安装开发环境
//yum安装依赖包,主程序用源码安装
需先安装依赖包
[root@rhel1 ~]# yum group mark install "Development Tools" //安装开发工具包
上次元数据过期检查:21:12:37 前,执行于 2022年04月16日 星期六 06时57分08秒。
依赖关系解决。
=======================================================================================
软件包 架构 版本 仓库
=======================================================================================
安装组:
Development Tools
事务概要
=======================================================================================
确定吗?[y/N]: y
完毕!
[root@rhel1 ~]# useradd -r -M -s /sbin/nologin apache 创建Apache用户
[root@rhel1 ~]# id apache
uid=48(apache) gid=48(apache) 组=48(apache)
[root@rhel1 ~]# grep apache /etc/group
apache:x:48:
[root@rhel1 ~]# yum -y install openssl-devel pcre-devel expat-devel libtool //安装依赖包
上次元数据过期检查:21:20:27 前,执行于 2022年04月16日 星期六 06时57分08秒。
软件包 libtool-2.4.6-25.el8.x86_64 已安装。
依赖关系解决。
======================================================================================
软件包 架构 版本 仓库 大小
======================================================================================
安装:
expat-devel x86_64 2.2.5-8.el8 baseos 57 k
openssl-devel x86_64 1:1.1.1k-6.el8 baseos 2.3 M
pcre-devel x86_64 8.42-6.el8 baseos 551 k
//安装之后用到的命令工具
[root@rhel1 ~]# dnf -y install wget
[root@rhel1 ~]# dnf -y install gcc gcc-c++
[root@rhel1 ~]# dnf -y install vim
[root@rhel1 ~]# dnf -y install make
使用wget命令下载apr-1.7.0,apr-util-1.6.1,httpd-2.4.53安装包
[root@rhel1 ~]# wget https://downloads.apache.org/apr/apr-1.7.0.tar.gz
[root@rhel1 ~]# wget https://downloads.apache.org/httpd/httpd-2.4.53.tar.gz
[root@rhel1 ~]# wget https://downloads.apache.org/httpd/httpd-2.4.53.tar.gz
[root@rhel1 ~]# ls //可以看到已经下载完成
anaconda-ks.cfg apr-1.7.0.tar.gz apr-util-1.6.1.tar.gz httpd-2.4.53.tar.gz
解压apr-1.7.0 apr-util-1.6.1 httpd-2.4.53压缩包
[root@rhel1 ~]# tar xf apr-1.7.0.tar.gz
[root@rhel1 ~]# tar xf apr-util-1.6.1.tar.gz
[root@rhel1 ~]# tar xf httpd-2.4.53.tar.gz
[root@rhel1 ~]# ls
anaconda-ks.cfg apr-1.7.0.tar.gz apr-util-1.6.1.tar.gz httpd-2.4.53.tar.gz
apr-1.7.0 apr-util-1.6.1 httpd-2.4.53
安装apr-1.7.0 apr-util-1.6.1 httpd-2.4.53
[root@rhel1 ~]# cd apr-1.7.0
[root@rhel1 apr-1.7.0]#
[root@rhel1 apr-1.7.0]# ls
apr-config.in build.conf dso libapr.rc NOTICE support
apr.dep buildconf emacs-mode LICENSE NWGNUmakefile tables
apr.dsp build-outputs.mk encoding locks passwd test
apr.dsw CHANGES file_io Makefile.in poll threadproc
apr.mak CMakeLists.txt helpers Makefile.win random time
apr.pc.in config.layout include memory README tools
apr.spec configure libapr.dep misc README.cmake user
atomic configure.in libapr.dsp mmap shmem
build docs libapr.mak network_io strings
[root@rhel1 apr-1.7.0]# vim configure
cfgfile="${ofile}T"
trap "$RM \"$cfgfile\"; exit 1" 1 2 15
#$RM "$cfgfile" //将此行注释,或删除
[root@rhel1 apr-1.7.0]# ./configure --prefix=/usr/local/apr
[root@rhel1 apr-1.7.0]# make //编译
[root@rhel1 apr-1.7.0]# make install //安装
[root@rhel1 apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr //编译子包时需要告诉主包位置
[root@rhel1 apr-util-1.6.1]# make //编译
[root@rhel1 apr-util-1.6.1]# make install
[root@rhel1 apr-util-1.6.1]# cd ../httpd-2.4.53
[root@rhel1 httpd-2.4.53]#
[root@rhel1 httpd-2.4.53]# pwd
/root/httpd-2.4.53
[root@rhel1 httpd-2.4.53]# ./configure --prefix=/usr/local/apache \
> --enable-so \
> --enable-ssl \
> --enable-cgi \
> --enable-rewrite \
> --with-zlib \
> --with-pcre \
> --with-apr=/usr/local/apr \
> --with-apr-util=/usr/local/apr-util/ \
> --enable-modules=most \
> --enable-mpms-shared=all \
> --with-mpm=prefork //定制功能安装
[root@rhel1 httpd-2.4.53]# make
[root@rhel1 httpd-2.4.53]# make install
[root@rhel1 httpd-2.4.53]# cd
[root@rhel1 ~]#
[root@rhel1 ~]#
[root@rhel1 ~]# ls
anaconda-ks.cfg apr-1.7.0.tar.gz apr-util-1.6.1.tar.gz httpd-2.4.53.tar.gz
apr-1.7.0 apr-util-1.6.1 httpd-2.4.53
[root@rhel1 ~]# ls /usr/local/
apache apr-util etc include lib64 sbin src
apr bin games lib libexec share
[root@rhel1 ~]# cd /usr/local/apache/
[root@rhel1 apache]# ls
bin build cgi-bin conf error htdocs icons include logs man manual
设置环境变量
[root@rhel1 ~]# echo 'export PATH=/usr/loacl/apache/bin:$PATH'>/etc/profile.d/apache.sh
[root@rhel1 ~]#
[root@rhel1 ~]# source /etc/profile.d/apache.sh
[root@rhel1 ~]# which httpd //查看httpd命令
/usr/local/apache/bin/httpd
[root@rhel1 ~]# which apachectl //查看apachectl命令
/usr/local/apache/bin/apachectl
映射关系处理
[root@rhel1 ~]# ln -s /usr/local/apache/include/ /usr/include/apache //设置软链接,将include,链接到apache
[root@rhel1 ~]# vim /etc/man_db.conf //编辑man文档
#MANDATORY_MANPATH /usr/src/pvm3/man
#
MANDATORY_MANPATH /usr/man
MANDATORY_MANPATH /usr/share/man
MANDATORY_MANPATH /usr/local/share/man
MANDATORY_MANPATH /usr/local/apache/man //添加apache的man文档路径
关闭防火墙
[root@rhel1 ~]# systemctl disable --now firewalld.service //开机不自启并且立马关闭
[root@rhel1 ~]# systemctl status firewalld //查看状态
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset:
Active: inactive (dead)
Docs: man:firewalld(1)
[root@rhel1 ~]# setenforce 0 //关闭selinux并当前生效(0关闭,1开启)
[root@rhel1 ~]# getenforce
Permissive
[root@rhel1 ~]# vim /etc/selinux/config //编译selinux/config
SELINUX=enforcing>SELINUX=disabled //更改后永久关闭
[root@rhel1 ~]# ss -antl //查看80端口号是否开启
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
访问虚拟机的IP地址
取消警告信息
[root@localhost ~]# cd /usr/local/apache/
[root@localhost apache]# ls
bin(存放命令) build cgi-bin conf(放配置文件) error htdocs(存放网站) icons include logs(存放日志) man manual modules
[root@localhost apache]# cd conf/
[root@localhost conf]# ls
extra httpd.conf magic mime.types original
[root@localhost conf]# vim httpd.conf
#ServerName www.example.com:80 //将这一行前面的注释删掉
[root@localhost conf]# apachectl start //此时发现已经没有警告
[root@localhost conf]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
[root@localhost ~]# cd /usr/lib/systemd/system
[root@localhost system]# ls sshd.service
sshd.service
[root@localhost system]# cp sshd.service httpd.service //放service文件的位置进去后复制一份然后改名为httpd.service
[root@localhost system]# vim httpd.service //编辑这个文件
[Unit]
Description=httpd server daemon
After=network.target sshd-keygen.target
[Service]
Type=forking
ExecStart=/usr/local/apache/bin/apachectl start
ExecStop=/usr/local/apache/bin/apachectl stop //添加停止命令
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
[root@localhost system]# systemctl daemon-reload //重新加载
[root@localhost system]# cd
[root@localhost ~]# systemctl status httpd //发现已经有此服务
● httpd.service - httpd server daemont
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: inactive (dead) //服务显示默认关闭
[root@localhost ~]# systemctl start httpd //使用systemctl开启httpd服务
[root@localhost ~]# ss -antl //查看发现开启80端口成功
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*[root@localhost system]# systemctl enable --now httpd //设置开机自启
[root@localhost ~]# systemctl status httpd
● httpd.service - httpd server daemont
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2022-04-17 02:21:15 CST; 7min ago
Main PID: 71465 (httpd)
Tasks: 6 (limit: 4596)
Memory: 4.2M
CGroup: /system.slice/httpd.service
├─71465 /usr/local/apache/bin/httpd -k start
├─71466 /usr/local/apache/bin/httpd -k start
├─71467 /usr/local/apache/bin/httpd -k start
├─71468 /usr/local/apache/bin/httpd -k start
├─71469 /usr/local/apache/bin/httpd -k start
└─71470 /usr/local/apache/bin/httpd -k start
4月 17 02:21:15 localhost.localdomain systemd[1]: Starting httpd server daemont...
4月 17 02:21:15 localhost.localdomain systemd[1]: Started httpd server daemont.
虚拟主机:
虚拟主机有三类:
相同IP不同端口
不同IP相同端口
相同IP相同端口不同域名
相同IP不同端口
[root@localhost ~]# cd /usr/local/apache/conf/
[root@localhost conf]# ls
extra httpd.conf magic mime.types original
[root@localhost conf]# ls extra/
httpd-autoindex.conf httpd-languages.conf httpd-ssl.conf
httpd-dav.conf httpd-manual.conf httpd-userdir.conf
httpd-default.conf httpd-mpm.conf httpd-vhosts.conf
httpd-info.conf httpd-multilang-errordoc.conf proxy-html.conf
[root@localhost extra]# cd /usr/local/apache/htdocs/ //此目录为存放完网站的目录
[root@localhost htdocs]# mkdir hxwyy.example.com //创建一个目录用于存放网站
[root@localhost conf]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf //修改虚拟主机文件
[root@localhost conf]# vim /usr/local/apache/conf/httpd.conf //将此文件的下面一行 注释取消 让其包含虚拟主机文件 使其生效
Include conf/extra/httpd-vhosts.conf
[root@localhost conf]# systemctl restart httpd //重启服务
[root@localhost htdocs]# cd hxwyy.example.com/
[root@localhost hxwyy.example.com]# echo "123">index.html
[root@localhost hxwyy.example.com]# ls
index.html //创建网站的此时页面
不同IP相同端口
[root@localhost extra]# ip addr add 192.168.78.136/24 dev ens33 //为ens33添加一个新的ip 此添加为临时添加
[root@localhost extra]# ip addr show ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:2a:62:e5 brd ff:ff:ff:ff:ff:ff
inet 192.168.47.128/24 brd 192.168.78.136 scope global dynamic noprefixroute ens33
valid_lft 1776sec preferred_lft 1776sec
inet 192.168.47.129/24 scope global secondary ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe2a:62e5/64 scope link noprefixroute
valid_lft forever preferred_lft forever

[root@localhost extra]# vim httpd-vhosts.conf
[root@localhost extra]# cat httpd-vhosts.conf
<VirtualHost 192.168.78.136:80> //修为固定ip
DocumentRoot "/usr/local/apache/htdocs/hxwyy.example.com"
ServerName hxwyy.example.com
ErrorLog "logs/hxwyy.example.com-error_log"
CustomLog "logs/hxwyy.example.com-access_log" common
</VirtualHost>
<VirtualHost 192.168.78.135:80> //修改为新添加的ip端口号改为80
DocumentRoot "/usr/local/apache/htdocs/mgjmg.example.com"
ServerName mgjmg.example.com
ErrorLog "logs/mgjmg.example.com-error_log"
CustomLog "logs/mgjmg.example.com-access_log" common
</VirtualHost>
[root@localhost extra]# systemctl restart httpd.service //重启服务
相同ip端口不同域名
[root@localhost extra]# vim httpd-vhosts.conf
[root@localhost extra]# cat httpd-vhosts.conf
<VirtualHost *:80> //将原来的固定IP修改为*
DocumentRoot "/usr/local/apache/htdocs/hxwyy.example.com"
ServerName hxwyy.example.com //此处是域名
ErrorLog "logs/hxwyy.example.com-error_log"
CustomLog "logs/hxwyy.example.com-access_log" common
</VirtualHost>
<VirtualHost *:80> //将原来的固定IP修改为*
DocumentRoot "/usr/local/apache/htdocs/mgjmg.example.com"
ServerName mgjmg.example.com //此处是域名
ErrorLog "logs/mgjmg.example.com-error_log"
CustomLog "logs/mgjmg.example.com-access_log" common
</VirtualHost>
域名是无法访问的需要修改hosts文件
hosts文件内添加这两行
192.168.78.136 hxwyy.example.com
192.168.78.135 mgjmg.example.com
配置拒指定ip访问
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/hxwyy.example.com"
ServerName hxwyy.example.com
ErrorLog "logs/hxwyy.example.com-error_log"
CustomLog "logs/hxwyy.example.com-access_log" common
</VirtualHost>
<Directory "/usr/local/apache/htdocs/hxwyy.example.com">
<RequireAll>
Require not ip 192.168.78.134 //添加要拒绝的ip
Require all granted
</RequireAll>
</Directory>
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/mgjmg.example.com"
ServerName mgjmg.example.com
ErrorLog "logs/mgjmg.example.com-error_log"
CustomLog "logs/mgjmg.example.com-access_log" common
</VirtualHost>
[root@localhost extra]# systemctl restart httpd.service
对主机无法访问
配置https步骤
[root@rhel1 ~]# cd /usr/local/apache/conf/
[root@rhel1 conf]# ls
extra httpd.conf magic mime.types original
[root@rhel1 conf]# vim httpd.conf //取消注释
LoadModule ssl_module modules/mod_ssl.so //注释掉这一行
生成证书
openssl实现私有CA:
[root@localhost ~]# cd /etc/pki/
[root@localhost pki]# mkdir CA
[root@localhost pki]# cd CA/
[root@localhost CA]# mkdir private
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048) //在private目录下生成私钥文件
Generating RSA private key, 2048 bit long modulus (2 primes)
.....................................................+++++
..............+++++
e is 65537 (0x010001)
[root@localhost CA]# ls private/
cakey.pem
[root@localhost CA]# openssl rsa -in private/cakey.pem -pubout
writing RSA key //查看公钥
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzImoXl90+hG4T/3l8TJ2
vsSKWWXN2nuWWa05yBNA+GznsQL5xRxQhjAirjv1aP2mHLAuiecnaVgvC1Fx2fBR
yWyZDM8xUAbbm/LvNwj98jcbZYdO+nyNXSBEPe+eOx8lsdeZ/Q1adrFYnpZoOcmA
PH6AukIT5KmllY1l2m+cqTYAz5SoaKjZeT7xXpWC2hMjByQkrdfnEaf4FFn/LnSs
9wlcTWWI3xrSOG2AdaV+duYE0r7kFqg3Qzmu05hRDEML/jyMza8yyFtguyhyYi/n
czcGrPEaos3s6+FEcP5EjO16JJyvsFzDSihJRYZ+0GgX93cb0YBu2IfdwCR7XEnF
YQIDAQAB
-----END PUBLIC KEY-----
CA生成自签署证书
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 //生成一个证书 有效日期为365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN //国家
State or Province Name (full name) []:HB //省份
Locality Name (eg, city) [Default City]:WH //市
Organization Name (eg, company) [Default Company Ltd]:kurumi //公司
Organizational Unit Name (eg, section) []:kurumi //单位
Common Name (eg, your name or your server's hostname) []:mgjmg.example.com //域名
Email Address []:1@123.com //邮箱
[root@localhost CA]# mkdir certs newcerts crl
[root@localhost CA]# touch index.txt && echo 01 > serial
服务器生成httpd密钥
[root@localhost CA]# cd /usr/local/apache/conf/
[root@localhost conf]# ls
extra httpd.conf magic mime.types original
[root@localhost conf]# mkdir ssl
[root@localhost conf]# cd ssl/
[root@localhost ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
...............+++++
....................................................................................................+++++
e is 65537 (0x010001)
服务器生成证书签署请求
[root@localhost ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:kurumi
Organizational Unit Name (eg, section) []:kurumi
Common Name (eg, your name or your server's hostname) []:web.example.com
Email Address []:1@123.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@localhost ssl]# ls
httpd.csr httpd.key
CA签署客户端提交上来的证书
[root@localhost ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Apr 16 23:55:00 2022 GMT
Not After : Apr 16 23:55:00 2023 GMT
Subject:
countryName = CN
stateOrProvinceName = HB
organizationName = kurumi
organizationalUnitName = kurumi
commonName = web.example.com
emailAddress = 1@123.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
29:9C:D0:27:4B:0A:F2:C4:3F:16:64:FF:10:25:17:B5:2D:8C:8B:95
X509v3 Authority Key Identifier:
keyid:06:4C:FC:24:29:DF:6F:27:2F:F3:0D:7C:E5:33:DC:C1:3C:D2:F3:6D
Certificate is to be certified until Apr 16 23:55:00 2023 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@localhost ssl]# ls
httpd.crt httpd.csr httpd.key
在httpd-ssl.conf中配置证书的位置
[root@localhost ssl]# cd /usr/local/apache/conf/
[root@localhost conf]# vim httpd.conf //取消注释
Include conf/extra/httpd-ssl.conf
[root@localhost conf]# vim extra/httpd-ssl.conf
DocumentRoot "/usr/local/apache/htdocs/mgjmg.example.com" //修改为证书的域名
ServerName mgjmg.example.com:443 //修改
ServerAdmin you@example.com
ErrorLog "/usr/local/apache/logs/error_log"
TransferLog "/usr/local/apache/logs/access_log"
SSLCertificateFile "/usr/local/apache/conf/ssl/httpd.crt" //修改httpdctl的路径
SSLCertificateKeyFile "/usr/local/apache/conf/ssl/httpd.key" //修改httpd.key的路径
[root@localhost conf]# httpd -t //检测成功
Syntax OK
[root@localhost conf]# systemctl restart httpd //重启服务
[root@localhost conf]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 127.0.0.1:6010 0.0.0.0:*
LISTEN 0 128 127.0.0.1:6011 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:443 *:*
使用https访问
配置https步骤:
生成证书
配置httpd.conf,取消以下内容的注释
LoadModule ssl_module modules/mod_ssl.so
Include /etc/httpd24/extra/httpd-vhosts.conf
Include /etc/httpd24/extra/httpd-ssl.conf
在httpd-vhosts.conf中配置虚拟主机
在httpd-ssl.conf中配置证书的位置
检查配置文件是否有语法错误
启动或重启服务
设置hosts以便用域名访问