Linux Course notes Apache optimization

Apache Service Optimization

1 Configuring Apache Log Polling

Apache's own log polling tool is also available, but the teacher test will drop the log, so use Cronolog to configure the log polling Tar zxf cronolog-1.6.2.tar.gz CD cronolog-1.6.2 ./configure Make Make install <virtualhost *:80> ServerAdmin [email protected] DocumentRoot "/var/html/www" ServerName www.etiantian.com Serveralias etiantian.com Errorlog "Logs/www.etiantiancom-error_log" # customlog "Logs/www.etiantiancom-access_log" common Customlog "|/usr/local/sbin/cronolog/application/apache/logs/access_www_%w.log" combined #注意这里要写全路径,%w indicates weekly polling </VirtualHost>

2 Error page Elegant display

[[email protected] bin]# grep "ErrorDocument 404"/application/apache/conf/httpd.conf #ErrorDocument 404/missing.html #ErrorDocument 404 "/cgi-bin/missing_handler.pl" #可以指定404错误提示的页面 can be either a URL or a script or a file

3 Mod_deflate file Compression function

3.1 Mod_deflate Module Introduction

The Mod_deflate module provides a deflate output filter that allows the server to compress the output before it is sent to the client, improving the user experience.

3.2 Mod_deflate Installation Check

(1) If you have installed mod_deflate when compiling the installation httpd, the command is:

[Email protected] ~]#/application/apache/bin/apachectl-l |grep mod_deflate Mod_deflate.c

(2) If the DSO is compiled (--enable-so to open the DSO compilation mode), then the View method is:

[Email protected] ~]# ls/application/apache/modules/|grep mod_deflate Mod_deflate.so [[email protected] ~]# grep mod_deflate.so/application/apache/conf/httpd.conf LoadModule Deflate_module modules/mod_deflate.so [Email protected] ~]#/application/apache/bin/apachectl-m |grep deflate Deflate_module (dynamic) #static是表示在编译的时候就已经安装了 Syntax OK

Special Note: The above two situations can not exist at the same time, otherwise there will be conflicts

3.3 Mod_deflate Installation

Cd/root/tools/httpd-2.2.25/modules/filters /application/apache/bin/apxs-c-a-i mod_deflate.c Ll/application/apache/modules/mod_deflate.so #如果提示冲突, comment out the LoadModule deflate_module modules/mod_deflate.so command in the/application/apache/conf/httpd.conf file.

3.4 Mod_deflate Application

<ifmodule mod_deflate.c> Deflatecompressionlevel 9 Setoutputfilter DEFLATE Deflatefilternote Input instream Deflatefilternote Output OutStream Deflatefilternote Ratio Ratio #Logformat ' "%r"%{outstream}n/%{instream}n (%{ratio}n%%) ' deflate #CustomLog Logs/deflate_log.log Deflate </ifmodule> #把以上这段代码嵌入到/application/apache/conf/extra/httpd-vhosts.conf/var/html/www Configuration content (can also be configured in the Global directory) <virtualhost *:80> ServerAdmin [email protected] DocumentRoot "/var/html/www" ServerName www.etiantian.com Serveralias etiantian.com Errorlog "Logs/www.etiantiancom-error_log" Customlog "Logs/www.etiantiancom-access_log" common <ifmodule mod_deflate.c> Deflatecompressionlevel 9 Setoutputfilter DEFLATE Deflatefilternote Input instream Deflatefilternote Output OutStream Deflatefilternote Ratio Ratio #Logformat ' "%r"%{outstream}n/%{instream}n (%{ratio}n%%) ' deflate #CustomLog Logs/deflate_log.log Deflate </ifmodule> </VirtualHost> Test: The teacher's test_deflate.tar.gz compression package uploaded to/var/html/www, and then decompression, do not need to do any movement. Open the Firefox Developer Edition, Access 192.168.1.4/test/deflate.html, open Firebug, and see the test results in YSlow.

4 Mod_expires Cache function

Expire is actually a header message that specifies the cache time of a particular type of file in the browser. Most of the pictures, flash after the release is not necessary to change frequently, after doing the cache after such a browser will not need to download these files from the server, but directly from the cache read, so that the speed of access to the page will be greatly accelerated.

Add the following configuration under the Mod_deflate module configuration: Expiresactive on ExpiresDefault "Access plus month" Expiresbytype text/html "Access plus months" Expiresbytype text/css "Access plus months" Expiresbytype image/gif "Access plus months" Expiresbytype image/jpeg "Access plus12 months" Expiresbytype image/jpg "Access plus months" Expiresbytype image/png "Access plus months" Expiresbytype Application/x-shockwave-flash "Access plus months" Expiresbytype application/x-javascript "Access plus months" Expiresbytype video/x-flv "Access plus months" [Email protected] www]# curl-i 192.168.1.4/01.jpg http/1.1 OK Date:sun, 03:51:45 GMT server:apache/2.2.25 (Unix) DAV/2 php/5.3.10 Last-modified:sun, 12:20:20 GMT ETag: "40904-486f3-4947587f66900" Accept-ranges:bytes content-length:296691 cache-control:max-age=31104000 expires:wed, 03:51:45 GMT Vary:accept-encoding Content-type:image/jpeg

5 changing Apache Default User

Create a user such as Apache (preferably a infrequently used name) for child processes and child threads.

Useradd-m-s/sbin/nologin Apache Vi/application/apache/conf/httpd.conf User Apache Group Apache

6 worker mode increase concurrent number

7 masking sensitive information such as Apache version

(1) Modify the httpd.conf file to open the Httpd-default.conf module (2) Modify the httpd-default.conf file, serversignature off and servertokens prod after apachectl graceful make the settings effective

8 Apache Directory file permission settings (root, directory 755, File 644)

[email protected] html]# LL Total 12 Drwxr-xr-x 2 root root 4096 09-03 18:51 BBS Drwxr-xr-x 5 root root 4096 11-12 01:53 Blog Drwxr-xr-x 3 root root 4096 11-17 11:43 www

Tip: In the site architecture, should be the resource files, including the user upload pictures, Fujian and other procedures, and the best separation of the upload process, so that you can easily authorized.

9 opening httpd-mpm.conf Increasing the number of connections

Apache Anti-theft chain function

11 Forbidden Directory Index

Option followsymlinks This one parameter minus the index option

12 Prohibit user overwrite (reload)

AllowOverride None #禁止用户覆盖 (Heavy) #加快服务器速度 because it no longer looks for each directory access control asking price (. htaccess) for each request

13 Turn off CGI

scriptalias/cgi-bin/"/application/apache2.2.25/cgi-bin/" <directory "/application/apache2.2.25/cgi-bin" > AllowOverride None Options None Order Allow,deny Allow from all </Directory>

Delete the above content

14 avoid using. htaccess files (distributed configuration files)

First, in terms of performance, you should avoid using. htaccess files

Apache Installation Module

(Mod_evasive20 anti-DDoS, Mod_limitipconn (for single-site) configuration, mod_security Anti-SQL injection, etc.) Makejail Http://www.floc.net/makejail is a software that automatically puts the programs needed to build jail in jail Mod_security http://www.modsecurity.org is a module of Apache, he has the request filtering, log audit and other functions, can prevent SQL injection, cross-site scripting attack, very good one module

16 The right way to get the source code, to hit the Apache patch

The Apache log grants root700 permissions

Chown-r Root.root Logs Chmod-r logs

18 System Kernel Parameter optimization

19 Prevent PHP from parsing the specified site Directory

20 replacing frequently accessed directories with the Tmps file system

21 minimizing the number of HTTP requests

22 using CDN to do website acceleration

Optimized Apache program architecture

1) Program Page server 2) Picture Attachment server 3) Upload server function as far as possible separation A) The best way to detach is to use a separate server (requires program support) b) Sub-option in the front-end load balancer via Haproxy/nginx request the corresponding server following the directory or extension name

Linux Course notes Apache optimization