服务器程序
Linux:httpd apache,nginx,ligthttpd
Window:IIS
apache
官方文档:http://httpd.apache.org/docs/2.4/
httpd介绍
特性:
- 高度模块化:core+modules
- DSO:动态加载/卸载模块
- MPM:多路处理模块,指定httpd工作模式
- 虚拟主机:IP,port,FQDN(域名)
- CGI:通用网关接口
- 反向代理
- 负载均衡
- 路径别名
- 双向认证
- 支持第三方模块
MPM工作模式
- prefork:多进程IO模型,一个主进程,管理多个进程,每个子进程处理一个请求
- worker:复用的多进程IO模型,一个主进程,管理多个子进程,每个子进程管理多个线程,每个线程处理一个请求
- event:事件驱动模型,一个主进程管理多个子进程,一个子进程处理多个请求
部署服务
yum install httpd -y #httpd服务
systemctl start httpd
systemctl status httpd
ss -tanl | grep 80
Ubuntu:apache2 包
apt-get install apache2
/etc/httpd/:主配置文件目录
/etc/httpd/conf/httpd.conf:定义服务配置文件
/etc/httpd/conf.d/:服务配置目录(模块化)
/etc/httpd.conf.modules.d/:模块配置目录
/etc/sysconfig/httpd:守护进程配置
/usr/lib64/httpd/modules:可用模块
/usr/sbin/:相关命令目录
/var/log/httpd:日志目录
/var/www/:默认站点目录
服务配置文件
cat /etc/httpd/conf/httpd.conf | grep -Ev “^$|^#|#”
ServerRoot “/etc/httpd” # 服务器的根
Listen 80 #默认监听端口
Include conf.modules.d/.conf # 包含的模块
User apache # 用户
Group apache # 组
ServerAdmin root@localhost # 服务器管理员
AllowOverride none
Require all denied
DocumentRoot “/var/www/html” # 根站点路径
AllowOverride None
Require all granted
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
DirectoryIndex index.html
<Files “.ht“>
Require all denied
ErrorLog “logs/error_log” # 定义错误日志
LogLevel warn # 错误日志记录等级
LogFormat “%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”” combined
LogFormat “%h %l %u %t \”%r\” %>s %b” common
LogFormat “%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\” %I %O” combinedio
CustomLog “logs/access_log” combined #绑定访问日志的日志格式
ScriptAlias /cgi-bin/ “/var/www/cgi-bin/“
AllowOverride None
Options None
Require all granted
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
AddDefaultCharset UTF-8
MIMEMagicFile conf/magic
EnableSendfile on #是否开启发送文件功能
IncludeOptional conf.d/*.conf #虚拟服务器配置文件
以: <> …..</> 这种形式的配置;可以称之为容器
AllowOverride None
Options None
Require all granted
默认界面
该文件定义了访问不到主页时所显示的默认界面
cat /etc/httpd/conf.d/wecome.conf
Options -Indexes
ErrorDocument 403 /.noindex.html
AllowOverride None
Require all granted
Alias /.noindex.html /usr/share/httpd/noindex/index.html
Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css
Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css
Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif
Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png
基础配置
多端口支持
添加Listen字段即可
Listen 8080
[root@node1 ~]# curl 192.168.10.10:80
welcome
[root@node1 ~]# curl 192.168.10.10:8080
welcome
测试:curl x.x.x.x:port
curl -I
-I : 只接受响应报文的状态行,响应报头和空行即可
1. yum install httpd -y
2. echo “welcome” >> /var/www/html/index.html
+ 创建虚拟服务器 listen.conf 让其支持监听8080端口
echo “Listen 8080” /etc/httpd/conf.d/test.conf
3. systemctl start httpd
4. curl x.x.x.x:8080
持久连接
KeepAlive On|Off # 默认是开启on
KeepAliveTimeout num[ms] # 默认为:5ms
MaxKeepAliveRequests number # 默认为:100个;如果设置为0,则没有上限
多路处理模块
默认工作模式prefork
[root@localhost conf.modules.d]# cat 00-mpm.conf | grep -Ev “^$|^#”
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
worker工作模式和event工作模式的配置:去掉注释即可更改工作模式
#LoadModule mpm_worker_module modules/mod_mpm_worker.so
#LoadModule mpm_event_module modules/mod_mpm_event.so
prefork默认参数
StartServers number # 服务启动时的进程数
备注:worker and event default to StartServers 3; prefork defaults to 5
MaxSpareThreads number # 最大空闲服务线程数 默认为100
MaxSpareServers number # 最大空闲服务进程数 默认为10
MaxRequestWorkers number # 单个进程最多接收的进程数 默认为256
worker和event工作模型在启动时的进程数量:真实情况为:4个
[root@node1 conf.d]# cat /etc/httpd/conf.modules.d/00-mpm.conf | grep -Ev “^$|^#”
LoadModule mpm_event_module modules/mod_mpm_event.so
重启httpd服务:
[root@node1 conf.d]# ps -elf | grep httpd
4 S root 2636 1 1 80 0 - 56062 poll_s 13:25 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
5 S apache 2637 2636 0 80 0 - 55999 skb_wa 13:25 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
5 S apache 2638 2636 0 80 0 - 127769 pipe_w 13:25 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
5 S apache 2639 2636 0 80 0 - 127769 pipe_w 13:25 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
5 S apache 2640 2636 0 80 0 - 127769 pipe_w 13:25 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
访问控制机制
针对站点目录进行权限的设置
Options Indexes FollowSymLinks #可选配置
indexes:如果不存在index.html显示索引
followsymlinks:允许链接访问
AllowOverride none
Require all denied #给所有拒绝
Require all granted #给所有授权
必须在
Require IP
Require no IP
用于检查语法
[root@localhost conf.d]# apachectl -t
用户访问控制
认证方式:basic和digest
实验:
创建用户认证文件
htpasswd -c -m /etc/httpd/conf.d/.htpwd zhangsan
配置文件
[root@localhost conf]# cat /etc/httpd/conf.d/listen.conf
Listen 8090
documentroot “/var/www/html”
#
# options indexes followsymlinks
# allowoverride none
# require all granted
#
authtype basic
authname “Tip!”
authbasicprovider file
authuserfile /etc/httpd/conf.d/.htpwd
require user zhangsan
重启服务,浏览器测试
日志设定
虚拟主机
基于IP地址
基于端口
基于FQDN(域名)
/etc/httpd/conf.d/site.conf
[root@localhost conf.d]# cat site.conf
Require all granted
Servername www.site1.com
DocumentRoot “/data/site1/“
Servername www.site2.com
DocumentRoot “/data/site2/“
测试:
[root@localhost conf.d]# curl 192.168.220.101:80
this is site1
[root@localhost conf.d]# curl 127.0.0.1:80
this is site2
[root@localhost conf.d]# cat site.conf
Listen 9000
Listen 8000
Require all granted
Servername www.site1.com
DocumentRoot “/data/site1/“
Servername www.site2.com
DocumentRoot “/data/site2/“
测试:
[root@localhost conf.d]# curl 192.168.220.101:8000
this is site1
[root@localhost conf.d]# curl 192.168.220.101:9000
this is site2
[root@localhost conf.d]# cat site.conf
Require all granted
Servername www.site1.com
DocumentRoot “/data/site1/“
Servername www.site2.com
DocumentRoot “/data/site2/“
[root@localhost conf.d]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain
6
192.168.220.101 www.site1.com
192.168.220.101 www.site2.com
测试:
[root@localhost conf.d]# curl www.site1.com
this is site1
[root@localhost conf.d]# curl www.site2.com
this is site2
ssl实验:
1.安装mod_ssl和openssl
[root@node1 ~]# yum install mod_ssl openssl -y
2.生成2048位的加密私钥
[root@node1 ~]# openssl genrsa -out server.key 2048
3.生成证书签名请求(CSR)
[root@node1 ~]# openssl req -new -key server.key -out server.csr
4.生成类型为X509的自签名证书。有效期设置3650天,即有效期为10年
[root@node1 ~]# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
5.复制文件到相应的位置
[root@node1 ~]# cp server.crt /etc/pki/tls/certs/
[root@node1 ~]# cp server.key /etc/pki/tls/private/
[root@node1 ~]# cp server.csr /etc/pki/tls/private/
6.修改配置文件
[root@node1 ~]# cat /etc/httpd/conf.d/ssl.conf
Servername 192.168.0.140:443
SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key
7.放行443端口
[root@node1 ~]# firewall-cmd —add-port=443/tcp —per
LAMP实验
1.安装相关软件包
[root@node1 ~]# yum install httpd php php‐mysql mariadb‐server ‐y [root@node1 ~]# cat /etc/httpd/conf.d/php.conf | grep ‐Ev “^#|^$”
SetHandler application/x‐httpd‐php # 定义了以.php结尾的文件触发
x‐httpd‐php AddType text/html .php DirectoryIndex index.php # 定义默认主页面 php_value session.save_handler “files” # 定义保持handler为文件
php_value session.save_path “/var/lib/php/session” # 定义会话保持路径
2.启动httpd服务
[root@node1 ~]# systemctl start httpd
[root@node1 ~]# firewall‐cmd ‐‐add‐port=80/tcp ‐‐per
3.编写测试页面
[root@node1 ~]# cat /var/www/html/index.php
<?php echo ‘
Hello World
‘; ?>打开浏览器访问:http://192.168.0.140/index.php
4.启动数据库,并编写测试页面
[root@localhost html]# cat /var/www/html/test.php
<?php
$Link=mysql_connect(“127.0.0.1”,”root”,””);
if(!$link){
echo “faild!”;}
else{
echo “success!”;}
?>
打开浏览器访问:http://192.168.0.140/test.php