HTTPD Basic Configuration

First, the common configuration

1, modify the listening IP and port

Listen[ip:]port omitting IP means listening to all the IP of this machine; Listen can occur repeatedly;

2. Persistent connection

Persistentconnection:

Connection is established, each resource gets completed and does not disconnect, but continues to wait for other requests to complete;

How to disconnect?

Quantity Limit: 100

Time limit: Configurable

Side effects: For servers with a large number of concurrent accesses, the persistent Connect feature uses some requests that are not responding;

Tradeoff: Use shorter persistent connection times;

httpd-2.4 supports millisecond-level persistence time;

Non-persistent connections

KeepAlive {on| OFF} #默认为关闭

Maxkeepaliverequests #

KeepAliveTimeout #

Test:

Telnethostport

get/urlhttp/1.1

Host:hostnameorip

3. MPM Parameters

Multipathprocessmodule: Multi-channel processing module

Prefork,worker,event

<IfModule prefork.c>StartServers       8     #服务启动时启动的子进程数MinSpareServers     5     #最少空闲子进程数MaxSpareServers     20ServerLimit      256     #同时启动的子进程数上限MaxClients        256     #同时服务的客户端数上限 (maximum number of supported concurrency) Maxrequestsperchild   4000    #每个子进程在其生命周期内处理的请求数上限 </IfModule><IfModule worker.c> startservers         4    #服务启动时启动的子进程数MaxClients          300MinSpareThreads      25maxsparethreads     75threadsperchild     25      #每个子进程可启动的线程数MaxRequestsPerChild   0     #每个子进程可处理的请求数, 0 means unlimited </ Ifmodule>

4. DSO

Configuration instruction Implementation module loading LoadModule <mod_name> <mod_path> #要卸载某个模块直接将其注释掉即可, no need to reread the configuration file can be effective immediately The module path shows the module of the DSO dynamic loading in terms of the path relative to ServerRoot: # httpd-d dump_modulesloaded modules:core_module (Static) Mpm_prefork_module ( Static) Http_module (static) So_module (Static) Auth_basic_module (shared) auth_digest_module (shared) Authn_file_ Module (shared) authn_alias_module (shared) ... # httpd-lcompiled in modules:core.c prefork.c http_core.c mod_so.c# H ttpd.worker-lcompiled in modules:core.c worker.c http_core.c mod_so.c

5. Define the document page path for ' Main ' server

DocumentRoot "/path/to/somefile" Document path mapping: DocumentRoot points to the starting location of the URL path; documentroot "/var/www/html" #默认为这个位置test/ Index.html-->http://host:port/test/index.html

6. Site access Control

You can specify which resources to access control based on two types of paths

File system path: <directory "/path/to/somewhere" >...</direcotry><file [~] "/path/to/somewhere" >...</ File> access control based on URL access path: <location "" >...</Location> #另外, Path can do pattern matching, but if not forced to use # If you can use Diretoory control, You can also use location control, it is recommended that you use directory

7. Implementing access control based on source address in directory

(1) Options all available Features:indexes,includes,followsymlinks,symlinksifownermatch           execcgi,multiviews,none,allindexes: index; Renders all resources as a list to the user when there is no default main page and no welcome page.       danger, use caution; adding a minus sign before the option is disabled. such as-indexesfollowsymlinks: Allow trace symbol link file;# vim /etc/httpd/conf/httpd.conf<directory  "/www/html" >    Options Indexes FollowSymLinks    #默认是开启的      allowoverride none    order allow,deny    allow  from all</Directory> (2) allowoverride support is created under each page directory. htaccess is used to implement access control functions for resource access in this directory;. htaccess files Affect httpd performance (3) IP-based access control mechanism      order: Check Order         Order allow,deny         Allow form 192.168.10.0/24             form address format to accept after: &NBSP;&NBSP;&NBSP;&NBSP;&Nbsp;           ip,network address                  Network address format is more flexible:                      172.16                     172.16.0.0                     172.16.0.0/16                     172.16.0.0/255.255.0.0

8. Define default Main Page

Direcotryindex index.htm Lindex.html.var

9. Log Settings

Errorlog "/path/to/error_log" #错误日志, path is a path relative to ServerRoot loglevel {Debug|info|notice|warn|error|crit|alert|emerg} Information at the specified level and higher than it will be logged Logformat format name%h: Client address%l: Telnet name, usually-%u: Enter the user name at authentication, no authentication at-%t: The time when the server receives a user request%r: The beginning of the request for registration  Line%>s: Response status Code%b: the length of the response message, in bytes%{header_name}i: Record the value corresponding to the specified header such as Logformat "%h%l%u%t \"%r\ "%>s%b \"%{referer}i\ " \ "%{user-agent}i\" "Combined #格式中若要使用引号则要使用反斜线转义 Customlog"/path/to/access_log "Logformat_name

10. Path aliases

The mapping of URL paths is implemented so that the resources accessed are no longer dependent on the site root directory.

alias/url/"/path/to/somewhere/"

For example alias/images/"/www/tupian/" #后面映射的路径是绝对路径, rather than the path relative to the site root, if there is a images directory under the site root directory (for example,/var/www/html), then you will not be able to access/ Resource in Var/www/html/images because images has been requisitioned by alias

# mkdir test hello# cat test/a.html aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa#  Cat hello/b.html bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb# vim /etc/httpd/conf/httpd.confalias  /test/  "/www/html/hello/" # service httpd restart stop  httpd:                                                  [OK] starting  httpd:                                             [ Determine]# curl http://localhost/test/a.html<! doctype html public  "-//ietf//dtd html 2.0//en" ><Html>
11. Set the default character set
Adddefaultcharset UTF-8 Character Set: gbk,gb2312,gb18030
12. User-based access control
User authentication type:   Basic, clear text Send    Digest authentication: Digest Virtual User: A storage mechanism that is used only to access a service or obtain a credential;   the account and password of a resource:      text files:. htpasswd    sql database     dbm: Database engine, providing api  &NBSP;&NBSP;&NBSP;LDAP: Case: File-based access control (1) User-based authentication     <Directory />         Options none         allowoverride authconfig        authtype basic         AuthName  "Admin area"          authbasicprovider file        authuserfile /etc/httpd/ conf/.htpasswd        require valid-user     </directory>    # require valid-user: All users in the file have access to     #  require user useRname,...   Designated user access (2) Provide certification files     htpasswd [option] passwdfile username      options:     -c: Create a passwdfile, and if passwdfile already exists, it will re-write and delete the original content   &NBSP;&NBSP;&NBSP;-M: Store user's password information     -s:sha1 encrypted user password in MD5 format;     -d: Delete specified user (3) Group-based authentication     <Directory />         options none        allowoverride authconfig         AuthType Basic         authname  "Admin area"         authbasicprovider file         AuthUserFile /etc/httpd/conf/.htpasswd         AuthGroupFile /etc/httpd/conf/.htgroup         require group group_name    </directory>     group file (. htgroup) format       Group name: User1 user2 user3 for example:# cd /var/www/html# mkdir admin# cat  admin/admin.html  the user is admin.  # vim /etc/httpd/conf/ httpd.conf    <directory  "/var/www/html/admin" >    options  none    allowoverride authconfig    authtype basic     AuthName  "Admin area"     authbasicprovider file     AuthUserFile /etc/httpd/conf/.htpasswd    Require  valid-user    </directory># htpasswd -c -m /etc/httpd/conf/. htpasswd bjwf  #创建第一个用户时必须创建文件New  password: re-type new password: adding  password for user bjwf# htpasswd -m /etc/httpd/conf/.htpasswd tom    #创建第二个用户New  password:  Re-type new password: adding password for user tom# service httpd  restart
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/83/20/wKioL1drfLaDwY0TAAHXYveHrkE610.png "title=" 1.png " alt= "Wkiol1drfladwy0taahxyvehrke610.png"/>
13. Virtual Host
There are three implementations:   IP-based: Prepare at least one IP address for each virtual host;   port: Prepare at least one dedicated port for each virtual host; rarely used in practice;   Based on hostname: Prepare at least one dedicated hostname for each virtual host; can be mixed using any of the above three ways; Note: The general virtual host is not mixed with the central host, so to use the virtual host, first disable the central host Disable Central host: note documentroot each virtual host has a dedicated configuration: <virtualhost "Ip:port" >severnamedocumentroot "" </VirtualHost> Serveralias: Alias of the virtual host; Errorlogcustomlog<directory "" ></Directory> Example 1: ip  < based virtualhost172.16.100.6:80>    servername web1.magedu.com     DocumentRoot "/vhosts/web1/htdocs"   </virtualhost>  <virtualhost172.16.100.7:80 >    ServerName web2.magedu.com    DocumentRoot  "/vhosts/ Web2/htdocs "  </VirtualHost> Example 2: port  <virtualhost172.16.100.7:80>  based    servernameweb2.magedu.com    documentroot "/vhosts/web2/htdocs"    </virtualhost>  <virtualhost 172.16.100.7:8080>    servername web3.magedu.com    documentroot  " /vhosts/web3/htdocs "  </VirtualHost> Example 3: hostname  <virtualhost  based 172.16.100.6:80>    servername web1.magedu.com    documentroot   "/vhosts/web1/htdocs"   </virtualhost>  <virtualhost 172.16.100.6:80 >    ServerName web2.magedu.com    DocumentRoot  "/vhosts/ Web2/htdocs "  </VirtualHost>  <VirtualHost 172.16.100.6:80>     ServerName web3.magedu.com    DocumentRoot  "/vhosts/web3/htdocs"   </VirtualHost>
Example:
# mkdir/var/www/html/{a.com,b.net,c.org}-pvmkdir: Created directory "/var/www/html/a.com" mkdir: Directory "/var/www/html/b.net" created mkdir: Created directory "/var/www/html/c.org" # echo a.com >/var/www/html/a.com/index.html# echo b.net >/var/www/html/b.net/ index.html# echo c.org >/var/www/html/c.org/index.html


14. Built-in Status page
<Location/server-status>
Sethandlerserver-status
Orderdeny,allow
Denyfromall
Allowfrom172.16
</Location>

Implementation: Access control based on account

This article is from the "Ask Heaven" blog, please make sure to keep this source http://79076431.blog.51cto.com/8977042/1792118
HTTPD Basic Configuration