httpd系列-01-配置
2016-09-24 本文已影响77人
hylexus
[TOC]
配置文件概览
-
主配置文件位置:
/etc/httpd/conf/httpd.conf
-
httpd -t
可测试配置文件的语法是否有误 -
配置文件大概分为3个部分,可以通过grep命令来大致查看:
[root@c2 conf]# grep "Section" httpd.conf
### Section 1: Global Environment
### Section 2: 'Main' server configuration
### Section 3: Virtual Hosts
-
另外,Main server和Virtual Hosts配置同时只能有一个生效
-
可以在/etc/httpd/conf.d/目录下定义以.conf结尾的文件来定义属性,也可以直接修改httpd.conf文件
httpd.conf配置文件的内容格式基本都是
directive-name directive-value
比如
MaxKeepAliveRequests 100
几个命令
- htpasswd:可用于生成访问控制所需的用户密码文件
- -c:新建文件
- -m:以md5的方式加密
- -d:删除指定文件中的指定用户
[root@c2 conf.d]# htpasswd -c -m /etc/httpd/.users tom
New password:
Re-type new password:
Adding password for user tom
[root@c2 conf.d]# htpasswd -m /etc/httpd/.users cat
New password:
Re-type new password:
Adding password for user cat
[root@c2 conf.d]# cat /etc/httpd/.users
tom:$apr1$j/IgPNIo$5zyp/tnoWrGencgOWlIYu/
cat:$apr1$W.Vbd.1S$2er0pf.3dtKjP71L9VPJI1
- httpd
- -l:查看内置模块:
- -M:
[root@c2 conf.d]# httpd -l
Compiled in modules:
core.c
prefork.c
http_core.c
mod_so.c
常用配置说明
全局配置
基本配置
# 显示服务器信息,详情可参考 : http://www.ha97.com/2505.html
ServerTokens OS
## ServerRoot
ServerRoot "/etc/httpd"
## PidFile run/httpd.pid
PidFile run/httpd.pid
# Timeout: The number of seconds before receives and sends time out.
Timeout 60
# 是否启用长连接
KeepAlive Off|On
# 一个长连接所允许的最大请求数目
# 0表示无限制
MaxKeepAliveRequests 100
# 一个长连接允许的最大"发呆时间",单位:秒
KeepAliveTimeout 15
#指定监听地址和端口
# Listen 192.168.1.111:80
Listen 80
# Load config files from the config directory "/etc/httpd/conf.d".
Include conf.d/*.conf
# 指定worker子进程以哪个用户的身份运行
User apache
Group apache
LoadModule
该指令配置httpd在启动的时候加载哪些模块
格式:
LoadModule 模块名 模块路径(相对)
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
........................
Options
- None:不支持任何选项
- Indexes:索引目录功能
- FollowSymLinks:是否允许访问符号链接指向的原文件
- Includes:是否允许服务器端包含(SSI-ServerSideInclude)
- SymLinksifOwnerMatch
- ExecCGI:允许允许CGI脚本
- MultiViews:内容协商相关的多视图技术支持,比如国际化等
- All:支持所有选项
Allow
定义基于主机的访问控制
# 顺序
Order allow,deny
Allow from all
# 只禁止192.168.0.1,172.16.100.177访问
Order from deny,allow
Deny 192.168.0.1,172.16.100.177
# 禁止任何用于远程访问以.ht开头的文件
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</Files>
AllowOverride
AllowOverride AuthConfig
# 认证类型:基本认证
AuthType Basic
# 认证提示
AuthName "Restricted Site ..."
# 认证所需用户密码文件位置
AuthUserFile "/etc/httpd/conf/.users"
# AuthGroupFile "/etc/httpd/conf/.groups"
# AuthUserFile所定义的所有用户都可以访问
Require valid-user
# 只允许tom访问
# Require user tom
# Require group my_group_name
Directory
本地文件系统
<Directory "/web/htdocs/4">
Options None
AllowOverride AuthConfig
AuthType Basic
AuthName "用户认证"
AuthUserFile /etc/httpd/conf/.users
Require valid-user
</Directory>
Location
<Location /status>
SetHandler server-status
Order Deny,Allow
Deny from all
Alow from foo.bar.com
</Location>
Main server配置
ServerAdmin root@localhost
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If this is not set to valid DNS name for your host, server-generated
# redirections will not work. See also the UseCanonicalName directive.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
# You will have to access it by its address anyway, and this will make
# redirections work in a sensible way.
#ServerName www.example.com:80
#
# UseCanonicalName: Determines how Apache constructs self-referencing
# URLs and the SERVER_NAME and SERVER_PORT variables.
# When set "Off", Apache will use the Hostname and Port supplied
# by the client. When set "On", Apache will use the value of the
# ServerName directive.
UseCanonicalName Off
# 站点根目录
DocumentRoot "/var/www/html"
# 默认主页
DirectoryIndex index.html index.html.var
# 支持的MIME类型定义文件所在路径
TypesConfig /etc/mime.types
# 默认的MIME类型
DefaultType text/plain
# 日志(access_log)中记录client的IP地址(Off)还是其hostname(On)
# 一般都是Off,因为反解析主机名较浪费时间
HostnameLookups Off
ErrorLog logs/error_log
# debug, info, notice, warn, error, crit,alert, emerg.
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
#此处的combined即为LogFormat的别名
CustomLog logs/access_log combined
# 别名
Alias /icons/ "/var/www/icons/"
虚拟主机配置
虚拟主机和Main Server同时只能有一个起作用,注释掉DocumentRoot即可禁用Main Server
对于虚拟主机的配置可直接在httpd.conf中编辑定义,也可在/etc/httpd/conf.d/目录下定义以.conf结尾的文件来定义。
# Use name-based virtual hosting.
#NameVirtualHost *:80
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /www/docs/dummy-host.example.com
ServerName dummy-host.example.com
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>
基于主机名、IP、端口混合的虚拟主机定义例子:
Listen 8080
# 在所有IP上,80端口使用基于主机名的虚拟主机
# NameVirtualHost *:80
<VirtualHost 192.168.1.103:80>
ServerName my-host-1.com
DocumentRoot /web/htdocs/1
CustomLog logs/referer_log combined
<Directory "/web/htdocs/1">
Options Indexes
AllowOverride None
Order deny,allow
# 拒绝192.168.1.106访问
Deny from 192.168.1.106
</Directory>
</VirtualHost>
<VirtualHost 192.168.1.103:80>
ServerName my-host-2.com
DocumentRoot /web/htdocs/2
</VirtualHost>
<VirtualHost 192.168.1.166:80>
ServerName my-host-3.com
DocumentRoot /web/htdocs/3
</VirtualHost>
<VirtualHost 192.168.1.103:8080>
# 添加:Listen 8080
ServerName my-host-4.com
DocumentRoot /web/htdocs/4
<Directory "/web/htdocs/4">
Options None
AllowOverride AuthConfig
AuthType Basic
AuthName "用户认证"
AuthUserFile /etc/httpd/conf/.users
Require valid-user
</Directory>
</VirtualHost>
和MPM相关的配置
MPM相关信息请看下文MPM章节
在<IfModule prefork.c></IfModule>
之间的配置只会在对应模块prefork启用时生效,其他类似。
<IfModule prefork.c>
# 服务器刚启动时的服务进程数
StartServers 8
# 最少空闲进程数
MinSpareServers 5
# 最大空闲进程数
MaxSpareServers 20
# MaxClients的上限值
ServerLimit 256
# 最大同时支持的请求数
MaxClients 256
# 每个子进程最多响应多少次请求
#达到此值后强行杀死进程,并重新启动一个新的子进程
MaxRequestsPerChild 4000
</IfModule>
<IfModule worker.c>
StartServers 4
MaxClients 300
# 最少空闲线程数
MinSpareThreads 25
# 最大空闲线程数
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
MPM
Multi Process Modules
几个MPM模型
- mpm_winnt
- prefork
- 一个请求用一个进程响应
- 稳定
- 性能低
- worker
- 每个进程产生多个线程
- 一个请求用一个线程响应
- event
- 一个进程处理过个请求
各个模型对应的启动脚本如下
/usr/sbin/httpd
/usr/sbin/httpd.event
/usr/sbin/httpd.worker
各个MPM模型默认模块
[root@c2 conf.d]# httpd -l
Compiled in modules:
core.c
prefork.c
http_core.c
mod_so.c
[root@c2 conf.d]# httpd.worker -l
Compiled in modules:
core.c
worker.c
http_core.c
mod_so.c
[root@c2 conf.d]# httpd.event -l
Compiled in modules:
core.c
event.c
http_core.c
mod_so.c
修改httpd的MPM
vim /etc/sysconfig/httpd
修改HTTPD配置即可
#HTTPD=/usr/sbin/httpd.worker