apache基本配置管理三:企业中常见基于repo的apache服务环境搭建
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了apache基本配置管理三:企业中常见基于repo的apache服务环境搭建相关的知识,希望对你有一定的参考价值。
客户背景操作:
客户需要搭建基于http协议的yum源,存放常用自定义开发的服务软件包,客户主机已经安装了自动化运维工具puppet,该puppet架构,基于forman,forman的页面Web提供了forman的web页面管理,使用了默认的80,由于有ssl协议,开启了443端口。所以此时yum源码服务器需要更换默认的服务端口,需要配置基于端口的apache服务
实验环境:redhat6.7 基于yum源的安装方式
一、由于要yum安装软件包,需要挂载ISO,配置repo文件
[[email protected] yum.repos.d]# pwd
/etc/yum.repos.d
[[email protected] yum.repos.d]# cat rhel6.repo
[rhel6]
name=rhel6
baseurl=file:///mnt
enable=1
gpgcheck=0
yum clean all
yum repolist
二、用yum –y install httpd安装软件包,rpm –qa查看软件包是否安装
[[email protected] ~]# rpm -qa httpd
httpd-2.2.15-45.el6.x86_64
定义域名解析,以便yum源域名可以访问
[[email protected] conf.d]# cat /etc/hosts:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.137.10 puppet.rhel6.site puppet
192.168.137.10 repos.rhel6.site repos
[[email protected] conf.d]#
[[email protected] conf.d]# pwd
/etc/httpd/conf.
三、配置扩展的内容定义
[[email protected] conf.d]# cat repos.conf
Listen 8090
<VirtualHost *:8090>
DocumentRoot/var/www/html/
ServerNamerepos.rhel6.site
</VirtualHost>
<Directory /var/www/html/>
Options IndexesFollowSymLinks
AllowOverrideNone
Order allow,deny
Allow from all
</Directory>
[[email protected] conf.d]#
四、默认配置文件通过include加载扩展文件并且注释80端口
[[email protected] conf]# cat httpd.conf
# Security
ServerTokens OS
ServerSignature On
TraceEnable On
ServerName "puppet.rhel6.site"
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 120
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 15
User apache
Group apache
AccessFileName .htaccess
<FilesMatch "^\.ht">
Orderallow,deny
Deny from all
Satisfy all
</FilesMatch>
<Directory />
OptionsFollowSymLinks
AllowOverrideNone
</Directory>
DefaultType none
HostnameLookups Off
ErrorLog "/var/log/httpd/error_log"
LogLevel warn
EnableSendfile On
#Listen 80
Include "/etc/httpd/conf.d/*.load"
Include "/etc/httpd/conf/ports.conf"
LogFormat "%h %l %u %t \"%r\" %>s %b\"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s%b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
Include"/etc/httpd/conf.d/*.conf"
[[email protected] conf]#
五、把iso镜像挂载在/mnt/下,并把/mnt内容递归复制到/home/repos,并在server同级目录下createrepo –s sha1 .,此时会产生erver.xml,repos下可以分类存放软件包名称、scripts、repo文件等目录的层级结构
[[email protected] html]# cd /home/repos/
[[email protected] repos]# ll
drwxr-xr-x 2 rootroot 4096 Dec 19 20:31 REPO_FILES
drwxr-xr-x 4 rootroot 4096 Nov 17 13:57 rhel5
drwxr-xr-x 4 rootroot 4096 Nov 17 13:58 rhel6
drwxr-xr-x 13 root root 4096 Nov 13 22:41 rhel6_6
[[email protected] repos]# pwd
/home/repos
[[email protected] repos]#
六、把/home/repos链接到/var/www/html因为apache默认的根路径为/var/www/html
ln-s /home/repos /var/www/html/
[[email protected] html]# pwd
/var/www/html
[[email protected] html]# ll
total 0
lrwxrwxrwx 1 root root 11 Dec 19 19:25 repos ->/home/repos
[[email protected] html]#
七:访问效果
、
查看puppet的http配置管理:
[[email protected] yum.repos.d]# cat foreman-1.5.3.repo
[foreman-1.5.3]
name=foreman 1.5.3 - rhel 6
baseurl=file:///home/foreman-1.5.3/6
enabled=1
gpgcheck=0
[[email protected] yum.repos.d]#
[[email protected] yum.repos.d]# cat puppet-3.7.4.repo
[puppet-3.7.4]
name=puppet 3.7.4 - rhel 6
baseurl=file:///home/puppet-3.7.4/6
enabled=1
gpgcheck=0
[[email protected] yum.repos.d]# cat /etc/httpd/conf/httpd.conf
# Security
ServerTokens OS
ServerSignature On
TraceEnable On
ServerName "puppet.rhel6.site"
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 120
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 15
User apache
Group apache
AccessFileName .htaccess
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy all
</FilesMatch>
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
DefaultType none
HostnameLookups Off
ErrorLog "/var/log/httpd/error_log"
LogLevel warn
EnableSendfile On
#Listen 80
Include "/etc/httpd/conf.d/*.load"
Include "/etc/httpd/conf/ports.conf"
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
Include "/etc/httpd/conf.d/*.conf"
[[email protected] yum.repos.d]#
[[email protected] yum.repos.d]# cat /etc/httpd/conf.d/puppetmaster.conf
# This Apache 2 virtual host config shows how to use Puppet as a Rack
# application via Passenger. See
# http://docs.puppetlabs.com/guides/passenger.html for more information.
# You can also use the included config.ru file to run Puppet with other Rack
# servers instead of Passenger.
# you probably want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120
#RackAutoDetect Off
#RailsAutoDetect Off
Listen 8140
<VirtualHost *:8140>
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLCipherSuite EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
SSLHonorCipherOrder on
SSLCertificateFile /var/lib/puppet/ssl/certs/puppet.rhel6.site.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.rhel6.site.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
# If Apache complains about invalid signatures on the CRL, you can try disabling
# CRL checking by commenting the next line, but this is not recommended.
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crt.pem
# Apache 2.4 introduces the SSLCARevocationCheck directive and sets it to none
# which effectively disables CRL checking; if you are using Apache 2.4+ you must
# specify ‘SSLCARevocationCheck chain‘ to actually use the CRL.
# SSLCARevocationCheck chain
SSLVerifyClient optional
SSLVerifyDepth 1
# The `ExportCertData` option is needed for agent certificate expiration warnings
SSLOptions +StdEnvVars +ExportCertData
# This header needs to be set if using a loadbalancer or proxy
RequestHeader unset X-Forwarded-For
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
DocumentRoot /etc/puppet/rack/public/
RackBaseURI /
<Directory /etc/puppet/rack/>
Options None
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
[[email protected] yum.repos.d]#
[[email protected] yum.repos.d]# cd /etc/httpd/
[[email protected] httpd]# ll
total 8
drwxr-xr-x. 2 root root 4096 Feb 9 05:47 conf
drwxr-xr-x. 4 root root 4096 Feb 9 03:32 conf.d
lrwxrwxrwx. 1 root root 19 Oct 9 13:10 logs -> ../../var/log/httpd
lrwxrwxrwx. 1 root root 29 Oct 9 13:10 modules -> ../../usr/lib64/httpd/modules
lrwxrwxrwx. 1 root root 19 Oct 9 13:10 run -> ../../var/run/httpd
[[email protected] httpd]# cd conf
[[email protected] conf]# ll
total 24
-rw-r--r-- 1 root root 857 Oct 10 10:15 httpd.conf
-rw-r--r--. 1 root root 13139 Mar 4 2015 magic
-rw-r--r-- 1 root root 228 Oct 10 10:16 ports.conf
[[email protected] conf]# cat ports.conf
# ************************************
# Listen & NameVirtualHost resources in module puppetlabs-apache
# Managed by Puppet
# ************************************
Listen 443
Listen 80
NameVirtualHost *:443
NameVirtualHost *:80
[[email protected] conf]# pwd
/etc/httpd/conf
[[email protected] conf]#
本文出自 “12214694” 博客,请务必保留此出处http://12224694.blog.51cto.com/12214694/1896541
以上是关于apache基本配置管理三:企业中常见基于repo的apache服务环境搭建的主要内容,如果未能解决你的问题,请参考以下文章