httpd服务
程序员文章站
2022-06-12 13:23:04
...
httpd服务
文章目录
httpd简介
Apache HTTP Server(简称Apache或httpd)是Apache软件基金会的一个开放源代码的网页服务器软件,旨在为unix,windows等操作系统中提供开源httpd服务。由于其安全性、高效性及可扩展性,被广泛使用,自1996年4月以来,Apache一直是Internet上最流行的HTTP服务器。它快速、可靠并且可通过简单的API扩充,将Perl/Python等解释器等编译到httpd的相关模块中。
httpd版本
在CentOS6.X的版本中默认是提供httpd-2.2版本的rpm包
在CentOS7.X的版本中默认师提供httpd-2.4版本的rpm包
本篇博文主要介绍httpd-2.4
httpd的特性
| 工作模型 | 工作方式 |
|---|---|
| prefork | 多进程模型,预先生成进程,一个请求用一个进程响应 一个主进程负责生成n个子进程,子进程也称为工作进程 每个子进程处理一个用户请求,即使没有用户请求,也会预先生成多个空闲进程,随时等待请求到达 最大不会超过1024个 |
| worker | 基于线程工作,一个请求用一个线程响应(启动多个进程,每个进程生成多个线程) |
| event | 基于事件的驱动,一个进程处理多个请求 |
httpd-2.4新增的模块
- mod_proxy_fcgi 反向代理时支持apache服务器后端的模块
- mod_ratelimit 提供速率限制功能的模块
- mod_remoteip 基于ip的访问控制机制被改变,不再支持使用Order,Deny,Allow来做基于IP的访问控制
httpd基础
httpd自带的工具程序
-
htpasswd basic认证基于文件实现时,用到的帐号密码生成工具
-
htpasswd httpd自带的服务控制脚本,支持start,stop,restart
-
apxs 由httpd-devel包提供的,扩展httpd使用第三方模块的工具
-
rotatelogs 日志滚动工具
-
suexec 访问某些有特殊权限配置的资源时,临时切换至指定用户运行的工具
-
ab apache benchmark,httpd的压力测试工具
rpm包安装httpd程序环境
/var/log/httpd/access.log 访问日志
/var/log/httpd/error_log 错误日志
/var/www/html/ 站点文档目录
/usr/lib64/httpd/modules/ 模块文件路径
/etc/httpd/conf/httpd.conf 主配置文件
/etc/httpd/conf.modules.d/*.conf 模块配置文件
/etc/httpd/conf.d/*.conf 辅助配置文件
web相关的命令
curl
- curl是基于URL语法在命令行方式下工作的文件传输工具
- 支持FTP,FTPS,HTTP,HTTPS,GOPHER,TELNET,DICT,FILE及LDAP等协议
- 功能有很多:https认证、http的POST/PUT等方法、ftp上传、kerberos认证、http上传、代理服务器、cookies、用户名/密码认证等
- 最常用于下载
# 查看帮助信息
[aaa@qq.com ~]# curl --help
# -o 把输出写到文件中
[aaa@qq.com ~]# curl -o blog.html https://chineselijie.github.io/
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 13560 100 13560 0 0 15741 0 --:--:-- --:--:-- --:--:-- 15730
[aaa@qq.com ~]# ls
anaconda-ks.cfg initial-setup-ks.cfg 模板 图片 下载 桌面
blog.html 公共 视频 文档 音乐
httpd
httpd [options]
-l 查看静态编译的模块,列出核心中编译了哪些模块
-M 输出一个已经启用的模块列表
-v 显示httpd的版本,然后退出
-V 显示httpd和apr/apr-util的版本和编译参数,然后退出
-X 以调试模式运行httpd,ctrl+c退出
-t 检查配置文件是否有语法错误
编译安装httpd-2.4
准备环境
- 需yum安装Development Tools
- 需yum安装openssl-devel、pcre-devel、expat-devel、libtool
- 需编译安装apr-1.4、apr-util-1.4(1.4以上版本)
- 编译安装httpd-2.4
# 安装Development Tools
[aaa@qq.com ~]# yum groups mark install "Development Tools"
# 安装apache系统用户
[aaa@qq.com ~]# useradd -r -M -s /sbin/nologin apache
[aaa@qq.com ~]# id apache
uid=990(apache) gid=985(apache) 组=985(apache)
# 安装openssl-devel、pcre-devel、expat-devel、libtool
[aaa@qq.com ~]# yum -y install openssl-devel pcre-devel expat-devel libtool
# 下载 apr-1.7、apr-util-1.6、httpd-2.4
[aaa@qq.com ~]# wget https://mirrors.tuna.tsinghua.edu.cn/apache/apr/apr-util-1.6.1.tar.bz2 https://mirrors.tuna.tsinghua.edu.cn/apache/apr/apr-1.7.0.tar.bz2 https://mirrors.tuna.tsinghua.edu.cn/apache/httpd/httpd-2.4.39.tar.bz2
# 解压
[aaa@qq.com ~]# tar -xf apr-util-1.6.1.tar.bz2
[aaa@qq.com ~]# tar -xf apr-1.7.0.tar.bz2
[aaa@qq.com ~]# tar -xf httpd-2.4.39.tar.bz2
# 安装apr
[aaa@qq.com ~]# cd apr-1.7.0/
[aaa@qq.com apr-1.7.0]# vim configure
查找/$cfgfile
# $RM "$cfgfile //将这行注释
保存并退出
[aaa@qq.com apr-1.7.0]# ./configure --prefix=/usr/local/apr
[aaa@qq.com apr-1.7.0]# make && make install
# 安装apr-util
[aaa@qq.com apr-1.7.0]# cd /root/apr-util-1.6.1/
[aaa@qq.com apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
[aaa@qq.com apr-util-1.6.1]# make && make install
# 安装httpd
[aaa@qq.com apr-util-1.6.1]# cd /root/httpd-2.4.39/
[aaa@qq.com httpd-2.4.39]# ./configure --prefix=/usr/local/apache \
> --sysconfdir=/etc/httpd24 \
> --enable-so \
> --enable-ssl \
> --enable-cgi \
> --enable-rewrite \
> --with-zlib \
> --with-pcre \
> --with-apr=/usr/local/apr \
> --with-apr-util=/usr/local/apr-util/ \
> --enable-modules=most \
> --enable-mpms-shared=all \
> --with-mpm=prefork
[aaa@qq.com httpd-2.4.39]# make && make install
# 创建http的控制脚本
[aaa@qq.com httpd-2.4.39]# echo 'export PATH=/usr/local/apache/bin:$PATH' >/etc/profile.d/httpd.sh
[aaa@qq.com httpd-2.4.39]# bash
[aaa@qq.com httpd-2.4.39]# which httpd
/usr/local/apache/bin/httpd
[aaa@qq.com httpd-2.4.39]# /usr/local/apache/bin/apachectl start
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::1bd0:d77:f2c2:6f3%ens33. Set the 'ServerName' directive globally to suppress this message
httpd (pid 104458) already running
# 出现报错 解决
[aaa@qq.com httpd-2.4.39]# vim /etc/httpd24/httpd.conf
查找 /ServerName www.example.com
# ServerName www.example.com:80 //将前面的注释取消掉
保存并退出
[aaa@qq.com httpd-2.4.39]# /usr/local/apache/bin/apachectl start
httpd (pid 104458) already running
[aaa@qq.com httpd-2.4.39]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:111 *:*
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 127.0.0.1:631 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 ::1:631 :::*
LISTEN 0 100 ::1:25 :::*
# 可以看到80 端口已经启用
# 关闭防护墙和SElinux
[aaa@qq.com httpd-2.4.39]# systemctl stop firewalld.service
[aaa@qq.com httpd-2.4.39]# setenforce 0
打开火狐输入IP地址
简略解释选项含义:
–enable-so 启用动态支持
–with-zlib 使用zlib压缩库,将数据压缩再传输
–enable-modules=most 启用哪些模块
–enable-mpms-shared=all 把哪些模块做成动态共享模块
httpd常用配置
yum安装:/etc/httpd/conf.modules.d/00-mpm.conf:切换使用MPM(工作模型)
- prefork
- event
- worker
源码安装:就在主配置文件中(/etc/httpd/httpd.conf)
- 模块文件在/usr/local/apache/modules中以.so结尾的文件
查看配置文件/etc/httpd/httpd.conf
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule mpm_event_module modules/mod_mpm_event.so
#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
#LoadModule mpm_worker_module modules/mod_mpm_worker.so
LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_dbd_module modules/mod_authn_dbd.so
#LoadModule authn_socache_module modules/mod_authn_socache.so
LoadModule authn_core_module modules/mod_authn_core.so
访问控制法则
- 可针对全局设置,也可针对某个目录做访问控制
| 法则 | 功能 |
|---|---|
| Require all granted | 允许所有主机访问 |
| Require all denied | 拒绝所有主机访问 |
| Require ip IPADDR | 授权指定来源地址的主机访问 |
| Require not ip IPADDR | 拒绝指定来源地址的主机访问 |
| Require host HOSTNAME | 授权指定来源主机名的主机访问 |
| Require not host HOSTNAME | 拒绝指定来源主机名的主机访问 |
| IPADDR的类型 | HOSTNAME的类型 |
|---|---|
| IP:192.168.1.1 Network/mask:192.168.1.0/255.255.255.0 Network/Length:192.168.1.0/24 Net:192.168 | FQDN:特定主机的全名 DOMAIN:指定域内的所有主机 |
- 注意:httpd-2.4版本默认是拒绝所有主机访问的,所以安装以后必须做显示授权访问
禁止特殊IP访问
[aaa@qq.com ~]# vim /etc/httpd/httpd.conf
#在最后面加上
<VirtualHost 192.168.176.222:80>
DocumentRoot "/usr/local/apache/htdocs"
<Directory /usr/local/apache/htdocs>
<RequireAll>
Require all granted
Require not ip 192.168.176.111
</RequireAll>
</Directory>
</VirtualHost>
[aaa@qq.com ~]# /usr/local/apache/bin/apachectl restart
在本地主机访问:
[外链图片转存失败(img-w058uLyc-1563460971070)(https://s2.ax1x.com/2019/06/30/Zlh5Ix.png)]
虚拟主机有三类:
[aaa@qq.com ~]# yum install httpd -y
[aaa@qq.com ~]# vim /etc/httpd/conf/httpd.conf
119 DocumentRoot "/home/wwwroot"
120
121 #
122 # Relax access to content within /var/www.
123 #
124 <Directory "/home/wwwroot">
- 相同IP不同端口
[aaa@qq.com ~]# mkdir -p /home/wwwroot/80
[aaa@qq.com ~]# mkdir -p /home/wwwroot/81
[aaa@qq.com ~]# echo "port:80" > /home/wwwroot/80/index.html
[aaa@qq.com ~]# echo "port:81" > /home/wwwroot/81/index.html
[aaa@qq.com ~]# vim /etc/httpd/conf/httpd.conf
#找到Listen 80,在下一行加上Listen 81
Listen 80
Listen 81
[aaa@qq.com ~]# vim /etc/httpd/conf/httpd.conf
[aaa@qq.com ~]# tail -n 16 /etc/httpd/conf/httpd.conf
<VirtualHost 192.168.176.222:80>
DocumentRoot "/home/wwwroot/80"
ServerName "www.123.com"
<Directory "/home/wwwroot/80">
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
<VirtualHost 192.168.176.222:81>
DocumentRoot "/home/wwwroot/81"
ServerName "www.abc.com"
<Directory "/home/wwwroot/81">
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
[aaa@qq.com ~]# setenforce 0
[aaa@qq.com ~]# systemctl restart httpd
- 不同IP相同端口
[aaa@qq.com ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
[aaa@qq.com ~]# tail -n 7 /etc/sysconfig/network-scripts/ifcfg-ens33
IPADDR0=192.168.176.222
IPADDR1=192.168.176.223
IPADDR2=192.168.176.224
PREFIX=24
GATEWAY=192.168.176.2
DNS1=192.168.176.2
IPV6_PRIVACY=no
[aaa@qq.com ~]# systemctl restart network
[aaa@qq.com ~]# ping 192.168.176.222
[aaa@qq.com ~]# ping 192.168.176.223
[aaa@qq.com ~]# ping 192.168.176.224
[aaa@qq.com ~]# mkdir -p /home/wwwroot/10
[aaa@qq.com ~]# mkdir -p /home/wwwroot/20
[aaa@qq.com ~]# mkdir -p /home/wwwroot/30
[aaa@qq.com ~]# echo "IP:192.168.176.222" > /home/wwwroot/10/index.html
[aaa@qq.com ~]# echo "IP:192.168.176.223" > /home/wwwroot/20/index.html
[aaa@qq.com ~]# echo "IP:192.168.176.224" > /home/wwwroot/30/index.html
[aaa@qq.com ~]# vim /etc/httpd/conf/httpd.conf
[aaa@qq.com ~]# tail -n 24 /etc/httpd/conf/httpd.conf
<VirtualHost 192.168.176.222>
DocumentRoot /home/wwwroot/10
ServerName www.123.com
<Directory /home/wwwroot/10 >
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
<VirtualHost 192.168.176.223>
DocumentRoot /home/wwwroot/20
ServerName www.456.com
<Directory /home/wwwroot/20 >
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
<VirtualHost 192.168.176.224>
DocumentRoot /home/wwwroot/30
ServerName www.789.com
<Directory /home/wwwroot/30 >
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
[aaa@qq.com ~]# setenforce 0
[aaa@qq.com ~]# systemctl restart httpd
- 相同IP相同端口不同域名(常用)
[aaa@qq.com ~]# tail -n 1 /etc/hosts
192.168.176.222 www.123.com www.abc.com
[aaa@qq.com ~]# ping www.123.com
[aaa@qq.com ~]# ping www.abc.com
[aaa@qq.com ~]# mkdir -p /home/wwwroot/123
[aaa@qq.com ~]# mkdir -p /home/wwwroot/abc
[aaa@qq.com ~]# echo "WWW.123.com" > /home/wwwroot/123/index.html
[aaa@qq.com ~]# echo "WWW.abc.com" > /home/wwwroot/abc/index.html
[aaa@qq.com ~]# vim /etc/httpd/conf/httpd.conf
[aaa@qq.com ~]# tail -n 16 /etc/httpd/conf/httpd.conf
<VirtualHost 192.168.176.222>
DocumentRoot "/home/wwwroot/123"
ServerName "www.123.com"
<Directory "/home/wwwroot/123">
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
<VirtualHost 192.168.176.222>
DocumentRoot "/home/wwwroot/abc"
ServerName "www.abc.com"
<Directory "/home/wwwroot/abc">
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
[aaa@qq.com ~]# setenforce 0
[aaa@qq.com ~]# systemctl restart httpd