Shulou(Shulou.com)06/01 Report--

CentOS 6:httpd-2.2

Program environment:

Configuration file:

/ etc/httpd/conf/httpd.conf

/ etc/httpd/conf.d/*.conf

Service script:

/ etc/rc.d/init.d/httpd

Script configuration file: / etc/sysconfig/httpd

Main program file:

/ usr/sbin/httpd

/ usr/sbin/httpd.event

/ usr/sbin/httpd.worker

Log file:

/ var/log/httpd:

Access_log: access log

Error_log: error log

Site documentation:

/ var/www/html (page file)

Module file path:

/ usr/lib64/httpd/modules

Service control and startup:

Chkconfig httpd on | off

Service {start | stop | restart | status | configtest | reload} httpd

Common configurations:

1. Modify the listening IP and PORT

# vim / etc/httpd/conf/httpd.conf

(1) omit IP as 0.0.0.0

(2) the Listen instruction can be repeated multiple times.

Listen 80

Listen 8080

(3) modify the listening socket and restart the service process to take effect.

Note: changing the configuration file requires restarting the service service httpd restart

Netstat-tnlp (view the port used by the currently started service)

2. Persistent continuity

After the continuous establishment of tcp, each resource acquisition is not completely disconnected, but continues to wait for other resource requests.

Side effects: for servers with large concurrent visits, the persistent connection mechanism will prevent some subsequent requests from getting a normal response.

Compromise: use shorter duration of persistent connections and fewer requests

KeepAlive On | Off (whether persistent continuity is enabled)

KeepAliveTimeout 15 (time limit)

MaxKeepAliveRequests 100 (quantity limit)

# vim / etc/httpd/conf/httpd.conf

Restart the service service httpd restart

3 、 MPM

Httpd-2.2 does not support compiling multiple MPM modules at the same time, so only the selected one can be compiled

The rpm package for CentOS 6 provides three application files specifically for this purpose:

Httpd (prefork), httpd.worker, httpd.event

See which program file method is being used and how many processes are started:

# ps aux | grep httpd

The first behavior master process (management process creation and destruction)

The default is / usr/sbin/httpd, which is the MPM module of prefork

View a list of modules for the httpd program:

View statically compiled modules:

# httpd-l

View statically compiled and dynamically compiled modules:

# httpd-M

Change to use httpd programs to support other MPM mechanisms

# vim / etc/sysconfig/httpd

HTTPD=/usr/sbin/httpd. {worker,event}

Note: restart the service process to take effect

# service httpd restart

MPM configuration:

# vim / etc/httpd/conf/httpd.conf

Configuration of prefork

(if prefork exists)

StartServers 8 (how many idle processes are started)

MinSpareServers 5 (minimum number of idle processes)

MaxSpareServers 20 (maximum idle process)

ServerLimit 256 (maximum number of processes allowed to be started by MaxClients)

MaxClients 256 (maximum number of processes allowed to start)

MaxRequestsPerChild 4000 (maximum number of requests each process can handle, and 4000 processes will be destroyed)

Configuration of worker:

StartServers 4 (how many idle processes are started)

MaxClients 300 (maximum number of processes allowed to start)

MinSpareThreads 25 (minimum number of idle processes)

MaxSpareThreads 75 (maximum idle processes)

ThreadsPerChild 25 (maximum number of threads per main process can be generated)

MaxRequestsPerChild 0 (each process can handle unlimited requests)

PV,UV

PV:Page View (page views)

UV: User View (user views)

4. DSO (dynamic sharing module)

Configuration specifies implementation module loading

LoadModule (module file path)

The module file path can use a relative path:

Relative to ServerRoot (default / etc/httpd)

5. Define the path to access the main document page

# vim / etc/httpd/conf/httpd.conf

DocumentRoot ""

Document path mapping:

The path DoucmentRoot points to is the starting position of the URL path.

It is equivalent to the root path of the site URL

Note: restart the service process to take effect

# service httpd restart

6. Common mechanisms of site access control

# vim / etc/httpd/conf/httpd.conf

You can specify which resources and what kind of access control based on two mechanisms

File system path:

...

...

...

URL path:

...

...

Implement access control based on source address in:

(1) Options

Followed by one or more "options" list separated by white space characters

Indexes: return the index list to the user when there is no resource file that matches the defined main page resource under the specified URL path; (it is recommended to turn it off)

FollowSymLinks: allows you to track the source file that the symbolic link file points to (it is recommended that you turn it off)

None: none.

All: all

It is recommended to change it to: Options None

(2) AllowOverride (override allowed)

Which instructions related to access control can be placed in the .htaccess file (there can be one in each directory)

All: all

None: none.

It is recommended to change it to: AllowOverride None

(3) order and allow, deny refuse

Order: defines the effective order; the default rule is written later.

Allow from source address, Deny from source address

Source address:

IP

NetAddr: (network address)

172.16

172.16.0.0

172.16.0.0/16

172.16.0.0/255.255.0.0

1 、 e.g. Set to allow only host access on 172.16 network segments: Allow from 172.16

2 、 e.g.Deny from 172.16.100.88

Allow from 172.16

(only hosts on the 172.16 network segment are allowed to access, but 172.16.100.88 cannot be accessed)

7. Define the main page of the site:

# vim / etc/httpd/conf/httpd.conf

DirectoryIndex index.html index.html.var (look for index.html first, find index.html.var if you can't find it)

8. Define path aliases

# vim / etc/httpd/conf/httpd.conf

Format:

Alias / URL/ "/ PATH/TO/SOMEDIR/"

DocumentRoot "/ www/htdocs"

Http://www.magedu.com/download/bash-4.4.2-3.el6.x86_64.rpm

/ www/htdocs/download/bash-4.4.2-3.el6.x86_64.rpm

Alias / download/ "/ rpms/pub/"

Http://www.magedu.com/download/bash-4.4.2-3.el6.x86_64.rpm

/ rpms/pub/bash-4.4.2-3.el6.x86_64.rpm

Http://www.magedu.com/p_w_picpaths/logo.png

/ www/htdocs/p_w_picpaths/logo.png

9. Set the default character set (in case the "language" does not understand, the response page cannot be understood. )

AddDefaultCharset UTF-8

Chinese character set: GBK, GB2312, GB18030

10. Log settings

Log type: access log and error log

Error log

ErrorLog logs/error_log

LogLevel warn (warning)

Error level: debug (all errors are logged), info (more advanced than debug), notice (concern), warn (warning), error (error), crit (serious level), alert (red alert), emerg (emergency).

Access log: view access log: # tail / var/log/httpd/access_log

LogFormat "% h% l% u% t\"% r\ "% > s% b\"% {Referer} I\ "\"% {User-Agent} I\ "" combined

CustomLog logs/access_log combined

LogFormat format strings: (meaning of LogFormat format character)

Http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats

% h: client IP address

% l: client user name, usually a minus sign ("-")

% u: client user (from auth; may be bogus if return status (% s) is 401); it is a minus sign when not for login access

% t: time when the server received the request

% r:First line of request, which represents the first line of the request message; records the "method", "URL" and protocol version of the request

% > s: response status code

% b: the size of the response message in bytes, excluding the http header of the response message

% {Referer} I: the value of the first "referer" in the request message; referer is the hyperlink from which page jumps to the current page's

% {User-Agent} I: the value of the first "User-Agent" in the request message; that is, the application that made the request

11. User-based access control

There are two ways to authenticate:

Basic: plaintext

Digest: message digest authentication

Basic authentication is used here.

# vim / etc/httpd/conf/httpd.conf

Example of basic authentication configuration:

Define a security domain

(define which page resource access requires authentication)

Options None

AllowOverride None

AuthType Basic (Certification Type)

AuthName "String" (authentication prompt)

AuthUserFile "/ PATH/TO/HTTPD_USER_PASSWD_FILE" (the path where the account password is located at the time of authentication)

Require user username1 username2. (indicate who can log in; allow all users in the account file to log in and access: Require valid-user)

Create the account password file AuthUserFile:

Htpasswd [options] / PATH/TO/HTTPD_PASSWD_FILE username

-c: automatically creates the file specified here, so it should be used only if this file does not exist

-m:md5 format encryption

-s: sha format encryption

-D: delete the specified user

E.g. Htpasswd-c-m / etc/httpd/conf/.htpasswd tianxudong

Note: use-c when adding users for the first time, and then cannot use it, otherwise it will overwrite the original user information.

Authentication based on group account

# vim / etc/httpd/conf/httpd.conf

Add one more group authentication file than defining user access control.

AuthGroupFile "/ PATH/TO/HTTPD_GROUP_FILE"

Require group grpname1 grpname2..

Create user account and group account files

# vim / etc/httpd/conf/.htgroup

Mygrp: tianxidong

Group files: define a group per line

GRP_NAME: username1 username2...

12. Virtual host

There are three implementation scenarios:

Based on ip:

Prepare at least one ip address for each virtual host

Based on port:

Use at least one separate port for each virtual host

Based on FQDN:

Use at least one FQDN for each virtual host

Note: generally, virtual machines should not be mixed with central hosts; therefore, to use virtual hosts, you must first disable the 'main' host'

Disable method: annotate the DocumentRoot instruction of the central host

The configuration method of virtual host:

(the port address that the virtual host listens to)

ServerName FQDN (if it is not marked with name, there is no need to write FQDN)

DocumentRoot "" (the site file path of the virtual host)

Other available instructions:

ServerAlias: alias for virtual host; can be used multiple times

ErrorLog: (error log dedicated to this virtual host)

CustomLog: (access log dedicated to this virtual host)

(access control of resources based on path)

...

Alias (path alias)

...

E.g. Different IP visits different sites:

Comment out the DocumentRoot of the main configuration file

Compile a file:

# vim / etc/httpd/conf.d/vhosts.conf

ServiceName www.a.com

DocumentRoot "/ www/a.com/htdocs"

ServiceName www.b.net

DocumentRoot "/ www/b.net/htdocs"

ServiceName www.c.org

DocumentRoot "/ www/c.org/htdocs"

Syntax check: httpd-t

Restart the service: service httpd reload

E.g. Port-based virtual hosts:

First, add 3 ports: please refer to the common configuration 1 above.

Syntax check: httpd-t

Compile a file:

# vim / etc/httpd/conf.d/vhosts.conf

ServerName www.a.com

DocumentRoot "/ www/a.com/htdocs"

ServerName www.b.net

DocumentRoot "/ www/b.net/htdocs"

ServerName www.c.org

DocumentRoot "/ www/c.org/htdocs"

Syntax check: httpd-t

Restart the service: service httpd reload

E.g. Virtual host based on FQDN: (the port is the same, the address is the same)

NameVirtualHost 172.16.100.6 NameVirtualHost 80 (a special instruction is required for FQDN-based virtual hosts, which is not required for Centos7)

ServerName www.a.com

DocumentRoot "/ www/a.com/htdocs"

ServerName www.b.net

DocumentRoot "/ www/b.net/htdocs"

ServerName www.c.org

DocumentRoot "/ www/c.org/htdocs"

Syntax check: httpd-t

Restart the service: service httpd reload

13. Status page (check the details of the running process and access authentication)

LoadModule status_module modules/mod_status.so

Edit the main configuration file and enable the following lines.

SetHandler server-status

Order allow,deny

Allow from 172.16 (recommended setting to allow only one host to access)

14. Use mod_deflate module to compress pages to optimize transmission speed

Applicable scenarios:

(1) Save bandwidth and consume extra CPU;. At the same time, some older browsers may not support it.

(2) compress resources suitable for compression, such as files

# vim / etc/httpd/conf/httpd.conf

Syntax check: httpd-t

Restart the service: service httpd reload

Compile and install the httpd2.4 version on CentOS 6:

CentOS 6 defaults to version 1.39 of apr and apr-util, while httpd2.4 requires that apr and apr-util are above version 1.4.

You can download version 1.4 from apr.apache.org 's official website.

Development environment package group: Development Tools, Server Platform Development

Development package: pcre-devel

Turn off the httpd service first and don't start it automatically.

# service httpd stop

# chkconfig httpd off

Compile and install steps:

(1) apr-1.4+

#. / configure-prefix=/usr/local/apr

# make & & make install

(2) apr-util-1.4+

#. / configure-prefix=/usr/local/apr-util-with-apr=/usr/local/apr

# make & & make install

(3) httpd-2.4

# / configure-- prefix=/usr/local/apache24-- sysconfdir=/etc/httpd24-- enable-so-- enable-ssl-- enable-cgi-- enable-rewrite-- with-zlib-- with-pcre-- with-apr=/usr/local/apr-- with-apr-util=/usr/local/apr-util-- enable-modules=most-- enable-mpms-shared=all-- with-mpm=prefork

# make & & make install

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.