CentOS7 operation and maintenance-Apache service optimization
I. Overview
Apache
The default configuration will cause many problems, which does not meet the current high-end server configuration, so in order to adapt to the needs of the enterprise, improve the Apache
configuration, thereby improving performance and stability
Second, the optimization plan
① Web page compression
Compressing the size of web pages can reduce overhead and improve efficiency
► Use instructions to check whether the module is installed
httpd -M | grep "deflate"
►How to find the module
Use the command Find to find
find ./ -name "mod_deflate.c"
►Install modules
Use apxs to add new modules
#安装apxs前置
yum install zlib-devel
sed -i '38c LDFLAGS="-lz"' /usr/local/httpd/bin/apr-1-config
#源码解压目录
cd /opt/httpd/modules/filters
apxs -ica mod_deflate.c
►Add at the end of the httpd main configuration file.
Compression types include general text, CSS/JS, pictures, etc.
DeflateCompressionLevel
Represents the compression level [1-9]
SetOutputFilter DEFLATE
represents use gzip
for compression
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml text/javascript text/jpg text/png
DeflateCompressionLevel 9
SetOutputFilter DEFLATE
</IfModule>
►Restart service
systemctl restart httpd
►Test
Use the browser's built-in network function to view, the picture has been gzip
compressed
② Web page cache
►Use instructions to check whether the module is installed
httpd -M | grep "expires"
►Install modules
Use apxs to add new modules
cd /opt/httpd/models/metadata
apxs -c -i -a mod_expires.c
►Add at the end of the httpd main configuration file to
ExpiresActive On
open the web cache function and
ExpiresDefault ""
set the cache time [unit: second]
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 60 seconds"
</IfModule>
►Restart service
systemctl restart httpd
►Test
③ Anti-leakage
Used to pretend to hide the software version, which can prevent idlers from looking for loopholes to destroy
►Enter the main configuration file to delete the comment
vim /usr/local/httpd/conf/httpd.conf
Include conf/extra/httpd-default.conf
►Enter the default profile
vim /usr/local/httpd/conf/extra/httpd-default.conf
Modify the 55
content ServerTokens
of the first line to Prod
► restart the service
systemctl restart httpd
►Before modification versus after modification
④ Anti-theft chain
It can be combined with web page caching to effectively prevent images from being stolen and used. If maliciously stolen, it will result in a situation where the click rate of the website is not high but the traffic is very large.
►Open the module and
enter the httpd
main configuration file
LoadModule rewrite_module modules/mod_rewrite.so
Search in the main configuration file 224
lines DocumentRoot
to add items
RewriteEngine On
RewriteCond %{
HTTP_REFERER} !^http://benet.com/.*$ [NC]
RewriteCond %{
HTTP_REFERER} !^http://benet.com$ [NC]
RewriteCond %{
HTTP_REFERER} !^http://www.benet.com/.*$ [NC]
RewriteCond %{
HTTP_REFERER} !^http://www.benet.com/$ [NC]
RewriteRule .*\.(gif|jpg|swf)$ http://www.benet.com/error.png
►Test the
source code of pirated websites