首页 > 代码库 > centos7之httpd-2.4的新特性
centos7之httpd-2.4的新特性
一、常用httpd-2.4新特性
1) MPM支持在运行时装载;
编译时加上此,支持mpm:--enable-mpms-shared=all --with-mpm=event
2) 支持event
3) 异步读写
4) 在每模块及每目录上指定日志级别
5) 每请求配置
6) 增强版的表达式分析器
7) 毫秒级的keepalive timeout
8) 基于FQDN的虚拟主机不再需要NameVirtualHost指令
9) 支持使用自定义变量
10)新增了一些模块:mod_proxy_fcgi, mod_ratelimit, mod_request, mod_remoteip
11)对于基于IP的访问控制做了修改,不再支持使用order, allow, deny这些机制;而是统一使用require进行
二、安装httpd-2-4
注意:在centos6.x上默认的apr版本为apr-1.3.9,而httpd-2.4需apr1.4以上。
实验准备:
①平台:centos6.8
②软件:apr1.5.0.tar.gz apr-utils-1.5.2.tar.gz httpd-2.4.10.tar.gz
③安装开发环境:Development Tools,Server Platform Development
步骤如下:
1)安装开发包组及其pcre-devel、openssl-devel包
yum -y groupinstall "Development Tools" "Server Platform Development"
yum -y install pcre-devel openssl-devel
2)编译安装apr-1.5.0.tar.gz及其apr-utils-1.5.2.tar.gz
tar xf apr-1.50.tar.gz
cd apr-1.5.0
./configure --prefix=/usr/local/apr
make && make install
编译安装apr-utils同理:./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr make && make install
3)编译httpd-2.4.10
tar xf httpd-2.4.10.tar.gz
cd httpd-2.4.10
./configure --prefix=/usr/local/httpd24 --sysconfigdir=/etc/httpd24 --enable-so --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork
make && make install
如编译出错或想重新编译需执行,删除安装目录:make clean all
4)导出头文件
ln -sv /usr/local/httpd24/include /usr/include/httpd
5)导出库文件
echo "/usr/local/httpd24/lib" >/etc/ld.so.conf.d/httpd.conf
6)导入man手册
vi /etc/man.config 加入MANPATH /usr/local/httpd/man
7)导入环境变量
echo "PATH=/usr/local/httpd/bin/:$PATH" >/etc/init.d/httpd.sh
8)配置启动脚本
vi /etc/init.d/httpd24.sh
代码演示:
# config: /etc/sysconfig/httpd # pidfile: /var/run/httpd/httpd.pid # ### BEGIN INIT INFO # Provides: httpd # Required-Start: $local_fs $remote_fs $network $named # Required-Stop: $local_fs $remote_fs $network # Should-Start: distcache # Short-Description: start and stop Apache HTTP Server # Description: The Apache HTTP Server is an extensible server # implementing the current HTTP standards. ### END INIT INFO # Source function library. . /etc/rc.d/init.d/functions #if [ -f /etc/sysconfig/httpd ]; then # . /etc/sysconfig/httpd #fi # Start httpd in the C locale by default. HTTPD_LANG=${HTTPD_LANG-"C"} # This will prevent initlog from swallowing up a pass-phrase prompt if # mod_ssl needs a pass-phrase from the user. INITLOG_ARGS="" # Set HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server # with the thread-based "worker" MPM; BE WARNED that some modules may not # work correctly with a thread-based MPM; notably PHP will refuse to start. # Path to the apachectl script, server binary, and short-form for messages. apachectl=/usr/local/httpd24/bin/apachectl httpd=${HTTPD-/usr/local/httpd24/bin/httpd} prog=httpd pidfile=${PIDFILE-/usr/local/httpd24/logs/httpd.pid} lockfile=${LOCKFILE-/var/lock/subsys/httppd24} RETVAL=0 STOP_TIMEOUT=${STOP_TIMEOUT-10} # The semantics of these two functions differ from the way apachectl does # things -- attempting to start while running is a failure, and shutdown # when not running is also a failure. So we just do it the way init scripts # are expected to behave here. start() { echo -n $"Starting $prog: " LANG=$HTTPD_LANG daemon --pidfile=${pidfile} $httpd $OPTIONS RETVAL=$? echo [ $RETVAL = 0 ] && touch ${lockfile} return $RETVAL } # When stopping httpd, a delay (of default 10 second) is required # before SIGKILLing the httpd parent; this gives enough time for the # httpd parent to SIGKILL any errant children. stop() { status -p ${pidfile} $httpd > /dev/null if [[ $? = 0 ]]; then echo -n $"Stopping $prog: " killproc -p ${pidfile} -d ${STOP_TIMEOUT} $httpd else echo -n $"Stopping $prog: " success fi RETVAL=$? echo [ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile} } reload() { echo -n $"Reloading $prog: " if ! LANG=$HTTPD_LANG $httpd $OPTIONS -t >&/dev/null; then RETVAL=6 echo $"not reloading due to configuration syntax error" failure $"not reloading $httpd due to configuration syntax error" else # Force LSB behaviour from killproc LSB=1 killproc -p ${pidfile} $httpd -HUP RETVAL=$? if [ $RETVAL -eq 7 ]; then failure $"httpd shutdown" fi fi # See how we were called. case "$1" in start) start ;; stop) stop ;; status) status -p ${pidfile} $httpd RETVAL=$? ;; restart) stop start ;; condrestart|try-restart) if status -p ${pidfile} $httpd >&/dev/null; then stop start fi ;; force-reload|reload) reload ;; graceful|help|configtest|fullstatus) $apachectl $@ RETVAL=$? ;; *) echo $"Usage: $prog {start|stop|restart|condrestart|try-restart|force-reload|reload|status|fullstatus|graceful|help|configtest}" RETVAL=2 esac exit $RETVAL
9)加入开机自启动,测试页面
chkconfig --add httpd24
chkconfig httpd 24 on
10)测试
echo "10.1.1.1 www.blog.com" >> /etc/hosts
curl -I www.blog.com
三、配置虚拟主机及其给文本站点提供ssl加密
1、开启httpd-vhosts,及其注释站点中心目录
Include /etc/httpd24/extra/httpd-vhosts.conf
2、配置/etc/httpd24/extra/httpd-vhots.conf
<VirtualHost *:80>
ServerAdmin chen@qq.com
DocumentRoot "/website/"
ServerName www.chen.com
ServerAlias chen.com
ErrorLog "logs/www.chen.com-error_log"
CustomLog "logs/www.chen.com-access_log" common
</VirtualHost>
3、ssl加密如下步骤:
生成密钥对儿: # (umask 077; openssl genrsa -out private/cakey.pem 2048) 如果想查看公钥: # openssl rsa -in private/cakey.pem -pubout -text -noout 生成自签证书: # openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3655 创建需要的文件: # touch index.txt serial crlnumber 用openssl实现证书申请: 在主机上生成密钥,保存至应用此证书的服务的配置文件目录下, 例如: # mkdir /etc/httpd/ssl # cd /etc/httpd/ssl # (umask 077; openssl genrsa -out httpd.key 1024) 生成证书签署请求: # openssl req -new -key httpd.key -out httpd.csr 将请求文件发往CA; CA签署证书: 签署: # openssl ca -in /path/to/somefile.csr -out /path/to/somefile.crt -days DAYS
本文出自 “小耳朵” 博客,请务必保留此出处http://purify.blog.51cto.com/10572011/1857711
centos7之httpd-2.4的新特性