Apache webpage optimization for web services

For Apache installation, please see the previous blog: linux advanced operation source code compile and install LAMP

1. Overview of Apache webpage optimization

1. Why need optimization

• In enterprises, only the default configuration parameters are used after the deployment of Apache, which will cause many problems for the website. In other words, the default configuration is for the previous low server configuration, and the previous configuration is no longer suitable for the current Internet era.

• In order to meet the needs of enterprises, it is necessary to consider how to improve the performance and stability of Apache. This is the content of Apache optimization.

2. Optimized content

• Configure web page compression
• Configure web cache
• Selection of working mode and parameter optimization
• Configure hidden version number
• Configure anti-leech
• Wait

3. Apache's web page compression function------gzip

• Configure Apache's web page compression function to use gzip compression algorithm to compress the web page content and then transmit it to the client browser

• The role of web page compression

  • Reduce the number of bytes transmitted over the network and speed up web page loading
  • Save traffic and improve the user’s browsing experience
  • gzip has a better relationship with search engine crawlers

4. Apache's compression module

• Apache's functional modules for web page compression include

  • mod_ gzip module
  • mod_ deflate module

• Apache 1.x

  • There is no built-in web page compression technology, but third-party mod_ gzip module can be used to perform compression

• Apache 2.x

  • During development, the module mod_ deflate is built in instead of mod_gzip

5. Mod_ gzip module and mod_ deflate module

• Both use the gzip compression algorithm and the principle of operation is similar
• mod_ deflate compression speed is slightly faster, while mod_ gzip compression ratio is slightly higher
• mod_ gzip occupies more server CPU
• For high-traffic servers, using mod_ deflate may load faster than mod_ gzip

2. Web page compression

1. Check whether the mod_ deflate module is installed

apachectl -t -D DUMP_MODULES | grep "deflate"

2. If the mod_deflate module is not installed, recompile and install Apache to add the mod_deflate module

systemctl stop httpd.service
cd /usr/local/httpd/conf
mv httpd.conf httpd.conf.bak

yum -y install gcc gcc-c++ pcre pcre-devel zlib-devel
cd /opt/httpd-2.4.29/
./configure \
--prefix=/usr/local/httpd \
--enable-so \
--enable-rewrite \
--enable-charset-lite \
--enable-cgi \
--enable-deflate				#加入mod_deflate 模块

make && make install

3. Configure mod_deflate module to enable

vim /usr/local/httpd/conf/httpd.conf
#52行；修改
Listen 192.168.163.15:80
#105行；取消注释；开启mod_deflate 模块
LoadModule deflate_module modules/mod_deflate.so
#198行；取消注释，修改
ServerName www.lisi.com:80
#末行添加
<IfModule mod_deflate.c>
#代表对什么样的内容启用gzip压缩
AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml text/javascript text/jpg text/png
#代表压缩级别，范围为1~9
DeflateCompressionLevel 9
#代表启用deflate 模块对本站点的输出进行gzip压缩
SetOutputFilter DEFLATE
</IfModule>

4. Check the installation and start the service

#验证配置文件的配置是否正确
apachectl -t
#检查 mod_deflate 模块是否已安装
apachectl -t -D DUMP_MODULES | grep "deflate"
#已安装的正确结果
deflate_module (shared)

systemctl start httpd.service

5. Test whether mod_deflate compression takes effect

cd /usr/local/httpd/htdocs
#先将图片文件传到/usr/local/httpd/htdocs目录下

vim index.html
<html><body><h1>
hahaha
</h1>
<img src="pika.jpg">
</body></html>

Method 1:
In the Linux system, open the Firefox browser, right-click and click to view the elements.
Select Network→Reload→Select HTML, WS, Others.
Visit http://192.168.163.15 and check that the response header contains Content-Encoding: gzip

Method 2: Win10 only needs to install fiddler.exe
fiddler.exe installation package download
link: https://pan.baidu.com/s/12MN3rUYzLVmX1zjWXORvgA
extraction code: wuvw
installation only needs to double-click the installation package, after selecting the path, install it; Open can open the software from the menu.
Install Microsoft.NET4 and fiddler software in the virtual machine Windows system in turn, open the fiddler software and
select inspectors —> select the Headers
browser to visit http://192.168.163.15, double-click the 200 response message to view Content-Encoding: gzip

Three, web cache

• Configure Apache through the mod_expire module, so that web pages can be cached in the client browser for a period of time to avoid repeated requests
• After the mod_expire module is enabled, the Expires tag and the Cache-Control tag in the page header information will be automatically generated. The client browser decides based on the tag that the next visit is to get the page in the cache of the local machine, and there is no need to make another request to the server. Thereby reducing the frequency and times of client access, achieving the purpose of reducing unnecessary traffic and increasing access speed

1. Check whether the mod_expires module is installed

apachectl -t -D DUMP_MODULES | grep "expires"

2. If the mod_expires module is not installed, recompile and install Apache to add the mod_expires module

systemctl stop httpd.service
cd /usr/local/httpd/conf
mv httpd.conf httpd.conf.bak1

yum -y install gcc gcc-c++ pcre pcre-devel zlib-devel
cd /opt/httpd-2.4.29/
./configure \
--prefix=/usr/local/httpd \
--enable-so \
--enable-rewrite \
--enable-charset-lite \
--enable-cgi \
--enable-deflate \
--enable-expires			#加入mod_expires 模块

make && make install

3. Configure mod_expires module to enable

vim /usr/local/httpd/conf/httpd.conf
#52行;修改
Listen 192.168.163.15:80
#111行;取消注释;开启mod_expires 模块
LoadModule expires_module modules/mod_expires.so
#198行;取消注释，修改
ServerName www.lisi.com:80
#末行添加
<IfModule mod_expires.c>
  #打开网页缓存功能
  ExpiresActive On
  #设置缓存60秒
  ExpiresDefault "access plus 60 seconds"
</IfModule>

4. Check the installation and start the service

#验证配置文件的配置是否正确
apachectl -t
#检查 mod_deflate 模块是否已安装
apachectl -t -D DUMP_MODULES | grep "expires"
#已安装的正确结果
deflate_module (shared)

systemctl start httpd.service

5. Test whether the cache is effective

cat /usr/local/httpd/htdocs/index.html

Method 1:
In the Linux system, open the Firefox browser, right-click and click to view the elements.
Select Network —> Select HTML, WS, Others.
Visit http://192.168.163.15, and double-click the 200 message to view the Expires item in the response header

Method 2:
Install Microsoft.NET4 and fiddler software in the Windows system in turn, open the fiddler software,
select inspectors —> select the Headers
browser to visit http://192.168.163.15, double-click the 200 message to view the Expires item

Four, hide version information

• The version information of Apache reveals certain vulnerability information, which brings security risks to the website
• Configure Apache to hide version information in the production environment

vim /usr/local/httpd/conf/httpd.conf
#490行;取消注释
Include conf/extra/httpd-default.conf

vim /usr/local/httpd/conf/extra/httpd-default.conf
#55行;修改;将原本的Full改成Prod，只显示名称，不显示版本
ServerTokens Prod
#ServerTokens 表示 Server 回送给客户端的响应头域是否包含关于服务器 OS 类型和编译过的模块描述信息。

systemctl start httpd.service

浏览器访问 http://192.168.163.15，双击200消息查看 Server 项

Five, Apache anti-leech

• Anti-hotlinking is to prevent others' website codes from embezzling pictures, files, videos and other related resources on our own servers
• If others embezzle these static resources of the website, it will obviously increase the bandwidth pressure of the server
• As the maintainer of the website, we must prevent the static resources of the server from being embezzled by other websites

1. Experiment preparation

• Two hosts with Apache httpd website service installed

#Web源主机配置
cd /usr/local/httpd/htdocs
#先将图片文件传到/usr/local/httpd/htdocs目录下

vim index.html
<html><body><h1>
hahaha
</h1>
<img src="pika.jpg">
</body></html>


echo "192.168.163.15 www.lisi.com" >> /etc/hosts
echo "192.168.163.14 www.zhangsan.com" >> /etc/hosts

#盗链网站主机
cd /usr/local/httpd/htdocs
#先将图片文件传到/usr/local/httpd/htdocs目录下

vim index.html
<html><body><h1>
this is zhangsan.com!
</h1>
<img src="http://www.lisi.com/pika.jpg">/
</body></html>

echo "192.168.163.15 www.lisi.com" >> /etc/hosts
echo "192.168.163.14 www.zhangsan.com" >> /etc/hosts

In the operation on the hotlink website host, obtain the address of the picture on the lisi homepage and copy it to the zhangsan website.

Visiting zhangsan's homepage can directly access the pictures on the lisi homepage. At this time, copy the pictures on the zhangsan website and you can find that the address is http://www.lisi.com/pika.jpg; we want to prevent this from happening.

2. Check whether the mod_rewrite module is installed

apachectl -t -D DUMP_MODULES | grep "rewrite"

3. If the mod_rewrite module is not installed, recompile and install Apache to add the mod_rewrite module

systemctl stop httpd.service
cd /usr/local/httpd/conf
mv httpd.conf httpd.conf.bak2

yum -y install gcc gcc-c++ pcre pcre-devel zlib-devel

cd /opt/httpd-2.4.29
./configure \
--prefix=/usr/local/httpd \
--enable-so \
--enable-rewrite \
--enable-charset-lite \
--enable-cgi \
--enable-deflate \
--enable-expires			

make && make install

4. Configure mod_rewrite module to enable

vim /usr/local/httpd/conf/httpd.conf
#156行;取消注释
LoadModule rewrite_module modules/mod_rewrite.so
#223行
<Directory "/usr/local/httpd/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted

#打开 rewrite 功能，加入 mode_rewrite 模块内容
RewriteEngine On
#设置匹配规则
RewriteCond %{
    
    HTTP_REFERER} !^http://lisi.com/.*$ [NC]
RewriteCond %{
    
    HTTP_REFERER} !^http://lisi.com$ [NC]
RewriteCond %{
    
    HTTP_REFERER} !^http://www.lisi.com/.*$ [NC]
RewriteCond %{
    
    HTTP_REFERER} !^http://www.lisi.com/$ [NC]
#设置跳转动作
RewriteRule .*\.(gif|jpg|swf)$ 	http://www.lisi.com/error.png
</Directory>

systemctl start httpd.service
规则解释：
RewriteCond %{
    
    HTTP_REFERER} !^http://www.kgc.com/.*$ [NC]  的字段含义：
“%{
    
    HTTP_REFERER}” ：存放一个链接的 URL，表示从哪个链接访问所需的网页。
“!^” ：表示不以后面的字符串开头。
“http://www.kgc.com” ：是本网站的路径，按整个字符串匹配。
“.*$” ：表示以任意字符结尾。
“[NC]” ：表示不区分大小写字母。

RewriteRule .*\.(gif|jpg|swf)$ http://www.kgc.com/error.png  的字段含义：
“.” ：表示匹配一个字符。
“*” ：表示匹配 0 到多个字符，与“.”合起来的意思是匹配 0 到多次	前面的任意字符，如果是 1 到多次匹配可以用“+”表示。
“\.” ：在这里的“\”是转义符，“\.”就代表符号“.”的意思。因为“.”在指令中是属于规则字符，有相应的含义， 如果需要匹配，需要在前面加个转义符“\”，其它规则字符如果需要匹配，也做同样处理。
“(gif|jpg|swf)” ：表示匹配“gif”、“jpg”、“swf”任意一个，“$”表示结束。最后的规则是以“.gif”、“.jpg”、“.swf”结尾， 前面是1到多个字符的字符串，也就是匹配图片类型的文件。
“http://www.lic.com/error.png” ：表示转发到这个路径 。

整个配置的含义是 使用本网站以外的网站域名 访问本站的图片文件时，显示 error.png 这个图片。

5. Verify on the host of the stolen image website

http://www.zhangsan.com
http://www.lisi.com