安装
尽量使用在线安装的方式进行安装,这样所有的依赖包可以一并安装。
另外如果是非在线安装的话,注意确认原来是否存在apache版本。
很多Linux系统自带Apache。
apache的操作,必须以root用户完成。
设置代理
export http_proxy=http://10.10.71.232:8080
export https_proxy=http://10.10.71.232:8080
export ftp_proxy=http://10.10.71.232:8080
vi /etc/dnf/dnf.conf
proxy=http://10.10.71.232:8080
vi /etc/rhsm/rhsm.conf
proxy_hostname = 10.10.71.232
proxy_port = 8080
dnf -y install httpd systemctl start httpd systemctl enable httpd systemctl status httpd
如果提示 No match for argument: httpd的话,说明repo没找到。
考虑创建
/etc/yum.repos.d/CentOS-Base.repo
/etc/yum.repos.d/CentOS-AppStream.repo
/etc/yum.repos.d/RPM-GPG-KEY-centos8-release
修改防火墙
firewall-cmd --permanent --zone=public --add-service=http firewall-cmd --permanent --zone=public --add-service=https firewall-cmd --reload
确认启动
httpd設定
/usr/sbin/setsebool -P httpd_can_network_connect 1
vi /etc/httpd/conf/httpd.conf
在/etc/httpd/conf/httpd.conf文件的最后追加下记内容
#LoadModule proxy_module modules/mod_proxy.so #LoadModule proxy_http_module modules/mod_proxy_http.so #LoadModule proxy_ajp_module modules/mod_proxy_ajp.so <Location /xxx/> ProxyPass ajp://127.0.0.1:8009/xxx/ secret=yyy min=1 max=400 smax=0 disablereuse=on ttl=5 timeout=120 keepalive=on retry=60 ping=1 </Location>
注意LoadModule的3个模块是否开启。正常情况下安装后是默认开启的。
xxx:发布contextpath
yyy:安全key。tomcat的ajp里面设定的。
修改后重启
systemctl restart httpd
修正tomcat
修改tomcat的conf/server.xml文件。开放ajp设定。通常情况下,会关闭http的设定。
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<Connector protocol="AJP/1.3"
address="::1"
secret="yyy"
port="8009"
redirectPort="8443" />
address:代表能够访问服务的IP。即Apache的IP。默认是本机 127.0.0.1。代表只有本机能够访问。
secret:安全Key。跟apache配置的相同。
修改后重启tomcat。
查看log,ajp正常启动(一定要确认)
13-Jun-2022 16:15:55.423 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"] 13-Jun-2022 16:15:55.438 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-nio-127.0.0.1-8009"] 13-Jun-2022 16:15:55.442 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [7239] millisecon
安装任意版本apache
指定阿里云
cd /etc/yum.repos.d/ curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo mv redhat.repo redhat.repo_bak vi /etc/yum/pluginconf.d/product-id.conf enable=0 vi /etc/yum/pluginconf.d/subscription-manager.conf enable=0 vi /etc/yum.repos.d/CentOS-Base.repo
把$releasever替换为8-stream
清缓存、获取列表
yum clean all yum makecache
安装所需环境
设置代理参考上面说明
dnf -y install gcc gcc-c++ wget dnf -y install expat-devel zlib-devel openssl-devel dnf -y install automake autoconf libtool make wget https://mirrors.aliyun.com/apache/httpd/httpd-2.4.54.tar.gz wget https://mirrors.aliyun.com/apache/apr/apr-1.7.0.tar.gz wget https://mirrors.aliyun.com/apache/apr/apr-util-1.6.1.tar.gz wget https://mirrors.aliyun.com/exim/pcre/pcre2-10.37.tar.gz
安装apr
tar zxvf apr-1.7.0.tar.gz cd apr-1.7.0/ ./configure --prefix=/usr/local/apr make && make install
安装apr-util
tar zxvf apr-util-1.6.1.tar.gz cd apr-util-1.6.1/ ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr make && make install
安装pcre2
tar zxvf pcre2-10.37.tar.gz cd pcre2-10.37/ ./configure --prefix=/usr/local/pcre make && make install
安装httpd
cp -r /root/apr-1.7.0/ /root/httpd-2.4.54/srclib/apr/ cp -r /root/apr-util-1.6.1/ /root/httpd-2.4.54/srclib/apr-util/ cd httpd-2.4.54/ ./configure --prefix=/usr/local/server/apache \ --with-apr=/usr/local/apr \ --with-apr-util=/usr/local/apr-util \ --with-pcre=/usr/local/pcre \ --enable-mpms-shared=all make && make install
修改配置文件【httpd.conf】
vi /usr/local/server/apache/conf/httpd.conf ServerName localhost:80
将httpd加入系统服务并设置开机自启。
cp /usr/local/server/apache/bin/apachectl /etc/init.d/httpd systemctl enable httpd service httpd start
关闭防火墙。
systemctl stop firewalld.service systemctl disable firewalld.service
测试能看到It Works!
安装ssl
安装ssl模块
dnf -y openssl mod_ssl vi /usr/local/server/apache/conf/httpd.conf
开放ssl
LoadModule ssl_module modules/mod_ssl.so # Secure (SSL/TLS) connections Include conf/extra/httpd-ssl.conf # # Note: The following must must be present to support # starting without SSL on platforms with no /dev/random equivalent # but a statically compiled-in mod_ssl. # <IfModule ssl_module> SSLRandomSeed startup builtin SSLRandomSeed connect builtin </IfModule>
生成证书
输入的密码要记住,以后每次启动时要输入。可以为neusoft
其他国家等,随便填。
openssl genrsa -des3 -out server.key 2048 openssl req -new -key server.key -out server.csr openssl x509 -req -days 700 -in server.csr -signkey server.key -out server.crt cp * /usr/local/server/apache/conf/ service httpd restart
输入上面的密码后,再启动成功。
https访问,能看到It Works!