First, the program files
CentOS 7 programming environment: yum httpd-2.4 Installation
The official help documentation: http: //httpd.apache.org/docs/2.4/
Profiles:
/etc/httpd/conf/httpd.conf
/etc/httpd/conf.d/*.conf
Check the configuration file syntax:
httpd –t
Service unit files: /usr/lib/systemd/system/httpd.service
Configuration file: / etc / sysconfig / httpd
Service Control and startup:
systemctl enable|disable httpd.service
systemctl {start|stop|restart|status|reload} httpd.service
Site web document root directory:
/ Var / www / html
Module file path:
Soft link / etc / httpd / modules # following file
/usr/lib64/httpd/modules
The main program file:
/usr/sbin/httpd
The main process file:
/etc/httpd/run/httpd.pid
Log file directory:
/var/log/httpd
access_log: access log
error_log: Error Log
Help documentation package:
httpd-manual
Second, explain the configuration
1, display server version information
ServerTokens Major | Minor | Min [imal] | Prod [uctOnly] | OS | Full # various types
http://httpd.apache.org/docs/2.4/mod/core.html#servertokens types of format
we /etc/httpd/conf.d/test.conf
ServerTokens Prod # recommended
2, modify the listening IP and port
Listen [IP:]PORT
(1) means that all IP omitted native IP
(2) Listen at least one instruction can be repeated a plurality of times
Listen 80
Listen 8080
3, persistent connections
Persistent Connection: the connection is established, after the completion of each resource acquisition does not disconnect
Then, but continues to wait for other requests to complete the default persistent connection is closed
Disconnect Conditions: Time limit: in seconds, default 5s, httpd-2.4 millisecond support
Side effects: a large amount of concurrent access to a server, a persistent connection will not respond to some requests
Compromise: a persistent connection using a shorter time
Setting: KeepAlive On | Off
KeepAliveTimeout 15
Analog Test: telnet 192.168.12.27 80
GET /URL HTTP/1.1
Host: 192.168.12.27
4、
DSO: Dynamic Shared Object
Dynamic load module configuration without restarting take effect
/etc/httpd/conf/httpd.conf
Include conf.modules.d/*.conf
httpd -M # View all the modules, if required annotation to the corresponding module
httpd -l # Display the static module, the core module
Example adding module: LoadModule auth_basic_module modules / mod_auth_basic.so
5, MPM (Multi-Processing Module) Multi-Processing Module
prefork, worker, event
Switching using MPM (centos6 can not)
/etc/httpd/conf.modules.d/00-mpm.conf
MPM enable the associated LoadModule directive to enable to
prefork configuration: (default) following a process has several sub-processes are provided by the child process, the default four sub-processes, existing processes will automatically open enough
we /etc/httpd/conf.d/test.conf
StartServers 8 # initial child process is recommended to transfer large
MinSpareServers 5
MaxSpareServers 20
Under ServerLimit 256 maximum number of processes, the maximum value of the maximum 200 000 20000 preforw mode
MaxClients 256 最大的并发连接数,2.4官方文档没有说明,2.2中有,不加的话子进程数不会改变
MaxRequestsPerChild 4000 子进程最多能处理的请求数量。在处理MaxRequestsPerChild 个
请求之后,子进程将会被父进程终止,这时候子进程占用的内存就会释放(为0时永远不释放)
worker的配置: 一个进程下面若干子进程,由子进程下面的线程提供服务,
ServerLimit 16
StartServers 2
MaxRequestWorkers 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
event MPM单线程响应多请求,占据更少的内存,高并发下表现更优秀,会有一个专门的线
程来管理keep-alive类型的线程
6、定义'Main' server的文档页面路径
DocumentRoot “/path”
文档路径映射:
DocumentRoot指向的路径为URL路径的起始位置
示例:
DocumentRoot "/data/html“ 2.4版本只改这一行不行,需要授权,2.2可以直接修改
<Directory "/data/html">
Require all granted
</Directory>
文件是软连接,在其他目录也可以访问
7、定义站点主页面
DirectoryIndex index.html index.php
8、站点访问控制常见机制
可基于两种机制指明对哪些资源进行何种访问控制
访问控制机制有两种:客户端来源地址,用户账号
文件系统路径:
<Directory “/path"> 限制文件夹
...
</Directory>
<File “/path/file”> 限制文件
...
</File>
<FileMatch "PATTERN"> 支持通配符
...
</FileMatch>
<location /status> #示例
<requireany>
require all denied
require ip 192.168.12.1 192.168.12.27
</requireany>
SetHandler server-status
</Location>
9、<Directory>中“基于源地址”实现访问控制 可以加在上一步的<directory>中
(1) Options:后跟1个或多个以空白字符分隔的选项列表
在选项前的+,- 表示增加或删除指定选项
常见选项:
Indexes:指明的URL路径下不存在与定义的主页面资源相符的资源文件时,返回索引列表给用户
FollowSymLinks:允许访问符号链接文件所指向的源文件
None:全部禁用
All: 全部允许
(2) AllowOverride
与访问控制相关的哪些指令可以放在指定目录下的.htaccess(由AccessFileName指定)文件中,覆盖之前的配置指令
只对<directory>语句有效,可以将上面options的配置放在网站目录下的.htaccess文件中
AllowOverride All: .htaccess中所有指令都有效
AllowOverride None: .htaccess 文件无效
AllowOverride AuthConfig .htaccess 文件中,除了AuthConfig 其它指令都无法生效
(3) 基于IP的访问控制:
无明确授权的目录,默认拒绝
允许所有主机访问:Require all granted
拒绝所有主机访问:Require all denied
控制特定的IP访问:
Require ip IPADDR:授权指定来源的IP访问
Require not ip IPADDR:拒绝特定的IP访问
控制特定的主机访问:
Require host HOSTNAME:授权特定主机访问
Require not host HOSTNAME:拒绝
不能有失败,至少有一个成功匹配才成功,即失败优先
<RequireAll>
Require all granted
Require not ip 172.16.1.1 拒绝特定IP
</RequireAll>
多个语句有一个成功,则成功,即成功优先
<RequireAny>
Require all denied
require ip 172.16.1.1 允许特定IP
</RequireAny>
10、日志设定
日志类型:访问日志、错误日志
错误日志:
ErrorLog logs/error_log
LogLevel warn
LogLevel 可选值: debug, info, notice, warn,error, crit, alert, emerg
访问日志:
定义日志格式:LogFormat format strings
LogFormat "%h %l %u %{%F %T}t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" testlog
使用日志格式:
CustomLog logs/access_log testlog
http://httpd.apache.org/docs/2.4/mod/mod_log_config.html#formats 官方帮助文档
11、设定默认字符集
AddDefaultCharset UTF-8 此为默认值
中文字符集:GBK, GB2312, GB18030
基于模块mod_userdir.so实现
相关设置:
12、实现家目录共享
vim /etc/httpd/conf.d/userdir.conf modify the file to
<IfModule mod_userdir.c>
#UserDir disabled
UserDir public_html # specify the shared directory name
</IfModule>
Preparation catalog
su – sun;mkdir ~/public_html
echo homesun > ~/sun/public_html/index.html
setfacl –m u:apache:x ~sun
access
13, status page
LoadModule status_module modules/mod_status.so
<Location "/status">
SetHandler server-status
</Location>
ExtendedStatus On display extended information