httpd,仅启动一个工作进程,
httpd,仅启动一个工作进程,
httpd
目录- httpd
- curl命令
- httpd命令
- 编译安装httpd-2.4.45
- 安装编译工具和开发工具包
- 安装apr,apr-util,httpd三个源码包
- 安装apr
- 安装apr-util
- 安装httpd
- 配置环境变量
- 关闭防火墙,开启服务
- 设置开机自启
- httpd配置三种虚拟主机
- 相同IP不同端口
- 不同IP相同端口
- 相同IP相同端口不同域名
- 配置拒绝指定ip访问
- ssl
- CA生成一对密钥
- CA生成自签署证书
- 客户端(例如httpd服务器)生成密钥
- 客户端生成证书签署请求
- 客户端把证书签署请求文件发送给CA
- CA签署客户端提交上来的证书
- CA把签署好的证书httpd.crt发给客户端
curl命令
[root@lnh ~]# curl -o myblog.html http://blog.51cto.com/itchentao
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 100 312 100 312 0 0 1937 0 --:--:-- --:--:-- --:--:-- 1937
[root@lnh ~]# ls
anaconda-ks.cfg myblog.html
//通过curl下载文件
httpd命令
[root@lnh ~]# dnf -y install httpd
CentOS-8.5.2111 - Base - mirrors.aliyun.com 117 kB/s | 3.9 kB 00:00
CentOS-8.5.2111 - Extras - mirrors.aliyun.c 73 kB/s | 1.5 kB 00:00
CentOS-8.5.2111 - AppStream - mirrors.aliyu 200 kB/s | 4.3 kB 00:00
Dependencies resolved.
============================================================================
Package Arch Version Repo Size
=================================================================
.....
//下载httpd
[root@lnh ~]# httpd -l
Compiled in modules:
core.c
mod_so.c
http_core.c
//查看静态编译的模块,列出核心中编译了哪些模块,它不会列出使用LoadModule指令动态加载的模块
[root@lnh ~]# httpd -M
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::20c:29ff:fe05:f428. Set the 'ServerName' directive globally to suppress this message
Loaded Modules:
core_module (static)
so_module (static)
http_module (static)
access_compat_module (shared)
actions_module (shared)
alias_module (shared)
allowmethods_module (shared)
auth_basic_module (shared)
auth_digest_module (shared)
authn_anon_module (shared)
//输出一个已经启用的模块列表,包括静态编译在服务,器中的模块和作为DSO动态加载的模块
[root@lnh ~]# httpd -v
Server version: Apache/2.4.37 (centos)
Server built: Nov 12 2021 04:57:27
//显示httpd的版本,然后退出
[root@lnh ~]# httpd -V
Server version: Apache/2.4.37 (centos)
Server built: Nov 12 2021 04:57:27
Server's Module Magic Number: 20120211:83
Server loaded: APR 1.6.3, APR-UTIL 1.6.1
Compiled using: APR 1.6.3, APR-UTIL 1.6.1
Architecture: 64-bit
Server MPM: event
threaded: yes (fixed thread count)
forked: yes (variable process count)
Server compiled with....
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=256
-D HTTPD_ROOT="/etc/httpd"
-D SUEXEC_BIN="/usr/sbin/suexec"
-D DEFAULT_PIDLOG="run/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
//显示httpd和apr/apr-util的版本和编译参数,然后退出
[root@lnh ~]# httpd -X
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::20c:29ff:fe05:f428. Set the 'ServerName' directive globally to suppress this message
//以调试模式运行httpd。仅启动一个工作进程,并且,服务器不与控制台脱离
编译安装httpd-2.4.45
安装编译工具和开发工具包
[root@lnh ~]# dnf -y groupinstall "Development Tools"
.....
urw-base35-bookman-fonts-20170801-10.el8.noarch
urw-base35-d050000l-fonts-20170801-10.el8.noarch
urw-base35-fonts-common-20170801-10.el8.noarch
urw-base35-nimbus-mono-ps-fonts-20170801-10.el8.noarch
urw-base35-nimbus-sans-fonts-20170801-10.el8.noarch
urw-base35-standard-symbols-ps-fonts-20170801-10.el8.noarch
valgrind-1:3.17.0-5.el8.x86_64
xml-common-0.6.3-50.el8.noarch
xorg-x11-fonts-ISO8859-1-100dpi-7.5-19.el8.noarch
xz-devel-5.2.4-3.el8.x86_64
zlib-devel-1.2.11-17.el8.x86_64
Complete!
[root@lnh ~]# dnf -y install openssl-devel pcre-devel expat-devel libtool libxml2-devel
....
Installed:
cmake-filesystem-3.20.2-4.el8.x86_64
expat-devel-2.2.5-4.el8.x86_64
keyutils-libs-devel-1.5.10-9.el8.x86_64
krb5-devel-1.18.2-14.el8.x86_64
libcom_err-devel-1.45.6-2.el8.x86_64
libkadm5-1.18.2-14.el8.x86_64
libselinux-devel-2.9-5.el8.x86_64
libsepol-devel-2.9-3.el8.x86_64
libverto-devel-0.3.0-5.el8.x86_64
libxml2-devel-2.9.7-9.el8_4.2.x86_64
openssl-devel-1:1.1.1k-5.el8_5.x86_64
pcre-cpp-8.42-6.el8.x86_64
pcre-devel-8.42-6.el8.x86_64
pcre-utf16-8.42-6.el8.x86_64
pcre-utf32-8.42-6.el8.x86_64
pcre2-devel-10.32-2.el8.x86_64
pcre2-utf16-10.32-2.el8.x86_64
pcre2-utf32-10.32-2.el8.x86_64
Complete!
[root@lnh ~]# useradd -rMs /sbin/nologin apache
[root@lnh ~]# id apache
uid=48(apache) gid=48(apache) groups=48(apache)
//创建一个系统用户,用来管理Apache进程
安装apr,apr-util,httpd三个源码包
[root@lnh ~]# dnf -y install wget
//安装wget
[root@lnh ~]# cd /usr/local/src/
[root@lnh src]# wget https://mirrors.aliyun.com/apache/httpd/httpd-2.4.54.tar.gz
--2022-07-21 21:04:23-- https://mirrors.aliyun.com/apache/httpd/httpd-2.4.54.tar.gz
Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 119.96.204.210, 119.96.204.211, 119.96.138.214, ...
Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|119.96.204.210|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 9743277 (9.3M) [application/octet-stream]
Saving to: ‘httpd-2.4.54.tar.gz’
httpd-2.4.54.tar.g 100%[================>] 9.29M 12.6MB/s in 0.7s
2022-07-21 21:04:24 (12.6 MB/s) - ‘httpd-2.4.54.tar.gz’ saved [9743277/9743277]
[root@lnh src]# wget https://mirrors.aliyun.com/apache/apr/apr-1.7.0.tar.gz
--2022-07-21 21:05:08-- https://mirrors.aliyun.com/apache/apr/apr-1.7.0.tar.gz
Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 119.96.204.210, 119.96.204.211, 119.96.138.214, ...
Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|119.96.204.210|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1093896 (1.0M) [application/octet-stream]
Saving to: ‘apr-1.7.0.tar.gz’
apr-1.7.0.tar.gz 100%[================>] 1.04M --.-KB/s in 0.07s
2022-07-21 21:05:08 (14.0 MB/s) - ‘apr-1.7.0.tar.gz’ saved [1093896/1093896]
[root@lnh src]# wget https://mirrors.aliyun.com/apache/apr/apr-util-1.6.1.tar.gz
--2022-07-21 21:05:36-- https://mirrors.aliyun.com/apache/apr/apr-util-1.6.1.tar.gz
Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 119.96.204.210, 119.96.204.211, 119.96.138.214, ...
Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|119.96.204.210|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 554301 (541K) [application/octet-stream]
Saving to: ‘apr-util-1.6.1.tar.gz’
apr-util-1.6.1.tar 100%[================>] 541.31K --.-KB/s in 0.08s
2022-07-21 21:05:36 (6.40 MB/s) - ‘apr-util-1.6.1.tar.gz’ saved [554301/554301]
[root@lnh src]# ls
apr-1.7.0.tar.gz apr-util-1.6.1.tar.gz httpd-2.4.54.tar.gz
//查看
安装apr
[root@lnh src]# tar -xf apr-1.7.0.tar.gz
[root@lnh src]# cd apr-1.7.0/
[root@lnh apr-1.7.0]# vim configure
cfgfile=${ofile}T
trap "$RM \"$cfgfile\"; exit 1" 1 2 15
# $RM "$cfgfile" //将此行加上注释,或者删除此行
[root@lnh apr-1.7.0]# ./configure --prefix=/usr/local/apr
....
config.status: creating Makefile
config.status: creating include/apr.h
config.status: creating build/apr_rules.mk
config.status: creating build/pkg/pkginfo
config.status: creating apr-1-config
config.status: creating apr.pc
config.status: creating test/Makefile
config.status: creating test/internal/Makefile
config.status: creating include/arch/unix/apr_private.h
config.status: executing libtool commands
config.status: executing default commands
[root@lnh apr-1.7.0]# make && make install
....
for f in make_exports.awk make_var_export.awk; do \
/usr/bin/install -c -m 644 /usr/local/src/apr-1.7.0/build/${f} /usr/local/apr/build-1; \
done
/usr/bin/install -c -m 644 build/apr_rules.out /usr/local/apr/build-1/apr_rules.mk
/usr/bin/install -c -m 755 apr-config.out /usr/local/apr/bin/apr-1-config
[root@lnh apr-1.7.0]# ls /usr/local/apr/
bin build-1 include lib
安装apr-util
[root@lnh apr-1.7.0]# cd ..
[root@lnh src]# tar -xf apr-util-1.6.1.tar.gz
[root@lnh src]# cd apr-util-1.6.1/
[root@lnh apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr/
....
config.status: creating build/pkg/pkginfo
config.status: creating apr-util.pc
config.status: creating apu-1-config
config.status: creating include/private/apu_select_dbm.h
config.status: creating include/apr_ldap.h
config.status: creating include/apu.h
config.status: creating include/apu_want.h
config.status: creating test/Makefile
config.status: creating include/private/apu_config.h
config.status: executing default commands
[root@lnh apr-util-1.6.1]# make && make install
....
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
/usr/bin/install -c -m 644 aprutil.exp /usr/local/apr-util/lib
/usr/bin/install -c -m 755 apu-config.out /usr/local/apr-util/bin/apu-1-config
[root@lnh apr-util-1.6.1]# ls /usr/local/apr-util/
bin include lib
安装httpd
[root@lnh apr-util-1.6.1]# cd ..
[root@lnh src]# tar -xf httpd-2.4.54.tar.gz
[root@lnh src]# cd httpd-2.4.54/
[root@lnh httpd-2.4.54]# ./configure --prefix=/usr/local/apache --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/ --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork
....
Server Version: 2.4.54
Install prefix: /usr/local/apache
C compiler: gcc
CFLAGS: -g -O2 -pthread
CPPFLAGS: -DLINUX -D_REENTRANT -D_GNU_SOURCE
LDFLAGS:
LIBS:
C preprocessor: gcc -E
//动态共享库 //ssl加密 //通用网关接口,主要为了动态网页 //url重写
//zlib压缩 //正则表达式的库文件,不指定路径自动寻找 //安装most模块
//启用mpm所有支持模式 //使用prefork模式:一个请求,一个线程;反应快,不支持高并发,消耗大量内存
[root@lnh httpd-2.4.54]# make && make install
....
mkdir /usr/local/apache/build
Installing man pages and online manual
mkdir /usr/local/apache/man
mkdir /usr/local/apache/man/man1
mkdir /usr/local/apache/man/man8
mkdir /usr/local/apache/manual
make[1]: Leaving directory '/usr/local/src/httpd-2.4.54'
[root@lnh httpd-2.4.54]# ls /usr/local/apache/
bin cgi-bin error icons logs manual
build conf htdocs include man modules
配置环境变量
[root@lnh ~]# echo 'export PATH=/usr/local/apache/bin:$PATH' >/etc/profile.d/apache.sh
[root@lnh ~]# source /etc/profile.d/apache.sh //使配置生效
[root@lnh ~]# which apachectl //查看
/usr/local/apache/bin/apachectl
[root@lnh ~]# ln -s /usr/local/apache/include/ /usr/include/apache // 做个软链接,映射个头文件
[root@lnh ~]# ll /usr/include/ |grep apache
lrwxrwxrwx. 1 root root 26 Jul 21 21:38 apache -> /usr/local/apache/include/
[root@lnh ~]# ll /usr/include/apache
lrwxrwxrwx. 1 root root 26 Jul 21 21:38 /usr/include/apache -> /usr/local/apache/include/
[root@lnh ~]# vim /etc/man_db.conf //将apache的man生效
#MANDATORY_MANPATH /usr/src/pvm3/man
#
MANDATORY_MANPATH /usr/man
MANDATORY_MANPATH /usr/share/man
MANDATORY_MANPATH /usr/local/share/man
MANDATORY_MANPATH /usr/local/apache/man //添加这一行
关闭防火墙,开启服务
[root@lnh ~]# systemctl stop firewalld.service
[root@lnh ~]# setenforce 0
[root@lnh ~]# apachectl start
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::20c:29ff:fe05:f428%ens33. Set the 'ServerName' directive globally to suppress this message
[root@lnh ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
[root@lnh ~]# ss -anltup |grep httpd
tcp LISTEN 0 128 *:80 *:* users:(("httpd",pid=62729,fd=4),("httpd",pid=62728,fd=4),("httpd",pid=62727,fd=4),("httpd",pid=62726,fd=4),("httpd",pid=62725,fd=4),("httpd",pid=62724,fd=4))
访问端口
设置开机自启
[root@lnh ~]# cd /usr/lib/systemd/system
[root@lnh system]# cp sshd.service httpd.service
cp: overwrite 'httpd.service'?
[root@lnh system]# vim httpd.service
[Unit]
Description=httpd server daemon
After=network.target sshd-keygen.target
[Service]
Type=forking
ExecStart=/usr/local/apache/bin/apachectl
ExecStop=/usr/local/apache/bin/apachectl stop
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
[root@lnh system]# systemctl daemon-reload //此处要确保80端口关闭
[root@lnh ~]# systemctl start httpd.service
[root@lnh ~]# systemctl status httpd.service
● httpd.service - httpd server daemon
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor p>
Active: active (running) since Thu 2022-07-21 23:18:31 CST; 2s ago
Process: 63436 ExecStart=/usr/local/apache/bin/apachectl (code=exited, sta>
Main PID: 63439 (httpd)
Tasks: 6 (limit: 12221)
Memory: 5.7M
CGroup: /system.slice/httpd.service
├─63439 /usr/local/apache/bin/httpd
├─63440 /usr/local/apache/bin/httpd
├─63441 /usr/local/apache/bin/httpd
├─63442 /usr/local/apache/bin/httpd
├─63443 /usr/local/apache/bin/httpd
└─63444 /usr/local/apache/bin/httpd
Jul 21 23:18:31 lnh systemd[1]: Starting httpd server daemon...
Jul 21 23:18:31 lnh systemd[1]: Started httpd server daemon.
[root@lnh ~]# systemctl stop httpd.service
[root@lnh ~]# systemctl status httpd.service
● httpd.service - httpd server daemon
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor p>
Active: inactive (dead)
Jul 21 23:03:00 lnh httpd[63206]: no listening sockets available, shutting d>
Jul 21 23:03:00 lnh httpd[63206]: AH00015: Unable to open logs
Jul 21 23:03:00 lnh systemd[1]: httpd.service: Main process exited, code=exi>
Jul 21 23:03:00 lnh systemd[1]: httpd.service: Failed with result 'exit-code>
Jul 21 23:03:00 lnh systemd[1]: Failed to start The Apache HTTP Server.
Jul 21 23:18:31 lnh systemd[1]: Starting httpd server daemon...
Jul 21 23:18:31 lnh systemd[1]: Started httpd server daemon.
Jul 21 23:19:01 lnh systemd[1]: Stopping httpd server daemon...
Jul 21 23:19:01 lnh systemd[1]: httpd.service: Succeeded.
Jul 21 23:19:01 lnh systemd[1]: Stopped httpd server daemon.
[root@lnh ~]# systemctl disable httpd.service
//取消开机自启
httpd配置三种虚拟主机
这是用yum下载的httpd
相同IP不同端口
[root@lnh ~]# find / -name *vhosts.conf //在根目录下面找虚拟主机的模板配置文件
/usr/share/doc/httpd/httpd-vhosts.conf
[root@lnh ~]# cd /etc/httpd/
[root@lnh httpd]# ls
conf(主配置文件) conf.d(辅助配置文件) conf.modules.d(辅助配置文件,以模块配置文件为主) logs modules run state
[root@lnh httpd]# cd conf.d/
[root@lnh conf.d]# ls
autoindex.conf README userdir.conf welcome.conf
[root@lnh conf.d]# cp /usr/share/doc/httpd/httpd-vhosts.conf .
//将模板配置文件复制到当前目录
[root@lnh conf.d]# ls
autoindex.conf httpd-vhosts.conf README userdir.conf welcome.conf
[root@lnh conf.d]# vim httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/var/www/html/zhuawawa" //网站的根目录(yum默认安装的)
ServerName www.zhuawawa.com //域名
ErrorLog "/var/log/httpd/www.zhuawawa.com-error_log" //错误日志
CustomLog "/var/log/httpd/www.zhuawawa.com-access_log" common
</VirtualHost> //访问日志
Listen 81 //因为没有所以添加一个
<VirtualHost *:81> *//表示相同ip
DocumentRoot "/var/www/html/tanke"
ServerName www.tanke.com
ErrorLog "/var/log/httpd/www.tanke.com-error_log"
CustomLog "/var/log/httpd/www.tanke.com-access_log" common
</VirtualHost>
虚拟主机示例
服务的邮箱
网站的根目录(yum默认安装的)
域名
域名的别名
错误日志
访问日志
[root@lnh conf.d]# cd ..
[root@lnh httpd]# ls
conf conf.d conf.modules.d logs modules run state
[root@lnh httpd]# cd conf
[root@lnh conf]# ls
httpd.conf magic
[root@lnh conf]# vim httpd.conf
DocumentRoot "/var/www/html" //yum安装的主配置文件默认网站的根目录
[root@lnh conf]# cd ..
[root@lnh httpd]# ls
conf conf.d conf.modules.d logs modules run state
[root@lnh httpd]# cd conf.d
[root@lnh conf.d]# ls
autoindex.conf httpd-vhosts.conf README userdir.conf welcome.conf
[root@lnh html]# mkdir zhuawawa
[root@lnh html]# mkdir tanke
[root@lnh html]# ls
tanke zhuawawa
[root@lnh html]# cd zhuawawa/
[root@lnh zhuawawa]# rz
[root@lnh zhuawawa]# dnf -y install zip
[root@lnh zhuawawa]# unzip zhuawawaji.zip
[root@lnh zhuawawa]# ls
jQuery抓娃娃机游戏代码 zhuawawaji.zip
[root@lnh zhuawawa]# mv jQuery抓娃娃机游戏代码/* .
[root@lnh zhuawawa]# ls
images img index.html jQuery抓娃娃机游戏代码 js zhuawawaji.zip
[root@lnh zhuawawa]# rm -rf zhuawawaji.zip
[root@lnh zhuawawa]# ls
images img index.html jQuery抓娃娃机游戏代码 js
[root@lnh zhuawawa]# cd ..
[root@lnh html]# cd tanke/
[root@lnh tanke]# rz
[root@lnh tanke]# ls
坦克.zip
[root@lnh tanke]# ls
Battle_City 坦克.zip
[root@lnh tanke]# mv Battle_City/* .
[root@lnh tanke]# ls
audio Battle_City css images index.html js 坦克.zip
[root@lnh tanke]# rm -rf 坦克.zip
[root@lnh tanke]# ls
audio Battle_City css images index.html js
[root@lnh html]# httpd -t
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::20c:29ff:fe05:f428. Set the 'ServerName' directive globally to suppress this message
Syntax OK //如果闲出现的太繁杂可以作下面的修改
[root@lnh conf]# vim httpd.conf //在主配置文件里面修改
ServerName www.example.com:80 //取消注释
[root@lnh html]# httpd -t
Syntax OK //配置文件没有问题
[root@lnh html]# systemctl restart httpd.service //重启服务
[root@lnh html]# ss -antl //查看端口
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:81 *:*
[root@lnh html]# systemctl stop firewalld.service
[root@lnh html]# setenforce 0
//关闭防火墙
80端口:
81端口:
不同IP相同端口
[root@lnh ~]# ip addr add 192.168.222.252/24 dev ens33
[root@lnh ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:05:f4:28 brd ff:ff:ff:ff:ff:ff
inet 192.168.222.250/24 brd 192.168.222.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.222.252/24 scope global secondary ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe05:f428/64 scope link
valid_lft forever preferred_lft forever
//添加一个临时的同网段ip
[root@lnh ~]# cd /etc/httpd/
[root@lnh httpd]# ls
conf conf.d conf.modules.d logs modules run state
[root@lnh httpd]# cd conf.d/
[root@lnh conf.d]# ls
autoindex.conf httpd-vhosts.conf README userdir.conf welcome.conf
[root@lnh conf.d]# vim httpd-vhosts.conf
<VirtualHost 192.168.222.250:80>
DocumentRoot "/var/www/html/zhuawawa"
ServerName www.zhuawawa.com
ErrorLog "/var/log/httpd/www.zhuawawa.com-error_log"
CustomLog "/var/log/httpd/www.zhuawawa.com-access_log" common
</VirtualHost>
<VirtualHost 192.168.222.252:80>
DocumentRoot "/var/www/html/tanke"
ServerName www.tanke.com
ErrorLog "/var/log/httpd/www.tanke.com-error_log"
CustomLog "/var/log/httpd/www.tanke.com-access_log" common
</VirtualHost>
//更改ip 同端口
[root@lnh conf.d]# httpd -t
Syntax OK
//检查配置是否有啥子问题
[root@lnh conf.d]# systemctl restart httpd.service
//重启服务
250:
252:
相同IP相同端口不同域名
在电脑桌面我的电脑里面搜索C:\Windows\System32\drivers\etc这个路径修改hosts文件
添加后保存hosts文件
[root@lnh conf.d]# vim httpd-vhosts.conf
<VirtualHost 192.168.222.250:80>
DocumentRoot "/var/www/html/zhuawawa"
ServerName www.zhuawawa.com
ErrorLog "/var/log/httpd/www.zhuawawa.com-error_log"
CustomLog "/var/log/httpd/www.zhuawawa.com-access_log" common
</VirtualHost>
<VirtualHost 192.168.222.250:80>
DocumentRoot "/var/www/html/tanke"
ServerName www.tanke.com
ErrorLog "/var/log/httpd/www.tanke.com-error_log"
CustomLog "/var/log/httpd/www.tanke.com-access_log" common
</VirtualHost>
[root@lnh conf.d]# httpd -t
Syntax OK
//检查配置
[root@lnh conf.d]# systemctl restart httpd.service
//重启服务
www.zhuawawa.com:
www.tanke.com:
配置拒绝指定ip访问
[root@lnh conf.d]# vim httpd-vhosts.conf
<VirtualHost 192.168.222.250:80>
DocumentRoot "/var/www/html/zhuawawa"
ServerName www.zhuawawa.com
ErrorLog "/var/log/httpd/www.zhuawawa.com-error_log"
CustomLog "/var/log/httpd/www.zhuawawa.com-access_log" common
<Directory /var/www/html/zhuawawa>
<RequireAll>
Require not ip 192.168.222.1
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
<VirtualHost 192.168.222.250:80>
DocumentRoot "/var/www/html/tanke"
ServerName www.tanke.com
ErrorLog "/var/log/httpd/www.tanke.com-error_log"
CustomLog "/var/log/httpd/www.tanke.com-access_log" common
</VirtualHost>
[root@lnh conf.d]# httpd -t
Syntax OK
[root@lnh conf.d]# systemctl restart httpd.service
192.168.222.250:
192.168.222.250/zhuawawa
ssl
CA生成一对密钥
[root@lnh ~]# dnf -y install mod_ssl
[root@lnh ~]# systemctl restart httpd.service
[root@lnh ~]# httpd -M |grep ssl
ssl_module (shared)
[root@lnh ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:443 *:*
LISTEN 0 128 *:80 *:*
启用模块:编辑/etc/httpd/conf.modules.d/00-base.conf文件,添加下面这行,如果已经有了但是注释了,则取消注释即可
[root@lnh ~]# vim /etc/httpd/conf.modules.d/00-base.conf
LoadModule ssl_module modules/mod_ssl.so
[root@lnh ~]# cd /etc/pki/
[root@lnh pki]# ls
ca-trust consumer entitlement java product product-default rpm-gpg rsyslog tls
[root@lnh pki]# mkdir CA
[root@lnh pki]# cd CA/
[root@lnh CA]# pwd
/etc/pki/CA
[root@lnh CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048) //生成密钥,括号必须要
genrsa: Can't open "private/cakey.pem" for writing, No such file or directory //没有private这个目录
[root@lnh CA]# mkdir private //创建目录
[root@lnh CA]# ls
private
[root@lnh CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048) //生成密钥,括号必须要
Generating RSA private key, 2048 bit long modulus (2 primes)
.............+++++
....................................................................................................+++++
e is 65537 (0x010001)
[root@lnh CA]# cd private/
[root@lnh private]# ls
cakey.pem
//这里面就是秘钥
[root@lnh private]# cd ..
[root@lnh CA]# pwd
/etc/pki/CA
[root@lnh CA]# ls
private
[root@lnh CA]# openssl rsa -in private/cakey.pem -pubout
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAytGtkYX/kizIGjBflTyZ
ZRhOX85EgHo/HLub0YvURuZzmtuASKyf54K4OJzfUzXYPsPOPIuNKElbDYhflxaI
oKNyLDhkjZ60DVPHzGLFVg3CGOim7zrqF14HwCM27ZmV3b6ngnaLAIDfftDmrF33
J2J33NW3/yM6Fbpz7zrAa81W518wHYy7UjvUPhD5Z83EYvOpWAKJLMswl2B3RcCU
xTCWoQ7InD0JOHj0xj97Onj3l4PtHQqcfUK+FQoiAV9OfCfr/w536wzNXZeSbSLS
eN5LeFjGuy0qbF1qZuwJYQWQ2GNRQIi1De88XWJoew1E3z8dCoHzSo/dFNeo0ItY
DQIDAQAB
-----END PUBLIC KEY-----
//提取秘钥查看
CA生成自签署证书
[root@lnh CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 //成自签署证书
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn //国家
State or Province Name (full name) []:hb //省份
Locality Name (eg, city) [Default City]:wh //城市
Organization Name (eg, company) [Default Company Ltd]:runtime //公司
Organizational Unit Name (eg, section) []:peixun //部门
Common Name (eg, your name or your server's hostname) []:www.zhuawawa.com //域名,只是暂时写一个,后面也可以访问其他的
Email Address []:1@2.com //邮箱
[root@lnh CA]# openssl x509 -text -in cacert.pem
//读出cacert.pem证书的内容
[root@lnh CA]# mkdir certs newcerts crl //创建目录
[root@lnh CA]# touch index.txt && echo 01 > serial //创建文件
[root@lnh CA]# ls
cacert.pem certs crl index.txt newcerts private serial
[root@lnh CA]# cat serial
01 //查看
客户端(例如httpd服务器)生成密钥
生成的秘钥想给哪个用哪个就是客户端
[root@lnh CA]# cd /etc/httpd && mkdir ssl && cd ssl
[root@lnh ssl]# pwd
/etc/httpd/ssl
[root@lnh ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
......................+++++
...........................+++++
e is 65537 (0x010001)
[root@lnh ssl]# ls
httpd.key
客户端生成证书签署请求
[root@lnh ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:peixun
Common Name (eg, your name or your server's hostname) []:www.zhuawawa.com
Email Address []:1@2.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
//签署证书
客户端把证书签署请求文件发送给CA
我这里是一台机子做的使用不用操作
scp httpd.csr root@CA端IP:/root
CA签署客户端提交上来的证书
[root@lnh ssl]# openssl ca -in /etc/httpd/ssl/httpd.csr -out httpd.crt -days 365
([root@lnh ssl]# openssl ca -in ./httpd.csr -out httpd.crt -days 365
)//当前目录下
([root@lnh ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
)//当前这个路径下
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Jul 24 08:13:02 2022 GMT
Not After : Jul 24 08:13:02 2023 GMT
Subject:
countryName = cn
stateOrProvinceName = hb
organizationName = runtime
organizationalUnitName = peixun
commonName = www.zhuawawa.com
emailAddress = 1@2.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
65:A6:53:8F:B4:F5:2F:1B:BD:B0:5F:0F:FA:E8:B2:5B:EC:61:18:AF
X509v3 Authority Key Identifier:
keyid:7E:29:4C:F8:13:87:53:16:46:98:2B:E6:A0:9D:42:1D:68:27:00:10
Certificate is to be certified until Jul 24 08:13:02 2023 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@lnh ssl]# ls
httpd.crt httpd.csr httpd.key
CA把签署好的证书httpd.crt发给客户端
scp httpd.crt root@客户端IP:/etc/httpd/ssl/
[root@lnh ssl]# pwd
/etc/httpd/ssl
[root@lnh ssl]# cd /etc/httpd/conf.d/
[root@lnh conf.d]# ls
'\' httpd-vhosts.conf ssl.conf welcome.conf
autoindex.conf README userdir.conf
[root@lnh conf.d]# vim ssl.conf
SSLCertificateFile /etc/httpd/ssl/httpd.crt //修改路径
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key//修改路径
<VirtualHost _default_:443>
# General setup for the virtual host, inherited from global configuration
DocumentRoot "/var/www/html/tanke" //取消注释和指定哪个使用
ServerName www.tanke.com:443 //指定域名
[root@lnh conf.d]# httpd -t
Syntax OK //检查配置
[root@lnh conf.d]# systemctl restart httpd //重启服务
[root@lnh conf.d]# ss -antl //查看端口
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:443 *:*
LISTEN 0 128 *:80 *:*
访问
成功配置https安全加密模块
评论暂时关闭