CENTOS6 Service Management web-apache httpd configuration file

Apache HTTP Server (Apache) is an open source Web server for the Apache Software Foundation that can run in most computer operating systems due to its cross-platform and security. is widely used, is one of the most popular Web server-side software. It is fast, reliable, and can be augmented with simple APIs to compile perl/python and other interpreters into the server.

Its package is httpd:

[Email protected] ~]# Rpm-qa httpd

Httpd-2.2.15-39.el6.centos.x86_64

HTTPD is a yum installation or RPM package installation, the Master profile is saved by default in/etc/httpd/conf/httpd.conf

/etc/httpd/conf.d/*.conf accessible profiles for the primary configuration file

Here are some important parts of the main configuration file for the HTTPD program:

The httpd.conf configuration file consists of three parts:

Global Environment

Primary server Configuration

Virtual Host

I. Global ENVIRONMENT

# # # section 1:global Environment

1. Service Program root: Indicates the root directory where the server holds its configuration, errors, and log files.

ServerRoot "/ETC/HTTPD"

2.PID file storage path: relative path

Pidfile Run/httpd.pid

3. Turn on or off the continuous connection:

KeepAlive {on| OFF}

4. Maximum number of connections for persistent connections

Maxkeepaliverequests #最大连接数50

5. Persistent connection time-out

KeepAliveTimeout #超时时间为15s, unit default is S

6. For the MPM setting, the multi-channel processing module

# # Server-pool Size Regulation (MPM specific)

Prefork: A process responds to a request, is stable and reliable, any process crashes, does not affect another process, especially when the concurrency is very large when the resource consumption is large, especially involves a large number of process switching; Worker: A process generates multiple threads, One thread responds to a request event: One process responds to multiple requests at the same time, but does not generate threads

Note: For worker mode: Start multiple processes, each process generates multiple threads, and for thread because multiple threads share the same process resource, a thread opens a file and accesses it, so the second thread does not have to be opened, and it can be accessed directly; But when multiple threads write a resource at work, it can lead to resource contention, so in order to avoid the resource competition, it must be locked, so it is not good to solve the lock competition, in fact, the thread is more efficient than the process, this is difficult to say, especially Linux is not the original ecological support thread, This is why the default use of Prefork instead of worker is used.

Http-l #查看编译进内核的模块

If you are using a different mpm, modify the httpd entry in the file/etc/sysconfig/httpd file directly

#Httpd=/usr/sbin/httpd.worker

Preforck module:

<ifmodule preforck.c> determine if the module exists

Startservers number of worker processes started by default

Minspareservers minimum number of idle processes

Maxspareservers maximum number of idle processes

Serverlimit maximum number of active processes

MaxClients Maximum number of concurrent connections, maximum number of connection requests initiated

Maxrequestsperchild the maximum number of requests per child process to allow service during the life cycle

</IfModule>

Instance:

<ifmodule prefork.c>startservers 8MinSpareServers 5MaxSpareServers 20ServerLimit 256MaxClients 256MaxRequestsPerChild 4000</ifmodule>

Worker module:

<ifmodule worker.c>

Startservers number of worker processes started by default

MaxClients Maximum number of concurrent connections

Minsparethreads minimum number of idle threads

Maxsparethreads Maximum number of idle threads

Threadsperchild the number of threads generated per own process

Maxrequestsperchild the maximum number of requests per child process to allow service during the life cycle

</IfModule>

Instance:

<ifmodule worker.c>startservers 4MaxClients 300MinSpareThreads 25MaxSpareThreads THREADSP Erchild 25MaxRequestsPerChild 0</ifmodule>

7, listening socket socket

Listen [Ip:]port

This instruction can appear multiple times, to specify that listening to a number of different sockets, IP address can be omitted, if the IP address is omitted to indicate that the listener on all the IP address of the machine

Listen 172.16.31.5:80

Listen 8080

8.DOS module loading mode, dynamic module

# Dynamic Shared Object (DSO) support

LoadModule Module_name/path/to/module

You can use an absolute path, or you can use a relative path, if you use a relative path, relative to the location defined by ServerRoot.

Httpd-m #列出所有已加载的DOS模块与非DOS模块

Instance:

LoadModule Auth_basic_module modules/mod_auth_basic.so

Two. Primary server configuration

# # # 2: ' Main ' server configuration

1. Primary server Administrator Mailbox

ServerAdmin [email protected]

2. Primary server name

#ServerName www.example.com:80

3. Configure the site root directory

Documentroot/path/to/somewhere

Only absolute paths can be used

#DocumentRoot "/var/www/html"

4. Page Access Properties

<direcotry "/path/to/somewhere" >

Options option

Indexes: When a specified default home page is missing, all files in the directory are allowed to be returned to the user in a list, dangerous: use with caution

FollowSymLinks: Allows to follow a symbolic link pointing to the old hint file

None: All of them are not enabled

All: Enabled for all

EXECCGI: Allow CGI scripts to be executed using the MOD_CGI module

Includes: Allows the Mod_include module to implement server-side containment

IncludesNOEXEC: Allow CGI scripts to be included but not allowed

MultiViews: Enable content negotiation with Mod_negotication

SymLinksIfOwnerMatch: When the link file belongs to the primary group of the original file, it allows to follow the original file pointed to by the symbolic connection

</Direcotry>

Default:

<directory/> Options followsymlinks allowoverride none</directory>

5. Configuration for the primary server root directory

# This should is changed to whatever your set DocumentRoot to.

Host-based access control (2.2-series configuration)

<direcotry "/path/to/somewhere" >

Options

AllowOverride

None cannot be disabled with the following options

Order order, written in the back for the default

Allow,deny: Deny without permission

Deny,allow: Allow without rejection

Allow from a host that is allowed through

Deny from denied host

Can be a separate IP address, or it can be a network segment

172.16.0

172.16.0.0

172.16.0.0/24

172.16.0.0/255.255.255.0

Represents a 172.16.0 network segment

</Direcotry>

If all matches or does not match, the default will prevail, otherwise the match to the

6. Define default Main Page

DirectoryIndex

The query order is queried in turn

DirectoryIndex index.html Index.html.var

7. Error log Location

Errorlog Logs/error_log

8. Error logging Level

LogLevel warn

9. Configure Logging Capabilities

Customlog Logs/access_log combined

Access.log access logs, which need to be recorded for custom content

Error.log error log,

Access log:

Customlog "/path/to/log_file" Logformat

Lofformat defines the log format, explaining only one of the most common

"%h%l%u%t \"%r\ "%>s%b \"%{referer}i\ "\"%{user-agent}i\ ""

%H: Client Address

%l: Remote login name, usually-

%u: The remote user name at the time of authentication, usually-

%t: Time received for the request, in standard English format time + time zone

\ ": Indicates escape, display"

%r: The starting line of the request message

%>s: Response Status Code

%b: The length of a byte-response message, without a header message

%{referer}i: Record the contents of the header of the specified request message

%{user-agent}i: User-used Tools

For more information, please refer to: http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats

10. Path aliases

alias/alias/"/path/to/somewhere"

means that when accessing Http://Server_IP/alias, its paging file is from/path/to/somewhere

Instance

alias/icons/"/var/www/icons/"

11. Specify the default character set

Adddefaultcharset

Instance:

Adddefaultcharset UTF-8

12. Script path alias (CGI interface)

Cgi:common Gateway Interface (Universal Gateway Interface) enables the Web to communicate with an application to obtain results from a communications environment, provided that the Mod_alias and mod_cgi modules must be loaded

Typically write echo "content-type:text/html" in the first line

scriptalias/url/files under "/path/to/somewhere" somewhere can be executed

The format is generally

Cat << EOF

Content-type:text/html

<pre>

The time is: ' Date '

</pre>

Eof

13. User-based access control

Virtual User: Not a user on the system, just to get a specific resource for a strong virtual user

Can be based on file, SQL database, DBM, LDAP authentication

Authentication Type (auth)

Basic: Essential authentication, account number and password sent in clear text

Digest: Digest authentication, hash number sent later

Certification provider (Authentiation provide): Location of account and password

Authorization mechanism (AUTHORIZATION): Authorization based on what

Case: Based on the file, do Basic authentication according to users and groups to authorize

1. Edit the configuration file to configure the authentication mechanism for directories requiring authentication

<directory "/server-status" >

Options None

AllowOverride authconfig using Authentication configuration

AuthType basic use of essential certifications

AuthName title of "Private area" challenge

AUTHUSERFILE/ETC/HTTP/CONF/.HTPASSWD where the password is stored

Require user Tom Jerry | Require Valid-user accessible users

</Directory>

Note:

Require Valid-user # Run all user access in the account file

Require User Tom # allow only specified users to log on

2. Use the HTPSSWDM command to generate the authentication library

htpasswd

-C Create a password to use when creating the first user

Htpasswd-c-m/etc/http/conf/.htpasswd Tom

-M MD5 format storage

-B Batch Mode

-D Delete User

3. Group-based authentication

<directory "/server-status" >

Options None

AllowOverride authconfig using Authentication configuration

AuthType basic use of essential certifications

AuthName title of "Private area" challenge

AUTHGROUPFILE/ETC/HTTP/CONF/.HTPASSWD where the password is stored

Require Group GroupName accessible users

</Directory>

Create a user first, create a group

Group files:

Group files: Define a group for each row

Format:

Group:user1 User2 User3

Three. Virtual Hosting

# # # section 3:virtual Hosts

If you open a virtual host, you need to turn on:

Namevirtualhost *:80

A physical server provides multiple sites; Use virtual to cancel a central host first

Note: Comment or cancel the main Server first; note the documentroot directive

Implement different virtual hosts based on different IP: change IP

Implement different virtual hosts based on different ports: change port

Implementing different virtual hosts based on different host names: Changing the value of servername

Access to different virtual hosts via host in Request message

<virtualhost ip:port>

Severname #主机名

DocumentRoot "" #服务器目录

<directory "" >

</Directory>

Serveralias #配置别名

ServerAdmin #管理邮箱

</VirtualHost>

Virtual hosts can configure user authentication, access logs, error logs, aliases, script aliases, and so on separately

Host-Name-based instances:

<virtualhost ip:80>

Documentroot/var/www1

ServerName www.test.com

Serveralias web.test.com

Serveralias test.com

Errorlog logs

Customlog "/var/log/httpd/access_test.log" Combind

</VirtualHost>

<virtualhost ip:80>

Documentroot/var/www2

ServerName www.oracle.com

Errorlog logs

Customlog "/var/log/httpd/access_oracle.log" Combind

</VirtualHost>

This article is from "Dragon Guardian" blog, please make sure to keep this source http://sohudrgon.blog.51cto.com/3088108/1589775

CENTOS6 Service Management web-apache httpd configuration file