# RHEL 8如何配置Apache Web服務
## 1. Apache Web服務簡介
Apache HTTP Server(簡稱Apache)是當前互聯網上最流行的開源Web服務器軟件之一,由Apache軟件基金會開發和維護。自1995年發布以來,Apache以其穩定性、安全性和靈活性成為企業級Web服務的首選解決方案。
在RHEL 8(Red Hat Enterprise Linux 8)中,Apache作為默認的Web服務器軟件包提供,通過`httpd`服務實現。與早期版本相比,RHEL 8中的Apache進行了多項優化:
- 默認使用HTTP/2協議支持
- 改進的MPM(多處理模塊)配置
- 增強的TLS 1.3支持
- 與SELinux的深度集成
## 2. 安裝Apache服務
### 2.1 準備工作
在開始安裝前,請確保:
1. 已注冊RHEL 8系統并啟用適當訂閱
2. 具有root或sudo權限
3. 網絡連接正常
```bash
# 更新系統軟件包
sudo dnf update -y
RHEL 8通過AppStream倉庫提供Apache軟件包:
# 安裝httpd軟件包
sudo dnf install -y httpd
# 驗證安裝版本
httpd -v
典型輸出:
Server version: Apache/2.4.37 (Red Hat Enterprise Linux)
Server built: Apr 7 2022
允許HTTP/HTTPS流量通過防火墻:
# 永久開放80和443端口
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
# 啟動Apache服務
sudo systemctl start httpd
# 設置開機自啟
sudo systemctl enable httpd
# 檢查服務狀態
sudo systemctl status httpd
RHEL 8中Apache的主要目錄:
- /etc/httpd/:配置文件目錄
- conf/httpd.conf:主配置文件
- conf.d/:附加配置文件
- /var/www/html:默認網站根目錄
- /var/log/httpd/:日志文件目錄
- /usr/lib64/httpd/modules/:模塊存儲位置
編輯主配置文件:
sudo vi /etc/httpd/conf/httpd.conf
關鍵參數建議:
ServerAdmin webmaster@example.com # 管理員郵箱
ServerName www.example.com:80 # 服務器域名
# 優化性能參數
Timeout 60
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
# 調整MPM配置(預fork模式)
<IfModule prefork.c>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
ServerLimit 256
MaxClients 256
MaxRequestsPerChild 4000
</IfModule>
驗證配置語法:
sudo apachectl configtest
sudo mkdir -p /var/www/example.com/public_html
sudo chown -R apache:apache /var/www/example.com
sudo vi /etc/httpd/conf.d/example.com.conf
示例配置:
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/public_html
ErrorLog /var/log/httpd/example.com-error.log
CustomLog /var/log/httpd/example.com-access.log combined
<Directory /var/www/example.com/public_html>
Options -Indexes +FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
<VirtualHost 192.168.1.100:80>
ServerName site1.example.com
DocumentRoot /var/www/site1
# 其他配置...
</VirtualHost>
<VirtualHost 192.168.1.101:80>
ServerName site2.example.com
DocumentRoot /var/www/site2
# 其他配置...
</VirtualHost>
sudo dnf install -y mod_ssl openssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/pki/tls/private/example.com.key \
-out /etc/pki/tls/certs/example.com.crt
<VirtualHost *:443>
ServerName example.com
DocumentRoot /var/www/example.com/public_html
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/example.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/example.com.key
# 啟用HTTP嚴格傳輸安全
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
# 其他SSL優化配置
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite HIGH:!aNULL:!MD5
</VirtualHost>
sudo dnf install -y brotli
編輯配置文件:
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
</IfModule>
sudo dnf install -y httpd24-http2
配置示例:
Protocols h2 http/1.1
H2Direct on
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType text/x-javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresDefault "access plus 2 days"
</IfModule>
# 允許Apache訪問網站內容
sudo chcon -R -t httpd_sys_content_t /var/www/example.com/
# 允許寫入操作(如WordPress)
sudo chcon -R -t httpd_sys_rw_content_t /var/www/example.com/wp-content/
ServerTokens Prod
ServerSignature Off
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
編輯logrotate配置:
sudo vi /etc/logrotate.d/httpd
示例配置:
/var/log/httpd/*log {
missingok
notifempty
sharedscripts
delaycompress
postrotate
/bin/systemctl reload httpd.service > /dev/null 2>/dev/null || true
endscript
}
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" custom_log
CustomLog /var/log/httpd/access_log custom_log
檢查錯誤日志:
sudo tail -n 50 /var/log/httpd/error_log
# 檢查SELinux上下文
ls -Z /var/www/
# 臨時診斷SELinux
sudo setenforce 0
# 查看當前連接數
sudo httpd -t -D DUMP_THREADS
# 監控實時請求
sudo tail -f /var/log/httpd/access_log | awk '{print $1}' | sort | uniq -c | sort -nr
<Proxy balancer://mycluster>
BalancerMember http://192.168.1.101:80
BalancerMember http://192.168.1.102:80
ProxySet lbmethod=bytraffic
</Proxy>
ProxyPass "/" "balancer://mycluster/"
ProxyPassReverse "/" "balancer://mycluster/"
ProxyPass "/app" "http://localhost:8080/app"
ProxyPassReverse "/app" "http://localhost:8080/app"
<Directory /var/www/webdav>
Dav On
AuthType Basic
AuthName "WebDAV"
AuthUserFile /etc/httpd/conf/passwd.dav
Require valid-user
</Directory>
