Linux—搭建Apache(httpd)服务
1、httpd简介?
http是Apache超文本传输协议服务器的主程序。它是一个独立的后台进程,能够处理请求的子进程和线程。
http常用用的两个版本是httpd-2.2和httpd-2.4
- CentOS6系列的默认httpd版本是httpd-2.2版本的rpm包
- CentOS7系列的默认httpd版本是httpd-2.4版本的rpm包
2、httpd服务特点
| 名称 | 特点 |
|---|---|
| 高度模块化 | core + modules,核心加模块,想要什么功能添加什么模块; |
| DSO | Dynamic Shared Object,动态共享库; |
| MPM | Multipath processing Modules 多路处理模块。 |
3、 httpd的工作模型
- prefork:两级进程模型,父进程管理子进程,每个进程响应一个请求
# 工作模型
一个主进程:
负责生成子进程及回收子进程
负责创建套接字、接受请求,并将其派发给某子进程进行处理
n个子进程:
每个子进程处理一个请求
# 注意:
会预先生成几个空闲进程,随时等待用于响应用户请求,最大不会超过1024个
- worker:三级进程模型,父进程管理子进程,子进程通过线程响应用户请求,每个线程处理一个用户请求
# 工作模型
一个主进程:
负责生成子进程、创建套接字、接受请求,并将其派发给某子进程进行处理
多个子进程:
每个子进程负责生成多个线程
每个线程:
负责响应用户请求
- event:两级模型,父进程管理子进程,子进程通过事件驱动event-driven机制直接响应n个请求
# 工作模型:
一个主进程:
负责生成子进程、创建套接字、接受请求,并将其派发给某子进程进行处理
子进程:
基于事件驱动机制直接响应多个请求
4、httpd的配置文件
| 文件/目录 | 对应的功能 |
|---|---|
| /var/log/httpd/access.log | 访问日志 |
| /var/log/httpd/error_log | 错误日志 |
| /var/www/html/ | 站点文档目录 |
| /usr/lib64/httpd/modules/ | 模块文件路径 |
| /etc/httpd/conf/httpd.conf | 主配置文件 |
| /etc/httpd/conf.modules.d/*.conf | 模块配置文件 |
| /etc/httpd/conf.d/*.conf | 辅助配置文件 |
5、httpd自带的工具程序
| 工具 | 功能 |
|---|---|
| htpasswd | basic认证基于文件实现时,用到的帐号密码生成工具 |
| apachectl | httpd自带的服务控制脚本,支持start,stop,restart |
| apxs | 由httpd-devel包提供的,扩展httpd使用第三方模块的工具 |
| rotatelogs | 日志滚动工具 |
| suexec | 访问某些有特殊权限配置的资源时,临时切换至指定用户运行的工具 |
| ab | apache benchmark,httpd的压力测试工具 |
6、httpd常用配置
6.1 安装httpd服务
[root@localhost ~]# dnf install -y httpd //用dnf安装httpd服务
[root@localhost ~]# systemctl status httpd //服务默认是未开启的
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor pres>
Active: inactive (dead)
Docs: man:httpd.service(8)
[root@localhost ~]# systemctl stop firewalld //开启服务前关闭防火墙
[root@localhost ~]# systemctl start httpd //开启httpd服务
[root@localhost ~]# systemctl status httpd //查看服务是否开启成功
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor pres>
Active: active (running) since Thu 2022-07-21 21:16:35 CST; 14s ago
Docs: man:httpd.service(8)
Main PID: 15207 (httpd)
Status: "Running, listening on: port 80"
Tasks: 213 (limit: 11202)
Memory: 24.8M
CGroup: /system.slice/httpd.service
├─15207 /usr/sbin/httpd -DFOREGROUND
├─15208 /usr/sbin/httpd -DFOREGROUND
├─15209 /usr/sbin/httpd -DFOREGROUND
├─15210 /usr/sbin/httpd -DFOREGROUND
└─15211 /usr/sbin/httpd -DFOREGROUND
用浏览器输入IP地址打开httpdde测试页面
6.2 访问控制法则
| 法则 | 功能 |
|---|---|
| Require all granted | 允许所有主机访问 |
| Require all deny | 拒绝所有主机访问 |
| Require ip IPADDR | 授权指定来源地址的主机访问 |
| Require not ip IPADDR | 拒绝指定来源地址的主机访问 |
| Require host HOSTNAME | 授权指定来源主机名的主机访问 |
| Require not host HOSTNAME | 拒绝指定来源主机名的主机访问 |
| IPADDR的类型 | HOSTNAME的类型 |
|---|---|
| IP:192.168.1.1 Network/mask:192.168.1.0/255.255.255.0 Network/Length:192.168.1.0/24 Net:192.168 | FQDN:特定主机的全名 DOMAIN:指定域内的所有主机 |
注意:httpd-2.4版本在配置文件加入Requirt才是默认是拒绝所有主机访问的,所以安装以后必须做显示授权访问
配置示例: 允许除了IP192.168.111.1以外的所有主机访问
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
......
#
# Controls who can get stuff from this server.
#
Require all granted
</Directory>
<Directory "/var/www/html/Tanke">
<RequireAll>
Require not 192.168.111.1
Require all granted
</RequireAll>
</Directory>
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
......
[root@localhost ~]# httpd -t
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
Syntax OK
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf //把#ServerName www.example.com:80前的#删掉
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
#ServerName www.example.com:80
[root@localhost ~]# httpd -t
Syntax OK
6.3 虚拟主机
虚拟主机有三种:
- 相同IP不同端口
- 不同IP相同端口
- 相同IP相同端口不同域名
httpd服务如何配置?
- 先在全局范围内找*vhosts.conf文件
- 把*vhosts.conf文件复制到当前路径中
相同IP不同端口
[root@localhost ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf
......
<VirtualHost *:80>
DocumentRoot "/var/www/html/Tanke"
ServerName www.Tanke.com
ErrorLog "/var/log/httpd/www.Tanke1.com-error_log"
CustomLog "/var/log/httpd/www.Tanke1.com-access_log" common
</VirtualHost>
Listen 81
<VirtualHost *:81>
DocumentRoot "/var/www/html/Feiji"
ServerName www.Feiji.com
ErrorLog "/var/log/httpd/www.Feiji1.com-error_log"
CustomLog "/var/log/httpd/www.Feiji1.com-access_log" common
</VirtualHost>
......
[root@localhost ~]# httpd -t
Syntax OK
[root@localhost ~]# systemctl restart httpd
[root@localhost ~]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:81 *:*
LISTEN 0 128 [::]:22 [::]:*
不同IP相同端口
[root@localhost ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf
......
<VirtualHost 192.168.111.135:80>
DocumentRoot "/var/www/html/Tanke"
ServerName www.Tanke.com
ErrorLog "/var/log/httpd/www.Tanke1.com-error_log"
CustomLog "/var/log/httpd/www.Tanke1.com-access_log" common
</VirtualHost>
<VirtualHost 192.168.111.136:80>
DocumentRoot "/var/www/html/Feiji"
ServerName www.Feiji.com
ErrorLog "/var/log/httpd/www.Feiji1.com-error_log"
CustomLog "/var/log/httpd/www.Feiji1.com-access_log" common
</VirtualHost>
......
[root@localhost ~]# httpd -t
Syntax OK
[root@localhost ~]# ip a //查看是否存在IP192.168.111.136
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:bb:22:82 brd ff:ff:ff:ff:ff:ff
inet 192.168.111.135/24 brd 192.168.111.255 scope global dynamic noprefixroute ens160
valid_lft 1537sec preferred_lft 1537sec
inet6 fe80::3d5c:b9d6:55f:48e9/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@localhost ~]# ip addr add 192.168.111.136/24 dev ens160 //添加IP
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:bb:22:82 brd ff:ff:ff:ff:ff:ff
inet 192.168.111.135/24 brd 192.168.111.255 scope global dynamic noprefixroute ens160
valid_lft 1463sec preferred_lft 1463sec
inet 192.168.111.136/24 scope global secondary ens160
valid_lft forever preferred_lft forever
inet6 fe80::3d5c:b9d6:55f:48e9/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@localhost ~]# systemctl restart httpd //重启httpd服务
相同IP相同端口不同域名
[root@localhost ~]# vim /etc/httpd/conf.d/httpd-vhosts.conf
......
<VirtualHost *:80>
DocumentRoot "/var/www/html/Tanke"
ServerName www.Tanke.com
ErrorLog "/var/log/httpd/www.Tanke1.com-error_log"
CustomLog "/var/log/httpd/www.Tanke1.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/var/www/html/Feiji"
ServerName www.Feiji.com
ErrorLog "/var/log/httpd/www.Feiji1.com-error_log"
CustomLog "/var/log/httpd/www.Feiji1.com-access_log" common
</VirtualHost>
......
[root@localhost ~]# httpd -t
Syntax OK
[root@localhost ~]# systemctl restart httpd
主机名解析
Linux 和MAC系统中修改 /etc/host
windows主机名解析 在C:\windows\system32\drivers\etc\hosts找到文件无法修改,需要把文件拖到桌面修改,添加解析,再放回原位
7、配置https步骤
https(全称:Hyper Text Transfer Protocol over SecureSocket Layer),是以安全为目标的 http 通道,在 http 的基础上通过传输加密和身份认证保证了传输过程的安全性。
1. mod_ssl模块
mod_ssl 模块可以实现https加密认证。
//安装mod_ssl模块
[root@localhost ~]# dnf install -y mod_ssl
a).CACA生成一对密钥
[root@localhost ~]# mkdir /etc/pki/CA
[root@localhost ~]# cd /etc/pki/CA
[root@localhost CA]# mkdir private
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048) #生成密钥
Generating RSA private key, 2048 bit long modulus (2 primes)
....+++++
....................................................+++++
e is 65537 (0x010001)
[root@localhost CA]# openssl rsa -in private/cakey.pem -pubout #提取公钥
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2vmOLM61l3syZOvzhO3O
9YzRUTF8IuGVv3F2ASWfUuvYTwq9Q7C5xxqaCOSR73iieQU9mkrtv98a8AoY/Oyd
9fehZbrMxgDUFL7skcRxhYpacYeLfhnDlMLCU73ilVa4K2ZSm4MNLJ6DKDzgOozu
wzOTNvvy7wrkHXyMDt4M0DOFc051sPwT4ncBQQKcHjDpi9A8iCAgWTbInNXvLjHg
FV2E4HxPlhgzNwf99D01JJVK8qZSeL+aj0gYlmpBvh60czHfi28nqp8qqZocmUXf
BDUHK27usf8s3Pmdi/9I1mwGYPOQoH/SzTC3ce9RTd2inzSaQCMdbZe7pmp4rPW2
rwIDAQAB
-----END PUBLIC KEY-----
b). CA生成自签署证书
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 #生成自签署证书
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:zsl
Organizational Unit Name (eg, section) []:mxx
Common Name (eg, your name or your server's hostname) []:www.Tanke1.com
Email Address []:123@qq.com
[root@localhost CA]# openssl x509 -text -in cacert.pem #读出cacert.pem证书的内容
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
76:a0:c6:d4:e7:7a:4d:dc:21:1b:71:ba:25:8e:74:f3:1b:41:5b:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = cn, ST = hb, L = wh, O = zsl, OU = mxx, CN = www.Tanke1.com, emailAddress = 123@qq.com
Validity
Not Before: Jul 21 15:31:42 2022 GMT
Not After : Jul 21 15:31:42 2023 GMT
Subject: C = cn, ST = hb, L = wh, O = zsl, OU = mxx, CN = www.Tanke1.com, emailAddress = 123@qq.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:f9:8e:2c:ce:b5:97:7b:32:64:eb:f3:84:ed:
ce:f5:8c:d1:51:31:7c:22:e1:95:bf:71:76:01:25:
9f:52:eb:d8:4f:0a:bd:43:b0:b9:c7:1a:9a:08:e4:
91:ef:78:a2:79:05:3d:9a:4a:ed:bf:df:1a:f0:0a:
18:fc:ec:9d:f5:f7:a1:65:ba:cc:c6:00:d4:14:be:
ec:91:c4:71:85:8a:5a:71:87:8b:7e:19:c3:94:c2:
c2:53:bd:e2:95:56:b8:2b:66:52:9b:83:0d:2c:9e:
83:28:3c:e0:3a:8c:ee:c3:33:93:36:fb:f2:ef:0a:
e4:1d:7c:8c:0e:de:0c:d0:33:85:73:4e:75:b0:fc:
13:e2:77:01:41:02:9c:1e:30:e9:8b:d0:3c:88:20:
20:59:36:c8:9c:d5:ef:2e:31:e0:15:5d:84:e0:7c:
4f:96:18:33:37:07:fd:f4:3d:35:24:95:4a:f2:a6:
52:78:bf:9a:8f:48:18:96:6a:41:be:1e:b4:73:31:
df:8b:6f:27:aa:9f:2a:a9:9a:1c:99:45:df:04:35:
07:2b:6e:ee:b1:ff:2c:dc:f9:9d:8b:ff:48:d6:6c:
06:60:f3:90:a0:7f:d2:cd:30:b7:71:ef:51:4d:dd:
a2:9f:34:9a:40:23:1d:6d:97:bb:a6:6a:78:ac:f5:
b6:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:33:2D:51:A9:40:12:AC:BA:56:09:42:A1:CC:38:E3:4C:2B:79:DF
X509v3 Authority Key Identifier:
keyid:8F:33:2D:51:A9:40:12:AC:BA:56:09:42:A1:CC:38:E3:4C:2B:79:DF
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
22:a1:8f:18:0d:53:a7:1f:59:41:cc:f1:b7:04:0e:9e:9c:23:
2b:ab:e7:47:d0:1c:39:de:e9:b4:99:72:44:ec:1d:40:7c:71:
73:d6:9c:98:d4:03:92:9a:5e:83:60:52:53:db:08:b9:e0:a0:
6b:98:7d:e5:13:0e:6a:3e:04:0f:0c:09:40:bb:1d:94:61:f8:
09:57:d2:d3:6e:32:b7:e5:02:ed:47:88:b7:3a:13:e9:a2:45:
0a:5d:b4:fd:40:96:fb:8f:0a:9d:8b:b4:a6:12:a4:14:b0:95:
ee:66:df:3f:3f:a1:bf:cd:e9:ad:7b:48:d5:67:11:4d:22:98:
4e:e3:b5:31:18:41:5d:ee:39:9f:ae:89:ba:69:76:11:3d:82:
37:09:02:69:3e:c2:26:c5:17:8e:97:a3:e4:10:bc:a2:8a:e3:
83:be:83:05:91:59:82:29:fa:34:d8:0d:31:7c:37:3e:28:48:
96:3c:04:38:d1:43:55:da:c5:de:65:ef:bb:3d:db:e8:66:50:
9f:7d:cf:77:4f:d9:55:c9:69:8e:c2:fa:ea:8f:8a:50:5a:c8:
da:b1:c5:50:60:fb:74:60:30:3c:01:ce:3e:c5:6c:f6:e2:04:
d1:ca:63:70:e8:84:90:b8:32:96:67:22:d2:7d:15:47:34:07:
c1:2a:47:70
-----BEGIN CERTIFICATE-----
MIIDzzCCAregAwIBAgIUdqDG1Od6TdwhG3G6JY508xtBWyowDQYJKoZIhvcNAQEL
BQAwdzELMAkGA1UEBhMCY24xCzAJBgNVBAgMAmhiMQswCQYDVQQHDAJ3aDEMMAoG
A1UECgwDenNsMQwwCgYDVQQLDANteHgxFzAVBgNVBAMMDnd3dy5UYW5rZTEuY29t
MRkwFwYJKoZIhvcNAQkBFgoxMjNAcXEuY29tMB4XDTIyMDcyMTE1MzE0MloXDTIz
MDcyMTE1MzE0MlowdzELMAkGA1UEBhMCY24xCzAJBgNVBAgMAmhiMQswCQYDVQQH
DAJ3aDEMMAoGA1UECgwDenNsMQwwCgYDVQQLDANteHgxFzAVBgNVBAMMDnd3dy5U
YW5rZTEuY29tMRkwFwYJKoZIhvcNAQkBFgoxMjNAcXEuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2vmOLM61l3syZOvzhO3O9YzRUTF8IuGVv3F2
ASWfUuvYTwq9Q7C5xxqaCOSR73iieQU9mkrtv98a8AoY/Oyd9fehZbrMxgDUFL7s
kcRxhYpacYeLfhnDlMLCU73ilVa4K2ZSm4MNLJ6DKDzgOozuwzOTNvvy7wrkHXyM
Dt4M0DOFc051sPwT4ncBQQKcHjDpi9A8iCAgWTbInNXvLjHgFV2E4HxPlhgzNwf9
9D01JJVK8qZSeL+aj0gYlmpBvh60czHfi28nqp8qqZocmUXfBDUHK27usf8s3Pmd
i/9I1mwGYPOQoH/SzTC3ce9RTd2inzSaQCMdbZe7pmp4rPW2rwIDAQABo1MwUTAd
BgNVHQ4EFgQUjzMtUalAEqy6VglCocw440wred8wHwYDVR0jBBgwFoAUjzMtUalA
Eqy6VglCocw440wred8wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
AQEAIqGPGA1Tpx9ZQczxtwQOnpwjK6vnR9AcOd7ptJlyROwdQHxxc9acmNQDkppe
g2BSU9sIueCga5h95RMOaj4EDwwJQLsdlGH4CVfS024yt+UC7UeItzoT6aJFCl20
/UCW+48KnYu0phKkFLCV7mbfPz+hv83prXtI1WcRTSKYTuO1MRhBXe45n66Juml2
ET2CNwkCaT7CJsUXjpej5BC8oorjg76DBZFZgin6NNgNMXw3PihIljwEONFDVdrF
3mXvuz3b6GZQn33Pd0/ZVclpjsL66o+KUFrI2rHFUGD7dGAwPAHOPsVs9uIE0cpj
cOiEkLgylmci0n0VRzQHwSpHcA==
-----END CERTIFICATE-----
[root@localhost CA]# mkdir certs newcerts crl
[root@localhost CA]# touch index.txt && echo 01 > serial
c).客户端(例如httpd服务器)生成密钥
[root@localhost CA]# cd /etc/httpd && mkdir ssl && cd ssl
[root@localhost ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
...+++++
...........................................................................+++++
e is 65537 (0x010001)
d).客户端生成证书签署请求
[root@localhost ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:zsl
Organizational Unit Name (eg, section) []:mxx
Common Name (eg, your name or your server's hostname) []:www.Tanke1.com
Email Address []:123@qq.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
e).CA签署客户端提交上来的证书
[root@localhost ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Jul 21 15:35:07 2022 GMT
Not After : Jul 21 15:35:07 2023 GMT
Subject:
countryName = cn
stateOrProvinceName = hb
organizationName = zsl
organizationalUnitName = mxx
commonName = www.Tanke1.com
emailAddress = 123@qq.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
EA:D9:52:5A:E7:84:C2:09:1A:15:5B:4D:F2:77:23:F0:1D:C1:F9:D0
X509v3 Authority Key Identifier:
keyid:8F:33:2D:51:A9:40:12:AC:BA:56:09:42:A1:CC:38:E3:4C:2B:79:DF
Certificate is to be certified until Jul 21 15:35:07 2023 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
2. 在ssl.conf 中配置证书的位置
[root@localhost ~]# cd /etc/httpd/conf.d/
[root@localhost conf.d]# vim ssl.conf
......
//把#DocumentRoot "/var/www/html/Feiji"
#ServerName www.Feiji1.com:443#号删除并指定其使用目录路径
<VirtualHost _default_:443>
# General setup for the virtual host, inherited from global configuration
DocumentRoot "/var/www/html/Feiji"
ServerName www.Feiji1.com:443
//配置证书的路径
SSLCertificateFile /etc/httpd/ssl/httpd.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
# ECC keys, when in use, can also be configured in parallel
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
......
3. 检查配置文件是否有语法错误
[root@localhost conf.d]# httpd -t
Syntax OK
4. 重启服务
[root@localhost conf.d]# systemctl restart httpd
[root@localhost conf.d]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:443 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
Linux—搭建Apache(httpd)服务的更多相关文章
- 【转】Linux下apache/httpd服务启动与停止
apache服务,或者说httpd服务,如何启动,如何开机启动. 转来转去,找不到原文.. 操作系统环境:红帽5,具体如下:# uname -a Linux machine1 2.6.18-164.e ...
- Linux——搭建Apache(httpd)服务器
一.基本概念 Apache(或httpd)是Internet上使用最多的Web服务器技术之一,使用的传输协议是http超文本传输协议(一个基于超文本的协议),用于通过网络连接来发送和接受对象. 有两个 ...
- 【Linux】Apache Httpd 服务管理
基本的操作方法: 本文假设你的apahce安装目录为/usr/local/apache2,这些方法适合任何情况 apahce启动命令: 推荐 [user@master1 ~]$ /usr/local ...
- Linux(CentOS)系统下安装好apache(httpd)服务后,其他电脑无法访问的原因
原文:Linux(CentOS)系统下安装好apache(httpd)服务后,其他电脑无法访问的原因 今天试了下在虚拟机上利用CentOS系统的yum命令安装好了httpd(apache2.4.6), ...
- linux搭建apache服务并修改默认路径
该篇文章主要讲解如何在linux服务器上搭建apache服务器,并修改指定的apache路径到自定义路径下 一:检查服务器上是否已安装apache,停止并卸载系统自带apache服务 命令为:rpm ...
- RHEL7和RHEL6即时设置、开启和开机、永久开启服务的方法、原理(例子:端口与Nginx冲突的Apache httpd服务的关闭)
1.RHEL7 说明:启用服务就是在当前 runlevel 的配置文件目录/etc/systemd/system/multi-user.target.wants/里,建立/usr/lib/system ...
- centos6.8使用脚本一键搭建apache+svn服务
服务器环境: 脚本如下: #!/bin/bash yum install wget -y mv /etc/yum.repos.d/*.repo /tmp wget -O /etc/yum.repos. ...
- Centos7源码部署apache/httpd服务
httpd:是一个提供网站服务的程序 监听端口:80 环境准备: Linux CentOS7.3系统 使用一台服务端,一台客户端即可: 一.安装httpd 1:安装 [root@localhost ~ ...
- Apache—httpd服务创建个人用户主页功能
创建个人用户主页功能 第1步:开启个人用户主页功能 UserDir disabled前加# UserDir public_html 去掉前面# UserDir参数表示的是需要在用户家目录中创建的网站 ...
随机推荐
- Redis进阶知识一览
Redis的持久化机制 RDB: Redis DataBase 什么是RDB RDB∶每隔一段时间,把内存中的数据写入磁盘的临时文件,作为快照,恢复的时候把快照文件读进内存.如果宕机重启,那么内存里的 ...
- 让 API 测试变的简单。
做开发已经四年有余了,之前在接口测试的时候最开始用的自己写的测试类进行测试,后来接触到了 postman 和 swagger ,虽然用起来比自己写的强太多了,但是总觉得差点事儿. 一方面是 postm ...
- Spring Boot 2.7.0发布,2.5停止维护,节奏太快了吧
这几天是Spring版本日,很多Spring工件都发布了新版本, Spring Framework 6.0.0 发布了第 4 个里程碑版本,此版本包含所有针对 5.3.20 的修复补丁,以及特定于 6 ...
- 使用acme.sh自动申请、续期、部署免费的SSL证书
参考文档:https://github.com/acmesh-official/acme.sh 一个使用纯shell操作的免费SSL证书申请部署工具. 免费的SSL证书由以下CA机构提供: ZeroS ...
- Go中rune类型浅析
一.字符串简单遍历操作 在很多语言中,字符串都是不可变类型,golang也是. 1.访问字符串字符 如下代码,可以实现访问字符串的单个字符和单个字节 package main import ( &qu ...
- vue大型电商项目尚品汇(前台篇)day05
紧急更新第二弹,然后就剩下最后一弹,也就是整个前台的项目 一.购物车 1.加入购物车(新知识点) 加入到购物车是需要接口操作的,因为我们需要将用户的加入到购物车的保存到服务器数据库,你的账号后面才会在 ...
- 逻辑运算符——JavaSE基础
逻辑运算符 运算符 说明 逻辑与 &( 与) 两个操作数为true,结果才是true,否则是false 逻辑或 |(或) 两个操作数有一个是true,结果就是true 短路与 &&am ...
- CVPR2022 | 重新审视池化:你的感受野不是最理想的
前言 本文提出了一种简单而有效的动态优化池操作( Dynamically Optimized Pooling operation),称为DynOPool,它通过学习每一层感受野的最佳大小和形状来优化特 ...
- vue项目经常遇到的Error: Loading chunk * failed
vue项目随着代码量.业务组件.路由页面等的丰富,出于性能要求考虑不得不使用代码分割技术实现路由和组件的懒加载,这看似没什么问题 当每次通过npm run build构建生产包并部署到服务器后,操作页 ...
- python实现对简单的运算型验证码的识别【不使用OpenCV】
最近在写我们学校的教务系统的手机版,在前端用户执行绑定操作后,服务器将执行登录,但在登录过程中,教务系统中有个运算型的验证码,大致是这个样子的: 下面我们开始实现这个验证码的识别. 1.图片读取 从网 ...