一、編譯安裝httpd-2.4.25
1、環境
OS:CentOS6.5 x86_64
已安裝了常用的開發包組:
[root@Node4 ~]# yum grouplist
Loaded plugins: fastestmirror
Setting up Group Process
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* epel: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
epel/group_gz | 150 kB 00:00
Installed Groups:
Additional Development
Desktop Platform Development #桌面平台開發
Development tools #開發工具
E-mail server
Fonts
General Purpose Desktop
Graphical Administration Tools
Input Methods
Legacy X Window System compatibility
Milkymist
Perl Support
Security Tools
Server Platform Development #伺服器平台開發
Installed Language Groups:
Chinese Support [zh] 從官網擷取軟體包,并驗證其來源合法性及完整性:
驗證方法:
% pgpk -a KEYS
% pgpv httpd-2.4.25.tar.gz.asc
or
% pgp -ka KEYS
% pgp httpd-2.4.25.tar.gz.asc
or
% gpg --import KEYS
% gpg --verify httpd-2.4.25.tar.gz.asc httpd-2.4.25.tar.gz 驗證:
[root@Node4 ~]#
[root@Node4 ~]# cd src
[root@Node4 src]# ls
apr-1.5.2.tar.gz apr-util-1.5.4.tar.gz httpd-2.4.25.tar.gz httpd-2.4.25.tar.gz.asc KEYS
[root@Node4 src]# gpg --import KEYS
.
.
.
gpg: Total number processed: 64
gpg: w/o user IDs: 4
gpg: unchanged: 60
[root@Node4 src]# gpg --verify httpd-2.4.25.tar.gz.asc httpd-2.4.25.tar.gz
gpg: Signature made Sat 17 Dec 2016 02:25:00 AM CST using RSA key ID 791485A8
gpg: Good signature from "Jim Jagielski (Release Signing Key) <[email protected]>" #出現這一行說明這個簽名是有效的
gpg: aka "Jim Jagielski <[email protected]>"
gpg: aka "Jim Jagielski <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
#這個警告是因為本地密鑰庫不信任該公鑰
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: A93D 62EC C3C8 EA12 DB22 0EC9 34EA 76E6 7914 85A8
[root@Node4 src]# 2、安裝httpd-2.4.25依賴的包
1)pcre
httpd支援正規表達式依賴于pcre(正規表達式函數庫),需要安裝其開發包pcre-devel
[root@Node4 ~]# rpm -qa|grep pcre
pcre-7.8-6.el6.x86_64
[root@Node4 ~]# yum install httpd -y #使用yum安裝pcre-devel包 注意:
可以不解除安裝系統上yum安裝httpd和其依賴包,但一定要關閉httpd并禁止其開機啟動。建議删掉
2)apr及apr-util
httpd-2.4 依賴于較高版本的apr(1.5以上)和apr-util
apr:apache portable runtime apache可移植執行環境
是一個api,一個底層庫,實作讓apache能夠跨平台的工具
[root@Node4 ~]# rpm -qa|grep apr
#系統中自帶(或yum安裝)的apr版本低了,需編譯安裝apr及apr-util
apr-1.3.9-5.el6_2.x86_64
apr-util-ldap-1.3.9-3.el6_0.1.x86_64
apr-util-1.3.9-3.el6_0.1.x86_64 編譯安裝apr:
[root@Node4 src]# tar xf apr-1.5.2.tar.gz
[root@Node4 src]# cd apr-1.5.2
[root@Node4 apr-1.5.2]# ls
apr-config.in buildconf dso libapr.rc NOTICE support
apr.dep build.conf emacs-mode LICENSE NWGNUmakefile tables
apr.dsp build-outputs.mk encoding locks passwd test
apr.dsw CHANGES file_io Makefile.in poll threadproc
apr.mak CMakeLists.txt helpers Makefile.win random time
apr.pc.in config.layout include memory README tools
apr.spec configure libapr.dep misc README.cmake user
atomic configure.in libapr.dsp mmap shmem
build docs libapr.mak network_io strings
[root@Node4 apr-1.5.2]# ./configure --prefix=/usr/local/apr
[root@Node4 apr-1.5.2]# make && make install
[root@Node4 apr-1.5.2]# ls /usr/local/apr/
bin build-1 include lib 編譯安裝apr-util:
[root@Node4 apr-1.5.2]# cd ..
[root@Node4 src]# tar xf apr-util-1.5.4.tar.gz
[root@Node4 src]# cd apr-util-1.5.4
[root@Node4 apr-util-1.5.4]# ls
aprutil.dep buildconf dbd libaprutil.dsp NWGNUmakefile
aprutil.dsp build.conf dbm libaprutil.mak README
aprutil.dsw build-outputs.mk docs libaprutil.rc README.cmake
aprutil.mak CHANGES encoding LICENSE renames_pending
apr-util.pc.in CMakeLists.txt export_vars.sh.in Makefile.in strmatch
apr-util.spec config.layout hooks Makefile.win test
apu-config.in configure include memcache uri
buckets configure.in ldap misc xlate
build crypto libaprutil.dep NOTICE xml
[root@Node4 apr-util-1.5.4]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr #apr-util依賴于apr是以要使用with-apr指定apr程式的位置
[root@Node4 apr-util-1.5.4]# make && make install
[root@Node4 apr-util-1.5.4]# ls /usr/local/apr-util/
bin include lib 3、編譯安裝httpd-2.4.25
[root@Node4 apr-util-1.5.4]# cd ..
[root@Node4 src]# tar xf httpd-2.4.25.tar.gz
[root@Node4 src]# cd httpd-2.4.25
[root@Node4 httpd-2.4.25]# ls
ABOUT_APACHE BuildBin.dsp emacs-style LAYOUT NOTICE srclib
acinclude.m4 buildconf httpd.dep libhttpd.dep NWGNUmakefile support
Apache-apr2.dsw CHANGES httpd.dsp libhttpd.dsp os test
Apache.dsw CMakeLists.txt httpd.mak libhttpd.mak README VERSIONING
apache_probes.d config.layout httpd.spec LICENSE README.cmake
ap.d configure include Makefile.in README.platforms
build configure.in INSTALL Makefile.win ROADMAP
BuildAll.dsp docs InstallBin.dsp modules server httpd編譯參數詳解:
[root@Node4 httpd-2.4.25]# ./configure --prefix=/usr/local/apache \ #安裝路徑
> --sysconfdir=/etc/httpd24 \ #配置檔案路徑
> --enable-so \ #啟用支援動态共享子產品
> --enable-ssl \ #支援ssl
> --enable-cgi \ #支援cgi
> --enable-rewrite \ #支援URL重寫
> --with-zlib \ #依賴zlib庫檔案,網絡上發送資料封包時通用壓縮庫的API
> --with-pcre \ #指定依賴pcre包,不指定路徑,系統就會去系統中查找(rpm包的安裝路徑)
> --with-apr=/usr/local/apr \ #指定依賴apr包路徑
> --with-apr-util=/usr/local/apr-util \ #指定依賴apr-util包路徑
> --enable-modules=most|all \ #安裝大多數子產品或全部子產品
> --enable-mpms-shared=all \ #以動态共享子產品方式安裝全部MPM
> --with-mpm=event #指定預設使用event MPM 啟動并測試:
[root@Node4 httpd-2.4.25]# cd /usr/local/apache/
[root@Node4 apache]# ls
bin build cgi-bin error htdocs icons include logs man manual modules
[root@Node4 apache]# ls bin
ab apxs dbmmanage envvars-std htcacheclean htdigest httpd logresolve
apachectl checkgid envvars fcgistarter htdbm htpasswd httxt2dbm rotatelogs
[root@Node4 apache]# ./bin/apachectl start
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.10.4. Set the 'ServerName' directive globally to suppress this message
httpd (pid 32245) already running 
4、後續的配置
導出二進制程式:
# vim /etc/profile.d/apache.sh
export PATH=/usr/local/apache/bin:$PATH 導出頭檔案:
[root@Node4 apache]# ln -sv /usr/local/apache/include/ /usr/include/httpd
`/usr/include/httpd' -> `/usr/local/apache/include/' 導出庫檔案:沒有生成庫檔案
導出man手冊:
# vi /etc/man.conf
添加 MANPATH /usr/local/apache/man
或者直接使用指令:man -M /usr/local/apache/man apache 建立SysV(System V)風格的服務腳本:
最簡單的方法是修改原yum安裝的httpd服務腳本
編譯安裝後httpd預設的pid檔案路徑為:
[root@Node4 apache]# ls logs
access_log error_log httpd.pid 指定pid檔案路徑:
在/etc/httpd2.4/httpd.conf中添加一行:PidFile "/var/run/httpd2.4.pid" #我這裡不修改
修改原yum安裝的http服務腳本:/etc/rc.d/init.d/httpd
# Path to the apachectl script, server binary, and short-form for messages.
apachectl=/usr/local/apache/bin/apachectl
httpd=${HTTPD-/usr/local/apache/bin/httpd}
prog=httpd
pidfile=${PIDFILE-/usr/local/apache/logs/httpd.pid}
lockfile=${LOCKFILE-/var/lock/subsys/httpd}
RETVAL=0
STOP_TIMEOUT=${STOP_TIMEOUT-10}
# The semantics of these two functions differ from the way apachectl does 測試:
[root@Node4 ~]# service httpd
Usage: httpd {start|stop|restart|condrestart|try-restart|force-reload|reload|status|fullstatus|graceful|help|configtest}
[root@Node4 ~]# service httpd status
httpd (pid 49500) is running...
[root@Node4 ~]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
[root@Node4 ~]# service httpd status
httpd (pid 49620) is running...
[root@Node4 ~]# chkconfig --list httpd
service httpd supports chkconfig, but is not referenced in any runlevel (run 'chkconfig --add httpd')
[root@Node4 ~]# chkconfig --add httpd
[root@Node4 ~]# chkconfig --list httpd
httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@Node4 ~]# chkconfig httpd on
[root@Node4 ~]# chkconfig --list httpd
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off 編譯安裝2.4版本的主配置檔案/etc/apache2.4沒有像yum安裝的2.2版本的主配置檔案/etc/httpd/conf/httpd.conf一樣分為三段,分段配置檔案為/etc/apache2.4/extra/*.conf
[root@Node4 apache]# cd /etc/httpd24/
[root@Node4 httpd24]# ls
extra httpd.conf magic mime.types original
[root@Node4 httpd24]# ls extra/
httpd-autoindex.conf httpd-languages.conf httpd-ssl.conf
httpd-dav.conf httpd-manual.conf httpd-userdir.conf
httpd-default.conf httpd-mpm.conf httpd-vhosts.conf
httpd-info.conf httpd-multilang-errordoc.conf proxy-html.conf
[root@Node4 httpd24]# httpd-vhost.conf:配置虛拟主機
httpd-ssl.conf:配置ssl
httpd-mpm.conf:配置MPM
二、httpd-2.4新特性
1、MPM支援(DSO)運作時裝載
在httpd-2.2中MPM如何切換的?
編譯時使用下面的選項開啟該功能:
--enable-mpms-shared=all 編譯所有支援的MPM
--with-mpm=event 設定預設啟用的MPM
2、支援event MPM
3、支援異步讀寫
4、在每子產品及每目錄上指定日志級别
5、每請求配置:<If>,<Elseif>
6、增強版的表達分析器
7、毫秒級的keepalive timout
8、基于FQDN的虛拟主機不再需要NameVirtualHost指令
9、配置檔案支援使用自定義變量
10、新增了一些子產品:mod_proxy_fcgi,mod_ratelimit,mod_request,mod_remoteip
對于基于IP的通路控制做了修改:不再支援用order,allow,deny這些機制而是統一使用require進行;中心主機和虛拟主機都必須明确定義權限才可以通路,否則無權限通路
11、基于IP通路控制
不再支援使用order,allow,deny這些機制,而是統一使用require
允許所有主機通路:Require all granted
拒絕所有主機通路:Require all deny
控制某主機的通路:
Require ip IPADDR
Require not ip IPADDR
IPADDR可使用的格式:
可以是單個IP位址, 例如:172.16.100.7
可以是network/netmask 例如:172.16.0.0/255.255.0.0
network/Length 例如:172.16.0.0/16
Net 例如:172.16
Require host HOSTNAME
Require not host HOSTNAME
Hostname可使用的格式:
FQDN:具體的主機 例如:www.magedu.com
DOMAIN: 域名 例如:.magedu.com
三、啟用伺服器狀态
mod_status子產品可以讓管理者檢視伺服器的執行狀态,它通過一個HTML頁面展示了目前伺服器的統計資料。這些資料通常包括但不限于:
(1) 處于工作狀态的worker程序數;
(2) 空閑狀态的worker程序數;
(3) 每個worker的狀态,包括此worker已經響應的請求數,及由此worker發送的内容的位元組數;
(4) 目前伺服器總共發送的位元組數;
(5) 伺服器自上次啟動或重新開機以來至目前的時長;
(6) 平均每秒鐘響應的請求數、平均每秒鐘發送的位元組數、平均每個請求所請求内容的位元組數;
檢視是否裝載了該子產品:
[root@Node4 ~]# /usr/local/apache/bin/httpd -M|grep status
status_module (shared) 啟用狀态頁面的方法很簡單,隻需要在httpd主配置檔案中添加如下内容即可:
<Location /server-status>
SetHandler server-status
Require all granted
</Location> 需要提醒的是,這裡的狀态資訊不應該被所有人随意通路,是以,應該限制僅允許某些特定位址的用戶端檢視。比如使用Require ip 172.16.0.0/16來限制僅允許指定網段的主機檢視此頁面。
![圖解HTTP----确認通路使用者身份的認證一、概述二、何為認證三、BASIC認證四、DIGEST認證五、SSL用戶端認證六、基于表單認證七、認證多半為基于表單認證八、Session管理及Cookie應用[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)