httpd的编译安装
2024-05-27 13:55:22
httpd的编译安装
文章目录
- httpd的编译安装
- 1. httpd需要用到的安装包
- 2. 安装顺序:apr→apr-util→httpd
- 设置阿帕奇服务开机自启动
- 3. 如何配置虚拟主机
- 3.1 访问控制法则
- 3.1.1 相同IP不同端口号配置方法
- 3.1.2 不同IP相同端口号
- 3.1.3 相同IP相同端口不同域名
- 4. 访问控制:禁用某主机访问某网站(虚拟主机)
- 4.1 配置https步骤
- 4.1.1 生成证书
- 4.1.2 配置httpd.conf,取消以下内容的注释
- 4.1.3 检查配置文件是否有语法错误
1. httpd需要用到的安装包
2. 安装顺序:apr→apr-util→httpd
[root@localhost ~]# ls
anaconda-ks.cfg nginx-1.20.2 nginx-1.20.2.tar.gz
用xftp上传后:
[root@localhost ~]# ls
anaconda-ks.cfg apr-util-1.6.1.tar.gz
apr-1.7.0.tar.bz2 httpd-2.4.53.tar.gz
解压
[root@localhost ~]# yum -y install bzip2 //系统默认没有解压bz2格式压缩包的工具
[root@localhost ~]# tar xf apr-util-1.6.1.tar.gz
[root@localhost ~]# tar xf httpd-2.4.53.tar.gz
[root@localhost ~]# tar xf apr-1.7.0.tar.bz2
[root@localhost ~]# ls
anaconda-ks.cfg apr-util-1.6.1 httpd-2.4.53.tar.gz
apr-1.7.0 apr-util-1.6.1.tar.gz
apr-1.7.0.tar.bz2 httpd-2.4.53[root@localhost ~]# useradd -r -M -s /sbin/nologin apache
[root@localhost ~]# id apache
uid=995(apache) gid=992(apache) groups=992(apache)
[root@localhost ~]# grep apache /etc/group
apache:x:992:
//创建apache的用户和组[root@localhost ~]# cd apr-1.7.0
[root@localhost apr-1.7.0]# ls
apr-config.in CMakeLists.txt libapr.mak poll
apr.dep config.layout libapr.rc random
apr.dsp configure LICENSE README
apr.dsw configure.in locks README.cmake
apr.mak docs Makefile.in shmem
apr.pc.in dso Makefile.win strings
apr.spec emacs-mode memory support
atomic encoding misc tables
build file_io mmap test
build.conf helpers network_io threadproc
buildconf include NOTICE time
build-outputs.mk libapr.dep NWGNUmakefile tools
CHANGES libapr.dsp passwd user在安装之前装编辑工具:
[root@localhost apr-1.7.0]# dnf -y install gcc gcc-c++依赖包也要提前装,不提前装就算最后安装好了,也会出现各种问题
[root@localhost ~]# yum -y install openssl-devel pcre-devel expat-devel libtool[root@localhost apr-1.7.0]# ./configure -- prefix=/usr/local/apr
//配置脚本,指定软件的安装路径,安装的功能,生成makefile编译脚本这里直接装,出现报错:
rm: cannot remove 'libtoolT': No such file or directory config.status: executing default commands
解决:
因为显示缺包,所以先尝试装包
[root@localhost ~]# dnf list all|grep -i libtool
libtool-ltdl.x86_64 2.4.6-25.el8 @anaconda
libtool.x86_64 2.4.6-25.el8 AppStream
libtool-ltdl.i686 2.4.6-25.el8 base
libtool-ltdl-devel.i686 2.4.6-25.el8 AppStream
libtool-ltdl-devel.x86_64 2.4.6-25.el8 AppStream
[root@localhost ~]# dnf -y install libtool libtool-ltdl libtool-ltdl-devel
装过依旧报该错,尝试其他方法:在该软件目录下,vi/vim打开configure这个配置文件
方法一:找到$RM "cfgfile",删除或注释它
方法二:找到RM='$RM'这一行 修改为RM='$RM -f'最后执行make命令进行编译,可以使用-j指定CPU核心数进行编译
[root@localhost ~]# dnf -y install make
[root@localhost apr-1.7.0]# make //编译
[root@localhost apr-1.7.0]# make install //make install安装,将编译好的二进制文件拷贝到指定的安装路径下,自动创建目录[root@localhost ~]# cd apr-util-1.6.1
[root@localhost apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
[root@localhost apr-util-1.6.1]# make
[root@localhost apr-util-1.6.1]# make install在编译安装httpd之前,讲一个方法,当命令太长了,可以用\换行显示,但实际上是一行的东西
[root@localhost httpd-2.4.53]# hhhhh\
> [root@localhost ~]# cd httpd-2.4.53
[root@localhost httpd-2.4.53]# ./configure --prefix=/usr/local/apache \
--enable-so \
--enable-ssl \
--enable-cgi \
--enable-rewrite \
--with-zlib \
--with-pcre \
--with-apr=/usr/local/apr \
--with-apr-util=/usr/local/apr-util/ \
--enable-modules=most \
--enable-mpms-shared=all \
--with-mpm=prefork
[root@localhost httpd-2.4.53]# make
[root@localhost httpd-2.4.53]# make install[root@localhost ~]# ls /usr/local/
apache apr-util etc include lib64 nginx share
apr bin games lib libexec sbin src
[root@localhost ~]# cd /usr/local/apache/
[root@localhost apache]# ls
bin cgi-bin error icons logs manual
build conf htdocs include man modules1. 设置环境变量bin
[root@localhost apache]# which httpd
/usr/bin/which: no httpd in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
[root@localhost apache]# which apachectl
/usr/bin/which: no apachctl in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
[root@localhost apache]# cd
[root@localhost ~]# which httpd
/usr/bin/which: no httpd in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
[root@localhost ~]# which apachectl
/usr/bin/which: no apachctl in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
//这里我们发现找不到httpd和apachctl[root@localhost ~]# echo 'export PATH=/usr/local/apache/bin:$PATH' > /etc/profile.d/apache.sh
[root@localhost ~]# source /etc/profile.d/apache.sh
[root@localhost ~]# which httpd
/usr/local/apache/bin/httpd
[root@localhost ~]# which apachectl
/usr/local/apache/bin/apachectl2. 有include头文件,做映射关系
[root@localhost ~]# ln -s /usr/local/apache/include /usr/include/apache3. 有man文档
[root@localhost ~]# vim /etc/man_db.conf
#
MANDATORY_MANPATH /usr/man
MANDATORY_MANPATH /usr/share/man
MANDATORY_MANPATH /usr/local/share/man
MANDATORY_MANPATH /usr/local/apache/man
#---------------------------------------------------------
增加这一行:
MANDATORY_MANPATH /usr/local/apache/man到这里就算配置完了,关闭防火墙:
[root@localhost ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemonLoaded: loaded (/usr/lib/systemd/system/firewalld.service; disa>Active: inactive (dead)Docs: man:firewalld(1)Apr 15 09:32:56 localhost.localdomain systemd[1]: Starting firewal>
Apr 15 09:32:57 localhost.localdomain systemd[1]: Started firewall>
Apr 15 09:32:57 localhost.localdomain firewalld[1011]: WARNING: Al>
Apr 17 14:43:47 localhost.localdomain systemd[1]: Stopping firewal>
Apr 17 14:43:48 localhost.localdomain systemd[1]: firewalld.servic>
Apr 17 14:43:48 localhost.localdomain systemd[1]: Stopped firewall>
[root@localhost ~]# setenforce 0
[root@localhost ~]# getenforce
Permissive
[root@localhost ~]# vim /etc/selinux/config
......
SELINUX=enforcing 改为:SELINUX=disabled
......
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
[root@localhost ~]# which apachectl
/usr/local/apache/bin/apachectl
[root@localhost ~]# apachectl start
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:80 *:*
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:80 *:*
[root@localhost ~]# apachectl stop
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
我们发现报了这个错,解决:
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
[root@localhost ~]# cd /usr/local/apache
[root@localhost apache]# ls
bin cgi-bin error icons logs manual
build conf htdocs include man modules
bin:放置命令的
conf:放配置文件的
htdocs:放网站的
logs:放日志的
[root@localhost apache]# cd conf
[root@localhost conf]# ls
extra httpd.conf magic mime.types original
httpd.conf:主配置文件
[root@localhost conf]# vim httpd.conf //打开80端口号
......
#ServerName www.example.com:80
找到这一行并把注释取消掉,保存
设置阿帕奇服务开机自启动
[root@localhost conf]# cd /usr/lib/systemd/system
[root@localhost system]# ls sshd.service
sshd.service
[root@localhost system]# cp sshd.service httpd.service
[root@localhost system]# vim httpd.service
原文件:
[Unit]
Description=OpenSSH server daemon
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target sshd-keygen.target
Wants=sshd-keygen.target[Service]
Type=notify
EnvironmentFile=-/etc/crypto-policies/back-ends/opensshserver.config
EnvironmentFile=-/etc/sysconfig/sshd
ExecStart=/usr/sbin/sshd -D $OPTIONS $CRYPTO_POLICY
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s[Install]
WantedBy=multi-user.target
~
改为:
[Unit]
Description=httpd server daemon
After=network.target sshd-keygen.target[Service]
Type=forking
ExecStart=/usr/local/apache/bin/apachectl start
ExecStop=/usr/local/apache/bin/apachectl stop
ExecReload=/bin/kill -HUP $MAINPID[Install]
WantedBy=multi-user.target
~
保存
[root@localhost system]# systemctl daemon-reload
//重新加载
[root@localhost system]# cd
[root@localhost ~]# systemctl status httpd
● httpd.service - httpd server daemonLoaded: loaded (/usr/lib/systemd/system/httpd.service; disabled>Active: inactive (dead)
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:80 *:*
[root@localhost ~]# systemctl status httpd
● httpd.service - httpd server daemonLoaded: loaded (/usr/lib/systemd/system/httpd.service; disabled>Active: active (running) since Sun 2022-04-17 19:25:34 CST; 1mi>Process: 82985 ExecStart=/usr/local/apache/bin/apachectl start (>Main PID: 82988 (httpd)Tasks: 6 (limit: 11216)Memory: 4.2MCGroup: /system.slice/httpd.service├─82988 /usr/local/apache/bin/httpd -k start├─82989 /usr/local/apache/bin/httpd -k start├─82990 /usr/local/apache/bin/httpd -k start├─82991 /usr/local/apache/bin/httpd -k start├─82992 /usr/local/apache/bin/httpd -k start└─82993 /usr/local/apache/bin/httpd -k startApr 17 19:25:34 localhost.localdomain systemd[1]: Starting httpd s>
Apr 17 19:25:34 localhost.localdomain systemd[1]: Started httpd se>设置开机自启:
[root@localhost ~]# systemctl enable httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@localhost ~]# systemctl status httpd
● httpd.service - httpd server daemonLoaded: loaded (/usr/lib/systemd/system/httpd.service; enabled;>Active: active (running) since Sun 2022-04-17 19:25:34 CST; 3mi>Main PID: 82988 (httpd)Tasks: 6 (limit: 11216)Memory: 4.2MCGroup: /system.slice/httpd.service├─82988 /usr/local/apache/bin/httpd -k start├─82989 /usr/local/apache/bin/httpd -k start├─82990 /usr/local/apache/bin/httpd -k start├─82991 /usr/local/apache/bin/httpd -k start├─82992 /usr/local/apache/bin/httpd -k start└─82993 /usr/local/apache/bin/httpd -k startApr 17 19:25:34 localhost.localdomain systemd[1]: Starting httpd s>
Apr 17 19:25:34 localhost.localdomain systemd[1]: Started httpd se>
3. 如何配置虚拟主机
3.1 访问控制法则
[root@localhost ~]# cd /usr/local/apache/conf/
[root@localhost conf]# ls
extra httpd.conf magic mime.types original
[root@localhost conf]# ls extra //子配置文件
httpd-autoindex.conf httpd-mpm.conf
httpd-dav.conf httpd-multilang-errordoc.conf
httpd-default.conf httpd-ssl.conf
httpd-info.conf httpd-userdir.conf
httpd-languages.conf httpd-vhosts.conf虚拟主机
httpd-manual.conf proxy-html.conf[root@localhost ~]# cd /usr/local/apache/htdocs/
[root@localhost htdocs]# ls
index.html
[root@localhost htdocs]# mkdir test.example.com
[root@localhost htdocs]# mkdir blog.example.com
[root@localhost htdocs]# ls
blog.example.com index.html test.example.com[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf
修改这一部分:
<VirtualHost *:80>DocumentRoot "/usr/local/apache/htdocs/test.example.com"ServerName test.example.comErrorLog "logs/test.example.com-error_log"错误日志存放的文件CustomLog "logs/test.example.com-access_log" common
</VirtualHost>正常日志存放的文件
保存,配好了虚拟主机,但是还不能用,还要配置主配置文件:
[root@localhost ~]# vim /usr/local/apache/conf/httpd.conf
......
#Include conf/extra/httpd-vhosts.conf
//找到httpd-vhosts.conf文件并取消注释
Include conf/extra/httpd-vhosts.conf
保存
[root@localhost ~]# systemctl restart httpd //重启服务
现在虚拟主机就算配置好了
[root@localhost ~]# cd /usr/local/apache/htdocs/
[root@localhost htdocs]# ls
blog.example.com index.html test.example.com
[root@localhost htdocs]# cd test.example.com/
[root@localhost test.example.com]# ls
[root@localhost test.example.com]# echo "test page" > abc.html
[root@localhost test.example.com]# ls
abc.html
[root@localhost test.example.com]# mv abc.html index.html
[root@localhost test.example.com]# ls
index.html
这样就可以直接访问了
[root@localhost ~]# vim /usr/local/apache/conf/httpd.conf 因为在主配置文件里,首页文件DirectoryIndex规定叫index.html了
3.1.1 相同IP不同端口号配置方法
[root@localhost htdocs]# ls
blog.example.com index.html test.example.com
[root@localhost htdocs]# cd test.example.com/
[root@localhost test.example.com]# echo "test page" > index.html
[root@localhost test.example.com]# ls
index.html[root@localhost test.example.com]# cd ..
[root@localhost htdocs]# cd blog.example.com/
[root@localhost blog.example.com]# echo "blog page" > index.html
[root@localhost blog.example.com]# ls
index.html[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>DocumentRoot "/usr/local/apache/htdocs/test.example.com"ServerName test.example.comErrorLog "logs/test.example.com-error_log"CustomLog "logs/test.example.com-access_log" common
</VirtualHost>
Listen 81
<VirtualHost *:81>DocumentRoot "/usr/local/apache/htdocs/blog.example.com"ServerName blog.example.comErrorLog "logs/blog.example.com-error_log"CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>[root@localhost ~]# systemctl restart httpd //服务重启
[root@localhost ~]# systemctl restart httpd
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:81 *:*
(注意输入:81的时候用英文)
3.1.2 不同IP相同端口号
先给网卡配置两个能用的IP:
[root@localhost ~]# ip addr add 192.168.163.150/24 dev ens160
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:48:d5:d5 brd ff:ff:ff:ff:ff:ffinet 192.168.163.129/24 brd 192.168.163.255 scope global dynamic noprefixroute ens160valid_lft 1007sec preferred_lft 1007secinet 192.168.163.150/24 scope global secondary ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe48:d5d5/64 scope link noprefixroute valid_lft forever preferred_lft forever[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf <VirtualHost 192.168.163.129:80>DocumentRoot "/usr/local/apache/htdocs/test.example.com"ServerName test.example.comErrorLog "logs/test.example.com-error_log"CustomLog "logs/test.example.com-access_log" common
</VirtualHost>
<VirtualHost 192.168.163.150:80>DocumentRoot "/usr/local/apache/htdocs/blog.example.com"ServerName blog.example.comErrorLog "logs/blog.example.com-error_log"CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>
~
[root@localhost ~]# systemctl restart httpd
3.1.3 相同IP相同端口不同域名
[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf <VirtualHost *:80>DocumentRoot "/usr/local/apache/htdocs/test.example.com"ServerName test.example.comErrorLog "logs/test.example.com-error_log"CustomLog "logs/test.example.com-access_log" common
</VirtualHost>
<VirtualHost *:80>DocumentRoot "/usr/local/apache/htdocs/blog.example.com"ServerName blog.example.comErrorLog "logs/blog.example.com-error_log"CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>
为了让我们的Windows电脑,可以识别该域名,做出以下修改:
文件结尾添加这一行:
192.168.163.129 test.example.com blog.example.com
4. 访问控制:禁用某主机访问某网站(虚拟主机)
[root@localhost ~]# systemctl restart httpd
[root@localhost ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf <VirtualHost *:80>DocumentRoot "/usr/local/apache/htdocs/test.example.com"ServerName test.example.comErrorLog "logs/test.example.com-error_log"CustomLog "logs/test.example.com-access_log" common<Directory "/usr/local/apache/htdocs/test.example.com"><RequireAll>Require not ip 192.168.64.1 //这里是真机的IPRequire all granted //允许其他所有</RequireAll></Directory>
</VirtualHost>
<VirtualHost *:80>DocumentRoot "/usr/local/apache/htdocs/blog.example.com"ServerName blog.example.comErrorLog "logs/blog.example.com-error_log"CustomLog "logs/blog.example.com-access_log" common
</VirtualHost>
~
尝试其他主机访问:
[root@localhost ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.163.129 test.example.com blog.example.com~
[root@localhost ~]# curl test.example.comtest page
//可以访问
ssl:
启用模块:编辑/usr/local/apache/conf/httpd.conf文件,添加下面这行,如果已经有了但是注释了,则取消注释即可
LoadModule ssl_module modules/mod_ssl.so
4.1 配置https步骤
4.1.1 生成证书
[root@localhost conf]# cd /etc/pki/
[root@localhost pki]# ls
ca-trust entitlement product rpm-gpg swid
consumer java product-default rsyslog tls
[root@localhost pki]# mkdir CA
[root@localhost pki]# cd CA
[root@localhost CA]# pwd
/etc/pki/CA
[root@localhost CA]# ls
[root@localhost CA]# mkdir private
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048) //生成密钥
Generating RSA private key, 2048 bit long modulus (2 primes)
.....................................+++++
....+++++
e is 65537 (0x010001)[root@localhost CA]# ls
private
[root@localhost CA]# ls private/
cakey.pem
[root@localhost CA]# openssl rsa -in private/cakey.pem -pubout //提取公钥
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwgQzFI9lv4h8Y2rw0r8Y
NcADUH7OF5WVR9uqyk7O9QmK2XmRrcmtZts6Fzd8uclZ5EFVfQelbeLTOBfDA5rl
peg7bwp6jdoCNR8wvRvpKsoxvaGlxGm4wgUuw29Ggx4HLn56i98XoaM18QTY/kDF
dEA058o//IUVpzK1GFOQzS8aJ481ULBvUNeovp55dB/EDaJqDQptrzDDGItGKZJg
g9q7pUFkzoL7DA60dWc+t2ezbD5R1Ru0wRYvYQU7uVf617F91sqVYIOxMIPF/Pe9
ss5boR08bTnJfHaawz/jNyDANoYTzaUFABMFyUJ141adQ0Sh0wUTuxm68BAIls71
ewIDAQAB
-----END PUBLIC KEY-----
[root@localhost CA]# ls
private
[root@localhost CA]# ls private/
cakey.pemCA生成自签署证书:
[root@localhost CA]# openssl rsa -in private/cakey.pem -pubout
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwgQzFI9lv4h8Y2rw0r8Y
NcADUH7OF5WVR9uqyk7O9QmK2XmRrcmtZts6Fzd8uclZ5EFVfQelbeLTOBfDA5rl
peg7bwp6jdoCNR8wvRvpKsoxvaGlxGm4wgUuw29Ggx4HLn56i98XoaM18QTY/kDF
dEA058o//IUVpzK1GFOQzS8aJ481ULBvUNeovp55dB/EDaJqDQptrzDDGItGKZJg
g9q7pUFkzoL7DA60dWc+t2ezbD5R1Ru0wRYvYQU7uVf617F91sqVYIOxMIPF/Pe9
ss5boR08bTnJfHaawz/jNyDANoYTzaUFABMFyUJ141adQ0Sh0wUTuxm68BAIls71
ewIDAQAB
-----END PUBLIC KEY-----
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:runtime
Common Name (eg, your name or your server's hostname) []:test.example.com
Email Address []:123@qq.com
[root@localhost CA]# ls
cacert.pem private
[root@localhost CA]# mkdir certs newcerts crl
[root@localhost CA]# touch index.txt && echo 01 > serial
[root@localhost CA]# ls
cacert.pem certs crl index.txt newcerts private serial[root@localhost CA]# cd
[root@localhost ~]# cd /usr/local/apache/conf
[root@localhost conf]# ls
extra httpd.conf magic mime.types original
[root@localhost conf]# mkdir ssl
[root@localhost conf]# ls
extra httpd.conf magic mime.types original ssl
[root@localhost ssl]# (umask 077;openssl genrsa -out httpd.key 2048)Generating RSA private key, 2048 bit long modulus (2 primes)
...........................................................................................+++++
............................................................................................................................................+++++
e is 65537 (0x010001)[root@localhost ssl]# ls
httpd.key
[root@localhost ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:runtime
Organizational Unit Name (eg, section) []:runtime
Common Name (eg, your name or your server's hostname) []:test.example.com
Email Address []:123@qq.comPlease enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@localhost ssl]# ls
httpd.csr httpd.key[root@localhost ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:Serial Number: 1 (0x1)ValidityNot Before: Apr 17 16:19:12 2022 GMTNot After : Apr 17 16:19:12 2023 GMTSubject:countryName = CNstateOrProvinceName = HBorganizationName = runtimeorganizationalUnitName = runtimecommonName = test.example.comemailAddress = 123@qq.comX509v3 extensions:X509v3 Basic Constraints: CA:FALSENetscape Comment: OpenSSL Generated CertificateX509v3 Subject Key Identifier: E8:AD:2F:B8:DB:31:80:BA:FC:EB:0B:BF:79:15:DD:48:AF:FB:22:56X509v3 Authority Key Identifier: keyid:48:CA:B8:5B:04:1A:C3:00:AE:8E:5D:88:A2:31:15:56:DC:E1:27:10Certificate is to be certified until Apr 17 16:19:12 2023 GMT (365 days)
Sign the certificate? [y/n]:y1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@localhost ssl]# ls
httpd.crt httpd.csr httpd.key
[root@localhost ssl]# rm -f httpd.csr
[root@localhost ssl]# ls
httpd.crt httpd.key4.1.2 配置httpd.conf,取消以下内容的注释
LoadModule ssl_module modules/mod_ssl.soInclude /etc/httpd24/extra/httpd-vhosts.confInclude /etc/httpd24/extra/httpd-ssl.conf
先在主配置文件httpd。conf里注释 Include /etc/httpd24/extra/httpd-ssl.conf 启用它,随后配置它
[root@localhost ssl]# cd ..
[root@localhost conf]# ls
extra httpd.conf magic mime.types original ssl
[root@localhost conf]# vim httpd.conf
[root@localhost conf]# ls extra/
httpd-autoindex.conf httpd-mpm.conf
httpd-dav.conf httpd-multilang-errordoc.conf
httpd-default.conf httpd-ssl.conf
httpd-info.conf httpd-userdir.conf
httpd-languages.conf httpd-vhosts.conf
httpd-manual.conf proxy-html.conf
[root@localhost conf]# vim extra/httpd-ssl.conf
......
DocumentRoot "/usr/local/apache/htdocs/test.example.com"
ServerName test.example.com:443
......
SSLCertificateFile "/usr/local/apache/conf/ssl/httpd.crt"
......
SSLCertificateKeyFile "/usr/local/apache/conf/ssl/httpd.key"
......4.1.3 检查配置文件是否有语法错误
[root@localhost conf]# httpd -t
AH00526: Syntax error on line 92 of /usr/local/apache/conf/extra/httpd-ssl.conf:
SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).
[root@localhost conf]# vim httpd.conf
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so //找到它,并注释它
[root@localhost conf]# httpd -t
Syntax OK //检查OK了
[root@localhost conf]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:443 *:*
LISTEN 0 128 *:80 *:*
httpd的编译安装相关推荐
- httpd svn 编译安装_CentOS 6 编译安装Subversion-1.8.10+Apache2.4
只是记录下安装过程,方便下次直接拷贝,省的在去查找一些选项.CentOS6安装完成后自带的有Apache2.2和subversion1.6,那我们就先来看系统自带的如何配置: 一.用系统自带的Apac ...
- httpd svn 编译安装_linux下php7安装与Apache配置
1 php 1.1 准备工作 需要先安装Apache,已安装的可以跳过,没安装的可以看这里. 1.2 下载 官网 1.3 解压 tar -zxvf php-7.4.3.tar.gz cd php-7 ...
- httpd svn 编译安装_如何安装CA证书?
故障描述: 大家在希望使用https访问域名,同时有CA证书认证,却不会部署.经常会遇到以下一些问题: apache的主配置文件httpd.conf的配置 apache的https的虚拟主机访问解析 ...
- 源码编译安装httpd服务
1 概述 很多软件没有发布rpm包,而是直接发布了源码,好处是这样能兼容更多的平台,但是,用户需要对源码进行编译后安装.利用工具make将源码生成二进制文件. 本文主要讲解了对httpd进行编译安装. ...
- Centos 7编译安装 LAMP 环境
前言 LAMP 是指一组通常一起使用来运行动态网站或者服务器的自由软件名称首字母缩写 L:Linux 操作系统 A:Apache(httpd) 网页服务 M:MySQL(mariadb) 数据库服务 ...
- 压力测试以及编译安装httpd2.4
压力测试以及编译安装httpd2.4 作者:尹正杰 版权声明:原创作品,谢绝转载!否则将追究法律责任. 一.使用 deflate_module模块压缩页面优化传输速度 我们的httpd软件自带的有一个 ...
- http的安装(编译安装)
文章目录 httpd 1. httpd简介 2. httpd版本 2.1 httpd的特性 2.2 httpd-2.4新增的模块 3. httpd基础 3.1 httpd自带的工具程序 3.2 rpm ...
- 源码编译安装httpd及其常见错误
一.编译安装的整体步骤 1.在官网下载源码,并解压 2.切换到其目录中 3.执行./configure 4.编译 二.编译中及安装后配置常见的参数及其说明 编译中配置 1)指定安装路径 --prefi ...
- centos下LAMP之源码编译安装httpd
1 最好先安装组件 [root@localhost ~]# yum groupinstall additional development [root@localhost ~]# yum groupi ...
最新文章
- ArcSDE建Table在ArcCatalog中不可见
- 完整的中英文词频统计
- 芜湖方特系统设计书php,芜湖方特梦幻王国
- wxWidgets:多重继承
- Game of Lines(POJ-3668)
- node.js查询oracle,nodejs操作oracle数据库示例
- 实验1-6 输出带框文字 (5 分)
- 47. PHP 魔术方法
- apache rewrite支持post数据
- 寻找关键之年的榜样和标准
- axure轮播图怎么设置循环轮播_Axure RP8 动态面板之轮播图设置
- Flash CS6 新功能
- 【持续更新】1996-2022历代AMD Radeon桌面显卡列表,Radeon显卡发布日期
- C语言cat函数的功能,R语言cat()函数
- jQuery 案例-图片抽奖
- 带刺玫瑰特别美?OLED屏幕画面美但眼睛会累
- 模拟波束成形和数字波束成形的区别
- 图片裁剪_如何裁剪某张图片的某一部分
- 网络安全工程师入门,防火墙基本概述,防火墙调试入门
- GD32F130之USART自带的RS485方向切换功能