Build Apache reverse proxy with source code (including SSL configuration)

Build Apache reverse proxy with source code (including SSL configuration)

Apache built by rpm is suitable for most applications. It contains most modules, but we only use it to build reverse proxy. Too many large modules are not good, affecting performance, therefore, we chose targeted source code compilation so that apache can adapt to our platform.

Download source code:

Wget http://mirrors.cnnic.cn/apache/httpd/httpd-2.2.25.tar.gz

Extract

Tar zxvf httpd-2.2.25.tar.gz

Cd httpd-2.2.25

Prerequisites for compiling and Installation

Yum install-y gcc-c ++ apr-devel apr-util openssl-devel

Optimized compilation based on the gcc version and cpu architecture

650) this. width = 650; "title =" clip_image002 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; margin: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" clip_image002 "src =" http://www.bkjia.com/uploads/allimg/131228/0044304500-0.png "height =" 498 "/>

Use gcc-v to view the gcc version

650) this. width = 650; "title =" clip_image004 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; margin: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" clip_image004 "src =" http://www.bkjia.com/uploads/allimg/131228/004430NO-1.jpg "height =" 205 "/>

Cat/proc/cpuinfo view cpu Model

650) this. width = 650; "title =" clip_image005 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; margin: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" clip_image005 "src =" http://www.bkjia.com/uploads/allimg/131228/00443052L-2.png "height =" 299 "/>

Uname-r: view the operating system version

650) this. width = 650; "title =" clip_image006 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; margin: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" clip_image006 "src =" http://www.bkjia.com/uploads/allimg/131228/004430H41-3.png "height =" 41 "/>

Compile and install

CFLAGS = "-march = core2-mtune = generic-O2-pipe" CXXFLAGS = "{CFLAGS }". /configure -- enable-layout = RedHat -- enable-modules = so -- enable-ssl -- enable-rewrite -- enable-proxy

Make

Make install

Clear debugging symbols to save memory space

Strip/usr/sbin/httpd

Use httpd-M to check the added modules

Httpd-m | grep rewrite

Httpd-m | grep ssl

Httpd-m | grep proxy

650) this. width = 650; "title =" clip_image007 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; margin: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" clip_image007 "src =" http://www.bkjia.com/uploads/allimg/131228/0044304627-4.png "height =" 245 "/>

Use httpd-k start to start apache

Disable using httpd-k stop

Restart with httpd-k restart

Echo "/usr/sbin/httpd-k start">/etc/rc. local is set to random start

Configure ssl

The red font is the newly added configuration.

# Redirect non-ssl request to ssl requres

Redirect/https://web.contoso.com

SSLSessionCache "shmcb: logs/ssl_scache (512000 )"

SSLSessionCacheTimeout 300

ProxyRequests off

Listen 443 https

Namevirtualhost*: 443

<VirtualHost *: 443>

# Site info

ServerName webprox1.contoso.com

ServerAdmin administrator@contoso.com

SSLEngine on

SSLProxyEngine on

SSLCertificateFile/etc/httpd/conf/ssl/web. crt

SSLCertificateKeyFile/etc/httpd/conf/ssl/web. key

SSLCACertificatePath/etc/httpd/conf/ssl

SSLCACertificateFile/etc/httpd/conf/ssl/ca. pem

# Rewrite engine on

RewriteEngine On

RewriteOptions Inherit

# Log filenames

ErrorLog/etc/httpd/logs/error-inotes-redirect

CustomLog/etc/httpd/logs/access-inotes-redirect common

LogLevel warn

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~ #

# Rule 0: If Cookie is set and user logs out, remove the cookie

RewriteCond % {HTTP_COOKIE} ^. * iNotesServer = .*

RewriteCond % {QUERY_STRING} ^ Logout

RewriteRule ^/. *-[CO = iNotesServer: domino1: .contoso.com: 1]

# Rule 1: Read domino server name from first access to the mail directory,

# Save it to the cookie and redirect to the mail server

RewriteCond % {REQUEST_URI} ^/(. *)/mail

RewriteRule/(. *)/mail/(. *) http: // $1.contoso.com/mail/#2 [P, CO = iNotesServer: $1: .contoso.com]

# Rule 2: If cookie is set, use it to rewrite rules for iNotes generated URLs

# And non mail DBs for the server definde in the cookie iNotesServer

RewriteCond % {REQUEST_URI} ^/favicon. ico [OR]

RewriteCond % {REQUEST_URI} ^/domjs [OR]

RewriteCond % {REQUEST_URI} ^/domjava [OR]

RewriteCond % {REQUEST_URI} ^/domcfg. nsf [OR]

RewriteCond % {REQUEST_URI} ^/iNotes [OR]

RewriteCond % {REQUEST_URI} ^/icons [OR]

RewriteCond % {REQUEST_URI} ^/iwaredir. nsf [OR]

RewriteCond % {REQUEST_URI} ^/names. nsf [OR]

RewriteCond % {REQUEST_URI} ^/mail [OR]

RewriteCond % {REQUEST_URI} ^/archive [OR]

RewriteCond % {REQUEST_URI} ^/download [OR]

RewriteCond % {REQUEST_URI} ^/dwa (.*)

RewriteCond % {HTTP_COOKIE} ^. * iNotesServer = ([^;] +)

RewriteRule/(. *) http: // % 1.contoso.com/#1 [P, L]

# Rule 3: if no cookie set-> on first access on the iNotes iwaredir. nsf

RewriteCond % {REQUEST_URI} ^/favicon. ico [OR]

RewriteCond % {REQUEST_URI} ^/domcfg. nsf [OR]

RewriteCond % {REQUEST_URI} ^/iwaredir. nsf [OR]

RewriteCond % {REQUEST_URI} ^/names. nsf

RewriteRule/(. *) http://domino1.contoso.com/#1 [P, L]

# Rule 4: everything else shoshould be redirected to the original link

RewriteCond % {REQUEST_URI} ^/

RewriteRule/http://domino1.contoso.com/[P]

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~ #

ProxyPassReverse/domino1/mail/http://domino1.contoso.com/mail/

ProxyPassReverse/http://domino1.contoso.com/

</VirtualHost>

650) this. width = 650; "title =" clip_image009 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" clip_image009 "src =" http://www.bkjia.com/uploads/allimg/131228/0044305593-5.png "height =" 276 "/>

Performance Optimization

Canceling http. conf

Include/etc/httpd/conf/extra/httpd-mpm.conf comments, that is, remove the previous #

Modify the value of the prefork segment

<IfModule mpm_prefork_module>

ServerLimit 1000

StartServers 15

MinSpareServers 15

MaxSpareServers 20

MaxClients 1000

MaxRequestsPerChild 3000

</IfModule>

This article from "Gao Wenlong" blog, please be sure to keep this source http://gaowenlong.blog.51cto.com/451336/1281165