Common configuration of Apache

1. Configure the startup script
If the source code is compiled and installed, you need to manually configure the startup script
The script is already available in the official source package: Build/rpm/httpd.init

Cp/usr/local/src/httpd-2.4.25/build/rpm/httpd.init/etc/init.d/httpd
Note that there are three main areas of the file that need to be modified:
HTTPD=${HTTPD-/USR/LOCAL/APACHE2/BIN/HTTPD}
Pidfile=${pidfile-/usr/local/apache2/logs/${prog}.pid}
Conffile=/usr/local/apache2/conf/httpd.conf
Please change the corresponding path according to your actual situation!

Then run the following command to join the startup list:
chmod +x/etc/init.d/httpd
Chkconfig--add httpd
Chkconfig httpd on

Vi/usr/local/apache2/conf/httpd.conf
Found it
#ServerName www.example.com:80
Change into
ServerName localhost:80

Check the configuration file syntax
/usr/local/apache2/bin/apachectl-t

Start Apache with a script
/ETC/INIT.D/HTTPD start

[[email protected] ~]#/etc/init.d/httpd start
Starting httpd: [OK]

2. Configure the virtual host
Vi/usr/local/apache2/conf/httpd.conf

Found it
#Include conf/extra/httpd-vhosts.conf
Remove the previous # number

Apache2.2 version and 2.4 Configuration syntax slightly different, next need to modify according to the corresponding version

Version Apache2.2:

Found it
<directory/>
Order Deny,allow
Deny from all
</Directory>
Change into
<directory/>
Order Deny,allow
Allow from all
</Directory>

Version Apache2.4:

Found it
<directory/>
allowoverride None
Require all denied
</Directory>
Change into
<directory/>
allowoverride None
Require all granted
</Directory>

Save file Exit after change

Vi/usr/local/apache2/conf/extra/httpd-vhosts.conf
Add the following configuration:
<virtualhost *:80>
DocumentRoot "/data/www"
ServerName www.test.com
Serveralias www.a.com
</VirtualHost>

3. Configure user authentication for the virtual host
For example, to set up user authentication for the Web Site Admin directory, add the following in the corresponding virtual host configuration file section:
<directory "/data/www/admin" >
AllowOverride authconfig
AuthName "Test"
AuthType Basic
authuserfile/data/.htpasswd
Require Valid-user
</Directory>

After saving, create an authenticated user
/USR/LOCAL/APACHE2/BIN/HTPASSWD-CM/DATA/.HTPASSWD Test
Parameter description:
-C: Create a new file. Add the second user to remove-c, or overwrite the previously generated file.
-M: Using MD5 encryption, version 2.4 can omit this parameter, which is the default.
-D: Using crypt encryption, the default encryption method for version 2.2.

4. Configure the domain name jump
<ifmodule mod_rewrite>
Rewriteengine on
Rewritecond%{http_host} ^www.a.com$
Rewriterule ^/(. *) $ http://www.test.com/$1 [r=301,l]
</IfModule>

If you have more than one domain name, you can set this:
Rewriteengine on
Rewritecond%{http_host} ^www.domain.com [OR]
Rewritecond%{http_host} ^www.domain1.com$
Rewriterule ^/(. *) $ http://www.domain2.com/$1 [r=301,l]
Or:
Rewriteengine on
Rewritecond%{http_host}!^www.domain2.com$
Rewriterule ^/(. *) $ http://www.domain2.com/$1 [r=301,l]

Prevents rewrite from appearing dead loops
For example:
Rewriterule ^ (. *)/abc/$1 [r,l]
Originally visited is the www.abc.com result becomes www.abc.com/abc/abc/abc/...
Add a condition:
Rewritecond%{request_uri}!^/abc
Rewriterule ^ (. *)/abc/$1 [r,l]
This will stop the loop.

5. Configure access logs for Apache
Errorlog "|/usr/local/apache2/bin/rotatelogs-l/usr/local/apache2/logs/test.com-error_%y%m%d.log 86400"
#不记录指定文件类型的日志
Setenvif Request_uri ". *\.gif$" Image-request
Setenvif Request_uri ". *\.jpg$" Image-request
Setenvif Request_uri ". *\.png$" Image-request
Setenvif Request_uri ". *\.bmp$" Image-request
Setenvif Request_uri ". *\.swf$" Image-request
Setenvif Request_uri ". *\.js$" Image-request
Setenvif Request_uri ". *\.css$" Image-request
Customlog "|/usr/local/apache2/bin/rotatelogs-l/usr/local/apache2/logs/test.com-access_%y%m%d.log 86400" combined Env=!image-request

6. Configure the static file cache
<ifmodule mod_expires.c>
    expiresactive on
     expiresbytype image/gif  "Access plus 1 days"
    expiresbytype image/jpeg "Access Plus hours "
    expiresbytype image/png" Access plus hours "
    Expiresbytype Text/css "Now plus 2 hour"
    expiresbytype application/x-javascript ' now plus 2 hours '
 & nbsp;  expiresbytype Application/javascript "now plus 2 hours"
    expiresbytype application/ X-shockwave-flash "now plus 2 hours"
    ExpiresDefault ' now plus 0 min '
</ifmodule>

Or use the Mod_headers module to implement
<ifmodule mod_headers.c>
# File cache for Htm,html,txt class one hours
<filesmatch "\. (html|htm|txt) $ ">
Header set Cache-control "max-age=3600"
</filesmatch>

# File cache for css,js,swf class one weeks
<filesmatch "\. (css|js|swf) $ ">
Header set Cache-control "max-age=604800"
</filesmatch>

# jpg,gif,jpeg,png,ico,flv,pdf file cache for one year
<filesmatch "\. (ico|gif|jpg|jpeg|png|flv|pdf) $ ">
Header set Cache-control "Max-age=29030400″
</filesmatch>
</IfModule>

7. Configure the anti-theft chain
Setenvifnocase Referer "^http://www.test.com" Local_ref
Setenvifnocase Referer "www.a.com" Local_ref
Setenvifnocase Referer "^$" Local_ref
<filesmatch "\. (txt|doc|mp3|zip|rar|jpg|gif|png) ">
Order Allow,deny
Allow from Env=local_ref
</filesmatch>

8. Access control

1) Allow or restrict IP access

<Directory/data/www/admin>
Order Deny,allow
Deny from all
Allow from 192.168.0.1
</Directory>

A few examples of order Allow,deny:

Order Deny,allow
Deny from all
Deny first, allow again, default is allow, when deny conflict with allow, allow priority, result is deny all

Order Allow,deny
Deny from all
Exchange Allow,deny order, which is also rejected by all

Order Allow,deny
Allow from all
Allow, then deny, default is deny, when deny and allow conflict, deny first, result is allow all

Order Deny,allow
Allow from all
Exchange Allow,deny order, which is also allowed for all

Order Allow,deny
Allow from 192.168.0.1
Deny from all
Reject All

Order Deny,allow
Deny from 192.168.0.1
Allow from all
Allow all

Order Deny,allow
Deny from all
Allow from 192.168.0.1
Only allow 192.168.0.1

Order Allow,deny
Allow from all
Deny from 192.168.0.1
Allow all, only 192.168.0.1 is denied

2) No access to admin.php
<Directory/data/www>
<filesmatch "^admin.php (. *) $" >
Order Deny,allow
Deny from all
</Filesmatch>
</Directory>

3) Prohibit parsing PHP
<Directory/data/www>
Php_admin_flag engine off
<filesmatch "(. *) PHP" >
Order Deny,allow
Deny from all
</filesmatch>
</Directory>

A few notes:

1. After the configuration file has been modified, use/USR/LOCAL/APACHE2/BIN/APACHECTL-T to check the configuration file for any syntax errors before using/USR/LOCAL/APACHE2/BIN/APACHECTL Graceful reload the configuration file.

2. If the share method is compiled, it should be opened in httpd.conf when the corresponding module is used.

For example, enable the rewrite module:
Vi/usr/local/apache2/conf/httpd.conf
Remove the # before the following sentence:
#LoadModule Rewrite_module modules/mod_rewrite.so

3. You can use the/USR/LOCAL/APACHE2/BIN/HTTPD to view the module load situation:
Httpd-l outputs a list of modules that are statically compiled in the server. It does not list modules that are dynamically loaded using the loadmodule instruction.
HTTPD-M outputs a list of modules that have been enabled, including statically compiled modules in the server and modules that are dynamically loaded as DSO.

Common configuration of Apache