httpd configuration file ()

httpd (httpd.*) command:

-H Display Help

-T shows whether the master profile syntax has errors

-M displays the modules loaded by the current service

-l display module to edit into kernel

Yum install httpd (Apache):

RPM Package Installation: CentOS Base Source:

Compile-and-install: Build-to-install is only recommended when customizing new features (installation is not good for operations)

centos6:httpd-2.2

Sysinit Script Startup:/etc/rc.d/init.d/httpd

Configuration file:/etc/httpd/conf/httpd.conf

/etc/httpd/conf.d/*.conf (including module configuration file)

Program Files:

/etc/sbin/httpd

/etc/sbin/http.event

/etc/sbin/httpd.worker

There are three program files on CentOS6 because the DSO is not supported for dynamic loading and unloading

Modify default startup which file modified:/ETC/SYSCONFIG/HTTPD file

Log file:/var/log/httpd

Access_log: Access date to (analysis of users interested in those products)

Error_log: Error Date to

Site Document root directory:/var/www/html

Module Files directory:/usr/lib64/httpd/modules/

centos7:httpd-2.4

Systemd Unit File:/user/lib/systemd/system/httpd/service

Supports DSO dynamic loading and unloading on CentOS7 so there is only one master file and different modules

Most are the same as CENTOS6, but the main program has one, and the event and worker are replaced by a modular approach provided

Profile Increase:/etc/httpd/conf.moudles.d/*.conf (module configuration file)

After starting the service, the default/etc/httpd/conf.d/welcome.conf file is the test page, and if you remove the file, the directory index structure is displayed (see if the configuration is on) or 401 (3?).

http2.2 Base configuration file:/etc/httpd/directory

conf/httpd.conf (master configuration file), conf.d/*.conf: Configuration file

Logs: Log file

Conf.modules.d/: module file

Master configuration file:/etc/httpd/conf/httpd.conf

A configuration file consists of directives and values:

Directive (parameter, case insensitive) +value (value)

Value: Most are case insensitive except for paths

The file is divided into three sections:

1, global configuration segment: # # section 1:global Environment

2, Central host configuration: # #Section 2: ' Main ' service Configuraton

3, Virtual Host configuration: # #Section 3:virtual hosts "(a field that is not defined by a virtual host is usually inherited in the main configuration segment)

4,2,3 does not usually take effect at the same time

5, if it is a relative path, it is relative to DocumentRoot

Effective after modification: (SYSTEMCLT (Service) reload (restart) httpd)

Reload overloading

Restart Restart service typically only modifies ship ports and addresses for use

Global Configuration segment: (httpd-t Check the configuration file for syntax errors before restarting)

1 Modifying the Listening port and address: (Virtual configuration segment available)

Listen [IP:] PROT

(1) The instruction can be defined multiple times;

(2) Omit IP, indicate 0.0.0.0 (all valid IP on this machine);

2 Persistent links (default one web has n resources one time link request One resource must have multiple handshake requests N Resources This feature makes a link request multiple resources This can save a lot of resources)

After the persistent CONNECTION:TCP link is established, the resource acquisition completes without disconnecting the link, but continues to wait for other resources to be requested, typically the client disconnects after the resource request is completed, and if the server disconnects after a period of time, freeing up resources to service the next customer ), the amount limit and the time limit are relatively short for concurrent service downtime.

KeepAlive On|off (whether to open persistent links)

Maxkeepaliverequests (maximum requested resource count)

KeepAliveTimeout (persistent link time s)

3 MPM Multi-processing modules (multipath processing module)

http2.2 does not support DSO mechanism, event for test; for three commands (httpd,httpd.worker,http.event)

Set the default enabled module service in the main configuration file:

Httpd=/usr/sbin/httpd. {Worker|event}

The configuration section of the module in the master configuration file:

<ifmodule prefork.c> (Master process and several sub-processes, child process waiting to be linked, master process root, child process Apache identity)

Startservers 8 (number of pre-created idle child processes)

Minspareservers 5 (Minimum idle process)

Maxspareservers 20 (max Idle process)

Serverlimit 256 (maximum number of processes)

MaxClients 256 (maximum number of clients, limit maximum number of concurrent links)

Maxrequestsperchild 4000 (maximum number of resources per process can be requested)

</IfModule>

<ifmodule worker.c> (Level three structure, master process initiates child processes, child processes enable threading service)

Startservers 4

MaxClients 300 (maximum number of concurrent links (threads))

Minsparethreads 25 (minimum number of idle threads)

Maxsparethreads 75 (max idle thread)

Threadsperchild 25 (How many threads each child process starts)

Maxrequestsperchild 0

# #每个进程启用25个线程 four processes altogether 100 threads, the maximum idle is 75 threads, starts automatically kills a process, the mortal cannot understand.

</IfModule>

The concept of PV:

(Number of resources per page) (Average load time per resource) (Maximum concurrent quantity)

Per page Resource 80 average per resource load requires 500ms concurrent quantity 256

PV=256*2 (load two resources in one second) *86400 (number of seconds in a day)/80=55w (maximum visits per day) Page View

Uv:user View (average number of pages per user clicked, active users)

4.DSO Dynamic loading: In the main profile segment (version 2.4 in/conf.moudles.d/files)

LoadModule directive

LoadModule Mod_name modules/moudle_files.so

5.### Section 2: ' Main ' server configuration

Typically, the instructions that are not in these two configuration segments inherit the configuration from the main configuration segment, and the master and virtual server configurations do not take effect at the same time:

(1) ' Main ' Server configuration segment (there is a single site service on a single server)

Defining servers and hosts is essential:

ServerName Fqdn:port Primary server is defined in the main configuration section (in the experiment, after the native definition, also edit/etc/hosts add IP address and FQDN correspondence to open in native browser)

DocumentRoot (Path mapping)

6. Site resource access control (can take effect in master profile or virtual host)

(1) File system based (2.2 accessible by default) 2.4 is not accessible by default

<directory "/path/to/some_dir" > (Action for folder, configuration content is only valid for this folder)

...

</Directory>

<file "" > ...</file> (for Files only in the container)

<filematch "PATTERN" > ...</filematch> (for files that are matched by a regular match)

(2) URL-based path

<location "/path/to/some_url" >...</Location> (for URL access control)

<locationmatch "PATTERN" >...</LocationMatch> (regular expression for URLs)

(2) Common options in the catalog:

[1] Options: Used to define the presentation of resources, followed by a blank character separated by the "options" list;

Indexes includes followsymlinks symlinksifownermatch execcgi multiviews None All

Indexes: Allow indexing;

FollowSymLinks: Allows the tracking of symbolic links; (allows the specified file or path to exist as a soft connection, at a high risk)

SymLinksIfOwnerMatch (same principle, but file or directory owner (user running httpd) must be compliant and less risky than followsyslinks)

execcgi: Allows the execution of CGI scripts, (early CGI can have super Superid permissions, unless the Web page uses this feature, otherwise try not to open)

Includes: Contains slightly

If a site does not have a home page and does not allow indexes, then 403 is displayed, but if there are other URLs that can be accessed.

[2] allowoverride [none|all| Fileinfo|authconfig|limit] (used to control which commands can be placed in the. htaccess)

HTTPD allows you to use the. htaccess file for access control of a single directory resource in each directory of a Web document. This command can be stored in a. htaccess file;

For example, the/data/web/directory has the. htaccess edit this file to achieve access control if the use of server performance drops sharply (you must search for this file. The current directory does not search the parent directory)

[3]order and Llow/deny from (controlling who can get resources on the current server)

IP address-based access control;

Order defines the order in which allow and deny are effective;

Allow from All/ip/network/fqdn

Deny from All/ip/network/fqdn

Source Address format:

Ip

NETADDR: Format;

172.16;

172.16.0.0;

172.16.0.0/16;

172.16.0.0/255.255.0.0;

Fqdn

Damain

Order *, * (who is the default rule after)

Order Deny,allow;deny is the default rule and does not indicate that allow is not allowed (secure)

Order Allow, deny (if not deny, is allow (default))-->> source requests follow the best matching rule mechanism;

Oeder Allow,deny #deny为默认法则 deny from 172.16.100.67 #不允许这个地址 allow from 172.16 #允许这个网 Paragraph

The order of deny and allow is no different (not the first line of order), the best matching rule: When a host access, see which one can be the smallest match, whichever one takes precedence (172.16.100.67 minimum match deny, so deny takes effect)

Oeder Allow,deny #deny为默认法则 deny from 172.16.100.67 #不允许这个地址 allow from 172.16 #允许这个网段 The Deny from all #172.16.1.1 minimum match allows from 172.16s so you can access

7. Define the site Main Page

DirectoryIndex index.html Index.html.var

Can be multiple values from the search, if not see if the options indexes returns the index list, if not, return 403

8. Define PATH Aliases:

alias/url/"/path/to/some_dir/" (URL is just a definition. Not necessarily a directory)

DocumentRoot "/data/web"

When visiting http://www.zxtest.com/images/logo.jpg <--/data/web/images/logo.jpg

httpd configuration file ()