N26-第十二周

1、請描述一次完整的http請求處理過程；
        1、建立或處理鏈接：接收請求或拒絕請求
        2、接收請求：接收來自于網絡的請求報文中對某資源的一次請求的過程；接收請求的方式通常是并發訪問響應模型
        3、處理請求：對請求報文進行解析，獲取客戶端請求的資源及請求方法等相關信息
        4、訪問資源；獲取請求報文中請求的資源
        5、構建響應報文
        6、發送響應報文
        7、記錄日志

2、httpd所支持的處理模型有哪些，他們的分別使用于哪些環境。
        prefork：多進程模型，每個進程響應一個請求
            一個主進程：負責生成和回收子進程以處理用戶請求；創建套接字；將請求派發給子進程處理
            n個子進程（工作進程）：每個子進程處理一個請求
            工作模型：預先生成幾個空閑進程，隨時等待用于響應用戶請求，最大空閑和最小空閑
        worker：多進程多線程模型，每個線程處理用戶請求
            一個主進程：負責生成子進程；創建套接字，負責接收請求并將其派發給子進程處理
            多個子進程：每個子進程負責生成多個線程
            每個線程：負責響應用戶請求
            并發響應數量：子進程 * 每個子進程創建最大線程數量
   event：事件驅動模型，多進程模型，每個進程響應多個請求
            一個主進程：生成子進程，創建套接字，負責接收請求并將其派發給子進程處理
            子進程：基于事件驅動機制直接響應多個請求
            httpd 2.2：仍為測試使用模型
            httpd 2.4：event 可于生產環境使用
3、源碼編譯安裝LAMP環境（基于wordpress程序），并寫出詳細的安裝、配置、測試過程。
     

     
1、上傳或在網上下載安裝所需要的包
[root@localhost src]# ll 
總用量 508592
-rw-r--r--. 1 root root   1031613 12月  6 20:24 apr-1.5.2.tar.gz
-rw-r--r--. 1 root root    874044 12月  6 20:24 apr-util-1.5.4.tar.gz
-rw-r--r--. 1 root root   6398218 12月  6 20:24 httpd-2.4.25.tar.bz2
-rw-r--r--. 1 root root    523321 12月  6 20:24 libmcrypt-2.5.7.tar.gz
-rw-r--r--. 1 root root 478636602 12月  6 20:24 mariadb-10.1.22-linux-glibc_214-x86_64.tar.gz
-rw-r--r--. 1 root root  12270535 12月  6 20:26 php-5.4.26.tar.bz2
-rw-r--r--. 1 root root   9210722 12月  6 20:24 wordpress-4.7.3-zh_CN.zip
-rw-r--r--. 1 root root    146444 12月  6 20:26 xcache-3.1.0.tar.bz2

2、編譯安裝apr和apr-util（httpd2.4依賴1.4版本以上的apr和apr-util）
[root@localhost src]# tar xf apr-1.5.2.tar.gz 
[root@localhost src]# cd apr-1.5.2
[root@localhost apr-1.5.2]# ./configure --prefix=/usr/local/apr 
[root@localhost apr-1.5.2]#  make && make install
[root@localhost apr-1.5.2]# cd ..
[root@localhost src]# tar xf apr-util-1.5.4.tar.gz
[root@localhost src]# cd apr-util-1.5.4
[root@localhost apr-util-1.5.4]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr/
[root@localhost apr-util-1.5.4]# make && make install 

3、編譯安裝httpd軟件
[root@localhost apr-util-1.5.4]# cd ..
[root@localhost src]# tar xf httpd-2.4.25.tar.bz2
[root@localhost src]# cd httpd-2.4.25
[root@localhost httpd-2.4.25]# ./configure --prefix=/usr/local/httpd24 --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --sysconfdir=/etc/httpd24 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-pcre --with-zlib --enable-modules=most --enable-mpms-shared=all --with-mpm-prefork
[root@localhost httpd-2.4.25]# make && make install 
[root@localhost httpd-2.4.25]# cd /usr/local/httpd24/
[root@localhost httpd24]# ln -sv /usr/local/httpd24/include/ /usr/include/httpd24 --導入編譯安裝的httpd頭文件
[root@localhost httpd24]# vim /etc/profile.d/http24.sh   --設置httpd的命令PATH變量
        export PATH=/usr/local/httpd24/bin:$PATH
[root@localhost httpd24]# . /etc/profile.d/http24.sh
[root@localhost httpd24]# apachectl start 
4、解壓通用二進制的mariadb包并初始化安裝
[root@localhost src]# tar xf mariadb-10.1.22-linux-glibc_214-x86_64.tar.gz  -C /usr/local/
[root@localhost src]# useradd mysql
[root@localhost src]# cd /usr/local/
[root@localhost local]# ln -sv mariadb-10.1.22-linux-glibc_214-x86_64 mysql
[root@localhost local]# mkdir -p /data/mysqldata
[root@localhost local]# chown mysql:mysql /data/mysqldata
[root@localhost local]# chown root:mysql -R mysql
[root@localhost mysql]# scripts/mysql_install_db --user=mysql --datadir=/data/mysqldata
[root@localhost mysql]# cp support-files/my-large.cnf /etc/my.cnf 
[root@localhost mysql]# vim /etc/my.cnf --在[mysql]段中增加以下三項
    datadir=/data/mysqldata
    innodb_file_per_table = ON
    skip_name_resolve = ON
[root@localhost mysql]# vim /etc/profile.d/mysql.sh --增加mysql二進制環境變量
    export  PATH=/usr/local/mysql/bin:$PATH 
[root@localhost mysql]# ln -sv /usr/local/mysql/include /usr/include/  
[root@localhost mysql]# . /etc/profile.d/mysql.sh
[root@localhost mysql]# cp support-files/mysql.server /etc/init.d/mysqld
[root@localhost mysql]# service  mysql start
[root@localhost mysql]# mysql 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 5
Server version: 10.1.22-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> 
5、解壓并編譯安裝php-5.4.26
[root@localhost src]# tar xf php-5.4.26.tar.bz2 
[root@localhost src]# cd php-5.4.26
[root@localhost php-7.1.3]#  ./configure --prefix=/usr/local/php --with-mysql=/usr/local/mysql --with-openssl --with-mysqli=/usr/local/mysql/bin/mysql_config --enable-mbstring --with-png-dir --with-jpeg-dir --with-freetype-dir --with-zlib --with-libxml-dir=/usr --enable-xml --enable-sockets --with-apxs2=/usr/local/httpd24/bin/apxs --with-mcrypt --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --with-bz2
[root@localhost src]# make && make install
[root@localhost php-7.1.3]# cp php.ini-production /etc/php.ini
[root@localhost php-7.1.3]# vim /etc/httpd24/httpd.conf
        AddType application/x-httpd-php .php    --增加兩項使httpd識別支持php
        AddType application/x-httpd-php-source .php
        ...
            DirectoryIndex index.html index.php --添加index.php
安裝完成后重新啟動httpd測試
php模塊
[root@localhost httpd24]# vim /usr/local/httpd24/htdocs/index.php 

<?php
        phpinfo();
?>

訪問頁面httpd頁面  mysql數據庫的連通性
[root@localhost httpd24]# vim /usr/local/httpd24/htdocs/mysql.php

<?php
        $conn = mysql_connect('127.0.0.1','root','');
        if ($conn)
                echo "OK";
        else
                echo "Failure";
?>                
 6、安裝wordpress
--創建wordpress使用到的數據庫和用戶
[root@localhost htdocs]# mysql 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 4
Server version: 10.1.22-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database wordpress;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all on wordpress.* to wpuser@'192.168.%.%' identified by 'wpuser';
Query OK, 0 rows affected (0.00 sec) 
--解壓wordpress安裝包到httpd的網頁存放路徑 
[root@localhost src]# unzip wordpress-4.7.3-zh_CN.zip 
[root@localhost src]# mv wordpress /usr/local/httpd24/htdocs/
--復制wordpress的示例配置文件為當前配置文件并編輯
[root@localhost htdocs]# cd wordpress/

    [root@localhost wordpress]# vim wp-config.php 

/** MySQL數據庫密碼 */
define('DB_PASSWORD', 'magedu');

/** MySQL主機 */
define('DB_HOST', '192.168.241.10');

/** 創建數據表時默認的文字編碼 */
define('DB_CHARSET', 'utf8');

/** 數據庫整理類型。如不確定請勿更改 */
define('DB_COLLATE', '');

    --通過頁面進行安裝wordpress

 --安裝成功  

4、建立httpd服務器(基于編譯的方式進行)，要求：
     提供兩個基于名稱的虛擬主機:
    (a)www1.stuX.com，頁面文件目錄為/web/vhosts/www1；錯誤日志為/var/log/httpd/www1.err，訪問日志為/var/log/httpd/www1.access；
    (b)www2.stuX.com，頁面文件目錄為/web/vhosts/www2；錯誤日志為/var/log/httpd/www2.err，訪問日志為/var/log/httpd/www2.access；
    (c)為兩個虛擬主機建立各自的主頁文件index.html，內容分別為其對應的主機名；
    (d)通過www1.stuX.com/server-status輸出httpd工作狀態相關信息，且只允許提供帳號密碼才能訪問(status:status)；
5、為第4題中的第2個虛擬主機提供https服務，使得用戶可以通過https安全的訪問此web站點；
   (1)要求使用證書認證，證書中要求使用的國家(CN)、州(HA)、城市(ZZ)和組織(MageEdu)；
   (2)設置部門為Ops，主機名為www2.stuX.com，郵件為admin@stuX.com；
6、在LAMP架構中，請分別以php編譯成httpd模塊形式和php以fpm工作為獨立守護進程的方式來支持httpd，列出詳細的過程。

1、安裝httpd2.4需要先安裝apr apr-util
[root@localhost src]# ls
httpd-2.4.25.tar.bz2                           wordpress-4.7.3-zh_CN.zip
apr-1.5.2.tar.gz       mariadb-10.1.22-linux-glibc_214-x86_64.tar.gz
apr-util-1.5.4.tar.gz  php-7.1.3.tar.bz2
[root@localhost src]# tar xf apr-1.5.2.tar.gz
[root@localhost src]# cd apr-1.5.2
[root@localhost apr-1.5.2]# ./configure –prefix=/usr/local/apr
[root@localhost apr-1.5.2]# make && make install 
[root@localhost apr-1.5.2]# cd ..
[root@localhost src]# tar xf apr-util-1.5.4.tar.gz 
[root@localhost src]# cd apr-util-1.5.4
[root@localhost apr-util-1.5.4]# ./configure –prefix=/usr/local/apr-util –with-apr=/usr/local/apr
[root@localhost apr-util-1.5.4]# make && make install 
2、編譯安裝httpd2.4
[root@localhost src]# tar xf httpd-2.4.25.tar.bz2 
[root@localhost src]# cd httpd-2.4.25
[root@localhost httpd-2.4.25]# ./configure –prefix=/usr/local/httpd24 –sysconfdir=/etc/httpd24 –enable-so –enable-ssl –enable-cgi –enable-rewrite –with-zlib –with-pcre –with-apr=/usr/local/apr –with-apr-util=/usr/local/apr-util –with-enable-modules=most –enable-mpms-shared=all –with-mpm=prefork 
[root@localhost httpd-2.4.25]# make && make install 
3、導出httpd24的頭文件
[root@localhost httpd-2.4.25]# cd /usr/local/httpd24/
[root@localhost httpd24]# ln -sv /usr/local/httpd24/include /usr/include/httpd24
‘/usr/include/httpd24’ -> ‘/usr/local/httpd24/include’
4、添加httpd24命令路徑到PATH變量
[root@localhost httpd24]# echo “export PATH=/usr/local/httpd24/bin:$PATH” > /etc/profile.d/httpd24.sh
[root@localhost httpd24]# . /etc/profile.d/httpd24.sh
5、解壓并初始化maridb數據庫
[root@localhost src]# cd /usr/local/src/
[root@localhost src]# tar xf mariadb-10.1.22-linux-glibc_214-x86_64.tar.gz -C /usr/local/
[root@localhost src]# cd /usr/local/
[root@localhost local]# ln -sv mariadb-10.1.22-linux-glibc_214-x86_64 mysql
[root@localhost local]# useradd -g 3306 -s /sbin/nologin mysql
[root@localhost local]# chown root:mysql -R mysql 
[root@localhost local]# cd mysql
[root@localhost mysql]# scripts/mysql_install_db –user=mysql –datadir=/data/mysqldata

[root@localhost mysql]# cp support-files/my-large.cnf /etc/my.cnf
6、編輯/etc/my.cnf添加一下內容
[root@localhost mysql]# vim /etc/my.cnf
datadir = /data/mysqldata
innodb_file_per_table = ON
skip_name_resolve = ON

7、導出maridb的頭文件，添加maridb命令到PATH變量
[root@localhost mysql]# echo “export PATH=/usr/local/mysql/bin:$PATH” > /etc/profile.d/mysql.sh
[root@localhost mysql]# . /etc/profile.d/mysql.sh
8、添加maridb的啟動腳本并啟動maridb
[root@localhost mysql]# cp support-files/mysql.server  /etc/init.d/mysql 
[root@localhost mysql]# service  mysql start
Reloading systemd:                                         [  OK  ]
Starting mysql (via systemctl):                            [  OK  ]
9、編譯安裝php以php-fpm形式
[root@localhost local]# cd /usr/local/src/
[root@localhost src]# tar xf php-7.1.3.tar.bz2 
[root@localhost src]# cd php-7.1.3 
[root@localhost php-7.1.3]# ./configure –prefix=/usr/local/php7  –with-pdo-mysql=/usr/local/mysql/ –with-mysqli=/usr/local/mysql/bin/mysql_config –with-openssl  –enable-mbstring –with-freetype-dir –with-jpeg-dir –with-png-dir –with-zlib –with-libxml-dir=/usr –enable-xml –enable-sockets –enable-fpm –with-mcrypt –with-config-file-path=/etc –with-config-file-scan-dir=/etc/php.d –with-bz2
[root@localhost php-7.1.3]# make && make install 
10、為php提供配置文件
[root@localhost php-7.1.3]# cp php.ini-production /etc/php.ini
11、添加php-fpm的啟動腳本
[root@localhost php-7.1.3]# cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm 
[root@localhost php-7.1.3]# chmod +x /etc/init.d/php-fpm 
12、為php-fpm提供配置文件并啟動
[root@localhost php-7.1.3]# cp /usr/local/php7/etc/php-fpm.conf.default /usr/local/php7/etc/php-fpm.conf
[root@localhost php-7.1.3]# cp /usr/local/php7/etc/php-fpm.d/www.conf.default /usr/local/php7/etc/php-fpm.d/www.conf
[root@localhost php-7.1.3]# service  php-fpm start
13、編輯httpd的配置文件啟用fcgi模塊、添加AddType讓httpd能夠識別php頁面并支持php主頁
[root@localhost php-7.1.3]# vim /etc/httpd24/httpd.conf 

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so

AddType application/x-httpd-php php
    AddType application/x-httpd-php-source php

DirectoryIndex index.php index.html

14、編輯httpd虛擬機配置文件啟用php頁面轉發到php-fpm
[root@localhost httpd24]# vim extra/httpd-vhosts.conf 
<VirtualHost *:80>
    ServerName www1.stux.com
    DocumentRoot “/web/vhost/www1”
    ErrorLog “/var/log/httpd/www1.err”
    CustomLog “/var/log/httpd/www1.access” common
    ProxyRequests Off
    ProxyPassMatch  ^/(.*\.php)$  fcgi://127.0.0.1:9000/web/vhost/www1/$1
<Directory /web/vhost/www1>
        Options None
        AllowOverride None
        Require all granted
</Directory>
</VirtualHost>

<VirtualHost *:80>
    ServerName www2.stux.com
    DocumentRoot “/web/vhost/www2”
    ErrorLog “/var/log/httpd/www2.err”
    CustomLog “/var/log/httpd/www2.access” common
<Directory /web/vhost/www2>
        Options None
        AllowOverride None
        Require all granted
</Directory>
</VirtualHost>
測試

15、www1.stux.com虛擬主機啟用status頁面并只開放給指定用戶status：status
–確保httpd中的 status_module modules/mod_status.so 模塊處于啟用狀態
[root@localhost httpd24]# vim httpd.conf
 status_module modules/mod_status.so
 –編輯www1.stux.com的配置文件增加status頁面的location
[root@localhost httpd24]# vim extra/httpd-vhosts.conf
<VirtualHost *:80>
    ServerName www1.stux.com
    DocumentRoot “/web/vhost/www1”
    ErrorLog “/var/log/httpd/www1.err”
    CustomLog “/var/log/httpd/www1.access” common
    ProxyRequests Off
    ProxyPassMatch  ^/(.*\.php)$  fcgi://127.0.0.1:9000/web/vhost/www1/$1
<Directory /web/vhost/www1>
        Options None
        AllowOverride None
        Require all granted
</Directory>
<location /server-status>
  SetHandler server-status
  AuthType Basic
  AuthNAMe “String”
  AuthUserFile “/etc/httpd24/passwd”
  Require user status
</location>
</VirtualHost>
–創建Basic認證模式的用戶文件以及認證用戶
[root@localhost httpd24]# htpasswd -c /etc/httpd24/passwd status
New password: –鍵入密碼
Re-type new password:   –鍵入密碼
Adding password for user status
–創建成功
[root@localhost httpd24]# cat /etc/httpd24/passwd 
status:$apr1$MaeXXvGN$LAZEvbxr351VlaKamzwsB0
測試結果如下

16、為www2.stux.com提供https服務，https服務需要有證書，此處使用私有CA服務器進行簽發證書
–構建私有CA
–生成私鑰
[root@CA ~]# (umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem 4096)
Generating RSA private key, 4096 bit long modulus
.++
……………….++
e is 65537 (0x10001)
–生成自簽證書
[root@CA ~]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/certs/cacert.pem -days 3655
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
string is too long, it needs to be less than  2 bytes long
Country Name (2 letter code) [XX]:CN  
State or Province Name (full name) []:HA
Locality Name (eg, city) [Default City]:ZZ
Organization Name (eg, company) [Default Company Ltd]:mage
Organizational Unit Name (eg, section) []:mage
Common Name (eg, your name or your server’s hostname) []:CA
Email Address []:admin.123@.com 
–httpd主機生成私鑰
[root@localhost httpd24]# mkdir ssl
[root@localhost httpd24]# cd ssl
[root@localhost ssl]# (umask 077;openssl genrsa -out /etc/httpd24/ssl/httpd.key 2048)
Generating RSA private key, 2048 bit long modulus
…………….+++
……….+++
e is 65537 (0x10001)
–httpd主機生成證書簽署請求
[root@localhost ssl]# openssl req -new -key /etc/httpd24/ssl/httpd.key -out /etc/httpd24/ssl/httpd.csr -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HA
Locality Name (eg, city) [Default City]:ZZ
Organization Name (eg, company) [Default Company Ltd]:MageEdu
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server’s hostname) []:www2.stux.com
Email Address []:admin@stux.com
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
–復制簽署請求到CA主機
[root@localhost ssl]# scp httpd.csr root@192.168.44.22:/tmp
–CA主機簽署請求
[root@CA ~]# openssl ca -in /tmp/httpd.csr -out /etc/pki/CA/certs/httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: May 14 19:52:19 2017 GMT
            Not After : May 14 19:52:19 2018 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = HA
            organizationName          = MageEdu
            organizationalUnitName    = Ops
            commonName                = www2.stux.com
            emailAddress              = admin@stux.com
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                93:53:1D:0B:D0:BB:28:91:E1:5C:3C:32:1D:A9:BE:12:2B:6A:2C:FD
            X509v3 Authority Key Identifier: 
                keyid:0F:DD:02:54:8D:ED:6D:0B:A2:00:4A:BF:B9:51:CD:5B:05:B3:F5:70

Certificate is to be certified until May 14 19:52:19 2018 GMT (365 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
–復制簽署過的證書到httpd主機上
[root@CA ~]# scp /etc/pki/CA/certs/httpd.crt root@192.168.44.20:/etc/httpd24/ssl/
–確保mod_ssl.so啟用
[root@localhost httpd24]# vim httpd.conf 
LoadModule ssl_module modules/mod_ssl.so
–編輯httpd-ssl.conf配置文件后重啟httpd服務
[root@localhost httpd24]# vim extra/httpd-ssl.conf

DocumentRoot “/web/vhost/www2”
ServerName www2.stux.com

SSLCertificateKeyFile “/etc/httpd24/ssl/httpd.key”
SSLCertificateFile “/etc/httpd24/ssl/httpd.crt”
–使用opessl s_client命令進行測試
–因使用的是私有ca故為避免麻煩直接使用CA主機進行測試
[root@CA ~]# openssl s_client -connect www2.stux.com:443 -CAfile /etc/pki/CA/cacert.pem
….
    Verify return code: 0 (ok)
在最后一行可以看到返回值OK