源代码构建Apache反向代理(包括SSL配置)

2022-02-04 07:45:42

由rpm构建的apache是适合大多数场合的应用，它包含了大多数的模块，而我们只是用它去构建反向代理，过多大模块反而不好，影响了性能，所以我们选择了针对性的源代码编译，让apache去适应我们的平台。

下载源代码：

wget http://mirrors.cnnic.cn/apache/httpd/httpd-2.2.25.tar.gz

解压

tar zxvf httpd-2.2.25.tar.gz

cd httpd-2.2.25

编译安装的前提条件

yum install -y gcc gcc-c++ apr apr-devel apr-util openssl openssl-devel

根据gcc版本，和cpu架构，进行优化编译

使用gcc -v查看gcc的版本

cat /proc/cpuinfo 查看cpu型号

uname –r 查看操作系统的版本

编译安装

CFLAGS="-march=core2 -mtune=generic -O2 -pipe" CXXFLAGS="{CFLAGS}" ./configure --enable-layout=RedHat --enable-modules=so --enable-ssl --enable-rewrite --enable-proxy

make

make install

清除调试符号，节省内存空间

strip /usr/sbin/httpd

使用httpd –M检查添加的模块

httpd -m |grep rewrite

httpd -m |grep ssl

httpd -m |grep proxy

使用httpd -k start 启动apache

使用 httpd -k stop 关闭

使用 httpd -k restart 重启

echo “/usr/sbin/httpd –k start” >>/etc/rc.local 设为随机启动

配置ssl

红色字体为新添加的配置

#redirect non-ssl request to ssl requres

Redirect / https://web.contoso.com

SSLSessionCache "shmcb:logs/ssl_scache(512000)"

SSLSessionCacheTimeout 300

ProxyRequests off

listen 443 https

NameVirtualHost *:443

# Site info

ServerName webprox1.contoso.com

ServerAdmin administrator@contoso.com

SSLEngine on

SSLProxyEngine on

SSLCertificateFile /etc/httpd/conf/ssl/web.crt

SSLCertificateKeyFile /etc/httpd/conf/ssl/web.key

SSLCACertificatePath /etc/httpd/conf/ssl

SSLCACertificateFile /etc/httpd/conf/ssl/ca.pem

# Rewrite engine on

RewriteEngine On

RewriteOptions Inherit

# Log filenames

ErrorLog /etc/httpd/logs/error-inotes-redirect

CustomLog /etc/httpd/logs/access-inotes-redirect common

LogLevel warn

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#

# Rule 0 : If Cookie is set and user logs out, remove the cookie

RewriteCond %{HTTP_COOKIE} ^.*iNotesServer=.*

RewriteCond %{QUERY_STRING} ^Logout

RewriteRule ^/.* - [CO=iNotesServer:domino1:.contoso.com:1]

# Rule 1 : Read domino server name from first access to the mail directory,

# save it to the cookie and redirect to the mail server

RewriteCond %{REQUEST_URI} ^/(.*)/mail

RewriteRule /(.*)/mail/(.*) http://$1.contoso.com/mail/$2 [P,CO=iNotesServer:$1:.contoso.com]

# Rule 2 : If cookie is set, use it to rewrite rules for iNotes generated URLs

# and non mail DBs for the server definde in the cookie iNotesServer

RewriteCond %{REQUEST_URI} ^/favicon.ico [OR]

RewriteCond %{REQUEST_URI} ^/domjs [OR]

RewriteCond %{REQUEST_URI} ^/domjava [OR]

RewriteCond %{REQUEST_URI} ^/domcfg.nsf [OR]

RewriteCond %{REQUEST_URI} ^/iNotes [OR]

RewriteCond %{REQUEST_URI} ^/icons [OR]

RewriteCond %{REQUEST_URI} ^/iwaredir.nsf [OR]

RewriteCond %{REQUEST_URI} ^/names.nsf [OR]

RewriteCond %{REQUEST_URI} ^/mail [OR]

RewriteCond %{REQUEST_URI} ^/archive [OR]

RewriteCond %{REQUEST_URI} ^/download [OR]

RewriteCond %{REQUEST_URI} ^/dwa(.*)

RewriteCond %{HTTP_COOKIE} ^.*iNotesServer=([^;]+)

RewriteRule /(.*) http://%1.contoso.com/$1 [P,L]

# Rule 3 : if no cookie set -> on first access on the iNotes iwaredir.nsf

RewriteCond %{REQUEST_URI} ^/favicon.ico [OR]

RewriteCond %{REQUEST_URI} ^/domcfg.nsf [OR]

RewriteCond %{REQUEST_URI} ^/iwaredir.nsf [OR]

RewriteCond %{REQUEST_URI} ^/names.nsf

RewriteRule /(.*) http://domino1.contoso.com/$1 [P,L]

# Rule 4 : everything else should be redirected to the original link

RewriteCond %{REQUEST_URI} ^/

RewriteRule / http://domino1.contoso.com/ [P]

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#

ProxyPassReverse /domino1/mail/ http://domino1.contoso.com/mail/

ProxyPassReverse / http://domino1.contoso.com/

</VirtualHost>

性能优化

取消http.conf中

Include /etc/httpd/conf/extra/httpd-mpm.conf 的注释，即删除前面的#号

修改 prefork段的值

ServerLimit 1000

StartServers 15

MinSpareServers 15

MaxSpareServers 20

MaxClients 1000

MaxRequestsPerChild 3000

</IfModule>

本文转自高文龙 51CTO博客，原文链接：http://blog.51cto.com/gaowenlong/1281165，如需转载请自行联系原作者

码农公寓

相关文章