http-2.4
1)新特性
(1)MPM 支持运行为DSO 机制;以模块形式按需加载
(2)event MPM 生产环境可用
(3)异步读写机制
(4)支持每模块及每目录的单独日志级别定义
(5)每请求相关的专用配置
(6)增强版的表达式分析式
(7)毫秒级持久连接时长定义
(8)基于FQDN 的虚拟主机不需要NameVirutalHost 指令
(9)新指令,AllowOverrideList
(10)支持用户自定义变量
(11)更低的内存消耗
2)修改了一些配置机制
不再支持使用Order, Deny, Allow 来做基于IP 的访问控制
3)新模块
(1) mod_proxy_fcgi
FastCGI Protocol backend for mod_proxy
(2) mod_remoteip
Replaces the apparent client remote IP address and hostname for the request with the IP address list presented by a proxies or a load balancer via the request headers.
(3) mod_ratelimit
Provides Bandwidth Rate Limiting for Clients
4)centos7 httpd程序环境
1)CentOS 7 :httpd-2.4
2)安装方法:rpm ,编译安装
3)Rpm 安装的程序环境:
配置文件:
/etc/httpd/conf/httpd.conf
/etc/httpd/conf.d/*.conf
模块相关的配置文件:
/etc/httpd/conf.modules.d/*.conf
systemd unit file
/usr/lib/systemd/system/httpd.service
主程序文件:
/usr/sbin/httpd
httpd-2.4 支持MPM
日志文件:
/var/log/httpd
access_log :访问日志
error_log :错误日志
站点文档:
/var/www/html
模块文件路径:
/usr/lib64/httpd/modules
服务控制:
systemctl {enable|disable} httpd.service
systemctl {start|stop|restart|status} httpd.service
5)配置
配置应用 :
(1)切换使用的MPM
Centos7:
/etc/httpd/conf.modules.d/00-mpm.conf
启用要启用的MPM相关的LoadModule 指令即可
centos6 编译安装:
vim /etc/httpd24/httpd.conf
Include /etc/httpd24/extra/httpd-mpm.conf
LoadModule mpm_event_module
modules/mod_mpm_event.so
(2)主目录:
DocumentRoot /path
(3)基于IP的访问控制:
无明确授权的目录,默认拒绝
允许所有主机访问:Require all granted
拒绝所有主机访问:Require all denied
控制特定的IP访问:
Require ip IPADDR:授权指定来源的IP访问
Require not ip IPADDR:拒绝特定的IP访问
控制特定的主机访问:
Require host HOSTNAME:授权特定主机访问
Require not host HOSTNAME:拒绝特定主机访问
HOSTNAME:
FQDN:特定主机
domin.tld:指定域名下的所有主机
不能有失败,至少有一个成功匹配
<RequireAll>
Require all granted
Require not ip 172.16.100.2 拒绝特定IP
</RequireAll>
多个语句有一个成功,即成功
<RequireAny>
……
</RequireAny>
(4)虚拟主机
基于FQDN 的虚拟主机也不再需要NameVirutalHost 指令
<VirtualHost *:80>
ServerName www.b.net
DocumentRoot "/apps/b.net/htdocs"
<Directory "/apps/b.net/htdocs">
Options None
AllowOverride None ##Apache是否允许另一配置文件覆盖现有配置文件。
Require all granted
</Directory>
</VirtualHost>
注意:任意目录下的页面只有显式授权才能被访问
(5) ssl: 安装mod_ssl,和httpd-2.2 相同配置
(6) KeepAlive on
KeepAliveTimeout #ms
MaxKeepAliveRequests 100
毫秒级持久连接时长定义
(7)cento7上实现虚拟主机
vim /etc/httpd/conf.d/vhosts.conf
<virtualhost *:80 >
servername www.a.com
documentroot "/app/a.com/"
ProxyPass "/" "http://www.a.com:8080/" ##请求转发
ProxyPassReverse "/" "http://www.a.com:8080/" ##配置总是和ProxyPass 一致,它的作用在于反向代理,如果响应中有302重定向,ProxyPassReverse就派上用场。
<directory /app/a.com>
Require all granted
</directory>
</virtualhost>
listen 8080
<virtualhost *:8080 >
servername www.b.com
documentroot "/app/b.com/"
<directory /app/b.com>
Require all granted
</directory>
</virtualhost>
<virtualhost *:80 >
servername www.c.com
<directory /app/c.com>
Require all granted
</directory>
documentroot "/app/c.com/"
</virtualhost>
在centos6编译安装httpd-2.4
安装httpd-2.4
依赖于apr-1.4+, apr-util-1.4+, [apr-iconv]
apr:apache portable runtime ,解决跨平台实现
CentOS 6 :默认:apr-1.3.9, apr-util-1.3.9
安装前准备开发包:
开发环境包组:
Development Tools,Server
开发程序包:pcre-devel ,openssl-devel
下载源代码并解压缩:
http://www.apache.org/index.html#projects-list
apr-1.5.2.tar.bz2
apr-util-1.5.4.tar.bz2
httpd-2.4.27.tar.bz2
(1) 安装apr-1.4+
./configure --prefix=/usr/local/apr
make && make install
(2) 安装apr-util-1.4+
./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
make && make install
(3) 编译安装httpd-2.4
./configure --prefix=/usr/local/httpd24 --sysconfdir=/etc/httpd24 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork
make && make install
或者下面方法
1》mv apr-1.5.2/ httpd-2.4.27/srclib/apr
2》mv apr-util-1.5.4/ httpd-2.4.27/srclib/apr-util
3》cd httpd-2.4.27/
4》./configure --prefix=/usr/local/httpd24 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-included-apr --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork
5》Make && make install
6》Httpd 编译过程:/usr/local/apache24/build/config.nice
7》自带的服务控制脚本:/usr/local/httpd24/bin/apachectl
8》vim /etc/profile.d/httpd24.sh
export PATH=/app/http24/bin:$PATH
9》vim /etc/man.config
MANPATH /usr/local/apache24/man
10》自定义启动脚本( 参考httpd-2.2 的服务脚本)
cp /etc/rc.d/init.d/httpd /etc/rc.d/init.d/httpd24
vim /etc/rc.d/init.d/httpd24
apachectl=/usr/local/httpd24/bin/apachectl
httpd=${HTTPD-/usr/local/httpd24/bin/httpd}
pidfile=${PIDFILE-/usr/local/httpd24/logs/httpd.pid}
lockfile=${LOCKFILE-/var/lock/subsys/httpd24}
chkconfig –add httpd24 ;chkconfig –list httpd24