1、请描述一次完整的http请求处理过程;
简介 一次完整的HTTP请求过程从TCP三次握手建立连接成功后开始,客户端按照指定的格式开始向服务端发送HTTP请求,服务端接收请求后,解析HTTP请求,处理完业务逻辑,最后返回一个HTTP的响应给客户端,HTTP的响应内容同样有标准的格式。无论是什么客户端或者是什么服务端,大家只要按照HTTP的协议标准来实现的话,那么它一定是通用的。
1、客户端发起http请求阶段
客户端在与服务端TCP三次握手建立连接成功后
开始按照指定的格式开始向服务端发送HTTP请求
HTTP请求格式主要有四部分组成,分别是:请求行、请求头、空行、消息体,每部分内容占一行,如下图:
下面我们来详解一下这个来自客户端的http请求
请求行:请求行是请求消息的第一行,由三部分组成:分别是请求方法(GET/POST/DELETE/PUT/HEAD)、请求资源的URI路径、HTTP的版本号
请求头:请求头中的信息有和缓存相关的头(Cache-Control,If-Modified-Since)、客户端身份信息(User-Agent)等等。
消息体:请求体是客户端发给服务端的请求数据,这部分数据并不是每个请求必须的。
2、服务端接收客户端http请求阶段
服务端接收来自于网络上的主机请求报文中对某特定资源的一次请求的过程
3、服务端处理客户端http请求阶段
对请求报文进行解析,获取客户端请求的资源及请求方法等相关信息;
根据请求报文的头信息,来确定请求合适,编码等
4、服务端根据客户端http请求与访问自己本地资源
获取请求报文中请求的资源,根据请求,从应用-》系统内核-》驱动-》资源存放媒介(硬盘、内存)获取客户端需要的信息
5、服务端构建http响应报文
服务器接收处理完请求后返回一个HTTP相应消息给客户端。HTTP响应消息的格式包括:状态行、响应头、空行、消息体。每部分内容占一行。
状态行:状态行位于相应消息的第一行,有HTTP协议版本号,状态码和状态说明三部分构成。
响应头:响应头是服务器传递给客户端用于说明服务器的一些信息,以及将来继续访问该资源时的策略。
响应体:响应体是服务端返回给客户端的HTML文本内容,或者其他格式的数据,比如:视频流、图片或者音频数据。
6、服务端将http响应报文发送给客户端
就是在已建立的tcp链接之上将相应报文及客户请求的数据从应用层,传输层、传输层、链路层、物理层层层打包头依次传输到客户端的物理层、链路层、传输层、应用层层层解包,最后客户端获得自己http请求的数据。
7、记录日志
服务端记录http请求访问日志
2、httpd所支持的处理模型有哪些,他们的分别使用于哪些环境。
prefork:多进程模型,每个进程响应一个请求
一个主进程:负责生成子进程及回收子进程;负责创建套接字;负责接收请求,并将其派发给某子进程进行处理;
n个子进程:每个子进程处理一个请求;
工作模型:会预先生成几个空闲进程,随时等待用于响应用户请求;最大空闲和最小空闲;
worker:多进程多线程模型,每线程处理一个用户请求
一个主进程:负责生成子进程;负责创建套接字;负责接收请求,并将其派发给某子进程进行处理;
多个子进程:每个子进程负责生成多个线程;
每个线程:负责响应用户请求;
并发响应数量:m*n
m:子进程数量
n:每个子进程所能创建的最大线程数量;
event:事件驱动模型,多进程模型,每个进程响应多个请求
一个主进程 :负责生成子进程;负责创建套接字;负责接收请求,并将其派发给某子进程进行处理;
子进程:基于事件驱动机制直接响应多个请求;
3、源码编译安装LAMP环境(基于wordpress程序),并写出详细的安装、配置、测试过程。
1、安装包的准备
肯定是下载源码包了啊,所谓兵马未动粮草先行,这步过于简单,我就不写了。
我准备的是以下几个包: httpd-2.4.25.tar.gz
nginx-1.10.3.tar.gz(可选项,如果喜欢用nginx) php-5.6.30.tar.gz mariadb-10.1.21.tar.gz
openssl-1.0.2k.tar.gz wordpress-4.7.3-zh_CN.tar.gz
2、更新系统组件
CentOS:yum update
Ubuntu:apt update && apt upgrade
这一步是个人喜好,不喜勿喷~~~
3、检查原有httpd-2.2,如有请卸载
命令
rpm -qa | grep httpd
yum remove httpd*
4、安装编译以来组件包,保平安
yum groupinstall “Development Tools” “Server Platform Development”
yum install gcc gcc-c++ ncurses-devel perl cmake libaio pcre-devel openssl-devel bison.x8664 bison-devel.x8664 libxml2-devel.x86_64
5、修改主机名
[root@CentOS6 opt]# hostname LAMPW [root@CentOS6 opt]# vim /etc/sysconfig/network [root@CentOS6 opt]# vim /etc/hosts [root@CentOS6 opt]# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=LAMPW NETWORKING_IPV6=no [root@CentOS6 opt]# cat /etc/hosts 127.0.0.1 LAMPW ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 [root@CentOS6 opt]#
6、这一步完了记得重启机器
reboot
7、编译安装Apache
httpd-2.4.25需要较新版本的apr和apr-util,因此需要事先对其进行升级。我这里用的是源码包编译安装
(1)编译安装apr
[root@LAMPW opt]# tar zxf apr-1.5.2.tar.gz
[root@LAMPW opt]# cd apr-1.5.2
[root@LAMPW apr-1.5.2]# ./configure –prefix=/opt/apr
[root@LAMPW apr-1.5.2]# make && make install
(2)编译安装apr-util
[root@LAMPW opt]# tar zxf apr-util-1.5.4.tar.gz
[root@LAMPW opt]# cd apr-util-1.5.4
[root@LAMPW apr-util-1.5.4]# ./configure –prefix=/opt/apr-util –with-apr=/opt/apr
[root@LAMPW apr-util-1.5.4]# make && make install
(3)编译安装apache2.4.25
编译参数如下:
./configure --prefix=/opt/apache24 \ --enable-so \ --enable-ssl \ --enable-cgi \ --enable-rewrite \ --with-zlib \ --with-pcre \ --with-apr=/opt/apr \ --with-apr-util=/opt/apr-util \ --enable-modules=most \ --enable-mpms-shared=all \ --with-mpm=event \ --enable-cache \ --enable-cache-disk \
(4)安装apache2.4.25服务脚本
编辑一下内容放到/etc/init.d/下面,附上执行权限,chkconfig –add httpd & chkconfig httpd on设置为开机启动即可,相关内容根据实际路径编辑一下即可:
#!/bin/bash #chkconfig: - 88 66 #description: this is a httpd scripts of myself. prog=/opt/apache24/bin/httpd configfile=/opt/apache24/conf/httpd.conf lockfile=/opt/apache24/lock/httpd namearg=httpd pidfile=/opt/apache24/httpd.pid . /etc/init.d/functions start() { if [ -e $lockfile ];then echo "the program $namearg (`cat $pidfile`)is running" && exit 1 else echo -n "Starting $namearg ..." && sleep 2 $prog -f $configfile && touch $lockfile && echo -e "\t\t\t[\033[32m ok \033[0m]" || echo -e "\t\t\t[\033[32m fail \033[0m]" fi } stop (){ if [ -e $lockfile ];then echo -n "Stopping $namearg..." && sleep 2 killproc $namearg &>/dev/null && rm -rf $lockfile && echo -e "\t\t\t[\033[32m ok \033[0m]"|| echo -e "\t\t\t[\033[32m fail \033[0m]" else echo -e "Stopping $namearg ...\t\t\t[\033[31m fail\033[0m]" fi } status () { if [ -e $lockfile ];then echo "the program $namearg (`cat $pidfile`)is running" && exit 1 else echo "the program $namearg is not running" fi } case $1 in start) start ;; stop) stop ;; restart) stop start ;; status) status ;; *) echo "Usage: $namearg [start | stop | restart | status ] " ;; esac
(5)为httpd服务的相关命令添加环境变量
vim /etc/profile,添加以下内容:
#Set the httpd variable environment for $PATH export httpd_HOME=/opt/apache24 export PATH=$PATH:${httpd_HOME}/bin
最后echo $PATH看看,OK啦
apache2.4到此编译安装完毕,httpd.conf根据实际情况自己修改一下下啦
8.编译安装mysql-5.6.35,mysql-5.7已弃坑
(1)环境监察,看看有没有已安装的mysql相关包,有的话就卸载掉
基础了,我就不写了
(2)安装cmake,我喜欢用最新版,下载的是cmake version 3.8.0-rc2,源码编译安装,稍微麻烦,但是可以享受其过程。
[root@LAMPW opt]# tar zxf cmake-3.8.0.tar.gz [root@LAMPW opt]#./bootstrap --help #看看有什么鬼参数 [root@LAMPW opt]#./bootstrap --prefix=/usr #我比较懒,直接一步到位,指定/usr目录 [root@LAMPW opt]#make && make install [root@LAMPW cmake-3.7.2]# cmake --version cmake version 3.8.0-rc2 CMake suite maintained and supported by Kitware (kitware.com/cmake). [root@LAMPW cmake-3.7.2]#
well done!
(3)建立MySQL程序目录和数据存储目录
[root@LAMPW /]# mkdir -pv /data/MySQL_data mkdir: created directory `/data' mkdir: created directory `/data/MySQL_data' [root@LAMPW /]# mkdir -pv /opt/MySQL mkdir: created directory `/opt/MySQL' [root@LAMPW /]#
PS:其实这一步可以省略,在编译参数里面制定,make install是强制执行了,没有目录的话会自动创建,数据存放目录除外,亲测有效。
(4)创建MySQL的系统用户组和系统用户
[root@LAMPW /]# groupadd -r mysql [root@LAMPW /]# useradd -d /data/MySQL_data/ -g mysql -M -r -s /sbin/nologin mysql [root@LAMPW /]# id mysql uid=498(mysql) gid=499(mysql) groups=499(mysql)
(5)开始编译安装mysql-5.6.35
cmake . -DCMAKE_INSTALL_PREFIX=/opt/mysql \ -DMYSQL_DATADIR=/data/mysql_data \ -DSYSCONFDIR=/opt/mysql/etc \ -DWITH_INNOBASE_STORAGE_ENGINE=1 \ -DWITH_ARCHIVE_STORAGE_ENGINE=1 \ -DWITH_BLACKHOLE_STORAGE_ENGINE=1 \ -DWITH_LIBWRAP=0 \ -DMYSQL_UNIX_ADDR=/opt/mysql/tmp/mysql.sock \ -DDEFAULT_CHARSET=utf8 \ -DDEFAULT_COLLATION=utf8_general_ci \ -DENABLED_LOCAL_INFILE=1 \ -DWITH_MEMORY_STORAGE_ENGINE=1 \ make -j 8 && make install
PS: 编译前要删除/etc/my.cnf,不然编译会报错。
(6)相关目录的授权
cd /data && chown -R mysql:mysql mysql_data/
cd /opt/ && chown -R mysql:mysql mysql/
(7)初始化data存放目录设置
cd /opt/mysql && scripts/mysqlinstalldb –user=mysql –basedir=/opt/mysql –datadir=/data/mysql_data
ls /data/mysql_data # 有数据说明初始化成功
(8)初始化完成后mysql中目录文件的属主应改回成root,以免被别人攻破mysql用户密码而带来数据破坏等
[root@CentOS6 ~]# cd /opt/ && chown -R root:root mysql/ [root@CentOS6 opt]# ll total 122444 drwx------ 8 501 20 4096 Aug 12 2015 boost_1_59_0 -rw-r--r-- 1 root root 83709983 Mar 17 13:08 boost_1_59_0.tar.gz drwxr-xr-x 15 root root 4096 Mar 17 13:16 cmake-3.8.0-rc2 -rw-r--r-- 1 root root 7504498 Mar 17 13:08 cmake-3.8.0-rc2.tar.gz -rw-r--r-- 1 root root 1974108 Mar 17 13:08 make-4.2.tar.gz drwxr-xr-x 13 root root 4096 Mar 17 17:30 mysql drwxr-xr-x 35 7161 31415 4096 Mar 17 17:00 mysql-5.6.35 -rw-r--r-- 1 root root 32167628 Mar 17 14:55 mysql-5.6.35.tar.gz [root@CentOS6 opt]# ls mysql/ bin COPYING data docs include lib man my.cnf mysql-test README scripts share sql-bench support-files [root@CentOS6 opt]# ll mysql/ total 72 drwxr-xr-x 2 root root 4096 Mar 17 17:01 bin -rw-r--r-- 1 root root 17987 Nov 28 21:36 COPYING drwxr-xr-x 3 root root 4096 Mar 17 17:00 data drwxr-xr-x 2 root root 4096 Mar 17 17:00 docs drwxr-xr-x 3 root root 4096 Mar 17 17:00 include drwxr-xr-x 3 root root 4096 Mar 17 17:00 lib drwxr-xr-x 4 root root 4096 Mar 17 17:00 man -rw-r--r-- 1 root root 943 Mar 17 17:30 my.cnf drwxr-xr-x 10 root root 4096 Mar 17 17:01 mysql-test -rw-r--r-- 1 root root 2496 Nov 28 21:36 README drwxr-xr-x 2 root root 4096 Mar 17 17:18 scripts drwxr-xr-x 28 root root 4096 Mar 17 17:01 share drwxr-xr-x 4 root root 4096 Mar 17 17:01 sql-bench drwxr-xr-x 2 root root 4096 Mar 17 18:36 support-files [root@CentOS6 opt]#
(9)mysql主配置文件
初始化后会自动在当前目录下创建一个my.cnf配置文件,直接修改就可以(在mysql 5.6 以后配置文件自动生成,不需要我们再进行复制),但是/usr/local/mysql/support-files目录下,有默认配置的配置文件,可以拷贝过去。这里我用默认生成的。
修改配置文件 #必须修改啊,不然下一步会报错哦
[root@CentOS6 /]# vim /opt/mysql/my.cnf [mysqld] basedir = /opt/mysql datadir = /data/mysql_data port = 3306
(10)为mysql提供sysv服务脚本并启动服务
[root@CentOS6 ~]# cp /opt/mysql/support-files/mysql.server /etc/init.d/mysqld [root@CentOS6 ~]#chkconfig --add mysqld [root@CentOS6 ~]#chkconfig mysqld on [root@CentOS6 ~]# chkconfig mysqld --list mysqld 0:off 1:off 2:on 3:on 4:on 5:on 6:off [root@CentOS6 ~]#
service mysqld start 记得要测试OK,其中启动可能会报错,例如目录权限啊,sock 、pid 文件目录设置等,主要看看报错日志,跟着解决就好。
一通肆虐(测试)
[root@CentOS6 mysql]# service mysqld Usage: mysqld {start|stop|restart|reload|force-reload|status} [ MySQL server options ] [root@CentOS6 mysql]# service mysqld stop Shutting down MySQL.. SUCCESS! [root@CentOS6 mysql]# service mysqld reload ERROR! MySQL PID file could not be found! [root@CentOS6 mysql]# service mysqld start Starting MySQL. SUCCESS! [root@CentOS6 mysql]# service mysqld status SUCCESS! MySQL running (2019) [root@CentOS6 mysql]# service mysqld reload SUCCESS! Reloading service MySQL [root@CentOS6 mysql]# service mysqld restart Shutting down MySQL.. SUCCESS! Starting MySQL. SUCCESS! [root@CentOS6 mysql]#
嗦嘎!
(11)输出mysql的头文件至系统头文件路径/usr/include
[root@CentOS6 mysql]# ln -sv /opt/mysql/include/ /usr/include/mysql `/usr/include/mysql' -> `/opt/mysql/include/' [root@CentOS6 mysql]#
(12)输出mysql的头文件至系统头文件路径/usr/include
[root@CentOS6 mysql]# ln -sv /opt/mysql/include/ /usr/include/mysql `/usr/include/mysql' -> `/opt/mysql/include/' [root@CentOS6 mysql]#
(13)输出mysql的库文件给系统库查找路径
[root@CentOS6 ~]# vim /etc/ld.so.conf.d/mysql.conf [root@CentOS6 ~]# ldconfig -v |grep mysql ldconfig: /etc/ld.so.conf.d/kernel-2.6.32-642.el6.x86_64.conf:6: duplicate hwcap 1 nosegneg /opt/mysql/lib: libmysqlclient.so.18 -> libmysqlclient_r.so.18.1.0 /usr/lib64/mysql: libmysqlclient.so.16 -> libmysqlclient.so.16.0.0 libmysqlclient_r.so.16 -> libmysqlclient_r.so.16.0.0 [root@CentOS6 ~]#
(14) 修改PATH环境变量,让系统可以直接使用mysql的相关命令
[root@CentOS6 ~]# echo "export PATH=$PATH:/opt/mysql/bin" > /etc/profile.d/mysql.sh #一条命令搞定,很叼 [root@CentOS6 ~]# ll /etc/profile.d/mysql.sh -rw-r--r-- 1 root root 83 Mar 20 11:03 /etc/profile.d/mysql.sh [root@CentOS6 ~]# cat /etc/profile.d/mysql.sh #查看一下创建的文件内容 export PATH=/usr/local/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/root/bin:/opt/mysql/bin [root@CentOS6 ~]# source /etc/profile.d/mysql.sh #使其即时生效 [root@CentOS6 ~]# echo $? #命令是OK的 0 [root@CentOS6 ~]# mysql #用tab键匹配一下MySQL命令 ,bingo! mysql mysql_embedded mysqlaccess mysql_find_rows mysqlaccess.conf mysql_fix_extensions mysqladmin mysqlhotcopy mysqlbinlog mysqlimport mysqlbug mysql_plugin mysqlcheck mysql_secure_installation mysql_client_test mysql_setpermission mysql_client_test_embedded mysqlshow mysql_config mysqlslap mysql_config_editor mysqltest mysql_convert_table_format mysqltest_embedded mysqld mysql_tzinfo_to_sql mysqld_multi mysql_upgrade mysqld_safe mysql_waitpid mysqldump mysql_zap mysqldumpslow [root@CentOS6 ~]#
(15) 最终测试,使用mysql命令登录
[root@CentOS6 lib]# mysql Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 2 Server version: 5.6.35 Source distribution Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show status; +-----------------------------------------------+-------------+ | Variable_name | Value | +-----------------------------------------------+-------------+ | Aborted_clients | 0 | | Aborted_connects | 0 | | Binlog_cache_disk_use | 0 | | Binlog_cache_use | 0 | | Binlog_stmt_cache_disk_use | 0 | | Binlog_stmt_cache_use | 0 | | Bytes_received | 219 | | Bytes_sent | 179 | | Com_admin_commands | 0 | | Com_assign_to_keycache | 0
9、编译安装php
(1)安装依赖包保平安
yum install gd-devel libmcrypt-devel libcurl-devel openssl-devel libxml2-devel
(2)下载加压,下面是编译参数
./configure --prefix=/opt/php \ --with-openssl \ --with-mysqli=/opt/mysql/bin/mysql_config \ --enable-mbstring \ --with-freetype-dir \ --with-jpeg-dir \ --with-png-dir \ --with-zlib \ --with-libxml-dir=/usr \ --enable-xml \ --enable-sockets \ --with-apxs2=/opt/apache24/bin/apxs \ --with-mcrypt \ --with-config-file-path=/opt/php/conf \ --with-config-file-scan-dir=/opt/php/php.d \ --with-bz2 \ --enable-maintainer-zts \ --with-mysql=mysqlnd \ --with-pdo-mysql=mysqlnd \ --with-mysqli=mysqlnd \ --with-mysql=/opt/mysql \ make -j 8 make test make install
(3)从源码包复制php配置文件
cp /opt/php-5.6.30/php.ini-production /opt/php/etc/
(4) 编辑apache配置文件httpd.conf,以apache支持php ,此为httpd模块加载方式,非fastcgi模式
# vim /opt/apache24/conf/httpd.conf 1、添加如下二行 AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps
2、定位至DirectoryIndex index.html 修改为: DirectoryIndex index.php index.html
而后重新启动httpd,或让其重新载入配置文件即可测试php是否已经可以正常使用。
vim /opt/apache24/htdocs/index.php 测试页面index.php示例如下:
<?php $link = mysql_connect('192.168.0.248','root','123456'); if ($link) echo " hahaha, Success..."; else echo "Failure..."; mysql_close(); ?> <? phpinfo(); ?>
(5) 测试是否ok
安装部署WordPress
(1)下载WordPress,并解压到网站根目录
[root@lampw tools]# cp wordpress-4.7.3-zh_CN.tar.gz /opt/apache24/htdocswordpress.tar.gz [root@lampw tools]# cd /opt/apache24/htdocs/ [root@lampw htdocs]# tar zxf wordpress.tar.gz [root@lampw htdocs]# cd wordpress/ [root@lampw wordpress]# ll total 188 -rw-r--r-- 1 nobody 65534 418 Sep 25 2013 index.php -rw-r--r-- 1 nobody 65534 19935 Jan 3 02:51 license.txt -rw-r--r-- 1 nobody 65534 6956 Mar 7 13:14 readme.html -rw-r--r-- 1 nobody 65534 5447 Sep 28 05:36 wp-activate.php drwxr-xr-x 9 nobody 65534 4096 Mar 7 13:14 wp-admin -rw-r--r-- 1 nobody 65534 364 Dec 19 2015 wp-blog-header.php -rw-r--r-- 1 nobody 65534 1627 Aug 29 2016 wp-comments-post.php -rw-r--r-- 1 nobody 65534 2930 Mar 7 13:14 wp-config-sample.php drwxr-xr-x 5 nobody 65534 4096 Mar 7 13:14 wp-content -rw-r--r-- 1 nobody 65534 3286 May 25 2015 wp-cron.php drwxr-xr-x 18 nobody 65534 12288 Mar 7 13:14 wp-includes -rw-r--r-- 1 nobody 65534 2422 Nov 21 10:46 wp-links-opml.php -rw-r--r-- 1 nobody 65534 3301 Oct 25 11:15 wp-load.php -rw-r--r-- 1 nobody 65534 33939 Nov 21 10:46 wp-login.php -rw-r--r-- 1 nobody 65534 8048 Jan 11 13:15 wp-mail.php -rw-r--r-- 1 nobody 65534 16250 Nov 29 13:39 wp-settings.php -rw-r--r-- 1 nobody 65534 29896 Oct 19 12:47 wp-signup.php -rw-r--r-- 1 nobody 65534 4513 Oct 15 03:39 wp-trackback.php -rw-r--r-- 1 nobody 65534 3065 Sep 1 2016 xmlrpc.php
(2)创建WordPress要连接mysql的账号
[root@lampw wordpress]# mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 1419 Server version: 5.6.35 Source distribution Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> CREATE DATABASE wpdb; Query OK, 1 row affected (0.00 sec) mysql> GRANT ALL PRIVILEGES ON wpdb.* TO wpuser@'192.168.%.%' IDENTIFIED BY 'wppass';; Query OK, 0 rows affected (0.00 sec) mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec)
mysql>
3)创建WordPress的配置文件
[root@WebServer wordpress]# pwd
/usr/local/apache/htdocs/wordpress
[root@WebServer wordpress]# cp wp-config-sample.php wp-config.php
4)更改 wp-config.php关于数据库的连接相关配置
[root@WebServer wordpress]# vim wp-config.php
define(‘DB_NAME’, ‘wpdb’); # 填写数据库
/** MySQL数据库用户名 */
define(‘DB_USER’, ‘wpuser’); # 填写数据库账号
/** MySQL数据库密码 */
define(‘DB_PASSWORD’, ‘wppass’); # 填写密码
/** MySQL主机 */
define(‘DB_HOST’, ‘10.10.10.4’); # 数据库所在的主机,本机也可以填写localhost
5)访问测试
有图有真相
4、建立httpd服务器(基于编译的方式进行),要求:
提供两个基于名称的虚拟主机
前期工作
建立相应目录,我一般都是放在/data,
[root@lampw data]# mkdir -pv /data/web/vhost/{www1,www2} mkdir: created directory `/data/web' mkdir: created directory `/data/web/vhost' mkdir: created directory `/data/web/vhost/www1' mkdir: created directory `/data/web/vhost/www2'
vim /opt/apache24/conf/httpd.conf
AllowOverride none # Require all denied
(a)www1.stuX.com,页面文件目录为/web/vhosts/www1;错误日志为/var/log/httpd/www1.err,访问日志为/var/log/httpd/www1.access;
[root@lampw data]# mkdir -pv /data/web/vhost/{www1,www2} mkdir: created directory `/data/web' mkdir: created directory `/data/web/vhost' mkdir: created directory `/data/web/vhost/www1' mkdir: created directory `/data/web/vhost/www2'
vim /opt/apache24/conf/httpd.conf
<VirtualHost 192.168.0.248:80> ServerName www1.stuX.com DocumentRoot "/data/web/vhosts/www1" ErrorLog /data/web/log/httpd/www1.err CustomLog /data/web/log/httpd/www1.access combined <Directory "/data/web/vhosts/www1"> Options None AllowOverride None Require all granted </Directory> <Location "/server-status"> SetHandler server-status Options None AllowOverride None AuthType Basic AuthName "Adimin Realm,show something" AuthUserFile "/opt/apache24/conf/.htpasswd" Require user jerry </Location> </VirtualHost>
(b)www2.stuX.com,页面文件目录为/web/vhosts/www2;错误日志为/var/log/httpd/www2.err,访问日志为/var/log/httpd/www2.access;
[root@lampw data]# mkdir -pv /data/web/vhost/{www1,www2} mkdir: created directory `/data/web' mkdir: created directory `/data/web/vhost' mkdir: created directory `/data/web/vhost/www1' mkdir: created directory `/data/web/vhost/www2' [root@lampw data]# vim /opt/apache24/conf/httpd.conf <VirtualHost 192.168.0.248:80> ServerName www2.stuX.com DocumentRoot "/data/web/vhosts/www2" ErrorLog /data/web/log/httpd/www1.err CustomLog /data/web/log/httpd/www1.access combined <Directory "/data/web/vhosts/www2"> Options None AllowOverride None Require all granted </Directory> </VirtualHost>
(c)为两个虚拟主机建立各自的主页文件index.html,内容分别为其对应的主机名;
[root@lampw data]# vim /data/web/vhost/www1/index.html [root@lampw data]# vim /data/web/vhost/www2/index.html [root@lampw data]# cat /data/web/vhost/www1/index.html <h1>www1.stuX.com</h1> [root@lampw data]# cat /data/web/vhost/www2/index.html <h1>www2.stuX.com</h1> [root@lampw data]#
(d)通过www1.stuX.com/server-status输出httpd工作状态相关信息,且只允许提供帐号密码才能访问(status:status);
[root@lampw ~]# cd /opt/apache24/bin/
[root@lampw bin]# ./htpasswd -m -c /opt/apache24/conf/.htpasswd jerry
[root@lampw data]# vim /opt/apache24/conf/httpd.conf
<VirtualHost 192.168.0.248:80> ServerName www1.stuX.com DocumentRoot "/data/web/vhosts/www1" ErrorLog /data/web/log/httpd/www1.err CustomLog /data/web/log/httpd/www1.access combined <Directory "/data/web/vhosts/www1"> Options None AllowOverride None Require all granted </Directory> <Location "/server-status"> SetHandler server-status Options None AllowOverride None AuthType Basic AuthName "Adimin Realm,show something" AuthUserFile "/opt/apache24/conf/.htpasswd" Require user jerry </Location> </VirtualHost>
5、为第4题中的第2个虚拟主机提供https服务,使得用户可以通过https安全的访问此web站点;
(1)要求使用证书认证,证书中要求使用的国家(CN)、州(HA)、城市(ZZ)和组织(MageEdu);
(2)设置部门为Ops,主机名为www2.stuX.com,邮件为admin@stuX.com;
生成私钥
[root@lampw pki]# (umask 077; openssl genrsa -out /etc/pki/ca-trust/cakey.pem 8192) Generating RSA private key, 8192 bit long modulus ...................................................................................................................++ ........................................................................................................................................................................................................................................................++ e is 65537 (0x10001)
生成自签证书
[root@lampw pki]# openssl req -new -x509 -key /etc/pki/ca-trust/cakey.pem -out /etc/pki/ca-trust/cacert.pem -days 3655 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:CN State or Province Name (full name) [Some-State]:HA Locality Name (eg, city) []:ZZ Organization Name (eg, company) [Internet Widgits Pty Ltd]:MageEdu Organizational Unit Name (eg, section) []:MageEdu Common Name (e.g. server FQDN or YOUR name) []:www2.stuX.com Email Address []:admin@stuX.com [root@lampw pki]#
为CA提供所需的目录及文件
[root@lampw pki]# mkdir -pv /etc/pki/CA/{certs,crl,newcerts} mkdir: created directory `/etc/pki/CA' mkdir: created directory `/etc/pki/CA/certs' mkdir: created directory `/etc/pki/CA/crl' mkdir: created directory `/etc/pki/CA/newcerts' [root@lampw pki]# touch /etc/pki/CA/{serial,index.txt} [root@lampw pki]# echo 01 > /etc/pki/CA/serial [root@lampw pki]#
用到证书的主机生成私钥
[root@lampw pki]# mkdir -pv /etc/pki/CA/{certs,crl,newcerts} mkdir: created directory `/etc/pki/CA' mkdir: created directory `/etc/pki/CA/certs' mkdir: created directory `/etc/pki/CA/crl' mkdir: created directory `/etc/pki/CA/newcerts' [root@lampw pki]# touch /etc/pki/CA/{serial,index.txt} [root@lampw pki]# echo 01 > /etc/pki/CA/serial [root@lampw pki]# mkdir -pv /opt/apache24/ssl mkdir: created directory `/opt/apache24/ssl' [root@lampw pki]# cd /opt/apache24/ssl [root@lampw ssl]# (umask 077; openssl genrsa -out /opt/apache24/ssl/httpd.key 8192) Generating RSA private key, 8192 bit long modulus .............................................................................................................++ ....................................................++ e is 65537 (0x10001) [root@lampw ssl]#
生成证书签署请求
[root@lampw ssl]# openssl req -new -key /opt/apache24/ssl/httpd.key -out /opt/apache24/ssl/httpd.csr -days 365 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:CN State or Province Name (full name) [Some-State]:HA Locality Name (eg, city) []:ZZ Organization Name (eg, company) [Internet Widgits Pty Ltd]:MageEdu Organizational Unit Name (eg, section) []:MageEdu Common Name (e.g. server FQDN or YOUR name) []:www2.stuX.com Email Address []:admin@stuX.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
将请求通过可靠方式发送给CA主机,这次是在同一台机器,我就略过,如果是生产环境,估计就是要发给可信的证书签署机构
在CA主机上签署证书
[root@centos ssl]# openssl ca -in /etc/httpd/ssl/httpd.csr -out /etc/pki/CA/certs/httpd.crt -days 365 Using configuration from /etc/pki/tls/openssl.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Mar 22 03:49:48 2017 GMT Not After : Mar 22 03:49:48 2018 GMT Subject: countryName = CN stateOrProvinceName = HA organizationName = MageEdu organizationalUnitName = ops commonName = www2.stuX.com emailAddress = admin@stuX.com X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: EC:C4:48:10:BE:BD:1D:D2:48:38:17:B7:FD:0D:57:DE:51:B1:8F:64 X509v3 Authority Key Identifier: keyid:ED:42:A1:59:88:A2:45:0A:F2:64:46:A6:BA:C9:7A:5D:E3:9C:FB:AE Certificate is to be certified until Mar 22 03:49:48 2018 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated [root@centos ssl]#
ssl]# ls /etc/pki/CA/certs/httpd.crt
/etc/pki/CA/certs/httpd.crt
ssl]# cp /etc/pki/CA/certs/httpd.crt /etc/httpd24/ssl/
ssl]# ls
httpd.crt httpd.csr httpd.key
2、修改配置文件提供ssl服务
开启主配置文件的ssl调用,删除www2在httpd-vhosts中的定义
Include /etc/httpd24/extra/httpd-ssl.conf
~]# vim /etc/httpd24/extra/httpd-ssl.conf
[root@localhost httpd24]# cat extra/httpd-ssl.conf | grep -v “^#”
Listen 443
SSLPassPhraseDialog builtin
<VirtualHost 192.168.150.136:443>
DocumentRoot “/web/vhost/www2”
ServerName www2.stuX.com:443
ServerAdmin you@example.com
ErrorLog “/var/log/httpd/www2.err”
TransferLog “/usr/local/apache24/logs/access_log”
SSLEngine on
SSLCertificateFile “/etc/httpd24/ssl/httpd.crt”
SSLCertificateKeyFile “/etc/httpd24/ssl/httpd.key”
<Directory “/web/vhost/www2”>
AllowOverride None
Options None Require all granted
主配置文件中启用ssl模块
~]# vim /etc/httpd24/httpd.conf
LoadModule sslmodule modules/modssl.so
重启httpd服务后测试
httpd24]# ss -tnl | grep 443
LISTEN 0 128 :::443 :::*
6、在LAMP架构中,请分别以php编译成httpd模块形式和php以fpm工作为独立守护进程的方式来支持httpd,列出详细的过程。
php编译成httpd模块形式
参阅第三题第九步
php以fpm工作为独立守护进程的方式来支持httpd
./configure –prefix=/opt/php5-fpm \ –with-mysql=mysqlnd \ –with-openssl \ –with-mysqli=mysqlnd \ –enable-mbstring \ –with-freetype-dir \ –with-jpeg-dir \ –with-png-dir \ –with-zlib \ –with-libxml-dir=/usr \ –enable-xml \ –enable-sockets \ –enable-fpm \ –with-mcrypt \ –with-config-file-path=/opt/php5-fpm/conf \ –with-config-file-scan-dir=/opt/php5-fpm/conf.d \ –with-bz2
添加了–enable-fpm选项 ,这是重点啊,各位记住。
make && make install
拷贝配置文件至/opt/php5-fpm/conf目录
php-5.4.26]# cp php.ini-production /etc/php.ini
拷贝php-fpm配置文件,并同时取消pid选项的注释
cp /usr/local/php5/etc/php-fpm.conf.default /usr/local/php5/etc/php-fpm.conf
php-5.4.26]# vim /usr/local/php5/etc/php-fpm.conf
pid = /usr/local/php5/var/run/php-fpm.pid
添加服务脚本
fpm]# pwd
/root/php-5.4.26/sapi/fpm
fpm]# cp init.d.php-fpm /etc/rc.d/init.d/php-fp
~]# chmod +x /etc/rc.d/init.d/php-fpm
~]# chkconfig –add php-fpm
启动php-fpm
~]# service php-fpm start
配置httpd
~]# vim /etc/httpd24/httpd.conf
启用这两个模块
LoadModule proxymodule modules/modproxy.so
LoadModule proxyfcgimodule modules/modproxyfcgi.so
添加文件类型
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
添加php文件的访问通过fpm
ProxyRequests Off
ProxyPassMatch ^/(.*.php)$ fcgi://127.0.0.1:9000/usr/local/apache24/htdocs/$1
找到 DirectoryIndex index.html
改为
DirectoryIndex index.php index.html
编辑php测试页并开启httpd进行测试
php-5.4.26]# cd /usr/local/apache24/htdocs/
htdocs]# vim index.php
<h1>phpfpmtest</h1> <?php phpinfo(); ?>
[root@localhost htdocs]# apachectl start
AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, using localhost.
localdomain. Set the ‘ServerName’ directive globally to suppress this
[root@localhost htdocs]# ss -tnl httpd 80 php-fpm 9000
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 *:22 :
LISTEN 0 100 ::1:25 :::*
LISTEN 0 100 127.0.0.1:25 :
LISTEN 0 128 127.0.0.1:6010 :
LISTEN 0 128 ::1:6010 :::*
LISTEN 0 128 127.0.0.1:6011 :
LISTEN 0 128 ::1:6011 :::*
LISTEN 0 128 127.0.0.1:9000 :
此时的Server API为FPM/FastCGI
原创文章,作者:N24_Jerry,如若转载,请注明出处:http://www.178linux.com/71551
评论列表(1条)
非常详细的文档,继续加油。