分享程序员开发的那些事...
更新时间:2022-10-05 12:31:22
一、配置文件和基本格式
配置文件路径:/etc/httpd/conf/httpd.conf
配置参数 值
1、配置指令不区分字符大小写;但是值有可能区分字符大小写
2、有些指令可以重复出现多次
配置文件格式:
1、全局配置
2、主机配置:用于仅提供一个站点
3、虚拟主机:用于提供多个站点(和主机配置不能同时生效)
配置文件语法测试:{service httpd configtest | httpd -t}
二、详细配置
1、监听套接字
|
1
2
3
4
5
|
#配置文件事例#Listen 12.34.56.78:80Listen 80
Listen 8080
Listen 192.168.1.110:8082
|
此指令可以出现多次;用于指定监听多个不同的套接字:
|
1
2
3
4
5
6
7
8
9
10
11
12
|
[Linux]#httpd -t
Syntax OK[Linux]#service httpd reload
Reloading httpd: [Linux]#ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :::111 :::*
LISTEN 0 128 *:111 *:*
LISTEN 0 128 :::8080 :::*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 192.168.1.186:8082 *:*
|
2、配置使用Keep Alive
|
1
2
3
4
5
6
7
|
# KeepAlive: Whether or not to allow persistent connections (more than# one request per connection). Set to "Off" to deactivate.##KeepAlive OnKeepAlive OffMaxKeepAliveRequests 100 #持久连接最大请求数
KeepAliveTimeout 15 #超时时间
|
3、多道处理模块MPM
查看系统默认启用的模块
|
1
2
3
4
5
6
7
8
9
10
|
[Linux]#httpd -l
Compiled in modules:
core.c
prefork.c #默认启用prefork模块
http_core.c
mod_so.c
[Linux]#
#如需启用worker模块;需要更改配置文件[Linux]#vi /etc/sysconfig/httpd
#HTTPD=/usr/sbin/httpd.worker #启用该项后重启httpd |
配置模块信息
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
[Linux]#vi /etc/httpd/conf/httpd.conf
# prefork MPM# StartServers: number of server processes to start# MinSpareServers: minimum number of server processes which are kept spare# MaxSpareServers: maximum number of server processes which are kept spare# ServerLimit: maximum value for MaxClients for the lifetime of the server# MaxClients: maximum number of server processes allowed to start# MaxRequestsPerChild: maximum number of requests a server process servesprefork 稳定性较好,一个线程崩溃不会影响其他线程<IfModule prefork.c> 判断prefork模块是否存在StartServers 8 默认启动的工作进程数;不包含主进程
MinSpareServers 5 最少空闲进程数
MaxSpareServers 20 最大空闲进程数
ServerLimit 256 最大活动进程数
MaxClients 256 最多允许发起的请求的个数
MaxRequestsPerChild 4000 每个子进程在生命周期内所能够服务的最多请求个数
</IfModule>
# worker MPM# StartServers: initial number of server processes to start# MaxClients: maximum number of simultaneous client connections# MinSpareThreads: minimum number of worker threads which are kept spare# MaxSpareThreads: maximum number of worker threads which are kept spare# ThreadsPerChild: constant number of worker threads in each server process# MaxRequestsPerChild: maximum number of requests a server process servesworker 多个进程;一个进程崩溃会影响其下的其他线程<IfModule worker.c> 判断worker模块是否存在StartServers 4 启动的子进程的个数
MaxClients 300 并发请求的最大个数
MinSpareThreads 25 最少空闲线程数
MaxSpareThreads 75 最大空闲线程数
ThreadsPerChild 25 每个子进程可生成的线程数
MaxRequestsPerChild 0 每个子进程在生命周期内所能够服务的最多请求个数;0表示不做限定
</IfModule>
|
4、DSO模块的加载方式
LoadModule module_name /path/to/module
可以使用相对路径和绝对路径;相对路径则对于ServerRoot所定义的位置而言;
更改完成后service httpd reload可生效
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
# LoadModule foo_module modules/mod_foo.so#LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
##[Linux]#httpd -M #可以查看系统所有装载模块
Loaded Modules: core_module (static)
mpm_prefork_module (static)
http_module (static)
so_module (static)
auth_basic_module (shared)
auth_digest_module (shared)
authn_file_module (shared)
authn_alias_module (shared)
|
5、配置站点根目录和页面属性
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
# DocumentRoot: The directory out of which you will serve your# documents. By default, all requests are taken from this directory, but# symbolic links and aliases may be used to point to other locations.#DocumentRoot "/var/www/html"
DocumentRoot "/path/to/somewhere(站点路径)" #格式
# The Options directive is both complicated and important. Please see 下述站点有配置详细说明# http://httpd.apache.org/docs/2.2/mod/core.html#options# for more information.#<Directory "/var/www/html"> #页面访问属性
## Options Indexes FollowSymLinks
###Indexes 缺少默认页面时;允许将目录中的所有文件已列表形式返回给用户FollowSymLinks 允许跟随符号链接所指向的原始文件;危险None 所有都不启用
All 所有都启用
ExecCGI 是否允许使用mod_cgi模块执行CGI脚本Includes 是否允许使用mod_include模块实现服务器端包含(SSI)MultiViews 允许使用mod_negotiation实现内容协商SymLinksIfOwnerMatch 在链接文件属主属组与原始文件的属主属组相同时;允许跟随符号链接所指向的原始文件### AllowOverride controls what directives may be placed in .htaccess files.# It can be "All", "None", or any combination of the keywords:# Options FileInfo AuthConfig Limit基于主机的访问控制## AllowOverride None 表示下面这些控制机制是否被禁用;None表示不被禁用
## Controls who can get stuff from this server.# #allow允许;deny不允许
Order allow,deny #默认deny;没有allow的都deny;可以写多条;自上而下匹配
Allow from all 格式:from IP
Deny
#二者都匹配或二者都无匹配项时,则以后者为准;否则,则以匹配到的为准
</Directory>
#***匹配:从列表中找出最小的能匹配到访问者的地址的条目为最终是生效的#详细参考http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow |
6、定义默认主页面
|
1
2
3
4
5
|
# The index.html.var file (a type-map) is used to deliver content-# negotiated documents. The MultiViews Option can be used for the# same purpose, but it is much slower.#DirectoryIndex index.html index.html.var #自左而右依次查找
|
7、用户目录
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
# The path to the end user account 'public_html' directory must be# accessible to the webserver userid. This usually means that ~userid权限说明# must have permissions of 711, ~userid/public_html must have permissions# of 755, and documents contained therein must be world-readable.# Otherwise, the client will only receive a "403 Forbidden" message.## See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden#<IfModule mod_userdir.c> #
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
UserDir disabled
disabled 禁止
UserDir public_html 用户家目录下的目录名称,所有位于此目录中的文件均可通过前述的访问路径进行访问;用户的家目录的赋予运行httpd进程的用户拥有执行权限;
#
# To enable requests to /~user/ to serve the user's public_html
# directory, remove the "UserDir disabled" line above, and uncomment
# the following line instead:
#
#UserDir public_html
</IfModule>
|
8、配置日志功能
/var/log/httpd/access.log && error.log
access.log:其需要记录的内容需要自定义
访问日志:
CustomLog "/path/to/access_log_file" Format_Name
LogFormat Format_String Format_Nam
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
# The following directives define some format nicknames for use with# a CustomLog directive (see below).#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
###%h:客户端地址
%l:远程登录名;通常为-
%u:认证时的远程用户名;通常为-
%t:接受到请求时的时间;
%r:请求报文的起始行;
%>s:响应状态码;
%b:响应报文的长度;单位字节;不包含HTTP首部
%{Header_Name}i:记录指定请求报文首部的内容(value)
%U:请求的URL;不包含其他任何请求串
##具体请参照http://httpd.apache.org/docs/2.2/mod/mod_log_config.html## ErrorLog: The location of the error log file.# If you do not specify an ErrorLog directive within a <VirtualHost># container, error messages relating to that virtual host will be# logged here. If you *do* define an error logfile for a <VirtualHost># container, that host's errors will be logged there and not here.#ErrorLog logs/error_log
|
9、路径别名和默认字符集
Alias /alias/ "/path/to/somewhere/" :前面别名结尾有/后面结尾就一定得有/
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
# We include the /icons/ alias for FancyIndexed directory listings. If you# do not use FancyIndexing, you may comment this out.#Alias /icons/ "/var/www/icons/"
###字符集# Specify a default charset for all content served; this enables# interpretation of all content as UTF-8 by default. To use the# default browser choice (ISO-8859-1), or to allow the META tags# in HTML content to override this choice, comment out this# directive:#AddDefaultCharset UTF-8
|
10、CGI脚本路径别名
URL --> FileSystem Directory
CGI:Common Gateway Interface
有很多机制需要SUID或SGID权限;
httpd无法直接执行脚本;基于CGI协议调用脚本解释器;等待脚本解释器返回结果到web服务器
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
# ScriptAlias: This controls which directories contain server scripts.# ScriptAliases are essentially the same as Aliases, except that# documents in the realname directory are treated as applications and# run by the server when requested rather than as documents sent to the client.# The same rules about trailing "/" apply to ScriptAlias directives as to# Alias.#ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
ScriptAlias /URL/ "/path/to/somewhere/" #格式;路径需要执行权限
##测试cat << EOFContent-Type: text/html
<pre>The hostname is:`hostname`.
The time is:`date`.
</pre>
EOF |
11、基于用户的访问控制
虚拟用户:不是系统的账号密码;
在配置文件LoadModule下(auth)开头的认证类型:
basic:基本认证;账号和密钥明文发送;
digest:摘要认证;hash编程之后发送
认证提供者(authentication provider):账号和密钥的存放位置(authn)
授权机制(authentication):根据什么进行授权(authz)
1、编辑配置文件使用:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[Linux]#vi /etc/httpd/conf/httpd.conf
#在<Directory>网站附近下找一个位置新建一个<Directory "/var/www/html/fin"> #指定目录文件
Options None #没有任何选项
AllowOverride AuthConfig #使用认证配置
AuthType Basic #认证类型
AuthName "Private Area" #质询时窗口标题
# AuthBasicProvider file #认证提供者;默认为文件 AuthUserFile /etc/httpd/conf/.htpasswd #指定文件存放用户账号
# AuthGroupFile /etc/httpd/conf/.htgroup #指定文件存放组# Require group GroupName #指定组名 Require valid-user #所有的合法账户
</Directory>
|
2、使用htpasswd命令生成认证库
|
1
2
3
4
5
6
7
8
9
|
[Linux]#htpasswd -b /etc/httpd/conf/.htpasswd pipi pipi
Adding password for user pipi
[Linux]#
详细参数可以man htpasswdSYNOPSIS htpasswd [ -c ] [ -m ] [ -D ] passwdfile username
htpasswd -b [ -c ] [ -m | -d | -p | -s ] [ -D ] passwdfile username password
htpasswd -n [ -m | -d | -s | -p ] username
htpasswd -nb [ -m | -d | -s | -p ] username password
|
12、虚拟主机
一个物理服务器提供多个站点;使用虚拟主机得先取消中心主机
1、基于不同的IP实现不同的虚拟
使用不同IP;
2、基于不同的port实现不同的虚拟主机
使用不同端口
3、基于不同的FQDN实现不同的虚拟主机
使用不同的ServerName的值:FQDN
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
# DocumentRoot: The directory out of which you will serve your# documents. By default, all requests are taken from this directory, but# symbolic links and aliases may be used to point to other locations.##DocumentRoot "/var/www/html" #这项需要先注释;中心主机##基于主机名不同进行测试;下面这项需要开启;IP和port是不需要开启的NameVirtualHost *:80
## NOTE: NameVirtualHost cannot be used without a port specifier# (e.g. :80) if mod_ssl is being used, due to the nature of the# SSL protocol.## VirtualHost example:# Almost any Apache directive may go into a VirtualHost container.# The first VirtualHost section is used for requests without a known# server name.#<VirtualHost *:80>
ServerAdmin webmaster@pipi.com
DocumentRoot /var/www/docs/pipi #指定站点路径
ServerName www.pipi.com #指定FQDN
ErrorLog logs/pipi.com-error_log #指定错误日志路径及名称
CustomLog logs/pipi.com-access_log common #指定访问日志路径及名称
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster@soul.org
DocumentRoot /var/www/docs/soul
ServerName www.soul.org
ErrorLog logs/soul.org-error_log
CustomLog logs/soul.org-access_log common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster@dark.net
DocumentRoot /www/docs/dark
ServerName www.dark.net
ErrorLog logs/dark.net-error_log
CustomLog logs/dark.net-access_log common
</VirtualHost>
##配置完成后需要在对应的路径下建立相应的文件[Linux]#httpd -t
Syntax OK[Linux]#service httpd restart
Stopping httpd: [ OK ]Starting httpd: [ OK ][Linux]#
|
配置完成后如在linux下测试则修改/etc/hosts文件;windows下修改C:\Windows\System32\drivers\etc\hosts文件
|
1
2
3
|
X.X.X.129 www.pipi.comX.X.X.129 www.soul.orgX.X.X.129 www.dark.net |
修改完成后直接访问即可。
|
1
2
3
4
5
6
|
#查看日志文件[Linux]#cd /var/log/httpd/
[Linux]#ls
access_log dark.net-access_log error_log pipi.com-access_log soul.org-access_log
access_log-20140309 dark.net-error_log error_log-20140309 pipi.com-error_log soul.org-error_log
[Linux]#
|
本文转自Mr_陈 51CTO博客,原文链接:http://blog.51cto.com/chenpipi/1379923,如需转载请自行联系原作者
