centos7 离线安装httpd
yum install httpd -y安装提示没有可用软件包,
执行vim /etc/yum.conf,将最后一行注释掉
#exclude=httpd nginx php mysql mairadb python-psutil python2-psutil
[root@controller yum.repos.d]# yum install httpd -y
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
没有可用软件包 httpd。
错误:无须任何处理
[root@controller yum.repos.d]# vim /etc/yum.conf
[root@controller yum.repos.d]# vim /etc/yum.conf
[root@controller yum.repos.d]# vim /etc/yum.conf
[root@controller yum.repos.d]# yumdownloader httpd
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
base | 3.6 kB 00:00
epel | 4.7 kB 00:00
extras | 2.9 kB 00:00
updates | 2.9 kB 00:00
httpd-2.4.6-97.el7.centos.5.x86_64.rpm | 2.7 MB 00:04
[root@controller yum.repos.d]# ls
CentOS7-Base-163.repo epel-testing.repo
epel-release-7-14.noarch.rpm httpd-2.4.6-97.el7.centos.5.x86_64.rpm
epel.repo repo_bak
[root@controller yum.repos.d]# yumdownloader mod_ssl
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
mod_ssl-2.4.6-97.el7.centos.5.x86_64.rpm | 115 kB 00:01
[root@controller yum.repos.d]# yumdownloader openssl
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
openssl-1.0.2k-25.el7_9.x86_64.rpm | 494 kB 00:00
下载然后安装httpd
[root@controller yum.repos.d]# ll
总用量 3424
-rw-r--r-- 1 root root 1572 12月 1 2016 CentOS7-Base-163.repo
-rw-r--r-- 1 root root 15608 9月 5 2021 epel-release-7-14.noarch.rpm
-rw-r--r-- 1 root root 1528 9月 2 21:22 epel.repo
-rw-r--r-- 1 root root 1651 9月 2 21:24 epel-testing.repo
-rw-r--r-- 1 root root 2847720 3月 25 02:21 httpd-2.4.6-97.el7.centos.5.x86_64.rpm
-rw-r--r-- 1 root root 118140 3月 25 02:22 mod_ssl-2.4.6-97.el7.centos.5.x86_64.rpm
-rw-r--r-- 1 root root 505916 3月 29 03:53 openssl-1.0.2k-25.el7_9.x86_64.rpm
drwxr-xr-x 2 root root 70 9月 2 21:27 repo_bak
[root@controller yum.repos.d]# rpm -ivh httpd-2.4.6-97.el7.centos.5.x86_64.rpm
错误:依赖检测失败:
httpd-tools = 2.4.6-97.el7.centos.5 被 httpd-2.4.6-97.el7.centos.5.x86_64 需要
libapr-1.so.0()(64bit) 被 httpd-2.4.6-97.el7.centos.5.x86_64 需要
libaprutil-1.so.0()(64bit) 被 httpd-2.4.6-97.el7.centos.5.x86_64 需要
[root@controller yum.repos.d]# sudo yum install --downloadonly httpd --downloaddir=/download/
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
正在解决依赖关系
--> 正在检查事务
---> 软件包 httpd.x86_64.0.2.4.6-97.el7.centos.5 将被 安装
--> 正在处理依赖关系 httpd-tools = 2.4.6-97.el7.centos.5,它被软件包 httpd-2.4.6-97.el7.centos.5.x86_64 需要
--> 正在处理依赖关系 libaprutil-1.so.0()(64bit),它被软件包 httpd-2.4.6-97.el7.centos.5.x86_64 需要
--> 正在处理依赖关系 libapr-1.so.0()(64bit),它被软件包 httpd-2.4.6-97.el7.centos.5.x86_64 需要
--> 正在检查事务
---> 软件包 apr.x86_64.0.1.4.8-7.el7 将被 安装
---> 软件包 apr-util.x86_64.0.1.5.2-6.el7 将被 安装
---> 软件包 httpd-tools.x86_64.0.2.4.6-97.el7.centos.5 将被 安装
--> 解决依赖关系完成
依赖关系解决
================================================================================
Package 架构 版本 源 大小
================================================================================
正在安装:
httpd x86_64 2.4.6-97.el7.centos.5 updates 2.7 M
为依赖而安装:
apr x86_64 1.4.8-7.el7 base 104 k
apr-util x86_64 1.5.2-6.el7 base 92 k
httpd-tools x86_64 2.4.6-97.el7.centos.5 updates 94 k
事务概要
================================================================================
安装 1 软件包 (+3 依赖软件包)
总下载量:3.0 M
安装大小:9.9 M
Background downloading packages, then exiting:
(1/4): apr-1.4.8-7.el7.x86_64.rpm | 104 kB 00:00
(2/4): httpd-tools-2.4.6-97.el7.centos.5.x86_64.rpm | 94 kB 00:00
(3/4): apr-util-1.5.2-6.el7.x86_64.rpm | 92 kB 00:00
(4/4): httpd-2.4.6-97.el7.centos.5.x86_64.rpm | 2.7 MB 00:01
--------------------------------------------------------------------------------
总计 2.8 MB/s | 3.0 MB 00:01
exiting because "Download Only" specified
[root@controller yum.repos.d]# cd /download/
[root@controller download]# ll
总用量 3076
-rw-r--r-- 1 root root 106124 10月 15 2020 apr-1.4.8-7.el7.x86_64.rpm
-rw-r--r-- 1 root root 94132 7月 4 2014 apr-util-1.5.2-6.el7.x86_64.rpm
-rw-r--r-- 1 root root 2847720 3月 25 02:21 httpd-2.4.6-97.el7.centos.5.x86_64.rpm
-rw-r--r-- 1 root root 96468 3月 25 02:21 httpd-tools-2.4.6-97.el7.centos.5.x86_64.rpm
[root@controller download]# httpd -v
bash: httpd: 未找到命令...
[root@controller download]# rpm -ivh httpd-2.4.6-97.el7.centos.5.x86_64.rpm
错误:依赖检测失败:
httpd-tools = 2.4.6-97.el7.centos.5 被 httpd-2.4.6-97.el7.centos.5.x86_64 需要
libapr-1.so.0()(64bit) 被 httpd-2.4.6-97.el7.centos.5.x86_64 需要
libaprutil-1.so.0()(64bit) 被 httpd-2.4.6-97.el7.centos.5.x86_64 需要
[root@controller download]# rpm -ivh *.rpm
准备中... ################################# [100%]
正在升级/安装...
1:apr-1.4.8-7.el7 ################################# [ 25%]
2:apr-util-1.5.2-6.el7 ################################# [ 50%]
3:httpd-tools-2.4.6-97.el7.centos.5################################# [ 75%]
4:httpd-2.4.6-97.el7.centos.5 ################################# [100%]
[root@controller download]# httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built: Mar 24 2022 14:57:57
[root@controller download]#
下载mod_ssl离线安装
[root@controller download]# mod_ssl -v
bash: mod_ssl: 未找到命令...
[root@controller download]# openssl -v
openssl:Error: '-v' is an invalid command.
Standard commands
asn1parse ca ciphers cms
crl crl2pkcs7 dgst dh
dhparam dsa dsaparam ec
ecparam enc engine errstr
gendh gendsa genpkey genrsa
nseq ocsp passwd pkcs12
pkcs7 pkcs8 pkey pkeyparam
pkeyutl prime rand req
rsa rsautl s_client s_server
s_time sess_id smime speed
spkac ts verify version
x509
Message Digest commands (see the `dgst' command for more details)
md2 md4 md5 rmd160
sha sha1
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb base64 bf
bf-cbc bf-cfb bf-ecb bf-ofb
camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb
camellia-256-cbc camellia-256-ecb cast cast-cbc
cast5-cbc cast5-cfb cast5-ecb cast5-ofb
des des-cbc des-cfb des-ecb
des-ede des-ede-cbc des-ede-cfb des-ede-ofb
des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
des-ofb des3 desx idea
idea-cbc idea-cfb idea-ecb idea-ofb
rc2 rc2-40-cbc rc2-64-cbc rc2-cbc
rc2-cfb rc2-ecb rc2-ofb rc4
rc4-40 rc5 rc5-cbc rc5-cfb
rc5-ecb rc5-ofb seed seed-cbc
seed-cfb seed-ecb seed-ofb zlib
[root@controller download]# sudo yum install --downloadonly mod_ssl --downloaddir=/download/
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
正在解决依赖关系
--> 正在检查事务
---> 软件包 mod_ssl.x86_64.1.2.4.6-97.el7.centos.5 将被 安装
--> 解决依赖关系完成
依赖关系解决
================================================================================
Package 架构 版本 源 大小
================================================================================
正在安装:
mod_ssl x86_64 1:2.4.6-97.el7.centos.5 updates 115 k
事务概要
================================================================================
安装 1 软件包
总下载量:115 k
安装大小:224 k
Background downloading packages, then exiting:
mod_ssl-2.4.6-97.el7.centos.5.x86_64.rpm | 115 kB 00:00
exiting because "Download Only" specified
[root@controller download]# ls
apr-1.4.8-7.el7.x86_64.rpm 解决依赖关系完成
apr-util-1.5.2-6.el7.x86_64.rpm 软件包
httpd-2.4.6-97.el7.centos.5.x86_64.rpm 正在处理依赖关系
httpd-tools-2.4.6-97.el7.centos.5.x86_64.rpm 正在检查事务
mod_ssl-2.4.6-97.el7.centos.5.x86_64.rpm
[root@controller download]# rpm -ivh mod_ssl-2.4.6-97.el7.centos.5.x86_64.rpm
准备中... ################################# [100%]
正在升级/安装...
1:mod_ssl-1:2.4.6-97.el7.centos.5 ################################# [100%]
[root@controller download]# mod_ssl -v
bash: mod_ssl: 未找到命令...
[root@controller download]#
一、生成证书
用OpenSSL生成key和证书:
[root@controller html]# mkdir /etc/ssl/private
[root@controller html]# cd /etc/ssl/
[root@controller ssl]# ll
总用量 0
lrwxrwxrwx. 1 root root 16 8月 11 17:41 certs -> ../pki/tls/certs
drwxr-xr-x 2 root root 6 9月 2 21:56 private
[root@controller ssl]# chmod 700 /etc/ssl/private/
[root@controller ssl]# ll
总用量 0
lrwxrwxrwx. 1 root root 16 8月 11 17:41 certs -> ../pki/tls/certs
drwx------ 2 root root 6 9月 2 21:56 private
[root@controller ssl]# cd private/
[root@controller private]# ls
[root@controller private]# openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt
Generating a 2048 bit RSA private key
............................................................+++
...........+++
writing new private key to '/etc/ssl/private/apache-selfsigned.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:XG
Organization Name (eg, company) [Default Company Ltd]:GA
Organizational Unit Name (eg, section) []:gx
Common Name (eg, your name or your server's hostname) []:nextcloud
Email Address []:
[root@controller private]#
[root@controller private]# openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
.......................................+................................+.............................................................................................................................................................+..........................................................................................................................................................................................++*++*
[root@controller private]# ls
apache-selfsigned.key
[root@controller private]# cd ..
[root@controller ssl]# ls
certs private
[root@controller ssl]# cd certs/
[root@controller certs]# ls
apache-selfsigned.crt ca-bundle.trust.crt localhost.crt Makefile
ca-bundle.crt dhparam.pem make-dummy-cert renew-dummy-cert
[root@controller certs]# ll
二、安装配置ssl模块
yum安装模块
yum install mod_ssl
vim /etc/httpd/conf.d/ssl.conf
配置文件中更改下面的内容:
DocumentRoot “/var/www/html”
ServerName www.xxx.net.cn:443
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
[root@controller certs]# ls
apache-selfsigned.crt ca-bundle.trust.crt localhost.crt Makefile
ca-bundle.crt dhparam.pem make-dummy-cert renew-dummy-cert
[root@controller certs]# vi /etc/httpd/conf.d/ssl.conf
检验配置:
[root@controller certs]# apachectl configtest
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.182.132. Set the 'ServerName' directive globally to suppres s this message
Syntax OK
三、重启服务
systemctl restart httpd
[root@controller certs]# systemctl restart httpd
Job for httpd.service failed because the control process exited with error code. See "sy stemctl status httpd.service" and "journalctl -xe" for details.
[root@controller certs]# systemctl stop firewalld.service
[root@controller certs]# systemctl restart httpd
Job for httpd.service failed because the control process exited with error code. See "sy stemctl status httpd.service" and "journalctl -xe" for details.
[root@controller certs]# sentenforce 0
bash: sentenforce: 未找到命令...
[root@controller certs]# setenforce 0
setenforce: SELinux is disabled
[root@controller certs]# systemctl restart httpd
Job for httpd.service failed because the control process exited with error code. See "sy stemctl status httpd.service" and "journalctl -xe" for details.
[root@controller certs]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disab led)
Active: failed (Result: exit-code) since 五 2022-09-02 22:12:05 CST; 22s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 14064 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/ FAILURE)
Main PID: 14064 (code=exited, status=1/FAILURE)
9月 02 22:12:04 controller systemd[1]: Starting The Apache HTTP Server...
9月 02 22:12:04 controller httpd[14064]: AH00558: httpd: Could not reliably determ...ge
9月 02 22:12:04 controller httpd[14064]: (98)Address already in use: AH00072: make...80
9月 02 22:12:04 controller httpd[14064]: (98)Address already in use: AH00072: make...80
9月 02 22:12:04 controller httpd[14064]: no listening sockets available, shutting down
9月 02 22:12:04 controller httpd[14064]: AH00015: Unable to open logs
9月 02 22:12:05 controller systemd[1]: httpd.service: main process exited, code=ex...RE
9月 02 22:12:05 controller systemd[1]: Failed to start The Apache HTTP Server.
9月 02 22:12:05 controller systemd[1]: Unit httpd.service entered failed state.
9月 02 22:12:05 controller systemd[1]: httpd.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
[root@controller certs]# (98)Address already in use: AH00072: make...80
发现80端口被占用
[root@controller certs]# netstat -lnp |grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3733/docker-proxy
tcp 0 0 0.0.0.0:8088 0.0.0.0:* LISTEN 4304/docker-proxy
tcp6 0 0 :::80 :::* LISTEN 3739/docker-proxy
tcp6 0 0 :::8088 :::* LISTEN 4311/docker-proxy
udp 0 0 127.0.0.1:323 0.0.0.0:* 780/chronyd
udp6 0 0 ::1:323 :::* 780/chronyd
unix 2 [ ACC ] STREAM LISTENING 80529 10625/pulseaudio /tmp/.esd-0/socket
unix 2 [ ACC ] STREAM LISTENING 42780 1729/master private/anvil
unix 2 [ ACC ] STREAM LISTENING 44870 3798/containerd-shi /run/containerd/s/1b4ac5c87b949ec6b95bc6f0ce00ac09caa4d5fe452ef969a180a5eb4bca6283
unix 2 [ ACC ] STREAM LISTENING 80531 10625/pulseaudio /run/user/0/pulse/native
unix 2 [ ACC ] STREAM LISTENING 27803 764/abrtd /var/run/abrt/abrt.socket
[root@controller certs]# systemctl stop docker
Warning: Stopping docker.service, but it can still be activated by:
docker.socket
[root@controller certs]# netstat -lnp |grep 80
udp 0 0 127.0.0.1:323 0.0.0.0:* 780/chronyd
udp6 0 0 ::1:323 :::* 780/chronyd
unix 2 [ ACC ] STREAM LISTENING 80529 10625/pulseaudio /tmp/.esd-0/socket
unix 2 [ ACC ] STREAM LISTENING 42780 1729/master private/anvil
unix 2 [ ACC ] STREAM LISTENING 80531 10625/pulseaudio /run/user/0/pulse/native
unix 2 [ ACC ] STREAM LISTENING 27803 764/abrtd /var/run/abrt/abrt.socket
[root@controller certs]# systemctl restart httpd
[root@controller certs]# cd /var/www/html/
[root@controller html]# ls
[root@controller html]#
防火墙设置
[root@controller html]# firewall-cmd --zone=public --add-port=443/tcp --permanent
FirewallD is not running
[root@controller html]# firewall-cmd --reload
FirewallD is not running
[root@controller html]#