1. 安裝httpd 2.4.10的必備條件
APR and APR-util
APR(Apache Portable Runtime Library),提供如下功能:
Atomic operations
Dynamic Shared Object loading
File I/O
Locks (mutexes, condition variables, etc)
Memory management (high performance allocators)
Memory-mapped files
Multicast Sockets
Network I/O
Shared memory
Thread and Process management
Various data structures (tables, hashes, priority queues, etc)
Perl-Compatible Regular Expressions Library(PCRE)
PCRE用於提供類似perl的正則表達式功能
保證有至少50M的臨時空間(/tmp),安裝文件需要至少10M的硬盤空間
需要GCC編譯器
需要ntp提供準確的時間
可選的perl5的安裝
2. 下載軟件包
apr and apr-util: http://apr.apache.org
httpd: http://httpd.apache.org
3. 安裝依賴軟件pcre apr apr-util gcc
//解壓 # tar jxvf httpd-2.4.10.tar.bz2 # tar jxvf apr-1.5.1.tar.bz2 # tar jxvf apr-util-1.5.4.tar.bz2 //安裝 # yum -y install pcre-devel # cd apr-1.5.1 # ./configure --prefix=/usr/local/apr && make && make install # cd apr-util-1.5.4 # ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr && make && make install
4. 安裝httpd-2.4.10
httpd 2.4的新特性:
Run-time Loadable MPMs: mpm支持在運行時裝載
Event MPM: 支持event mpm
Asynchronous support: 支持異步讀寫
Per-module and per-directory LogLevel configuration: 支持每個模塊、每個目錄級別的日誌配置
Per-request configuration sections: 支持每請求區域配置
General-purpose expression parser: 增強版的表達式解析器
KeepAliveTimeout in milliseconds: keepalive 超時時間支持毫秒級(ms)
NameVirtualHost directive被棄置
Override Configuration:
AllowOverrideList Redirect RedirectMatch
Config file variables: 支持在配置文件中定義變量
Reduced memory usage: 減少了內存使用
# cd httpd-2.4.10 # ./configure --prefix=/usr/local/apache --sysconfdir=/etc/httpd24 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/ --enable-modules=most --enable-mpms-shared=all --with-mpm=event # make # make install
5. MPMs(Multi-Processing Modules)
MPM用於bind網絡端口、接受請求、調度子進程處理請求。
構建mpm爲一個靜態模塊:編譯時使用選項--with-mpm=[prefork|worker|event]
構建mpm爲一個DSO模塊: 修改配置文件
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
unix平臺下的三種MPM:prefork、worker、event
prefork:
prefork用於實現一種不使用線程,預派生的web服務器。適用於不支持線程(沒有線程兼容庫) 的平臺或環境,也適用於隔離每個請求的場景(單個請求出現問題不會影響其它請求)。 一個進程響應一個請求。
# prefork MPM # StartServers: number of server processes to start # MinSpareServers: minimum number of server processes which are kept spare # MaxSpareServers: maximum number of server processes which are kept spare # MaxRequestWorkers: maximum number of server processes allowed to start # MaxConnectionsPerChild: maximum number of connections a server process serves # before terminating <IfModule mpm_prefork_module> StartServers 5 //默認啓動的工作進程數 MinSpareServers 5 //最小空閒進程數 MaxSpareServers 10 //最大空閒進程數 MaxRequestWorkers 250 //允許被啓動的最大工作進程數 MaxConnectionsPerChild 0 //每個進程在生命週期內所允許服務的最大請求數 </IfModule>
prefork的工作過程:
在httpd服務啓動之後,初始啓動5個工作進程(由StartServers定義),httpd根據需要自動調整工作進程的個數,最大允許啓動250個工作進程(由MaxRequestWorkers定義),也就是說當網站訪問量大的時候,啓動了大量工作進程,而在訪問量變少時,不再需要這些工作進程了,httpd通過MinSpareServers和MaxSpareServers自動調節工作進程的數量。如果當前的空閒進程大於MaxSpareServer定義的最大空閒進程數,httpd將會殺死超額的工作進程;如果當前的空閒進程小於MinSpareServer定義的最小空閒進程數,httpd將會啓動新的工作進程:啓動1個進程,稍等一會兒,啓動2個進程,稍等一會兒,啓動4個進程,然後一直以指數方式啓動進程,一直到每秒鐘產生32個工作進程,它將停止啓動進程,一直到當前進程能滿足最小空閒進程(MinSpareServers)。一個工作進程在處理了最大請求數(MaxConnectionsPerChild)之後,將會被殺死,設置爲0表示永不地期。
worker:
worker用於實現一種混合多進程、多線程web服務器。通過使用線程處理大量請求,比使用進程處理請求消耗更少的系統資源。 一個線程響應一個請求。
# worker MPM # StartServers: initial number of server processes to start # MinSpareThreads: minimum number of worker threads which are kept spare # MaxSpareThreads: maximum number of worker threads which are kept spare # ThreadsPerChild: constant number of worker threads in each server process # MaxRequestWorkers: maximum number of worker threads # MaxConnectionsPerChild: maximum number of connections a server process serves # before terminating <IfModule mpm_worker_module> StartServers 3 //默認啓動的工作進程數 MinSpareThreads 75 //最小空閒進程數 MaxSpareThreads 250 //最大的空閒進程數 ThreadsPerChild 25 //每個工作進程可以產生的線程數 MaxRequestWorkers 400 //允許啓動的最大工作進程數 MaxConnectionsPerChild 0 //每個進程在生命週期內所允許服務的最大請求數 </IfModule>
worker的工作過程:
在httpd服務啓動之後,初始啓動3個工作進程(由StartServers定義),每個工作進程允許產生25個線程(由ThreadsPerChild定義)。根據需要在MinSpareServer和MaxSpareServer範圍內自動啓動新的工作進程和殺死超額的工作進程。最大允許啓動的工作進程數爲400(由MaxRequestWorkers定義)。一個工作進程在處理了最大請求數(MaxConnectionsPerChild)之後,將會被殺死,設置爲0表示永不地期。
event:
event用於實現一個線程處理處理多個請求的web服務器。它是一個基於worker MPM的,配置參數和worker一致。
# event MPM # StartServers: initial number of server processes to start # MinSpareThreads: minimum number of worker threads which are kept spare # MaxSpareThreads: maximum number of worker threads which are kept spare # ThreadsPerChild: constant number of worker threads in each server process # MaxRequestWorkers: maximum number of worker threads # MaxConnectionsPerChild: maximum number of connections a server process serves # before terminating <IfModule mpm_event_module> StartServers 3 //默認啓動的工作進程數 MinSpareThreads 75 //最小空閒進程數 MaxSpareThreads 250 //最大的空閒進程數 ThreadsPerChild 25 //每個工作進程可以產生的線程數 MaxRequestWorkers 400 //允許啓動的最大工作進程數 MaxConnectionsPerChild 0 //每個進程在生命週期內所允許服務的最大請求數 </IfModule>
event的工作過程:
和work類似,只不過event實現了一個線程響應多個請求,而worker只能一個線程響應一個請求。
6. 配置偵聽端口
#Listen 12.34.56.78:80 Listen 80 Listen 8080 Listen 192.168.57.23:8081
7. 配置虛擬主機
# vim httpd.conf # Virtual hosts #Include /etc/httpd24/extra/httpd-vhosts.conf //此行改爲 Include /etc/httpd24/extra/httpd-vhosts.conf # vim extra/httpd-vhosts.conf //配置如下 <VirtualHost www.tech.com:80> ServerAdmin [email protected] DocumentRoot "/usr/local/apache/htdocs/www.tech.com" <Directory /usr/local/apache/htdocs/www.tech.com> Options all </Directory> ServerName www.tech.com ServerAlias tech.com ErrorLog "logs/www.tech.com-error_log" CustomLog "logs/www.tech.com-access_log" combined </VirtualHost> <VirtualHost www.dev.com:80> ServerAdmin [email protected] DocumentRoot "/usr/local/apache/htdocs/www.dev.com" <Directory /usr/local/apache/htdocs/www.dev.com> Options all </Directory> ServerName www.dev.com ServerName dev.com ErrorLog "logs/www.dev.com-error_log" CustomLog "logs/www.dev.com-access_log" combined </VirtualHost> # service httpd restart //重啓服務
8. 配置頁面屬性
<Directory /usr/local/apache/htdocs/ options: All: 所有option,除了MultiViews ExecCGI: 允許使用cgi_mod模塊執行cgi腳本 FollowSymLinks: 允許通過鏈接文件訪問指向的原始文件(默認設置) SymLinksIfOwnerMatch 在鏈接文件屬主屬組與原始文件的屬主屬組相同時,允許訪問原始文件 Includes 服務器端允許使用mod_include IncludesNOEXEC 服務器端允許使用mod_include,但是#exec cmd和#exec cgi被禁用的。 Indexes: 缺少指定的默認頁面時,允許將目錄中的所有文件以列表形式返回給用戶 MultiViews 允許使用mod_negotiation實現內容協商; </Directory>
9. 配置基於主機的訪問控制
<VirtualHost www.tech.com:80> ServerAdmin [email protected] DocumentRoot "/usr/local/apache/htdocs/www.tech.com" <Directory /usr/local/apache/htdocs/www.tech.com> Order Allow,Deny Allow from 10.241.19.13 </Directory> ServerName www.tech.com ServerAlias tech.com ErrorLog "logs/www.tech.com-error_log" CustomLog "logs/www.tech.com-access_log" combined </VirtualHost> //僅允許從10.241.19.13這個IP訪問//如果從其它的IP訪問www.tech.com,可以從錯誤日誌中看到以下錯誤消息: [Fri Sep 26 16:26:19.294291 2014] [access_compat:error] [pid 10991:tid 140688968644352] [client 192.168.57.63:49303] AH01797: client denied by server configuration: /usr/local/apache/htdocs/ allow、deny的格式: allow from 192.168.10.1 allow from 172.16.1.1 172.16.1.10 allow from 192.168.20.0/255.255.255.0 allow from 192.168.30.0/24 allow from tech.com allow from .com deny同上
10. 定義默認頁面
<VirtualHost www.tech.com:80> ServerAdmin [email protected] DocumentRoot "/usr/local/apache/htdocs/www.tech.com" <Directory /usr/local/apache/htdocs/ DirectoryIndex index.html DirectoryIndex index.php Order Allow,Deny Allow from 10.241.19.13 </Directory> ServerName www.tech.com ServerAlias tech.com ErrorLog "logs/www.tech.com-error_log" CustomLog "logs/www.tech.com-access_log" combined </VirtualHost>
11. 自定義日誌格式
LogFormat Format_String Format_Name //定義訪問日誌文件的格式
CustomLog "/path/to/access_log_file Format_Name //定義訪問日誌文件的存儲位置
ErrorLog "/path/to/error_log_file //定義錯誤日誌文件的存儲位置
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog "logs/access_log" combined12. 配置路徑別名
<VirtualHost www.dev.com:80> ServerAdmin [email protected] DocumentRoot "/ftp/files" Alias /ftp /ftp/files <Directory /ftp/files> Options all Require all granted </Directory> ServerName www.ftp.com ServerAlias ftp.com ErrorLog "logs/www.ftp.com-error_log" CustomLog "logs/www.ftp.com-access_log" combined </VirtualHost>
13. 設置字符集和默認字符集
//設置字符集 AddLanguage ja .ja AddCharset EUC-JP .euc AddCharset ISO-2022-JP .jis AddCharset SHIFT_JIS .sjis //設置默認字符集 AddDefaultCharset utf-8
14. 配置cgi腳本及腳本別名:需要mod_alias mod_cgi
<VirtualHost www.tech.com:80> ServerAdmin [email protected] DocumentRoot "/usr/local/apache/htdocs/www.tech.com" ScriptAlias /cgi-bin /usr/local/apache/cgi-bin <Directory "/usr/local/apache/cgi-bin"> AllowOverride None Options ExecCGI Require all granted </Directory> <Directory /usr/local/apache/htdocs/www.tech.com> Order Allow,Deny Allow from 10.241.19.37 </Directory> ServerName www.tech.com ServerAlias tech.com ErrorLog "logs/www.tech.com-error_log" CustomLog "logs/www.tech.com-access_log" combined </VirtualHost>
15. 配置基於用戶的訪問控制
//(一)基本文件中的用戶的基本驗證 <VirtualHost www.dev.com:80> ServerAdmin [email protected] DocumentRoot "/usr/local/apache/htdocs/www.dev.com" <Directory /usr/local/apache/htdocs/www.dev.com> Options None AuthType Basic AuthName Dev-Document AuthBasicProvider file AuthUserFile /usr/local/apache/.htpasswd Require valid-user </Directory> ServerName www.dev.com ServerAlias dev.com ErrorLog "logs/www.dev.com-error_log" CustomLog "logs/www.dev.com-access_log" combined </VirtualHost> //創建.htpasswd # htpasswd -c -m /usr/local/apache/.htpasswd admin New password: //輸入密碼,回車 Re-type new password: //再次輸入密碼,回車 //增加用戶 # htpasswd -m /usr/local/apache/.htpasswd user New password: //輸入密碼,回車 Re-type new password: //再次輸入密碼,回車 //(二)基本文件中的用戶組的基本驗證 <VirtualHost www.dev.com:80> ServerAdmin [email protected] DocumentRoot "/usr/local/apache/htdocs/www.dev.com" <Directory /usr/local/apache/htdocs/www.dev.com> Options None AuthType Basic AuthName Dev-Document AuthBasicProvider file AuthUserFile /usr/local/apache/.htpasswd AuthGroupFile /usr/local/apache/.htgroup Require group security </Directory> ServerName www.dev.com ServerAlias dev.com ErrorLog "logs/www.dev.com-error_log" CustomLog "logs/www.dev.com-access_log" combined </VirtualHost> //仍然需要.htpasswd,同時需要.htgroup # cat .htpasswd admin:$apr1$ZABMJxpW$BFOMQtcuA3vC4aHKsy.ii1 user:$apr1$7nGKI1k4$.LyIM3rL.5HoemALGbw491 # cat .htgroup security:admin //當用user用戶訪問 [Sun Sep 28 14:15:28.674174 2014] [authz_core:error] [pid 30864:tid 139665202931456] [client 192.168.57.63:57500] AH01631: user user: authorization failure for "/":
16. 配置基於ssl的https網站
# vim /etc/httpd24/httpd.conf #LoadModule ssl_module modules/mod_ssl.so 改爲 LoadModule ssl_module modules/mod_ssl.so # Secure (SSL/TLS) connections # Include /etc/httpd24/extra/httpd-ssl.conf 改爲 Include /etc/httpd24/extra/httpd-ssl.conf # vim /etc/httpd24/extra/httpd-ssl.conf //設置以下 DocumentRoot "/usr/local/apache/htdocs" ServerName SSLCertificateFile "/etc/pki/CA/cacert.pem" //openssl證書文件 SSLCertificateKeyFile "/etc/pki/CA/private/cakey.pem" //openssl密鑰文件 //重啓httpd服務 service httpd restart
17. 配置服務器server-status頁面
<Location>
</Location>段爲server-status配置
# vim extra/httpd-vhosts.conf <VirtualHost www.tech.com:80> ServerAdmin [email protected] DocumentRoot "/usr/local/apache/htdocs/www.tech.com" ScriptAlias /cgi-bin /usr/local/apache/cgi-bin <Directory "/usr/local/apache/cgi-bin"> AllowOverride None Options ExecCGI Require all granted </Directory> <Directory /usr/local/apache/htdocs/www.tech.com> Order Allow,Deny Allow from 10.241.19.37 </Directory> <Location /server-status> SetHandler server-status AuthType Basic AuthName "Server Status test" AuthUserFile /usr/local/apache/.htpasswd Require valid-user Order deny,allow Allow from all </Location> ServerName www.tech.com ServerAlias tech.com ErrorLog "logs/www.tech.com-error_log" CustomLog "logs/www.tech.com-access_log" combined </VirtualHost>