Apache2.2.22 On Ubuntu and Settings

本文详细介绍了如何在 Ubuntu 上安装配置 Apache2.2.22,并设置 HTTP 和 HTTPS 代理服务。包括安装 zlib、Apache2.2.22 的步骤,解决页面访问不工作的问题,配置状态模块及日志输出,搭建 Flask 测试服务,以及实现正向和反向代理的过程。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

Apache2.2.22 On Ubuntu and Settings

Install that On my Virtual Machine
Install Zlib
> wget http://www.zlib.net/zlib-1.2.11.tar.gz
> tar -xvf zlib-1.2.11.tar.gz
> cd zlib-1.2.11/
> ./configure --prefix=/usr/local/
> make
> sudo make install

Install HTTP Apache2.2.22
> wget http://archive.apache.org/dist/httpd/httpd-2.2.22.tar.gz
> tar -xvf httpd-2.2.22.tar.gz
> cd httpd-2.2.22/
> ./configure --prefix=/usr/local/apache2 --enable-mods-shared=all --enable-deflate --enable-proxy --enable-proxy-balancer --enable-proxy-http
> make
> sudo make install

Start the HTTP Server
> sudo /usr/local/apache2/bin/apachectl start

Visit the page
http://ubuntu-master/

Check status is not working
> sudo /usr/local/apache2/bin/apachectl status
/usr/local/apache2/bin/apachectl: 94: /usr/local/apache2/bin/apachectl: lynx: not found

Install lynx
> sudo apt-get install lynx

Still not working
> sudo /usr/local/apache2/bin/apachectl status
Not Found
The requested URL /server-status was not found on this server.

Check the configuration File
> sudo vi /usr/local/apache2/conf/httpd.conf
LoadModule status_module modules/mod_status.so
ExtendedStatus On
<Location /server-status>
SetHandler server-status
Order allow,deny
Allow from all
</Location>

Restart the Service
> sudo /usr/local/apache2/bin/apachectl restart

Then it works
> sudo /usr/local/apache2/bin/apachectl status
Apache Server Status for localhost
Server Version: Apache/2.2.22 (Unix) DAV/2
Server Built: Jun 25 2018 11:15:17
__________________________________________________________________
Current Time: Monday, 25-Jun-2018 11:32:29 CDT
Restart Time: Monday, 25-Jun-2018 11:30:59 CDT
Parent Server Generation: 0
Server uptime: 1 minute 30 seconds
Total accesses: 1 - Total Traffic: 2 kB
CPU Usage: u0 s0 cu0 cs0
.0111 requests/sec - 22 B/second - 2048 B/request
1 requests currently being processed, 4 idle workers

Apache Proxy - Forward - Reverse
Forward - proxy the request to target server, add cache or etc.
Reverse - proxy the request to the service behide the firewall.
Eg:
ProxyPass /log http://192.168.8.7:8550/logman
ProxyPassReverse /log http://192.168.8.7:8550/logman
#keep the session
ProxyPassReverseCookiePath /logman /log

If I directly install the Apache2 on Ubuntu, it is the latest Version
> sudo apt-get install apache2
> apache2 -version
Server version: Apache/2.4.18 (Ubuntu)
Server built: 2018-04-18T14:53:04

Prepare Mock Server
> sudo apt-get update
> sudo apt-get install python3-pip

Install Flask
> sudo pip install flask

> cat backend1.py
from flask import Flask
app = Flask(__name__)
@app.route('/')
def home():
return 'hello, sillycat!'

Start the Mock Service
> FLASK_APP=./backend1.py flask run --port=8080 >/dev/null 2>&1 &

Check that with Curl Command
> curl -G http://localhost:8080
hello, sillycat!


We can start some other mock services as well.
> FLASK_APP=./backend2.py flask run --port=8081 >/dev/null 2>&1 &

Running on 0.0.0.0 HOST
> FLASK_APP=./backend1.py flask run --host=0.0.0.0 --port=8080 >/dev/null 2>&1 &

Open the logging on Stage
LoadModule dumpio_module modules/mod_dumpio.so
DumpIOInput On
DumpIOOutput On
DumpIOLogLevel debug
LogLevel debug

Then we can see all the logging from here
>tail -f /opt/apache2/logs/error_log

This Proxy Worked Pretty well
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPassMatch "^/(.*).php$" "http://ubuntu-master:8082/$1"
ProxyPassReverse "^/(.*).php$" "http://ubuntu-master:8082/$1"
ProxyPass /sillycat http://ubuntu-master:8080
ProxyPassReverse /sillycat http://ubuntu-master:8080
</VirtualHost>

http://localhost/sillycat will proxy to ubuntu-master:8080

http://localhost/kiko.php will proxy to ubuntu-master:8082/kiko

HTTPS Proxy
--enable-ssl --enable-so
> ./configure --prefix=/usr/local/apache-2.2.22 --enable-mods-shared=all --enable-deflate --enable-proxy --enable-proxy-balancer --enable-proxy-http --enable-ssl --enable-so

Make and make install to install that version, Configure the SSL proxy
<VirtualHost *:443>
ProxyRequests Off
ProxyPreserveHost Off
SSLEngine on
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
SSLProxyProtocol -all +TLSv1 +TLSv1.2
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
ServerName manage5.xxxxxxxxx.com
ProxyPassMatch "^/(.*)" "https://xxxxxxxx.execute-api.us-west-1.amazonaws.com/stage/$1"
ProxyPassReverse "^/(.*)" "https://xxxxxxxx.execute-api.us-west-1.amazonaws.com/stage/$1"
RequestHeader set X-Forwarded-Proto "https"
SSLCertificateFile /opt/ssl/cert-stage.pem
SSLCertificateKeyFile /opt/ssl/cert-stage.key
</VirtualHost>


Check Apache Version and OpenSSL version
> openssl version
OpenSSL 1.0.1 14 Mar 2012

> apache2 -version
Server version: Apache/2.2.22 (Ubuntu)
Server built: Jul 24 2015 17:25:54

Test the HTTPS hand shake
> openssl s_client -connect xxxx.execute-api.us-west-1.amazonaws.com:443 -ssl3

Same issue
> curl -v -3 --ssl https://xxxxxxx.execute-api.us-west-1.amazonaws.com/stage/getPairedDevices

It seems that it can not support TLSv1.2 to proxy to API gateway. Still working on that.

Try to upgrade the APACHE Version
http://archive.apache.org/dist/httpd/httpd-2.2.34.tar.gz

Check the linked SSL version
> ldd /usr/local/apache-2.2.34/modules/mod_ssl.so
linux-vdso.so.1 => (0x00007ffd3a991000)
libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007fd300d46000)
libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007fd300902000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fd3006e5000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fd30031b000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fd300117000)
/lib64/ld-linux-x86-64.so.2 (0x00007fd3011e0000)

Check the openssl library
> openssl version -a
OpenSSL 1.0.2g 1 Mar 2016
built on: reproducible build, date unspecified
platform: debian-amd64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
compiler: cc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/usr/lib/ssl"


Some Options
-ssl2 - just use SSLv2
-ssl3 - just use SSLv3
-tls1_2 - just use TLSv1.2
-tls1_1 - just use TLSv1.1
-tls1 - just use TLSv1
-dtls1 - just use DTLSv1

> ./configure --prefix=/usr/local/apache-2.2.34 --enable-mods-shared=all --enable-deflate --enable-proxy --enable-proxy-balancer --enable-proxy-http --enable-ssl --enable-so --with-ssl=/usr/lib/ssl --enable-ssl-staticlib-deps --enable-mods-static=ssl


> sudo apt-get install libapr1-dev libaprutil1-dev
> sudo apt-get install libpcre3-dev

Try with latest version 2.4.9
> ./configure --prefix=/usr/local/apache-2.4.9 --enable-mods-shared=all --enable-deflate --enable-proxy --enable-proxy-balancer --enable-proxy-http --enable-ssl --enable-so --with-ssl=/usr/lib/ssl --enable-ssl-staticlib-deps --enable-mods-static=ssl
Make and Make install

In version 2.4.9, need open more module
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so

Version 2.4.9, It will work perfectly
DumpIOInput On
DumpIOOutput On
LogLevel debug
<VirtualHost *:443>
ProxyRequests Off
ProxyPreserveHost Off
SSLEngine on
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
SSLProxyProtocol -all +TLSv1 +TLSv1.2
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
ServerName manage5.sillycatcloudbeta.com
ProxyPassMatch "^/api/(.*)" "https://xxxxx.execute-api.us-west-1.amazonaws.com/stage/$1"
ProxyPassReverse "^/api/(.*)" "https://xxxxx.execute-api.us-west-1.amazonaws.com/stage/$1"
RequestHeader set X-Forwarded-Proto "https"
SSLCertificateFile /opt/ssl/cert-stage.pem
SSLCertificateKeyFile /opt/ssl/cert-stage.key
</VirtualHost>


References:
http://archive.apache.org/dist/httpd/
https://askubuntu.com/questions/574266/install-apache-2-2-22-on-ubuntu-14-04
https://techjourney.net/request-url-server-status-or-404-page-not-found-apache-httpd-error/
http://www.micmiu.com/enterprise-app/server/apache-proxy-demo/
http://blog.sina.com.cn/s/blog_4da051a60102vf3f.html
https://www.oschina.net/question/12_2803
https://serverfault.com/questions/577734/apache-proxy-an-internal-url-using-regex
https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch
https://blog.youkuaiyun.com/fenglibing/article/details/6796094
http://agapple.iteye.com/blog/807101
https://www.digitalocean.com/community/tutorials/how-to-use-apache-as-a-reverse-proxy-with-mod_proxy-on-ubuntu-16-04
https://serverfault.com/questions/248918/how-can-i-enable-logging-for-requests-going-through-mod-proxy/542039
http://flask.pocoo.org/docs/0.12/quickstart/
https://www.thegeekstuff.com/2011/03/install-apache2-ssl/

https://forums.aws.amazon.com/thread.jspa?threadID=246053
https://stackoverflow.com/questions/41386827/apache-disable-sslv3-with-sslproxyprotocol-not-working
https://www.openssl.org/news/changelog.html
https://github.com/mozilla/server-side-tls/issues/62
https://serverfault.com/questions/314858/how-to-enable-tls-1-1-and-1-2-with-openssl-and-apache
http://archive.apache.org/dist/httpd/
https://askubuntu.com/questions/168731/problem-to-install-apache-2-4-2-in-ubuntu-12-04
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值