碼上快樂

相關內容    簡體    繁體

httpd常用配置和配置https步驟

本文轉載自   查看原文   2021-04-27 19:32   357    apache/ Linux/ httpd

httpd常用配置

目錄

apache源碼安裝
切換使用MPM(編輯/etc/httpd24/extra/httpd-mpm.conf文件): 

//IfModule mpm_name_module
//NAME有三種,分別是:
    prefork
    event
    worker
[root@localhost ~]# vim /etc/httpd24/extra/httpd-mpm.conf
<IfModule mpm_prefork_module>
    StartServers             5		
    MinSpareServers          5
    MaxSpareServers         10
    MaxRequestWorkers      250
    MaxConnectionsPerChild   0
</IfModule>

StartServers:  數量的服務器進程開始
MinSpareServers:  最小數量的服務器進程
MaxSpareServers:  最大數量的服務器進程
MaxRequestWorkers:  最大數量的服務器進程允許開始
MaxConnectionsPerChild:  最大連接數的一個服務器進程服務

設置環境變量

[root@localhost ~]# vim /etc/prelink.conf.d/httpd.sh
[root@localhost ~]# cat /etc/prelink.conf.d/httpd.sh 
 export PATH=/usr/local/apache/bin/:$PATH
[root@localhost ~]# source /etc/prelink.conf.d/httpd.sh

開啟apache

[root@localhost ~]# apachectl start		//啟動apache服務
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message 		//不想出現這個這個警告就修改主配置文件vim 											/etc/httpd24/httpd.conf把ServerName www.example.com:80							這一行的注釋取消就好了
httpd (pid 1567) already running
[root@localhost ~]# ss -antl		//查看80端口是否開啟
State  Recv-Q Send-Q  Local Address:Port   Peer Address:Port Process                                                      
LISTEN 0      128           0.0.0.0:22          0.0.0.0:*                                                                 
LISTEN 0      128              [::]:22             [::]:*                                                                 
LISTEN 0      128                 *:80                *:*

訪問控制法則:

法則 功能
Require all granted 允許所有主機訪問
Require all deny 拒絕所有主機訪問
Require ip IPADDR 授權指定來源地址的主機訪問
Require not ip IPADDR 拒絕指定來源地址的主機訪問
Require host HOSTNAME 授權指定來源主機名的主機訪問
Require not host HOSTNAME 拒絕指定來源主機名的主機訪問
IPADDR的類型 HOSTNAME的類型
IP:192.168.1.1 Network/mask:192.168.1.0/255.255.255.0 Network/Length:192.168.1.0/24 Net:192.168 FQDN:特定主機的全名 DOMAIN:指定域內的所有主機

注意:httpd-2.4版本默認是拒絕所有主機訪問的,所以安裝以后必須做顯示授權訪問

示例:

[root@localhost ~]# vim /etc/httpd24/httpd.conf
<Directory "/usr/local/apache/htdocs">
    Require all granted		//把這一行刪除或注釋
</Directory>
[root@localhost ~]# apachectl restart	//重啟服務打開瀏覽器就看不到頁面了


[root@localhost ~]# vim /etc/httpd24/httpd.conf 
<Directory "/usr/local/apache/htdocs">
    Require all granted		//取消注釋或者添加此行就可以看到初始頁面了
</Directory>
[root@localhost ~]# apachectl restart

虛擬主機:

虛擬主機有三類:

  • 相同IP不同端口
  • 不同IP相同端口
  • 相同IP相同端口不同域名

進入存放網頁的路徑把網頁加入進去

[root@localhost ~]# cd /usr/local/apache/htdocs/
[root@localhost htdocs]# ls
index.html  jp  year	//這里的jp和year是目錄里面是我弄得網頁內容
[root@localhost htdocs]# tree
.
├── index.html
├── jp
│   └── index.html
└── year
    ├── css
    │   ├── bootstrap.css
    │   ├── font_1191451_h720mljzrsc.css
    │   └── style.css
    ├── fonts
    │   ├── DIN-Black_0.otf
    │   ├── DIN-Bold_0.otf
    │   ├── dinbold-webfont.bc8aa63.woff
    │   ├── DIN-Light_0.otf
    │   └── DIN-Medium_0.otf
    ├── getUserinfo.html
    ├── images
    │   ├── bq001.png
    │   ├── bq002.gif
    │   └── time.jpg
    ├── index.html
    ├── js
    │   ├── app.js
    │   ├── bootstrap.min.js
    │   ├── jquery.min.js
    │   └── jweixin-1.4.0.js
    ├── json
    │   └── index.json
    └── mp3
        └── akon.mp3

8 directories, 21 files

在瀏覽器輸入IP地址加/目錄名字就可以訪問

相同ip不同端口訪問網站虛擬主機配置

[root@localhost httpd24]# pwd
/etc/httpd24
[root@localhost httpd24]# ls
extra  httpd.conf  magic  mime.types  original
[root@localhost httpd24]# vim httpd.conf 
Include /etc/httpd24/extra/httpd-vhosts.conf	//找到這一行取消注釋
[root@localhost httpd24]# vim extra/httpd-vhosts.conf	//修改配置如下
<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/jp"
    ServerName jp.example.com
    ErrorLog "logs/jp.example.com-error_log"
    CustomLog "logs/jp.example.com-access_log" common
</VirtualHost>

listen 88	//監聽88端口
<VirtualHost *:88>
    DocumentRoot "/usr/local/apache/htdocs/year"
    ServerName year.example.com
    ErrorLog "logs/year.example.com-error_log"
    CustomLog "logs/year.example.com-access_log" common
</VirtualHost>
[root@localhost httpd24]# apachectl restart
[root@localhost httpd24]# ss -ant		//可以看到80和88端口
State   Recv-Q  Send-Q    Local Address:Port    Peer Address:Port   Process  
LISTEN  0       128             0.0.0.0:22           0.0.0.0:*               
ESTAB   0       36       192.168.96.129:22      192.168.96.1:59787           
ESTAB   0       0        192.168.96.129:22      192.168.96.1:62598           
LISTEN  0       128                [::]:22              [::]:*               
LISTEN  0       128                   *:88                 *:*               
LISTEN  0       128                   *:80                 *:*

打開瀏覽器輸入IP地址后面加:端口號就可以訪問了

不同IP相同端口訪問虛擬機配置

添加ip(重啟失效)

[root@localhost httpd24]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:a6:9e:07 brd ff:ff:ff:ff:ff:ff
    inet 192.168.96.129/24 brd 192.168.96.255 scope global dynamic noprefixroute ens33
       valid_lft 1282sec preferred_lft 1282sec
    inet6 fe80::20c:29ff:fea6:9e07/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@localhost httpd24]# ip addr add 192.168.96.166/24 dev ens33 
[root@localhost httpd24]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:a6:9e:07 brd ff:ff:ff:ff:ff:ff
    inet 192.168.96.129/24 brd 192.168.96.255 scope global dynamic noprefixroute ens33
       valid_lft 1165sec preferred_lft 1165sec
    inet 192.168.96.166/24 scope global secondary ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fea6:9e07/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

修改vhosts.conf配置文件

[root@localhost httpd24]# vim extra/httpd-vhosts.conf //修改配置如下
<VirtualHost 192.168.96.129:80>
    DocumentRoot "/usr/local/apache/htdocs/jp"
    ServerName jp.example.com
    ErrorLog "logs/jp.example.com-error_log"
    CustomLog "logs/jp.example.com-access_log" common
</VirtualHost>

<VirtualHost 192.168.96.166:80>
    DocumentRoot "/usr/local/apache/htdocs/year"
    ServerName year.example.com
    ErrorLog "logs/year.example.com-error_log"
    CustomLog "logs/year.example.com-access_log" common
</VirtualHost>
[root@localhost httpd24]# apachectl restart

打開瀏覽器輸入ip

相同IP相同端口不同域名訪問虛擬機配置

[root@localhost httpd24]# vim extra/httpd-vhosts.conf //修改配置如下
<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/jp"
    ServerName jp.example.com
    ErrorLog "logs/jp.example.com-error_log"
    CustomLog "logs/jp.example.com-access_log" common
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/year"
    ServerName year.example.com
    ErrorLog "logs/year.example.com-error_log"
    CustomLog "logs/year.example.com-access_log" common
</VirtualHost>

因為我們做實驗的是假域名所以我們得加以下操作:

c: \windows\system32\drivers\etc\hosts拖到桌面上

右鍵以管理員身份用寫字板打開,寫入以下內容

虛擬機IP地址 網頁的域名

然后把hosts拖回c: \windows\system32\drivers\etc\hosts目錄

然后重啟apache服務

[root@localhost httpd24]# apachectl restart

然后打開瀏覽器輸入域名

總結虛擬主機配置過程

  1. 修改主配置文件httpd.conf,加入vhosts.conf配置文件的包含信息
  2. 編寫vhosts.conf文件
  3. 重啟服務

配置https步驟

生成配置httpd.conf、在http-ssl.conf中配置證書位置、檢查文件是否有語法錯誤

[root@localhost ~]# dnf -y install mod_ssl		//安裝模塊
//安裝過程省略
[root@localhost httpd24]# pwd
/etc/httpd24
[root@localhost httpd24]# vim extra/httpd-ssl.conf		在httpd-ssl.conf中配置證書的位置//修改如下
<VirtualHost _default_:443>
#   General setup for the virtual host
DocumentRoot "/usr/local/apache/htdocs/jp"
ServerName jp.example.com:443
ErrorLog "/usr/local/apache/logs/jp_error_log"
TransferLog "/usr/local/apache/logs/jp_access_log"
SSLCertificateFile "/etc/httpd24/httpd.crt"
SSLCertificateKeyFile "/etc/httpd24/httpd.key"
[root@localhost httpd24]# vim httpd.conf //找到下面兩行取消注釋
LoadModule ssl_module modules/mod_ssl.so
Include /etc/httpd24/extra/httpd-ssl.conf
[root@localhost httpd24]# apachectl -t		//檢查配置文件是否有語法錯誤
AH00526: Syntax error on line 92 of /etc/httpd24/extra/httpd-ssl.conf:
SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).
[root@localhost httpd24]# vim +92  extra/httpd-ssl.conf  //找到下面兩行注釋
#SSLSessionCache        "shmcb:/usr/local/apache/logs/ssl_scache(512000)"
#SSLSessionCacheTimeout  300

生成證書

[root@localhost httpd24]# mkdir /etc/pki/CA
[root@localhost httpd24]# cd /etc/pki/CA/
[root@localhost CA]# pwd
/etc/pki/CA
[root@localhost CA]# mkdir private
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)	//生成密鑰,括號必須要
Generating RSA private key, 2048 bit long modulus (2 primes)
.............+++++
...........................................................................................................................................+++++
e is 65537 (0x010001)
[root@localhost CA]# ls private/
cakey.pem
[root@localhost CA]# openssl rsa -in private/cakey.pem -pubout
writing RSA key		//提取公鑰
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxH5ky1mhtZDxO99mEDqI
iqB0qmAEzt5Zsrcd8094KwC6zD5Ju+jQna6BVjwNTGaeo7XrDHUwycpOzT91SPLS
W8lyy1cH0Ih5K0f/evbeC1NNlrSsBF0CTu4IY9z8C97SgBzYybjq4O0hgqz6HnJp
xXyxMl6cMZ+SyOaTqSASF0TMVVopvtDODoCDoO3Utcg4epXV4JomKQbCZCsFabIZ
81uojzxXtchHCSu1vmaWnS2RHYQd9XmnRcVRp2vCFizQsq03OB76N3FiSGQ+8+2b
jJ57GvYs9nQ1FdnMObo9PIJAt9Y/ImttBTElk3zZZzvn/g/DiA0DeaUjOUsWrk5V
kQIDAQAB
-----END PUBLIC KEY-----
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365		//生成自簽署證書
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN		//國家名字
State or Province Name (full name) []:HB	//省份
Locality Name (eg, city) [Default City]:WH	//城市
Organization Name (eg, company) [Default Company Ltd]:jxrt		//組織名字
Organizational Unit Name (eg, section) []:jxrt		//組織單元
Common Name (eg, your name or your server's hostname) []:jp.example.com		//域名
Email Address []:123@.com		//郵箱這里瞎設置的
[root@localhost CA]# ls
cacert.pem  private
root@localhost CA]# mkdir certs newcerts crl
[root@localhost CA]# touch index.txt && echo 01 > serial
[root@localhost CA]# ls
cacert.pem  certs  crl  index.txt  newcerts  private  serial
[root@localhost CA]# cd /opt/
[root@localhost opt]# ls
[root@localhost opt]# (umask 077;openssl genrsa -out httpd.key 2048)	//客戶端(例如httpd服務器)生成密鑰
Generating RSA private key, 2048 bit long modulus (2 primes)
........................................................................................................................................................................+++++
....+++++
e is 65537 (0x010001)
[root@localhost opt]# ls
httpd.key
[root@localhost opt]# openssl req -new -key httpd.key -days 365 -out httpd.csr	//客戶端生成證書簽署請求
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:jxrt
Organizational Unit Name (eg, section) []:jxrt
Common Name (eg, your name or your server's hostname) []:123@.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@localhost opt]# ll
total 8
-rw-r--r--. 1 root root  985 Apr 27 17:29 httpd.csr
-rw-------. 1 root root 1675 Apr 27 17:27 httpd.key
[root@localhost opt]# openssl ca -in /opt/httpd.csr -out httpd.crtt -days 365	//CA簽署客戶端提交上來的證書
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Apr 27 09:31:52 2021 GMT
            Not After : Apr 27 09:31:52 2022 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = HB
            organizationName          = jxrt
            organizationalUnitName    = jxrt
            commonName                = 123@.com
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                9C:AF:99:B2:B8:1C:DD:29:16:DB:AB:AB:E3:B2:B0:D9:13:CE:F4:EE
            X509v3 Authority Key Identifier: 
                keyid:57:F6:77:F2:9C:C7:3A:90:FA:CC:9E:03:49:28:40:B0:63:EC:0A:55

Certificate is to be certified until Apr 27 09:31:52 2022 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@localhost opt]# ls
httpd.crt  httpd.csr  httpd.key
[root@localhost opt]# mv httpd.c
httpd.crt  httpd.csr  
[root@localhost opt]# mv httpd.crt httpd.key /etc/httpd24/
[root@localhost opt]# cd /etc/httpd24/
[root@localhost httpd24]# ls
extra       httpd.crt  magic       original
httpd.conf  httpd.key  mime.types
[root@localhost httpd24]# apachectl restart		//啟動或重啟服務


配置https步驟:
生成證書
配置httpd.conf,取消以下內容的注釋
在httpd-vhosts.conf中配置虛擬主機
在httpd-ssl.conf中配置證書的位置
檢查配置文件是否有語法錯誤
啟動或重啟服務
設置hosts以便用域名訪問(僅學習階段,企業實際工作中無需做此步。)


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 配置httpd支持https apache httpd基於openssl的https配置案例 nginx 配置https詳細步驟 HTTPS_SSL配置的步驟以及原理說明 HTTPS_SSL配置的步驟以及原理說明 linux apache Tomcat配置SSL(https)步驟 apache Tomcat配置SSL(https)步驟 nginx常用配置系列-HTTPS配置 httpd - 配置SSL證書 httpd.conf 配置
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM