http的应用
httpd-2.4:
新特性:
(1) MPM支持运行DSO机制;以模块形式按需加载;
(2) 支持event MPM;
(3) 支持异步读写;
(4) 支持每模块及每个目录分别使用各自的日志级别;
(5) 每请求配置;<If>
(6) 增强版的表达式分析器;
(7) 支持毫秒级的keepalive timeout;
(8) 基于FQDN的虚拟主机不再需要NameVirtualHost指令;
(9) 支持用户自定义变量;
新模块:
(1) mod_proxy_fcgi
(2) mod_ratelimit
(3) mod_remoteip
修改了一些配置机制:
不再支持使用Order, Deny, Allow来做基于IP的访问控制;
安装httpd-2.4
httpd依赖于apr-1.4+, apr-util-1.4+, [apr-icon]
apr: apache portable runtime
CentOS 6:
默认:apr-1.3.9, apr-util-1.3.9
编译安装步骤:
1.4+版的apr和apr-util
前提:
安装开发环境,安装pcre-devel
(1) apr
# ./configure --prefix=/usr/local/apr
# make && make install
(2) apr-util
# ./configure --prefix=/usr/local/apr-util --with=/usr/local/apr
# make && make install
# groupadd -r apache
# useradd -r -g apache apahce
# ./configure --prefix=/usr/local/apache --sysconf=/etc/httpd24 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/ --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork
# make && make install
启动服务:
apachectl
CentOS 7:
配置文件:
主配置文件:/etc/httpd/conf/httpd.conf
模块配置文件:/etc/httpd/conf.modules.d/*.conf
辅助配置文件:/etc/httpd/conf.d/*.conf
mpm:以DSO机制提供,配置文件00-mpm.conf
服务控制:systemctl {start|stop|restart|status|reload} httpd.service
配置:
(1) 切换使用MPM
LoadModule mpm_NAME_module modules/mod_mpm_NAME.so
NAME: prefork, event, worker
(2) 修改'Main' server的DocumentRoot
(3) 基于IP的访问控制法则
允许所有主机访问:Require all granted
拒绝所有主机访问:Require all deny
控制特定IP访问:
Require ip IPADDR:授权指定来源地址的主机访问
Require not ip IPADDR:拒绝指定来源地址的主机访问
IPADDR:
IP: 172.16.100.2
Network/mask: 172.16.0.0/255.255.0.0
Network/Length: 172.16.0.0/16
Net: 172.16
控制特定主机(HOSTNAME)访问
Require host HOSTNAME
Require not host HOSTNAME
HOSTNAME:
FQDN: 特定主机
DOMAIN:指定域内的所有主机
<RequireAll>
Require all granted
Require not ip 10.252.46.165
</RequireAll>
(4) 虚拟主机
基于IP、Port和FQDN都支持;
基于FQDN的不再需要NameVirtualHost指令;
(5) ssl
启用模块:
LoadModule ssl_module modules/mod_ssl.so
(6) CentOS 6 服务脚本
#!/bin/bash
#
# httpd Startup script for the Apache HTTP Server
#
# chkconfig: - 85 15
# description: The Apache HTTP Server is an efficient and extensible \
# server implementing the current HTTP standards.
# processname: httpd
# config: /etc/httpd/conf/httpd.conf
# config: /etc/sysconfig/httpd
# pidfile: /var/run/httpd/httpd.pid
#
### BEGIN INIT INFO
# Provides: httpd
# Required-Start: $local_fs $remote_fs $network $named
# Required-Stop: $local_fs $remote_fs $network
# Should-Start: distcache
# Short-Description: start and stop Apache HTTP Server
# Description: The Apache HTTP Server is an extensible server
# implementing the current HTTP standards.
### END INIT INFO
# Source function library.
. /etc/rc.d/init.d/functions
if [ -f /etc/sysconfig/httpd ]; then
. /etc/sysconfig/httpd
fi
# Start httpd in the C locale by default.
HTTPD_LANG=${HTTPD_LANG-"C"}
# This will prevent initlog from swallowing up a pass-phrase prompt if
# mod_ssl needs a pass-phrase from the user.
INITLOG_ARGS=""
# Set HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server
# with the thread-based "worker" MPM; BE WARNED that some modules may not
# work correctly with a thread-based MPM; notably PHP will refuse to start.
# Path to the apachectl script, server binary, and short-form for messages.
apachectl=/usr/local/apache/bin/apachectl
httpd=/usr/local/apache/bin/httpd
prog=httpd
pidfile=${PIDFILE-/var/run/httpd/httpd24.pid}
lockfile=${LOCKFILE-/var/lock/subsys/httpd24}
RETVAL=0
STOP_TIMEOUT=${STOP_TIMEOUT-10}
# The semantics of these two functions differ from the way apachectl does
# things -- attempting to start while running is a failure, and shutdown
# when not running is also a failure. So we just do it the way init scripts
# are expected to behave here.
start() {
echo -n $"Starting $prog: "
LANG=$HTTPD_LANG daemon --pidfile=${pidfile} $httpd $OPTIONS
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch ${lockfile}
return $RETVAL
}
# When stopping httpd, a delay (of default 10 second) is required
# before SIGKILLing the httpd parent; this gives enough time for the
# httpd parent to SIGKILL any errant children.
stop() {
echo -n $"Stopping $prog: "
killproc -p ${pidfile} -d ${STOP_TIMEOUT} $httpd
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}
}
reload() {
echo -n $"Reloading $prog: "
if ! LANG=$HTTPD_LANG $httpd $OPTIONS -t >&/dev/null; then
RETVAL=6
echo $"not reloading due to configuration syntax error"
failure $"not reloading $httpd due to configuration syntax error"
else
# Force LSB behaviour from killproc
LSB=1 killproc -p ${pidfile} $httpd -HUP
RETVAL=$?
if [ $RETVAL -eq 7 ]; then
failure $"httpd shutdown"
fi
fi
echo
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status -p ${pidfile} $httpd
RETVAL=$?
;;
restart)
stop
start
;;
condrestart|try-restart)
if status -p ${pidfile} $httpd >&/dev/null; then
stop
start
fi
;;
force-reload|reload)
reload
;;
graceful|help|configtest|fullstatus)
$apachectl $@
RETVAL=$?
;;
*)
echo $"Usage: $prog {start|stop|restart|condrestart|try-restart|force-reload|reload|status|fullstatus|graceful|help|configtest}"
RETVAL=2
esac
exit $RETVAL