Compile and install Apache HTTP Server 2.4.23 and configure HTTP/HTTPS reverse proxy

Source: Internet
Author: User
Tags install openssl openssl version fully qualified domain name

Compile and install Apache HTTP Server 2.4.23
and configuring the Http/https reverse Proxy
One, dependent software:

1.1 gcc and C + + compilers

    • Gcc
    • C + + Compiler

1.1.1 If the above dependent packages are not installed, perform the following command installation:

[email protected] ~]# Yum install-y gcc gcc-c++

1.1.2 If one is already installed, you can install one of the following commands individually:

[email protected] ~]# Yum install-y gcc
[email protected] ~]# Yum install-y gcc-c++

    • If you do not have GCC installed, you will encounter the following error when compiling other dependent packages:

Configure:error:no acceptable C compiler found in $PATH.

    • If you do not have C + + Compiler installed, you will encounter the following error when compiling other dependent packages:

Configure:error:you need a C + + compiler for C + + support.

1.2 Apr,apr-util and Pcre

  • Apache Portable Runtime (APR) 1.5.2 (size 807KB)
  • Apache Portable Runtime Utility (apr-util) 1.5.4 (size 678KB)
  • Perl-compatible Regular Expressions Library (PCRE) 9.39 (size 1.48MB)
    If the above dependent packages are not installed, perform the following command download and the server needs to be able to access the extranet:
    [Email protected] ~]# wget http://mirrors.cnnic.cn/apache//apr/apr-1.5.2.tar.bz2
    [Email protected] ~]# wget http://mirrors.cnnic.cn/apache//apr/apr-util-1.5.4.tar.bz2
    [Email protected] ~]# wget http://ncu.dl.sourceforge.net/project/pcre/pcre/8.39/pcre-8.39.tar.bz2
    If you cannot access the extranet, please download it separately and upload it to the service
    1.2.1 Unzip, compile, install Apr 1.5.2, CD switch to the directory where the compression package is located:
    [Email protected] ~]# tar xvf apr-1.5.2.tar.bz2
    [Email protected] ~]# CD apr-1.5.2
    [Email protected] apr-1.5.2]#/configure--PREFIX=/USR/LOCAL/APR
    [[email protected] apr-1.5.2]# make && make install
  • Parameter--prefix for the specified installation directory (recommended, same as below), you can modify it yourself
    1.2.2 Unzip, compile, install Apr-util 1.5.4, CD switch to the directory where the compression package is located:
    [Email protected] ~]# tar xvf apr-util-1.5.4.tar.bz2
    [Email protected] ~]# CD apr-util-1.5.4
    [Email protected] apr-util-1.5.4]#/configure--prefix=/usr/local/apr-util--with-apr=/usr/local/apr
    [[email protected] apr-util-1.5.4]# make && make install
  • Parameter--prefix is the specified installation directory and can be modified by itself
  • Parameter--WITH-APR is the installation directory specifying the APR above
    1.2.3 Unzip, compile, install Pcre 9.39, CD switch to the directory where the compression package is located:
    [Email protected] ~]# tar xvf pcre-8.39.tar.bz2?
    [Email protected] ~]# CD pcre-8.39
    [Email protected] pcre-8.39]#/configure--prefix=/usr/local/pcre
    [[email protected] pcre-8.39]# make && make install
  • Parameter--prefix is the specified installation directory and can be modified by itself
    Second, if need to support HTTPS, need to download and install OpenSSL, version needs >=0.98, this example uses 1.0.2 version (size 5.06MB):
    2.1 Check if the system has SSL and version installed:
    [[email protected] ~]# OpenSSL version
    OpenSSL 1.0.0-fips Mar 2010
    or execute:
    [Email protected] ~]# Rpm-qa|grep OpenSSL
    Openssl-1.0.0-20.el6_2.5.x86_64
    If the command returns similar to the above results, prove that the system is installed, if not, please refer to the following steps to compile the installation:
    [Email protected] ~]# wget https://www.openssl.org/source/old/1.0.2/openssl-1.0.2i.tar.gz
    If you cannot access the extranet, please download it separately and upload it to the server
    2.2 Unzip, compile, install the OpenSSL 1.0.2, switch the CD to the directory where the compression package is located:
    [Email protected] ~]# tar xvf openssl-1.0.2i.tar.gz
    [Email protected] ~]# CD openssl-1.0.2i
    [Email protected] openssl-1.0.2i]#/config-fpic--prefix=/usr/local/openssl--openssldir=/usr/local/openssl
    [[email protected] openssl-1.0.2i]# make && make install
  • Parameter--prefix,--openssldir is the specified installation directory and can be modified by itself
  • Make && make install installation steps may take several minutes
    2.3 Tried to use version 1.1.0b (openssl-1.1.0b.tar.gz), but when compiling Apache HTTP Server 2.4.23 encountered the following error, it is incompatible with the version, so use the openssl-1.0.2i version:
    Ab.c:2416:warning:implicit declaration of function ' Crypto_malloc_init '
    /usr/local/apr/build-1/libtool--silent--mode=link gcc-std=gnu99-g-o2-pthread ...
    Ab.o:in functionmain‘:<br/>httpd-2.4.23/support/ab.c:2416: undefined reference toCrypto_malloc_init '
    httpd-2.4.23/support/ab.c:2357:undefined reference to ' Sslv2_client_method '
    Third, download Apache HTTP server 2.4.23 (size 6.05MB), the server needs to be able to access the extranet:
    [Email protected] ~]# wget http://mirrors.cnnic.cn/apache//httpd/httpd-2.4.23.tar.bz2
    If you cannot access the extranet, please download it separately and upload it to the server
    3.1 Unzip, compile, install Apache HTTP Server 2.4.23, first switch to the directory where the compressed package is located:
    [Email protected] ~]# tar xvf httpd-2.4.23.tar.bz2
    [Email protected] ~]# CD httpd-2.4.23
    [Email protected] httpd-2.4.23]#/configure--prefix=/usr/local/apache2--enable-so--enable-ssl--enable-cgi-- Enable-rewrite--with-zlib--with-pcre=/usr/local/pcre--with-apr=/usr/local/apr--with-apr-util=/usr/local/ Apr-util--with-ssl=/usr/local/openssl--enable-modules=most
    [[email protected] httpd-2.4.23]# make && make install
    --prefix: Specifying the installation directory
    --with-pcre:pcre installation directory
    --WITH-APR:APR installation directory
    --with-apr-util:apr-util installation directory
    --ENABLE-SSL: Enable SSL? (You do not need to add this parameter if you do not need to support HTTPS)
    --with-ssl:openssl installation directory? (You do not need to add this parameter if you do not need to support HTTPS)
    Other parameters are optional, see individual needs
    Four, test the installation is successful
    4.1 Modifying servername
    Open the/usr/local/apache2/conf/httpd.conf file (/usr/local/apache2 is the installation directory for httpd), look for servername, in the format shown below, the default port is 80:
    ServerName ip:80 or ServerName dns:80
    Save after modification
  • if it is not modified, the following error may occur when booting:
    [[email protected] bin]#./httpd-k start
    AH00558:httpd:Could not reliably Determine the server ' s fully qualified domain name, using xxx.xxx.xxx.xxx. Set the ' ServerName ' directive globally to suppress this message
    4.2 binding listening IP and Access port
    Open/usr/local/apache2/conf/ httpd.conf file (/usr/local/apache2 is the installation directory for httpd), find Listen in the format shown below, the default port is 80, if you need to listen to other ports, modify:
    #Listen ip:port
    Listen
    4.3 start httpd
    into the bin directory, execute./httpd-k start
    [[email protected] bin]#./httpd-k start
    httpd (PID 29502) already running
    If a similar result proves successful
    4.4 page Verification
    Open the IP or domain name of the browser input server (if you use a non-80 port above, you need to enter the specified port), if it works! Proof of successful start
    4.5 httpd restart, Stop command
    ./httpd-k Restart|stop
    Five, modify default boot Group/user
    httpd The default startup group/user are daemon, If necessary, you can modify the following steps:
    Open the/usr/local/apache2/conf/httpd.conf file (/usr/local/apache2 is the installation directory for httpd), find the user daemon, modify and save it, For example, if you start with Apache/apache, replace daemon:
    User Apache
    Group Apache
  • The system needs to add Apache group and user and modify/usr/local/apache2 's directory permissions
  • When you start, use ROOT,HTTPD to automatically switch to view the process:
    [Email protected] bin]# Ps-ef|grep httpd
    Root???? 29502?? 1 0 09:40????? 00:00:00./httpd-k Start
    Daemon? 29503 29502 0 09:40????? 00:00:00./httpd-k Start
    Daemon? 29504 29502 0 09:40????? 00:00:00./httpd-k Start
    Daemon? 29505 29502 0 09:40????? 00:00:00./httpd-k Start
    Root??? 31623 30134 0 10:20 pts/0?? 00:00:00 grep httpd
    Six, configure the reverse proxy to forward all requests to the application server ls
    6.1 View the loaded proxy module, default is no (depending on the version)
    [Email protected] bin]#./httpd-m|grep Proxy
    6.2 Modifying the proxy module to be loaded
    Open the/usr/local/apache2/conf/httpd.conf file (/usr/local/apache2 is the installation directory for httpd), find mod_proxy.so and mod_proxy_http.so, put the opening # Remove:
    LoadModule Proxy_module modules/mod_proxy.so
    LoadModule Proxy_http_module MODULES/MOD_PROXY_HTTP.S
    Also need to load virtial hosts configuration, find httpd-vhosts.conf, the beginning of the # removed: Virtual hosts

    Include conf/extra/httpd-vhosts.conf

  • Enabling virtual hosts requires the Mod_log_config.so module, which is loaded by default, confirming that there is no # at the beginning:
    LoadModule Log_config_module modules/mod_log_config.so
    Restart
    [Email protected] bin]#/httpd-k restart
    Re-view the loaded proxy module, this time should appear as shown in the following 2 modules to prove the success of the load:
    [Email protected] bin]#./httpd-m|grep Proxy
    ? Proxy_module (Shared)
    ? Proxy_http_module (Shared)
    6.3 If you need to use SSL, you need to load the Mod_ssl.so module as described above:
    LoadModule Ssl_module modules/mod_ssl.so
    and secure (SSL/TLS) connections configuration, remove the opening #: Secure (SSL/TLS) connections

    Include conf/extra/httpd-ssl.conf

  • Enabling Secure (SSL/TLS) connections requires the following modules to confirm that the beginning # has been removed:
    LoadModule Log_config_module modules/mod_log_config.so
    LoadModule Setenvif_module modules/mod_setenvif.so
    LoadModule Socache_shmcb_module modules/mod_socache_shmcb.so
    6.4 Configuring the HTTP reverse proxy
    Open the/usr/local/apache2/conf/extra/httpd-vhosts.conf file (/usr/local/apache2 is the installation directory for httpd), modify the node <virtualhost: 80>:
    <virtualhost
    :80>
    ? ? ServerAdmin [email protected]?????????????????????
    ? ? DocumentRoot "/usr/local/apache2/htdocs"? #应用文件根目录, under the installation directory
    ? ? ServerName xxx.com????????????????????????????????? #监听的域名或者ip
    ? ? Errorlog "Logs/error.log"????????????????????????????????
    ? ? Customlog "Logs/access.log" Common????? #访问日志相对路径
    ? ? Proxyvia Off????????????????????????????????????????? #用于控制在http首部是否使用Via, off
    ? ? Proxyrequests off???????????????????????
    ? ? Proxypreservehost on??????????????????
    ? ? proxypass/http://ip:port/??????????????????????? #监听的路径和转发的路径, modify according to the actual situation
    ? ? proxypa***everse/http://ip:port/????????? #需要输入http://And the back of the
    </VirtualHost>
  • If you need to use multiple ports, you can configure multiple <virtualhost *: Ports > Nodes
  • Modify any conf file after saving must be restarted httpd
    6.5 Configuring the HTTPS reverse proxy
    Open the/usr/local/apache2/conf/extra/httpd-ssl.conf file (/usr/local/apache2 is the installation directory for httpd) and modify the following configuration: HTTPS port for listening, default is 443

    Listen 443

    inter-process session Cache:configure The SSL session Cache:first the Mechanism?to use and second the expiring timeout (i n seconds).

    Sslsessioncache???? " Shmcb:/usr/local/apache2/logs/ssl_scache (512000) "
    Sslsessioncachetimeout? 300

    SSL Virtual Host Context

    <virtualhostdefault:443>????????????????????????????
    ? DocumentRoot "/usr/local/apache2/htdocs" #应用文件根目录, under the installation directory
    ? ServerName www.xxx.com????????????????????? #监听的域名或者ip
    ? ServerAdmin [email protected]?????????????????????????? #管理员邮箱
    ? Errorlog "/usr/local/apache2/logs/ssl_error.log"?????? #错误日志路径
    ? Transferlog "/usr/local/apache2/logs/ssl_access.log"? #访问日志路径
    ? Sslengine on????????????????????????????????????
    ? Sslproxyengine on????????????????????????????????????
    ? #如果使用RSA或DSA或ECC certificate's words should be listed together.
    ? Sslcertificatefile "/usr/local/apache2/conf/server.crt"?? #Server Certificate Certificate Path
    ? Sslcertificatekeyfile "/usr/local/apache2/conf/server.key"? #Server Private Key Path
    ? #下面是可选的, if any, you need to get rid of the previous #
    ? #SSLCertificateChainFile "/usr/local/apache2/conf/server-ca.crt"? #Server Certificate Chain
    ? #SSLCACertificatePath "/usr/local/apache2/conf/ssl.crt"????? #Certificate Authority (CA)
    ? #Certificate Revocation Lists (CRL)
    ? #SSLCARevocationPath "/USR/LOCAL/APACHE2/CONF/SSL.CRL"
    ? #SSLCARevocationFile "/USR/LOCAL/APACHE2/CONF/SSL.CRL/CA-BUNDLE.CRL"
    ? #SSLCARevocationCheck Chain
    ? #Client Authentication (Type):
    ? #SSLVerifyClient require
    ? #SSLVerifyDepth? 10
    ? #TLS-SRP Mutual Authentication
    ? #SSLSRPVerifierFile "/USR/LOCAL/APACHE2/CONF/PASSWD.SRPV"
    ? #定制化格式日志
    ? Customlog "/usr/local/apache2/logs/ssl_request.log" \
    ? ? ? ? ? "%t%h%{ssl_protocol}x%{ssl_cipher}x \"%r\ "%b"
    ? #监听的路径和转发的路径, depending on the actual situation, you will need to enter https://and the back/
    ? Proxyrequests OFF
    ? proxypass/https://ip:443/????????
    ? proxypa***everse/https://ip:443/???????
    </VirtualHost>

Compile and install Apache HTTP Server 2.4.23 and configure HTTP/HTTPS reverse proxy

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.