Apache configuration and application
One, Apache configuration and application
(1) Build a virtual web host
A virtual web host refers to running multiple web sites on the same server, each of which does not actually occupy the entire server independently, so it is called a "virtual" web
host. Virtual Web hosting services can make full use of the hardware resources of the server, thereby greatly reducing website construction and operating costs.
Using httpd services can easily build virtual hosting servers. Only one httpd service can support a large number of Web sites at the same time. The
types of virtual hosts supported by httpd service include the following three types:
==1. Based on domain name: == Use a different domain name for each virtual host, but the corresponding IP address is the same. For example,
the IP addresses of www. benet.com and www. gg. com are both 192. 168.71.11 This is the most commonly used type of virtual web host
== 2. Based on IP address: == used for each virtual host Different domain names and their corresponding IP addresses are also different. This method requires multiple network interfaces for the server,
so the application is not very extensive
== 3. Port-based: == This method does not use domain names and IP addresses to distinguish different site content, but uses different TCP port number, so users
need to specify the port number at the same time when browsing different virtual sites in order to access
(2) Virtual hosting based on domain name
1. Provide domain name resolution for virtual hosts
==Method 1:== Deploy DNS domain name resolution server to provide domain name resolution
==Method 2:== Temporarily configure the mapping between domain names and IP addresses in the /etc/hosts file
echo "192.168.71.11 www.kgc.com" >> /etc/hosts
echo "192.168.71.11 www.gg.com" >> /etc/hosts
2. Prepare web documents for virtual hosts
mkdir -p /var/www/html/kgc
mkdir -p /var/www/html/gg
echo "<h4>www.kgc.com</h4>" > /var/www/html/kgc/index.html
echo "<h4>www.gg.com</h4>" > /var/www/html/gg/index.html
3. Add virtual host configuration
vim /etc/httpd.conf
# Virtual hosts
Include conf/extra/httpd-vhosts.conf #取消注释
vim /usr/local/httpd/conf/extra/httpd-vhosts.conf #源码编译安装的虚拟主机配置文件路径
#vim /etc/httpd/conf.d/vhosts.conf #RPM或YUM安装的虚拟主机配置文件路径
<VirtualHost 192.168.71.11:80> #设置虚拟区域
# ServerAdmin [email protected] #设置管理员邮箱,这行可以不用注释
DocumentRoot "/var/www/html/gg" #设置网站根目录
ServerName www.gg.com #设置Web站点的完整域名(主机+域名)
# ServerAlias www.dummy-host.example.com
ErrorLog "logd/benet.com-error_log" #设置错误日志文件的路径
CustomLog "logs/benet.com-access_log" common #设置访问日志文件的路径
</VirtualHost>
<VirtualHost 192.168.71.11:80>
# ServerAdmin [email protected]
DocumentRoot "/var/www/html/kgc"
ServerName www.kgc.com
# ServerAlias www.dummy-host.example.com
ErrorLog "logd/gg.com-error_log"
CustomLog "logs/gg.com-access_log" common
</VirtualHost>
4. Set up access control
<Directory "/var/www/html"> #设置目录访问权限
Options None #不启用任何的服务器特性
AllowOverride None #不允许重写Apache默认配置
Require all granted #允许所有主机访问
</Directory>
Options instruction explanation: The main function of the Options directive is to control which server features will be enabled for a specific directory, which can be used in the virtual host configuration (VirtualHost), specific directory configuration (Directoty) and .htaccess file of the Apache service configuration file
- Common options for the Options command: None: means not to start any server features
- FollowSymLinks: The server allows symbolic links (soft links) in this directory
- Indexes: If the entered URL corresponds to a file directory on the server, and there is no file specified by the DirectoryIndex directive in the Apache configuration file in this directory (for example: DirectoryIndex index.html index.php), all the directories under this directory will be listed file
- MultiViews: If the path requested by the client may correspond to multiple types of files, the server will automatically select a file that best matches the requirements of the client according to the specific circumstances of the client's request. For example, there are two files named hello.jpg and hello.html in the file folder of the server site. At this time, the user enters http://localhost/file/hello. If there is no hello sub-file in the file folder Directory, then the server will try to find a file like hello.* in the file folder, and then return the hello.jpg or hello.html that best matches the requirements according to the specific conditions of the user’s request
- All: Indicates all features except MultiViews, which is also the default setting of the Options command
- AllowOverride instruction analysis: .htaccess (distributed implicit configuration file): Provides a method for changing the configuration for each directory, that is, placing a file containing specific instructions in a specific directory, and the instructions act on this directory and its All subdirectories
When AllowOverride is set to None, the .htaccess file in the corresponding configuration directory is not read, that is, it cannot take effect. When AllowOverride is set to All, every time a file in the corresponding directory is requested, it will be read. The configuration of the htaccess file means that the original Apache directives will be rewritten by the directives in the .htaccess file. For
performance and security considerations, the use of the .htaccess file is generally avoided as much as possible. Any configuration that you want to put in the .htaccess file can be used. It is placed in the section of the main configuration file (httpd. conf) and is efficient. Therefore, the AllowOverride attribute is generally configured to None
Address restriction policy: Require all granted: Allow all hosts to access
Require all denied: All hosts are denied access.
Require local: Only the local host is allowed to access.
Require [not] host <host name or domain name list>: Allow or deny access to the specified host or domain name.
Require [not] ip <IP address or network segment list>: Allow or deny the specified IP address network access.
5. Load a separate configuration file
vim /usr/local/httpd/conf/httpd.conf #也可以直接修改/etc/httpd.conf前面有配置过
#源码编译安装的httpd服务主配置文件路径
------483行------取消注释
Include conf/extra/httpd-vhosts.conf #加载独立的配置文件
#vim /etc/httpd/conf/httpd.conf #RPM或YUM安装的httpd服务主配置文件路径
IncludeOptional conf.d/*.conf #最后一行已默认开启此项
httpd -t #检查配置文件格式
systemctl restart httpd
6. Verification results
(2) Virtual host based on IP address
1. Increase the virtual network card
ifconfig ens33:0 192.168.71.110 netmask 255.255.255.0 基于不同的地址进行建立所以要增加一块虚拟的网卡2. Modify the vshosts sub-configuration
vim /usr/local/httpd/conf/extra/httpd-vhosts.conf
<VirtualHost 192.168.71.11:80>
#ServerAdmin [email protected]
DocumentRoot "/var/www/html/gg"
ServerName www.gg.com
#ServerAlias www.dummy-host.example.com
ErrorLog "logs/gg.com-error_log"
CustomLog "logs/gg.com-access_log" common
</VirtualHost>
<VirtualHost 192.168.71.110:80> 增加个其他地址
#ServerAdmin [email protected]
DocumentRoot "/var/www/html/kgc"
ServerName www.kgc.com
#ServerAlias www.dummy-host.example.com
ErrorLog "logs/kgc.com-error_log"
CustomLog "logs/kgc.com-access_log" common
</VirtualHost>
<Directory "/var/www/html">
Options None
AllowOverride None
Require all granted
</Directory>
3. Modify the main configuration file to increase the listening address port
vim /usr/local/httpd/conf/httpd.conf
Listen 192.168.71.110:80 增加该监听地址
systemctl restart httpd
4. Verification result
(3) Based on port
1. Different ports with the same address, modify the listening port
vim /usr/local/httpd/conf/httpd.conf
#
<VirtualHost 192.168.71.11:80>
#ServerAdmin [email protected]
DocumentRoot "/var/www/html/gg"
ServerName www.gg.com
#ServerAlias www.dummy-host.example.com
ErrorLog "logs/gg.com-error_log"
CustomLog "logs/gg.com-access_log" common
</VirtualHost>
<VirtualHost 192.168.71.11:8080> 修改成不同端口
#ServerAdmin [email protected]
DocumentRoot "/var/www/html/kgc"
ServerName www.kgc.com
#ServerAlias www.dummy-host.example.com
ErrorLog "logs/kgc.com-error_log"
CustomLog "logs/kgc.com-access_log" common
</VirtualHost>
<Directory "/var/www/html">
Options None
AllowOverride None
Require all granted
</Directory>
2. Modification of the listening port of the main configuration file
vim /etc/httpd.conf
Listen 192.168.71.11:80
Listen 192.168.71.11:8080 修改成同地址不同监听端口
3. Verification result
Second, the Apache connection is maintained
vim /usr/local/httpd/conf/extra/httpd-default.conf
pAlive on
//设置是否打开连接保持功能,后面接0FF表示关闭,接ON表示打开。可以根据网站的并发请求量决定是否打开,即在高并发时打开连接保持功能,并发量不高时关闭此功能
MaxKeepAliveRequests 100
//用于设置在一次长连接中可以传输的最大请求数量,超过此最大请求数量就会断开连接,最大值的设置决定于网站中网页的内容,一般设置数量会多于网站中所有的元素
KeepAliveTimeout 5
//设置来自同一个客户端一次连接多次请求之间的最大间隔时间,即两次请求之间超过该时间连接就会自动断开,从而避免客户端占用连接资源Third, the construction of web virtual directories and user authorization restrictions
==1. Create user authentication data file==
cd /usr/local/httpd/bin //可以不用切换
htpasswd -c /usr/local/httpd/userlist.pd zhangsan //-c选项表示新建用户数据文件userlist.pd,缺省时则表示指定的用户数据文件已经存在,用于添加新的用户或修改现有用户的密码
htpasswd /usr/local/httpd/userlist.pd lisi //因为创建用户数据文件所以不需要-c
cat /usr/local/httpd/user //确认用户数据文件
==2. Add user authorization configuration==
vim /usr/local/httpd/conf/httpd.conf
——末行添加——
Alias /test /var/www/html/test //设置虚拟目录的根目录,/test为虚拟目录名称
################
//如果是其他目录则需要在主配置文件增加访问控制权限
Alias /test /opt/www/html/test
<Directory "/opt/www/html">
AuthName "Hello!" //定义受保护的领域名称,会在认证对话框中显示
AuthType Basic //设置认证的类型,Basic表示基本认证
AuthUserFile /usr/local/httpd/user //设置用于保存用户账号和密码的认证文件的路径
Require valid-user //开启用户认证,只有认证文件中的合法用户才能访问
</Directory>
#################
<Directory "/var/www/html/test"> //设置虚拟目录配置区域
AuthName "Hello!" //定义受保护的领域名称,会在认证对话框中显示
AuthType Basic //设置认证的类型,Basic表示基本认证
AuthUserFile /usr/local/httpd/user //设置用于保存用户账号和密码的认证文件的路径
Require valid-user //开启用户认证,只有认证文件中的合法用户才能访问
#authgroupfile /usr/local/httpd/conf/group 设置用于保存组账号和密码的认证文件的路径
#Require user zhangsan 仅允许指定用户访问
#Require group zhangsan 仅允许指定组访问
</Directory>
==3. Prepare web documents==
mkdir -p /var/www/html/test
echo "<h1>hello world</h1>" > /var/www/html/test/index.html
systemctl restart httpd
3.1 Troubleshooting
4. Verification
Four, Apache log separation
1. Modify the main configuration file
vim /usr/local/httpd/conf/httpd.conf //也可以修改 /etc/httpd.cong
-----274行附近-----修改
ErrorLog "| /usr/local/bin/rotatelogs -l /var/log/httpd/error_%Y%m%d.log 86400" #分割错误日志
-----304行附近-----修改
CustomLog "| /usr/local/bin/rotatelogs -l /var/log/httpd/access_%Y%m%d.log 86400" combined #分割访问日志
(Or) 2. Modify the sub-configuration file extra/http-vhosts.conf
vim /usr/local/httpd/conf/extra/httpd-vhosts.conf #虚拟主机也可以进行分割
ErrorLog "| /usr/local/bin/rotatelogs -l /var/log/httpd/lic.com-error_%F.log 86400"
CustomLog "| /usr/local/bin/rotatelogs -l /var/log/httpd/lic.com- access_%F.log 86400" combined
#开头的|为管道符号
#-l选项表示使用本地时间为时间基准
#86400表示1天,即每天生成一个新的日志文件
3. Create a log directory to start the service
mkdir /var/log/httpd #创建分割后的日志文件保存目录
systemctl restart httpd
ls /var/log/httpd
4. Verification result
Five, AWStats analysis system
AWStats is an open source log analysis system developed using Perl language. It is used to complete automated log statistics and analysis
== 1. Upload the software packages required to install Awstats to the /opt directory ==
2. Press and install AWStats software package
cd /opt
tar zxvf awstats-7.6.tar.gz
mv /opt/awstats-7.6 /usr/local/awstats
3. Establish a configuration file for the site to be counted
cd /usr/local/awstats/tools
./awstats_configure.pl
......
Config file path ('none' to skip web server setup):
> /usr/local/httpd/conf/httpd.conf #输入httpd服务主配置文件的路径
Your web site,virtual server or profile name:
> www.kgc.com #输入要统计的站点域名
其它全部是y或者回车4. Modify the automatically generated awstats access permissions and load the CGI module (Apache2.4 or higher version needs to load the CGI module)
vim /usr/local/httpd/conf/httpd.conf
ErrorLog "logs/error_log"
CustomLog "logs/access_log" combined
...
—143行—
#LoadModule info_module modules/mod_info.so
<IfModule !mpm_prefork_module> //CGI模块开启
LoadModule cgid_module modules/mod_cgid.so #取消注释
</IfModule>
<IfModule mpm_prefork_module>
LoadModule cgi_module modules/mod_cgi.so #取消注释
</IfModule>
#LoadModule dav_fs_module modules/mod_dav_fs.so
——末行添加字段——
<Directory "/usr/local/awstats/wwwroot">
Options None
AllowOverride None
# Order allow,deny
# Allow from all
Require all granted
</Directory>
==5. Modify site statistics configuration file==
vim /etc/awstats/awstats.www.kgc.com.conf
LogFile="/usr/local/httpd/logs/kgc.com-access_log" //修改访问日志文件位置需要和虚拟主机的日志文件位置一致
DirData="/var/lib/awstats" //awstats目录默认不存在,需要手动创建
mkdir /var/lib/awstats
View www.kgc.com log file path
6. Perform log analysis
systemctl restart httpd
cd /usr/local/awstats/tools/
./awstats_updateall.pl now #更新数据(根据站点配置文件指定的日志文件路径);
7. Troubleshooting: Close the virtual host site configuration file, restore the default log file path, and change /etc/awstats/awstats.www.kgc.com.conf
Modify /etc/httpd.conf
View the default log file path
/etc/awstats/awstats.www.kgc.com.conf file LogFile file path change
If you visit www.kgc.com before, the web page of the php configuration file appears
cd /usr/local/httpd/htdocs/
vim index.html
mv index.php index.php.bak
==8. Set cron schedule task==
crontab -e #编写计划性任务,每5分钟更新一次日志文件数据
*/5 * * * * /usr/local/awstats/tools/awstats_updateall.pl now
systemctl start crond==9. Visit AwStats analysis system site==
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
echo "192.168.184.60 www.kgc.com" >> /etc/hosts //如果之前做过dns域名解析服务这里不用输入
浏览器访问
http://www.kgc.com/awstats/awstats.pl?config=www.kgc.com
Six, optimize the web page address
vim /usr/local/httpd/htdocs/aws.html
<html>
<head>
<meta http-equiv=refresh content="0;url=http://www.kgc.com/awstats/awstats.pl?config=www.kgc.com">
</head>
<body></body>
HTML文件结构解释:
<html> </html>:用于HTML文件结构最外层表示的标签
<head></head>:用于HTML网页内容描述信息的头标签
<body></body>:用于显示网页内容的内容标签
<meta>:定义了HTML文档中的元数据,比如针对搜索引擎和更新频度的描述和关键词。这里的http-equiv=refresh用于实现网页自动跳转
浏览器访问
http://www.kgc.com/aws.html