一、配置文件和基本格式
配置文件路径:/etc/httpd/conf/httpd.conf
配置参数 值
1、配置指令不区分字符大小写;但是值有可能区分字符大小写
2、有些指令可以重复出现多次
配置文件格式:
1、全局配置
2、主机配置:用于仅提供一个站点
3、虚拟主机:用于提供多个站点(和主机配置不能同时生效)
配置文件语法测试:{service httpd configtest | httpd -t}
二、详细配置
1、监听套接字
|
1
2
3
4
5
|
#配置文件事例
#Listen 12.34.56.78:80
Listen
80
Listen
8080
Listen
192.168
.
1.110
:
8082
|
此指令可以出现多次;用于指定监听多个不同的套接字:
|
1
2
3
4
5
6
7
8
9
10
11
12
|
[Linux]
#httpd -t
Syntax OK
[Linux]
#service httpd reload
Reloading httpd:
[Linux]
#ss -tnl
State Recv
-
Q Send
-
Q Local Address:Port Peer Address:Port
LISTEN
0
128
:::
111
:::
*
LISTEN
0
128
*
:
111
*
:
*
LISTEN
0
128
:::
8080
:::
*
LISTEN
0
128
:::
80
:::
*
LISTEN
0
128
192.168
.
1.186
:
8082
*
:
*
|
2、配置使用Keep Alive
|
1
2
3
4
5
6
7
|
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
#KeepAlive On
KeepAlive Off
MaxKeepAliveRequests
100
#持久连接最大请求数
KeepAliveTimeout
15
#超时时间
|
3、多道处理模块MPM
查看系统默认启用的模块
|
1
2
3
4
5
6
7
8
9
10
|
[Linux]
#httpd -l
Compiled
in
modules:
core.c
prefork.c
#默认启用prefork模块
http_core.c
mod_so.c
[Linux]
#
#如需启用worker模块;需要更改配置文件
[Linux]
#vi /etc/sysconfig/httpd
#HTTPD=/usr/sbin/httpd.worker #启用该项后重启httpd
|
配置模块信息
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
[Linux]
#vi /etc/httpd/conf/httpd.conf
# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# ServerLimit: maximum value for MaxClients for the lifetime of the server
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
prefork 稳定性较好,一个线程崩溃不会影响其他线程
<IfModule prefork.c> 判断prefork模块是否存在
StartServers
8
默认启动的工作进程数;不包含主进程
MinSpareServers
5
最少空闲进程数
MaxSpareServers
20
最大空闲进程数
ServerLimit
256
最大活动进程数
MaxClients
256
最多允许发起的请求的个数
MaxRequestsPerChild
4000
每个子进程在生命周期内所能够服务的最多请求个数
<
/
IfModule>
# worker MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
worker 多个进程;一个进程崩溃会影响其下的其他线程
<IfModule worker.c> 判断worker模块是否存在
StartServers
4
启动的子进程的个数
MaxClients
300
并发请求的最大个数
MinSpareThreads
25
最少空闲线程数
MaxSpareThreads
75
最大空闲线程数
ThreadsPerChild
25
每个子进程可生成的线程数
MaxRequestsPerChild
0
每个子进程在生命周期内所能够服务的最多请求个数;
0
表示不做限定
<
/
IfModule>
|
4、DSO模块的加载方式
LoadModule module_name /path/to/module
可以使用相对路径和绝对路径;相对路径则对于ServerRoot所定义的位置而言;
更改完成后service httpd reload可生效
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
# LoadModule foo_module modules/mod_foo.so
#
LoadModule auth_basic_module modules
/
mod_auth_basic.so
LoadModule auth_digest_module modules
/
mod_auth_digest.so
LoadModule authn_file_module modules
/
mod_authn_file.so
LoadModule authn_alias_module modules
/
mod_authn_alias.so
LoadModule authn_anon_module modules
/
mod_authn_anon.so
#
#
[Linux]
#httpd -M #可以查看系统所有装载模块
Loaded Modules:
core_module (static)
mpm_prefork_module (static)
http_module (static)
so_module (static)
auth_basic_module (shared)
auth_digest_module (shared)
authn_file_module (shared)
authn_alias_module (shared)
|
5、配置站点根目录和页面属性
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot
"/var/www/html"
DocumentRoot
"/path/to/somewhere(站点路径)"
#格式
# The Options directive is both complicated and important. Please see 下述站点有配置详细说明
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
<Directory
"/var/www/html"
>
#页面访问属性
#
#
Options Indexes FollowSymLinks
#
#
#
Indexes 缺少默认页面时;允许将目录中的所有文件已列表形式返回给用户
FollowSymLinks 允许跟随符号链接所指向的原始文件;危险
None
所有都不启用
All
所有都启用
ExecCGI 是否允许使用mod_cgi模块执行CGI脚本
Includes 是否允许使用mod_include模块实现服务器端包含(SSI)
MultiViews 允许使用mod_negotiation实现内容协商
SymLinksIfOwnerMatch 在链接文件属主属组与原始文件的属主属组相同时;允许跟随符号链接所指向的原始文件
#
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
基于主机的访问控制
#
#
AllowOverride
None
表示下面这些控制机制是否被禁用;
None
表示不被禁用
#
# Controls who can get stuff from this server.
#
#allow允许;deny不允许
Order allow,deny
#默认deny;没有allow的都deny;可以写多条;自上而下匹配
Allow
from
all
格式:
from
IP
Deny
#二者都匹配或二者都无匹配项时,则以后者为准;否则,则以匹配到的为准
<
/
Directory>
#最佳匹配:从列表中找出最小的能匹配到访问者的地址的条目为最终是生效的
#详细参考http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow
|
6、定义默认主页面
|
1
2
3
4
5
|
# The index.html.var file (a type-map) is used to deliver content-
# negotiated documents. The MultiViews Option can be used for the
# same purpose, but it is much slower.
#
DirectoryIndex index.html index.html.var
#自左而右依次查找
|
7、用户目录
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
# The path to the end user account 'public_html' directory must be
# accessible to the webserver userid. This usually means that ~userid
权限说明
# must have permissions of 711, ~userid/public_html must have permissions
# of 755, and documents contained therein must be world-readable.
# Otherwise, the client will only receive a "403 Forbidden" message.
#
# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
#
<IfModule mod_userdir.c>
#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
UserDir disabled
disabled 禁止
UserDir public_html 用户家目录下的目录名称,所有位于此目录中的文件均可通过前述的访问路径进行访问;用户的家目录的赋予运行httpd进程的用户拥有执行权限;
#
# To enable requests to /~user/ to serve the user's public_html
# directory, remove the "UserDir disabled" line above, and uncomment
# the following line instead:
#
#UserDir public_html
<
/
IfModule>
|
8、配置日志功能
/var/log/httpd/access.log && error.log
access.log:其需要记录的内容需要自定义
访问日志:
CustomLog "/path/to/access_log_file" Format_Name
LogFormat Format_String Format_Nam
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat
"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
combined
LogFormat
"%h %l %u %t \"%r\" %>s %b"
common
LogFormat
"%{Referer}i -> %U"
referer
LogFormat
"%{User-agent}i"
agent
#
#
#
%
h:客户端地址
%
l:远程登录名;通常为
-
%
u:认证时的远程用户名;通常为
-
%
t:接受到请求时的时间;
%
r:请求报文的起始行;
%
>s:响应状态码;
%
b:响应报文的长度;单位字节;不包含HTTP首部
%
{Header_Name}i:记录指定请求报文首部的内容(value)
%
U:请求的URL;不包含其他任何请求串
#
#具体请参照http://httpd.apache.org/docs/2.2/mod/mod_log_config.html
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog logs
/
error_log
|
9、路径别名和默认字符集
Alias /alias/ "/path/to/somewhere/" :前面别名结尾有/后面结尾就一定得有/
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
# We include the /icons/ alias for FancyIndexed directory listings. If you
# do not use FancyIndexing, you may comment this out.
#
Alias
/
icons
/
"/var/www/icons/"
#
#
#字符集
# Specify a default charset for all content served; this enables
# interpretation of all content as UTF-8 by default. To use the
# default browser choice (ISO-8859-1), or to allow the META tags
# in HTML content to override this choice, comment out this
# directive:
#
AddDefaultCharset UTF
-
8
|
10、CGI脚本路径别名
URL --> FileSystem Directory
CGI:Common Gateway Interface
有很多机制需要SUID或SGID权限;
httpd无法直接执行脚本;基于CGI协议调用脚本解释器;等待脚本解释器返回结果到web服务器
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the realname directory are treated as applications and
# run by the server when requested rather than as documents sent to the client.
# The same rules about trailing "/" apply to ScriptAlias directives as to
# Alias.
#
ScriptAlias
/
cgi
-
bin
/
"/var/www/cgi-bin/"
ScriptAlias
/
URL
/
"/path/to/somewhere/"
#格式;路径需要执行权限
#
#测试
cat << EOF
Content
-
Type
: text
/
html
<pre>
The hostname
is
:`hostname`.
The time
is
:`date`.
<
/
pre>
EOF
|
11、基于用户的访问控制
虚拟用户:不是系统的账号密码;
在配置文件LoadModule下(auth)开头的认证类型:
basic:基本认证;账号和密钥明文发送;
digest:摘要认证;hash编程之后发送
认证提供者(authentication provider):账号和密钥的存放位置(authn)
授权机制(authentication):根据什么进行授权(authz)
1、编辑配置文件使用:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[Linux]
#vi /etc/httpd/conf/httpd.conf
#在<Directory>网站附近下找一个位置新建一个
<Directory
"/var/www/html/fin"
>
#指定目录文件
Options
None
#没有任何选项
AllowOverride AuthConfig
#使用认证配置
AuthType Basic
#认证类型
AuthName
"Private Area"
#质询时窗口标题
# AuthBasicProvider file #认证提供者;默认为文件
AuthUserFile
/
etc
/
httpd
/
conf
/
.htpasswd
#指定文件存放用户账号
# AuthGroupFile /etc/httpd/conf/.htgroup #指定文件存放组
# Require group GroupName #指定组名
Require valid
-
user
#所有的合法账户
<
/
Directory>
|
2、使用htpasswd命令生成认证库
|
1
2
3
4
5
6
7
8
9
|
[Linux]
#htpasswd -b /etc/httpd/conf/.htpasswd pipi pipi
Adding password
for
user pipi
[Linux]
#
详细参数可以man htpasswd
SYNOPSIS
htpasswd [
-
c ] [
-
m ] [
-
D ] passwdfile username
htpasswd
-
b [
-
c ] [
-
m |
-
d |
-
p |
-
s ] [
-
D ] passwdfile username password
htpasswd
-
n [
-
m |
-
d |
-
s |
-
p ] username
htpasswd
-
nb [
-
m |
-
d |
-
s |
-
p ] username password
|
12、虚拟主机
一个物理服务器提供多个站点;使用虚拟主机得先取消中心主机
1、基于不同的IP实现不同的虚拟
使用不同IP;
2、基于不同的port实现不同的虚拟主机
使用不同端口
3、基于不同的FQDN实现不同的虚拟主机
使用不同的ServerName的值:FQDN
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
#DocumentRoot "/var/www/html" #这项需要先注释;中心主机
#
#基于主机名不同进行测试;下面这项需要开启;IP和port是不需要开启的
NameVirtualHost
*
:
80
#
# NOTE: NameVirtualHost cannot be used without a port specifier
# (e.g. :80) if mod_ssl is being used, due to the nature of the
# SSL protocol.
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
<VirtualHost
*
:
80
>
ServerAdmin webmaster@pipi.com
DocumentRoot
/
var
/
www
/
docs
/
pipi
#指定站点路径
ServerName www.pipi.com
#指定FQDN
ErrorLog logs
/
pipi.com
-
error_log
#指定错误日志路径及名称
CustomLog logs
/
pipi.com
-
access_log common
#指定访问日志路径及名称
<
/
VirtualHost>
<VirtualHost
*
:
80
>
ServerAdmin webmaster@soul.org
DocumentRoot
/
var
/
www
/
docs
/
soul
ServerName www.soul.org
ErrorLog logs
/
soul.org
-
error_log
CustomLog logs
/
soul.org
-
access_log common
<
/
VirtualHost>
<VirtualHost
*
:
80
>
ServerAdmin webmaster@dark.net
DocumentRoot
/
www
/
docs
/
dark
ServerName www.dark.net
ErrorLog logs
/
dark.net
-
error_log
CustomLog logs
/
dark.net
-
access_log common
<
/
VirtualHost>
#
#配置完成后需要在对应的路径下建立相应的文件
[Linux]
#httpd -t
Syntax OK
[Linux]
#service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
[Linux]
#
|
配置完成后如在linux下测试则修改/etc/hosts文件;windows下修改C:\Windows\System32\drivers\etc\hosts文件
|
1
2
3
|
X.X.X.129 www.pipi.com
X.X.X.129 www.soul.org
X.X.X.129 www.dark.net
|
修改完成后直接访问即可。
|
1
2
3
4
5
6
|
#查看日志文件
[Linux]
#cd /var/log/httpd/
[Linux]
#ls
access_log dark.net
-
access_log error_log pipi.com
-
access_log soul.org
-
access_log
access_log
-
20140309
dark.net
-
error_log error_log
-
20140309
pipi.com
-
error_log soul.org
-
error_log
[Linux]
#
|
本文转自Mr_陈 51CTO博客,原文链接:http://blog.51cto.com/chenpipi/1379923,如需转载请自行联系原作者
