1. 安装httpd 2.4.10的必备条件
APR and APR-util
APR(Apache Portable Runtime Library),提供如下功能:
Atomic operations
Dynamic Shared Object loading
File I/O
Locks (mutexes, condition variables, etc)
Memory management (high performance allocators)
Memory-mapped files
Multicast Sockets
Network I/O
Shared memory
Thread and Process management
Various data structures (tables, hashes, priority queues, etc)
Perl-Compatible Regular Expressions Library(PCRE)
PCRE用于提供类似perl的正则表达式功能
保证有至少50M的临时空间(/tmp),安装文件需要至少10M的硬盘空间
需要GCC编译器
需要ntp提供准确的时间
可选的perl5的安装
2. 下载软件包
apr and apr-util: http://apr.apache.org
httpd: http://httpd.apache.org
3. 安装依赖软件pcre apr apr-util gcc
//解压 # tar jxvf httpd-2.4.10.tar.bz2 # tar jxvf apr-1.5.1.tar.bz2 # tar jxvf apr-util-1.5.4.tar.bz2 //安装 # yum -y install pcre-devel # cd apr-1.5.1 # ./configure --prefix=/usr/local/apr && make && make install # cd apr-util-1.5.4 # ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr && make && make install
4. 安装httpd-2.4.10
httpd 2.4的新特性:
Run-time Loadable MPMs: mpm支持在运行时装载
Event MPM: 支持event mpm
Asynchronous support: 支持异步读写
Per-module and per-directory LogLevel configuration: 支持每个模块、每个目录级别的日志配置
Per-request configuration sections: 支持每请求区域配置
General-purpose expression parser: 增强版的表达式解析器
KeepAliveTimeout in milliseconds: keepalive 超时时间支持毫秒级(ms)
NameVirtualHost directive被弃置
Override Configuration:
AllowOverrideList Redirect RedirectMatch
Config file variables: 支持在配置文件中定义变量
Reduced memory usage: 减少了内存使用
# cd httpd-2.4.10 # ./configure --prefix=/usr/local/apache --sysconfdir=/etc/httpd24 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/ --enable-modules=most --enable-mpms-shared=all --with-mpm=event # make # make install
5. MPMs(Multi-Processing Modules)
MPM用于bind网络端口、接受请求、调度子进程处理请求。
构建mpm为一个静态模块:编译时使用选项--with-mpm=[prefork|worker|event]
构建mpm为一个DSO模块: 修改配置文件
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
unix平台下的三种MPM:prefork、worker、event
prefork:
prefork用于实现一种不使用线程,预派生的web服务器。适用于不支持线程(没有线程兼容库) 的平台或环境,也适用于隔离每个请求的场景(单个请求出现问题不会影响其它请求)。 一个进程响应一个请求。
# prefork MPM # StartServers: number of server processes to start # MinSpareServers: minimum number of server processes which are kept spare # MaxSpareServers: maximum number of server processes which are kept spare # MaxRequestWorkers: maximum number of server processes allowed to start # MaxConnectionsPerChild: maximum number of connections a server process serves # before terminating <IfModule mpm_prefork_module> StartServers 5 //默认启动的工作进程数 MinSpareServers 5 //最小空闲进程数 MaxSpareServers 10 //最大空闲进程数 MaxRequestWorkers 250 //允许被启动的最大工作进程数 MaxConnectionsPerChild 0 //每个进程在生命周期内所允许服务的最大请求数 </IfModule>
prefork的工作过程:
在httpd服务启动之后,初始启动5个工作进程(由StartServers定义),httpd根据需要自动调整工作进程的个数,最大允许启动250个工作进程(由MaxRequestWorkers定义),也就是说当网站访问量大的时候,启动了大量工作进程,而在访问量变少时,不再需要这些工作进程了,httpd通过MinSpareServers和MaxSpareServers自动调节工作进程的数量。如果当前的空闲进程大于MaxSpareServer定义的最大空闲进程数,httpd将会杀死超额的工作进程;如果当前的空闲进程小于MinSpareServer定义的最小空闲进程数,httpd将会启动新的工作进程:启动1个进程,稍等一会儿,启动2个进程,稍等一会儿,启动4个进程,然后一直以指数方式启动进程,一直到每秒钟产生32个工作进程,它将停止启动进程,一直到当前进程能满足最小空闲进程(MinSpareServers)。一个工作进程在处理了最大请求数(MaxConnectionsPerChild)之后,将会被杀死,设置为0表示永不地期。
worker:
worker用于实现一种混合多进程、多线程web服务器。通过使用线程处理大量请求,比使用进程处理请求消耗更少的系统资源。 一个线程响应一个请求。
# worker MPM # StartServers: initial number of server processes to start # MinSpareThreads: minimum number of worker threads which are kept spare # MaxSpareThreads: maximum number of worker threads which are kept spare # ThreadsPerChild: constant number of worker threads in each server process # MaxRequestWorkers: maximum number of worker threads # MaxConnectionsPerChild: maximum number of connections a server process serves # before terminating <IfModule mpm_worker_module> StartServers 3 //默认启动的工作进程数 MinSpareThreads 75 //最小空闲进程数 MaxSpareThreads 250 //最大的空闲进程数 ThreadsPerChild 25 //每个工作进程可以产生的线程数 MaxRequestWorkers 400 //允许启动的最大工作进程数 MaxConnectionsPerChild 0 //每个进程在生命周期内所允许服务的最大请求数 </IfModule>
worker的工作过程:
在httpd服务启动之后,初始启动3个工作进程(由StartServers定义),每个工作进程允许产生25个线程(由ThreadsPerChild定义)。根据需要在MinSpareServer和MaxSpareServer范围内自动启动新的工作进程和杀死超额的工作进程。最大允许启动的工作进程数为400(由MaxRequestWorkers定义)。一个工作进程在处理了最大请求数(MaxConnectionsPerChild)之后,将会被杀死,设置为0表示永不地期。
event:
event用于实现一个线程处理处理多个请求的web服务器。它是一个基于worker MPM的,配置参数和worker一致。
# event MPM # StartServers: initial number of server processes to start # MinSpareThreads: minimum number of worker threads which are kept spare # MaxSpareThreads: maximum number of worker threads which are kept spare # ThreadsPerChild: constant number of worker threads in each server process # MaxRequestWorkers: maximum number of worker threads # MaxConnectionsPerChild: maximum number of connections a server process serves # before terminating <IfModule mpm_event_module> StartServers 3 //默认启动的工作进程数 MinSpareThreads 75 //最小空闲进程数 MaxSpareThreads 250 //最大的空闲进程数 ThreadsPerChild 25 //每个工作进程可以产生的线程数 MaxRequestWorkers 400 //允许启动的最大工作进程数 MaxConnectionsPerChild 0 //每个进程在生命周期内所允许服务的最大请求数 </IfModule>
event的工作过程:
和work类似,只不过event实现了一个线程响应多个请求,而worker只能一个线程响应一个请求。
6. 配置侦听端口
#Listen 12.34.56.78:80 Listen 80 Listen 8080 Listen 192.168.57.23:8081
7. 配置虚拟主机
# vim httpd.conf # Virtual hosts #Include /etc/httpd24/extra/httpd-vhosts.conf //此行改为 Include /etc/httpd24/extra/httpd-vhosts.conf # vim extra/httpd-vhosts.conf //配置如下 <VirtualHost www.tech.com:80> ServerAdmin webmaster@www.tech.com DocumentRoot "/usr/local/apache/htdocs/www.tech.com" <Directory /usr/local/apache/htdocs/www.tech.com> Options all </Directory> ServerName www.tech.com ServerAlias tech.com ErrorLog "logs/www.tech.com-error_log" CustomLog "logs/www.tech.com-access_log" combined </VirtualHost> <VirtualHost www.dev.com:80> ServerAdmin webmaster@www.dev.com DocumentRoot "/usr/local/apache/htdocs/www.dev.com" <Directory /usr/local/apache/htdocs/www.dev.com> Options all </Directory> ServerName www.dev.com ServerName dev.com ErrorLog "logs/www.dev.com-error_log" CustomLog "logs/www.dev.com-access_log" combined </VirtualHost> # service httpd restart //重启服务
8. 配置页面属性
<Directory /usr/local/apache/htdocs/ options: All: 所有option,除了MultiViews ExecCGI: 允许使用cgi_mod模块执行cgi脚本 FollowSymLinks: 允许通过链接文件访问指向的原始文件(默认设置) SymLinksIfOwnerMatch 在链接文件属主属组与原始文件的属主属组相同时,允许访问原始文件 Includes 服务器端允许使用mod_include IncludesNOEXEC 服务器端允许使用mod_include,但是#exec cmd和#exec cgi被禁用的。 Indexes: 缺少指定的默认页面时,允许将目录中的所有文件以列表形式返回给用户 MultiViews 允许使用mod_negotiation实现内容协商; </Directory>
9. 配置基于主机的访问控制
<VirtualHost www.tech.com:80> ServerAdmin webmaster@www.tech.com DocumentRoot "/usr/local/apache/htdocs/www.tech.com" <Directory /usr/local/apache/htdocs/www.tech.com> Order Allow,Deny Allow from 10.241.19.13 </Directory> ServerName www.tech.com ServerAlias tech.com ErrorLog "logs/www.tech.com-error_log" CustomLog "logs/www.tech.com-access_log" combined </VirtualHost> //仅允许从10.241.19.13这个IP访问//如果从其它的IP访问www.tech.com,可以从错误日志中看到以下错误消息: [Fri Sep 26 16:26:19.294291 2014] [access_compat:error] [pid 10991:tid 140688968644352] [client 192.168.57.63:49303] AH01797: client denied by server configuration: /usr/local/apache/htdocs/ allow、deny的格式: allow from 192.168.10.1 allow from 172.16.1.1 172.16.1.10 allow from 192.168.20.0/255.255.255.0 allow from 192.168.30.0/24 allow from tech.com allow from .com deny同上
10. 定义默认页面
<VirtualHost www.tech.com:80> ServerAdmin webmaster@www.tech.com DocumentRoot "/usr/local/apache/htdocs/www.tech.com" <Directory /usr/local/apache/htdocs/ DirectoryIndex index.html DirectoryIndex index.php Order Allow,Deny Allow from 10.241.19.13 </Directory> ServerName www.tech.com ServerAlias tech.com ErrorLog "logs/www.tech.com-error_log" CustomLog "logs/www.tech.com-access_log" combined </VirtualHost>
11. 自定义日志格式
LogFormat Format_String Format_Name //定义访问日志文件的格式
CustomLog "/path/to/access_log_file Format_Name //定义访问日志文件的存储位置
ErrorLog "/path/to/error_log_file //定义错误日志文件的存储位置
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog "logs/access_log" combined12. 配置路径别名
<VirtualHost www.dev.com:80> ServerAdmin webmaster@www.ftp.com DocumentRoot "/ftp/files" Alias /ftp /ftp/files <Directory /ftp/files> Options all Require all granted </Directory> ServerName www.ftp.com ServerAlias ftp.com ErrorLog "logs/www.ftp.com-error_log" CustomLog "logs/www.ftp.com-access_log" combined </VirtualHost>
13. 设置字符集和默认字符集
//设置字符集 AddLanguage ja .ja AddCharset EUC-JP .euc AddCharset ISO-2022-JP .jis AddCharset SHIFT_JIS .sjis //设置默认字符集 AddDefaultCharset utf-8
14. 配置cgi脚本及脚本别名:需要mod_alias mod_cgi
<VirtualHost www.tech.com:80> ServerAdmin webmaster@www.tech.com DocumentRoot "/usr/local/apache/htdocs/www.tech.com" ScriptAlias /cgi-bin /usr/local/apache/cgi-bin <Directory "/usr/local/apache/cgi-bin"> AllowOverride None Options ExecCGI Require all granted </Directory> <Directory /usr/local/apache/htdocs/www.tech.com> Order Allow,Deny Allow from 10.241.19.37 </Directory> ServerName www.tech.com ServerAlias tech.com ErrorLog "logs/www.tech.com-error_log" CustomLog "logs/www.tech.com-access_log" combined </VirtualHost>
15. 配置基于用户的访问控制
//(一)基本文件中的用户的基本验证 <VirtualHost www.dev.com:80> ServerAdmin webmaster@www.dev.com DocumentRoot "/usr/local/apache/htdocs/www.dev.com" <Directory /usr/local/apache/htdocs/www.dev.com> Options None AuthType Basic AuthName Dev-Document AuthBasicProvider file AuthUserFile /usr/local/apache/.htpasswd Require valid-user </Directory> ServerName www.dev.com ServerAlias dev.com ErrorLog "logs/www.dev.com-error_log" CustomLog "logs/www.dev.com-access_log" combined </VirtualHost> //创建.htpasswd # htpasswd -c -m /usr/local/apache/.htpasswd admin New password: //输入密码,回车 Re-type new password: //再次输入密码,回车 //增加用户 # htpasswd -m /usr/local/apache/.htpasswd user New password: //输入密码,回车 Re-type new password: //再次输入密码,回车 //(二)基本文件中的用户组的基本验证 <VirtualHost www.dev.com:80> ServerAdmin webmaster@www.dev.com DocumentRoot "/usr/local/apache/htdocs/www.dev.com" <Directory /usr/local/apache/htdocs/www.dev.com> Options None AuthType Basic AuthName Dev-Document AuthBasicProvider file AuthUserFile /usr/local/apache/.htpasswd AuthGroupFile /usr/local/apache/.htgroup Require group security </Directory> ServerName www.dev.com ServerAlias dev.com ErrorLog "logs/www.dev.com-error_log" CustomLog "logs/www.dev.com-access_log" combined </VirtualHost> //仍然需要.htpasswd,同时需要.htgroup # cat .htpasswd admin:$apr1$ZABMJxpW$BFOMQtcuA3vC4aHKsy.ii1 user:$apr1$7nGKI1k4$.LyIM3rL.5HoemALGbw491 # cat .htgroup security:admin //当用user用户访问 [Sun Sep 28 14:15:28.674174 2014] [authz_core:error] [pid 30864:tid 139665202931456] [client 192.168.57.63:57500] AH01631: user user: authorization failure for "/":
16. 配置基于ssl的https网站
# vim /etc/httpd24/httpd.conf #LoadModule ssl_module modules/mod_ssl.so 改为 LoadModule ssl_module modules/mod_ssl.so # Secure (SSL/TLS) connections # Include /etc/httpd24/extra/httpd-ssl.conf 改为 Include /etc/httpd24/extra/httpd-ssl.conf # vim /etc/httpd24/extra/httpd-ssl.conf //设置以下 DocumentRoot "/usr/local/apache/htdocs" ServerName SSLCertificateFile "/etc/pki/CA/cacert.pem" //openssl证书文件 SSLCertificateKeyFile "/etc/pki/CA/private/cakey.pem" //openssl密钥文件 //重启httpd服务 service httpd restart
17. 配置服务器server-status页面
<Location>
</Location>段为server-status配置
# vim extra/httpd-vhosts.conf <VirtualHost www.tech.com:80> ServerAdmin webmaster@www.tech.com DocumentRoot "/usr/local/apache/htdocs/www.tech.com" ScriptAlias /cgi-bin /usr/local/apache/cgi-bin <Directory "/usr/local/apache/cgi-bin"> AllowOverride None Options ExecCGI Require all granted </Directory> <Directory /usr/local/apache/htdocs/www.tech.com> Order Allow,Deny Allow from 10.241.19.37 </Directory> <Location /server-status> SetHandler server-status AuthType Basic AuthName "Server Status test" AuthUserFile /usr/local/apache/.htpasswd Require valid-user Order deny,allow Allow from all </Location> ServerName www.tech.com ServerAlias tech.com ErrorLog "logs/www.tech.com-error_log" CustomLog "logs/www.tech.com-access_log" combined </VirtualHost>
