Apache server configuration and management under CentOS

Source: Internet
Author: User
Tags apache log hosting

One, Web server and Apache
1. Web servers and URLs

2, the history of Apache

3. Supplement
http://www.netcraft.com/to see the market share of Apache servers
At the same time must pay attention to is Ngnix, is in the strong growth of the rise period, great and Apache a struggle for the world feeling, really alitily ~ ~ ~

II. administrative commands for Apache servers
1. Command start: Service httpd Start/stop/restart/reload/condrestart/status/configtest/graceful/help
2, script start:/etc/init.d/httpd start/stop/.....
3, set to start automatically: ntsysv+ space key

Iii. directories and files of the Apache server

1. Directory of Web site directory/var/www Apache site files/var/www/html web files hosting Web sites/var/www/cgi-bin CGI program Files/var/www/html/manual Apache Web Server Manuals

2. configuration file. htaccess Directory-based configuration file, the. htaccess file contains access control directives to files in the directory where it resides/etc/httpd/conf/httpd.conf Apache Web server configuration file directory

3. Start script/etc/rc.d/init.d/httpd The Web server daemon startup script/etc/rc.d/rc3.d/s85httpd connect the run-level directory (/ETC/RC3.D) to the directory/etc/rc.d/ Startup scripts in the INIT.D

4. application file/usr/sbin location of Apache Web server program Files and applications/usr/doc/place Apache Web server document/var/log/http place Apache log files


Iv. More Commands
1. View Apache installation information: apachectl-c
2, the Apache configuration file for the syntax check: apachectl-t
3. View Apache Compilation configuration parameters: Apachectl-v
4. View Apache's compilation module: Apachectl-l

V. httpd.conf configuration file
(i) Basic configuration
The httpd.conf file contains the following three sections:
1. Global environment settings: the part that controls the behavior of the entire Apache server (that is, Global environment variables)
2. Primary server configuration: Directives that define primary or default service parameters, as well as default setting parameters for all virtual hosts
3. Virtual host settings: Setting parameters for Virtual host
Where a line does not write with "/" for wrapping, except for the parameter value of the option, all option directives are case-insensitive and "#" denotes comments.
Now, let's learn the specific settings in httpd.conf:

1. Set the path to the relative root directory

The relative root directory is usually where Apache stores configuration files and log files, typically the relative root directory is "/etc/httpd", which generally contains conf and logs subdirectories, which can be set in the "ServerRoot"/etc/httpd "format.

2. Set the IP address and port number for Apache snooping

Apache, by default, listens for client requests on TCP 80 ports on all available IP addresses on this computer, and can use the Listen statement to listen for requests on a specified address and port. For example, to set the server to listen only for 192.168.0.94 80 ports, you can set the appropriate settings in httpd.conf: Listen 192.168.0.94:80. If you need to change the port number to 8080, you can also take the "Listen 192.168.0.94:8080" and other settings, but at this time through the Web browser to access the site must also add the appropriate port number after the domain name, such as input "HTTP/ 192.168.0.94:8080 "can only be accessed. Note: The IP of my virtual machine Linux is 192.168.0.94,windows IP is 192.168.0.225

3. Set up your network administrator's e-mail address

When the client computer Access server error, the server will usually return to the client computer error prompt page, in order to facilitate the resolution of the error, in this page usually contains an administrator's e-mail address, you can use the ServerAdmin statement to set the administrator's e-mail address, such as " ServerAdmin [email protected] ".

4. Set Server host Name

To make it easier for Apache to identify the server itself, you can use the ServerName statement to set the host name of the server. In the servername statement, if the server has a domain name, fill in the server's domain name, and if there is no domain name, fill in the server's IP address. For example "ServerName 192.168.0.94:80".

5. Set the path to the home directory

The default path for the Apache Server home directory is "/var/www/html", which allows you to place pages that need to be published in this directory, as well as to modify the path of the home directory to another directory for easy user management and use. For example, to set the Apache Server home directory path to "/home/lk/www", you can modify it in the httpd.conf file: DocumentRoot "/home/www".

6. Set default Document

The default document is to enter the Web site's IP address or the Web page that the domain name displays in the Web browser, which is usually the home page. By default, Apache's default document name is Index.html, and the default document is defined by the DirectoryIndex statement, for example, in httpd.conf through the DirectoryIndex index.html Index.html.var, you can modify the default document name of the DirectoryIndex statement to a different file.

If there are multiple filenames, each file name must be separated by a space, and Apache will find the file name specified in the DirectoryIndex statement according to the order of the file name. If you can find the 1th one, call the 1th one, otherwise look for and call 2nd, and so on. For example, if you add index.htm and index.php files as default documents, you can modify the httpd.conf file to "DirectoryIndex index.html index.htm index.php Index.html.var" accordingly.

7. Setting up log files

Log files are important for the user to find a system failure or to analyze the health of the Web server, with two important settings at this time.

(1) Error log. The error log records Apache's errors at startup and runtime, so when Apache goes wrong, it should first check the log file. Usually the error log file name is Error_log, where the error log file is stored and the file name can be set by the errorlog parameter. For example "Errorlog logs/erroe_log". If the log file storage path does not begin with "/", it indicates that the path is relative to the ServerRoot directory.

(2) Access logs. The access log records all of the client computer's access information, and by analyzing the access log you can know when the client accessed which files of the Web site. Typically, the file name of the access log is Access_log, and the location and file name of the access log file can be set through the Customlog parameter, such as "Customlog Logs/access_log combined".

In this access log setting, combined indicates the format in which the log is used, where common or combined can be used. Where common refers to the common standard format commonly used by Web servers, which can be recognized by many log analysis programs, combined refers to the use of the combined record format, compared to common, combined format is basically the same, Only the reference page and browser identification information are more.

8. Set the default character set

The Adddefaultcharset option sets the default character set that the server returns to the client computer, because the Apache server default character set is Western Europe (UTF-8), so garbled when the client accesses the server's Chinese Web page. The solution is to change the statement "Adddefaultcharset UTF-8" to "Adddefaultcharset GB2312", and then restart the Apache server, the Chinese Web page will be displayed properly.

(ii) Configuring directory Permissions

1. Define Directory Features

Each directory that Apache accesses can be set to the related services and features that are allowed or (and) disallowed. (also affects its subdirectories)
First, setting the "Default" address has only the most basic permissions:
<directory/>
Options FollowSymLinks
AllowOverride None
</Directory>
Note that from now on, special permissions must be set up so that no unintended results can occur. Please confirm it carefully.
For example:
<directory "D:/www_root" >

#
# This value is however: "None", "all", or the following combination: "Indexes",
# "includes", "FollowSymLinks", "execcgi", or "multiviews".
Note "MultiViews" must be explicitly specified---"Options all" does not include this attribute.
#
Options Indexes followsymlinks MultiViews

#
# This entry controls which. htaccess files in the directory can be overwritten.
# allowable values: "All" or a combination of the following: "Options", "FileInfo",
# "Authconfig", "Limit"
#
AllowOverride None

#
# controls which users can obtain data from this server.
#
Order Allow,deny
Allow from all
</Directory>

Description
Allow and deny can be used in Apache conf files or. htaccess files (with directory, location, files, etc.) to control access authorization for directories and files.

So, the most common is:

Order Deny,allow
Allow from all

Note that there is only one comma in the middle of "Deny,allow", there can be only one comma, there is a space error, and the word is not limited in size. The meaning of the above is to set the first "check the forbidden set, no forbidden all allow", and the second sentence does not deny, that is, no forbidden access to the setting, directly allows all access. This is primarily used to ensure or overwrite the settings of the parent directory and to open all content access rights.

According to the above explanation, the following settings are unconditionally forbidden to access:

Order Allow,deny
Deny from all

If you want to prohibit access to part of the content, all other open:

Order Deny,allow
Deny from Ip1 ip2

Or

Order Allow,deny
Allow from all
Deny from Ip1 ip2

Apache will decide which rule to use at the end of order, such as the second one above, although the second sentence allows access, but since allow is not the last rule in order, it also needs to see if there is a deny rule, so in the third sentence, Access that complies with IP1 and IP2 is banned. Note that the "last" rule of order decision is very important, and here are two examples of errors and how to correct them:

Order Deny,allow
Allow from all
Deny from domain.org

Error: You want to prohibit access from domain.org, but deny is not the last rule, Apache has successfully matched the second sentence to allow, and will not see the third sentence at all. Solution: Order Allow,deny, the following two sentences do not move, you can.

Order Allow,deny
Allow from ip1
Deny from all

Error: You want to allow access only from IP1, however, although the second sentence is set to enable rule, because the order of the deny after, so the third sentence will prevail, and the scope of the third sentence is clearly included in the IP1 (all include ip1), so all access is forbidden. Workaround One: Remove the third sentence directly. Workaround Two:

Order Deny,allow
Deny from all
Allow from ip1
Summary: The rule is that order Deny,allow indicates that the deny priority is low and allow priority is high, and order Allow,deny indicates that allow priority is low and the deny priority is high.

(iii) Create a virtual directory
If our site is built in a different directory, such as/opt/www/lk, is not in the main directory/var/www/html can not access it? Of course not.
You can use a virtual directory to allow users to access files in other directories. The virtual directory is a directory that is located outside of the Apache home directory, and we typically make the web accessible by creating an alias for the virtual directory. It is safe to do this, the second is to access the simple, do not enter so long is the directory address, but only with the input of a simple alias on the line; third, easy to move the site directory, as long as the virtual directory name unchanged, change the actual location, will not affect the Web access.
We use the alias option to create a virtual directory, such as
alias/bbs/"/opt/www/lk/"
<directory "/opt/www/lk/" >
Options Indexes MultiViews
AllowOverride None
Order Allow,deny
Allow from all
</Directory>

(iv) Certification of users
User authentication is a very important part of network security, so that users who want to access the specified website can enter a user name and password to log in, and play a natural security barrier. Apache's security certifications are also common in practical use. Here's an example of how to implement user authentication in an Apache server.
We operate on the above virtual directories:
alias/bbs/"/opt/www/lk/"
<directory "/opt/www/lk/" >
Options Indexes MultiViews
AllowOverride None
Order Allow,deny
Allow from all
AuthType Basic
AuthName "Welcome go home:"
Authuserfile/etc/httpd/authpwd
Require User Laoda Laoer
</Directory>
Description
AuthType: Defines the type of user authentication, commonly used is the basic provided by Mod_auth;
Authname:web browser Displays the prompt text when entering user name and password box;
AuthUserFile: Defines the path of the password file htpasswd;
Require User: Defines the list of users allowed to access, separated by a space between the names.
After that, create the Authpwd file to save the password, touch/etc/httpd/authpwd
Next, write the user name and password to the file (note: The first time you create a user with the-c parameter, the second user is created without having to write, or overwrite just the user):
[[email protected] HTTP] #htpasswd-c/etc/httpd/authpwd Laoda
New Password:
Re-type New Password:
ADD Password for user Laoda
[[email protected] http] #htpasswd/etc/httpd/authpwd laoer
New Password:
Re-type New Password:
ADD Password for user laoer
Now the service httpd restart, and then use the browser to access this Linux IP address.

(v) Configuring a virtual host
To save money and increase the efficiency of server utilization, we can build multiple "hosts" on a single machine. Each host can provide Web services to external, in the outside world seems to be a few different sites, but for the server, in fact, seemingly different sites, in fact, they are running on the same host on the different virtual host just.
How do I configure a virtual host? Apache's virtual hosting capabilities are very powerful, and the configuration is simple. Mainly divided into IP-based and domain-based virtual host.
Let's first configure the IP-based virtual hosting. There are also two options, how many available IPs do you have now? If you buy a lot of IP, then you can assign each virtual host different IP, let them use the same port, this is one. If in this era of IP shortage, you do not have so many IP, only buy one, then you can use an IP address and different ports, so that different ports to access different virtual hosts.
1, the IP address is the same, but the port number is different:
Now on my CentOS, there is only one ip:192.168.0.94, I would like to use 8080 and 80,812 ports respectively to configure two sites, edit httpd.conf:
Listen 8080
Listen 8081
<virtualhost 192.168.0.94:8080>
Documentroot/var/www/web1
DirectoryIndex index.html index.htm
Hostnamelookups off
</VirtualHost>
<virtualhost 192.168.0.94:8081>
Documentroot/var/www/web2
DirectoryIndex index.html index.htm
Hostnamelookups off
</VirtualHost>
Restart the service.

2, the port number is the same, but the IP address is different, if one is 94, one is 95:
<virtualhost 192.168.0.94>
ServerName 192.168.0.94:80
Documentroot/var/www/web1
DirectoryIndex index.html index.htm
</VirtualHost>
<virtualhost 192.168.0.95>
ServerName 192.168.0.95:80
Documentroot/var/www/web2
DirectoryIndex index.html index.htm
</VirtualHost>

If the machine has only one network card, then you have to bind the multi-IP on this NIC:

Ifconfig eth0:1 192.168.0.95

3. Domain-based virtual host

Namevirtualhost 192.168.0.94:
<virtualhost www.web1.com>
ServerName www.web1.com:80
Documentroot/var/www/web1
DirectoryIndex index.html index.htm
</VirtualHost>
<virtualhost www.web2.com>
ServerName www.web2.com:80
Documentroot/var/www/web2
DirectoryIndex index.html index.htm
</VirtualHost>

Then everyone in, Linux under the/etc/hosts file or under Windows c:/winnt/system32/drivers/etc/hosts file, add
192.168.0.94 www.web1.com
192.168.0.94 www.web2.com

Please note that after the virtual machine configuration has changed, be sure to restart.

(vi) Added PHP support

At this point, our Apache can only support static HTML or HTM end of the file, want to support PHP also need to do the following:

#rpm-qa | grep php, query whether the computer has installed a PHP program, if not installed, then enter the CentOS directory on the CD-ROM, open the terminal in the Blank space:
#rpm-IVH php-common-5.1.6-20.el5.i386.rpm
#rpm-IVH php-cli-5.1.6-20.el5.i386.rpm
#rpm-IVH php-5.1.6-20.el5.i386.rpm
In this case, create a new ok.php script in the/var/www/html directory and write the following:

Enter "http://web server ip/ok.php" in the browser to see if it is successful.
For historical reasons, some programs end with. php3 or. PhP4. We need to modify the PHP configuration file to open the/etc/httpd/conf.d/php.conf
Modify the "#AddType Application/x-httpd-php-source. php" to "AddType application/x-httpd-php-source. php. php3. PhP4", to remove #, There are spaces in front of the PHP3/4.


Exercise 1:

You use the server to build a Web server on CentOS, set "/opt/own name Pinyin" for the newly created virtual directory, this virtual directory alias is "Exam", in this virtual directory, you create a new HTML document named "Index.htm",<body> The content is "write your own name". Create Apache user authentication, add two users user1 (password 123456) and user2 (password 654321), and finally visit "ip/exam/:8080" with a browser to see the page that displays your name. Exercise 2: Configure a virtual host. Thinking, how to configure a virtual host, which runs on four sites, respectively, is 192.168.0.101 run web1,192.168.0.102 run web2,192.168.0.100 www.cba.com and www.nba.com two sites.

Apache server configuration and management under CentOS

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.