Apache HTTP Server
Table of Contents
1. Apache
Apache HTTP Server是著名的http服务器,其版本历史如表 1 所示。
Version | Initial release | Latest release |
---|---|---|
1.3 | 1998-06-06 | 2010-02-03 (1.3.42) |
2.0 | 2002-04-06 | 2013-07-10 (2.0.65) |
2.2 | 2005-12-01 | 2017-07-11 (2.2.34) |
2.4 | 2012-02-21 | 2018-03-26 (2.4.33) |
1.1. 启动、重启、停止apache
可以使用 apachectl 启动、重启、停止httpd,如:
$ sudo apachectl start $ sudo apachectl restart $ sudo apachectl stop
也可以直接执行 httpd
,如:
$ sudo httpd -k start $ sudo httpd -k restart $ sudo httpd -k stop
1.2. 检测配置文件语法
默认配置文件位于“/etc/apache2/httpd.conf”,通过 -t
参数可检测配置文件语法是否正确:
$ httpd –t Syntax OK $ httpd -f /full/path/to/httpd.conf -t # 检测指定路径配置的语法是否正确 Syntax OK
1.3. 检查log
默认地,log位于目录“/etc/httpd/logs”中。
$ ls /etc/httpd/logs access_log error_log ssl_access_log ssl_error_log ssl_request_log
2. CGI
什么是CGI?“In brief, the CGI program receives HTTP forms data via Unix/Linux standard input, and most other data (such as URL paths, URL arguments, and HTTP header data) via well-known Unix/Linux process environment variables.”
关于CGI标准,请参见 RFC3875 。
通过下面步骤可在Apache中启用 CGI 支持。
第一步,加载模块:
LoadModule cgid_module modules/mod_cgid.so LoadModule cgi_module modules/mod_cgi.so # On Windows, or using a non-threaded MPM like prefork
第二步,配置 ScriptAlias :
<IfModule alias_module> ScriptAlias /cgi-bin/ "/Users/cig01/www/cgi-bin/" </IfModule>
第三步,为目录配置CGI执行权限:
<Directory "/Users/cig01/www/cgi-bin"> Options +ExecCGI AddHandler cgi-script .pl .py Require all granted </Directory>
第四步,编写CGI脚本。如first.pl(注意配置这个文件的执行权限):
#!/usr/bin/env perl use strict; use warnings; print "Content-type: text/plain\n\n"; print "Hello World!";
使用浏览器打开 “http://your.host.com/cgi-bin/first.pl” ,即可看到CGI执行结果。
2.1. CGI实例
假设有CGI程序printenv.pl(摘自CGI wikipedia),其内容为:
#!/usr/bin/perl =head1 DESCRIPTION printenv — a CGI program that just prints its environment =cut print "Content-type: text/plain\n\n"; for my $var ( sort keys %ENV ) { printf "%s = \"%s\"\n", $var, $ENV{$var}; }
访问 “http://example.com/cgi-bin/printenv.pl/foo/bar?var1=value1&var2=with%20percent%20encoding” 时可能得到如下结果:
COMSPEC="C:\Windows\system32\cmd.exe" DOCUMENT_ROOT="C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs" GATEWAY_INTERFACE="CGI/1.1" HOME="/home/SYSTEM" HTTP_ACCEPT="text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" HTTP_ACCEPT_CHARSET="ISO-8859-1,utf-8;q=0.7,*;q=0.7" HTTP_ACCEPT_ENCODING="gzip, deflate" HTTP_ACCEPT_LANGUAGE="en-us,en;q=0.5" HTTP_CONNECTION="keep-alive" HTTP_HOST="example.com" HTTP_USER_AGENT="Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0" PATH="/home/SYSTEM/bin:/bin:/cygdrive/c/progra~2/php:/cygdrive/c/windows/system32:..." PATHEXT=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC" PATH_INFO="/foo/bar" PATH_TRANSLATED="C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\foo\bar" QUERY_STRING="var1=value1&var2=with%20percent%20encoding" REMOTE_ADDR="127.0.0.1" REMOTE_PORT="63555" REQUEST_METHOD="GET" REQUEST_URI="/cgi-bin/printenv.pl/foo/bar?var1=value1&var2=with%20percent%20encoding" SCRIPT_FILENAME="C:/Program Files (x86)/Apache Software Foundation/Apache2.2/cgi-bin/printenv.pl" SCRIPT_NAME="/cgi-bin/printenv.pl" SERVER_ADDR="127.0.0.1" SERVER_ADMIN="(server admin's email address)" SERVER_NAME="127.0.0.1" SERVER_PORT="80" SERVER_PROTOCOL="HTTP/1.1" SERVER_SIGNATURE="" SERVER_SOFTWARE="Apache/2.2.19 (Win32) PHP/5.2.17" SYSTEMROOT="C:\Windows" TERM="cygwin" WINDIR="C:\Windows"
从上面输出中,可知URL paths/URL arguments/HTTP header data等等信息都保存在相应的环境变量中。
3. 配置TLS
通过下面步骤可在Apache中启用TLS支持。
第一步,加载模块:
LoadModule ssl_module modules/mod_ssl.so
如果SSL模块在系统中不存在,请先安装它。Redhat中的安装方式如下:
$ yum install mod_ssl # 安装 mod_ssl.so
第二步,配置server的证书和私钥:
Listen 443 <VirtualHost *:443> ServerName www.example.com SSLEngine on SSLCertificateFile "/path/to/www.example.com.cert.pem" SSLCertificateKeyFile "/path/to/www.example.com.key.pem" </VirtualHost>
SSLCertificateFile 指令用来配置server证书,SSLCertificateKeyFile 用来配置server的私钥。
如果想启用双向认证,则需要指定 SSLVerifyClient 及其它相关信息。如:
Listen 4434 <VirtualHost *:443> ServerName www.example.com SSLEngine on SSLCertificateFile "/path/to/www.example.com.cert.pem" SSLCertificateKeyFile "/path/to/www.example.com.key.pem" # require a client certificate which has to be directly # signed by our CA certificate in ca.crt SSLVerifyClient require SSLVerifyDepth 1 SSLCACertificateFile "/path/to/ca.crt" </VirtualHost>