HTTPD (Apache) configuration file (httpd.conf) An explanation of Chinese in English

I have seen some books about httpd in recent days, and by the way I have recorded the knowledge I learned, not very proficient,

Just some of the fur, can help some bad English just contact Linux under httpd classmate, the wrong please comment correct.

HTTPD Features and functions:

Create a process beforehand

Maintenance of appropriate processes on demand

Modular design, the core is relatively small, a variety of functions are modules added

Support Run configuration, support individual compile module

Support multiple ways of virtual host configuration: (IP-based virtual host, Port-based virtual host, domain-based virtual host)

Support for HTTPS protocol (MOD_SSL)

Support user authentication

Support for IP-or host-name-based ACLs

Supports access control for each directory

Support for URL rewriting

HTTPD is based on SELinux (so the selinux must be shut down in the installation)

# #查看apache配置文件的段落: grep "section" httpd.conf

instruction does not partition character case

Value is case-sensitive as needed

HTTPD test syntax is correct: httpd-t

Apache Local View manual Installation Httpd-manual package, browser input: ip/manual to view the manual

View HTTPD supported multi-channel processing modules: httpd-l/RPM-QL httpd | grep bin

Modify the default boot multi-Channel module: VIM/ETC/SYSCONFIG/HTTPD-#HTTPD =/usr/sbin/httpd.worker

Apache (httpd.conf configuration file explanation)

1. (Global configuration)

ServerRoot "/ETC/HTTPD"---#apache工作目录

Pidfile run/httpd.pid---#运行服务的PID进程

Timeout---#TCP三次握手连接超时时间

KeepAlive Off---#是否使用长连接

Maxkeepaliverequests---#打开长连接规定允许打开多少请求 (set 0 for unlimited)

KeepAliveTimeout---#长连接超时断开时长

MPM: Multi-channel processing module

Mpm_winnt (Windows)

Prefork (a request with a process response)

Worker (one request responds with one thread)--(Starts multiple processes, each process generates multiple threads)

Event (one process handles multiple requests)

<ifmodule prefork.c> (PREFORK.C module)---(later parameters can be determined according to their own tests)

Startservers 8----Start 8 processes after each boot

Minspareservers 5----Guaranteed 5 idle processes at any time (when less than 5, the system starts 1 processes)

Maxspareservers----Maximum idle process of 20

Serverlimit----limit on the maximum number of simultaneous requests to clients

MaxClients----Max Client simultaneous request (must adjust serverlimit when adjusting parameters)

Maxrequestsperchild 4000----The maximum number of times a process responds

</IfModule>

<ifmodule worker.c> (WORKER.C module)---(later parameters can be determined according to their own tests)

Startservers 4----Start 4 processes after each boot

MaxClients ----Max client simultaneous request

minsparethreads----Minimum idle thread

Maxsparethreads----Maximum space thread

Threadsperchild----A maximum of 25 threads per process can be generated

Maxrequestsperchild 0----How many requests each process responds to (because WORKER.C is a thread to process the request, so the process is 0)

</IfModule>

Listen 80 (Listening port can also be IP plus port: 127.0.0.1:8080)

2. Primary service Configuration

DocumentRoot "/var/www/html"---Web root directory (URL path and local file system path not matter)

Options

None: No options are supported

Indexes: Allow index directory

FollowSymLinks: Allow access to source files for symbolic links

Includes: Allow execution of server inclusions (SSI)

EXECCGI: Allow CGI scripts to run

All: Support all options

Order: Used to define host-based access capabilities, IP, network address, or host-defined access control mechanisms

Order Allow,deny (pay special attention to the sequence of allow and deny)

Allow from all

Deny from

Example: Order allow,deny allow from 192.168.0.0/24 (this network segment is only accessible)

(Access project based on user authentication control)

allowoverride authconfig----Authenticated access

AuthType Basic---authentication method

AuthName "Local area authentication access"---comments

AuthUserFile "/ETC/HTTPD/CONF/HTPASSWD"---authenticated user's account and password file

(Create htpasswd file with htpasswd-c-m/etc/httpd/conf/htpasswd user

(-c To create a file, if the file does not have to add-c) -M indicates that the user password is MD5 encrypted)

Require valid-user ---Authentication files are accessible to users

Require User Glory---As long as the certified Glory users visit

(Access project based on Group authentication control)

AllowOverride authconfig---authenticated access

AuthType Basic-authentication method

AuthName "404"--Certification Notes

AuthUserFile "/ETC/HTTPD/CONF/HTPASSWD"---authentication account and password

AuthGroupFile "/etc/httpd/conf/htgroup"---authentication Group (the account within the group must exist in the HTPASSWD)

Name of the Require Group myusers---certification groups

Users create their own web pages in the home directory (which is off by default):

Userdir Disabled (if you turn it on, add the # #)

Userdir public_html (Take this # off)---> Then add users to the system (Useradd Glory)-Create your own web directory (mkdir public_html/index.html) with a regular user login

-->root user's permissions to public_html (chmod o+x/home/glory)

DirectoryIndex index.html Index.html.var (directory index)

<files ~ "^\.ht" > (indicates that the project. ht files do not allow access to prevent theft)

Order Allow,deny

Deny from all

Satisfy All

</Files>

Hostnamelookups Off (log user-accessed IP, if on, the user's host name will be reversed)

Errorlog logs/error_log (definition error log)

(Define log format)

Logformat "%h%l%u%t \"%r\ "%>s%b \"%{referer}i\ "\"%{user-agent}i\ "" C ombined (shown with this remote host-remote login---long name--time--requested First line--state--Transmit bytes--tour device)

Logformat "%h%l%u%t \"%r\ "%>s%b" common

(Shown with this remote host--Remote login--long-range user name--time--the first line of the request-status-bytes transferred)

Logformat "%{user-agent}i" Agent: (Viewer)

Alias/luntan "/bbs/html" (Path alias setting)--(alias Slash to take with or without)

Virtual Hosting (services to multiple different sites): IP-based, port-based, domain-based

Based on the ip,host notation: ip1:80/ip2:80

Port host-based notation: ip:80/ip:8080

Domain-based host notation: *.80 (ServerName different)

Virtual Host Definition: (use the virtual host must shut down the central host, the virtual host and the central host can not be used together, shut down the central host method: DocumentRoot comments can be)

IP-based virtual hosts:

<virtualhost 192.168.77.112:80>

ServerName Hello.glory.com

DocumentRoot "/web/glory.com"

Customlog/var/log/httpd/hello.glory.com/access_log combined

Errorlog/var/log/httpd/hello.glory.com/error_log

</VirtualHost>

<virtualhost 192.168.77.113:80>

ServerName www.glory.org

DocumentRoot "/web/glory.org"

Customlog/var/log/httpd/www.glory.com/access_log combined

Errorlog/var/log/httpd/www.glory.com/error_log

<directory "/web/glory.org" >-----# # # (define user authentication in a virtual host)

Options None

AllowOverride authconfig

AuthType Basic

AuthName "Restrict Arae"

AuthUserFile "/ETC/HTTPD/.HTPASSWD"

Require Valid-user

</Directory>------#####

</VirtualHost>

Port-based virtual host (port 80,801 is set to listen in the configuration file (Listen 8080), because the default is 80 ports):

<virtualhost 192.168.77.112:8080>

ServerName www.b.net

DocumentRoot "/web/b.net"

Customlog/var/log/httpd/www.b.net/access_log combined

Errorlog/var/log/httpd/www.b.net/error_log

</VirtualHost>

Domain-based virtual host

Namevirtualhost 192.168.77.113:80 (open domain-based virtual host)

<virtualhost 192.168.77.113:80>

ServerName www.c.gov (domain name visited)

DocumentRoot "/web/c.gov" (Program directory)

Customlog/var/log/httpd/www.c.gov/access_log combined

Errorlog/var/log/httpd/www.c.gov/error_log

<directory "/web/c.gov" >----# # # (the IP defined in the virtual host does not allow access)

Options None

allowoverride None

Order Deny,allow

Deny from 192.168.77.100 —————— ####!

</Directory>

</VirtualHost>

Define the default virtual host (when the user enters a project that is not there or the virtual host resolves to the default virtual host):

<virtualhost _default_:80> (must be placed on top of all virtual hosts)

DocumentRoot "/web/default"

</VirtualHost>

httpd View server-status information (you can view the requests currently being processed):

<Location/server-status> (Default these are #, need to be turned on manually)

SetHandler Server-status

Order Allow,deny

Allow from All/allow from 192.168.77.100

</Location>

This article from the "experience-based staff" blog, reprint please contact the author!

HTTPD (Apache) configuration file (httpd.conf) An explanation of Chinese in English