Apache-detailed configuration file introduction + multiple methods of Virtual Host Configuration

Grep-V "#"/etc/httpd/CONF/httpd. conf

ServerTokens OS returns server: Apache/2.0.41 (UNIX)

ServerTokens command

: Configure the HTTP Server Response Header. This command controls whether the response header field sent back from the server to the client contains the Server OS type and compiled module description.

Syntax:

ServerTokens major | minor | minimal | productonly | OS | full

After Apache is started, there are nine processes. One master process has eight sub-processes. The main process runs the process ID as root in httpd. the sub-processes in the PID run with the Apache process. The sub-processes are generated by the main process,

Apache DSO

Apache is a modular design service. Its core only includes the main functions. extensions can be implemented through modules. Different modules can be statically compiled into programs or dynamically loaded.

View the module httpd-m

View the httpd-l module of a statically compiled program

If the new function needs to be re-compiled, but DSO does not need it, you can use the apxs provided by Apache.

Apache mpm (multi process modules)

MPM is responsible for implementing network listening, request processing, and other functions. There are many MPM functions to achieve optimal performance and stability in different platform environments.

The following command shows the MPM used by Apache.

Httpd-l

Httpd-v m is prefork by default.

Differences between threads and processes:

A thread is an execution unit in a process and a schedulable entity in the process.

Differences from processes:

(1) Address Space: an execution unit in a process; the process must have at least one thread; they share the address space of the process; and the process has its own address space;

(2) resource ownership: a process is the unit of resource allocation and ownership. threads in the same process share the resources of the process.

(3) threads are the basic unit of Processor Scheduling, but processes are not.

4) both can be executed concurrently.

Processes and threads are the basic units for running programs that the operating system understands. The system uses this basic unit to realize the system's concurrency for applications.

The difference between a process and a thread is:

In short, a program has at least one process, and a process has at least one thread.

The thread division scale is smaller than the process, making the multi-thread program highly concurrent.

In addition, the process has independent memory units during execution, and multiple threads share the memory, which greatly improves the program running efficiency.

The execution process of a thread is different from that of a process. Each Independent thread has a program running entry, sequence execution sequence, and program exit. But the thread cannot be executed independently. It must exist in the application and the application provides multiple thread execution control.

Logically, multithreading means that multiple execution parts in an application can be executed simultaneously. However, the operating system does not view multiple threads as multiple independent applications to implement process scheduling, management, and resource allocation. This is an important difference between processes and threads.

A process is a running activity of a program with certain independent functions. A process is an independent unit for the system to allocate and schedule resources.

A thread is an entity of a process and the basic unit of CPU scheduling and scheduling. It is a basic unit that can run independently less than a process. A thread basically does not own system resources but has only one point.

Resources (such as program counters, a set of registers and stacks) are essential for running, but they can share all resources of a process with other threads of the same process.

One thread can create and cancel another thread, and multiple threads in the same process can be concurrently executed.

Prefork and worker

Prefork: prefork is non-threaded. Pre-Generated Process-type MPM uses multiple sub-processes. Each sub-process has only one thread, and each process can maintain only one connection at a time, resulting in high efficiency, but the memory usage is large .. It is suitable for systems that do not have thread security libraries and need to avoid thread compatibility issues.

WORKER: the MPM of a threaded Multi-process. Each sub-process can generate multiple threads and each thread can process one request. Small memory usage, suitable for HTTP servers with traffic. Disadvantage: If a thread crashes, the whole process will die together with any other threads.

In Apache, the maximum number of prefork processes is in the prefork configuration.

 

Three Apache configurations

1 Global 1 Environment

2 main configuration

3 Virtual Host

First one Class 1

Global configuration affects the entire Apache

ServerTokens OS returns the server information: Apache/2.0.41 (UNIX)

The main directory of the serverroot "/etc/httpd" service cannot be changed, that is, the installation directory.

Pidfile run/httpd. pid id of the master Process

Timeout connection time.

Keepalived off whether to enable the TCP Connection Request (whether to enable the persistent connection function, that is, after the client completes downloading data to the server, it can still maintain the connection status). disabled by default.

Maxkeepaliverequests 100 maximum number of requests for a connection service

Keepalivetimeout 15 the time between two requests for a TCP connection, that is, the duration of the continuous connection

Listen 80 listening port number, and listening for port 80 on that IP

DSO

Include Conf. d/*. conf module loading path

User

Group Apache specifies the identity of Apache to run sub-Processes

Second Class 2

Apache default service directory master Configuration

Serveradmin administrator email address

Servername server domain name, that is, the website Domain Name

UseCanonicalName off whether to strictly use a qualified domain name. If you use a VM, disable it.

DocumentRoot "/var/www/html" root directory Main Site Directory

<Directory/var/www/html> master site directory access control, default configuration

Options followsymlinks

AllowOverride none

Order? Allow, deny

? Allow? From? All

</Directory>

Options: What features are used for configuration in a specific directory? common values and basic meanings are as follows:

Execcgi :? Execute CGI scripts in this directory.

Followsymlinks :? In this directory, the file system can be connected by symbols.

Indexes :? When a user uploads the directory, if the user cannot find the main page file specified by directoryindex(e.g. index.html), the list of files in the directory is returned to the user. It is generally not recommended

Symlinksifownermatch: a symbolic connection is accessible only when the owner of the symbolic connection is the same as the owner of the actual file.

AllowOverride none: indicates the directive type that is allowed to exist in the. htaccess file. (The. htaccess file name can be changed. The file name is determined by the accessfilename command)

None :? When AllowOverride is set to none. Do not search for. htaccess files in this directory (you can reduce the server overhead)

Allow: List of hosts (available domain names or subnets, for example, allow? From? 192.168.0.0/16)

Deny: List of Access Denied hosts

Apache MPM Optimization

# Prefork mpm

 

<Ifmodule prefork. c>

Startservers 8 Number of httpd processes started when Apache is started

Min Number of idle processes in minspareservers 5

Maxspareservers 20 maximum number of idle Processes

Serverlimit 256

The maximum number of connections allowed by maxclients 256, that is, the maximum number of concurrent connections. The maximum value is controlled by serverlimit.

Maxrequestsperchild 4000 maximum number of requests for sub-processes. 0 indicates no limit. The recommended bit is 1000.

</Ifmodule>

# Worker mpm

 

<Ifmodule worker. c>

Startservers 4 Number of httpd started when Apache was started

Maxclients 300 maximum number of concurrent connections

Minsparethreads 25 min Number of Idle threads

Maxsparethreads 75 maximum number of Idle threads

Threadsperchild 25 Number of threads produced by each sub-process

Maxrequestsperchild 0 maximum number of requests for each sub-process

</Ifmodule>

Alias settings

For pages that are not in the directory specified by DocumentRoot, you can use a symbolic connection or an alias.

When accessing alias/error/"/var/www/error/", you can enter http: // www.node.com/error

<Ifmodule mod_negotiation.c>

<Ifmodule mod_include.c>

<Directory "/var/www/error">

AllowOverride none

Options IncludesNOEXEC

Addoutputfilter between des html

Addhandler type-map VaR

Order allow, deny

Allow from all

Languagepriority en es de fr

Forcelanguagepriority prefer fallback

</Directory>

The directory list is not generated for root access to the Apache server, and the error page is specified.

<Locationmatch "^/$>

Options-Indexes

Errordocument 403/error/noindex.html

<Locationmatch>

Access the page index.html. var in sequence when accessing the server.

Directoryindex index.html. var

When directoryindex index.html. var is not specified

Specifies the name of the Directory configuration file to be protected

Accessfilename. htaccess distributed access control file

// Specify the storage location for configuration files that process MIME-specific formats

Typesconfig/etc/mime. Types

// Specify the default MIME file type as a plain text or HTML file

Defaulttype text/plain

// Only record the IP address connected to the Apache server, not the host name

Hostnamelookups off

Access log settings

Errorlog logs/error_log location of the Error Log

 

# Loglevel: Debug, info, notice, warn, error, crit,

 

Loglevel warn

Custom access logs

Logformat "% H % L % u % t \" % R \ "%> S % B \" % {Referer} I \ "\" % {User-Agent} I \ "" combined

Logformat "% H % L % u % t \" % R \ "%> S % B" common # common is the log format name

Logformat "% {Referer} I-> % u" Referer

Logformat "% {User-Agent} I" Agent

# "Combinedio" events des actual counts of actual bytes encoded ed (% I) and sent (% O); this

# Requires the mod_logio module to be loaded.

# Logformat "% H % L % u % t \" % R \ "%> S % B \" % {Referer} I \ "\" % {User-Agent} I \ "% I % O" combined: io

Customlog logs/access_log common

Parameters in the format are as follows:

% H-Client IP address or host name

% L-the RFC 1413 identity determined by the client identd. The output symbol "-" indicates that the information here is invalid.

% U-name of the customer accessing the webpage obtained by the HTTP Authentication System. Valid only when authentication is available. The "-" symbol in the output indicates that the information here is invalid.

% T-time when the server completes processing the request.

"% R"-the quotation marks indicate the request content sent by the customer that contains many useful information.

%> S-the status code returned by the server to the client.

% B-the last response is the number of bytes that are returned to the client, excluding the response header.

"% {Referer} I"-This indicates the webpage from which the request was submitted.

"% {User-Agent} I"-This item is the browser identification information provided by the customer's browser.

User Authentication Configuration

<Ifmodule mod_userdir.c> conditional module judgment

If this module is available, this function is used by default.

Userdir disabled

# Userdir public_html

</Ifmodule>

<Files ~ "^ \. Ht"> File Access Control

Order allow, deny

Deny from all

Satisfy all

</Files>

Serversignature on indicates that the apache version is not displayed on the error page.

ServerTokens prod does not display the operating system name on the error page

+ ============================================== ========================================================== ==============

Virtual Host

========================================================== ========================================================== ==============

Virtualhost is generally divided into three types:

Domain name-based, Port-based, IP-based, and Their Hybrid

The following is the configuration process for each virtual host.

1. Based on Domain Name

This is the most common situation. I have already set multiple domain names for the server and want to access different domain names to access different website files.

Modify httpd. conf configuration

Use name-based virtual hosting.

#

Namevirtualhost * indicates multiple domain name virtual hosts on all IP addresses and ports monitored by Apache (only 80 at this time ).

<Virtualhost *>

Serveradmin [email protected]

DocumentRoot/var/www/html/S1

Servername s1.domain1.com

Errorlog logs/error_log

Transferlog logs/access_log

</Virtualhost>

 

<Virtualhost *>

Serveradmin [email protected]

DocumentRoot/var/www/html/s2

Servername s2.domain1.com

Errorlog logs/error_log

Transferlog logs/access_log

</Virtualhost>

2. Port-based

Access different files by accessing different ports of the same IP address (or domain name)

Make the following changes to httpd. conf:

Added listening port

Listen 80

Listen 81

Remove the previous multi-domain virtual host (because it is accessed by IP and port), that is

# Use name-based virtual hosting.

#

# Namevirtualhost * Comment out this sentence

Below is the virtual host configuration (note that the following configuration does not use the servername field)

<Virtualhost *: 80>

Serveradmin [email protected]

DocumentRoot/var/www/html/S1

Errorlog logs/error_log

Transferlog logs/access_log

</Virtualhost>

 

<Virtualhost *: 81>

Serveradmin [email protected]

DocumentRoot/var/www/html/s2

Errorlog logs/error_log

Transferlog logs/access_log

</Virtualhost>

 

Hybrid Experiment

Here we can perform a slightly complex experiment to access different domain names on different ports. For example

Access s1.domain1.com and s2.domain1.com on 80

To access s3.domain2.com and s4.domain2.com on 81, of course, this access requires a port number. The port number is not required because it is the default port 80.

Access these four domain names and ports to access different pages.

Configuration process

First, add two domain names on the bind to direct to the server. s3.domain2.com and s4.domain2.com. After adding the domain name, remember to restart the bind.

Then modify the httpd. conf file.

Added listening port

Listen 80

Listen 81

VM settings

# Use name-based virtual hosting.

#

Namevirtualhost *: 80

Namevirtualhost *: 81

Indicates that multiple domain names are required on the 80 and 81 IP addresses of the Local Machine (namevirtualhost: indicates the name of the VM)

<Virtualhost *: 80>

Serveradmin [email protected]

DocumentRoot/var/www/html/S1

Servername s1.domain1.com

Errorlog logs/error_log

Transferlog logs/access_log

</Virtualhost>

 

<Virtualhost *: 80>

Serveradmin [email protected]

DocumentRoot/var/www/html/s2

Servername s2.domain1.com

Errorlog logs/error_log

Transferlog logs/access_log

</Virtualhost>

 

 

<Virtualhost *: 81>

Serveradmin [email protected]

DocumentRoot/var/www/html/S3

Servername s3.domain2.com

Errorlog logs/error_log

Transferlog logs/access_log

</Virtualhost>

 

<Virtualhost *: 81>

Serveradmin [email protected]

DocumentRoot/var/www/html/S4

Servername s4.domain2.com

Errorlog logs/error_log

Transferlog logs/access_log

</Virtualhost>

 

Check VM settings

 

3. IP-based VM

Different websites are linked to different IP addresses and accessed by different IP addresses. this is because the server generally does not have so many public IP addresses and is generally accessed by domain names. so this

It is useless, but it can be used for testing and learning.

Applicable environment: No domain name is configured on the server and can only be accessed using IP addresses.

For the experiment, we will stop the DNS service first.

First, add an IP address 192.168.0.112 to the server.

[[Email protected] network-Scripts] # cp ifcfg-eth0 ifcfg-eth0: 0

[[Email protected] network-Scripts] # vi ifcfg-eth0: 0

Device = eth0: 0 // device name

Onboot = Yes // start with the System

Bootproto = static

Ipaddr = 192.168.0.112 // The new IP Address

Netmask = 255.255.255.0

Gateway = 192.168.0.1

Activate this device

[[Email protected] network-Scripts] # ifdown eth0; IFUP eth0

View current IP settings

[[Email protected] network-Scripts] # ifconfig

Eth0 link encap: Ethernet hwaddr 00: 0a: EB: XX: xx

Inet ADDR: 192.168.0.111 bcast: 192.168.0.255 mask: 255.255.255.0

Eth0: 0 link encap: Ethernet hwaddr 00: 0a: EB: XX: xx

Inet ADDR: 192.168.0.112 bcast: 192.168.0.255 mask: 255.255.255.0

Ping this 112 is indeed enabled successfully.

In this way, the IP address is added, and the next step is to modify httpd. conf.

# Use name-based virtual hosting.

#

# Namevirtualhost * remove hosts with multiple domain names

 

<Virtualhost 192.168.0.111>

Serveradmin [email protected]

DocumentRoot/var/www/html/S1

# Servername s1.domain1.com

Errorlog logs/error_log

Transferlog logs/access_log

</Virtualhost>

 

<Virtualhost 192.168.0.112>

Serveradmin [email protected]

DocumentRoot/var/www/html/s2

# Servername ss2.domain1.com

Errorlog logs/error_log

Transferlog logs/access_log

</Virtualhost>

 

Pay attention to the red part above. Because there are no multiple domain names at this time, I have removed the servername field (this is acceptable when multiple ports are used). However, the following error occurs:

The IP address is resolved as a domain name.

"Httpd. conf" 1157l, ipv72c written

[[Email protected] conf] # ../bin/httpd-S

[Mon Jul 30 14:09:06 2007] [Error] (EAI 2) Name or service not known: failed to resolve server name for 192.168.0.112 (Check

DNS) -- or specify an explicit servername

[Mon Jul 30 14:09:06 2007] [Error] (EAI 2) Name or service not known: failed to resolve server name for 192.168.0.111 (Check

DNS) -- or specify an explicit servername

Virtualhost Configuration:

192.168.0.111: * bogus_host_without_reverse_dns (/usr/local/apache2/CONF/httpd. conf: 1065)

192.168.0.112: * bogus_host_without_reverse_dns (/usr/local/apache2/CONF/httpd. conf: 1074)

Syntax OK

 

Add the servername field below, and we can write the following name at will.

<Virtualhost 192.168.0.111>

Serveradmin [email protected]

DocumentRoot/var/www/html/S1

Servername S1

Errorlog logs/dbpi_web-error_log

Transferlog log/dbpi_web-access_log

</Virtualhost>

 

<Virtualhost 192.168.0.112>

Serveradmin [email protected]

DocumentRoot/var/www/html/s2

Servername S2

Errorlog logs/dbpi_web-error_log

Transferlog log/dbpi_web-access_log

</Virtualhost>

 

Then check the virtual host configuration.

[[Email protected] conf] # ../bin/httpd-S

Virtualhost Configuration:

192.168.0.111: * S1 (/usr/local/apache2/CONF/httpd. conf: 1065)

192.168.0.112: * S2 (/usr/local/apache2/CONF/httpd. conf: 1075)

Syntax OK

Access 192.168.0.111 and 192.168.0.112 is successfully tested on the client.

 

I personally think this should be a bug, because in this case, domain name access is not required, and the actual IP address is used for access. The servername field should be meaningless.

(As we do when there are multiple ports, there is no problem at all). The fact also shows that we can use any name.

 

 

Finally, a problem that Apache often encounters

Warning when Apache is started

Httpd: cocould not determine the server's fully qualified domain name, using 127.0.0.1 for servername

It can still be started and accessed normally, but there is this problem.

Solution:

# Servername [url] www.example.com: 80 [/url] modify this sentence as follows:

Servername 192.168.0.111 is of course changed to the IP address or domain name of the local machine according to your actual situation

Apache-detailed configuration file introduction + multiple methods of Virtual Host Configuration