Apache server configuration overview (III)

Master server settings

The Apache server requires various settings to define its own use of various parameters to provide Web services. When a VM is used, in addition to the settings covered in the definition items of the VM (some settings must be redefined), the settings here are also the default settings of the VM.
　

Port 80
Port defines the Port used by the httpd daemon in Standalone mode. The standard Port is 80. This option is only valid for servers started in an independent mode. For servers started in inetd mode, define the port used in inetd. conf.
　

Root permission is required to use port 80 in Unix. For security reasons, some administrators believe that the httpd server cannot have security vulnerabilities. Therefore, they prefer to use the permissions of common users to start the server, in this way, port 80 and other ports smaller than 1024 cannot be used, but port greater than 1024 must be used to start httpd. Generally, port 8000 or 8080 is also a common port. The Apache httpd server can be run as a common user after Port 80 is opened with the root permission. This reduces the risk and thus does not need to be considered. However, if you want to install and configure your own WWW server, you have to use a port greater than 1024.
　

User nobody
Group nogroup
User and Group configurations are the security guarantee of Apache. After Apache opens the port, it sets itself as the User and Group permissions set for these two options to run, this reduces the risk of servers. This option is only used in Standalone mode. The inetd mode specifies the user that runs Apache in inetd. conf. Because the server must perform the setuid () operation to change the identity, the initial process should have root permissions. If a non-root user is used to start Aapche, this configuration will not work.
　
The default value is nobody and nogroup. This user and group do not have files in the system, which ensures that the server itself and the CGI process started by it do not have the permission to change the file system. In some cases, for example, to run CGI and Unix interaction, you also need to have the server access the files on the server. If nobody and nogroup are still used, in this case, files belonging to the nobody will appear in the system, which is detrimental to system security because other programs will execute some operations with the nobody and nogroup permissions, it is possible to access the files owned by these nobodies, resulting in security problems. Generally, you need to set a specific user and group for the Web service, and change the user and group settings here.
　

ServerAdmin you@your.address
Only ServerAdmin should be changed in the configuration file. This item is used to configure the email address of the administrator of the WWW server. This will be returned to the browser when an HTTP service error occurs, this allows the Web user to contact the Administrator to report errors. Traditionally, webmaster on the server is used as the administrator of the WWW server. Through the alias mechanism of the mail server, emails sent to webmaster are sent to the real Web administrator.