Apache Server Configuration Raiders 1_ server

Apache Server Configuration Full Introduction (i)

The Apache server settings file is located in the/usr/local/apache/conf/directory and traditionally uses three profiles httpd.conf,access.conf and srm.conf to configure the Apache server's behavior.
HTTPD.CONF provides the most basic server configuration, the technical description of how the daemon httpd to run, srm.conf is the server's resource mapping file, tells the server the MIME types of the various files, and how to support these files; access.conf to configure access rights for the server, control different User and computer access restrictions; These three profiles control the characteristics of each aspect of the server, so the three files need to be set up to run the server properly.
In addition to these three settings files, Apache uses the Mime.types file to identify different files
The corresponding MIME type, the Magic file sets some special identities for different MIME type files, so that the Apache server can judge the MIME type of the document by using these special tags in the contents of the file when it cannot determine the MIME type of the file from the document suffix.
bash-2.02$ ls-l/usr/local/apache/conf
Total 100
-rw-r--r--1 root wheel 348 APR 16:01 access.conf
-rw-r--r--1 root wheel 348 Feb 13:33 Access.conf.default
-rw-r--r--1 root wheel 30331 may 08:55 httpd.conf
-rw-r--r--1 root wheel 29953 Feb 13:33 httpd.conf.default
-rw-r--r--1 root wheel 12441 Apr 15:42 Magic
-rw-r--r--1 root wheel 12441 Feb 13:33 magic.default
-rw-r--r--1 root wheel 7334 Feb 13:33 mime.types
-rw-r--r--1 root wheel 383 17:01 srm.conf
-rw-r--r--1 root Wheel 357 Feb 13:33 Srm.conf.default
In fact, the current version of Apache will originally httpd.conf, All of the configuration parameters in srm.conf and access.conf are placed in a single profile httpd.conf, only three profiles are used for reasons compatible with previous versions (from NCSA-HTTPD in the same way that the three settings files were used). There are no specific settings in the access.conf and srm.conf files provided.
Because in the new version of Apache, all of the settings are placed in the httpd.conf, so you just need to adjust the settings in this file. The following uses the default provided httpd.conf as an example to explain the various settings options for the Apache server. However, you do not have to worry because it provides too many parameters to set, basically these parameters are very clear, you can run the Apache server without changes. However, if you need to adjust the performance of the Apache server and increase support for an attribute, you need to understand what these settings parameters mean.
On the performance of the Apache server, there is a lot of controversy over the internet, basically using Apache users almost do not doubt its excellent performance, Apache also supported many well-known high load of the site, but in the business evaluation, Apache often scored low. Many people point out that in these reviews, commercial Web servers and their operating systems are often performed by engineers of their professional firms, while free operating systems and Web servers often use their default configurations or make only minor changes. It should be noted that, in addition to operating system performance tuning, the Apache server itself's default configuration is not optimized and most efficient, but to adapt to almost all kinds of operating systems, all kinds of hardware settings, multi-platform software is not possible for specific platforms and specific hardware to provide the most optimized default configuration. So when you want to use Apache, performance tuning is essential.

Another fact that has been overlooked in the business evaluation is that the metrics tend to compare different kinds of functions, such as using Apache's standard CGI performance compared to server-side APIs such as ISAPI,NSAPI, in fact the Apache server is Modperl with this comparable functionality, FastCGI, similar to ASP functionality for PHP, and so on, but because of the Apache open mode, these functions are independent development Group, as a stand-alone module to achieve. But in the evaluation, the tester did not add the corresponding module to evaluate its performance.
Operating parameters of the HTTP daemon
Httpd.conf first defines some of the parameters that the httpd daemon needs to run in order to determine its operating mode and operating environment.
ServerType Standalone
ServerType defines how the server is started, the default is independent STANDALONE,HTTPD
The server is started by itself and resides in the host to monitor connection requests. The Web server is automatically started in the startup file/etc/rc.d/rc.local/init.d/apache under Linux, which is the recommended setting.
Another way to start the Apache server is to inet, use the Super server inetd to monitor connection requests and start the server. When you need to use the inetd startup method, you need to change to this setting, mask the/etc/rc.d/rc.local/init.d/apache file, and change the/etc/ Inetd.conf and inetd, then Apache can be launched from the inetd.
The difference between the two approaches is that the server itself manages its own startup process. This allows multiple copies of the server to be started immediately at boot time, with each replica residing in memory, and a connection request that does not require a child process to be processed immediately, responding faster and with higher performance to the client's browser request. The inetd way to start the HTTP server by inetd found that there is a connection request, because inetd to listen to too many ports, so the response is slower, less efficient, but save the connection request when the Web server occupies resources. Therefore, the inetd method is only used on servers that are occasionally accessed and do not require access speed. In fact, the inetd mode is not suitable for the HTTP burst and multiple connection characteristics, because a page may contain multiple images, and each image will cause a connection request, even though the number of visitors to teach less, but a few moments of connection requests, which is limited by inetd performance, It can even affect other server programs that are started by inetd.
ServerRoot "/usr/local"
ServerRoot is used to specify the running directory of the daemon httpd, httpd will automatically change the current directory of the process to this directory after it is started, so if the file or directory specified in the settings file is a relative path, the True path is located under the ServerRoot defined path.
Because the httpd will often do concurrent file operations, you need to use a lock to ensure that the file operation does not conflict, because NFS file system in the file lock ability is limited, so this directory should be a local disk file system, and should not use NFS file system.
#LockFile/var/run/httpd.lock
The Lockfile parameter specifies the lock file for the httpd daemon, which generally does not need to be set, and the Apache server automatically operates in the path below ServerRoot. However, if ServerRoot is an NFS file system, you need to use this parameter to specify the path in the local file system.
Pidfile/var/run/httpd.pid
Pidfile the specified file will record the process number of the httpd daemon, because httpd can automatically replicate itself, so there are multiple httpd processes in the system, but only one process is the first initiated process, it is the parent process for the other process, and sending a signal to the process affects all httpd processes. The process number of the httpd parent process is recorded in the file defined by the Pidfile.
Scoreboardfile/var/run/httpd.scoreboard
HTTPD uses Scoreboardfile to maintain the internal data of the process, so there is usually no need to change this parameter unless the administrator wants to run several Apache servers on a single computer, and each Apache server requires a separate setup file htt Pd.conf, and use a different scoreboardfile.
#ResourceConfig conf/srm.conf
#AccessConfig conf/access.conf
These two parameters, ResourceConfig and AccessConfig, are compatible with the old version of Apache that uses srm.conf and access.conf settings files. If there is no compatible need, the corresponding settings file can be specified as/dev/null, which means that no other settings file exists, and that only one file is used httpd.conf to save all of the setup options.
Timeout 300
Timeout defines a time-out interval for client and server connections that will disconnect the client after this interval (in seconds).
KeepAlive on
In HTTP 1.0, a connection can only transmit one HTTP request at a time, and the keepalive parameter is used to support a single connection, multiple transfer features of the HTTP 1.1 version, so that multiple HTTP requests can be delivered in a single connection. Although only newer browsers support this feature, it is still open to use this option.
Maxkeepaliverequests 100
Maxkeepaliverequests the maximum number of requests for HTTP requests that can be made for a single connection. Setting its value to 0 will support an unlimited transmission request within a single connection. In fact, no client program requests too many pages in a single connection, and usually does not reach the upper limit to complete the connection.
KeepAliveTimeout 15
KeepAliveTimeout tests the time between multiple request transfers in a connection, and if the server has completed a request but has not received the next request from the client, the server disconnects after the interval exceeds the value set by this parameter.

Apache Server Configuration Full Introduction (II)
Minspareservers 5MaxSpareServers 10
On a Web server that uses a subprocess to process an HTTP request, the response time is slightly delayed because the child process is first built to process the customer's request. However, the Apache server uses a special technique to get rid of the problem, which is that the pre-generated multiple free child processes reside in the system and are immediately processed using these free subprocess once a request arises, so there is no delay caused by the build child process. As the number of client requests increases in the running, the child processes that are started are increased, but the server replicas do not exit immediately after processing an HTTP request, but stay on the computer for the next request. But the free copy of the child process does not increase the light without decreasing, too many free child processes do not process tasks and consume server processing power, so it is also necessary to limit the number of free copies so that they can be kept in a proper amount so that both the customer request and the unnecessary number of processes can be reduced.
Therefore, you can use parameter minspareservers to set the minimum number of free child processes, and
Using parameter maxspareservers to limit the maximum number of free child processes, redundant server process replicas exit. Based on the actual situation of the server to set up, if the server performance is high, and is also frequently accessed, you should increase the settings of these two parameters. For a highly loaded professional web site, the two values should be roughly the same and equal to the maximum number of server replicas supported by the system, as well as unnecessary copy exits.

Startservers 5
The Startservers parameter is used to set the number of child process replicas that are started when the httpd is started, and this parameter is related to the minspareservers and maxspareservers parameters defined above and is used to initiate the idle subprocess to increase the server's response speed. This parameter should be set to a numeric value between the first two values, less than minspareservers and greater than maxs pareservers is meaningless.
MaxClients 150
On the other hand, the server's capabilities are limited after all, it is not possible to handle an unlimited number of connection requests at the same time, so the parameter maxclient s is used to specify the maximum number of concurrent clients that the server supports, if this value is set too large, When the system is busy, it has to switch between too many processes to service a large number of customers, which slows down the response to each customer and reduces overall efficiency. If this value is set to a lesser size, some client connection requests will be rejected when the system is busy. When server performance is high, you can increase the setting of this value appropriately. For professional Web sites, you should use a strategy to improve server efficiency, so this parameter cannot exceed the hardware itself, and if frequent denial of access occurs, you need to upgrade the server hardware. For the unprofessional web site, it is not too concerned about the response speed of the client browser, or that the reaction speed is slower than the refusal to connect better, you can also slightly exceed the hardware conditions to set this parameter.
This parameter restricts the minspareservers and maxspareservers settings, and they should not be greater than the setting of this parameter.
Maxrequestsperchild 30
A Web service that uses a subprocess to provide a service is a common way to connect a child process to a single connection, causing the problem that each connection requires a system operation to generate and exit the subprocess, making these additional processes occupy the computer's capacity for processing. So the best way to do this is to have a child process that can request services for multiple connections, this does not require these build, exit process system consumption, Apache in this way, once the connection is over, the child process does not quit, but stay in the system waiting for the next service request, which greatly improve performance.

However, due to the continuous application and release of memory in the process of neutron processing, more times will cause some memory garbage, which will affect the stability of the system and affect the efficient utilization of system resources. Thus, after a certain number of requests have been processed by a copy, a copy of the child process can be exited and a clean copy is replicated from the original httpd process, which can improve the stability of the system. In this way, the number of service requests processed by each subprocess is defined by the Maxre questperchild. The default setting value is 30, which is overly conservative for Linux systems with high stability characteristics, can be set to 1000 or higher, and is set to 0 to support unlimited service processing for each replica.
#Listen 3000
#Listen 12.34.56.78:80
#BindAddress *
The Listen parameter can specify that the server monitors HTTP requests for other ports in addition to the standard 80 ports. Because the FreeBSD system can have multiple IP addresses at the same time, you can also specify that the server listen only for HTTP requests to an IP address of a bindaddress</b>. If this is not configured, the server responds to requests for all IP.
Even if the bindaddress parameter is used, the server responds only to requests for one IP address, but by using the extended listen parameter, the HTTP daemon can still be allowed to respond to requests for other IP addresses. At this point the use of the Listen parameter is the same as the second example above. This more complex usage is primarily used to set up a virtual host. After that, you can define a virtual host for different IP with the VirtualHost parameter, but this usage is the method of setting up the virtual Host in the earlier HTTP 1.0 standard, each need an IP address for a virtual host, in fact it is not very useful. In HTTP 1.1, the support of the virtual host of single IP address multi domain is increased, which makes the setting of the virtual host more significant.
LoadModule Mime_magic_module libexec/apache/mod_mime_magic.so
LoadModule Info_module libexec/apache/mod_info.so
LoadModule Speling_module libexec/apache/mod_speling.so
LoadModule Proxy_module libexec/apache/libproxy.so
LoadModule Rewrite_module libexec/apache/mod_rewrite.so
LoadModule Anon_auth_module libexec/apache/mod_auth_anon.so
LoadModule Db_auth_module libexec/apache/mod_auth_db.so
LoadModule Digest_module libexec/apache/mod_digest.so
LoadModule Cern_meta_module libexec/apache/mod_cern_meta.so
LoadModule Expires_module libexec/apache/mod_expires.so
LoadModule Headers_module libexec/apache/mod_headers.so
LoadModule Usertrack_module libexec/apache/mod_usertrack.so
LoadModule Unique_id_module libexec/apache/mod_unique_id.so
Clearmodulelist
Addmodule mod_env.c
Addmodule mod_log_config.c
Addmodule MOD_MIME_MAGIC.C
Addmodule mod_mime.c
Addmodule MOD_NEGOTIATION.C
Addmodule MOD_STATUS.C
Addmodule mod_info.c
Addmodule mod_include.c
Addmodule mod_autoindex.c
Addmodule mod_dir.c
Addmodule MOD_CGI.C
Addmodule MOD_ASIS.C
Addmodule mod_imap.c
Addmodule MOD_ACTIONS.C
Addmodule mod_speling.c
Addmodule mod_userdir.c
Addmodule mod_proxy.c
Addmodule MOD_ALIAS.C
Addmodule mod_rewrite.c
Addmodule MOD_ACCESS.C
Addmodule mod_auth.c
Addmodule MOD_AUTH_ANON.C
Addmodule MOD_AUTH_DB.C
Addmodule mod_digest.c
Addmodule MOD_CERN_META.C
Addmodule MOD_EXPIRES.C
Addmodule MOD_HEADERS.C
Addmodule MOD_USERTRACK.C
Addmodule MOD_UNIQUE_ID.C
Addmodule mod_so.c
Addmodule MOD_SETENVIF.C

An important feature of the Apache server is its modular structure, which not only shows its ability to add new functionality through new modules at compile time, but also shows that its modules can dynamically load into the HTTP service program without loading unwanted modules. Using Apache dynamic loading modules requires only the load module and addmodule parameters to be set, which is the Apache DSO (Dynamic Shared Object) feature, However, to fully use the DSO feature is still not a simple thing, the improper changes in this setting may cause the server can not start normally. So if you're not adding or reducing the functionality that the server provides, don't change the settings here.
The above list shows the Linux default Apache server supported modules, in fact, many modules are not necessary, do not need the module will not be loaded into memory. The module can be statically connected to the Pache server, or it can be dynamically loaded, and the Apache feature is compiled into a dynamic loadable module, rather than the Apache default approach, which offers great flexibility at the expense of very small performance.
So the ability to dynamically load or performance has a slight impact, so you can recompile Apache, the functionality you need to compile into the Apache server inside, you can make the system appear cleaner, the efficiency is slightly improved. It is usually not necessary to recompile Apache for this purpose only, and if additional features are needed to recompile Apache, all modules can be statically connected to the Apache server while additional modules are added. Some users prefer dynamic loading modules, so you may want to use dynamic loading modules all.
These modules are placed under the/usr/local/apache/libexec/directory and each module corresponds to one feature of the Apache server. It takes a considerable amount of space to explain the functionality of each module in detail, and the more important features will be explained in the appropriate place later, and the functionality and usage of each module requires viewing Apache documentation.
#ExtendedStatus on
The Apache server can report its running status through special HTTP requests, and opening this extendedstatus parameter allows the server to report more comprehensive running status information.