(一)、Centos7系统下实现httpd-2.2的安装,并分别实现prefork、worker、event等几种工作方式.
- 尝试直接yum安装httpd程序
[root@CentOS7 ~]#yum install httpd-2.2
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.tuna.tsinghua.edu.cn
* extras: mirrors.tuna.tsinghua.edu.cn
* updates: mirrors.tuna.tsinghua.edu.cn
No package httpd-2.2 available.
Error: Nothing to do
注意: 众所周知CentOS 7上若yum安装httpd程序,默认的会是2.4的版本,而2.2的版本在配置方面会有不同,所以我们无法按传统方案yum来安装,因为安装2.2可能需要涉及到多个依赖关系,故我们直接使用源码安装.
- 调整服务器环境
[root@CentOS7 ~]#systemctl stop firewalld.service
[root@CentOS7 ~]#setenforce 0
- 安装开发组件等相关依赖环境
[root@CentOS7 ~]#yum groupinstall "Development Tools" "Serverplatform Development" -y
- 下载对应httpd-2.2源码包
[root@CentOS7 ~]#wget http://archive.apache.org/dist/httpd/httpd-2.2.34.tar.gz
- 解压缩tar包本地
[root@CentOS7 ~]#tar xf httpd-2.2.32.tar.gz
[root@CentOS7 ~]#ls
anaconda-ks.cfg Documents httpd-2.2.32 initial-setup-ks.cfg Pictures Templates
Desktop Downloads httpd-2.2.32.tar.gz Music
- 进入对应的解压缩目录开始编译安装
[root@CentOS7 httpd-2.2.32]#./configure --prefix=/usr/local/httpd-2.2.32 --with-mpm=prefork
[root@CentOS7 httpd-2.2.32]#make && make install
- 软链接到对应的目录中
[root@CentOS7 ~]#ln -sv /usr/local/httpd-2.2.32/ /usr/local/httpd
‘/usr/local/httpd’ -> ‘/usr/local/httpd-2.2.32/’
- 设定环境变量
[root@CentOS7 ~]#echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
[root@CentOS7 ~]#PATH="$PATH:/usr/local/httpd/bin"
[root@CentOS7 ~]#echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:/usr/local/httpd/bin
[root@CentOS7 ~]#echo "PATH="$PATH:/usr/local/httpd/bin"" > /etc/profile.d/httpd
- 调整权限
[root@CentOS7 ~]#useradd -M -s /sbin/nologin httpd
[root@CentOS7 ~]#chown -R httpd.httpd /usr/local/httpd
[root@CentOS7 ~]#chown -R httpd.httpd /usr/local/httpd-2.2.32/
- 启动httpd服务并查看是否成功
[root@CentOS7 ~]#httpd
[root@CentOS7 ~]#ss -tunl
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 *:5353 *:*
udp UNCONN 0 0 *:887 *:*
udp UNCONN 0 0 *:53715 *:*
udp UNCONN 0 0 192.168.122.1:53 *:*
udp UNCONN 0 0 *%virbr0:67 *:*
udp UNCONN 0 0 *:68 *:*
udp UNCONN 0 0 *:111 *:*
udp UNCONN 0 0 :::887 :::*
udp UNCONN 0 0 fe80::ebca:5abc:36ce:599c%ens33:546 :::*
udp UNCONN 0 0 :::111 :::*
tcp LISTEN 0 128 127.0.0.1:6012 *:*
tcp LISTEN 0 128 *:111 *:*
tcp LISTEN 0 5 192.168.122.1:53 *:*
tcp LISTEN 0 128 *:22 *:*
tcp LISTEN 0 128 127.0.0.1:631 *:*
tcp LISTEN 0 100 127.0.0.1:25 *:*
tcp LISTEN 0 128 127.0.0.1:6010 *:*
tcp LISTEN 0 128 127.0.0.1:6011 *:*
tcp LISTEN 0 128 ::1:6012 :::*
tcp LISTEN 0 128 :::111 :::*
tcp LISTEN 0 128 :::80 :::*
tcp LISTEN 0 128 :::22 :::*
tcp LISTEN 0 128 ::1:631 :::*
tcp LISTEN 0 100 ::1:25 :::*
tcp LISTEN 0 128 ::1:6010 :::*
tcp LISTEN 0 128 ::1:6011 :::*
[root@CentOS7 ~]#curl 192.168.30.105
<html><body><h1>It works!</h1></body></html>
- 更改对应模式worker和event
| 多模块处理MPM: Multipath process modules |
|---|
| prefork: process |
| 预先创建进程,两级进程模型,父进程负责创建子进程,每个子进程响应一个用户请求 |
| worker: thread |
| 三级模型, 父进程管理子进程,子进程通过线程响应用户请求;每线程处理一个用户请求 |
| event: thread |
| 两级模型,父进程管理子进程,子进程通过event-driven机制直接响应n个请求 |
#####在编译安装的时候对应做模式变更即可,默认为prefork模式
./configure --prefix=/usr/local/httpd-2.2.32 --with-mpm=worker
./configure --prefix=/usr/local/httpd-2.2.32 --with-mpm=event
(二)、简述request报文请求方法和状态响应码.
request报文的请求方法:
| 请求方法 | 解释说明 |
|---|---|
| GET | 从服务器获取一个资源 |
| HEAD | 只从服务器获取文档的响应首部 |
| POST | 向服务器发送需要处理的数据 |
| PUT | 将请求的主体部分存储在服务器上 |
| DELETE | 请求删除服务器上的文档 |
| TRACE | 追踪请求到达目标服务器中间经过的代理服务器 |
| OPTIONS | 请求服务器返回对指定资源支持使用的请求方法 |
常用的状态响应码:
| 响应码 | 解释说明 |
|---|---|
| 200 | 成功,请求的所有数据通过响应报文的entity-body部分发送;ok |
| 301 | URL指向的资源已被删除,但在响应报文中通过首部Location指名了资源现在所处的新位置;Moved Permanently |
| 302 | 与301相似,但在响应报文中通过Location指名资源现在的临时新位置;Found |
| 304 | 客户端发出条件式请求,但是服务器上的资源没有发生改变,则通过响应码通知客户端; Not Modified |
| 401 | 需要输入帐号和密码认证才能访问资源; Unauthorized |
| 403 | 请求被禁止; Forbidden |
| 404 | 服务器无法找到客户端请求的资源; Not Found |
| 500 | 服务器内部错误; Internal Server Error |
| 502 | 代理服务器从后端服务器收到一条伪响应; Bad Gateway |
(二)、详细描述httpd虚拟主机、站点访问控制、基于用户的访问控制、持久链接等应用配置实例.
i.虚拟主机:
把一台处于运行状态的物理服务器分割成多个"虚拟的服务器".
虚拟主机的实现方案:
- 基于IP地址
- 基于主机域名(FQDN)
- 基于端口号
注意点:
1.一般虚拟主机不要与中心主机混用;要使用虚拟主机,得先禁用"main"主机,禁用方法: 注释中心主机的DocumentRoot指令即可.
2.配置VirtualHost,在httpd2.2中,NameVirtualHost这一项需启用,2.2以上版本不需要.
基于IP地址
第一步: 增加两个ip地址,确保网络ping通
[root@CentOS7 ~]#ip addr add 192.168.30.105/24 dev ens33
[root@CentOS7 ~]#ip addr add 192.168.30.200/24 dev ens33
第二步: 创建两个对应的数据目录并输入数据
[root@CentOS7 html]#mkdir -p /var/www/html/105
[root@CentOS7 html]#mkdir -p /var/www/html/200
[root@CentOS7 html]#echo "hello,ip address is "192.168.30.105"" > /var/www/html/105/index.html
[root@CentOS7 html]#echo "hello,ip address is "192.168.30.200"" > /var/www/html/200/index.html
第三步: 编辑主配置文件,修改虚拟主机和权限
<VirtualHost 192.168.30.105:80>
DocumentRoot "/var/www/html/105"
ServerName www.magedu105.com
<Directory "/var/www/html/105">
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
<VirtualHost 192.168.30.200:80>
DocumentRoot "/var/www/html/200"
ServerName www.magedu200.com
<Directory "/var/www/html/200">
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
第四步: 测试访问是否正常
[root@CentOS7 ~]#curl 192.168.30.105
hello,ip address is 192.168.30.105
[root@CentOS7 ~]#curl 192.168.30.200
hello,ip address is 192.168.30.200
基于端口号
第一步: 创建基于端口的目录和索引文件
[root@localhost ~]#mkdir -p /var/www/html/80
[root@localhost ~]#mkdir -p /var/www/html/10080
[root@localhost ~]#echo "hi,the ip Port is '80'" >/var/www/html/80/index.html
[root@localhost ~]#echo "hi,the ip Port is '10080'" >/var/www/html/10080/index.html
第二步: 修改主配置文件端口号及相关配置
Listen 80
Listen 10080
<VirtualHost 192.168.30.105:80>
DocumentRoot "/var/www/html/80"
ServerName "www.alinuxtest.com"
<Directory "/var/www/html/80">
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
<VirtualHost 192.168.30.105:10080>
DocumentRoot "/var/www/html/10080"
ServerName "www.blinuxtest.com"
<Directory "/var/www/html/10080">
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
第三步: 测试语法并重启httpd服务,然后测试对应结果
[root@localhost ~]#httpd -t
Syntax OK
[root@localhost ~]#systemctl restart httpd
[root@localhost ~]#curl 192.168.30.105:80
hi,the ip Port is '80'
[root@localhost ~]#curl 192.168.30.105:10080
hi,the ip Port is '10080'
基于主机域名
第一步: 创建基于主机域名的目录和索引文件
[root@localhost ~]#mkdir -p /var/www/html/ilinux
[root@localhost ~]#mkdir -p /var/www/html/iunix
[root@localhost ~]#echo "domain name is 'www.ilinux.com'" >/var/www/html/ilinux/index.html
[root@localhost ~]#echo "domain name is 'www.iunix.com'" >/var/www/html/iunix/index.html
第二步: 修改主配置文件相关配置
<VirtualHost 192.168.30.105:80>
DocumentRoot "/var/www/html/ilinux"
ServerName www.ilinux.com
<Directory "/var/www/html/ilinux">
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
<VirtualHost 192.168.30.105:80>
DocumentRoot "/var/www/html/iunix"
ServerName www.iunix.com
<Directory "/var/www/html/iunix">
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
第三步: 更改本地hosts文件对应关系或自建DNS做对应修改
[root@localhost named]#vim /etc/hosts
192.168.30.105 www.ilinux.com www.iunix.com
第四步: 测试语法并重启httpd服务,然后测试对应结果
[root@localhost ~]#httpd -t
Syntax OK
[root@localhost ~]#systemctl restart httpd
[root@localhost named]#curl www.ilinux.com
domain name is 'www.ilinux.com'
[root@localhost named]#curl www.iunix.com
domain name is 'www.iunix.com'
ii.站点访问控制
禁止ip:192.168.30.200访问
[root@localhost conf.d]#vim deny.conf
<VirtualHost 192.168.30.105:80>
ServerName www.ilinux.com
DocumentRoot "/var/www/html"
<Directory "/var/www/html">
<Requireall>
Require all granted
Require not ip 192.168.30.200
</Requireall>
</Directory>
</VirtualHost>
iii.基于用户的访问控制
第一步:创建密码账户和允许访问的用户
[root@localhost ~]#htpasswd -c /tmp/test.users tom
[root@localhost ~]#htpasswd -m /tmp/test.users jerry
[root@localhost ~]#htpasswd -m /tmp/test.users obama
第二步:把存放密码的文件移动到httpd目录下,且保存为隐藏文件
[root@localhost ~]#mv /tmp/test.users /etc/httpd/conf.d/.htpasswd
第三步:创建测试index页
[root@localhost conf.d]#mkdir -p /var/www/html/testusers
[root@localhost conf.d]#echo "Testusers Area" > /var/www/html/testusers/index.html
第四步: 创建模块化文件并且做对应配置
[root@localhost conf.d]#vim /etc/httpd/conf.d/testusers.conf
<Directory "/var/www/html/testusers">
Options None
AllowOverride None
AuthType basic
AuthName "Test Area,pls enter your username and password"
AuthUserFile "/etc/httpd/conf.d/.htpasswd"
Require user tom jerry obama
#Require valid-user #允许所有用户都能登录
</Directory>
第五步: 编辑主配置文件下的Directory路径
DocumentRoot "/var/www/html/testusers"
<Directory "/var/www/html/testusers">
AllowOverride None
# Allow open access:
Require all granted
</Directory>
第六步: 检查语法错误并作测试
[root@localhost conf.d]#httpd -t
Syntax OK
[root@localhost conf.d]#systemctl restart httpd
若按组别进行访问限制:
第一步:在上述基础之上,把需要限制的用户添加进组别,并隐藏
[root@localhost conf.d]#vim /etc/httpd/conf.d/.htgroup
animals: tom jerry
第二步: 在原有模块化文件中做修改
[root@localhost conf.d]#vim /etc/httpd/conf.d/group.conf
<Directory "/var/www/html/testusers">
Options None
AllowOverride None
AuthType basic
AuthName "Test Area,pls enter your username and password"
AuthUserFile "/etc/httpd/conf.d/.htpasswd"
AuthGroupFile "/etc/httpd/conf.d/.htgroup"
Require group animals
</Directory>
第三步:检查语法错误并作测试
[root@localhost conf.d]#httpd -t
Syntax OK
[root@localhost conf.d]#systemctl restart httpd
iiii.持久连接
1).什么是持久链接?
建立链接以后持续获取资源不断开,一直响应到把需要获取的资源都成功获取了以后才终止链接.
2).为什么要做持久链接?
http协议是无状态的,每一次的事务都是建立在一次请求和一次响应组成,http同时也是基于tcp传输协议的,所以每次建立链接交换数据之前都需要进行安全的三次握手,四次断开的过程,若数据交换频繁势必会导致资源的消耗.
3).创建模块化进行对应设置
[root@localhost ~]#vim /etc/httpd/conf.d/keepalive.conf
KeepAlive On
KeepAliveTimeout 35
MaxKeepAliveRequests 100
4).检查语法错误并做测试
[root@localhost conf.d]#httpd -t
Syntax OK
[root@localhost conf.d]#systemctl restart httpd
