Apache server configuration and management in CentOS

Apache server configuration and management in CentOS

Installation Method:

Yum install httpd

Yum install mysql-server

Yum install php

Yum install php-mysql

　　I,WEBServer andApache

1. web servers and URLs

2. Apache history

3. Supplement

Http://www.netcraft.com/market share of apacheserver

At the same time, it must be noted that ngnix is in a period of strong growth, and it is a great feeling of competing with apache in the world. It is really awesome ~~~

　II,ApacheServer Management commands

1. Command start: service httpd start/stop/restart/reload/condrestart/status/configtest/graceful/help

2. start the Script:/etc/init. d/httpd start/stop /.....

3. Set To Enable Automatic startup: ntsysv + Space key

　　III,ApacheServer Directory and files

1. WEB Site Directory

/Var/www Apache site file directory

/Var/www/html store WEB files of the WEB site

/Var/www/cgi-bin CGI program file

/Var/www/html/manual Apache WEB Server manual

2. Configuration File

. Htaccess is a directory-based configuration file. The. htaccess file contains access control commands for files in its directory.

/Etc/httpd/conf/httpd. conf directory of the Apache WEB Server Configuration File

3. Start the script

/Etc/rc. d/init. d/httpd WEB server daemon Startup Script

/Etc/rc. d/rc3.d/S85httpd connect the Run-level directory (/etc/rc3.d) to the startup script in the/etc/rc. d/init. d directory.

4. Application Files

/Usr/sbin: location where Apache WEB server program files and applications are stored

/Usr/doc/put Apache WEB server document

/Var/log/http: location where Apache log files are stored

　4. More commands

1. View Apache installation information: apachectl-C

2. Check the Apache Configuration File Syntax: apachectl-t

3. view the Apache compilation configuration parameters: apachectl-V

4. view the Apache compilation module: apachectl-l

　　V,Httpd. confConfiguration File

(1) Basic Configuration

The httpd. conf file contains the following three parts:

1. Global Environment Settings: the part that controls the behavior of the entire Apache server (that is, the global environment variable)

2. master server configuration: defines commands for the main or default service parameters, and provides default setting parameters for all virtual hosts.

3. VM settings: VM setting parameters

"\" Cannot be used for writing a line. Except for the parameter values of the options, all option commands are case-insensitive and "#" indicates comments.

Now, let's learn the specific settings in httpd. conf:

1. Set the path relative to the root directory

The relative root directory is usually the place where Apache stores configuration files and log files. Normally, the relative root directory is "/etc/httpd", which generally contains the conf and logs subdirectories, in this case, you can use the "ServerRoot"/etc/httpd "format.

2. Set the IP address and port number of the Apache listener

By default, Apache listens to client requests on TCP port 80 of all available IP addresses on the local machine. You can use the Listen statement to Listen to requests at a specified address and port. For example, if you set the server to only Listen to port 80 of 192.168.0.94, you can set Listen 192.168.0.94: 80 in httpd. conf. If you want to change the port number to 8080, you can also use settings such as "Listen 192.168.0.94: 8080". However, when accessing a website through a Web browser, you must add the corresponding port number after the domain name address, for example, enter "http: // 192.168.0.94: 8080" for access. Note: My VMSIn Linux, the IP address is 192.168.0.94, and in windows, the IP address is 192.168.0.225.

3. Set the network administrator's email address

When an error occurs when the client computer accesses the server, the server usually returns an error prompt page to the client computer. To facilitate the resolution of the error, the webpage usually contains an administrator email address, in this case, you can use the ServerAdmin statement to set the Administrator's email address, such as "ServerAdmin xinyuan365@sohu.com ".

4. Set the server host name

To help Apache identify the server information, you can use the ServerName statement to set the server host name. In the ServerName statement, if the server has a domain name, enter the Domain Name of the server; if there is no domain name, enter the IP address of the server. For example, "ServerName 192.168.0.94: 80 ".

5. Set the path of the Home Directory

The default path of the Apache server home directory is "/var/www/html". You can place the webpage to be published in this directory, you can also change the path of the home directory to another directory for user management and use. For example, if you want to set the Apache server's main directory path to "/home/lk/www", you can modify it in the httpd. conf file: DocumentRoot "/home/www ".

6. Set the default document

The default document is the Web page displayed by entering the IP address or domain name of the Web site in the Web browser, that is, the home page. The default document is defined by the DirectoryIndex statement. For example, in httpd. conf, you can use "DirectoryIndex index.htmlindex.html. var" to set the default document name of the DirectoryIndex statement to another file.

If multiple file names exist, each file name must be separated by a space. Apache searches for the specified file name in the DirectoryIndex statement in sequence based on the file name. If 1st are found, 1st are called. Otherwise, 2nd are searched and called, and so on. For example, if the "indexes index.htm" and "index. php" files are used as the default documents, you can change the httpd. conf file to "DirectoryIndex index.html index.htm index. php index.html. var ".

7. Set log files

Log files are very important for users to find system faults or analyze the running status of Web servers. At this time, there are two important settings.

(1) Error Log. The error log records errors that occur during Apache startup and runtime. When an Apache error occurs, check the log file first. Generally, the file name of the error log is error_log. You can set the location and file name of the error log file through the ErrorLog parameter. For example, "ErrorLog logs/erroe_log ". If the log file storage path does not start with "/", it indicates that the path is relative to the ServerRoot directory.

(2) access logs. The access log records all the access information of the client computer. By analyzing the access log, you can know when the client accesses the files on the website. Generally, the access log file name is access_log. You can set the location and file name of the access log file through the CustomLog parameter, for example, "CustomLog logs/access_logcombined ".

In this access log settings, combined indicates the log format. You can use common or combined in this location. Among them, common refers to the common standard format widely used by Web servers, which can be recognized by many log analysis programs; combined refers to the combination of record formats, compared with common, the format of combined is basically the same, but only the reference page and browser recognition information are added.

8. Set the default Character Set

The adddefacharcharset option sets the default character set that the server returns to the client computer. Because the default Character Set of the Apache server is Western Europe (UTF-8), garbled characters occur when the client accesses the Chinese web page of the server. The solution is to change the statement "AddDefaultCharset UTF-8" to "adddefadefacharset GB2312", and then restart the Apache server, the Chinese web page can be displayed normally.

　　(2) Configure Directory Permissions

1. Define directory features

For each directory accessed by Apache, related services and features can be set to allow or (and) Not. (Also affect its subdirectories)

First, set the "default" address to only have the most basic permissions:

<Directory/>

Options FollowSymLinks

AllowOverride None

</Directory>

Note that special permissions must be enabled from now on, so that no unexpected results will be generated. Please confirm carefully.

For example:

<Directory "D:/www_root">

#

# This value is "None", "All", or a combination of the following: "Indexes ",

# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews ".

# Note that "MultiViews" must explicitly specify that --- "Options All" does not include this feature.

#

Options Indexes FollowSymLinks MultiViews

#

# This option controls which. htaccess files in the directory can be overwritten.

# Allowed values: "All" or a combination of the following items: "Options", "FileInfo ",

# "AuthConfig", "Limit"

#

AllowOverride None

#

# Control which users can obtain information from this server.

#

Order allow, deny

Allow from all

</Directory>

Note:

Allow and deny can be used in apache conf Files or. htaccess Files (with Directory, Location, Files, etc.) to control access authorization for directories and Files.

Therefore, the most common ones are:

Order Deny, Allow

Allow from All

Note that "Deny, Allow" has only one comma in the middle and only one comma in the middle. If there are spaces, errors will occur. Words are case-insensitive. The meaning of the above setting is to first set "Check prohibition settings first, not all permitted", and the second sentence does not contain Deny, that is, no access prohibition settings, allow all access. This is mainly used to ensure or overwrite the settings of the upper-level directory and open access to all content.

According to the above explanation, the following settings prohibit access unconditionally:

Order Allow, Deny

Deny from All

If you want to disable access to part of the content, all others are open:

Order Deny, Allow

Deny from ip1 ip2

Or

Order Allow, Deny

Allow from all

Deny from ip1 ip2

Apache determines which rule will be used according to order. For example, in the second method above, although allow in the second sentence allows access, because allow in order is not the final rule, therefore, you need to check whether there are any deny rules. Therefore, in the third sentence, access that complies with ip1 and ip2. Note that the "last" rule determined by order is very important. The following are two examples of errors and the correct method:

Order Deny, Allow

Allow from all

Deny from domain.org

Error: If you want to disable access from domain.org, but deny is not the final rule, apache has successfully matched the second allow sentence and won't go to the third sentence. Solution: Order Allow, Deny. You can leave the last two sentences unchanged.

Order Allow, Deny

Allow from ip1

Deny from all

Error: I want to only allow access from ip1. However, although the allow rule is set in the second sentence, because the deny in order is after, the deny in the third sentence prevails, however, the scope of the third sentence obviously contains ip1 (all include ip1), so all accesses are forbidden. Solution 1: remove the third sentence directly. Solution 2:

Order Deny, Allow

Deny from all

Allow from ip1

Conclusion: The rule is order deny. allow indicates that deny has a low priority, allow indicates that allow has a high priority, order allow indicates that allow has a low priority, and deny indicates that deny has a high priority.

　　(3) create a virtual directory

If our website is built in another directory, such as/opt/www/lk, isn't it inaccessible in the home directory/var/www/html? Of course not.

You can use virtual directories to allow users to access files in other directories. A virtual directory is a directory other than the Apache main directory. Generally, we create an alias for the virtual directory to allow web access. In this way, security is implemented. Second, access is simple, and you only need to enter a simple alias instead of a long real directory address. Third, you can easily move the site directory, as long as the virtual directory name remains unchanged, changing the actual storage location will not affect web access.

We use the Alias option to create a virtual directory, as shown in figure

Alias/bbs/"/opt/www/lk /"

<Directory "/opt/www/lk/">

Options Indexes MultiViews

AllowOverride None

Order allow, deny

Allow from all

</Directory>

　(4) Perform User Authentication

User authentication is an extremely important part of network security. It provides a natural security barrier for users who want to access a specified website to enter their usernames and passwords for logon. Apache Security authentication is also very common in actual use. Now we can use an example to demonstrate how to implement user authentication on the Apache server.

We operate on the above virtual directory:

Alias/bbs/"/opt/www/lk /"

<Directory "/opt/www/lk/">

Options Indexes MultiViews

AllowOverride None

Order allow, deny

Allow from all

AuthType: Basic

AuthName "welcome go home :"

AuthUserFile/etc/httpd/authpwd

Require user laoda laoer

</Directory>

Note:

AuthType: defines the type of user authentication, commonly used is the Basic provided by mod_auth;

AuthName: the prompt text displayed in the Web browser when entering the user name and password box;

AuthUserFile: defines the path of the password file htpasswd;

Require user: a user name list that allows access. Names are separated by spaces.

Then, create the authpwd file to save the password, touch/etc/httpd/authpwd

Next, write the user name and password to the file (Note: when the user is created for the first time, use the-c parameter. If the user is created for the second time, the user does not need to be written; otherwise, the user will be overwritten ):

[Root @ localhost http] # htpasswd-c/etc/httpd/authpwd laoda

New password:

Re-type new password:

Add password for user laoda

[Root @ localhost http] # htpasswd/etc/httpd/authpwd laoer

New password:

Re-type new password:

Add password for user laoer

Now the service httpd restart can be accessed using a browser to access the linux IP address.

　　(5) Configure Virtual Hosts

To save costs and improve server utilization efficiency, we can create multiple "hosts" on one machine ". Each host can provide external WEB services. In the outside world, it seems to be different websites, but for servers, it actually seems to be different websites, in fact, they are all different virtual hosts running on the same host.

How to configure a virtual host? Apache's Vm is very powerful and easy to configure. It can be divided into IP address-based and domain name-based virtual hosts.

Configure an IP-based VM first. There are also two options. How many available IP addresses do you have? If you have purchased a lot of IP addresses, you can assign different IP addresses to each VM to use the same port. In this era of IP shortage, if you buy only one IP address, you can add different ports to one IP address, allow different ports to access different virtual hosts.

1. The IP address is the same, but the port number is different:

Now on my CentOS, there is only one IP Address: 192.168.0.94. I want to use ports 8080 and 8081 to configure two websites respectively. Edit httpd. conf:

Listen 8080.

Listen 8081.

<Virtualhost192.168.0.94: 8080>

DocumentRoot/var/www/web1

DirectoryIndex index.html index.htm

HostNameLookups off

</VirtualHost>

<Virtualhost192.168.0.94: 8081>

DocumentRoot/var/www/web2

DirectoryIndex index.html index.htm

HostNameLookups off

</VirtualHost>

Restart the service.

2. The port number is the same, but the IP address is different. Assume that one is 94 and the other is 95:

<VirtualHost 192.168.0.94>

ServerName 192.168.0.94: 80

DocumentRoot/var/www/web1

DirectoryIndex index.html index.htm

</VirtualHost>

<VirtualHost 192.168.0.95>

ServerName 192.168.0.95: 80

DocumentRoot/var/www/web2

DirectoryIndex index.html index.htm

</VirtualHost>

If the local machine only has one Nic, You have to bind multiple IP addresses to this NIC:

Ifconfig eth0: 1 192.168.0.95

3. Domain Name-based VM

NameVirtualHost 192.168.0.94:

<VirtualHost www.web1.com>

ServerName www.web1.com: 80

DocumentRoot/var/www/web1

DirectoryIndex index.html index.htm

</VirtualHost>

<VirtualHost www.web2.com>

ServerName www.web2.com: 80

DocumentRoot/var/www/web2

DirectoryIndex index.html index.htm

</VirtualHost>

Then, add the/etc/hosts file in linux or the C: \ WINNT \ system32 \ drivers \ etc \ hosts file in windows.

192.168.0.94 www.web1.com

192.168.0.94 www.web2.com

Please note that restart is required after the virtual machine configuration changes.

　(6) joinPHPSupported

In this case, APACHE only supports static files ending with HTML or HTM. To support PHP, you must perform the following operations:

# Rpm-qa | grep php: Check whether the PHP program has been installed on the local machine. If not, enter the CENTOS directory in the CD and open the terminal in the blank space of the directory:

# Rpm-ivh php-common-5.1.6-20.el5.i386.rpm

# Rpm-ivh php-cli-5.1.6-20.el5.i386.rpm

# Rpm-ivh php-5.1.6-20.el5.i386.rpm

Create an OK. php script in the/var/www/html directory and write the following content:

Enter "http: // web server IP Address/OK. php" in the browser to check whether the request is successful.

For historical reasons, some programs end with. php3 or. php4. We need to modify the php configuration file to open/etc/httpd/conf. d/php. conf.

Modify "# AddType application/x-httpd-php-source.php" to "AddTypeapplication/x-httpd-php-source. php. php3. php4 ", remove #, in. there are spaces before php3/4

Exercise 1:

Create a Web server on CentOS and set "/opt/release". The content in <body> is "write your own name ". Create apache user authentication, add two users user1 (password 123456) and user2 (password 654321), and then access "ip/exam /: 8080 "to see the page showing your name.

Exercise 2:

Configure the VM. Think about how to configure a virtual host with four websites running on it: 192.168.0.101 running web1, 192.168.0.102 running web2, 192.168.0.100 running www. CBA .com and www.nba.com.