Apache HTTP Server

Table of Contents

1. Apache

Apache HTTP Server是著名的http服务器,其版本历史如表 1 所示。

Table 1: Apache版本历史
Version Initial release Latest release
1.3 1998-06-06 2010-02-03 (1.3.42)
2.0 2002-04-06 2013-07-10 (2.0.65)
2.2 2005-12-01 2017-07-11 (2.2.34)
2.4 2012-02-21 2018-03-26 (2.4.33)

参考:
Apache HTTP Server Version 2.4 Documentation

1.1. 启动、重启、停止apache

可以使用 apachectl 启动、重启、停止httpd,如:

$ sudo apachectl start
$ sudo apachectl restart
$ sudo apachectl stop

也可以直接执行 httpd ,如:

$ sudo httpd -k start
$ sudo httpd -k restart
$ sudo httpd -k stop

1.2. 检测配置文件语法

默认配置文件位于“/etc/apache2/httpd.conf”,通过 -t 参数可检测配置文件语法是否正确:

$ httpd –t
Syntax OK
$ httpd -f /full/path/to/httpd.conf -t   # 检测指定路径配置的语法是否正确
Syntax OK

1.3. 检查log

默认地,log位于目录“/etc/httpd/logs”中。

$ ls /etc/httpd/logs
access_log  error_log  ssl_access_log  ssl_error_log  ssl_request_log

2. CGI

什么是CGI?“In brief, the CGI program receives HTTP forms data via Unix/Linux standard input, and most other data (such as URL paths, URL arguments, and HTTP header data) via well-known Unix/Linux process environment variables.”

关于CGI标准,请参见 RFC3875

通过下面步骤可在Apache中启用 CGI 支持。

第一步,加载模块:

LoadModule cgid_module modules/mod_cgid.so
LoadModule cgi_module modules/mod_cgi.so   # On Windows, or using a non-threaded MPM like prefork

第二步,配置 ScriptAlias

<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/Users/cig01/www/cgi-bin/"
</IfModule>

第三步,为目录配置CGI执行权限:

<Directory "/Users/cig01/www/cgi-bin">
    Options +ExecCGI
    AddHandler cgi-script .pl .py
    Require all granted
</Directory>

第四步,编写CGI脚本。如first.pl(注意配置这个文件的执行权限):

#!/usr/bin/env perl
use strict;
use warnings;

print "Content-type: text/plain\n\n";

print "Hello World!";

使用浏览器打开 “http://your.host.com/cgi-bin/first.pl” ,即可看到CGI执行结果。

参考:
Apache Tutorial: Dynamic Content with CGI

2.1. CGI实例

假设有CGI程序printenv.pl(摘自CGI wikipedia),其内容为:

#!/usr/bin/perl

=head1 DESCRIPTION

printenv — a CGI program that just prints its environment

=cut
print "Content-type: text/plain\n\n";

for my $var ( sort keys %ENV ) {
 printf "%s = \"%s\"\n", $var, $ENV{$var};
}

访问 “http://example.com/cgi-bin/printenv.pl/foo/bar?var1=value1&var2=with%20percent%20encoding” 时可能得到如下结果:

COMSPEC="C:\Windows\system32\cmd.exe"
DOCUMENT_ROOT="C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs"
GATEWAY_INTERFACE="CGI/1.1"
HOME="/home/SYSTEM"
HTTP_ACCEPT="text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
HTTP_ACCEPT_CHARSET="ISO-8859-1,utf-8;q=0.7,*;q=0.7"
HTTP_ACCEPT_ENCODING="gzip, deflate"
HTTP_ACCEPT_LANGUAGE="en-us,en;q=0.5"
HTTP_CONNECTION="keep-alive"
HTTP_HOST="example.com"
HTTP_USER_AGENT="Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0"
PATH="/home/SYSTEM/bin:/bin:/cygdrive/c/progra~2/php:/cygdrive/c/windows/system32:..."
PATHEXT=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC"
PATH_INFO="/foo/bar"
PATH_TRANSLATED="C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\foo\bar"
QUERY_STRING="var1=value1&var2=with%20percent%20encoding"
REMOTE_ADDR="127.0.0.1"
REMOTE_PORT="63555"
REQUEST_METHOD="GET"
REQUEST_URI="/cgi-bin/printenv.pl/foo/bar?var1=value1&var2=with%20percent%20encoding"
SCRIPT_FILENAME="C:/Program Files (x86)/Apache Software Foundation/Apache2.2/cgi-bin/printenv.pl"
SCRIPT_NAME="/cgi-bin/printenv.pl"
SERVER_ADDR="127.0.0.1"
SERVER_ADMIN="(server admin's email address)"
SERVER_NAME="127.0.0.1"
SERVER_PORT="80"
SERVER_PROTOCOL="HTTP/1.1"
SERVER_SIGNATURE=""
SERVER_SOFTWARE="Apache/2.2.19 (Win32) PHP/5.2.17"
SYSTEMROOT="C:\Windows"
TERM="cygwin"
WINDIR="C:\Windows"

从上面输出中,可知URL paths/URL arguments/HTTP header data等等信息都保存在相应的环境变量中。

3. 配置TLS

通过下面步骤可在Apache中启用TLS支持。

第一步,加载模块:

LoadModule ssl_module modules/mod_ssl.so

如果SSL模块在系统中不存在,请先安装它。Redhat中的安装方式如下:

$ yum install mod_ssl       # 安装 mod_ssl.so

第二步,配置server的证书和私钥:

Listen 443
<VirtualHost *:443>
    ServerName www.example.com
    SSLEngine on
    SSLCertificateFile "/path/to/www.example.com.cert.pem"
    SSLCertificateKeyFile "/path/to/www.example.com.key.pem"
</VirtualHost>

SSLCertificateFile 指令用来配置server证书,SSLCertificateKeyFile 用来配置server的私钥。

如果想启用双向认证,则需要指定 SSLVerifyClient 及其它相关信息。如:

Listen 4434
<VirtualHost *:443>
    ServerName www.example.com
    SSLEngine on
    SSLCertificateFile "/path/to/www.example.com.cert.pem"
    SSLCertificateKeyFile "/path/to/www.example.com.key.pem"

    # require a client certificate which has to be directly
    # signed by our CA certificate in ca.crt
    SSLVerifyClient require
    SSLVerifyDepth 1
    SSLCACertificateFile "/path/to/ca.crt"
</VirtualHost>

参考:
SSL/TLS Strong Encryption: How-To

Author: cig01

Created: <2018-03-24 Sat>

Last updated: <2018-05-17 Thu>

Creator: Emacs 27.1 (Org mode 9.4)