1、http 2.4新特性
新特性:
(1) 在编译时可以将多个MPM构建为可加载模块,可以在运行时通过LoadModule指令配置所选的MPM;
(2) 2.2版本的event MPM在实验阶段,到了2.4版本已经完全支持event MPM;
(3)更好地支持异步读写以支持MPM和各类平台;
(4) 支持每模块及每个目录分别使用各自的日志级别;
(5) 按请求配置;
(6) 增强版的表达式分析器;
(7) 支持毫秒级的keepalive timeout;
(8) 基于FQDN的虚拟主机不再需要NameVirtualHost指令;
(9)新AllowOverrideList指令允许更细粒度的控制,允许在.htaccess文件中使用哪些指令。
(10) 支持用户自定义变量;
(11)减少了内存的使用量
新模块:
(1) mod_proxy_fcgi 实现httpd以fcgi和后端php服务器相结合
(2) mod_ratelimit 实现速率限制
(3) mod_remoteip 实现远端ip地址的控制
修改了一些配置机制:
不再支持使用Order, Deny, Allow来做基于IP的访问控制;
2、centos 7上apache 2.4和2.2版本配置差异解析
[root@localhost ~]# yum install -y httpd[root@localhost ~]# rpm -qc httpd #查看yum安装的httpd的配置文件
/etc/httpd/conf.d/autoindex.conf
/etc/httpd/conf.d/userdir.conf
/etc/httpd/conf.d/welcome.conf
/etc/httpd/conf.modules.d/00-base.conf
/etc/httpd/conf.modules.d/00-dav.conf
/etc/httpd/conf.modules.d/00-lua.conf
/etc/httpd/conf.modules.d/00-mpm.conf
/etc/httpd/conf.modules.d/00-proxy.conf
/etc/httpd/conf.modules.d/00-systemd.conf
/etc/httpd/conf.modules.d/01-cgi.conf
/etc/httpd/conf/httpd.conf
/etc/httpd/conf/magic
/etc/logrotate.d/httpd
/etc/sysconfig/htcacheclean
/etc/sysconfig/httpd
配置文件:
主配置文件:/etc/httpd/conf/httpd.conf
模块配置文件:/etc/httpd/conf.modules.d/*.conf
辅助配置文件:/etc/httpd/conf.d/*.conf
mpm:以DSO机制提供,配置文件00-mpm.conf,需要修改不同的模式加载,只需要修改这个文件,不再像2.2版本只能重新编译加载不同的模式。
服务控制:systemctl {start|stop|restart|status|reload} httpd.service
(1)切换使用MPM
修改配置文件加载MPM模式的格式:
LoadModule mpm_NAME_module modules/mod_mpm_NAME.so
NAME: prefork, event, worker
[root@localhost ~]# vim /etc/httpd/conf.modules.d/00-mpm.conf #修改mpm模块加载配置文件,加载使用event模式
LoadModule mpm_event_module modules/mod_mpm_event.so
[root@localhost ~]# apachectl -t
Syntax OK
[root@localhost ~]# systemctl restart httpd
[root@localhost ~]# httpd -M |grep mpm #重启后,可以看到httpd的mpm模式使用了动态共享模式进行加载
mpm_event_module (shared)
[root@localhost ~]# vim /etc/httpd/conf.modules.d/00-mpm.conf #修改为work模式
LoadModule mpm_worker_module modules/mod_mpm_worker.so
[root@localhost ~]# apachectl -t
Syntax OK
[root@localhost ~]# systemctl restart httpd
[root@localhost ~]# httpd -M|grep mpm #重启后可以看到使用了work模式
mpm_worker_module (shared)
(2) 修改'Main' server的DocumentRoot
apache 2.4版本在设置虚拟主机时,已去除了NameVirtualHost的配置,直接在主配置文件中更改配置为
IncludeOptional conf.d/*.conf即可模块化修改虚拟主机的配置。
(3)基于IP的访问控制法则
允许所有主机访问:Require all granted
拒绝所有主机访问:Require all deny
[root@localhost ~]# curl 192.168.56.11 #在192.168.56.13上访问正常
<h1> welcome to use apache </h1>
[root@localhost html]# vim /etc/httpd/conf/httpd.conf #修改主配置文件,拒绝所有主机访问
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Require all denied
</Directory>
[root@localhost html]# apachectl -t
Syntax OK
[root@localhost html]# systemctl restart httpd[root@localhost ~]# curl 192.168.56.11 #重新访问提示403<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access /on this server.</p></body></html>
在windows上访问测试页面,提示没有权限访问,如图:
控制特定IP访问:
Require ip IPADDR:授权指定来源地址的主机访问
Require not ip IPADDR:拒绝指定来源地址的主机访问
IPADDR:
IP: 172.16.100.2
Network/mask: 172.16.0.0/255.255.0.0
Network/Length: 172.16.0.0/16
Net: 172.16
控制特定主机(HOSTNAME)访问
Require host HOSTNAME
Require not host HOSTNAME
HOSTNAME:
FQDN: 特定主机
DOMAIN:指定域内的所有主机
[root@localhost html]# vim /etc/httpd/conf/httpd.conf #修改主配置文件httpd.conf
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
<RequireAll>
Require all granted
Require not ip 192.168.56.13 #配置不允许192.168.56.13ip访问
</RequireAll>
</Directory>
[root@localhost html]# apachectl -t
Syntax OK
[root@localhost html]# systemctl restart httpd
[root@localhost ~]# curl 192.168.56.11 #访问测试
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /
on this server.</p>
</body></html>
3、apache 2.4编译安装虚拟主机配置实战
(1)虚拟主机分类
虚拟主机是在同一 http 服务下部署多个站点,每个站点都使用不同的域名和站点目录,或不同 IP 和端口。也就是
一个 http 服务配置多个站点。
①基于域名的虚拟主机
②基于端口的虚拟主机
③基于 IP 的虚拟主机
(2)配置基于域名的虚拟主机
需求
域名
目录
/var/html/www
blog.abc.org
/var/html/blog
bbs.abc.org
/var/html/bbs
[root@localhost ~]# mkdir /var/html/{www,blog,bbs} -p #创建网站目录
[root@localhost ~]# for name in www blog bbs;do echo "http://$name.abc.org" > /var/html/$name/index.html;done #创建主页文件index.html
[root@localhost ~]# for name in www blog bbs;do cat /var/html/$name/index.html;done
http://www.abc.org
http://blog.abc.org
http://bbs.abc.org
[root@localhost ~]# cp /usr/local/apache-2.4.33/conf/extra/httpd-vhosts.conf{,.bak_$(date +%F)}
[root@localhost ~]# > /usr/local/apache-2.4.33/conf/extra/httpd-vhosts.conf #配置虚拟主机文件http-vhosts.conf
[root@localhost ~]# vim !$
<VirtualHost *:80>
ServerAdmin aaa@abc.com
DocumentRoot "/var/html/www"
ServerName www.abc.org
ServerAlias abc.org
ErrorLog "logs/www-error-log"
CustomLog "logs/www-access-log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin aaa@abc.com
DocumentRoot "/var/html/blog"
ServerName blog.abc.org
ErrorLog "logs/blog-error-log"
CustomLog "logs/blog-access-log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin aaa@abc.com
DocumentRoot "/var/html/bbs"
ServerName bbs.abc.org
ErrorLog "logs/bbs-error-log"
CustomLog "logs/bbs-access-log" common
</VirtualHost>[root@localhost ~]# vim /usr/local/apache-2.4.33/conf/httpd.conf #修改主配置文件httpd.conf,加载相关扩展配置
# Server-pool management (MPM specific)
Include conf/extra/httpd-mpm.conf
# Virtual hosts
Include conf/extra/httpd-vhosts.conf
[root@localhost ~]# /usr/local/apache-2.4.33/bin/apachectl -t #检查配置文件语法
Syntax OK
[root@localhost ~]# /usr/local/apache-2.4.33/bin/apachectl graceful #平滑重启apache
[root@localhost ~]# vim /etc/host #配置本地域名解析
192.168.56.11 www.abc.org bbs.abc.org blog.abc.org
[root@localhost ~]# ping www.abc.org #检查域名解析
[root@localhost ~]# ping bbs.abc.org
[root@localhost ~]# ping blog.abc.org
[root@localhost ~]# curl www.abc.org #curl访问提示报错403:禁止访问
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /
on this server.<br />
</p>
</body></html>
报 403 错原因:
Apache 的主配置文件 httpd.conf 中没有配置站点目录的访问权限,程序不能访问/var/html/下的目录和文件。
[root@localhost conf]# vim httpd.conf #配置站点目录访问权限
#在 httpd.conf 文件最后添加如下代码:
<Directory "/var/html">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
如果是apache 2.2版本使用如下配置:
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
</Directory>
[root@localhost conf]# /usr/local/apache-2.4.33/bin/apachectl -t
Syntax OK
[root@localhost conf]# /usr/local/apache-2.4.33/bin/apachectl graceful
[root@localhost ~]# curl www.abc.org
http://www.abc.org
[root@localhost ~]# curl bbs.abc.org
http://bbs.abc.org
[root@localhost ~]# curl blog.abc.org
http://blog.abc.org
(3)配置基于端口的虚拟主机
(1)修改 httpd.conf 文件,配置监听端口
[root@localhost conf]# vim httpd.conf
在 Listen 80 下面新增如下代码:
Listen 8001
Listen 8002
(2) 将 blog 和 bbs 站点监听端口改为如下:
[root@localhost conf]# vim extra/httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin aaa@abc.com
DocumentRoot "/var/html/www"
ServerName www.abc.org
ServerAlias abc.org
ErrorLog "logs/www-error-log"
CustomLog "logs/www-access-log" common
</VirtualHost>
<VirtualHost *:8001> #监听8001端口
ServerAdmin aaa@abc.com
DocumentRoot "/var/html/blog"
ServerName blog.abc.org
ErrorLog "logs/blog-error-log"
CustomLog "logs/blog-access-log" common
</VirtualHost>
<VirtualHost *:8002> #监听8002端口
ServerAdmin aaa@abc.com
DocumentRoot "/var/html/bbs"
ServerName bbs.abc.org
ErrorLog "logs/bbs-error-log"
CustomLog "logs/bbs-access-log" common
</VirtualHost>
[root@localhost conf]# /usr/local/apache-2.4.33/bin/apachectl -t #检查语法
Syntax OK
[root@localhost conf]# /usr/local/apache-2.4.33/bin/apachectl graceful #平滑启动apache
[root@localhost conf]# netstat -tulnp |grep httpd #检查监听端口
tcp6 0 0 :::80 :::* LISTEN 51199/httpd
tcp6 0 0 :::8001 :::* LISTEN 51199/httpd
tcp6 0 0 :::8002 :::* LISTEN 51199/httpd
[root@localhost conf]# curl blog.abc.org:8001 #测试访问结果
http://blog.abc.org
[root@localhost conf]# curl blog.abc.org:8002
http://bbs.abc.org
(4)配置基于IP的虚拟主机
(1)为 eth0 临时配置一个新 IP
[root@localhost ~]# ifconfig eth0:0 192.168.56.110/24 up
(2)检查
[root@localhost ~]# ifconfig eth0:0
eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.56.110 netmask 255.255.255.0 broadcast 192.168.56.255
ether 00:0c:29:ce:31:fd txqueuelen 1000 (Ethernet)
[root@localhost ~]# ping 192.168.56.110
PING 192.168.56.110 (192.168.56.110) 56(84) bytes of data.
64 bytes from 192.168.56.110: icmp_seq=1 ttl=64 time=0.104 ms
64 bytes from 192.168.56.110: icmp_seq=2 ttl=64 time=0.034 ms
64 bytes from 192.168.56.110: icmp_seq=3 ttl=64 time=0.044 ms
64 bytes from 192.168.56.110: icmp_seq=4 ttl=64 time=0.059 ms
^C
--- 192.168.56.110 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3001ms
rtt min/avg/max/mdev = 0.034/0.060/0.104/0.027 ms
(3)修改扩展配置文件 httpd-vhosts 文件,配置相关 IP
[root@localhost conf]# vim extra/httpd-vhosts.conf
#将blog.abc.org站点改为ip访问
<VirtualHost 192.168.56.110:80>
ServerAdmin aaa@abc.com
DocumentRoot "/var/html/blog"
ServerName 192.168.56.110
ErrorLog "logs/blog-error-log"
CustomLog "logs/blog-access-log" common
</VirtualHost>
[root@localhost conf]# /usr/local/apache-2.4.33/bin/apachectl -t
Syntax OK
[root@localhost conf]# /usr/local/apache-2.4.33/bin/apachectl graceful
[root@localhost conf]# curl 192.168.56.110
http://blog.abc.org