How to configure and manage apache servers in CentOS (Linux)

Source: Internet
Author: User
Tags apache log

I. WEB server and Apache
1. web servers and URLs
2. Apache history
3. Supplement
Http://www.netcraft.com/market share of apacheserver
At the same time, it must be noted that ngnix is in a period of strong growth, and it is a great feeling of competing with apache in the world. It is really awesome ~~~
Ii. Apache server management commands
1. Command start: service httpd start/stop/restart/reload/condrestart/status/configtest/graceful/help
2. start the Script:/etc/init. d/httpd start/stop /.....
3. Set To Enable Automatic startup: ntsysv + Space key
Iii. Apache server directories and files
1. WEB Site Directory
/Var/www Apache site file directory
/Var/www/html store WEB files of the WEB site
/Var/www/cgi-bin CGI program file
/Var/www/html/manual Apache WEB Server manual

2. Configuration File
. Htaccess is a directory-based configuration file. The. htaccess file contains access control commands for files in its directory.
/Etc/httpd/conf/httpd. conf directory of the Apache WEB Server Configuration File

3. Start the script
/Etc/rc. d/init. d/httpd WEB server daemon Startup Script
/Etc/rc. d/rc3.d/S85httpd connect the Run-level directory (/etc/rc3.d) to the startup script in the/etc/rc. d/init. d directory.

4. Application Files
/Usr/sbin: location where Apache WEB server program files and applications are stored
/Usr/doc/put Apache WEB server document
/Var/log/http: location where Apache log files are stored
4. More commands
1. View Apache installation information: apachectl-C
2. Check the Apache Configuration File Syntax: apachectl-t
3. view the Apache compilation configuration parameters: apachectl-V
4. view the Apache compilation module: apachectl-l
5. httpd. conf configuration file
(1) Basic Configuration
The httpd. conf file contains the following three parts:
1. Global Environment Settings: the part that controls the behavior of the entire Apache server (that is, the global environment variable)
2. master server configuration: defines commands for the main or default service parameters, and provides default setting parameters for all virtual hosts.
3. VM settings: VM setting parameters
"\" Cannot be used for writing a line. Except for the parameter values of the options, all option commands are case-insensitive and "#" indicates comments.
Now, let's learn the specific settings in httpd. conf:
1. Set the path relative to the root directory
The relative root directory is usually the place where Apache stores configuration files and log files. Normally, the relative root directory is "/etc/httpd", which generally contains the conf and logs subdirectories, in this case, you can use the "ServerRoot"/etc/httpd "format.
2. Set the IP address and port number of the Apache listener
By default, Apache listens to client requests on TCP port 80 of all available IP addresses on the local machine. You can use the Listen statement to Listen to requests at a specified address and port. For example, if you set the server to only Listen to port 80 of 192.168.0.94, you can set Listen 192.168.0.94: 80 in httpd. conf. If you want to change the port number to 8080, you can also use settings such as "Listen 192.168.0.94: 8080". However, when accessing a website through a Web browser, you must add the corresponding port number after the domain name address, for example, enter "http: // 192.168.0.94: 8080" for access. Note: the IP address of my virtual machine Linux is 192.168.0.94, And the IP address of windows is 192.168.0.225.
3. Set the network administrator's email address
When an error occurs when the client computer accesses the server, the server usually returns an error prompt page to the client computer. To facilitate the resolution of the error, the webpage usually contains an administrator email address, in this case, you can use the ServerAdmin statement to set the Administrator's email address, such as "ServerAdmin xinyuan365@sohu.com ".
4. Set the server host name
To help Apache identify the server information, you can use the ServerName statement to set the server host name. In the ServerName statement, if the server has a domain name, enter the Domain Name of the server; if there is no domain name, enter the IP address of the server. For example, "ServerName 192.168.0.94: 80 ".
5. Set the path of the Home Directory
The default path of the Apache server home directory is "/var/www/html". You can place the webpage to be published in this directory, you can also change the path of the home directory to another directory for user management and use. For example, if you want to set the Apache server's main directory path to "/home/lk/www", you can modify it in the httpd. conf file: DocumentRoot "/home/www ".
6. Set the default document
The default document is the Web page displayed by entering the IP address or domain name of the Web site in the Web browser, that is, the home page. The default document of apacheis index.html. The default document is defined by the DirectoryIndex statement. For example, in httpd. conf, you can use "DirectoryIndex index.html. var" to change the default document name of the DirectoryIndex statement to another file.
If multiple file names exist, each file name must be separated by a space. Apache searches for the specified file name in the DirectoryIndex statement in sequence based on the file name. If 1st are found, 1st are called. Otherwise, 2nd are searched and called, and so on. For example, if the "indexes index.htm" and "index. php" files are used as the default documents, you can change the httpd. conf file to "DirectoryIndex index.html index.htm index. php index.html. var ".
7. Set log files
Log files are very important for users to find system faults or analyze the running status of Web servers. At this time, there are two important settings.
(1) Error Log. The error log records errors that occur during Apache startup and runtime. When an Apache error occurs, check the log file first. Generally, the file name of the error log is error_log. You can set the location and file name of the error log file through the ErrorLog parameter. For example, "ErrorLog logs/erroe_log ". If the log file storage path does not start with "/", it indicates that the path is relative to the ServerRoot directory.
(2) access logs. The access log records all the access information of the client computer. By analyzing the access log, you can know when the client accesses the files on the website. Generally, the access log file name is access_log. You can set the location and file name of the access log file through the CustomLog parameter, for example, "CustomLog logs/access_log combined ".
In this access log settings, combined indicates the log format. You can use common or combined in this location. Among them, common refers to the common standard format widely used by Web servers, which can be recognized by many log analysis programs; combined refers to the combination of record formats, compared with common, the format of combined is basically the same, but only the reference page and browser recognition information are added.
8. Set the default Character Set
The adddefacharcharset option sets the default character set that the server returns to the client computer. Because the default Character Set of the Apache server is Western Europe (UTF-8), garbled characters occur when the client accesses the Chinese web page of the server. The solution is to change the statement "AddDefaultCharset UTF-8" to "adddefadefacharset GB2312", and then restart the Apache server, the Chinese web page can be displayed normally.
(2) Configure Directory Permissions
1. Define directory features
For each directory accessed by Apache, related services and features can be set to allow or (and) Not. (Also affect its subdirectories)
First, set the "default" address to only have the most basic permissions:Copy codeThe Code is as follows: <Directory/>
Options FollowSymLinks
AllowOverride None
</Directory>

Note that special permissions must be enabled from now on, so that no unexpected results will be generated. Please confirm carefully.
For example:Copy codeThe Code is as follows: <Directory "D:/www_root">
#
# This value is "None", "All", or a combination of the following: "Indexes ",
# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews ".
# Note that "MultiViews" must explicitly specify that --- "Options All" does not include this feature.
#
Options Indexes FollowSymLinks MultiViews
#
# This option controls which. htaccess files in the directory can be overwritten.
# Allowed values: "All" or a combination of the following items: "Options", "FileInfo ",
# "AuthConfig", "Limit"
#
AllowOverride None
#
# Control which users can obtain information from this server.
#
Order allow, deny
Allow from all
</Directory>

Note:
Allow and deny can be used in apache conf Files or. htaccess Files (with Directory, Location, Files, etc.) to control access authorization for directories and Files.
Therefore, the most common ones are:
Order Deny, Allow from All note that there is only one comma in the middle of "Deny, Allow", and there can only be one comma. Errors will occur if there are spaces. Words are case-insensitive. The meaning of the above setting is to first set "Check prohibition settings first, not all permitted", and the second sentence does not contain Deny, that is, no access prohibition settings, allow all access. This is mainly used to ensure or overwrite the settings of the upper-level directory and open access to all content.
According to the above explanation, the following settings prohibit access unconditionally:
Order Allow, Deny from All:
Order Deny, Allow Deny from ip1 ip2 or
Order Allow, Deny Allow from all Deny from ip1 ip2apache determines which rule will be used according to order. For example, in the second method above, although allow permits access, however, since allow in order is not the final rule, you still need to check whether there is any deny rule. Therefore, in the third sentence, access that complies with ip1 and ip2 is forbidden. Note that the "last" rule determined by order is very important. The following are two examples of errors and the correct method:
Order Deny, Allow from all Deny from domain.org error: If you want to disable access from domain.org, but deny is not the final rule, apache has successfully matched the second sentence when processing allow, I won't go to the third sentence at all.
Solution: Order Allow, Deny. You can leave the last two sentences unchanged.
Order Allow, Deny Allow from ip1 Deny from all error: to only allow access from ip1, however, although the Allow rule is set in the second sentence, because the deny in order is after, therefore, the third deny clause prevails, and the third clause obviously contains ip1 (all include ip1). Therefore, all accesses are forbidden.
Solution 1: remove the third sentence directly.
Solution 2:
Order Deny, Allow Deny from all Allow from ip1 conclusion: the rule is order deny. allow indicates that the priority of deny is low while that of allow is high. order allow and deny indicate that the priority of allow is high while that of deny is high.
(3) create a virtual directory. If our website is created in another directory, such as/opt/www/lk, is it not accessible in the home directory/var/www/html? Of course not. You can use virtual directories to allow users to access files in other directories. A virtual directory is a directory other than the Apache main directory. Generally, we create an alias for the virtual directory to allow web access. In this way, security is implemented. Second, access is simple, and you only need to enter a simple alias instead of a long real directory address. Third, you can easily move the site directory, as long as the virtual directory name remains unchanged, changing the actual storage location will not affect web access. We use the Alias option to create a virtual directory, for example, Alias/bbs/"/opt/www/lk/" <Directory "/opt/www/lk/"> Options Indexes MultiViews AllowOverride None Order allow, deny Allow from all </Directory>
(4) user authentication is an extremely important part of network security. users who want to access a specified website can enter their usernames and passwords to log on, it serves as a natural security barrier. Apache Security authentication is also very common in actual use. Now we can use an example to demonstrate how to implement user authentication on the Apache server. We operate on the above virtual directory: alias/bbs/"/opt/www/lk/" <Directory "/opt/www/lk/"> Options Indexes MultiViews AllowOverride None Order allow, deny Allow from all AuthType: basic AuthName "welcome go home:" AuthUserFile/etc/httpd/authpwd Require user laoda laoer </Directory> Description: AuthType: defines the type of user authentication, commonly used is the Basic provided by mod_auth; AuthName: prompt text displayed in the input username and password box in the Web browser; AuthUserFile: defines the path of the password file htpasswd; Require user: defines the user name list, name Separate words with spaces. Then, create the authpwd file to save the password, touch/etc/httpd/authpwd, and then write the user name and password into the file (Note: Use the-c parameter when creating the user for the first time, if the second user is created, it does not need to be written. Otherwise, it will overwrite the previous user.): [root @ localhost http] # htpasswd-c/etc/httpd/authpwd laoda New password: re-type new password: Add password for user laoda [root @ localhost http] # htpasswd/etc/httpd/authpwd laoer New password: Re-type new password: add password for user laoer now serves httpd restart, and then uses a browser to access the linux IP address.
(5) to save costs and improve server utilization efficiency, we can create multiple "hosts" on one machine ". Each host can provide external WEB services. In the outside world, it seems to be different websites, but for servers, it actually seems to be different websites, in fact, they are all different virtual hosts running on the same host. How to configure a virtual host? Apache's Vm is very powerful and easy to configure. It can be divided into IP address-based and domain name-based virtual hosts. Configure an IP-based VM first. There are also two options. How many available IP addresses do you have? If you have purchased a lot of IP addresses, you can assign different IP addresses to each VM to use the same port. In this era of IP shortage, if you buy only one IP address, you can add different ports to one IP address, allow different ports to access different virtual hosts. 1. The IP address is the same, but the port number is different: Currently, there is only one IP address on my CentOS: 192.168.0.94. I want to configure two websites using ports 8080 and 8081 respectively and edit httpd. conf: Listen 8080 Listen 8081 <VirtualHost 192.168.0.94: 8080> DocumentRoot/var/www/web1DirectoryIndex index.html index.htm HostNameLookups off </VirtualHost> <VirtualHost 192.168.0.94: 8081> DocumentRoot/var/www/web2DirectoryIndex index.html index.htm HostNameLookups off </VirtualHost> restart the service.
2. The port number is the same, but the IP address is different. Assume that one is 94 and the other is 95:Copy codeThe Code is as follows: <VirtualHost 192.168.0.94>
ServerName 192.168.0.94: 80
DocumentRoot/var/www/web1
DirectoryIndex index.html index.htm
</VirtualHost>
<VirtualHost 192.168.0.95>
ServerName 192.168.0.95: 80
DocumentRoot/var/www/web2
DirectoryIndex index.html index.htm
</VirtualHost>

If the local machine only has one Nic, You have to bind multiple IP addresses to this NIC:

Ifconfig eth0: 1 192.168.0.95

3. Domain Name-based VM
NameVirtualHost 192.168.0.94:Copy codeThe Code is as follows: <VirtualHost www.web1.com>
ServerName www.web1.com: 80
DocumentRoot/var/www/web1
DirectoryIndex index.html index.htm
</VirtualHost>
<VirtualHost www.web2.com>
ServerName www.web2.com: 80
DocumentRoot/var/www/web2
DirectoryIndex index.html index.htm
</VirtualHost>

Then, add the/etc/hosts file in linux or the C: \ WINNT \ system32 \ drivers \ etc \ hosts file in windows.
192.168.0.94 www.web1.com
192.168.0.94 www.web2.com

Please note that restart is required after the virtual machine configuration changes.
(6) add PHP support
In this case, APACHE only supports static files ending with HTML or HTM. To support PHP, you must perform the following operations:
# Rpm-qa | grep php: Check whether the PHP program has been installed on the local machine. If not, enter the CENTOS directory in the CD and open the terminal in the blank space of the directory:
# Rpm-ivh php-common-5.1.6-20.el5.i386.rpm
# Rpm-ivh php-cli-5.1.6-20.el5.i386.rpm
# Rpm-ivh php-5.1.6-20.el5.i386.rpm
Create an OK. php script in the/var/www/html directory and write the following content:
Enter "http: // web server IP Address/OK. php" in the browser to check whether the request is successful.
For historical reasons, some programs end with. php3 or. php4. We need to modify the php configuration file to open/etc/httpd/conf. d/php. conf.
Modify "# AddType application/x-httpd-php-source. php "is" AddType application/x-httpd-php-source. php. php3. php4 ", remove #, in. there are spaces before php3/4

Exercise 1:
Create a Web server on CentOS and set "/opt/release". The content in <body> is "write your own name ". Create apache user authentication, add two users user1 (password 123456) and user2 (password 654321), and then access "ip/exam /: 8080 "to see the page showing your name.
Exercise 2:
Configure the VM. Think about how to configure a virtual host with four websites running on it: 192.168.0.101 running web1, 192.168.0.102 running web2, 192.168.0.100 running www. CBA .com and www.nba.com.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.