Web服务(三)httpd参数配置以及编译安装

接上篇Web服务(二)httpd配置参数详细介绍这边继续介绍部分参数的配置实现；以及httpd-2.4的编译安装。

1、参数配置

1三、https协议的实现

实现https以前须要先了解openssl；须要实现CA机制。openssl详情请参考Openssl、加密、解密和私有CA的实现过程；

SSL握手要完成的工做：

   交换协议版本号

   选择双方都支持的加密方式

   对两端实现身份验证

   密钥交换

https是二进制格式的协议，监听与tcp:443端口。SSL会话是基于IP地址进行；不支持在基于FQDN的虚拟主机上实现。

下面直接来配置https：

CA这里直接使用的一台机器当CA和客户端；

建立CA和客户端证书签署

#建立CA；详细过程就不贴了；如下是步骤
[Linux85]#cd /etc/pki/CA/
[Linux85]#(umask 077;openssl genrsa -out private/cakey.pem 2048)
[Linux85]#openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
[Linux85]#touch index.txt serial crlnumber
[Linux85]#echo 00 > serial
                             
#生成客户端证书以及CA签署；CA与客户端都是同一台机器；也能够分为两台
[Linux85]#mkdir /etc/httpd/ssl
[Linux85]#cd /etc/httpd/ssl
[Linux85]#(umake 077;openssl genrsa -out httpd.key 1024)
[Linux85]#openssl req -new -key httpd.key -out httpd.csr
[Linux85]#openssl ca -in httpd.csr -out httpd.crt -days 365
                          
#结束后把CA证书安装到windows中

安装mod_ssl模块和更改主配置文件实现支持ssl协议：

[Linux85]#yum -y install mod_ssl
[Linux85]#rpm -ql mod_ssl
/etc/httpd/conf.d/ssl.conf
/usr/lib64/httpd/modules/mod_ssl.so
/var/cache/mod_ssl
/var/cache/mod_ssl/scache.dir
/var/cache/mod_ssl/scache.pag
/var/cache/mod_ssl/scache.sem
[Linux85]#
                                                                                                                                                                                                                                                             
#配置
[Linux85]#vim ssl.conf
#定位ServerName;开启下面两项
# General setup for the virtual host, inherited from global configuration
DocumentRoot "/var/www/html"
ServerName www.soul.org:443
                                                                                                                                                                                                                                                             
#下面两项关于密钥和证书文件的路径
#   Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate.  If
# the certificate is encrypted, then you will be prompted for a
# pass phrase.  Note that a kill -HUP will prompt again.  A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/httpd/ssl/httpd.crt
#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
                                                                                                                                                                                                                                                        
[Linux85]#service httpd start
[Linux85]#ss -tunl | grep 443
tcp    LISTEN     0      128                   :::443                  :::*   
#查看443端口以正常启动

提供主页文件

[Linux85]#vim /var/www/html/index.html
This is https test page!
#
把CA证书安装至windows中

测试访问正常；https协议正常使用。

1四、配置httpd的status页面

[Linux85]#httpd -M | grep status
#下述这个模块如存在便可配置
 status_module (shared)
Syntax OK
[Linux85]#
                                                                                                                                                                                               
[Linux85]#vim /etc/httpd/conf/httpd.conf
#定位status；找到以下项开启
# Allow server status reports generated by mod_status,
# with the URL of http://servername/server-status
# Change the ".example.com" to match your domain to enable.
#
<Location /server-status>
    SetHandler server-status
    AuthType    Basic            #为了确保安装；这里作了认证
    AuthName    "server status"  
    AuthUserFile "/etc/httpd/conf/.htpasswd"
    Require valid-user
    Order deny,allow
    Deny from all
    Allow from 172.16.254.28    #限定只能改IP访问该页面
</Location>

测试访问须要验证；而且能够显示详细的httpd服务器信息。

1五、利用mod_deflate模块压缩页面优化传输速度

[Linux85]#httpd -M | grep deflate
 deflate_module (shared)
Syntax OK
[Linux85]#
#
#主配置文件内没有定义；这里本身新建配置文件
[Linux85]#vim /etc/httpd/conf.d/deflate.conf
SetOutputFilter DEFLATE
                                                                                                                                  
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/css
                                                                                                                                  
# Level of compression (Highest 9 - Lowest 1)
DeflateCompressionLevel 9
                                                                                                                                                           
# Netscape 4.x has some problems.
BrowserMatch ^Mozilla/4 gzip-only-text/html
                                                                                                                                                           
# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4\.0[678] no-gzip
                                                                                                                                                       
# MSIE masquerades as Netscape, but it is fine
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
                                                                                                                                
[Linux85]#service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]
[Linux85]#

测试成功。该功能并非全部状态都适合；须要合理的判断。

2、httpd-2.4的编译安装

因为这篇一直未完成；后续的博客都以完成；且其中以含有2.4版本的编译安装。这里就再也不赘述了。链接：Linux下编译安装LAMP并分离为多台服务器。

若有错误；恳请纠正。