首頁 » source

Compile Apache 2.4.x (Centos 7)

由 datahunter 在 一, 04/10/2021 - 10:41 發表

最後更新: 2022-11-11

 

Step

  1. yum 需要的 Package
  2. 下載 Apache Source
  3. 設定 (./configure)
  4. Compile & Install
  5. 系統設定

1. 安裝需要的 Package

yum groupinstall "Development Tools"

# Make sure you have APR and APR-Util already installed on your system.

# 如果不 yum 安裝它們, 就要到 http://apr.apache.org/ 下載, 並放在

# /httpd_source_tree_root/srclib/apr and /httpd_source_tree_root/srclib/apr-util

# ./configure --with-included-apr

yum install apr apr-util apr-devel apr-util-devel

# Perl-Compatible Regular Expressions Library (PCRE)

yum install pcre pcre-devel

# 行 https

yum install openssl-devel

# mod_mime_magic

yum install file-devel -y

# 獲得 htpasswd

yum install httpd-tools -y

2. 下載 Apache Source

mkdir /usr/src/httpd; cd /usr/src/httpd

V=2.4.54

wget https://dlcdn.apache.org/httpd/httpd-${V}.tar.gz

tar -zxf httpd-${V}.tar.gz

cd httpd-${V}

3. 設定 (./configure)

優化

# worker MPM

./configure --prefix=/opt/httpd \
  --sysconfdir=/etc/httpd \
  --enable-ssl \
  --enable-proxy-fcgi \
  --enable-rewrite \
  --enable-mime-magic

configure: summary of build options:

    Server Version: 2.4.52
    Install prefix: /opt/httpd
    C compiler:     gcc -std=gnu11
    CFLAGS:         -march=native -O3 -pipe -pthread
    CPPFLAGS:       -march=native -O3 -pipe -DLINUX -D_REENTRANT -D_GNU_SOURCE
    LDFLAGS:
    LIBS:
    C preprocessor: gcc -E

4. Compile & Install

make -j

make install

ln -s /opt/httpd/bin/apachectl /usr/sbin

測試

apachectl -t

Syntax OK

查看有什麼 module

ls -1 /opt/httpd/modules

httpd.exp
mod_access_compat.so
mod_actions.so
mod_alias.so
...

apachectl -M

Loaded Modules:
 core_module (static)
 so_module (static)
 http_module (static)
 mpm_event_module (static)
 authn_file_module (shared)
 ...

5. 系統設定

groupadd --gid 48 apache;

useradd -u 48 -g 48 apache -d /var/www --shell /sbin/nologin -m

mv /etc/httpd /etc/httpd.bak

mkdir /etc/httpd/vhosts /etc/httpd/conf.d /var/www/html /var/log/httpd -p

mv /etc/httpd.bak/{magic,mime.types} /etc/httpd

chmod 770 /var/log/httpd

ln -s /opt/httpd/modules /etc/httpd

/etc/httpd/httpd.conf

# MyApacheConfig@2022-11-11

ServerRoot   "/etc/httpd"
Listen       0.0.0.0:80
PidFile      /var/run/apache.pid
ServerAdmin  you@domain
ServerName   _
DocumentRoot "/var/www/html"

# 不要放到 conf.d 內 !
Include modules.conf

# 行 apache 的 user account
User  apache
Group apache

AddDefaultCharset UTF-8
DirectoryIndex index.php index.html index.htm

EnableMMAP       on
EnableSendfile   on
Timeout          60

KeepAlive        On
KeepAliveTimeout 5

ServerTokens    Prod
ServerSignature Off
HostnameLookups Off
TraceEnable     Off

# 
RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500

# worker MPM
StartServers             3
MinSpareThreads         75
MaxSpareThreads        200
ThreadsPerChild         25
MaxRequestWorkers      400
MaxConnectionsPerChild 1024

Include conf.d/*.conf

# Vhost Settings
IncludeOptional vhosts/*.conf

/etc/httpd/modules.conf

## User / Group 設定
LoadModule unixd_module modules/mod_unixd.so
## 常用 Module
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule headers_module modules/mod_headers.so
LoadModule alias_module modules/mod_alias.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule dir_module modules/mod_dir.so
## HTTP ACL
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule access_compat_module modules/mod_access_compat.so
## Rate limit
LoadModule ratelimit_module modules/mod_ratelimit.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
## filter & gzip
LoadModule filter_module modules/mod_filter.so
LoadModule deflate_module modules/mod_deflate.so
## File type
LoadModule mime_module modules/mod_mime.so
LoadModule mime_magic_module modules/mod_mime_magic.so
## PHP 要用佢
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
## SSL
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
## Other
LoadModule expires_module modules/mod_expires.so
LoadModule env_module modules/mod_env.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
## 用唔到就 Disable
#LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule status_module modules/mod_status.so

/etc/httpd/conf.d/log.conf

LogLevel warn

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common

ErrorLog  "/var/log/httpd/error_log"
CustomLog "/var/log/httpd/access_log" combined

/etc/httpd/conf.d/acl.conf

<Files ".ht*">
    Require all denied
</Files>
<Directory />
    AllowOverride none
    Options -Indexes
    Require all denied
</Directory>
<Directory "/var/www/html">
    Options -Indexes +FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>
#### Addon Settings
<FilesMatch "^\.">
    Order allow,deny
    Deny from all
</FilesMatch>
<DirectoryMatch "^\.|\/\.">
    Order allow,deny
    Deny from all
</DirectoryMatch>
<FilesMatch "composer\.(json|phar|lock)$">
    deny from all
</FilesMatch>
<Files ~ "\.(ini|bak|old|sql|swp|log|sh|md)$">
    deny from all
</Files>

/etc/httpd/conf.d/type.conf

TypesConfig   mime.types
MIMEMagicFile magic

AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/javascript .js
AddType text/css .css

AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/javascript

/etc/httpd/conf.d/ssl.conf

Listen                  0.0.0.0:443 https
SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout  300
SSLRandomSeed startup   file:/dev/urandom  256
SSLRandomSeed connect   builtin
SSLCryptoDevice         builtin
SSLCipherSuite          HIGH
SSLProxyCipherSuite     HIGH
SSLProtocol             TLSv1.2

/etc/logrotate.d/httpd

/var/log/httpd/*log {
    missingok
    notifempty
    sharedscripts
    delaycompress
    postrotate
        /bin/systemctl reload httpd.service > /dev/null 2>/dev/null || true
    endscript
}

/etc/systemd/system/httpd.service

[Unit]
Description=The Apache HTTP Server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
ExecStart=/opt/httpd/bin/apachectl -k start
ExecReload=/opt/httpd/bin/apachectl -k graceful
ExecStop=/opt/httpd/bin/apachectl -k graceful-stop
PIDFile=/var/run/apache.pid
PrivateTmp=true

[Install]
WantedBy=multi-user.target

systemctl daemon-reload

systemctl enable httpd --now     # enable & start

Test

echo "Server is working." >> /var/www/html/index.htm

curl localhost

 

php 有關 Setting

 

/etc/httpd/conf.d/php.conf

# php80
<FilesMatch ".+\.php$">
    SetHandler application/x-httpd-php
    SetHandler "proxy:fcgi://127.0.0.1:9080"
</FilesMatch>
ProxyTimeout 60

# 儲放 opcache 及 session 的位置

chgrp apache /var/opt/remi/php80/lib/php -R

ls -l /var/opt/remi/php80/lib/php

total 0
drwxrwx--- 2 root apache   6 Aug  4 02:44 opcache
drwxr-xr-x 2 root apache 136 Sep 13 15:32 peclxml
drwxrwx--- 2 root apache   6 Aug  4 02:44 session
drwxrwx--- 2 root apache   6 Aug  4 02:44 wsdlcache

 

Lock httpd Version

 

dnf install 'dnf-command(versionlock)'      # RHEL 8

dnf versionlock add httpd

詳見

 

»
  • 瀏覽次數: 1508

Creative Commons license icon Creative Commons license icon