpm=prefork

make && make install

Httpd编译过程:/app/httpd24/build/config.nice
自带的服务控制脚本:/app/httpd24/bin/apachectl

  1. 环境变量
echo 'PATH=/data/httpd24/bin:$PATH' > /etc/profile.d/httpd24.sh
source /etc/profile.d/httpd24.sh
  1. 到这里就可以启动了
#这里启动的时候报了个提示,但服务还是起来了,如果不想看到,可以修改下配置,看下面
[101]$ apachectl start
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName’ directive globally to suppress this message

[101]$ vim /data/httpd24/conf/httpd.conf
    203 ServerName www.a.com
#大概在203行,起个域名就行了,这样就不会报错了
[101]$ apachectl restart

这里最好做一个快照,后面实验防止冲突
加快照前在最后加上这句

[101]$ cd /data/httpd24/conf/

[101]$ vim httpd.conf
    485 Include conf/test.conf
#后面做实验用
在这里插入图片描述

实验:httpd 配置 basic 验证

  1. 实验环境:
    网站服务器:192.168.99.101
  2. 安装httpd
    见第一个实验。最好是还原前面刚装好的快照
  3. 把原来配置文件里的这里删除了,一会我们自己创建个配置文件来写
[101]$ cd /data/httpd24/conf
[101]$ vim httpd.conf
    227 DocumentRoot "/data/httpd24/htdocs"
    228 <Directory "/data/httpd24/htdocs">
    229     #
    ... ...
    252     #
    253     Require all granted
    254 </Directory>

重要:然后在最后加上这句,上面加过了就不用了

[101]$ vim httpd.conf
    485 Include conf/test.conf
  1. 新建个配置文件
[101]$ vim test.conf
#内容
##这里创建一个主页不用密码访问的,用来对比
DocumentRoot "/data/httpd24/htdocs"
<Directory "/data/httpd24/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

##这个主页是需要帐号密码验证的
<directory /data/httpd24/htdocs/admin>
    authtype basic
    AuthName "admin Page"
    AuthUserFile "/data/httpd24/conf/.httpuser"
    Require user bob
</directory>
  1. 设置主页
[101]$ echo "normal page" > /data/httpd24/htdocs/index.html
[101]$ mkdir /data/httpd24/htdocs/admin/
[101]$ echo "Admin page" > /data/httpd24/htdocs/admin/index.html
  1. 创建网站的帐号密码,用来登录的
[101]$ htpasswd -c /data/httpd24/conf/.httpuser bob
New password: 
Re-type new password: 
Adding password for user bob
  1. 创建其它帐号用来比对的
[101]$ htpasswd /data/httpd24/conf/.httpuser alice
New password: 
Re-type new password: 
Adding password for user alice

#看下
[101]$ cat /data/httpd24/conf/.httpuser
bob:$apr1$xssT8G1l$WDrHHEqR4MpLvOW698V/G1
alice:$apr1$r5i112n/$WcL3rgVD4TElAH9X6Jn/K0
  1. 可选,为了安全性,我们还可以多加一步,
[101]# chmod 600 /etc/httpd/conf.d/.httpuser
[101]# setfacl -m u:apache:r /etc/httpd/conf.d/.httpuser
  1. 重启服务
[101]$ apachectl restart
  1. 测试下吧
还可以这样写:

在原来的基础上修改
1. 修改配置文件

[101]$ cd /data/httpd24/conf/
[101]$ vim test.conf
#把原来的改了
<directory /var/www/html/admin/>
    allowoverride authconfig
</directory>
  1. 创建访问控制文件
[101]$ vim /data/httpd24/htdocs/admin/.htaccess
authtype basic
AuthName "admin Page"
AuthUserFile "/data/httpd24/conf/.httpuser"
Require user alice
  1. 重启服务,试下吧
[101]$ apachectl restart
上面是基于单用户的,下面是基于组的
  1. 再添加个用户
[101]$ cd /data/httpd24/conf/

[101]$ htpasswd /data/httpd24/conf/.httpuser admin
New password:
Re-type new password:
Adding password for user admin
  1. 这样就有3个用户了
[101]$ cat .httpuser
bob:$apr1$xssT8G1l$WDrHHEqR4MpLvOW698V/G1
alice:$apr1$r5i112n/$WcL3rgVD4TElAH9X6Jn/K0
admin:$apr1$tnyfRtTB$rXkQRAUxKSo0OdIC91m.a0
  1. 添加个组的配置文件
[101]$ cd /data/httpd24/conf/

[101]$ vim .httpgroup
g1: admin bob
g2: admin alice
  1. 修改下.htaccess这个配置文件
[101]$ vim /data/httpd24/htdocs/admin/.htaccess
authtype basic
AuthName "admin Page"
AuthUserFile "/data/httpd24/conf/.httpuser"
AuthGroupFile "/data/httpd24/conf/.httpgroup"
Require group g1
  1. 重启下服务,
[101]$ apachectl restart
  1. 测试下吧

httpd 开启传输数据压缩功能

webserver:192.168.99.102
  1. 把上面安装好的httpd快照还原下
  2. 创建网页,一个不压缩,一个压缩传输
[101]$ cd /data/httpd24/conf/
[101]$ mkdir /data/httpd24/htdocs/{a,b}_site
[101]$ echo "www.aaaaa.com" > /data/httpd24/htdocs/a_site/index.html
[101]$ echo "www.bbbbb.com" > /data/httpd24/htdocs/b_site/index.html
  1. 配置文件
[101]$ cd /data/httpd24/conf/
[101]$ vim test.conf

[101]$ vim /etc/httpd/conf.d/test.conf

<virtualhost *:80>
    documentroot /data/httpd24/htdocs/a_site
    servername www.a.com

    <directory /data/httpd24/htdocs/a_site>
        require all granted
    </directory>

    Customlog "logs/a_access_log" combined
    addoutputfilterbytype deflate text/plain
    addoutputfilterbytype deflate text/html
    deflatecompressionlevel 9
</virtualhost>

<virtualhost *:80>
    documentroot /data/httpd24/htdocs/b_site
    servername www.b.com

    <directory /data/httpd24/htdocs/b_site>
        require all granted
    </directory>

    customlog "logs/a_access_log" combined
</virtualhost>
  1. 压缩传输默认是没有开启的,修改下配置
[101]$ vim httpd.conf
#去掉前面的“#”号
108 LoadModule deflate_module modules/mod_deflate.so
  1. 重启服务
[101]$ apachectl restart
  1. 准备要用的文本
[101]$ cp /var/log/messages /data/httpd24/htdocs/a_site/m.html
[101]$ cp /var/log/messages /data/httpd24/htdocs/b_site/m.html
[101]$ chmod +r /data/httpd24/htdocs/a_site/m.html
[101]$ chmod +r /data/httpd24/htdocs/b_site/m.html
client: 192.168.99.103
  1. 在另外个主机上测试,先配置hosts,这步不能省
[103]$ vim /etc/hosts
192.168.99.101 www.a.com www.b.com
  1. curl测试工具
[103]$ curl -I --compressed www.a.com/m.html
HTTP/1.1 200 OK
Date: Tue, 23 Jul 2019 13:34:57 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Last-Modified: Tue, 23 Jul 2019 13:34:25 GMT
ETag: "4cf26-58e5940497f66-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip    #看这里,压缩了
Content-Length: 43028
Content-Type: text/html; charset=UTF-8

#另外一个网址就没有压缩
[103]$ curl -I --compressed www.b.com/m.html
HTTP/1.1 200 OK
Date: Tue, 23 Jul 2019 13:35:01 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Last-Modified: Tue, 23 Jul 2019 13:34:29 GMT
ETag: "4cf26-58e59408fef39"
Accept-Ranges: bytes
Content-Length: 315174
Content-Type: text/html; charset=UTF-8

实验:httpd 配置 https 协议

  1. 安装httpd,还是还原下吧。
  2. 修改下配置文件
[101]$ cd /data/httpd24/conf

[101]$ vim httpd.conf
91 LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
...
137 LoadModule ssl_module modules/mod_ssl.so
...
475 Include conf/extra/httpd-ssl.conf
#把这三行#号去了
  1. 建个目录来放ssl文件
[101]$ mkdir -p /data/httpd24/conf/ssl
[101]$ cd /data/httpd24/conf/ssl
  1. 创建CA密钥
[101]$ (umask 066; openssl genrsa 2048 > cakey.pem)
Generating RSA private key, 2048 bit long modulus
..........................................................+++
.............................................+++
e is 65537 (0x10001)
  1. 创建CA证书
[101]$ openssl req -new -x509 -key cakey.pem -out cacert.pem -days 888
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:baidu
Organizational Unit Name (eg, section) []:devops
Common Name (eg, your name or your server's hostname) []:www.baidu.com
Email Address []:
  1. 生成证书申请文件
[101]$ openssl req -newkey rsa:1024 -nodes -keyout httpd.key > httpd.csr
Generating a 1024 bit RSA private key
......................................................++++++
......++++++
writing new private key to 'httpd.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:baidu
Organizational Unit Name (eg, section) []:devops
Common Name (eg, your name or your server's hostname) []:www.baidu.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
  1. 颁发证书
[101]$ openssl x509 -req -in httpd.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 > httpd.crt
Signature ok
subject=/C=CN/ST=beijing/L=beijing/O=baidu/OU=devops/CN=www.baidu.com
Getting CA Private Key
  1. 看看。有这些文件
[101]$ ls
cacert.pem  cakey.pem  httpd.crt  httpd.csr  httpd.key
  1. 修改下SSL配置文件
[101]$ vim /data/httpd24/conf/extra/httpd-ssl.conf

124 DocumentRoot "/data/httpd24/htdocs/ssl"
125 ServerName www.s.com:443
...
144 SSLCertificateFile "/data/httpd24/conf/ssl/httpd.crt"
...
154 SSLCertificateKeyFile "/data/httpd24/conf/ssl/httpd.key"
...
175 SSLCACertificateFile "/data/httpd24/conf/ssl/cacert.pem"
...
  1. 创建个网页
[101]$ mkdir /data/httpd24/htdocs/ssl

[101]$ echo "www.sssss.com" > /data/httpd24/htdocs/ssl/index.html
  1. 启动服务
[101]$ apachectl restart
  1. 端口已经启动了
[101]$ ss -tnl
State      Recv-Q Send-Q Local Address:Port               Peer Address:Port     
....
LISTEN     0      128         :::22                      :::*
LISTEN     0      100        ::1:25                      :::*
LISTEN     0      128         :::443                     :::*
  1. 自己测试下
[101]$ curl -k https://127.0.0.1:443
www.sssss.com
在这里插入图片描述

这时候已经可以用https来连接了,但是会提示

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注