First, the common configuration
1, modify the listening IP and port
Listen[ip:]port omitting IP means listening to all the IP of this machine; Listen can occur repeatedly;
2. Persistent connection
Persistentconnection:
Connection is established, each resource gets completed and does not disconnect, but continues to wait for other requests to complete;
How to disconnect?
Quantity Limit: 100
Time limit: Configurable
Side effects: For servers with a large number of concurrent accesses, the persistent Connect feature uses some requests that are not responding;
Tradeoff: Use shorter persistent connection times;
httpd-2.4 supports millisecond-level persistence time;
Non-persistent connections
KeepAlive {on| OFF} #默认为关闭
Maxkeepaliverequests #
KeepAliveTimeout #
Test:
Telnethostport
get/urlhttp/1.1
Host:hostnameorip
3. MPM Parameters
Multipathprocessmodule: Multi-channel processing module
Prefork,worker,event
<IfModule prefork.c>StartServers 8 #服务启动时启动的子进程数MinSpareServers 5 #最少空闲子进程数MaxSpareServers 20ServerLimit 256 #同时启动的子进程数上限MaxClients 256 #同时服务的客户端数上限 (maximum number of supported concurrency) Maxrequestsperchild 4000 #每个子进程在其生命周期内处理的请求数上限 </IfModule><IfModule worker.c> startservers 4 #服务启动时启动的子进程数MaxClients 300MinSpareThreads 25maxsparethreads 75threadsperchild 25 #每个子进程可启动的线程数MaxRequestsPerChild 0 #每个子进程可处理的请求数, 0 means unlimited </ Ifmodule>
4. DSO
Configuration instruction Implementation module loading LoadModule <mod_name> <mod_path> #要卸载某个模块直接将其注释掉即可, no need to reread the configuration file can be effective immediately The module path shows the module of the DSO dynamic loading in terms of the path relative to ServerRoot: # httpd-d dump_modulesloaded modules:core_module (Static) Mpm_prefork_module ( Static) Http_module (static) So_module (Static) Auth_basic_module (shared) auth_digest_module (shared) Authn_file_ Module (shared) authn_alias_module (shared) ... # httpd-lcompiled in modules:core.c prefork.c http_core.c mod_so.c# H ttpd.worker-lcompiled in modules:core.c worker.c http_core.c mod_so.c
5. Define the document page path for ' Main ' server
DocumentRoot "/path/to/somefile" Document path mapping: DocumentRoot points to the starting location of the URL path; documentroot "/var/www/html" #默认为这个位置test/ Index.html-->http://host:port/test/index.html
6. Site access Control
You can specify which resources to access control based on two types of paths
File system path: <directory "/path/to/somewhere" >...</direcotry><file [~] "/path/to/somewhere" >...</ File> access control based on URL access path: <location "" >...</Location> #另外, Path can do pattern matching, but if not forced to use # If you can use Diretoory control, You can also use location control, it is recommended that you use directory
7. Implementing access control based on source address in directory
(1) Options all available Features:indexes,includes,followsymlinks,symlinksifownermatch execcgi,multiviews,none,allindexes: index; Renders all resources as a list to the user when there is no default main page and no welcome page. danger, use caution; adding a minus sign before the option is disabled. such as-indexesfollowsymlinks: Allow trace symbol link file;# vim /etc/httpd/conf/httpd.conf<directory "/www/html" > Options Indexes FollowSymLinks #默认是开启的 allowoverride none order allow,deny allow from all</Directory> (2) allowoverride support is created under each page directory. htaccess is used to implement access control functions for resource access in this directory;. htaccess files Affect httpd performance (3) IP-based access control mechanism order: Check Order Order allow,deny Allow form 192.168.10.0/24 form address format to accept after: &NBSP;&NBSP;&NBSP;&NBSP;&Nbsp; ip,network address Network address format is more flexible: 172.16 172.16.0.0 172.16.0.0/16 172.16.0.0/255.255.0.0
8. Define default Main Page
Direcotryindex index.htm Lindex.html.var
9. Log Settings
Errorlog "/path/to/error_log" #错误日志, path is a path relative to ServerRoot loglevel {Debug|info|notice|warn|error|crit|alert|emerg} Information at the specified level and higher than it will be logged Logformat format name%h: Client address%l: Telnet name, usually-%u: Enter the user name at authentication, no authentication at-%t: The time when the server receives a user request%r: The beginning of the request for registration Line%>s: Response status Code%b: the length of the response message, in bytes%{header_name}i: Record the value corresponding to the specified header such as Logformat "%h%l%u%t \"%r\ "%>s%b \"%{referer}i\ " \ "%{user-agent}i\" "Combined #格式中若要使用引号则要使用反斜线转义 Customlog"/path/to/access_log "Logformat_name
10. Path aliases
The mapping of URL paths is implemented so that the resources accessed are no longer dependent on the site root directory.
alias/url/"/path/to/somewhere/"
For example alias/images/"/www/tupian/" #后面映射的路径是绝对路径, rather than the path relative to the site root, if there is a images directory under the site root directory (for example,/var/www/html), then you will not be able to access/ Resource in Var/www/html/images because images has been requisitioned by alias
# mkdir test hello# cat test/a.html aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa# Cat hello/b.html bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb# vim /etc/httpd/conf/httpd.confalias /test/ "/www/html/hello/" # service httpd restart stop httpd: [OK] starting httpd: [ Determine]# curl http://localhost/test/a.html<! doctype html public "-//ietf//dtd html 2.0//en" ><Html>11. Set the default character set
Adddefaultcharset UTF-8 Character Set: gbk,gb2312,gb18030
12. User-based access control
User authentication type: Basic, clear text Send Digest authentication: Digest Virtual User: A storage mechanism that is used only to access a service or obtain a credential; the account and password of a resource: text files:. htpasswd sql database dbm: Database engine, providing api &NBSP;&NBSP;&NBSP;LDAP: Case: File-based access control (1) User-based authentication <Directory /> Options none allowoverride authconfig authtype basic AuthName "Admin area" authbasicprovider file authuserfile /etc/httpd/ conf/.htpasswd require valid-user </directory> # require valid-user: All users in the file have access to # require user useRname,... Designated user access (2) Provide certification files htpasswd [option] passwdfile username options: -c: Create a passwdfile, and if passwdfile already exists, it will re-write and delete the original content &NBSP;&NBSP;&NBSP;-M: Store user's password information -s:sha1 encrypted user password in MD5 format; -d: Delete specified user (3) Group-based authentication <Directory /> options none allowoverride authconfig AuthType Basic authname "Admin area" authbasicprovider file AuthUserFile /etc/httpd/conf/.htpasswd AuthGroupFile /etc/httpd/conf/.htgroup require group group_name </directory> group file (. htgroup) format Group name: User1 user2 user3 for example:# cd /var/www/html# mkdir admin# cat admin/admin.html the user is admin. # vim /etc/httpd/conf/ httpd.conf <directory "/var/www/html/admin" > options none allowoverride authconfig authtype basic AuthName "Admin area" authbasicprovider file AuthUserFile /etc/httpd/conf/.htpasswd Require valid-user </directory># htpasswd -c -m /etc/httpd/conf/. htpasswd bjwf #创建第一个用户时必须创建文件New password: re-type new password: adding password for user bjwf# htpasswd -m /etc/httpd/conf/.htpasswd tom #创建第二个用户New password: Re-type new password: adding password for user tom# service httpd restart
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/83/20/wKioL1drfLaDwY0TAAHXYveHrkE610.png "title=" 1.png " alt= "Wkiol1drfladwy0taahxyvehrke610.png"/>
13. Virtual Host
There are three implementations: IP-based: Prepare at least one IP address for each virtual host; port: Prepare at least one dedicated port for each virtual host; rarely used in practice; Based on hostname: Prepare at least one dedicated hostname for each virtual host; can be mixed using any of the above three ways; Note: The general virtual host is not mixed with the central host, so to use the virtual host, first disable the central host Disable Central host: note documentroot each virtual host has a dedicated configuration: <virtualhost "Ip:port" >severnamedocumentroot "" </VirtualHost> Serveralias: Alias of the virtual host; Errorlogcustomlog<directory "" ></Directory> Example 1: ip < based virtualhost172.16.100.6:80> servername web1.magedu.com DocumentRoot "/vhosts/web1/htdocs" </virtualhost> <virtualhost172.16.100.7:80 > ServerName web2.magedu.com DocumentRoot "/vhosts/ Web2/htdocs " </VirtualHost> Example 2: port <virtualhost172.16.100.7:80> based servernameweb2.magedu.com documentroot "/vhosts/web2/htdocs" </virtualhost> <virtualhost 172.16.100.7:8080> servername web3.magedu.com documentroot " /vhosts/web3/htdocs " </VirtualHost> Example 3: hostname <virtualhost based 172.16.100.6:80> servername web1.magedu.com documentroot "/vhosts/web1/htdocs" </virtualhost> <virtualhost 172.16.100.6:80 > ServerName web2.magedu.com DocumentRoot "/vhosts/ Web2/htdocs " </VirtualHost> <VirtualHost 172.16.100.6:80> ServerName web3.magedu.com DocumentRoot "/vhosts/web3/htdocs" </VirtualHost>
Example:
# mkdir/var/www/html/{a.com,b.net,c.org}-pvmkdir: Created directory "/var/www/html/a.com" mkdir: Directory "/var/www/html/b.net" created mkdir: Created directory "/var/www/html/c.org" # echo a.com >/var/www/html/a.com/index.html# echo b.net >/var/www/html/b.net/ index.html# echo c.org >/var/www/html/c.org/index.html
14. Built-in Status page
<Location/server-status>
Sethandlerserver-status
Orderdeny,allow
Denyfromall
Allowfrom172.16
</Location>
Implementation: Access control based on account
This article is from the "Ask Heaven" blog, please make sure to keep this source http://79076431.blog.51cto.com/8977042/1792118
HTTPD Basic Configuration