http-2.4版本编译安装
httpd-2.4版本新特性:
1.mpm支持运行dos机制
2.支持event mpm
3.支持异步读写
4.支持每模块及每个目录分别使用各自的日志级别;
5.每请求配置;
6.增强版的表达式分析
7.支持毫秒级别的keeplivetimeout
8.基于fqdn的虚拟主机不再需要namevirtualhost指令;
9.支持用户自定义变量
新模块:
1.mod_proxy_fcgi
2.Mod_ratelimt
3.Mod_remoteip
修改了一些配置机制:不再支持使用order,deny,allow对ip进行访问控制
httpd依赖于apr、apr-util、apr-icon(apr:apache portable runtime可移植运行库)
本次安装使用http最新版本(http-2.4.33版本),系统环境centon6.5,
※http2.4依赖apr、apr-util1.4版本以上,而centos6.5的提供的rpm版本为1.39,需要单独编译安装这两个包
安装过程:
1、先安装开发环境:
1 |
yum install -y pcre-devel zlib-devel openssl openssl-devel
|
后续编译时指定了--
enable
-ssl,所以需要安装openssl openssl-devel,如果缺少这两个包编译httpd的时候会提示:
configure: WARNING: OpenSSL version is too old no
checking whether to enable mod_ssl… configure: error: mod_ssl has been requested but can not be built due to prerequisite failures
2、下载安装apr-1.5.2
apr和apr-util为Apache的软件,可以到官网上进行下载,但是截至目前(2018-3-30)apr-util版本为apr-util-1.6.1版本,编译安装后在make编译安装httpd时提示如下错误:
/usr/local/apr-util/lib/libaprutil-1.so: undefined reference to `XML_ParserCreate'
/usr/local/apr-util/lib/libaprutil-1.so: undefined reference to `XML_GetErrorCode'
/usr/local/apr-util/lib/libaprutil-1.so: undefined reference to `XML_SetUserData'
/usr/local/apr-util/lib/libaprutil-1.so: undefined reference to `XML_ErrorString'
/usr/local/apr-util/lib/libaprutil-1.so: undefined reference to `XML_SetEntityDeclHandler'
/usr/local/apr-util/lib/libaprutil-1.so: undefined reference to `XML_ParserFree'
/usr/local/apr-util/lib/libaprutil-1.so: undefined reference to `XML_SetElementHandler'
/usr/local/apr-util/lib/libaprutil-1.so: undefined reference to `XML_StopParser'
/usr/local/apr-util/lib/libaprutil-1.so: undefined reference to `XML_Parse'
/usr/local/apr-util/lib/libaprutil-1.so: undefined reference to `XML_SetCharacterDataHandler'
collect2: error: ld returned 1 exit status
make[2]: *** [htpasswd] Error 1
make[2]: Leaving directory `/usr/local/httpd-2.4.33/support'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/local/httpd-2.4.33/support'
make: *** [all-recursive] Error 1
查询原因为apr-util版本太高了导致的,这点真是恶心,建议安装apr-util版本(大于1.4版本且小于1.6版本)
1
2
3
4
5
6
|
tar -zxvf apr-1.5.2. tar .gz
cd apr-1.5.2 . /configure --prefix= /usr/local/apr make make install |
3、下载安装apr-until-1.5.2
1
2
3
4
5
6
|
tar -zxvf apr-util-1.5.2. tar .gz
cd apr-util-1.5.2 . /configure --prefix= /usr/local/apr-util --with-apr= /usr/local/apr make make install |
编译安装apr、apr-util时如果提示如下错误:
xml/apr_xml.c:35:19: fatal error: expat.h: No such file or directory
缺少expat-devel安装包: yum -y install expat-devel
4、下载http-2.4.33
※Apache的性能主要依靠的是服务器的内存和CPU,对于使用GCC编译参数对其优化提升性能并不明显。
Apache官方站点:http://www.apache.org/dist/httpd/
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
tar -zxvf httpd-2.4.33.tar.gz
cd httpd-2.4.33
. /configure --prefix= /usr/local/httpd2.4 \
--sysconfdir= /etc/httpd/conf \
-- enable -so \
-- enable -ssl \
-- enable -cgi \
-- enable -rewrite \
--with-zlib \ --with-pcre \ --with-apr= /usr/local/apr \
--with-apr-util= /usr/local/apr-util/ \
-- enable -modules=most \
-- enable -mpms-shared=all \
--with-mpm=prefork #可以不指定,默认event
|
--prefix | 指定httpd2.4的安装路径 |
--sysconfdir | 指定配置文件路径 |
--enable-so | 启动sharedobject共享对象 |
--enable-ssl | 启用ssl,借助于此可以实现HTTPS访问 |
--enable-cgi | 启用CGI,可以实现CGI脚本执行 |
--enable-rewrite | 启用Rewrite重写,能够实现诸如301重定向的功能,以来PCRE包 |
--with-zlib | 启用zlib压缩 |
--with-pcre | 启用PCRE |
--with-apr | 指定apr的路径,httpd2.4依赖apr1.4版本以上,所以要指明 |
--with-apr-util | 指定apr-util的路径,同上 |
--enable-modules | 启用哪些模块加载,most尽可能多的 |
--enable-mpms-shared=all | http2.4上prefork、worker、event是模块化的,可以动态加载 |
--with-mpm=prefork | 指明默认的httpd2.4 MPM,即运行在prefork模型下 |
※http2.4默认的多道处理模块为event。httpd2.4:event,http2.0:prefork、httpd2.2:worker
修改系统用户:
1
2
3
4
5
|
[[email protected] apache] # vim /etc/httpd/conf/httpd.conf #User daemon #Group daemon User apache Group apache |
编译安装网页存放目录:/usr/local/apache/htdocs
rpm安装的默认路径为/var/www/html,可以在配置文件中进行修改
2:修改“main”server的DocumentRoot
[[email protected] ~]# vim /etc/httpd/httpd.conf
1
2
3
4
5
6
7
8
9
|
# DocumentRoot: The directory out of which you will serve your # documents. By default, all requests are taken from this directory, but # symbolic links and aliases may be used to point to other locations. # DocumentRoot "/usr/local/httpd2.4/htdocs"
DocumentRoot "/var/www/html" #修改两个主页目录 <Directory "/var/www/html" > #同上,并且一致 |
启动服务:添加环境变量,找到apachectl 命令路径:
1
2
3
4
|
vim /etc/profile .d /httpd .sh export PATH= /usr/local/httpd2.4/bin :$PATH
apachectl start |
在apache中绑定非http标准端口时,一直出现如下的错误提示:
[[email protected] ~]# /etc/init.d/httpd start
Starting httpd: (13)Permission denied: make_sock: could not bind to address 0.0.0.0:8888
no listening sockets available, shutting down
Unable to open logs
[FAILED]
解决方案:1、增加SElinux中http的端口 2、关闭SELinux
semanage port -l|grep http #查看SELinux下http相关端口
semanage port -a -t http_port_t -p tcp 8888 #增加这个非标准端口即可
或者用hash -r命令清除搜索记录:httpd -M 查看全部模块
查看系统进程:http已经启动完毕。
清除调试符号:
在GCC的默认情况下,大多数程序和库都是带调试符号(默认使用GCC的-g选项)编译的,这些调试符号通常只有在调试程序时使用,它不但能给出内存地址,还能给出变量和函数名称,但是这对作用于生产系统服务器来说是不必要的,没有人在服务器调试Apache,而且因为调试符号的存在,Apache在运行时会占用更多内存,虽然数量不是很大,但是如果大量的Apache进程运行,内存累加起来,也是一个不小的数目,因此可以将这些调试符号清除掉。
大小2M多,使用strip命令清除调试符号
未清除调试符号前大小2M多,清除后为592K,体积减少了约75%。
1、切换使用mpm(多道处理模块):
个人觉得这是http2.4版本最得人心的地方,以前版本都需要编译安装多个模块,而httpd2.4版本只要通过修改配置文件方式既可以切换mpm.
编译安装httpd2.4时不指定模块编译的话,默认为evevt,可以通过httpd -V 查看配置的模块
vim /etc/httpd/conf/httpd.conf(编辑配置文件可以修改mpm)
1
2
3
|
LoadModule mpm_prefork_module modules/mod_mpm_prefork.s
#LoadModule mpm_worker_module modules/mod_mpm_worker.so |
=========================================================
下边内容后续整理
3:基于ip的访问控制法则
允许所有主机访问:Require all granted
拒绝所有主机访问:Require all deny
控制特定ip访问:
require ip IPADDR:授权指定来源的主机访问
Require not ip IPADDR:拒绝指定来源地址的主机访问
ipADDR:
ip:192.168.1.1
network/mask 192.168.1.0/24
Network/Lenth
HostName:
FqDN
DOMAIN:
4:虚拟主机配置:
基于IP,port和FQDN
基于FQDN不再需要NameVirtualHost指令
(1)需要注释掉中心主机:
1
2
3
4
5
6
|
# DocumentRoot: The directory out of which you will serve your # documents. By default, all requests are taken from this directory, but # symbolic links and aliases may be used to point to other locations. # #DocumentRoot "/usr/local/apache/htdocs" #<Directory "/usr/local/apache/htdocs"> |
(2)找到配置文件里的以下参数:
1
2
|
# Virtual hosts Include /etc/httpd/extra/httpd-vhosts .conf 这项开启 |
(3)进入到extra目录下:找到httpd-vhosts.conf
1
2
3
4
5
|
[[email protected] ~] # cd /etc/httpd/extra/ [[email protected] extra] # ls httpd-autoindex.conf httpd-default.conf httpd-languages.conf httpd-mpm.conf httpd-ssl.conf httpd-vhosts.conf httpd-dav.conf httpd-info.conf httpd-manual.conf httpd-multilang-errordoc.conf httpd-userdir.conf proxy-html.conf [[email protected] extra] # |
打开httpd-vhosts.conf配置文件:
修改参数,以下实例参考:
1
2
3
4
5
6
7
8
9
10
11
12
13
|
<VirtualHost *:80> ServerAdmin [email protected] DocumentRoot "/vhost/www.a.com/htdoc/" ServerName www.a.com ServerAlias a.com ErrorLog "logs/www.a.com-error_log" CustomLog "logs/www.a.com-access_log" combined <Directory "/vhost/www.a.com/htdoc/" > Options None AllowOverride none Require all granted < /Directory > < /VirtualHost > |
修改启动脚本参数为以下内容:
1
2
3
4
5
6
7
|
apachectl= /usr/local/apache/bin/apachectl httpd=${HTTPD- /usr/local/apache/bin/httpd } prog=httpd pidfile=${PIDFILE- /usr/local/apache/logs/httpd .pid} lockfile=${LOCKFILE- /var/lock/subsys/httpd } RETVAL=0 STOP_TIMEOUT=${STOP_TIMEOUT-10} |
参考:http://blog.51cto.com/houzhimeng/1703921进行整理