httpd系列-01-常用配置

配置文件概览

• 主配置文件位置: /etc/httpd/conf/httpd.conf

• httpd -t 可测试配置文件的语法是否有误

• 配置文件大概分为3个部分，可以通过grep命令来大致查看:

[root@c2 conf]# grep "Section" httpd.conf### Section 1: Global Environment### Section 2: 'Main' server configuration### Section 3: Virtual Hosts

• 另外,Main server和Virtual Hosts配置同时只能有一个生效

• 可以在/etc/httpd/conf.d/目录下定义以.conf结尾的文件来定义属性，也可以直接修改httpd.conf文件

httpd.conf配置文件的内容格式基本都是

directive-name directive-value

比如

MaxKeepAliveRequests 100

几个命令

• htpasswd：可用于生成访问控制所需的用户密码文件
  
  • -c:新建文件
  • -m:以md5的方式加密
  • -d:删除指定文件中的指定用户

[root@c2 conf.d]# htpasswd -c -m /etc/httpd/.users tomNew password: Re-type new password: Adding password for user tom[root@c2 conf.d]# htpasswd -m /etc/httpd/.users catNew password: Re-type new password: Adding password for user cat[root@c2 conf.d]# cat /etc/httpd/.users tom:$apr1$j/IgPNIo$5zyp/tnoWrGencgOWlIYu/cat:$apr1$W.Vbd.1S$2er0pf.3dtKjP71L9VPJI1

• httpd
  
  • -l:查看内置模块:
  • -M:

[root@c2 conf.d]# httpd -lCompiled in modules:  core.c  prefork.c  http_core.c  mod_so.c

常用配置说明

全局配置

基本配置

# 显示服务器信息,详情可参考 : http://www.ha97.com/2505.htmlServerTokens OS## ServerRootServerRoot "/etc/httpd"## PidFile run/httpd.pidPidFile run/httpd.pid# Timeout: The number of seconds before receives and sends time out.Timeout 60# 是否启用长连接KeepAlive Off|On# 一个长连接所允许的最大请求数目# 0表示无限制MaxKeepAliveRequests 100# 一个长连接允许的最大"发呆时间",单位:秒KeepAliveTimeout 15#指定监听地址和端口# Listen 192.168.1.111:80Listen 80# Load config files from the config directory "/etc/httpd/conf.d".Include conf.d/*.conf# 指定worker子进程以哪个用户的身份运行User apacheGroup apache

LoadModule

该指令配置httpd在启动的时候加载哪些模块

格式:

LoadModule 模块名 模块路径(相对)

LoadModule auth_basic_module modules/mod_auth_basic.soLoadModule auth_digest_module modules/mod_auth_digest.soLoadModule authn_file_module modules/mod_authn_file.soLoadModule authn_alias_module modules/mod_authn_alias.soLoadModule authn_anon_module modules/mod_authn_anon.so........................

Options

• None:不支持任何选项
• Indexes:索引目录功能
• FollowSymLinks:是否允许访问符号链接指向的原文件
• Includes:是否允许服务器端包含(SSI-ServerSideInclude)
• SymLinksifOwnerMatch
• ExecCGI:允许允许CGI脚本
• MultiViews:内容协商相关的多视图技术支持,比如国际化等
• All:支持所有选项

Allow

定义基于主机的访问控制

# 顺序Order allow,denyAllow from all# 只禁止192.168.0.1,172.16.100.177访问Order from deny,allowDeny 192.168.0.1,172.16.100.177

# 禁止任何用于远程访问以.ht开头的文件<Files ~ "^\.ht">    Order allow,deny    Deny from all    Satisfy All</Files>

AllowOverride

AllowOverride AuthConfig# 认证类型:基本认证AuthType Basic# 认证提示AuthName "Restricted Site ..."# 认证所需用户密码文件位置AuthUserFile "/etc/httpd/conf/.users"# AuthGroupFile "/etc/httpd/conf/.groups"# AuthUserFile所定义的所有用户都可以访问Require valid-user# 只允许tom访问# Require user tom# Require group my_group_name

Directory

本地文件系统

<Directory "/web/htdocs/4">    Options None    AllowOverride AuthConfig    AuthType Basic    AuthName "用户认证"    AuthUserFile /etc/httpd/conf/.users    Require valid-user</Directory>

Location

<Location /status>    SetHandler server-status    Order Deny,Allow    Deny from all    Alow from foo.bar.com</Location>

Main server配置

ServerAdmin root@localhost## ServerName gives the name and port that the server uses to identify itself.# This can often be determined automatically, but we recommend you specify# it explicitly to prevent problems during startup.## If this is not set to valid DNS name for your host, server-generated# redirections will not work.  See also the UseCanonicalName directive.## If your host doesn't have a registered DNS name, enter its IP address here.# You will have to access it by its address anyway, and this will make # redirections work in a sensible way.#ServerName www.example.com:80## UseCanonicalName: Determines how Apache constructs self-referencing # URLs and the SERVER_NAME and SERVER_PORT variables.# When set "Off", Apache will use the Hostname and Port supplied# by the client.  When set "On", Apache will use the value of the# ServerName directive.UseCanonicalName Off# 站点根目录DocumentRoot "/var/www/html"# 默认主页DirectoryIndex index.html index.html.var# 支持的MIME类型定义文件所在路径TypesConfig /etc/mime.types# 默认的MIME类型DefaultType text/plain# 日志(access_log)中记录client的IP地址(Off)还是其hostname(On)# 一般都是Off,因为反解析主机名较浪费时间HostnameLookups OffErrorLog logs/error_log# debug, info, notice, warn, error, crit,alert, emerg.LogLevel warnLogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedLogFormat "%h %l %u %t \"%r\" %>s %b" commonLogFormat "%{Referer}i -> %U" refererLogFormat "%{User-agent}i" agent#此处的combined即为LogFormat的别名CustomLog logs/access_log combined# 别名Alias /icons/ "/var/www/icons/"

虚拟主机配置

虚拟主机和Main Server同时只能有一个起作用，注释掉DocumentRoot即可禁用Main Server
对于虚拟主机的配置可直接在httpd.conf中编辑定义，也可在/etc/httpd/conf.d/目录下定义以.conf结尾的文件来定义。

# Use name-based virtual hosting.#NameVirtualHost *:80# VirtualHost example:# Almost any Apache directive may go into a VirtualHost container.# The first VirtualHost section is used for requests without a known# server name.#<VirtualHost *:80>    ServerAdmin webmaster@dummy-host.example.com    DocumentRoot /www/docs/dummy-host.example.com    ServerName dummy-host.example.com    ErrorLog logs/dummy-host.example.com-error_log    CustomLog logs/dummy-host.example.com-access_log common</VirtualHost>

基于主机名、IP、端口混合的虚拟主机定义例子:

Listen 8080# 在所有IP上，80端口使用基于主机名的虚拟主机# NameVirtualHost *:80<VirtualHost 192.168.1.103:80>    ServerName my-host-1.com    DocumentRoot /web/htdocs/1    CustomLog logs/referer_log combined    <Directory "/web/htdocs/1">        Options Indexes        AllowOverride None        Order deny,allow        # 拒绝192.168.1.106访问        Deny from 192.168.1.106    </Directory></VirtualHost><VirtualHost 192.168.1.103:80>    ServerName my-host-2.com    DocumentRoot /web/htdocs/2</VirtualHost><VirtualHost 192.168.1.166:80>    ServerName my-host-3.com    DocumentRoot /web/htdocs/3</VirtualHost><VirtualHost 192.168.1.103:8080>    # 添加:Listen 8080    ServerName my-host-4.com    DocumentRoot /web/htdocs/4    <Directory "/web/htdocs/4">        Options None        AllowOverride AuthConfig        AuthType Basic        AuthName "用户认证"        AuthUserFile /etc/httpd/conf/.users        Require valid-user    </Directory></VirtualHost>

和MPM相关的配置

MPM相关信息请看下文MPM章节

在<IfModule prefork.c></IfModule>之间的配置只会在对应模块prefork启用时生效，其他类似。

<IfModule prefork.c># 服务器刚启动时的服务进程数StartServers       8# 最少空闲进程数MinSpareServers    5# 最大空闲进程数MaxSpareServers   20# MaxClients的上限值ServerLimit      256# 最大同时支持的请求数MaxClients       256# 每个子进程最多响应多少次请求#达到此值后强行杀死进程，并重新启动一个新的子进程MaxRequestsPerChild  4000</IfModule><IfModule worker.c>StartServers         4MaxClients         300# 最少空闲线程数MinSpareThreads     25# 最大空闲线程数MaxSpareThreads     75 ThreadsPerChild     25MaxRequestsPerChild  0</IfModule>

MPM

Multi Process Modules

几个MPM模型

• mpm_winnt
• prefork
  
  • 一个请求用一个进程响应
  • 稳定
  • 性能低
• worker
  
  • 每个进程产生多个线程
  • 一个请求用一个线程响应
• event
  
  • 一个进程处理过个请求

各个模型对应的启动脚本如下

/usr/sbin/httpd/usr/sbin/httpd.event/usr/sbin/httpd.worker

各个MPM模型默认模块

[root@c2 conf.d]# httpd -lCompiled in modules:  core.c  prefork.c  http_core.c  mod_so.c[root@c2 conf.d]# httpd.worker -lCompiled in modules:  core.c  worker.c  http_core.c  mod_so.c[root@c2 conf.d]# httpd.event -lCompiled in modules:  core.c  event.c  http_core.c  mod_so.c

修改httpd的MPM

vim /etc/sysconfig/httpd

修改HTTPD配置即可

#HTTPD=/usr/sbin/httpd.worker