Global configuration of apache server (full)

Source: Internet
Author: User

Apache server global configuration-server identification Configuration

Commands related to server identity:
ServerName
ServerAdmin
ServerSignature
ServerTokens
UseCanonicalName
UseCanonicalPhysicalPort

The ServerAdmin and ServerTokens commands control which server-related information will appear in the server-generated documents (such as error messages ). The ServerTokens command sets the value of the HTTP response header field of the server.
The ServerName, UseCanonicalName, and UseCanonicalPhysicalPort commands are used to determine how to construct a self-referenced URL. For example, a client sends a request to a directory but does not contain the last slash of the directory name "/", apache redirects the client to the full name containing "/" so that the client can correctly parse the relative references in the document.

ServerName command
Syntax: ServerName [scheme: //] FQDN [: port]
This command is used to set the server to identify its host name and port number. It is mainly used to create a Redirection URL.

For example, the host name of your web server is example.bob.com, but your web server also has a DNS alias www.bob.com In the DNS server. But you want the web server to be more prominent, you can use the ServerName command in http. conf to implement:
ServerName www.bob.com: 80

If ServerName is not specified, the server will try to reverse query the IP address to infer the host name. If no port number is specified in ServerName, the server listens to all ports. To enhance reliability and predictability, specify a host name and port number displayed by ServerName.
If you are using a domain name-based virtual Host, the ServerName in the <VirtualHost> segment will be used to match the virtual Host, and the Host name must be written in the "Host:" request header.

ServerAdmin command
Syntax: ServerAdmin email-address | URL
This command is used to set the Administrator email address contained in the error message returned from the server to the client. You can contact the Administrator immediately after receiving the error message.

ServerAdmin bob@126.com

ServerSignature command
Syntax: ServerSignature. | Off | Email
Default Value: ServerSignature Off
This command is used to configure the footer of the document generated on the server side (error message, FTP directory list of mod_proxy, and mod_info output ). This command is used to enable the footer mainly because when the footer is in a proxy server chain, the user cannot identify which server in the chain actually produces the returned error message.

In http. conf, this command is Off by default, so there is no error line. Using On will simply add a line about the server version and the ServerName that is providing the service;
For example, when I use ServerSignature., the following information appears when the web page is not opened:

Apache/2.2.11 (Unix) PHP/5.2.8 Server at 192.168.120.240 Port 80

For Versions later than 2.0.44, the detailed server version number is controlled by the ServerTokens command.

ServerTokens command
Syntax: ServerTokens Major | Minor | Min [imal] | Prod [uctOnly] | OS | Full
Default Value: ServerTokens Full
This command is used to control whether the "Server:" Response Header returned by the Server to the client contains information about the Server operating system type and compiled module.

Note: Enable the ServerSignature command before using the ServerTokens command.

ServerTokens Prod [uctOnly]: the server will send (for example): Apache
Apache Server at 192.168.120.240 Port 80
ServerTokens Major: the server will send (for example): Apache/2
Apache/2 Server at 192.168.120.240 Port 80
ServerTokens Minor: the server will send (for example): Apache/2.2
Apache and 2.2 Server at 192.168.120.240 Port 80
ServerTokens Min [imal]: the server will send (for example): Apache/2.2.11
Apache/2.2.11 Server at 192.168.120.240 Port 80
ServerTokens OS: the server will send (for example): Apache/2.2.11 (Unix)
Apache/2.2.11 (Unix) Server at 192.168.120.240 Port 80
ServerTokens Full: the server will send (for example): Apache/2.2.11 (Unix) PHP/5.2.8
Apache/2.2.11 (Unix) PHP/5.2.8 Server at 192.168.120.240 Port 80

UseCanonicalName command
Syntax: UseCanonicalName On | Off | DNS
Default Value: UseCanonicalName Off
This command is used to construct the self-referenced URL of Apache (a URL that is returned to the same server ).

UseCanonicalName.: The domain name set by ServerName will be used for all server_ports in self-referenced URLs, SERVER_NAME, and CGI. For example, if your web server has its own domain name, and there is a corresponding NS record in the DNS, and httpd. conf sets the ServerName domain name, then you enter http: // 192.168.120.240/bbs in the browser, it will automatically change this IP address into its corresponding domain name, such as http://www.bob.com/bbs. At this time, if the computer of other clients cannot correctly resolve the Domain Name of the web server, problems may occur when accessing this web server. Because the web server automatically converts an IP address to a domain name.

UseCanonicalName Off: if the client provides the host name and port, Apache uses the information provided by the client to build a self-Reference URL. These values are the same as those used to implement domain name-based virtual hosts and are available for the same client. The CGI variables SERVER_NAME and SERVER_PORT are also constructed by the values provided by the client.

UseCanonicalName DNS: this setting is used to support browsers that do not provide the "Host:" header for a large number of IP-based virtual hosts. With this option, Apache performs DNS reverse resolution on the IP address of the server connected to the client to build a self-Reference URL.

UseCanonicalPhysicalPort command
Syntax: UseCanonicalPhysicalPort. | Off
Default Value: UseCanonicalPhysicalPort Off
This command is used to configure how the server determines its own port.

UseCanonicalPhysicalPort.: Apache may use the actual physical port number to conform to the UseCanonicalName command when constructing the server's standard port.
UseCanonicalPhysicalPort Off: Apache does not use the actual physical port number, but relies on all configured information to construct a valid port number.

Note:
The order of using the physical port number is as follows:
UseCanonicalName.
Port number specified by Servername
Physical port number
Default port number

UseCanonicalName Off | DNS
"Host:" indicates the port number provided by the request header.
Physical port number
Port number specified by Servername
Default port number
When UseCanonicalPhysicalPort is Off, the physical port number is removed from the preceding sequence.

Apache server global configuration file location Configuration

Commands for file location:
CoreDumpDirectory
DocumentRoot
ErrorLog
LockFile
PidFile
ScoreBoardFile
ServerRoot

These commands control the location of various files required for Apache to work normally. If the path name does not start with a slash "/", the file is considered to be a relative path relative to ServerRoot.

CoreDumpDirectory command
Syntax: CoreDumpDirectory directory-path
This command is used to control the kernel dump directory used by Apache, which is located under "ServerRoot" by default. This directory is usually not writable for users running the server, and the kernel dump will not write content. If you need a kernel dump during debugging, you can use this command to specify another directory.

DocumentRoot command
Syntax: DocumentRoot directory-path
This command is used to set the directory where httpd provides services. Without instructions like Alias, the server attaches the URL in the request to the end of DocumentRoot to form the path pointing to the document.
For example:
DocumentRoot "/usr/local/httpd/htdocs"
When you access http: // 192.168.120.240/bbs/index.html, you actually access/usr/loca/httpd/htdocs/bbs/index.html.
If directory-path is not an absolute path, it is assumed to be a path relative to ServerRoot.
For example:
ServerRoot "/usr/local/httpd /"
DocumentRoot "htdocs"
When accessing http: // 192.168.120.240/bbs/index.html, it will still be located at/usr/loca/httpd/htdocs/bbs/index.html.

ErrorLog command
Syntax: ErrorLog file-path | syslog [: facility]
Default Value: ErrorLog "logs/error_log"
This command is used to set the file that records error logs when an error occurs on the server. If file-path is not an absolute path starting with/, it is considered a relative path relative to ServerRoot.

LockFile command
Syntax: LockFile filename
This command sets the location of the lock file used by Apache when the value of the AcceptMutex command is fcntl or flock. Generally, keep the default value. The main reason for changing the default value is that the logs directory is located on an NFS file system, because the lock file must be located on a local disk. The PID of the master server process is automatically added to the end of the file name.
Note: Do not place the lock file in a directory where anyone has the write permission, because you can create a file with the same name as the lock file attempted to be created by the server to prevent the server from starting.

PidFile command
Syntax: PidFile filename
Default Value: PidFile "logs/httpd. pid"
This command is used to set the server to record the PID of the parent process (monitoring process.
If the specified path is not an absolute path, it is considered a relative path relative to ServerRoot.

ScoreBoardFile command
Syntax: ScoreBoardFile file-path
This command is used to set the file that stores the sub-process coordination data. Apache uses scoreboard to communicate between parent and child processes. Some institutions require a document to help communications. If this file is not specified, Apache first tries to create a complete scoreboard in the anonymous shared memory. If it fails, you will continue to try to use file-based shared storage to create this file on the disk. If you use this command to specify the location of the file, Apache will always create the file on the disk.
Placing ScoreBoardFile in ram disk can greatly improve the access speed. However, pay attention to the placement location and permissions.

ServerRoot command
Syntax: ServerRoot directory-path
This command is used to set the directory where the Apache server is located. It generally contains sub-directories such as conf/and logs. The relative paths of other configuration files are generally based on this directory.
For example:
ServerRoot "/usr/local/httpd /"

Global configuration of Apache server-Resource Restriction Configuration

Resource Restriction commands:
LimitRequestBody
LimitRequestFields
LimitRequestFieldsize
LimitRequestLine
RLimitCPU
RLimitMEM
RLimitNPROC
ThreadStackSize

The LimitRequest * series commands are used to limit the number of resources that Apache uses to read client requests. By limiting these values, some DOS attacks can be mitigated.
The RLimit * series commands are used to limit the number of resources used by processes derived from Apache subprocesses. Generally, these commands are used to control the resources used by CGI scripts and SSI exec commands.
The ThreadStackSize command is used to control the stack size on some platforms.

LimitRequestBody command

Syntax: LimitRequestBody bytes
Default Value: LimitRequestBody 0
This command is used to set the maximum number of bytes of the HTTP request sent by the client. The LimitRequestBody command can act on the entire server, a specific directory, a specific file, and a specific location. If the request of the client exceeds the value set by LimitRequestBody, the server returns an error message to the client instead of processing the request.
Bytes ranges from 0 (unlimited) to 2147483647 (2 GB.
For example, you allow the client to upload a file to a certain location, and want to limit the size of the uploaded file to 500 kb,
LimitRequestBody 512000

LimitRequestFields command

Syntax: LimitRequestFields number
Default Value: LimitRequestFields 100
This command is used to set the number of HTTP request header fields requested by the client to the server. Generally, the number of request header fields of a client is rarely greater than 20, but the number of different clients varies greatly. This often depends on the user's configuration of their browser extensions to support more detailed content negotiation. Optional HTTP extensions are often implemented using request header fields.
Number is an integer between 0 (unlimited) and 32767. The default value is the constant DEFAULT_LIMIT_REQUEST_FIELDS during compilation (the release value is 100 ).

LimitRequestFieldsize command

Syntax: LimitRequestFieldsize bytes
Default Value: LimitRequestFieldsize 8190
This command is used to set the maximum number of bytes of the HTTP request header sent by the client. In general, the server needs this value to be large enough to accommodate the size of the header domain of any request of common customers. The size of the header field is generally closely related to the content protocol supported by the browser.
In general, do not change this value. Use the default value.

LimitRequestLine command

Syntax: LimitRequestLine bytes
Default Value: LimitRequestLine 8190
This command is used to set the maximum number of bytes of the HTTP request line sent by the client. The request line includes the HTTP method, URL, and Protocol version. Therefore, the LimitRequestLine command can limit the URL length. The server needs this value to be large enough to load all its resource names, including all the information that may be passed in the query in the GET request.
In general, do not change this value. Use the default value.

RLimitCPU commands

Syntax: RLimitCPU seconds | max [seconds | max]
Default Value: Undefined. Use the default value of the operating system.
This command is used to set the maximum number of seconds that a process derived from an Apache sub-process occupies the CPU.
One or two parameters can be set here. The first parameter sets the soft resource limit for all processes, and the second parameter sets the maximum resource limit. Both parameters can be set to a value or "max" (indicating the maximum value allowed by the operating system ). To increase the maximum resource limit, you need to run the server as root or set it in the initialization startup statement.
This command only applies to processes derived from Apache sub-processes, rather than Apache sub-processes. This range includes CGI scripts and SSI command execution, excluding all processes derived from the Apache parent process. For example, pipeline logs.
CPU resource limit indicates the number of seconds that each process occupies.

RLimitMEM command

Syntax: RLimitMEM bytes | max [bytes | max]
Default Value: Undefined. Use the default value of the operating system.
This command is used to set the maximum number of bytes of memory occupied by processes derived from Apache subprocesses.
One or two parameters can be set here. The first parameter sets the soft resource limit for all processes, and the second parameter sets the maximum resource limit. Both parameters can be set to a value or "max" (indicating the maximum value allowed by the operating system ). To increase the maximum resource limit, you need to run the server as root or set it in the initialization startup statement.
This command only applies to processes derived from Apache sub-processes, rather than Apache sub-processes. This range includes CGI scripts and SSI command execution, excluding all processes derived from the Apache parent process. For example, pipeline logs.
Memory resource limit indicates the number of bytes occupied by each process.

RLimitNPROC command

Syntax: RLimitNPROC number | max [number | max]
Default Value: Undefined. Use the default value of the operating system.
This command is used to set the number of processes derived from Apache sub-processes.
One or two parameters can be set here. The first parameter sets the soft resource limit for all processes, and the second parameter sets the maximum resource limit. Both parameters can be set to a value or "max" (indicating the maximum value allowed by the operating system ). To increase the maximum resource limit, you need to run the server as root or set it in the initialization startup statement.
This command only applies to processes derived from Apache sub-processes, rather than Apache sub-processes. This range includes CGI scripts and SSI command execution, excluding all processes derived from the Apache parent process. For example, pipeline logs.
Process restrictions control the number of processes for each user.

ThreadStackSize command

Syntax: ThreadStackSize size
Default Value: 65536 for NetWare and for other platforms
This command is used to set the maximum stack size (in bytes) that can be used by threads that process client connections (including call modules for assistance ).
In most cases, the default stack size of the operating system is reasonable. However, in some cases, you need to adjust this value:
On platforms with smaller default stack sizes (such as HP-UX), Apache may crash when using third-party modules that require larger stack sizes. This problem can be solved by setting ThreadStackSize to a large value. This adjustment should only be required when the third-party module provider explicitly requires it, or you confirm through diagnosis that the stack space is too small to cause a crash.
On Some platforms, if the default stack space is greater than the space required for running the server, reducing the ThreadStackSize value to a value smaller than the default operating system can increase the maximum number of threads allowed to be generated in each process. This type of adjustment should be used only in the test environment, and all server processes should be fully tested, because processing some rare requests requires a large stack space. A small server configuration change may make the current ThreadStackSize setting inappropriate.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.