Compile and install Apache HTTP Server 2.4.23
and configuring the Http/https reverse Proxy
One, dependent software:
1.1 gcc and C + + compilers
1.1.1 If the above dependent packages are not installed, perform the following command installation:
[email protected] ~]# Yum install-y gcc gcc-c++
1.1.2 If one is already installed, you can install one of the following commands individually:
[email protected] ~]# Yum install-y gcc
[email protected] ~]# Yum install-y gcc-c++
- If you do not have GCC installed, you will encounter the following error when compiling other dependent packages:
Configure:error:no acceptable C compiler found in $PATH.
- If you do not have C + + Compiler installed, you will encounter the following error when compiling other dependent packages:
Configure:error:you need a C + + compiler for C + + support.
1.2 Apr,apr-util and Pcre
- Apache Portable Runtime (APR) 1.5.2 (size 807KB)
- Apache Portable Runtime Utility (apr-util) 1.5.4 (size 678KB)
- Perl-compatible Regular Expressions Library (PCRE) 9.39 (size 1.48MB)
If the above dependent packages are not installed, perform the following command download and the server needs to be able to access the extranet:
[Email protected] ~]# wget http://mirrors.cnnic.cn/apache//apr/apr-1.5.2.tar.bz2
[Email protected] ~]# wget http://mirrors.cnnic.cn/apache//apr/apr-util-1.5.4.tar.bz2
[Email protected] ~]# wget http://ncu.dl.sourceforge.net/project/pcre/pcre/8.39/pcre-8.39.tar.bz2
If you cannot access the extranet, please download it separately and upload it to the service
1.2.1 Unzip, compile, install Apr 1.5.2, CD switch to the directory where the compression package is located:
[Email protected] ~]# tar xvf apr-1.5.2.tar.bz2
[Email protected] ~]# CD apr-1.5.2
[Email protected] apr-1.5.2]#/configure--PREFIX=/USR/LOCAL/APR
[[email protected] apr-1.5.2]# make && make install
- Parameter--prefix for the specified installation directory (recommended, same as below), you can modify it yourself
1.2.2 Unzip, compile, install Apr-util 1.5.4, CD switch to the directory where the compression package is located:
[Email protected] ~]# tar xvf apr-util-1.5.4.tar.bz2
[Email protected] ~]# CD apr-util-1.5.4
[Email protected] apr-util-1.5.4]#/configure--prefix=/usr/local/apr-util--with-apr=/usr/local/apr
[[email protected] apr-util-1.5.4]# make && make install
- Parameter--prefix is the specified installation directory and can be modified by itself
- Parameter--WITH-APR is the installation directory specifying the APR above
1.2.3 Unzip, compile, install Pcre 9.39, CD switch to the directory where the compression package is located:
[Email protected] ~]# tar xvf pcre-8.39.tar.bz2?
[Email protected] ~]# CD pcre-8.39
[Email protected] pcre-8.39]#/configure--prefix=/usr/local/pcre
[[email protected] pcre-8.39]# make && make install
- Parameter--prefix is the specified installation directory and can be modified by itself
Second, if need to support HTTPS, need to download and install OpenSSL, version needs >=0.98, this example uses 1.0.2 version (size 5.06MB):
2.1 Check if the system has SSL and version installed:
[[email protected] ~]# OpenSSL version
OpenSSL 1.0.0-fips Mar 2010
or execute:
[Email protected] ~]# Rpm-qa|grep OpenSSL
Openssl-1.0.0-20.el6_2.5.x86_64
If the command returns similar to the above results, prove that the system is installed, if not, please refer to the following steps to compile the installation:
[Email protected] ~]# wget https://www.openssl.org/source/old/1.0.2/openssl-1.0.2i.tar.gz
If you cannot access the extranet, please download it separately and upload it to the server
2.2 Unzip, compile, install the OpenSSL 1.0.2, switch the CD to the directory where the compression package is located:
[Email protected] ~]# tar xvf openssl-1.0.2i.tar.gz
[Email protected] ~]# CD openssl-1.0.2i
[Email protected] openssl-1.0.2i]#/config-fpic--prefix=/usr/local/openssl--openssldir=/usr/local/openssl
[[email protected] openssl-1.0.2i]# make && make install
- Parameter--prefix,--openssldir is the specified installation directory and can be modified by itself
- Make && make install installation steps may take several minutes
2.3 Tried to use version 1.1.0b (openssl-1.1.0b.tar.gz), but when compiling Apache HTTP Server 2.4.23 encountered the following error, it is incompatible with the version, so use the openssl-1.0.2i version:
Ab.c:2416:warning:implicit declaration of function ' Crypto_malloc_init '
/usr/local/apr/build-1/libtool--silent--mode=link gcc-std=gnu99-g-o2-pthread ...
Ab.o:in functionmain‘:<br/>httpd-2.4.23/support/ab.c:2416: undefined reference to
Crypto_malloc_init '
httpd-2.4.23/support/ab.c:2357:undefined reference to ' Sslv2_client_method '
Third, download Apache HTTP server 2.4.23 (size 6.05MB), the server needs to be able to access the extranet:
[Email protected] ~]# wget http://mirrors.cnnic.cn/apache//httpd/httpd-2.4.23.tar.bz2
If you cannot access the extranet, please download it separately and upload it to the server
3.1 Unzip, compile, install Apache HTTP Server 2.4.23, first switch to the directory where the compressed package is located:
[Email protected] ~]# tar xvf httpd-2.4.23.tar.bz2
[Email protected] ~]# CD httpd-2.4.23
[Email protected] httpd-2.4.23]#/configure--prefix=/usr/local/apache2--enable-so--enable-ssl--enable-cgi-- Enable-rewrite--with-zlib--with-pcre=/usr/local/pcre--with-apr=/usr/local/apr--with-apr-util=/usr/local/ Apr-util--with-ssl=/usr/local/openssl--enable-modules=most
[[email protected] httpd-2.4.23]# make && make install
--prefix: Specifying the installation directory
--with-pcre:pcre installation directory
--WITH-APR:APR installation directory
--with-apr-util:apr-util installation directory
--ENABLE-SSL: Enable SSL? (You do not need to add this parameter if you do not need to support HTTPS)
--with-ssl:openssl installation directory? (You do not need to add this parameter if you do not need to support HTTPS)
Other parameters are optional, see individual needs
Four, test the installation is successful
4.1 Modifying servername
Open the/usr/local/apache2/conf/httpd.conf file (/usr/local/apache2 is the installation directory for httpd), look for servername, in the format shown below, the default port is 80:
ServerName ip:80 or ServerName dns:80
Save after modification
- if it is not modified, the following error may occur when booting:
[[email protected] bin]#./httpd-k start
AH00558:httpd:Could not reliably Determine the server ' s fully qualified domain name, using xxx.xxx.xxx.xxx. Set the ' ServerName ' directive globally to suppress this message
4.2 binding listening IP and Access port
Open/usr/local/apache2/conf/ httpd.conf file (/usr/local/apache2 is the installation directory for httpd), find Listen in the format shown below, the default port is 80, if you need to listen to other ports, modify:
#Listen ip:port
Listen
4.3 start httpd
into the bin directory, execute./httpd-k start
[[email protected] bin]#./httpd-k start
httpd (PID 29502) already running
If a similar result proves successful
4.4 page Verification
Open the IP or domain name of the browser input server (if you use a non-80 port above, you need to enter the specified port), if it works! Proof of successful start
4.5 httpd restart, Stop command
./httpd-k Restart|stop
Five, modify default boot Group/user
httpd The default startup group/user are daemon, If necessary, you can modify the following steps:
Open the/usr/local/apache2/conf/httpd.conf file (/usr/local/apache2 is the installation directory for httpd), find the user daemon, modify and save it, For example, if you start with Apache/apache, replace daemon:
User Apache
Group Apache
- The system needs to add Apache group and user and modify/usr/local/apache2 's directory permissions
- When you start, use ROOT,HTTPD to automatically switch to view the process:
[Email protected] bin]# Ps-ef|grep httpd
Root???? 29502?? 1 0 09:40????? 00:00:00./httpd-k Start
Daemon? 29503 29502 0 09:40????? 00:00:00./httpd-k Start
Daemon? 29504 29502 0 09:40????? 00:00:00./httpd-k Start
Daemon? 29505 29502 0 09:40????? 00:00:00./httpd-k Start
Root??? 31623 30134 0 10:20 pts/0?? 00:00:00 grep httpd
Six, configure the reverse proxy to forward all requests to the application server ls
6.1 View the loaded proxy module, default is no (depending on the version)
[Email protected] bin]#./httpd-m|grep Proxy
6.2 Modifying the proxy module to be loaded
Open the/usr/local/apache2/conf/httpd.conf file (/usr/local/apache2 is the installation directory for httpd), find mod_proxy.so and mod_proxy_http.so, put the opening # Remove:
LoadModule Proxy_module modules/mod_proxy.so
LoadModule Proxy_http_module MODULES/MOD_PROXY_HTTP.S
Also need to load virtial hosts configuration, find httpd-vhosts.conf, the beginning of the # removed: Virtual hostsInclude conf/extra/httpd-vhosts.conf
- Enabling virtual hosts requires the Mod_log_config.so module, which is loaded by default, confirming that there is no # at the beginning:
LoadModule Log_config_module modules/mod_log_config.so
Restart
[Email protected] bin]#/httpd-k restart
Re-view the loaded proxy module, this time should appear as shown in the following 2 modules to prove the success of the load:
[Email protected] bin]#./httpd-m|grep Proxy
? Proxy_module (Shared)
? Proxy_http_module (Shared)
6.3 If you need to use SSL, you need to load the Mod_ssl.so module as described above:
LoadModule Ssl_module modules/mod_ssl.so
and secure (SSL/TLS) connections configuration, remove the opening #: Secure (SSL/TLS) connectionsInclude conf/extra/httpd-ssl.conf
- Enabling Secure (SSL/TLS) connections requires the following modules to confirm that the beginning # has been removed:
LoadModule Log_config_module modules/mod_log_config.so
LoadModule Setenvif_module modules/mod_setenvif.so
LoadModule Socache_shmcb_module modules/mod_socache_shmcb.so
6.4 Configuring the HTTP reverse proxy
Open the/usr/local/apache2/conf/extra/httpd-vhosts.conf file (/usr/local/apache2 is the installation directory for httpd), modify the node <virtualhost: 80>:
<virtualhost:80>
? ? ServerAdmin [email protected]?????????????????????
? ? DocumentRoot "/usr/local/apache2/htdocs"? #应用文件根目录, under the installation directory
? ? ServerName xxx.com????????????????????????????????? #监听的域名或者ip
? ? Errorlog "Logs/error.log"????????????????????????????????
? ? Customlog "Logs/access.log" Common????? #访问日志相对路径
? ? Proxyvia Off????????????????????????????????????????? #用于控制在http首部是否使用Via, off
? ? Proxyrequests off???????????????????????
? ? Proxypreservehost on??????????????????
? ? proxypass/http://ip:port/??????????????????????? #监听的路径和转发的路径, modify according to the actual situation
? ? proxypa***everse/http://ip:port/????????? #需要输入http://And the back of the
</VirtualHost>
- If you need to use multiple ports, you can configure multiple <virtualhost *: Ports > Nodes
- Modify any conf file after saving must be restarted httpd
6.5 Configuring the HTTPS reverse proxy
Open the/usr/local/apache2/conf/extra/httpd-ssl.conf file (/usr/local/apache2 is the installation directory for httpd) and modify the following configuration: HTTPS port for listening, default is 443Listen 443
inter-process session Cache:configure The SSL session Cache:first the Mechanism?to use and second the expiring timeout (i n seconds).Sslsessioncache???? " Shmcb:/usr/local/apache2/logs/ssl_scache (512000) "
Sslsessioncachetimeout? 300
SSL Virtual Host Context<virtualhostdefault:443>????????????????????????????
? DocumentRoot "/usr/local/apache2/htdocs" #应用文件根目录, under the installation directory
? ServerName www.xxx.com????????????????????? #监听的域名或者ip
? ServerAdmin [email protected]?????????????????????????? #管理员邮箱
? Errorlog "/usr/local/apache2/logs/ssl_error.log"?????? #错误日志路径
? Transferlog "/usr/local/apache2/logs/ssl_access.log"? #访问日志路径
? Sslengine on????????????????????????????????????
? Sslproxyengine on????????????????????????????????????
? #如果使用RSA或DSA或ECC certificate's words should be listed together.
? Sslcertificatefile "/usr/local/apache2/conf/server.crt"?? #Server Certificate Certificate Path
? Sslcertificatekeyfile "/usr/local/apache2/conf/server.key"? #Server Private Key Path
? #下面是可选的, if any, you need to get rid of the previous #
? #SSLCertificateChainFile "/usr/local/apache2/conf/server-ca.crt"? #Server Certificate Chain
? #SSLCACertificatePath "/usr/local/apache2/conf/ssl.crt"????? #Certificate Authority (CA)
? #Certificate Revocation Lists (CRL)
? #SSLCARevocationPath "/USR/LOCAL/APACHE2/CONF/SSL.CRL"
? #SSLCARevocationFile "/USR/LOCAL/APACHE2/CONF/SSL.CRL/CA-BUNDLE.CRL"
? #SSLCARevocationCheck Chain
? #Client Authentication (Type):
? #SSLVerifyClient require
? #SSLVerifyDepth? 10
? #TLS-SRP Mutual Authentication
? #SSLSRPVerifierFile "/USR/LOCAL/APACHE2/CONF/PASSWD.SRPV"
? #定制化格式日志
? Customlog "/usr/local/apache2/logs/ssl_request.log" \
? ? ? ? ? "%t%h%{ssl_protocol}x%{ssl_cipher}x \"%r\ "%b"
? #监听的路径和转发的路径, depending on the actual situation, you will need to enter https://and the back/
? Proxyrequests OFF
? proxypass/https://ip:443/????????
? proxypa***everse/https://ip:443/???????
</VirtualHost>
Compile and install Apache HTTP Server 2.4.23 and configure HTTP/HTTPS reverse proxy