Apache virtual host configuration and resolve
1. Modify the httpd-vhosts.conf
Open the apache (Apache24) /conf/extra/httpd-vhosts.conf file, add a virtual host information, different domain names can only point to a different directory
<VirtualHost *: 80 > ServerAdmin amyliyanice @ 163 .com # Service administrator mailbox address to send mail to this address problems DocumentRoot " D: / AppServ / the WWW / WX " # the Apache default site directory, do not add the end of the path ramp line ServerName wx.dev # domain ServerAlias www.wx.dev # site alias (do not fill) ErrorLog " logs / wx.dev.log " # error log CustomLog " logs / wx.dev.log " the Common # custom log < / VirtualHost>
<Directory /> root directory (The following are restrictions on the root directory)
Options FollowSymLinks FollowSymLinks representation allows symbolic links, plus option means not prohibited, such as directory browsing is not allowed
AllowOverride None expressed prevent users from directory configuration files (.htaccess modified) heavy-duty, general directory site this recommendation does not open
Order deny, allow allow not explicitly denied (read from the forward)
deny All to deny all access from
</ directory>
<Directory "/applications/apache2.2.31/htdocs"> site directory (The following is the default directory site restrictions, if the reader who configure the site directory and is not configured here 403 error occurs)
Options FollowSymLinks FollowSymLinks represents the Indexes allow a symbolic link, indexes representation allows directory browsing, such as to allow directory browsing, allow a symbolic link is very dangerous here, directory browsing should be prohibited
Options FollowSymLinks or should be changed to -Indexes FollowSymLinks Options
AllowOverride None expressed prevent users from directory configuration files (.htaccess modified) heavy duty try not to open .htaccess security risk, regular site visits more performance low
Order allow, deny not refuse expressly permitted (read from back to front)
the allow everyone from All access
</ Directory>
<IfModule dir_module>
the DirectoryIndex index file index.html page file (file can have multiple home, can match a plurality of spaces,)
</ IfModule>
<FilesMatch "^ \. Ht" > prevent .htaccess and .htpasswd and other important documents are web users to view
the Order the allow, deny
Deny from All
Satisfy All
</ FilesMatch>
# Some examples: there are different error jump specified page
#ErrorDocument 500 "at The Server Made A Boo Boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 HTTP: //www.example.com/subscription_info.html
apache extension profile (Include call files) in / appacation / apache / conf / extra , do not open is the default configuration.
Extra /
├── httpd-autoindex.conf
├── httpd-dav.conf DAV support configuration
├── httpd-default.conf configuration parameters apache related services, such as timeout, the connection holding time
├── httpd -info.conf
├── httpd-languages.conf language support mode
├── httpd-manual.conf
├── httpd-mpm.conf server pool management, which is to optimize the apache configuration file, select the mode and configuration apache connections, etc., with a common pattern and a worker mode profork mode, default mode is profork
├── the httpd-multilang-errordoc.conf
├── the httpd-ssl support the ssl.conf encrypted files
├── httpd-userdir.conf
└── httpd-vhosts.conf virtual host configuration file
Virtual host configuration file (httpd-vhosts.conf)
egrep -v. "* # ^ | ^ $" Httpd-vhosts.conf
NameVirtualHost *: 80 represents the name-based virtual host configuration, * represents all IP addresses listeners of the machine, You can change to a specific IP address
<VirtualHost *: 80> define a virtual host, * represents all IP addresses listeners of the machine, you can change to a specific IP address
ServerAdmin [email protected] configured by the administrator mailbox
DocumentRoot "/ applications / apache2. program directory 2.31 / docs / dummy-host.example.com "to provide services, but also as a site directory, if not configured, go to the main configuration file to find
ServerName dummy-host.example.com provide domain name services, testing needs in this machine hosts do to resolve
the alias ServerAlias www.dummy-host.example.com virtual host, which is configured to access the same site multiple domains, this feature requires apache mod_alias module support
ErrorLog "logs / dummy-host.example.com -error_log "configuration error log path
CustomLog" logs / dummy-host.example.com- access_log "common configuration access log, combined with a general format instead of the common format, to get more output format
end </ VirtualHost> virtual host
################################################## ################################################## ##
the Apache optimize
a log polling
1. use a log cronolog poll. the reason why not use the system comes rotatelogs, because of the loss of the log when cutting logs.
2. The use of composite logs (combined), the display will be more.
3. Configure cronolog log polling write full path as Customlog "| / usr / local / sbin / cronolog /application/apache/logs/access_www_%Y%m%d.log" combined
two. Error page displaying elegant
forms of support url, files and scripts. Configuration or write ErrorDocument 404 /http://www/51cto.com ErrorDocument 404 /missing.html main configuration file
Three, mod_deflate file compression (compression to a content client) is
a DSO mounted / application / apache / bin / apxs -i -c -a mod_deflate.c
the compressed file to the server side, and then transfer, at the client end then decompressed. No special circumstances, all text content should be gzip compression.
The following information on the web hosting them, to achieve the compression function:
<IfModule mod_defalte.c>
DeflateCompressionlevel # 9 compression level, grade is also large, the higher the compression ratio, the opposite is also high CPU consumption
SetOutputFilter DEFLATE # Enable compression
#DeflateFilterNote Input instream # flag is placed in the log compression ratio
#DeflateFilterNore Output outstream # mark is placed in the log compression ratio
AddOutputFilterByType DEFLATE text / html text / plain text / xml # following three lines set the compression type
AddOutputFilterByType the DEFLATE file application / JavaScript
AddOutputFilterByType the DEFLATE text / CSS
# DeflateFilterNote ratio ratio # log is placed in compression ratio flag, the following is logging, generally do not have this feature, it is commented out
#LogFormat ' "% r"% { outsream} n /% {instream} n (% {ratio} n %%) 'deflate
Logs #Customlog / deflate_log.log the deflate
</ IfModule>
use the curl command line header information will appear Vary: Accept-Encoding has expressed compress
Four, mod_expires caching function
by setting the expires header to cache such as: images, scripts, css, flash, etc., expires in fact, to specify the specific types of files in the browser cache time through a header message, most of the pictures, flash in after the release are not often modified, cache after doing so the browser will not download these files from the server but directly read from the cache
advantages:
1, increase the speed of access to pages 2, 3 enhance the user experience save website bandwidth costs 4, save web server and maintenance costs
<ifmodule mod_expires.c>
ExpiresActive on
ExpiresDefault "access plus 12 month"
ExpiresByType test/html "access plus 12 months"
ExpiresByType test/scc "access plus 12 months"
ExpiresByType image/gif "access plus 12 months"
ExpiresByType image/jpeg "access plus12 12 months"
ExpiresByType image/jpg "access plus 12 months"
ExpiresByType image/png "access plus 12 months"
EXpiresByType application/x-shockwave-flash "access plus 12 months"
EXpiresByType application/x-javascript "access plus 12 months"
ExpiresByType video/x-flv "access plus 12 months"
</ifmodule>
expires failure conditions: active user and delete the contents of the cache has to
If the website update feature or update file contents or old user access
1. General will be constantly changing set-up time as short as 1-30 days
2. Take policy on the update file, as updated using the new file name published, in this way the user is a new resource
Five, change the default user apache
compile and install apache daemon user is
the user's yum install apache apache is
possible to rename the user, the best we do not know the user name
Six, worker mode to enhance the number of concurrent (up to 4500 users test results)
when compiled and installed, using the model worker
Seven shield sensitive information such as apache version
does not know what the client access using a version of the server, reducing the attack
to modify httpd-default.conf file, ServerSignature off and ServerTokens Prod
after apachectl graceful to make it work
but still there will be server = Apache words , if you want all the screen, you will need to recompile
Eight, set apache directory file permissions (genus group root, directory 755, files 644)
in the site architecture, should the resource file, including user upload pictures, accessories and procedures for the separation, it is best to have separate upload program, so you can sit authorized.
General authorized:
chmod -R 777 / sitedir
chown -R apache.apache / sitedir not safe
Nine, modification amount of concurrent apache setting (default amount apahce concurrent 150)
modify the httpd.conf open Include conf / extra / httpd-mpm.conf module
Apachef服务为worker模式的配置 vim /conf/extra/httpd-mpm.conf
<IfModule mpm_worker_module>
StartServers 5
MaxClients 2000
ServerLimit 25
MinSpareThreads 50
MaxSpareThreads 200
ThreadLimit 200
ThreadsPerChild 100
MaxRequestsPerchild 0
</IfModule>
注:
MaxClients <= ServerLimit * ThreadsPerChild
Apache prefork mode configuration services for the
production environment configuration file httpd-default.conf number of concurrent connections configuration
vim conf/extra/httpd-mpm.conf
StartServers 10
MinSpareServers 10
maxSpareServers 15
ServerLimit 2000
MaxClients 2000
MaxRequestsPerChild 10000
After the number of concurrent modification, to stop apache and then start apache, restart and graceful are no bug could be used
Ten, apache security chain function of
all his pictures, can not be nested inside other people's pages
XI prohibits catalog Indexes
delete Indexes Indexes or preceded by -
Twelve, prevent users from overloading
AllowOverride Nore
XIII, close CGI
delete or close CGI
Fourth, avoid the use of .htaccess files
first, performance considerations, if AllowOverride .htaccess file is enabled, you need to find the Apache .htaccess file in each directory, in addition, for each request, you need to read a .htaccess file thus causing performance degradation.
Followed by security, which will allow the user to modify server configuration, which may cause some unexpected changes, so please carefully consider whether it should be given such a privileged user
AccessFileName .htaccess
recommendations set:
#AccessFileName .htaccess
all directory permissions defined using the definition in httpd.conf, do not use .htaccess.
Seventeen, apache log root 700 permissions granted
XVIII kernel optimization system optimization
Nineteen, apache program architecture optimized
1. Procedural page server and image attachment server, the server upload three functional separation as much as possible
the best way to 2. The separation is use separate server (requires support program)
3. The second best solution is to the front end load balancer by haproxy / nginx the directory or extension behind the corresponding server request
----------------
Disclaimer: This article is CSDN blogger "zypzilong 'original article, follow the CC 4.0 by-sa copyright agreement, reproduced, please attach the original source link and this statement. .
Original link: https: //blog.csdn.net/zypzilong/article/details/77765429