实验环境:VMware Workstation Pro 14(试用版)系统平台:CentOS release 6.9 (Final) 内核 2.6.32-696.el6.x86_64Server version: Apache/2.4.29 (Unix)
New features
? MPM支持运行为DSO机制;以模块形式按需加载? event MPM生产环境可用? 异步读写机制? 支持每模块及每目录的单独日志级别定义? 每请求相关的专用配置? 增强版的表达式分析式? 毫秒级持久连接时长定义? 基于FQDN的虚拟主机不需要NameVirutalHost指令? 新指令,AllowOverrideList? 支持用户自定义变量? 更低的内存消耗? 修改了一些配置机制 不再支持使用Order, Deny, Allow来做基于IP的访问控制? 新模块 ? (1) mod_proxy_fcgi FastCGI Protocol backend for mod_proxy ? (2) mod_remoteip Replaces the apparent client remote IP address and hostname for the request with the IP address list presented by a proxies or a load balancer via the request headers. ? (3) mod_ratelimit Provides Bandwidth Rate Limiting for Clients
Apache HTTP Server 2.4 documentation
Http://httpd.apache.org/docs/2.2/
Main Program Files:
/usr/sbin/httpd
RPM Installation program Environment:
Configuration file:
/etc/httpd/conf/httpd.conf/etc/httpd/conf.d/*.conf
Module-related configuration files:
/etc/httpd/conf.modules.d/*.conf
SYSTEMD Unit File:
/usr/lib/systemd/system/httpd.service
Main Program Files:
/usr/sbin/httpdhttpd-2.4支持MPM的动态切换mpm中的worker和even变为以模块方式进行加载了
Log file:
/var/log/httpdaccess_log:访问日志error_log:错误日志
Site Documentation:
/var/www/html
Module file path:
/usr/lib64/httpd/modules
Service Control:
Systemctl enable|disable Httpd.service
Systemctl {Start|stop|restart|status} httpd.service
HTTPD 2.4 Common Configuration Definitions Site Directory
默认DocumentRoot "/var/www/html"目录需要明确授权才可以访问,这个与2.2版本差异比较大<Directory "/app/www"> > 这里也是需要修改为对应的目录 Require all granted</Directory>记得修改目录的属主与权限此项修改只需要reload即可
Switch the MPM used
Centos 7仅仅把需要使用的模式注释即可LoadModule mpm_prefork_module modules/mod_mpm_prefork.so > 默认模式#LoadModule mpm_worker_module modules/mod_mpm_worker.so#LoadModule mpm_event_module modules/mod_mpm_event.soCentos 6Include /etc/httpd24/extra/httpd-mpm.confLoadModule mpm_event_modulemodules/mod_mpm_event.so
MPM工作模式prefork:多进程I/O模型,每个进程响应一个请求,默认模型一个主进程:生成和回收n个子进程,创建套接字,不响应请求多个子进程:工作work进程,每个子进程处理一个请求;系统初始时,预先生成多个空闲进程,等待请求,最大不超过1024个worker:复用的多进程I/O模型,多进程多线程,IIS使用此模型一个主进程:生成m个子进程,每个子进程负责生个n个线程,每个线程响应一个请求,并发响应请求:m*nevent:事件驱动模型(worker模型的变种)一个主进程:生成m个子进程,每个进程直接响应n个请求,并发响应请求:m*n,有专门的线程来管理这些keep-alive类型的线程,当有真实请求时,将请求传递给服务线程,执行完毕后,又允许释放。这样增强了高并发场景下的请求处理能力
IP-based access control
No explicitly authorized directory, default deny
Pages in any directory can only be accessed by explicit authorization
允许所有主机访问: Require all granted拒绝所有主机访问: Require all denied允许指定: Require ip IP地址 Require host 主机FQDN名称可整个域名之下的主机拒绝指定: Require not ip IP地址 Require not host 主机FQDN名称可整个域名之下的主机
Grammar:
允许所有,拒绝特定 (拒绝优先)<RequireAll> > 关键语法Require all granted > 必须Require not ip 192.168.5.102</RequireALL>拒绝所有,允许特定 (允许优先)<RequireAny> > 关键语法Require all denied > 必须Require ip 192.168.5.102</RequireAny>效果等同上一个配置<Directory "/app/www"> Require ip 192.168.5.102 > 仅允许特定IP</Directory>以下这种语法是错误的,因为默认的法则是拒绝,而这里却没有允许的特例<Directory "/app/www"> Require not ip 192.168.5.102</Directory>
Virtual Host
FQDN-based virtual host no longer requires namevirutalhost directives
<VirtualHost *:80> DocumentRoot /app/www ServerName www.hunk.tech <Directory "/app/www"> > 必须配置具体目录的访问授权 Require all granted > 允许所有 </Directory></VirtualHost>
Sendfile mechanism
Improve performance. Sendfile () reduces the number of switches and also reduces the number of copies
工作过程 硬盘 >> kernel buffer (快速拷贝到kernel socket buffer) >> 协议栈
默认开EnableSendfile on
Enable Proxy
ProxyPass "/" "http://www.example.com/" > 正向代理到后端服务器ProxyPassReverse "/" "http://www.example.com/" > 如果响应中有302重定向,ProxyPassReverse就派上用场ProxyPass "/images" "http://www.example.com/"ProxyPassReverse "/images" http://www.example.com/客户端到服务器称之为正向代理,服务器到客户端就叫反向代理
示例:<VirtualHost *:80> DocumentRoot /app/www ServerName www.hunk.tech proxypass "/" "http://192.168.5.102" ProxyPassReverse "/" "http://192.168.5.102" <Directory "/app/www"> Require all granted </Directory></VirtualHost>#curl 192.168.5.103proxy from 192.168.5.103
Centos 6 Apache httpd 2.4 Main configuration detailed