httpd-2.2 Configuration supplement and httpd-2.4 analysis

The book on the back, although some of the previously written on the httpd-2.2 on the common configuration has become very comprehensive, but there are some configurations we can not ignore:

13. Status Page
LoadModule Status_module modules/mod_status.so

This is a Server Status page that allows the administrator to find and view the status through the input path on the client browser, such as the IP on my CentOS 6 is 172.16.0.210, then enter in the Address bar: 172.16.0.210/server-status

650) this.width=650; "style=" Float:none; "title=" Image 000.png "src=" http://s5.51cto.com/wyfs02/M00/84/2E/ Wkiom1ehqlxyqb57aacf7temyqg126.png-wh_500x0-wm_3-wmp_4-s_3095627146.png "alt=" Wkiom1ehqlxyqb57aacf7temyqg126.png-wh_50 "/>

650) this.width=650; "style=" Float:none; "title=" Image 001.png "src=" http://s1.51cto.com/wyfs02/M00/84/2E/ Wkiol1ehqlbwnsnlaaeghpnk66g278.png-wh_500x0-wm_3-wmp_4-s_2358694110.png "alt=" Wkiol1ehqlbwnsnlaaeghpnk66g278.png-wh_50 "/>

As can be seen from the Hello world, this is my primary server, I do not use the virtual server (because the 6 in the master configuration is written, remove the comments can be used)

650) this.width=650; "title=" Image 000.png "src=" http://s4.51cto.com/wyfs02/M00/84/2E/ Wkiom1ehqnfwsiayaaavvqru2ho963.png-wh_500x0-wm_3-wmp_4-s_567265949.png "alt=" Wkiom1ehqnfwsiayaaavvqru2ho963.png-wh_50 "/>

Note: In the main configuration of CentOS 7 does not have this entry, want to add, the virtual server is added in the virtual server configuration file, whether in 6 or 7, the format is only the head and tail of the container and the first line of the SetHandler Server-status is required, The rest of the following are the user access controls that were previously mentioned

And if this is set, we will get more detailed page information.

650) this.width=650; "title=" Image 000.png "src=" http://s2.51cto.com/wyfs02/M00/84/2E/wKiom1eHrOKRsbuPAAAE_ Vb6ess716.png-wh_500x0-wm_3-wmp_4-s_3698861965.png "alt=" Wkiom1ehrokrsbupaaae_vb6ess716.png-wh_50 "/>

650) this.width=650; "title=" Image 000.png "src=" http://s2.51cto.com/wyfs02/M01/84/2E/ Wkiom1ehryjxwtklaac0rpvbq30948.png-wh_500x0-wm_3-wmp_4-s_4066324732.png "alt=" Wkiom1ehryjxwtklaac0rpvbq30948.png-wh_50 "/>

14. Curl Command

Curl is a file transfer tool that works in command-line mode based on URL syntax, which supports protocols such as FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, file, and LDAP. Curl supports HTTPS authentication, and supports HTTP post, put and other methods, FTP upload, Kerberos authentication, HTTP upload, proxy server, cookies, username/password Authentication, download file breakpoint continuation, upload file breakpoint continuation, HTTP proxy Server pipeline (proxy tunneling), even it supports IPV6, SOCKS5 proxy server, upload files via HTTP proxy server to FTP server and so on, the function is very powerful.

curl [Options] [URL ...]

Common options for Curl:

-a/--user-agent <string> set up user agent to send to server
--basic using HTTP Basic authentication
--tcp-nodelay using the Tcp_nodelay option
-e/--referer <URL> Source URL
--cacert <file> CA Certificate (SSL)
--compressed required to return a compressed format
-h/--header <line> Custom header information to the server
-i/--head only the response message header information is displayed
--limit-rate <rate> Set Transfer speed
-u/--user <user[:p assword]> setting up the user and password for the server
-0/--http1.0 Using HTTP 1.0

15, User/group
Specifies the user's identity to run the httpd service process;

In the configuration file:
User Apache
Group Apache

16, using Mod_deflate module compression page optimized transmission speed

Applicable scenarios:
(1) Save bandwidth, additional CPU consumption, at the same time, some older browsers may not support;
(2) Compressing resources suitable for compression, such as files;

17, HTTPS, HTTP over SSL

A simplified process for SSL sessions
(1) The client sends an alternative encryption method and requests a certificate from the server;
(2) The server side sends the certificate and the selected encryption method to the client;
(3) The client obtains the certificate and carries on the certificate verification:
If you trust the CA to which the certificate is issued:
(a) legality of the source of the verification certificate; The digital signature on the certificate is decrypted with the CA's public key;
(b) Legality of the content of the positive certificate: completeness of the verification
(c) Check the validity period of the certificate;
(d) Check whether the certificate has been revoked;
(e) The name of the owner of the certificate, consistent with the target host of the visit;
(4) The client generates a temporary session key (symmetric key) and uses the server-side public key to encrypt the data sent to the server to complete the key exchange;
(5) The service uses this key to encrypt the resource requested by the user, responding to the client;

Note: SSL sessions are created based on IP address, so only one HTTPS virtual host can be used on a single IP host;

Configure HTTPD to support https:
(1) Apply for a digital certificate for the server;
Testing: Issuing a certificate through a privately built CA
(a) creating a private CA
(b) Create a certificate signing request on the server
(c) CA Visa

(2) Configure HTTPD to support the use of SSL, and the use of certificates;
# yum-y Install Mod_ssl

Configuration file:/etc/httpd/conf.d/ssl.conf
DocumentRoot
ServerName
Sslcertificatefile
Sslcertificatekeyfile
The above path is changed to the appropriate configuration

Prior to learning OpenSSL, I had established a self-visa at 7, and I took it.

650) this.width=650; "title=" Image 000.png "src=" http://s1.51cto.com/wyfs02/M02/84/2E/ Wkiol1ehsgsbirciaaan71lpvyo522.png-wh_500x0-wm_3-wmp_4-s_3884708425.png "alt=" Wkiol1ehsgsbirciaaan71lpvyo522.png-wh_50 "/>

And this time I also will 7 as a host, that is, homegrown

Mr. Cheng Private key

~]# Mkdir/etc/httpd/ssl
~]# Cd/etc/httpd/ssl
~]# (umask 077; OpenSSL genrsa-out/etc/httpd/ssl/httpd.key 2048)

The request is then generated:

~]# OpenSSL req-new-key/etc/httpd/ssl/httpd.key-out/etc/httpd/ssl/httpd.csr-days 365

650) this.width=650; "title=" Image 000.png "src=" http://s3.51cto.com/wyfs02/M00/84/2E/ Wkiom1ehtkpjjf8-aaahthfdbp0090.png-wh_500x0-wm_3-wmp_4-s_1267677061.png "alt=" Wkiom1ehtkpjjf8-aaahthfdbp0090.png-wh_50 "/>

For the request process

Below we want to request the CA will be visa, because it is their own, so good business

~]# OpenSSL ca-in/tmp/httpd.csr-out/etc/pki/ca/certs/httpd.crt-days 365

After

~] #cp/etc/pki/ca/certs/httpd.crt/etc/httpd/ssl/

Finally configure HTTPD to support the use of SSL, and the use of certificates;
# yum-y Install Mod_ssl

This module is generally installed on its own

Configuration file:/etc/httpd/conf.d/ssl.conf
DocumentRoot
ServerName
Sslcertificatefile
Sslcertificatekeyfile
The above path is changed to the appropriate configuration

18, httpd Self-brought tool program

Htpasswd:basic authentication based on file implementation, the use of the account password file generation tool;
Htdbm/htdigest
APACHECTL:HTTPD comes with a service control script that supports start and stop;
APXS: Provided by the Httpd-devel package, extended httpd tools using third-party modules: Apache eXtenSion Tool
Rotatelogs: Log Scrolling tool;
Access.log-->access.log, Access.1.log-->access.log, Acccess.1.log, Access.2.log
suEXEC: When accessing certain resources with special permission configuration, the temporary switch to the specified user is run;
Ab:apache Bench

19, httpd pressure test tools

AB, Webbench, Http_load, seige

JMeter, LoadRunner

Tcpcopy: NetEase, reproduce the real request in the production environment, and save it;

AB [OPTIONS] URL
-N: Total number of requests;
-C: The number of concurrent simulations;
-K: Tested in persistent connection mode;

The above is the basic configuration of httpd-2.2

httpd-2.4:

New features:
(1) MPM support operation for the DSO mechanism, in the form of modules on-demand loading;
(2) The event MPM production environment is available;
(3) Asynchronous reading and writing mechanism;
(4) Support individual log level definitions per module and per directory;
(5) Each request related to the special configuration;
(6) Enhanced version of the expression parser;
(7) The duration of the millisecond-level persistent connection is defined;
(8) FQDN-based virtual host is no longer required namevirutalhost instructions;
(9) new directive, allowoverridelist;
(10) Support user-defined variables;
(11) Lower memory consumption;

New module:
(1) mod_proxy_fcgi
(2) mod_proxy_scgi
(3) Mod_remoteip

Configuration app is different from httpd-2.2:
(1) Switch the MPM used
Edit the configuration file/etc/httpd/conf.modules.d/00-mpm.conf, enabling the MPM-related loadmodule instructions to be enabled.

(2) IP-based access control
Allow all hosts access: Require all granted
Deny all host access: Require all denied

To control specific IP access:
Require IP ipaddr: IP access authorized for the specified source;
Require not IP ipaddr: Deny

To control specific host access:
Require host HOSTNAME: Authorized to access the specified source of hosts;
Require not host HOSTNAME: Deny

HOSTNAME:
FQDN: Specific host name
DOMIN.TLD: Specify all hosts under the domain name

<RequireAll>
Require all granted
Require not IP ip_addr
</RequireAll>

(3) Virtual host
The FQDN-based virtual host also no longer requires namevirutalhost instructions;

<virtualhost *:80>
ServerName
DocumentRoot

<directory "" >
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>

Note: Pages in any directory can only be accessed by explicit authorization

(4) KeepAliveTimeout #ms
The length of the millisecond-level persistent connection is defined;

With these configurations in place, we can better manage our web servers and write some configurations into scripts that are both convenient and avoid the trouble of mis-operation. Because of some of the above differences, the script on 6 and 7 may be somewhat different, of course, the cow can write a common script between the two, but this for us, the price is too low, and sometimes, or do it yourself to configure the file to be the most able to solve the problem.

httpd-2.2 Configuration supplement and httpd-2.4 analysis