Linux Course notes Apache optimization

Source: Internet
Author: User
Tags apache log

Apache Service Optimization

1 Configuring Apache Log Polling

Apache's own log polling tool is also available, but the teacher test will drop the log, so use Cronolog to configure the log polling

Tar zxf cronolog-1.6.2.tar.gz

CD cronolog-1.6.2

./configure

Make

Make install

<virtualhost *:80>

ServerAdmin [email protected]

DocumentRoot "/var/html/www"

ServerName www.etiantian.com

Serveralias etiantian.com

Errorlog "Logs/www.etiantiancom-error_log"

# customlog "Logs/www.etiantiancom-access_log" common

Customlog "|/usr/local/sbin/cronolog/application/apache/logs/access_www_%w.log" combined

#注意这里要写全路径,%w indicates weekly polling

</VirtualHost>

2 Error page Elegant display

[[email protected] bin]# grep "ErrorDocument 404"/application/apache/conf/httpd.conf

#ErrorDocument 404/missing.html

#ErrorDocument 404 "/cgi-bin/missing_handler.pl"

#可以指定404错误提示的页面 can be either a URL or a script or a file

3 Mod_deflate file Compression function

3.1 Mod_deflate Module Introduction

The Mod_deflate module provides a deflate output filter that allows the server to compress the output before it is sent to the client, improving the user experience.

3.2 Mod_deflate Installation Check

(1) If you have installed mod_deflate when compiling the installation httpd, the command is:

[Email protected] ~]#/application/apache/bin/apachectl-l |grep mod_deflate

Mod_deflate.c

(2) If the DSO is compiled (--enable-so to open the DSO compilation mode), then the View method is:

[Email protected] ~]# ls/application/apache/modules/|grep mod_deflate

Mod_deflate.so

[[email protected] ~]# grep mod_deflate.so/application/apache/conf/httpd.conf

LoadModule Deflate_module modules/mod_deflate.so

[Email protected] ~]#/application/apache/bin/apachectl-m |grep deflate

Deflate_module (dynamic) #static是表示在编译的时候就已经安装了

Syntax OK

Special Note: The above two situations can not exist at the same time, otherwise there will be conflicts

3.3 Mod_deflate Installation

Cd/root/tools/httpd-2.2.25/modules/filters

/application/apache/bin/apxs-c-a-i mod_deflate.c

Ll/application/apache/modules/mod_deflate.so

#如果提示冲突, comment out the LoadModule deflate_module modules/mod_deflate.so command in the/application/apache/conf/httpd.conf file.

3.4 Mod_deflate Application

<ifmodule mod_deflate.c>

Deflatecompressionlevel 9

Setoutputfilter DEFLATE

Deflatefilternote Input instream

Deflatefilternote Output OutStream

Deflatefilternote Ratio Ratio

#Logformat ' "%r"%{outstream}n/%{instream}n (%{ratio}n%%) ' deflate

#CustomLog Logs/deflate_log.log Deflate

</ifmodule>

#把以上这段代码嵌入到/application/apache/conf/extra/httpd-vhosts.conf/var/html/www Configuration content (can also be configured in the Global directory)

<virtualhost *:80>

ServerAdmin [email protected]

DocumentRoot "/var/html/www"

ServerName www.etiantian.com

Serveralias etiantian.com

Errorlog "Logs/www.etiantiancom-error_log"

Customlog "Logs/www.etiantiancom-access_log" common

<ifmodule mod_deflate.c>

Deflatecompressionlevel 9

Setoutputfilter DEFLATE

Deflatefilternote Input instream

Deflatefilternote Output OutStream

Deflatefilternote Ratio Ratio

#Logformat ' "%r"%{outstream}n/%{instream}n (%{ratio}n%%) ' deflate

#CustomLog Logs/deflate_log.log Deflate

</ifmodule>

</VirtualHost>

Test: The teacher's test_deflate.tar.gz compression package uploaded to/var/html/www, and then decompression, do not need to do any movement. Open the Firefox Developer Edition, Access 192.168.1.4/test/deflate.html, open Firebug, and see the test results in YSlow.

4 Mod_expires Cache function

Expire is actually a header message that specifies the cache time of a particular type of file in the browser. Most of the pictures, flash after the release is not necessary to change frequently, after doing the cache after such a browser will not need to download these files from the server, but directly from the cache read, so that the speed of access to the page will be greatly accelerated.

Add the following configuration under the Mod_deflate module configuration:

Expiresactive on

ExpiresDefault "Access plus month"

Expiresbytype text/html "Access plus months"

Expiresbytype text/css "Access plus months"

Expiresbytype image/gif "Access plus months"

Expiresbytype image/jpeg "Access plus12 months"

Expiresbytype image/jpg "Access plus months"

Expiresbytype image/png "Access plus months"

Expiresbytype Application/x-shockwave-flash "Access plus months"

Expiresbytype application/x-javascript "Access plus months"

Expiresbytype video/x-flv "Access plus months"

[Email protected] www]# curl-i 192.168.1.4/01.jpg

http/1.1 OK

Date:sun, 03:51:45 GMT

server:apache/2.2.25 (Unix) DAV/2 php/5.3.10

Last-modified:sun, 12:20:20 GMT

ETag: "40904-486f3-4947587f66900"

Accept-ranges:bytes

content-length:296691

cache-control:max-age=31104000

expires:wed, 03:51:45 GMT

Vary:accept-encoding

Content-type:image/jpeg

5 changing Apache Default User

Create a user such as Apache (preferably a infrequently used name) for child processes and child threads.

Useradd-m-s/sbin/nologin Apache

Vi/application/apache/conf/httpd.conf

User Apache

Group Apache

6 worker mode increase concurrent number

7 masking sensitive information such as Apache version

(1) Modify the httpd.conf file to open the Httpd-default.conf module

(2) Modify the httpd-default.conf file, serversignature off and servertokens prod after apachectl graceful make the settings effective

8 Apache Directory file permission settings (root, directory 755, File 644)

[email protected] html]# LL

Total 12

Drwxr-xr-x 2 root root 4096 09-03 18:51 BBS

Drwxr-xr-x 5 root root 4096 11-12 01:53 Blog

Drwxr-xr-x 3 root root 4096 11-17 11:43 www

Tip: In the site architecture, should be the resource files, including the user upload pictures, Fujian and other procedures, and the best separation of the upload process, so that you can easily authorized.

9 opening httpd-mpm.conf Increasing the number of connections

Apache Anti-theft chain function

11 Forbidden Directory Index

Option followsymlinks This one parameter minus the index option

12 Prohibit user overwrite (reload)

AllowOverride None #禁止用户覆盖 (Heavy)

#加快服务器速度 because it no longer looks for each directory access control asking price (. htaccess) for each request

13 Turn off CGI

scriptalias/cgi-bin/"/application/apache2.2.25/cgi-bin/"

<directory "/application/apache2.2.25/cgi-bin" >

AllowOverride None

Options None

Order Allow,deny

Allow from all

</Directory>

Delete the above content

14 avoid using. htaccess files (distributed configuration files)

First, in terms of performance, you should avoid using. htaccess files

Apache Installation Module

(Mod_evasive20 anti-DDoS, Mod_limitipconn (for single-site) configuration, mod_security Anti-SQL injection, etc.)

Makejail Http://www.floc.net/makejail

is a software that automatically puts the programs needed to build jail in jail

Mod_security http://www.modsecurity.org

is a module of Apache, he has the request filtering, log audit and other functions, can prevent SQL injection, cross-site scripting attack, very good one module

16 The right way to get the source code, to hit the Apache patch

The Apache log grants root700 permissions

Chown-r Root.root Logs

Chmod-r logs

18 System Kernel Parameter optimization

19 Prevent PHP from parsing the specified site Directory

20 replacing frequently accessed directories with the Tmps file system

21 minimizing the number of HTTP requests

22 using CDN to do website acceleration

Optimized Apache program architecture

1) Program Page server 2) Picture Attachment server 3) Upload server function as far as possible separation

A) The best way to detach is to use a separate server (requires program support)

b) Sub-option in the front-end load balancer via Haproxy/nginx request the corresponding server following the directory or extension name

Linux Course notes Apache optimization

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.