httpd 常见配置
指定服务器名
[root@centos8 ~]# httpd -t
AH00558: httpd: Could not reliably determine the server's fully qualified domain
name, using centos8.localdomain. Set the 'ServerName' directive globally to
suppress this message
Syntax OK
[root@centos8 ~]# vim /etc/httpd/conf/httpd.conf
#ServerName www.example.com:80
ServerName www.longxuan.vip
[root@centos8 ~]# httpd -t
Syntax OK
包含其它配置文件
指令:
Include file-path|directory-path|wildcard
IncludeOptional file-path|directory-path|wildcard
说明:
Include和IncludeOptional功能相同,都可以包括其它配置文件
但是当无匹配文件时,include会报错,IncludeOptional会忽略错误
范例:
#Wildcards may be included in the directory or file portion of the path. This
example will fail if there is no subdirectory in conf/vhosts that contains at
least one *.conf file:
Include conf/vhosts/*/*.conf
#Alternatively, the following command will just be ignored in case of missing
files or directories:
IncludeOptional conf/vhosts/*/*.conf
监听的IP和Port
Listen [IP:]PORT
说明:
(1) 省略IP表示为本机所有IP
(2) Listen指令至少一个,可重复出现多次
范例:
Listen 172.31.1.100:8080
Lsten 80
隐藏服务器版本信息
ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full
范例:
ServerTokens Prod[uctOnly] :Server: Apache
ServerTokens Major: Server: Apache/2
ServerTokens Minor: Server: Apache/2.0
ServerTokens Min[imal]: Server: Apache/2.0.41
ServerTokens OS: Server: Apache/2.0.41 (Unix)
ServerTokens Full (or not specified): Server: Apache/2.0.41 (Unix) PHP/4.2.2
MyMod/1.2 此为默认值
建议使用:ServerTokens Prod
禁止错误网页版本泄露
ServerSignature On | Off | EMail
默认值Off,如果ServerTokens 使用默认值,并且ServerSignature选项为on,当客户请求的网页并不存在时,服务器将产生错误文档,错误文档的最后一行将包含服务器名字、Apache版本等信息,如果不对外显示这些信息,就可将这个参数设置为Off, 如果设置为Email,将显示ServerAdmin 的Email提示
ServerSignature on
ServerAdmin root@xxx.com
ServerSignature email
持久连接
Persistent Connection:连接建立,每个资源获取完成后不会断开连接,而是继续等待其它的请求完成,默认开启持久连接
断开条件:
时间限制:以秒为单位, 默认5s,httpd-2.4 支持毫秒级
请求数量: 请求数达到指定值,也会断开
副作用:对并发访问量大的服务器,持久连接会使有些请求得不到响应
折衷:使用较短的持久连接时间
持久连接相关指令:
KeepAlive On|Off
KeepAliveTimeout 15 #连接持续15s,可以以ms为单位,默认值为5s
MaxKeepAliveRequests 500 #持久连接最大接收的请求数,默认值100
测试方法:
telnet WEB_SERVER_IP PORT
GET /URL HTTP/1.1
Host: WEB_SERVER_IP
Dynamic Shared Object,加载动态模块配置,不需重启即生效
动态模块所在路径: /usr/lib64/httpd/modules/
主配置 /etc/httpd/conf/httpd.conf 文件中指定加载模块配置文件
ServerRoot "/etc/httpd"
Include conf.modules.d/*.conf
配置指定实现模块加载格式:
LoadModule <mod_name> <mod_path>
模块文件路径可使用相对路径:相对于ServerRoot(默认/etc/httpd)
范例:查看模块加载的配置文件
[root@centos8 ~]# ls /etc/httpd/conf.modules.d/
00-base.conf 00-lua.conf 00-optional.conf 00-systemd.conf 10-h2.conf
README
00-dav.conf 00-mpm.conf 00-proxy.conf 01-cgi.conf 10-proxy_h2.conf
[root@centos8 ~]#cat /etc/httpd/conf.modules.d/00-base.conf
#
# This file loads most of the modules included with the Apache HTTP
# Server itself.
#
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule allowmethods_module modules/mod_allowmethods.so
LoadModule auth_basic_module modules/mod_auth_basic.so
...省略...
查看静态编译的模块:httpd -l
查看静态编译及动态装载的模块:httpd -M
范例:
# 列出静态编译模块
[root@centos8 ~]# httpd -l
Compiled in modules:
core.c
mod_so.c
http_core.c
# 列出静态和动态编译的模块
[root@centos8 ~]# httpd -M
AH00558: httpd: Could not reliably determine the server's fully qualified domain
name, using centos8.localdomain. Set the 'ServerName' directive globally to
suppress this message
Loaded Modules:
core_module (static)
so_module (static)
http_module (static)
access_compat_module (shared)
actions_module (shared)
alias_module (shared)
allowmethods_module (shared)
auth_basic_module (shared)
...省略...
MPM (Multi-Processing Module) 多路处理模块
httpd 支持三种MPM工作模式:prefork, worker, event
切换使用的MPM:
#启用要启用的MPM相关的LoadModule指令即可,其它未启用的两项需要在行首加#注释
[root@centos8 ~]# vim /etc/httpd/conf.modules.d/00-mpm.conf
#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
#LoadModule mpm_worker_module modules/mod_mpm_worker.so
LoadModule mpm_event_module modules/mod_mpm_event.so
注意:不要同时启用多个MPM模块,否则会出现以下错误
AH00534: httpd: Configuration error: More than one MPM loaded.
范例:查看CentOS 8 和 CentOS 7 默认的MPM工作模式
# 查看CentOS 8 默认的MPM工作模式
[root@centos8 ~]# httpd -M |grep mpm
AH00558: httpd: Could not reliably determine the server's fully qualified domain
name, using centos8.localdomain. Set the 'ServerName' directive globally to
suppress this message
mpm_event_module (shared)
# 查看CentOS 7 默认的MPM工作模式
[root@centos7 ~]# httpd -M |grep mpm
AH00558: httpd: Could not reliably determine the server's fully qualified domain
name, using centos7.localdomain. Set the 'ServerName' directive globally to
suppress this message
mpm_prefork_module (shared)
范例:修改CentOS 8使用 prefork 模型
[root@centos8 ~]# vim /etc/httpd/conf.modules.d/00-mpm.conf
[root@centos8 ~]# grep Load /etc/httpd/conf.modules.d/00-mpm.conf
# one of the following LoadModule lines. See the httpd.conf(5) man
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
#LoadModule mpm_worker_module modules/mod_mpm_worker.so
#LoadModule mpm_event_module modules/mod_mpm_event.so
[root@centos8 ~]# httpd -M | grep mpm
AH00558: httpd: Could not reliably determine the server's fully qualified domain
name, using centos8.localdomain. Set the 'ServerName' directive globally to
suppress this message
mpm_prefork_module (shared)
prefork 模式相关的配置
StartServers 100
MinSpareServers 50
MaxSpareServers 80
ServerLimit 2560 #最多进程数,最大值 20000
MaxRequestWorkers 2560 #最大的并发连接数,默认256
MaxConnectionsPerChild 4000 #子进程最多能处理的请求数量。在处理MaxRequestsPerChild 个
请求之后,子进程将会被父进程终止,这时候子进程占用的内存就会释放(为0时永远不释放)
MaxRequestsPerChild 4000 #从 httpd.2.3.9开始被MaxConnectionsPerChild代替
worker和event 模式相关的配置
ServerLimit 16 #最多worker进程数 Upper limit on configurable number of
processes
StartServers 10 #Number of child server processes created at startup
MaxRequestWorkers 150 #Maximum number of connections that will be processed
simultaneously
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25 #Number of threads created by each child process
定义Main server的文档页面路径
DocumentRoot "/path”
<directory /path>
Require all granted
</directory>
说明:
DocumentRoot指向的路径为URL路径的起始位置
/path 必须显式授权后才可以访问
范例:
DocumentRoot "/data/html"
<directory /data/html>
Require all granted
</directory>
# URL和磁盘路径的映射关系
http://HOST:PORT/test/index.html --> /data/html/test/index.html
定义站点默认主页面文件
DirectoryIndex index.php index.html
定义路径别名
格式:
Alias /URL/ "/PATH/"
范例:
DocumentRoot "/www/htdocs"
#http://www.longxuan.vip/download/bash.rpm ==>/www/htdocs/download/bash.rpm
Alias /download/ "/rpms/pub/"
#http://www.longxuan.vip/download/bash.rpm ==>/rpms/pub/bash.rpm
#http://www.longxuan.vip/images/logo.png ==>/www/htdocs/images/logo.png
范例:
[root@centos8 ~]# cat /etc/httpd/conf.d/test.conf
alias /news /data/html/newsdir/
<directory /data/html/newsdir>
require all granted
</directory>
可实现访问控制的资源
可以针对文件系统和URI的资源进行访问控制
文件系统路径:
#基于目录
<Directory "/path">
...
</Directory>
#基于文件
<Files "/path/file”>
...
</Files>
#基于文件通配符
<Files "/path/*file*”>
...
</Files>
#基于扩展正则表达式
<FilesMatch "regex”>
...
</FilesMatch>
范例:
<FilesMatch ".+\.(gif|jpe?g|png)$">
# ...
</FilesMatch>
<Files ".ht*"> #通配符
Require all denied
</Files>
URL路径:
<Location "URL">
...
</Location>
<LocationMatch "regex">
...
</LocationMatch>
范例:
#/private1, /private1/,/private1/file.txt 匹配
#/private1other 不匹配
<Location "/private1">
# ...
</Location>
#/private2/,/private2/file.txt 匹配
#/private2,/private2other 不匹配
<Location "/private2/">
# ...
</Location>
范例:
<Location /status>
<LocationMatch "/(extra|special)/data">
针对目录和URL实现访问控制
(1) Options指令:
后跟1个或多个以空白字符分隔的选项列表, 在选项前的+,- 表示增加或删除指定选项
常见选项:
Indexes:指明的URL路径下不存在与定义的主页面资源相符的资源文件时,返回索引列表给用户
FollowSymLinks:允许访问符号链接文件所指向的源文件
None:全部禁用
All: 全部允许
范例:
<Directory /web/docs>
Options -Indexes -FollowSymLinks
</Directory>
<Directory /web/docs/spec>
Options -FollowSymLinks
</Directory>
范例: 编译安装的httpd实现下载功能
[root@centos8 ~]# vim /apps/httpd/conf.d/test.conf
<directory /data/html/software>
options Indexes FollowSymLinks
</directory>
范例:实现下载页面
[root@centos8 ~]# cd /etc/httpd/conf.d/
[root@centos8 conf.d]# mv welcome.conf{,.bak}
[root@centos8 ~]# echo /data/data.html > /data/data.html
[root@centos8 ~]# ln -s /data /var/www/html/datalink
[root@centos8 ~]# mkdir /var/www/html/dir1/
[root@centos8 ~]# echo /var/www/html/dir1/dir1.html >
/var/www/html/dir1/dir1.html
[root@centos8 ~]# echo Test Page > /var/www/html/test.html
[root@centos8 ~]# systemctl restart httpd
打开浏览器,访问 http://httpd主机IP/ 即可看到
[root@centos8 ~]# vim /etc/httpd/conf/httpd.conf
#Options Indexes FollowSymLinks
Options Indexes #将上面行加注释,修改为此行
[root@centos8 ~]# systemctl restart httpd
打开浏览器,访问http://httpd主机IP/ 无法看软链接目录datalink
(2) AllowOverride指令
与访问控制相关的哪些指令可以放在指定目录下的.htaccess(由AccessFileName 指令指
定,AccessFileName .htaccess 为默认值)文件中,覆盖之前的配置指令,只对语句有效
常见用法:
AllowOverride All: .htaccess中所有指令都有效
AllowOverride None: .htaccess 文件无效,此为httpd 2.3.9以后版的默认值
AllowOverride AuthConfig .htaccess 文件中,除了AuthConfig 其它指令都无法生效
范例:
[root@centos8 ~]# vim /etc/httpd/conf/httpd.conf
#Options Indexes FollowSymLinks
Options Indexes
#AllowOverride None
AllowOverride options=FollowSymLinks,indexes #注释上一行,修改为此行
[root@centos8 ~]# vim /var/www/html/dir1/.htaccess
Options FollowSymLinks indexes #加此行
[root@centos8 ~]# ln -s /app /var/www/html/dir1/applink
[root@centos8 ~]# systemctl restart httpd
打开浏览器,访问http://httpd主机IP/dir1,可以看到applink的软链接
打开浏览器,访问http://httpd主机IP/ 无法看软链接目录datalink
范例:.htaccess文件默认被禁止访问
[root@centos7 test2]# grep -Ev '^ *#|^$' /apps/httpd24/conf/httpd.conf |grep -A 2
'ht\*'
<Files ".ht*">
Require all denied
</Files>