一、编译安装httpd-2.4.25
1、环境
OS:CentOS6.5 x86_64
已安装了常用的开发包组:
[root@Node4 ~]# yum grouplist Loaded plugins: fastestmirror Setting up Group Process Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * epel: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com epel/group_gz | 150 kB 00:00 Installed Groups: Additional Development Desktop Platform Development #桌面平台开发 Development tools #开发工具 E-mail server Fonts General Purpose Desktop Graphical Administration Tools Input Methods Legacy X Window System compatibility Milkymist Perl Support Security Tools Server Platform Development #服务器平台开发 Installed Language Groups: Chinese Support [zh]
从官网获取软件包,并验证其来源合法性及完整性:
验证方法:
% pgpk -a KEYS % pgpv httpd-2.4.25.tar.gz.asc or % pgp -ka KEYS % pgp httpd-2.4.25.tar.gz.asc or % gpg --import KEYS % gpg --verify httpd-2.4.25.tar.gz.asc httpd-2.4.25.tar.gz
验证:
[root@Node4 ~]# [root@Node4 ~]# cd src [root@Node4 src]# ls apr-1.5.2.tar.gz apr-util-1.5.4.tar.gz httpd-2.4.25.tar.gz httpd-2.4.25.tar.gz.asc KEYS [root@Node4 src]# gpg --import KEYS . . . gpg: Total number processed: 64 gpg: w/o user IDs: 4 gpg: unchanged: 60 [root@Node4 src]# gpg --verify httpd-2.4.25.tar.gz.asc httpd-2.4.25.tar.gz gpg: Signature made Sat 17 Dec 2016 02:25:00 AM CST using RSA key ID 791485A8 gpg: Good signature from "Jim Jagielski (Release Signing Key) <jim@apache.org>" #出现这一行说明这个签名是有效的 gpg: aka "Jim Jagielski <jim@jaguNET.com>" gpg: aka "Jim Jagielski <jim@jimjag.com>" gpg: WARNING: This key is not certified with a trusted signature! #这个警告是因为本地密钥库不信任该公钥 gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: A93D 62EC C3C8 EA12 DB22 0EC9 34EA 76E6 7914 85A8 [root@Node4 src]#
2、安装httpd-2.4.25依赖的包
1)pcre
httpd支持正则表达式依赖于pcre(正则表达式函数库),需要安装其开发包pcre-devel
[root@Node4 ~]# rpm -qa|grep pcre pcre-7.8-6.el6.x86_64 [root@Node4 ~]# yum install httpd -y #使用yum安装pcre-devel包
注意:
可以不卸载系统上yum安装httpd和其依赖包,但一定要关闭httpd并禁止其开机启动。建议删掉
2)apr及apr-util
httpd-2.4 依赖于较高版本的apr(1.5以上)和apr-util
apr:apache portable runtime apache可移植执行环境
是一个api,一个底层库,实现让apache能够跨平台的工具
[root@Node4 ~]# rpm -qa|grep apr #系统中自带(或yum安装)的apr版本低了,需编译安装apr及apr-util apr-1.3.9-5.el6_2.x86_64 apr-util-ldap-1.3.9-3.el6_0.1.x86_64 apr-util-1.3.9-3.el6_0.1.x86_64
编译安装apr:
[root@Node4 src]# tar xf apr-1.5.2.tar.gz [root@Node4 src]# cd apr-1.5.2 [root@Node4 apr-1.5.2]# ls apr-config.in buildconf dso libapr.rc NOTICE support apr.dep build.conf emacs-mode LICENSE NWGNUmakefile tables apr.dsp build-outputs.mk encoding locks passwd test apr.dsw CHANGES file_io Makefile.in poll threadproc apr.mak CMakeLists.txt helpers Makefile.win random time apr.pc.in config.layout include memory README tools apr.spec configure libapr.dep misc README.cmake user atomic configure.in libapr.dsp mmap shmem build docs libapr.mak network_io strings [root@Node4 apr-1.5.2]# ./configure --prefix=/usr/local/apr [root@Node4 apr-1.5.2]# make && make install [root@Node4 apr-1.5.2]# ls /usr/local/apr/ bin build-1 include lib
编译安装apr-util:
[root@Node4 apr-1.5.2]# cd .. [root@Node4 src]# tar xf apr-util-1.5.4.tar.gz [root@Node4 src]# cd apr-util-1.5.4 [root@Node4 apr-util-1.5.4]# ls aprutil.dep buildconf dbd libaprutil.dsp NWGNUmakefile aprutil.dsp build.conf dbm libaprutil.mak README aprutil.dsw build-outputs.mk docs libaprutil.rc README.cmake aprutil.mak CHANGES encoding LICENSE renames_pending apr-util.pc.in CMakeLists.txt export_vars.sh.in Makefile.in strmatch apr-util.spec config.layout hooks Makefile.win test apu-config.in configure include memcache uri buckets configure.in ldap misc xlate build crypto libaprutil.dep NOTICE xml [root@Node4 apr-util-1.5.4]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr #apr-util依赖于apr所以要使用with-apr指定apr程序的位置 [root@Node4 apr-util-1.5.4]# make && make install [root@Node4 apr-util-1.5.4]# ls /usr/local/apr-util/ bin include lib
3、编译安装httpd-2.4.25
[root@Node4 apr-util-1.5.4]# cd .. [root@Node4 src]# tar xf httpd-2.4.25.tar.gz [root@Node4 src]# cd httpd-2.4.25 [root@Node4 httpd-2.4.25]# ls ABOUT_APACHE BuildBin.dsp emacs-style LAYOUT NOTICE srclib acinclude.m4 buildconf httpd.dep libhttpd.dep NWGNUmakefile support Apache-apr2.dsw CHANGES httpd.dsp libhttpd.dsp os test Apache.dsw CMakeLists.txt httpd.mak libhttpd.mak README VERSIONING apache_probes.d config.layout httpd.spec LICENSE README.cmake ap.d configure include Makefile.in README.platforms build configure.in INSTALL Makefile.win ROADMAP BuildAll.dsp docs InstallBin.dsp modules server
httpd编译参数详解:
[root@Node4 httpd-2.4.25]# ./configure --prefix=/usr/local/apache \ #安装路径 > --sysconfdir=/etc/httpd24 \ #配置文件路径 > --enable-so \ #启用支持动态共享模块 > --enable-ssl \ #支持ssl > --enable-cgi \ #支持cgi > --enable-rewrite \ #支持URL重写 > --with-zlib \ #依赖zlib库文件,网络上发送数据报文时通用压缩库的API > --with-pcre \ #指定依赖pcre包,不指定路径,系统就会去系统中查找(rpm包的安装路径) > --with-apr=/usr/local/apr \ #指定依赖apr包路径 > --with-apr-util=/usr/local/apr-util \ #指定依赖apr-util包路径 > --enable-modules=most|all \ #安装大多数模块或全部模块 > --enable-mpms-shared=all \ #以动态共享模块方式安装全部MPM > --with-mpm=event #指定默认使用event MPM
启动并测试:
[root@Node4 httpd-2.4.25]# cd /usr/local/apache/ [root@Node4 apache]# ls bin build cgi-bin error htdocs icons include logs man manual modules [root@Node4 apache]# ls bin ab apxs dbmmanage envvars-std htcacheclean htdigest httpd logresolve apachectl checkgid envvars fcgistarter htdbm htpasswd httxt2dbm rotatelogs [root@Node4 apache]# ./bin/apachectl start AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.10.4. Set the 'ServerName' directive globally to suppress this message httpd (pid 32245) already running
4、后续的配置
导出二进制程序:
# vim /etc/profile.d/apache.sh export PATH=/usr/local/apache/bin:$PATH
导出头文件:
[root@Node4 apache]# ln -sv /usr/local/apache/include/ /usr/include/httpd `/usr/include/httpd' -> `/usr/local/apache/include/'
导出库文件:没有生成库文件
导出man手册:
# vi /etc/man.conf 添加 MANPATH /usr/local/apache/man 或者直接使用命令:man -M /usr/local/apache/man apache
创建SysV(System V)风格的服务脚本:
最简单的方法是修改原yum安装的httpd服务脚本
编译安装后httpd默认的pid文件路径为:
[root@Node4 apache]# ls logs access_log error_log httpd.pid
指定pid文件路径:
在/etc/httpd2.4/httpd.conf中添加一行:PidFile "/var/run/httpd2.4.pid" #我这里不修改
修改原yum安装的http服务脚本:/etc/rc.d/init.d/httpd
# Path to the apachectl script, server binary, and short-form for messages. apachectl=/usr/local/apache/bin/apachectl httpd=${HTTPD-/usr/local/apache/bin/httpd} prog=httpd pidfile=${PIDFILE-/usr/local/apache/logs/httpd.pid} lockfile=${LOCKFILE-/var/lock/subsys/httpd} RETVAL=0 STOP_TIMEOUT=${STOP_TIMEOUT-10} # The semantics of these two functions differ from the way apachectl does
测试:
[root@Node4 ~]# service httpd Usage: httpd {start|stop|restart|condrestart|try-restart|force-reload|reload|status|fullstatus|graceful|help|configtest} [root@Node4 ~]# service httpd status httpd (pid 49500) is running... [root@Node4 ~]# service httpd restart Stopping httpd: [ OK ] Starting httpd: [ OK ] [root@Node4 ~]# service httpd status httpd (pid 49620) is running... [root@Node4 ~]# chkconfig --list httpd service httpd supports chkconfig, but is not referenced in any runlevel (run 'chkconfig --add httpd') [root@Node4 ~]# chkconfig --add httpd [root@Node4 ~]# chkconfig --list httpd httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off [root@Node4 ~]# chkconfig httpd on [root@Node4 ~]# chkconfig --list httpd httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
注意:
编译安装2.4版本的主配置文件/etc/apache2.4没有像yum安装的2.2版本的主配置文件/etc/httpd/conf/httpd.conf一样分为三段,分段配置文件为/etc/apache2.4/extra/*.conf
[root@Node4 apache]# cd /etc/httpd24/ [root@Node4 httpd24]# ls extra httpd.conf magic mime.types original [root@Node4 httpd24]# ls extra/ httpd-autoindex.conf httpd-languages.conf httpd-ssl.conf httpd-dav.conf httpd-manual.conf httpd-userdir.conf httpd-default.conf httpd-mpm.conf httpd-vhosts.conf httpd-info.conf httpd-multilang-errordoc.conf proxy-html.conf [root@Node4 httpd24]#
httpd-vhost.conf:配置虚拟主机
httpd-ssl.conf:配置ssl
httpd-mpm.conf:配置MPM
二、httpd-2.4新特性
1、MPM支持(DSO)运行时装载
在httpd-2.2中MPM如何切换的?
编译时使用下面的选项开启该功能:
--enable-mpms-shared=all 编译所有支持的MPM
--with-mpm=event 设定默认启用的MPM
2、支持event MPM
3、支持异步读写
4、在每模块及每目录上指定日志级别
5、每请求配置:<If>,<Elseif>
6、增强版的表达分析器
7、毫秒级的keepalive timout
8、基于FQDN的虚拟主机不再需要NameVirtualHost指令
9、配置文件支持使用自定义变量
10、新增了一些模块:mod_proxy_fcgi,mod_ratelimit,mod_request,mod_remoteip
对于基于IP的访问控制做了修改:不再支持用order,allow,deny这些机制而是统一使用require进行;中心主机和虚拟主机都必须明确定义权限才可以访问,否则无权限访问
11、基于IP访问控制
不再支持使用order,allow,deny这些机制,而是统一使用require
允许所有主机访问:Require all granted
拒绝所有主机访问:Require all deny
控制某主机的访问:
Require ip IPADDR
Require not ip IPADDR
IPADDR可使用的格式:
可以是单个IP地址, 例如:172.16.100.7
可以是network/netmask 例如:172.16.0.0/255.255.0.0
network/Length 例如:172.16.0.0/16
Net 例如:172.16
Require host HOSTNAME
Require not host HOSTNAME
Hostname可使用的格式:
FQDN:具体的主机 例如:www.magedu.com
DOMAIN: 域名 例如:.magedu.com
三、启用服务器状态
mod_status模块可以让管理员查看服务器的执行状态,它通过一个HTML页面展示了当前服务器的统计数据。这些数据通常包括但不限于:
(1) 处于工作状态的worker进程数;
(2) 空闲状态的worker进程数;
(3) 每个worker的状态,包括此worker已经响应的请求数,及由此worker发送的内容的字节数;
(4) 当前服务器总共发送的字节数;
(5) 服务器自上次启动或重启以来至当前的时长;
(6) 平均每秒钟响应的请求数、平均每秒钟发送的字节数、平均每个请求所请求内容的字节数;
查看是否装载了该模块:
[root@Node4 ~]# /usr/local/apache/bin/httpd -M|grep status status_module (shared)
启用状态页面的方法很简单,只需要在httpd主配置文件中添加如下内容即可:
<Location /server-status> SetHandler server-status Require all granted </Location>
需要提醒的是,这里的状态信息不应该被所有人随意访问,因此,应该限制仅允许某些特定地址的客户端查看。比如使用Require ip 172.16.0.0/16来限制仅允许指定网段的主机查看此页面。