Apache server configuration overview (III)

Article Title: Apache server configuration overview (III ). Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Master server settings
　　
The Apache server requires various settings to define its own use of various parameters to provide Web services. When a VM is used, in addition to the settings covered in the definition items of the VM (some settings must be redefined), the settings here are also the default settings of the VM.
　　
Port 80
　　
Port defines the Port used by the httpd daemon in Standalone mode. The standard Port is 80. This option is only valid for servers started in an independent mode. For servers started in inetd mode, define the port used in inetd. conf.
　　
Root permission is required to use port 80 in Unix. For security reasons, some administrators believe that the httpd server cannot have security vulnerabilities. Therefore, they prefer to use the permissions of common users to start the server, in this way, port 80 and other ports smaller than 1024 cannot be used, but port greater than 1024 must be used to start httpd. Generally, port 8000 or 8080 is also a common port. The Apache httpd server can be run as a common user after Port 80 is opened with the root permission. This reduces the risk and thus does not need to be considered. However, if you want to install and configure your own WWW server, you have to use a port greater than 1024.
　　
User nobody
　　
Group nogroup
　　
User and Group configurations are the security guarantee of Apache. After Apache opens the port, it sets itself as the User and Group permissions set for these two options to run, this reduces the risk of servers. This option is only used in Standalone mode. The inetd mode specifies the user that runs Apache in inetd. conf. Because the server must perform the setuid () operation to change the identity, the initial process should have root permissions. If a non-root user is used to start Aapche, this configuration will not work.
　　
The default value is nobody and nogroup. This user and group do not have files in the system, which ensures that the server itself and the CGI process started by it do not have the permission to change the file system. In some cases, for example, to run CGI and Unix interaction, you also need to have the server access the files on the server. If nobody and nogroup are still used, in this case, files belonging to the nobody will appear in the system, which is detrimental to system security because other programs will execute some operations with the nobody and nogroup permissions, it is possible to access the files owned by these nobodies, resulting in security problems. Generally, you need to set a specific user and group for the Web service, and change the user and group settings here.
　　
ServerAdmin you@your.address
　　
Only ServerAdmin should be changed in the configuration file. This item is used to configure the email address of the administrator of the WWW server. This will be returned to the browser when an HTTP service error occurs, this allows the Web user to contact the Administrator to report errors. Traditionally, webmaster on the server is used as the administrator of the WWW server. Through the alias mechanism of the mail server, emails sent to webmaster are sent to the real Web administrator.
　　
# ServerName new. host. name
　　
By default, you do not need to specify this ServerName parameter. The server automatically obtains its name through the name resolution process, however, if there is a problem with server name resolution (usually incorrect reverse resolution), or there is no formal DNS name, you can also specify an IP address here. When ServerName is set incorrectly, the server cannot start normally.
　　
Generally, a Web server can have multiple names. The client browser can use all these names or IP addresses to access the server. However, if no virtual host is defined, the server always responds to the browser with its own official name. ServerName defines the formal name recognized by the Web server. For example, if the name of A server (A type is defined in DNS) is exmaple.org.cn, at the same time, an alias (CNAME record) is also defined as www.exmaple.org.cn for convenience of memory, so the name automatically parsed by Apache is example.org.cn, so no matter which name the client browser uses to send requests, the server always tells the customer that the program is example.org.cn. Although this generally does not cause any problems, considering that the server may be migrated to another computer one day, the Migration task is completed only by changing the www alias configuration in DNS, therefore, if you do not want to use Linux to record the address of the server in their bookmarks, you must use ServerName to re-specify the official name of the server.
　　
DocumentRoot "/www /"
　　
DocumentRoot defines the path for storing Hypertext files released by the server. The ur l requested by the client program is mapped to the webpage files under this directory. The subdirectories under this directory, as well as the files and directories identified by the symbolic connection, can be accessed by the browser, but the same relative directory name must be used on the URL.
　　
Note: although the symbolic connection is logically located under the root document directory, it can actually be located in any directory on the computer, so that the client program can access directories outside the root document directory, this increases flexibility while reducing security. Apache provides the FollowSymLinks option in Directory Access Control to enable or disable the feature that supports symbolic connections.