Apache Service Optimization
1 Configuring Apache Log Polling
Apache's own log polling tool is also available, but the teacher test will drop the log, so use Cronolog to configure the log polling Tar zxf cronolog-1.6.2.tar.gz CD cronolog-1.6.2 ./configure Make Make install <virtualhost *:80> ServerAdmin [email protected] DocumentRoot "/var/html/www" ServerName www.etiantian.com Serveralias etiantian.com Errorlog "Logs/www.etiantiancom-error_log" # customlog "Logs/www.etiantiancom-access_log" common Customlog "|/usr/local/sbin/cronolog/application/apache/logs/access_www_%w.log" combined #注意这里要写全路径,%w indicates weekly polling </VirtualHost> |
2 Error page Elegant display
[[email protected] bin]# grep "ErrorDocument 404"/application/apache/conf/httpd.conf #ErrorDocument 404/missing.html #ErrorDocument 404 "/cgi-bin/missing_handler.pl" #可以指定404错误提示的页面 can be either a URL or a script or a file |
3 Mod_deflate file Compression function
3.1 Mod_deflate Module Introduction
The Mod_deflate module provides a deflate output filter that allows the server to compress the output before it is sent to the client, improving the user experience.
3.2 Mod_deflate Installation Check
(1) If you have installed mod_deflate when compiling the installation httpd, the command is:
[Email protected] ~]#/application/apache/bin/apachectl-l |grep mod_deflate Mod_deflate.c |
(2) If the DSO is compiled (--enable-so to open the DSO compilation mode), then the View method is:
[Email protected] ~]# ls/application/apache/modules/|grep mod_deflate Mod_deflate.so [[email protected] ~]# grep mod_deflate.so/application/apache/conf/httpd.conf LoadModule Deflate_module modules/mod_deflate.so [Email protected] ~]#/application/apache/bin/apachectl-m |grep deflate Deflate_module (dynamic) #static是表示在编译的时候就已经安装了 Syntax OK |
Special Note: The above two situations can not exist at the same time, otherwise there will be conflicts
3.3 Mod_deflate Installation
Cd/root/tools/httpd-2.2.25/modules/filters /application/apache/bin/apxs-c-a-i mod_deflate.c Ll/application/apache/modules/mod_deflate.so #如果提示冲突, comment out the LoadModule deflate_module modules/mod_deflate.so command in the/application/apache/conf/httpd.conf file. |
3.4 Mod_deflate Application
<ifmodule mod_deflate.c> Deflatecompressionlevel 9 Setoutputfilter DEFLATE Deflatefilternote Input instream Deflatefilternote Output OutStream Deflatefilternote Ratio Ratio #Logformat ' "%r"%{outstream}n/%{instream}n (%{ratio}n%%) ' deflate #CustomLog Logs/deflate_log.log Deflate </ifmodule> #把以上这段代码嵌入到/application/apache/conf/extra/httpd-vhosts.conf/var/html/www Configuration content (can also be configured in the Global directory) <virtualhost *:80> ServerAdmin [email protected] DocumentRoot "/var/html/www" ServerName www.etiantian.com Serveralias etiantian.com Errorlog "Logs/www.etiantiancom-error_log" Customlog "Logs/www.etiantiancom-access_log" common <ifmodule mod_deflate.c> Deflatecompressionlevel 9 Setoutputfilter DEFLATE Deflatefilternote Input instream Deflatefilternote Output OutStream Deflatefilternote Ratio Ratio #Logformat ' "%r"%{outstream}n/%{instream}n (%{ratio}n%%) ' deflate #CustomLog Logs/deflate_log.log Deflate </ifmodule> </VirtualHost> Test: The teacher's test_deflate.tar.gz compression package uploaded to/var/html/www, and then decompression, do not need to do any movement. Open the Firefox Developer Edition, Access 192.168.1.4/test/deflate.html, open Firebug, and see the test results in YSlow. |
4 Mod_expires Cache function
Expire is actually a header message that specifies the cache time of a particular type of file in the browser. Most of the pictures, flash after the release is not necessary to change frequently, after doing the cache after such a browser will not need to download these files from the server, but directly from the cache read, so that the speed of access to the page will be greatly accelerated.
Add the following configuration under the Mod_deflate module configuration: Expiresactive on ExpiresDefault "Access plus month" Expiresbytype text/html "Access plus months" Expiresbytype text/css "Access plus months" Expiresbytype image/gif "Access plus months" Expiresbytype image/jpeg "Access plus12 months" Expiresbytype image/jpg "Access plus months" Expiresbytype image/png "Access plus months" Expiresbytype Application/x-shockwave-flash "Access plus months" Expiresbytype application/x-javascript "Access plus months" Expiresbytype video/x-flv "Access plus months" [Email protected] www]# curl-i 192.168.1.4/01.jpg http/1.1 OK Date:sun, 03:51:45 GMT server:apache/2.2.25 (Unix) DAV/2 php/5.3.10 Last-modified:sun, 12:20:20 GMT ETag: "40904-486f3-4947587f66900" Accept-ranges:bytes content-length:296691 cache-control:max-age=31104000 expires:wed, 03:51:45 GMT Vary:accept-encoding Content-type:image/jpeg |
5 changing Apache Default User
Create a user such as Apache (preferably a infrequently used name) for child processes and child threads.
Useradd-m-s/sbin/nologin Apache Vi/application/apache/conf/httpd.conf User Apache Group Apache |
6 worker mode increase concurrent number
7 masking sensitive information such as Apache version
(1) Modify the httpd.conf file to open the Httpd-default.conf module (2) Modify the httpd-default.conf file, serversignature off and servertokens prod after apachectl graceful make the settings effective |
8 Apache Directory file permission settings (root, directory 755, File 644)
[email protected] html]# LL Total 12 Drwxr-xr-x 2 root root 4096 09-03 18:51 BBS Drwxr-xr-x 5 root root 4096 11-12 01:53 Blog Drwxr-xr-x 3 root root 4096 11-17 11:43 www |
Tip: In the site architecture, should be the resource files, including the user upload pictures, Fujian and other procedures, and the best separation of the upload process, so that you can easily authorized.
9 opening httpd-mpm.conf Increasing the number of connections
Apache Anti-theft chain function
11 Forbidden Directory Index
Option followsymlinks This one parameter minus the index option |
12 Prohibit user overwrite (reload)
AllowOverride None #禁止用户覆盖 (Heavy) #加快服务器速度 because it no longer looks for each directory access control asking price (. htaccess) for each request |
13 Turn off CGI
scriptalias/cgi-bin/"/application/apache2.2.25/cgi-bin/" <directory "/application/apache2.2.25/cgi-bin" > AllowOverride None Options None Order Allow,deny Allow from all </Directory> |
Delete the above content
14 avoid using. htaccess files (distributed configuration files)
First, in terms of performance, you should avoid using. htaccess files
Apache Installation Module
(Mod_evasive20 anti-DDoS, Mod_limitipconn (for single-site) configuration, mod_security Anti-SQL injection, etc.) Makejail Http://www.floc.net/makejail is a software that automatically puts the programs needed to build jail in jail Mod_security http://www.modsecurity.org is a module of Apache, he has the request filtering, log audit and other functions, can prevent SQL injection, cross-site scripting attack, very good one module |
16 The right way to get the source code, to hit the Apache patch
The Apache log grants root700 permissions
Chown-r Root.root Logs Chmod-r logs |
18 System Kernel Parameter optimization
19 Prevent PHP from parsing the specified site Directory
20 replacing frequently accessed directories with the Tmps file system
21 minimizing the number of HTTP requests
22 using CDN to do website acceleration
Optimized Apache program architecture
1) Program Page server 2) Picture Attachment server 3) Upload server function as far as possible separation A) The best way to detach is to use a separate server (requires program support) b) Sub-option in the front-end load balancer via Haproxy/nginx request the corresponding server following the directory or extension name |
Linux Course notes Apache optimization