a new characteristic of common httpd-2.4
1) MPM support is loaded at runtime;
Add this at compile time, support Mpm:--enable-mpms-shared=all--with-mpm=event
2) Support Event
3) asynchronous read and write
4) Specify the log level on each module and per directory
5) per request configuration
6) Enhanced version of Expression Analyzer
7) KeepAlive timeout at millisecond level
8) FQDN-based virtual host no longer requires namevirtualhost instructions
9) support for using custom variables
10) added some modules: mod_proxy_fcgi, Mod_ratelimit, Mod_request, Mod_remoteip
11) For IP-based access control has been modified to no longer support the use of order, allow, deny these mechanisms, but unified use of require
Second, installation httpd-2-4
NOTE: The default APR version on centos6.x is apr-1.3.9, and httpd-2.4 needs to apr1.4 above.
Experiment Preparation:
① Platform: centos6.8
② software: apr1.5.0.tar.gz apr-utils-1.5.2.tar.gz httpd-2.4.10.tar.gz
③ Installation Development environment: development Tools,server Platform Development
The steps are as follows:
1) Install the development Package group and its pcre-devel, Openssl-devel package
Yum-y Groupinstall "Development Tools" "Server Platform Development"
Yum-y Install Pcre-devel Openssl-devel
2) Compile and install apr-1.5.0.tar.gz and its apr-utils-1.5.2.tar.gz
Tar XF apr-1.50.tar.gz
CD apr-1.5.0
./configure--PREFIX=/USR/LOCAL/APR
Make && make install
Compile and install Apr-utils similarly:./configure--prefix=/usr/local/apr-util--with-apr=/usr/local/apr make && make install
3) Compiling httpd-2.4.10
Tar XF httpd-2.4.10.tar.gz
CD httpd-2.4.10
./configure--prefix=/usr/local/httpd24--sysconfigdir=/etc/httpd24--enable-so--enable-cgi--enable-rewrite-- With-zlib--with-pcre--with-apr=/usr/local/apr--with-apr-util--enable-modules=most--enable-mpms-shared=all-- With-mpm=prefork
Make && make install
If you compile an error or want to recompile to perform, delete the installation directory: make clean all
4) Export Header file
Ln-sv/usr/local/httpd24/include/usr/include/httpd
5) Export the library file
echo "/usr/local/httpd24/lib" >/etc/ld.so.conf.d/httpd.conf
6) Import Man Handbook
Vi/etc/man.config Join Manpath/usr/local/httpd/man
7) Import Environment variables
echo "path=/usr/local/httpd/bin/: $PATH" >/etc/init.d/httpd.sh
8) Configuring the startup script
vi/etc/init.d/httpd24.sh
Code Demo:
# config: /etc/sysconfig/httpd# pidfile: /var/run/httpd/httpd.pid#### begin init INFO# Provides: httpd# Required-Start: $local _fs $remote _fs $network $named # required-stop: $local _fs $remote _fs $network # should-start: distcache# short-description: start and stop apache http server# description: The Apache HTTP Server is an extensible server# Implementing the current http standards.### end init info# source function library. /etc/rc.d/init.d/functions#if [ -f /etc/sysconfig/httpd ]; then# . /etc/sysconfig/httpd#fi# start httpd in the c locale by default. httpd_lang=${httpd_lang-"C"}# THIS WILL PREVENT INITLOG&NBsp;from swallowing up a pass-phrase prompt if# mod_ssl needs a pass-phrase from the user. Initlog_args= "" # set httpd=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server# with the thread-based "Worker" MPM; BE WARNED That some modules may not# work correctly with a thread-based MPM; notably PHP will refuse to start.# Path to the Apachectl script, server binary, and short-form for messages.apachectl=/usr /local/httpd24/bin/apachectlhttpd=${httpd-/usr/local/httpd24/bin/httpd}prog=httpdpidfile=${pidfile-/usr/local/ httpd24/logs/httpd.pid}lockfile=${lockfile-/var/lock/subsys/httppd24}retval=0stop_timeout=${stop_timeout-10}# The semantics of these two functions differ from the way apachectl does# things -- attempting to start while running is a failure, and shutdown# when not running Is also a failure. so we just do it the way init scripts# are expected to behave here.start () { echo -n $ "starting $prog: " lang= $HTTPD _lang daemon --pidfile=${pidfile} $httpd $OPTIONS RETVAL=$? echo [ $RETVAL = 0 ] && touch ${lockfile} return $RETVAL}# when stopping httpd, a delay (OF default 10 second) is required# before sigkilling the httpd parent; this gives enough time for the# httpd parent to sigkill any errant children.stop () { status -p ${pidfile} $httpd > /dev/null if [[ $? = 0 ]]; then echo -n $ "stopping $prog: " killproc -p ${ pidfile} -d ${stop_timeout} $httpd else echo -n $ " stopping $prog: " success fi RETVAL=$? echo [ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}}reload () { echo -n $ "reloading $prog: " if ! lang= $HTTPD _lang $httpd $OPTIONS -t >&/dev/null; then retval=6 echo $ "Not reloading due to configuration syntax error " failure $ "not reloading $httpd due to configuration syntax error" else # force lsb behaviour from killproc LSB=1 killproc -p ${pidfile} $httpd -hup retval=$? if [ $RETVAL -eq 7 ]; then failure $ "Httpd shutdown" fi fi# See how we were called.case "$" in start) start ;; stop) stop ;; status) status -p ${pidfile} $httpd retval=$? ;; restart) stop start ;; condrestart|try-restart) if status -p ${pidfile} $httpd >&/dev/null; then stop start fi ;; force-reload|reload) reload ;; graceful|help|configtest|fullstatus) $apachectl [email protected] retval=$? ;; *) echo $ "usage: $prog {start|stop| Restart|condrestart|try-restart|force-reload|reload|status|fullstatus|graceful|help|configtest} " RETVAL=2esacexit $RETVAL
9) Add to boot, test page
Chkconfig--add httpd24
Chkconfig httpd on
10) Testing
echo "10.1.1.1 www.blog.com" >>/etc/hosts
Curl-i www.blog.com
Iii. Configuring virtual hosts and providing SSL encryption to text sites
1. Open httpd-vhosts, and Comment site Center directory
Include/etc/httpd24/extra/httpd-vhosts.conf
2, Configuration/etc/httpd24/extra/httpd-vhots.conf
<virtualhost *:80>
ServerAdmin [email protected]
DocumentRoot "/website/"
ServerName www.chen.com
Serveralias chen.com
Errorlog "Logs/www.chen.com-error_log"
Customlog "Logs/www.chen.com-access_log" common
</VirtualHost>
3, the following steps of SSL encryption:
Generate Key pair: # (umask 077; OpenSSL genrsa-out Private/cakey.pem 2048) If you want to see the public key: # OpenSSL rsa-in Private/cakey.pem-pubout-text -noout generated self-visa: # OpenSSL Req-new-x509-key private/cakey.pem-out cacert.pem-days 3655 Create required files: # Touch Index.txt serial CR Lnumber use OpenSSL to implement a certificate request: Generate a key on the host and save it to the profile directory of the service where the certificate is applied, for example: # mkdir/etc/httpd/ssl# cd/etc/httpd/ssl# (umask 077; OpenSSL Genrsa-out httpd.key 1024) Generate certificate signing request: # OpenSSL Req-new-key httpd.key-out HTTPD.CSR send request file to CA;CA sign Certificate: # OpenSSL ca-in /path/to/somefile.csr-out/path/to/somefile.crt-days days
This article is from the "Small Ears" blog, please be sure to keep this source http://purify.blog.51cto.com/10572011/1857711
New features of the httpd-2.4 of Centos7