Detailed description of the httpd. conf file (Part 1)

Source: Internet
Author: User

The configuration file of the Apache server is located in the/etc/httpd/CONF/directory. Traditionally, three configuration files are used: httpd. conf, access. conf and SRM. conf to configure the behavior of the Apache server.

 

Httpd. conf provides the most basic server configuration, which is a technical description of how the daemon httpd runs. SRM. conf is the server's resource ing file, which tells the server of the MIME types of various files and how to support these files; access. conf is used to configure Server access permissions and control access restrictions for different users and computers. These three configuration files control all aspects of the server, therefore, to run the Server properly, you need to set these three files.

 

In addition to these three settings files, Apache also uses mime. the types file is used to identify the MIME types corresponding to different files. The magic file sets some special identifiers for different MIME types, so that the Apache server cannot determine the MIME types of files from the document suffix, the MIME type of a document can be determined by these special tags in the file content.


In fact, the current version of Apache will be httpd. conf, SRM. conf and access. all configuration parameters in conf are placed in the configuration file httpd. in conf and CONF/extra/httpd-default.conf, only three configuration files are used for reasons that are compatible with previous versions (using the three setup files from NCSA-HTTPd. The access. conf and SRM. conf files provided do not have specific settings.

 

Since in the new version of Apache, all settings are placed in the httpd. conf and CONF/extra/httpd-default.conf, you only need to adjust the settings in this file.


The following uses the httpd. conf provided by default as an example to explain the configuration options of the Apache server. However, you don't have to worry about setting too many parameters. Basically, these parameters are clear and you can run the Apache server without modifying them. However, if you need to adjust the performance of the Apache server and increase support for certain features, you need to understand the meaning of these settings parameters.


There is a lot of controversy about the performance of Apache servers on the Internet. Basically, users who use Apache have almost no doubt about its excellent performance, apache also supports many well-known high-load websites. However, in the evaluation of commercial organizations, Apache often has a low score.


Many people pointed out that in these evaluations, the performance of commercial web servers and their operating systems is often adjusted by engineers of their professional companies, free operating systems and web servers often use their default configurations or make minor changes.


It should be noted that, apart from the performance adjustment of the operating system, the default configuration of the Apache server itself is by no means optimal and most efficient, however, to adapt to the configurations of almost all types of operating systems and all types of hardware, multi-platform software cannot provide optimal default configurations for specific platforms and hardware. Therefore, performance adjustment is essential when Apache is used.


Running Parameters of the HTTP daemon

 

Httpd. conf defines the parameters required by the httpd daemon to determine the running mode and environment.


Servertype Standalone

 

Servertype defines the server startup mode. The default value is standalone. The httpd server will be started by itself and will stay in the host to monitor connection requests. In Linux, the web server will be automatically started in the startup file/etc/rc. d/rc. Local/init. d/Apache. This method is recommended.

 

An Inet method is another way to start the Apache server. The super server inetd is used to monitor connection requests and start the server. When you need to use the inetd startup method, you need to change it to this setting and block/etc/rc. d/RC. local/init. d/Apache file, and change/etc/inetd. conf and restart inetd, then Apache can start from inetd.

 

The difference between the two methods is that the independent method is that the server itself manages its own startup processes, so that multiple copies of the server can be started immediately at startup, and each copy will reside in the memory, A connection request can be processed immediately without the need to generate a sub-process. The response to client browser requests is faster and the performance is high. The inetd method requires inetd to start the HTTP server only after detecting a connection request. Because inetd needs to listen to too many ports, the response is slow and the efficiency is low, however, this saves the resources occupied by the Web server when no connection request is available. Therefore, the inetd method is only used on servers that are occasionally accessed and do not require access speed. In fact, the inetd method is not suitable for HTTP burst and multi-connection features, because a page may contain multiple images, and each image will cause a connection request, even though the number of visitors causes less teaching, however, there are many transient connection requests, which are limited by the inetd performance and may even affect other server programs started by inetd.

 

Serverroot "/usr/local"

 

Serverroot is used to specify the running directory of the daemon httpd. After httpd is started, the current directory of the process is automatically changed to this directory. Therefore, if the file or directory specified in the file is set to a relative path, the actual path is located under the path defined by serverroot.

 

Because httpd often performs concurrent file operations, it is necessary to use the locking method to ensure that file operations do not conflict. Due to the limited file lock capabilities of the NFS file system, therefore, this directory should be a local disk file system instead of an NFS file system.

 

# Lockfile/var/run/httpd. Lock

 

The lockfile parameter specifies the lock file of the httpd daemon. Generally, you do not need to set this parameter. The Apache server will automatically perform operations in the path under serverroot. However, if serverroot is an NFS file system, you need to use this parameter to specify the path in the local file system.

 

Pidfile/var/run/httpd. PID

 

The process Number of the httpd daemon is recorded in the file specified by pidfile. Because httpd can automatically copy itself, there are multiple httpd processes in the system, but only one process is the process initially started, it is the parent process of other processes. sending signals to this process affects all httpd processes. The process Number of the httpd parent process is recorded in the file defined by pidfile.

 

Scoreboardfile/var/run/httpd. Scoreboard

 

Httpd uses scoreboardfile to maintain internal data of a process. Therefore, you do not need to change this parameter unless the administrator wants to run several Apache servers on a computer, at this time, each Apache server requires an independent configuration file htt PD. conf, and use different scoreboardfile.

 

# Resourceconfig CONF/SRM. conf

 

# Accessconfig CONF/access. conf

 

The two parameters resourceconfig and accessconfig are used to be compatible with the old version of Apache that uses the SRM. conf and access. conf file. If there is no compatibility requirement, you can specify the corresponding setting file as/dev/null. This indicates that no other setting file exists and only httpd is used. CONF file to save all the settings.

 

Timeout 300

 

Timeout defines the timeout interval between the client program and the server. After the timeout interval (in seconds) is exceeded, the server will be disconnected from the client.

 

Keepalive on

 

In HTTP 1.0, only one HTTP request can be transmitted over one connection, while the keepalive parameter is used to support one connection and multiple transmission functions in HTTP 1.1, in this way, multiple HTTP requests can be transmitted in a connection. Although this function is only supported by newer browsers, this option is still enabled.

 

Maxkeepaliverequests 100

 

Maxkeepaliverequests is the maximum number of HTTP requests that a connection can perform. Setting this value to 0 will allow unlimited transmission requests in one connection. In fact, no client program requests too many pages in a single connection. Generally, the connection is completed if this limit is not reached.

 

Keepalivetimeout 15

 

Keepalivetimeout tests the time between multiple requests in a connection. If the server has completed a request but has never received the next request from the client program, after the interval exceeds the value set by this parameter, the server will be disconnected.

Minspareservers 5

Maxspareservers 10

 

On the web server that uses a sub-process to process HTTP requests, the response time is delayed because the sub-process must be generated first to process the customer's requests. However, the Apache server uses a special technique to get rid of this problem. This means that multiple idle sub-processes are generated in advance and reside in the system. Once a request appears, immediately use these idle sub-processes for processing, so that there is no latency caused by the generation of sub-processes. As client requests increase, the number of sub-processes started increases. However, these server copies do not exit immediately after an HTTP request is processed, instead, wait in the computer for the next request. However, the number of idle sub-process Replicas cannot be increased or decreased. Too many idle sub-processes do not process tasks and occupy the server's processing capabilities. Therefore, the number of idle copies must be limited, maintain a proper number of processes so that you can respond to customer requests in a timely manner and reduce the number of unnecessary processes.

 

Therefore, you can use the minspareservers parameter to set the minimum number of idle sub-processes, and use the maxspareservers parameter to limit the maximum number of idle sub-processes. Redundant server process copies will exit. Set according to the actual situation of the server. If the server has high performance and is frequently accessed, you should increase the settings of these two parameters. For high-load professional websites, these two values should be roughly the same, and are equivalent to the maximum number of server replicas supported by the system, and unnecessary copies should be removed.

 

Startservers 5

 

The startservers parameter is used to set the number of subprocess replicas started at httpd startup. this parameter is related to the minspareservers and maxspareservers parameters defined above, it is used to start idle sub-processes to speed up server response. This parameter should be set to a value between the first two values, which is less than minspareservers and greater than Maxs pareservers.

 

Maxclients 150

 

On the other hand, the server's capabilities are limited after all, and it is impossible to process an infinite number of connection requests at the same time. Therefore, the maxclient S parameter is used to specify the maximum number of concurrent access customers supported by the server,If this value is set too large, the system has to switch between too many processes during busy hours to serve too many customers. This slows down the response to each customer, and reduced the overall efficiency. If this value is set to a small value, some customer connection requests will be rejected when the system is busy.When the server performance is high, you can add this setting as appropriate. For professional websites, the policy to improve server efficiency should be used. Therefore, this parameter cannot exceed the hardware limit. If access is frequently denied, the server hardware needs to be upgraded. For non-professional websites, users are not very concerned about the response speed to the customer's browser, or think that the response speed is slower than that of the rejected connection. This parameter can also be set slightly beyond the hardware conditions.

 

This parameter limits the settings of minspareservers and maxspareservers. They should not be greater than the settings of this parameter.


The maxclients command sets the maximum number of access requests that can be simultaneously servo. Any request that exceeds the maxclients limit will enter the waiting queue until the maximum value of the listenbacklog command is reached. Once a link is released, requests in the queue will be served.

For non-thread mpm (that is, prefork), maxclients indicates the maximum number of sub-processes that can be used for Servo client requests. The default value is 256. To increase this value, you must increase serverlimit at the same time.

For thread-type or hybrid mpm (BEOs or worker), maxclients indicates the maximum number of threads that can be used for Servo client requests. The default value of BEOs is 50. For hybrid mpm, the default value is 16 (serverlimit) multiplied by 25 (threadsperchild. Therefore, to increase maxclients to more than 16 processes, you must increase the value of serverlimit at the same time.


Maxrequestsperchild 30

 

A sub-process is a commonly used method for providing web services. A sub-process is a connection service, the problem is that each connection requires system operations to generate and exit sub-processes, so that these additional processes occupy a large amount of processing capabilities of the computer. Therefore, the best way is that a sub-process can connect to the service for multiple times, so that the system consumption of the generated and exited processes is not required. Apache uses this method. After a connection is completed, the sub-process does not exit, but stays in the system waiting for the next service request, which greatly improves the performance.

 

However, due to the constant application and release of memory in the processing process, a large number of times may cause some memory spam, which will affect the system stability and the effective use of system resources. Therefore, after a copy has been processed for a certain number of requests, the sub-process can exit the copy and re-copy a clean copy from the original HTTPd process, in this way, the system stability can be improved. In this way, the number of service requests processed by each sub-process is defined by maxre questperchild. The default value is 30. This value is too conservative for Linux systems with high stability and can be set to 1000 or higher, set to 0 to support unlimited service processing for each copy.

 

The maxrequestsperchild command sets the maximum number of requests allowed by the servo for each sub-process during its lifetime. When the limit of maxrequestsperchild is reached, the sub-process will end. If maxrequestsperchild is "0", the child process will never end. Setting maxrequestsperchild to a non-zero value has two advantages:

  • It can prevent (accidental) unlimited memory leakage and thus exhaust the memory.

  • A limited life cycle is provided for the process, which helps reduce the server load and reduce the number of active processes.

Note:

For keepalive links, only the first request is counted. In fact, it changes the behavior of each sub-process to limit the maximum number of links.


# Listen 3000.

# Listen 12.34.56.78: 80

# Bindaddress *

 

The listen parameter allows the server to monitor HTTP requests from other ports in addition to the standard port 80. Because the FreeBSD system can have multiple IP addresses at the same time, you can also specify that the server only listens to HTTP requests for the IP address of a bindaddress </B>. If this item is not configured, the server will respond to requests from all IP addresses.

 

Even if the bindaddress parameter is used, the server can only respond to requests from one IP address. However, by using the extended listen parameter, the HTTP daemon can still respond to requests from other IP addresses. In this case, the listen parameter is used in the same way as the second example above. This complex usage is mainly used to set up virtual hosts. The virtualhost parameter can be used to define virtual hosts with different IP addresses. However, this method is used to set virtual hosts in the earlier HTTP 1.0 standard. Each virtual host requires an IP address, in fact, it is not very useful. In HTTP 1.1, the support for single-IP multi-domain virtual hosts is added, making the virtual host settings more meaningful.

 

Loadmodule mime_magic_module libexec/Apache/mod_mime_magic.so

 

Loadmodule info_module libexec/Apache/mod_info.so

 

Loadmodule speling_module libexec/Apache/mod_speling.so

 

Loadmodule proxy_module libexec/Apache/libproxy. So

 

Loadmodule rewrite_module libexec/Apache/mod_rewrite.so

 

Loadmodule anon_auth_module libexec/Apache/mod_auth_anon.so

 

Loadmodule db_auth_module libexec/Apache/mod_auth_db.so

 

Loadmodule digest_module libexec/Apache/mod_digest.so

 

Loadmodule cern_meta_module libexec/Apache/mod_cern_meta.so

 

Loadmodule expires_module libexec/Apache/mod_expires.so

 

Loadmodule headers_module libexec/Apache/mod_headers.so

 

Loadmodule usertrack_module libexec/Apache/mod_usertrack.so

 

Loadmodule unique_id_module libexec/Apache/mod_unique_id.so

 

Clearmodulelist

 

Addmodule mod_env.c

 

Addmodule mod_log_config.c

 

Addmodule mod_mime_magic.c

 

Addmodule mod_mime.c

 

Addmodule mod_negotiation.c

 

Addmodule mod_status.c

 

Addmodule mod_info.c

 

Addmodule mod_include.c

 

Addmodule mod_autoindex.c

 

Addmodule mod_dir.c

 

Addmodule mod_cgi.c

 

Addmodule mod_asis.c

 

Addmodule mod_imap.c

 

Addmodule mod_actions.c

 

Addmodule mod_speling.c

 

Addmodule mod_userdir.c

 

Addmodule mod_proxy.c

 

Addmodule mod_alias.c

 

Addmodule mod_rewrite.c

 

Addmodule mod_access.c

 

Addmodule mod_auth.c

 

Addmodule mod_auth_anon.c

 

Addmodule mod_auth_db.c

 

Addmodule mod_digest.c

 

Addmodule mod_cern_meta.c

 

Addmodule mod_expires.c

 

Addmodule mod_headers.c

 

Addmodule mod_usertrack.c

 

Addmodule mod_unique_id.c

 

Addmodule mod_so.c

 

Addmodule mod_setenvif.c

 

An important feature of the Apache server is its modular structure, which not only shows that it can add new functions through new modules during compilation, it also shows that its module can dynamically load HTTP service programs without loading unnecessary modules. To use the dynamic loading module of Apache, you only need to set the load module and addmodule parameters. This feature is the DSO (dynamic shared object) feature of Apache, however, to make full use of the DSO feature is still not a simple task. Modifying the settings here may cause the server to fail to start normally. Therefore, if you do not want to add or reduce the features provided by the server, do not change the settings here.

 

The list above shows the modules supported by the default Apache server in Linux. In fact, many modules are unnecessary and unnecessary modules are not loaded into the memory. The module can be statically connected to the Apache server or dynamically loaded in this way,Compile Apache features into dynamic and load-able modulesThis is the port method, not the default Apache method,This wayIt sacrifices a small amount of performance and brings great flexibility.

 

Therefore, the ability to dynamically load has a slight impact on performance. Therefore, you can re-compile Apache and compile the functions you need into the Apache server to make the system clean, the efficiency has also been slightly improved. It is not necessary to recompile Apache for this purpose only. If you need to add other features and re-compile Apache, when adding other modules, you may wish to statically connect all modules to the Apache server. Some users prefer Dynamic Loading modules.

 

These modules are placed in the/usr/local/Apache/libexec/directory, and each module corresponds to a feature of the Apache server. A detailed explanation of the functions of each module requires a considerable amount of space. The more important features will be explained in the following sections, for specific functions and usage of each module, You need to view the Apache documentation.

 

# Extendedstatus on

 

The Apache server can report its own running status through special HTTP requests. Enabling this extendedstatus parameter allows the server to report more comprehensive running status information.


Master server settings

 

The Apache server requires various settings to define its own use of various parameters to provide web services. When a VM is used, in addition to the settings covered in the definition items of the VM (some settings must be redefined), the settings here are also the default settings of the VM.

 

Port 80

 

Port defines the port used by the httpd daemon in standalone mode. The standard port is 80. This option is only valid for servers started in an independent mode. For servers started in inetd mode, define the port used in inetd. conf.

 

Root permission is required to use port 80 in Unix. For security reasons, some administrators believe that the httpd server cannot have security vulnerabilities. Therefore, they prefer to use the permissions of common users to start the server, in this way, port 80 and other ports smaller than 1024 cannot be used, but port greater than 1024 must be used to start httpd. Generally, port 8000 or 8080 is also a common port. The Apache httpd server can be run as a common user after Port 80 is opened with the root permission. This reduces the risk and thus does not need to be considered. However, if you want to install and configure your own WWW server, you have to use a port greater than 1024.

 

User nobody

Group nogroup

 

User and group configurations are the security guarantee of Apache. After Apache opens the port, it sets itself as the user and group permissions set for these two options to run, this reduces the risk of servers. This option is only used in standalone mode. The inetd mode specifies the user that runs Apache in inetd. conf. Because the server must perform the setuid () operation to change the identity, the initial process should have root permissions. If a non-root user is used to start aapche, this configuration will not work.

 

The default value is nobody and nogroup. This user and group do not have files in the system, which ensures that the server itself and the CGI process started by it do not have the permission to change the file system. In some cases, for example, to run CGI and Unix interaction, you also need to have the server access the files on the server. If nobody and nogroup are still used, in this case, files belonging to the nobody will appear in the system, which is detrimental to system security because other programs will execute some operations with the nobody and nogroup permissions, it is possible to access the files owned by these nobodies, resulting in security problems. Generally, you need to set a specific user and group for the Web service, and change the user and group settings here.

 

Serveradmin [email protected]

 

Only serveradmin should be changed in the configuration file. This item is used to configure the email address of the administrator of the WWW server. This will be returned to the browser when an HTTP service error occurs, this allows the Web user to contact the Administrator to report errors. Traditionally, webmaster on the server is used as the administrator of the WWW server. Through the alias mechanism of the mail server, emails sent to webmaster are sent to the real web administrator.

 

# Servername new. Host. Name

 

By default, you do not need to specify this servername parameter. The server automatically obtains its name through the name resolution process, however, if there is a problem with server name resolution (usually incorrect reverse resolution), or there is no formal DNS name, you can also specify an IP address here. When servername is set incorrectly, the server cannot start normally.


Detailed description of the httpd. conf file (Part 1)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.