Build Apache reverse proxy with source code (including SSL configuration)
Apache built by rpm is suitable for most applications. It contains most modules, but we only use it to build reverse proxy. Too many large modules are not good, affecting performance, therefore, we chose targeted source code compilation so that apache can adapt to our platform.
Download source code:
Wget http://mirrors.cnnic.cn/apache/httpd/httpd-2.2.25.tar.gz
Extract
Tar zxvf httpd-2.2.25.tar.gz
Cd httpd-2.2.25
Prerequisites for compiling and Installation
Yum install-y gcc-c ++ apr-devel apr-util openssl-devel
Optimized compilation based on the gcc version and cpu architecture
650) this. width = 650; "title =" clip_image002 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; margin: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" clip_image002 "src =" http://www.bkjia.com/uploads/allimg/131228/0044304500-0.png "height =" 498 "/>
Use gcc-v to view the gcc version
650) this. width = 650; "title =" clip_image004 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; margin: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" clip_image004 "src =" http://www.bkjia.com/uploads/allimg/131228/004430NO-1.jpg "height =" 205 "/>
Cat/proc/cpuinfo view cpu Model
650) this. width = 650; "title =" clip_image005 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; margin: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" clip_image005 "src =" http://www.bkjia.com/uploads/allimg/131228/00443052L-2.png "height =" 299 "/>
Uname-r: view the operating system version
650) this. width = 650; "title =" clip_image006 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; margin: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" clip_image006 "src =" http://www.bkjia.com/uploads/allimg/131228/004430H41-3.png "height =" 41 "/>
Compile and install
CFLAGS = "-march = core2-mtune = generic-O2-pipe" CXXFLAGS = "{CFLAGS }". /configure -- enable-layout = RedHat -- enable-modules = so -- enable-ssl -- enable-rewrite -- enable-proxy
Make
Make install
Clear debugging symbols to save memory space
Strip/usr/sbin/httpd
Use httpd-M to check the added modules
Httpd-m | grep rewrite
Httpd-m | grep ssl
Httpd-m | grep proxy
650) this. width = 650; "title =" clip_image007 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; margin: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" clip_image007 "src =" http://www.bkjia.com/uploads/allimg/131228/0044304627-4.png "height =" 245 "/>
Use httpd-k start to start apache
Disable using httpd-k stop
Restart with httpd-k restart
Echo "/usr/sbin/httpd-k start">/etc/rc. local is set to random start
Configure ssl
The red font is the newly added configuration.
# Redirect non-ssl request to ssl requres
Redirect/https://web.contoso.com
SSLSessionCache "shmcb: logs/ssl_scache (512000 )"
SSLSessionCacheTimeout 300
ProxyRequests off
Listen 443 https
Namevirtualhost*: 443
<VirtualHost *: 443>
# Site info
ServerName webprox1.contoso.com
ServerAdmin administrator@contoso.com
SSLEngine on
SSLProxyEngine on
SSLCertificateFile/etc/httpd/conf/ssl/web. crt
SSLCertificateKeyFile/etc/httpd/conf/ssl/web. key
SSLCACertificatePath/etc/httpd/conf/ssl
SSLCACertificateFile/etc/httpd/conf/ssl/ca. pem
# Rewrite engine on
RewriteEngine On
RewriteOptions Inherit
# Log filenames
ErrorLog/etc/httpd/logs/error-inotes-redirect
CustomLog/etc/httpd/logs/access-inotes-redirect common
LogLevel warn
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~ #
# Rule 0: If Cookie is set and user logs out, remove the cookie
RewriteCond % {HTTP_COOKIE} ^. * iNotesServer = .*
RewriteCond % {QUERY_STRING} ^ Logout
RewriteRule ^/. *-[CO = iNotesServer: domino1: .contoso.com: 1]
# Rule 1: Read domino server name from first access to the mail directory,
# Save it to the cookie and redirect to the mail server
RewriteCond % {REQUEST_URI} ^/(. *)/mail
RewriteRule/(. *)/mail/(. *) http: // $1.contoso.com/mail/#2 [P, CO = iNotesServer: $1: .contoso.com]
# Rule 2: If cookie is set, use it to rewrite rules for iNotes generated URLs
# And non mail DBs for the server definde in the cookie iNotesServer
RewriteCond % {REQUEST_URI} ^/favicon. ico [OR]
RewriteCond % {REQUEST_URI} ^/domjs [OR]
RewriteCond % {REQUEST_URI} ^/domjava [OR]
RewriteCond % {REQUEST_URI} ^/domcfg. nsf [OR]
RewriteCond % {REQUEST_URI} ^/iNotes [OR]
RewriteCond % {REQUEST_URI} ^/icons [OR]
RewriteCond % {REQUEST_URI} ^/iwaredir. nsf [OR]
RewriteCond % {REQUEST_URI} ^/names. nsf [OR]
RewriteCond % {REQUEST_URI} ^/mail [OR]
RewriteCond % {REQUEST_URI} ^/archive [OR]
RewriteCond % {REQUEST_URI} ^/download [OR]
RewriteCond % {REQUEST_URI} ^/dwa (.*)
RewriteCond % {HTTP_COOKIE} ^. * iNotesServer = ([^;] +)
RewriteRule/(. *) http: // % 1.contoso.com/#1 [P, L]
# Rule 3: if no cookie set-> on first access on the iNotes iwaredir. nsf
RewriteCond % {REQUEST_URI} ^/favicon. ico [OR]
RewriteCond % {REQUEST_URI} ^/domcfg. nsf [OR]
RewriteCond % {REQUEST_URI} ^/iwaredir. nsf [OR]
RewriteCond % {REQUEST_URI} ^/names. nsf
RewriteRule/(. *) http://domino1.contoso.com/#1 [P, L]
# Rule 4: everything else shoshould be redirected to the original link
RewriteCond % {REQUEST_URI} ^/
RewriteRule/http://domino1.contoso.com/[P]
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~ #
ProxyPassReverse/domino1/mail/http://domino1.contoso.com/mail/
ProxyPassReverse/http://domino1.contoso.com/
</VirtualHost>
650) this. width = 650; "title =" clip_image009 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" clip_image009 "src =" http://www.bkjia.com/uploads/allimg/131228/0044305593-5.png "height =" 276 "/>
Performance Optimization
Canceling http. conf
Include/etc/httpd/conf/extra/httpd-mpm.conf comments, that is, remove the previous #
Modify the value of the prefork segment
<IfModule mpm_prefork_module>
ServerLimit 1000
StartServers 15
MinSpareServers 15
MaxSpareServers 20
MaxClients 1000
MaxRequestsPerChild 3000
</IfModule>
This article from "Gao Wenlong" blog, please be sure to keep this source http://gaowenlong.blog.51cto.com/451336/1281165