码上快乐

相关内容   简体   繁体

httpd常用配置和配置https步骤

本文转载自  查看原文  2021-04-27 19:32  357    apache/ Linux/ httpd

httpd常用配置

目录

apache源码安装
切换使用MPM(编辑/etc/httpd24/extra/httpd-mpm.conf文件): 

//IfModule mpm_name_module
//NAME有三种,分别是:
    prefork
    event
    worker
[root@localhost ~]# vim /etc/httpd24/extra/httpd-mpm.conf
<IfModule mpm_prefork_module>
    StartServers             5		
    MinSpareServers          5
    MaxSpareServers         10
    MaxRequestWorkers      250
    MaxConnectionsPerChild   0
</IfModule>

StartServers:  数量的服务器进程开始
MinSpareServers:  最小数量的服务器进程
MaxSpareServers:  最大数量的服务器进程
MaxRequestWorkers:  最大数量的服务器进程允许开始
MaxConnectionsPerChild:  最大连接数的一个服务器进程服务

设置环境变量

[root@localhost ~]# vim /etc/prelink.conf.d/httpd.sh
[root@localhost ~]# cat /etc/prelink.conf.d/httpd.sh 
 export PATH=/usr/local/apache/bin/:$PATH
[root@localhost ~]# source /etc/prelink.conf.d/httpd.sh

开启apache

[root@localhost ~]# apachectl start		//启动apache服务
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message 		//不想出现这个这个警告就修改主配置文件vim 											/etc/httpd24/httpd.conf把ServerName www.example.com:80							这一行的注释取消就好了
httpd (pid 1567) already running
[root@localhost ~]# ss -antl		//查看80端口是否开启
State  Recv-Q Send-Q  Local Address:Port   Peer Address:Port Process                                                      
LISTEN 0      128           0.0.0.0:22          0.0.0.0:*                                                                 
LISTEN 0      128              [::]:22             [::]:*                                                                 
LISTEN 0      128                 *:80                *:*

访问控制法则:

法则 功能
Require all granted 允许所有主机访问
Require all deny 拒绝所有主机访问
Require ip IPADDR 授权指定来源地址的主机访问
Require not ip IPADDR 拒绝指定来源地址的主机访问
Require host HOSTNAME 授权指定来源主机名的主机访问
Require not host HOSTNAME 拒绝指定来源主机名的主机访问
IPADDR的类型 HOSTNAME的类型
IP:192.168.1.1 Network/mask:192.168.1.0/255.255.255.0 Network/Length:192.168.1.0/24 Net:192.168 FQDN:特定主机的全名 DOMAIN:指定域内的所有主机

注意:httpd-2.4版本默认是拒绝所有主机访问的,所以安装以后必须做显示授权访问

示例:

[root@localhost ~]# vim /etc/httpd24/httpd.conf
<Directory "/usr/local/apache/htdocs">
    Require all granted		//把这一行删除或注释
</Directory>
[root@localhost ~]# apachectl restart	//重启服务打开浏览器就看不到页面了


[root@localhost ~]# vim /etc/httpd24/httpd.conf 
<Directory "/usr/local/apache/htdocs">
    Require all granted		//取消注释或者添加此行就可以看到初始页面了
</Directory>
[root@localhost ~]# apachectl restart

虚拟主机:

虚拟主机有三类:

  • 相同IP不同端口
  • 不同IP相同端口
  • 相同IP相同端口不同域名

进入存放网页的路径把网页加入进去

[root@localhost ~]# cd /usr/local/apache/htdocs/
[root@localhost htdocs]# ls
index.html  jp  year	//这里的jp和year是目录里面是我弄得网页内容
[root@localhost htdocs]# tree
.
├── index.html
├── jp
│   └── index.html
└── year
    ├── css
    │   ├── bootstrap.css
    │   ├── font_1191451_h720mljzrsc.css
    │   └── style.css
    ├── fonts
    │   ├── DIN-Black_0.otf
    │   ├── DIN-Bold_0.otf
    │   ├── dinbold-webfont.bc8aa63.woff
    │   ├── DIN-Light_0.otf
    │   └── DIN-Medium_0.otf
    ├── getUserinfo.html
    ├── images
    │   ├── bq001.png
    │   ├── bq002.gif
    │   └── time.jpg
    ├── index.html
    ├── js
    │   ├── app.js
    │   ├── bootstrap.min.js
    │   ├── jquery.min.js
    │   └── jweixin-1.4.0.js
    ├── json
    │   └── index.json
    └── mp3
        └── akon.mp3

8 directories, 21 files

在浏览器输入IP地址加/目录名字就可以访问

相同ip不同端口访问网站虚拟主机配置

[root@localhost httpd24]# pwd
/etc/httpd24
[root@localhost httpd24]# ls
extra  httpd.conf  magic  mime.types  original
[root@localhost httpd24]# vim httpd.conf 
Include /etc/httpd24/extra/httpd-vhosts.conf	//找到这一行取消注释
[root@localhost httpd24]# vim extra/httpd-vhosts.conf	//修改配置如下
<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/jp"
    ServerName jp.example.com
    ErrorLog "logs/jp.example.com-error_log"
    CustomLog "logs/jp.example.com-access_log" common
</VirtualHost>

listen 88	//监听88端口
<VirtualHost *:88>
    DocumentRoot "/usr/local/apache/htdocs/year"
    ServerName year.example.com
    ErrorLog "logs/year.example.com-error_log"
    CustomLog "logs/year.example.com-access_log" common
</VirtualHost>
[root@localhost httpd24]# apachectl restart
[root@localhost httpd24]# ss -ant		//可以看到80和88端口
State   Recv-Q  Send-Q    Local Address:Port    Peer Address:Port   Process  
LISTEN  0       128             0.0.0.0:22           0.0.0.0:*               
ESTAB   0       36       192.168.96.129:22      192.168.96.1:59787           
ESTAB   0       0        192.168.96.129:22      192.168.96.1:62598           
LISTEN  0       128                [::]:22              [::]:*               
LISTEN  0       128                   *:88                 *:*               
LISTEN  0       128                   *:80                 *:*

打开浏览器输入IP地址后面加:端口号就可以访问了

不同IP相同端口访问虚拟机配置

添加ip(重启失效)

[root@localhost httpd24]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:a6:9e:07 brd ff:ff:ff:ff:ff:ff
    inet 192.168.96.129/24 brd 192.168.96.255 scope global dynamic noprefixroute ens33
       valid_lft 1282sec preferred_lft 1282sec
    inet6 fe80::20c:29ff:fea6:9e07/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@localhost httpd24]# ip addr add 192.168.96.166/24 dev ens33 
[root@localhost httpd24]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:a6:9e:07 brd ff:ff:ff:ff:ff:ff
    inet 192.168.96.129/24 brd 192.168.96.255 scope global dynamic noprefixroute ens33
       valid_lft 1165sec preferred_lft 1165sec
    inet 192.168.96.166/24 scope global secondary ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fea6:9e07/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

修改vhosts.conf配置文件

[root@localhost httpd24]# vim extra/httpd-vhosts.conf //修改配置如下
<VirtualHost 192.168.96.129:80>
    DocumentRoot "/usr/local/apache/htdocs/jp"
    ServerName jp.example.com
    ErrorLog "logs/jp.example.com-error_log"
    CustomLog "logs/jp.example.com-access_log" common
</VirtualHost>

<VirtualHost 192.168.96.166:80>
    DocumentRoot "/usr/local/apache/htdocs/year"
    ServerName year.example.com
    ErrorLog "logs/year.example.com-error_log"
    CustomLog "logs/year.example.com-access_log" common
</VirtualHost>
[root@localhost httpd24]# apachectl restart

打开浏览器输入ip

相同IP相同端口不同域名访问虚拟机配置

[root@localhost httpd24]# vim extra/httpd-vhosts.conf //修改配置如下
<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/jp"
    ServerName jp.example.com
    ErrorLog "logs/jp.example.com-error_log"
    CustomLog "logs/jp.example.com-access_log" common
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/year"
    ServerName year.example.com
    ErrorLog "logs/year.example.com-error_log"
    CustomLog "logs/year.example.com-access_log" common
</VirtualHost>

因为我们做实验的是假域名所以我们得加以下操作:

c: \windows\system32\drivers\etc\hosts拖到桌面上

右键以管理员身份用写字板打开,写入以下内容

虚拟机IP地址 网页的域名

然后把hosts拖回c: \windows\system32\drivers\etc\hosts目录

然后重启apache服务

[root@localhost httpd24]# apachectl restart

然后打开浏览器输入域名

总结虚拟主机配置过程

  1. 修改主配置文件httpd.conf,加入vhosts.conf配置文件的包含信息
  2. 编写vhosts.conf文件
  3. 重启服务

配置https步骤

生成配置httpd.conf、在http-ssl.conf中配置证书位置、检查文件是否有语法错误

[root@localhost ~]# dnf -y install mod_ssl		//安装模块
//安装过程省略
[root@localhost httpd24]# pwd
/etc/httpd24
[root@localhost httpd24]# vim extra/httpd-ssl.conf		在httpd-ssl.conf中配置证书的位置//修改如下
<VirtualHost _default_:443>
#   General setup for the virtual host
DocumentRoot "/usr/local/apache/htdocs/jp"
ServerName jp.example.com:443
ErrorLog "/usr/local/apache/logs/jp_error_log"
TransferLog "/usr/local/apache/logs/jp_access_log"
SSLCertificateFile "/etc/httpd24/httpd.crt"
SSLCertificateKeyFile "/etc/httpd24/httpd.key"
[root@localhost httpd24]# vim httpd.conf //找到下面两行取消注释
LoadModule ssl_module modules/mod_ssl.so
Include /etc/httpd24/extra/httpd-ssl.conf
[root@localhost httpd24]# apachectl -t		//检查配置文件是否有语法错误
AH00526: Syntax error on line 92 of /etc/httpd24/extra/httpd-ssl.conf:
SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).
[root@localhost httpd24]# vim +92  extra/httpd-ssl.conf  //找到下面两行注释
#SSLSessionCache        "shmcb:/usr/local/apache/logs/ssl_scache(512000)"
#SSLSessionCacheTimeout  300

生成证书

[root@localhost httpd24]# mkdir /etc/pki/CA
[root@localhost httpd24]# cd /etc/pki/CA/
[root@localhost CA]# pwd
/etc/pki/CA
[root@localhost CA]# mkdir private
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)	//生成密钥,括号必须要
Generating RSA private key, 2048 bit long modulus (2 primes)
.............+++++
...........................................................................................................................................+++++
e is 65537 (0x010001)
[root@localhost CA]# ls private/
cakey.pem
[root@localhost CA]# openssl rsa -in private/cakey.pem -pubout
writing RSA key		//提取公钥
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxH5ky1mhtZDxO99mEDqI
iqB0qmAEzt5Zsrcd8094KwC6zD5Ju+jQna6BVjwNTGaeo7XrDHUwycpOzT91SPLS
W8lyy1cH0Ih5K0f/evbeC1NNlrSsBF0CTu4IY9z8C97SgBzYybjq4O0hgqz6HnJp
xXyxMl6cMZ+SyOaTqSASF0TMVVopvtDODoCDoO3Utcg4epXV4JomKQbCZCsFabIZ
81uojzxXtchHCSu1vmaWnS2RHYQd9XmnRcVRp2vCFizQsq03OB76N3FiSGQ+8+2b
jJ57GvYs9nQ1FdnMObo9PIJAt9Y/ImttBTElk3zZZzvn/g/DiA0DeaUjOUsWrk5V
kQIDAQAB
-----END PUBLIC KEY-----
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365		//生成自签署证书
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN		//国家名字
State or Province Name (full name) []:HB	//省份
Locality Name (eg, city) [Default City]:WH	//城市
Organization Name (eg, company) [Default Company Ltd]:jxrt		//组织名字
Organizational Unit Name (eg, section) []:jxrt		//组织单元
Common Name (eg, your name or your server's hostname) []:jp.example.com		//域名
Email Address []:123@.com		//邮箱这里瞎设置的
[root@localhost CA]# ls
cacert.pem  private
root@localhost CA]# mkdir certs newcerts crl
[root@localhost CA]# touch index.txt && echo 01 > serial
[root@localhost CA]# ls
cacert.pem  certs  crl  index.txt  newcerts  private  serial
[root@localhost CA]# cd /opt/
[root@localhost opt]# ls
[root@localhost opt]# (umask 077;openssl genrsa -out httpd.key 2048)	//客户端(例如httpd服务器)生成密钥
Generating RSA private key, 2048 bit long modulus (2 primes)
........................................................................................................................................................................+++++
....+++++
e is 65537 (0x010001)
[root@localhost opt]# ls
httpd.key
[root@localhost opt]# openssl req -new -key httpd.key -days 365 -out httpd.csr	//客户端生成证书签署请求
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:jxrt
Organizational Unit Name (eg, section) []:jxrt
Common Name (eg, your name or your server's hostname) []:123@.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@localhost opt]# ll
total 8
-rw-r--r--. 1 root root  985 Apr 27 17:29 httpd.csr
-rw-------. 1 root root 1675 Apr 27 17:27 httpd.key
[root@localhost opt]# openssl ca -in /opt/httpd.csr -out httpd.crtt -days 365	//CA签署客户端提交上来的证书
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Apr 27 09:31:52 2021 GMT
            Not After : Apr 27 09:31:52 2022 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = HB
            organizationName          = jxrt
            organizationalUnitName    = jxrt
            commonName                = 123@.com
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                9C:AF:99:B2:B8:1C:DD:29:16:DB:AB:AB:E3:B2:B0:D9:13:CE:F4:EE
            X509v3 Authority Key Identifier: 
                keyid:57:F6:77:F2:9C:C7:3A:90:FA:CC:9E:03:49:28:40:B0:63:EC:0A:55

Certificate is to be certified until Apr 27 09:31:52 2022 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@localhost opt]# ls
httpd.crt  httpd.csr  httpd.key
[root@localhost opt]# mv httpd.c
httpd.crt  httpd.csr  
[root@localhost opt]# mv httpd.crt httpd.key /etc/httpd24/
[root@localhost opt]# cd /etc/httpd24/
[root@localhost httpd24]# ls
extra       httpd.crt  magic       original
httpd.conf  httpd.key  mime.types
[root@localhost httpd24]# apachectl restart		//启动或重启服务


配置https步骤:
生成证书
配置httpd.conf,取消以下内容的注释
在httpd-vhosts.conf中配置虚拟主机
在httpd-ssl.conf中配置证书的位置
检查配置文件是否有语法错误
启动或重启服务
设置hosts以便用域名访问(仅学习阶段,企业实际工作中无需做此步。)


免责声明!

本站转载的文章为个人学习借鉴使用,本站对版权不负任何法律责任。如果侵犯了您的隐私权益,请联系本站邮箱yoyou2525@163.com删除。



猜您在找 配置httpd支持https nginx 配置https详细步骤 HTTPS_SSL配置的步骤以及原理说明 linux apache Tomcat配置SSL(https)步骤 apache Tomcat配置SSL(https)步骤 httpd - 配置SSL证书 apache httpd下配置转发 Php和httpd.conf的配置 httpd访问网络配置httpd_can_network_connect 为什么我们要配置https?如何配置https?
 
粤ICP备18138465号  © 2018-2025 CODEPRJ.COM