Shulou(Shulou.com)06/03 Report--

The World wide Web Web is an information network based on hypertext on Internet. Users can access the information resources on the Web server through the browser. At present, the most commonly used Web server software on the Linux operating system is Apache. Apache is an open source HTTP server software that runs in most major computer operating systems, including UNIX, Linux, and Windows.

7.1introduction to Apache

Apache is an open source software, so it is supported by the open source community, constantly developing new features and fixing the original defects. After years of continuous improvement, Apache has become one of the most popular Web server-side software. Apache has many of the following

Features to ensure that it can run efficiently and stably.

1. Support the latest HTTP/1.1 communication protocol

two。 Have a simple and powerful file-based configuration process

3. Support for Universal Gateway Interface CGI

4. Support for IP-based and domain name-based virtual hosts

5. Support multiple ways of HTTP authentication

6. Integrated Perl processing module

7. Integrated proxy server module

8. Support real-time monitoring of server status and customization of server logs

9. Support for server-side include instructions (SSI)

10. Support for secure Socket layer (SSL)

11. Provide tracking of user session processes

twelve。 Support for FastCGI

13. JavaServlets can be supported through third-party modules

Apache adopts modular design, and after the module is installed, new functions can be added to the Apache kernel. By default, Apache has installed some modules, and users can also use module configuration to customize what features need to be installed in the Apache server, which is a sign of Apache flexibility. Common functional modules are:

The module name function states that mod_actions.so runs CGI scripts based on MIME types mod_alias.so supports virtual directories and page redirects mod_asis to send files containing custom HTTP headers mod_auth_basic.so basic authentication mod_auth_digest.so user authentication using MD5 encryption algorithm mod_authn_alias.so allows third-party authentication mod_authn_anon.so to allow anonymous users to access authenticated areas Domain mod_authn_dbd.so uses database to save user authentication information mod_authn_dbm.so uses DBM data file to save user authentication information mod_authn_default.so handles user authentication failure mod_authn_file.so uses text file to save user authentication information mod_authnz_ldap.so uses LDAP directory for user authentication mod_authz_default.so processing group verification failed mod_authz_groupfile.so use Plaintext file verification mod_authz_host.so host-based group authentication mod_authz_user.so user authentication module mod_autoindex.so generates directory index mod_cache.so content cache to URI mod_cgi.so support CGI script mod_cgid.so runs CGI script using external CGI process mod_dir.so provides directory and index files for trailing slash mod_env.so adjustment is passed to CGI script and The environment variable mod_example.so of the SSI page

Explain the APImod_filter.so filtering information mod_imagemap.so of the Apache module

Imagemap processing mod_include.so parsing HTML file mod_isapi.so

ISAPI extension mod_ldap.so uses third-party LDAP modules for LDAP connections and service mod_log_config.so

Record the access request mod_login.so sent to the server

Record the number of bytes input and output per request mod_mime.so jointly with the requested file extension and file behavior content mod_negotiation.so provides content negotiation mod_nw_ssl

Open SSL encryption for NetWare mod _ proxy.so proxy and gateway server mod_proxy_ajp.somod_proxy supporting HTTP1.1 protocol AJP support module mod_proxy_balancer.somod_proxy load balancing module mod_proxy_ftp.somod_proxy 's ftp support module mod_proxy_http.somod_proxy 's HTTP support module mod_setenvif.so allows you to set the request-based environment variable mod_so.so

Improve executable coding and module startup mod_ssl.so during startup or restart

Using encrypted mod_status.so of SSL and TLS to provide server performance operation information mod_userdir.so sets up each user's website directory mod_usertrack.so records the user's activity on the site mod_vhost_alias.so provides dynamic configuration of a large number of virtual hosts

7.2. installation of Apache server

For Centos6.5, there is a built-in Apache in the yum source, version 2.2.15, which can be installed directly through the yum command. In order to obtain the latest version of Apache, you can download the source code of the software from Apache's official website www.apache.org to install it. The name of the software is httpd, and the latest stable version is 2.4.25.

[root@mylinux home] # yum list httpdLoaded plugins: fastestmirrorLoading mirror speeds from cached hostfile * base: mirrors.cn99.com * epel: mirrors.tuna.tsinghua.edu.cn * epel-debuginfo: mirrors.tuna.tsinghua.edu.cn * epel-source: mirrors.tuna.tsinghua.edu.cn * extras: mirrors.njupt.edu.cn * updates: ftp.sjtu.edu.cnAvailable Packageshttpd.x86_64 2.2.15-59.el6.centos Base [root@mylinux home] # wget http://mirror.bit.edu.cn/apache//httpd/httpd-2.4.25.tar.bz2--2017-05-26 06PUBG 32MU 59Mi-http://mirror.bit.edu.cn/apache//httpd/httpd-2.4.25.tar.bz2Resolving mirror.bit.edu.cn... 202.204.80.77, 2001:da8:204:2001:250:56ff:fea1:22Connecting to mirror.bit.edu.cn | 202.204.80.77 |: 80. Connected.HTTP request sent, awaiting response... 200 OKLength: 6398218 (6.1m) [application/octet-stream] Saving to: httpd-2.4.25.tar.bz2100% [= = >] 6398218 1.11M/s in 5.9s 2017-05-26 06:33:07 (1.04 MB/s)-httpd-2.4.25.tar.bz2 saved [6398218 root@mylinux home] [root@mylinux home] # lsbind-9.10.4-P8 httpd-2.4.25.tar.bz2 Python-2. 7.13.tar.xz Python-3.6.1.tar.xzbind-9.10.4-P8.tar.gz mylinux Python-3.6.1 [root@mylinux home] # ls httpd-2.4.25.tar.bz2

1. Install dependent files

[root@mylinux httpd-2.4.25] # yum remove apr-util-devel apr apr-util-mysql apr-docs apr-devel apr-util apr-util-docs...Removed: apr.x86_64 0 apr.x86_64 1.3.9-5.el6_2 apr-util.x86_64 0V 1.3.9-3.el6_0.1 Dependency Removed: apr-util-ldap.x86_64 0v 1.3.9-3. El6_0.1 httpd-tools.x86_64 0VOR 2.2.15-59.el6.centos subversion.x86_64 0VR 1.6.11-15.el6_7 Complete! [root@mylinux home] # wget [root@mylinux home] # tar xf apr-1.5.2.tar.gz # solve apr not found problem [root@mylinux home] # cd Apr-1.5.2 [root@mylinux apr-1.5.2] #. / configure-- prefix=/usr/local/apr [root@mylinux apr-1.5.2] # make & & make install [root@mylinux home] # tar xf apr-util-1.5.4.tar.gz # solve the APR-util not found problem [root@mylinux home] # cd apr-util-1.5.4 [root@mylinux apr-util-1.5.4] #. / configure -- prefix=/usr/local/apr-util-with-apr=/usr/local/apr/bin/apr-1-config [root@mylinux apr-util-1.5.4] # make & & make install [root@mylinux home] # tar xf pcre-8.40.tar.bz2 # solve the pcre problem [root@mylinux home] # cd pcre-8.40 [root@mylinux pcre-8.40] #. / configure-- prefix=/usr/local/pcre [root@mylinux pcre-8 .40] # make & & make install [root@mylinux home] # yum install pcre-devel-y

2. Compile and install httpd

[root@mylinux home] # tar xf httpd-2.4.25.tar.bz2 [root@mylinux home] # cd httpd-2.4.25 [root@mylinux httpd-2.4.25] #. / configure-- prefix=/usr/local/apache-- sysconfdir=/etc/httpd24-- enable-so-- enable-ssl-- enable-cgi-- enable-rewrite-- with-zlib-- with-pcre-- with-apr=/usr/local/apr-- with-apr-util=/usr/local / apr-util/-- enable-modules=most-- enable-mpms-shared=all-- with-mpm=event [root@mylinux httpd-2.4.25] make & & make install# export header file [root@mylinux httpd-2.4.25] # ln-sv / usr/local/apache/include / usr/include/ httpd` / usr/include/httpd'-> `/ usr/local/apache/include' # Export library file [root@mylinux httpd-2.4.25] # ldconfig [root@ Mylinux httpd-2.4.25] # ldconfig-p # View the current system library file 326 libs found in cache `/ etc/ld.so.cache' libz.so.1 (libc6 X86-64) = > / lib64/libz.so.1 libz.so (libc6,x86-64) = > / usr/lib64/libz.so libyaml-0.so.2 (libc6,x86-64) = > / usr/lib64/libyaml-0.so.2 libxtables.so.4 (libc6,x86-64) = > / lib64/libxtables.so.4 libxslt.so.1 (libc6,x86-64) = > / usr/lib64/libxslt.so.1 libxml2.so.2 (libc6) X86-64) = > / usr/lib64/libxml2.so.2... Export man manual # vim / etc/man.config [root@mylinux httpd-2.4.25] # vim / etc/man.config...MANPATH / usr/local/apache/man/ # add the line output binary program [root@mylinux httpd-2.4.25] # vim / etc/profile.d/httpd.shexport PATH=/usr/local/apache/bin:$PATH [root@mylinux httpd-2.4.25] # source / etc/profile.d/httpd .sh [root@mylinux httpd-2.4.25] # apachectl start # launch AH00557: httpd: apr_sockaddr_info_get () failed for mylinuxAH00558: httpd: Could not reliably determine the server's fully qualified domain name Using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message [root@mylinux httpd-2.4.25] # apachectl stop # close AH00557: httpd: apr_sockaddr_info_get () failed for mylinuxAH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message# method for solving error messages [root@mylinux etc] # vim / etc/httpd24/httpd.conf modify ServerName www.example.com:80 to ServerName localhost:80 [root@mylinux etc] # apachectl start # launch [root@mylinux etc] # ps-ef | grep httpd # check process root 39780 10 07:31? 00:00:00 / usr/local/apache / bin/httpd-k startdaemon 39781 39780 0 07:31? 00:00:00 / usr/local/apache/bin/httpd-k startdaemon 39782 39780 0 07:31? 00:00:00 / usr/local/apache/bin/httpd-k startdaemon 39783 39780 07:31? 00:00:00 / usr/local/apache/bin/httpd-k startroot

3. Check the Apache page

7.3.Basic configuration and maintenance of Apache server

Apache has automatically adopted a series of default settings when it is installed. After installation, the Web server can provide WWW services, but in order to operate better, Apache needs to be configured. The main configuration file of Apache is httpd.conf. In addition, Apache also provides commands to facilitate management and configuration.

Common commands are:

Httpd:Apache server.

Apachectl:Apache HTTP server control tools.

AbApache HTTP server performance benchmark tool.

-c: number of concurrency of simulation-n: total number of requests

Apxs:Apache extension tool.

Configure: configure the source code.

Dbmmanage: create and update user authentication files in DBM format for basic authentication.

Htcacheclean: clean up the disk cache.

Htdigest: create and update user authentication files for summary authentication.

Htdbm: operate the DBM password database.

Htpasswd: create and update user authentication files for basic authentication.

Httxt2dbm: create a dbm file for RewriteMap.

Logresolve: resolves the IP address in the Apache log file to the host name.

Rotatelogs: switch log files without closing Apache.

Suexec: switch users before executing external programs.

You can also use the curl command to test whether the Apache server is working properly. Curl is a file transfer tool that works on the command line based on URL syntax. It supports protocols such as FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP. Curl supports HTTPS authentication, and supports HTTP's POST, PUT and other methods, FTP upload, kerberos authentication, HTTP upload, proxy server, cookies, user name / password authentication, download file breakpoint resume, upload file breakpoint resume, http proxy server pipeline (proxy tunneling), and even it also supports IPv6, socks5 proxy server, upload files to FTP server through http proxy server, etc., very powerful.

Common options for curl:

-A/--user-agent sets the user agent to send to the server

-basic uses HTTP basic authentication

-- tcp-nodelay uses TCP_NODELAY option

-e/--referer source URL

-- cacert CA Certificate (SSL)

-- compressed requires that the return is compressed.

-H/--header custom header information is passed to the server

-I/--head displays only the first part of the response message

-- limit-rate sets the transmission speed

-u/--user sets the user and password of the server

-0/--http1.0 uses HTTP 1.0

View the version information of Apache software

[root@mylinux bin] # apachectl-VServer version: Apache/2.4.25 (Unix) Server built: May 26 2017 07:07:15Server's Module Magic Number: 20120211:67Server loaded: APR 1.5.2, APR-UTIL 1.5.4Compiled using: APR 1.5.2, APR-UTIL 1.5.4Architecture: 64-bitServer MPM: event # working mode threaded: yes (fixed thread count) forked: yes (variable process count) Server compiled with.... -D APR_HAS_SENDFILE-D APR_HAS_MMAP-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)-D APR_USE_SYSVSEM_SERIALIZE-D APR_USE_PTHREAD_SERIALIZE-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT-D APR_HAS_OTHER_CHILD-D AP_HAVE_RELIABLE_PIPED_LOGS-D DYNAMIC_MODULE_LIMIT=256-D HTTPD_ROOT= "/ usr/local/apache"-D SUEXEC_BIN= "/ usr/local/apache/bin/suexec"-D DEFAULT_PIDLOG= "logs/httpd.pid"-D DEFAULT_SCOREBOARD= "logs/apache_runtime_status"-D DEFAULT_ERRORLOG= "logs/error_log"-D AP_TYPES_CONFIG_FILE= "/ etc/httpd24/mime.types"-D SERVER_CONFIG_FILE= "/ etc/httpd24/httpd.conf"

View modules that have been compiled

[root@mylinux bin] # apachectl-lCompiled in modules: core.c mod_so.c http_core.c

MPM characteristics of httpd

Httpd adopts the modular design method of core + modules, in which the module adopts the way of DSO (Dynamic Shared Object dynamic module loading) and has the characteristic of MPM (Multipath Processing Module). There are three main ways to work:

Prefork: a request is processed by one process, which has good stability and consumes more resources in large concurrency scenarios. Create processes in advance, maintain appropriate processes as needed, module block design, core is relatively small, modules of various functions are added (including php), running configuration is supported, separate modules are supported, and multiple virtual host configurations are supported.

Worker: a process has multiple threads, and a thread responds to a request

Event: a thread responds to multiple requests and is event-driven. The main purpose is to implement a single thread to respond to multiple requests.

StartServers: number of worker processes started by default; MinSpareServers: minimum number of idle processes; MaxSpareServers: maximum number of idle processes; ServerLimit: maximum number of active processes; MaxClients: maximum number of concurrent requests; MaxRequestsPerChild: maximum number of requests that each child process can serve during its life cycle

StartServers: the number of child processes started MaxClients: the maximum number of concurrent requests; MinSpareThreads: the minimum number of idle threads; MaxSpareThreads: the maximum number of idle threads; ThreadsPerChild: the number of threads that can be generated by each child process; MaxRequestsPerChild: the maximum number of requests that each child process can serve during its lifetime

StartServers 3 MinSpareThreads 75 MaxSpareThreads 250 ThreadsPerChild 25 MaxRequestWorkers 400 MaxConnectionsPerChild 0

Introduction to httpd.conf configuration file

Httpd.conf is the configuration file of Apache. The common configuration in Apache is mainly achieved by modifying this file. After the file is changed, you need to restart the Apache service to make the changed configuration take effect.

Options related to Apache networks and systems:

ServerRoot "/ usr/local/apache" # set Apache installation directory Listen 80 # set listening port User daemon # set Apache process executor Group daemon # set Apache process executor user group ServerAdmin you@example.com # set webmaster mailbox ServerName localhost:80 # serve its host and port

Options related to Apache file and directory permissions:

# setting root directory permissions AllowOverride none Require all deniedDocumentRoot "/ usr/local/apache/htdocs" # setting site root directory # setting / usr/local/apache/htdocs directory permissions Options Indexes FollowSymLinks AllowOverride None Require all granted# final matching result: if both match or there is no match, the latter shall prevail Otherwise, the access permission Require all denied of the file with the suffix DirectoryIndex index.html # .ht * will be set to index.html as the first page.

Common available options:

Indexes: allows all files in the directory to be returned to the user as a list when the specified default page is missing

FollowSymLinks: allows you to follow the original file that the symbolic link points to

None: none is enabled

All: all enabled

ExecCGI: allow CGI scripts to be executed using mod_cgi modules

Includes: allows server-side inclusion (SSI) using mod_include modules

MultiViews: allows mod_negotiation to be used for content negotiation

SymLinksIfOwnerMatch: allows you to follow the original file pointed to by the symbolic link when the linked file's master group is the same as the original file's

Options related to Apache logs:

ErrorLog "logs/error_log" # set error log location LogLevel warn # set error log level # set the format template LogFormat "h% l% u% t\" r\ "% > s% b\"% {Referer} I\ "\"% {User-Agent} I\ "" combined LogFormat "% h% u% t\"% r\ "% > s% b "common LogFormat" h% l% u% t\ "r\"% > s% b\ "% {Referer} I\"\ "% {User-Agent} I\"% I% O "combinedio CustomLog" logs/access_log "common # set the location and format of the access log # alias setting ScriptAlias / cgi-bin/" / usr/local/apache/cgi-bin/ "# setting / Usr/local/apache/cgi-bin directory permissions related configuration of AllowOverride None Options None Require all granted RequestHeader unset Proxy early # mime module related settings SSLRandomSeed startup builtin SSLRandomSeed connect builtin of TypesConfig / etc/httpd24/mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz Include / etc/httpd24/extra/proxy-html.conf # ssl module

Modification of configuration file

Users can modify the configuration file directly through the file editor in the graphical interface or through vi. After the modification is completed, the Apache server must be restarted for the changes to take effect. If you add the wrong parameters to the configuration file or set the wrong parameter values, Apache will not be able to start. In order to facilitate users to verify that the parameters of the httpd.conf configuration file are configured correctly, Apache provides commands to automatically complete the check of the configuration file.

[root@mylinux httpd24] # apachectl configtestSyntax OK

Symbolic links and virtual directories

By default, all the data browsed by users accessing the Web server through http are stored in the directory specified by the DocumentRoot parameter, but this parameter can only specify a directory as the parameter value. When the directory space is insufficient, how can the user access the file when you want to put the file on another file system? Apache offers a variety of solutions for the coming year.

Symbolic link

Suppose the document root is now / usr/local/apache/htdocs, and you want to map the / usr/share/doc directory to the access path of / doc/. The configuration process is simple, using the ln command.

[root@mylinux httpd24] # cd / usr/local/apache/htdocs/ [root@mylinux htdocs] # ln-s / usr/local/share/ doc [root@mylinux htdocs] #

Virtual directory

Using a virtual directory is another way to add content outside the root directory to the site, such as mapping the / var/log directory to the log of the root directory of the site.

[root@mylinux htdocs] # vim / etc/httpd24/httpd.conf... # # Redirect: Allows you to tell clients about documents that used to # exist in your server's namespace, but do not anymore. The client # will make a new request for the document at its new location. # Example: # Redirect permanent / foo http://www.example.com/bar # # Alias: Maps web paths into filesystem paths and is used to # access content that does not live under the DocumentRoot. # Example: Alias / log "/ var/log" # Information to be added Options Indexes FollowSymLinks AllowOverride None Require all granted # # If you include a trailing / on / webpath then the server will # require it to be present in the URL. You will also likely # need to provide a section to allow access to # the filesystem path. # # ScriptAlias: This controls which directories contain server scripts. # ScriptAliases are essentially the same as Aliases, except that # documents in the target directory are treated as applications and # run by the server when requested rather than as documents sent to the # client. The same rules about trailing "/" apply to ScriptAlias # directives as to Alias. # ScriptAlias / cgi-bin/ "/ usr/local/apache/cgi-bin/"... [root@mylinux htdocs] # apachectl configtestSyntax OK [root@mylinux htdocs] # apachectl restart

Page redirection

If a user visits a page frequently, he may add the URL of the page to his favorites, and each time he visits the page, he can directly click the record in the favorites to access it. However, if the website is updated with the directory structure, there will be errors that can not be found when users use the original URL. In order to facilitate users to continue to use the original URL for access, it is necessary to use page redirection.

Apache provides a Redirect command to configure page redirection in the following format:

Redirect [HTTP code] URL requested by the user [redirected URL]

Suppose there is a / doc directory, and now the administrator organizes the directory structure of the website and moves the / doc directory to the / old-doc directory. To solve this problem, you need to redirect the / doc configuration page.

[root@mylinux old-doc] # vim / etc/httpd24/httpd.conf # Open the configuration file. # # Redirect: Allows you to tell clients about documents that used to # exist in your server's namespace, but do not anymore. The client # will make a new request for the document at its new location. # Example: _ Redirect 303 / doc # add redirection information. [root@mylinux old-doc] # apachectl configtestSyntax OK [root@mylinux old-doc] # apachectl restart

Enter http://192.168.191.128/doc and automatically redirect to http://192.168.191.128/old-doc after entering enter.

Apache log file

When the Apache server runs, it generates two log files, access_log (access log) and error_log (error log), which can be found in the / usr/local/apache/logs directory when installed by default.

[root@mylinux extra] # cd / usr/local/apache/logs/ [root@mylinux logs] # lsaccess_log error_log httpd.pid

Access log

The access log of Apache records all access activities of the Web server. Each line records an access record, which is composed of seven parts in the following format:

The number of bytes sent to the client by the HTTP code of the client address visitor's authenticated name request time request type request

Client address: indicates the IP address of the client that visits the website

Identification of the visitor: generally blank,'- 'instead of

The authenticated name of the visitor: used to record the name provided by the visitor during authentication, which is usually blank

Request time: record the time when the access operation occurred

Request type: record what type of request the server received

HTTP code of the request: this information determines whether the request was successful or not

Bytes sent to client: total bytes sent to client

LogFormat "h% l% u% t\"% r\ "% > s% b\"% {Referer} I\ "\"% {User-Agent} I\ "" combined LogFormat "% h% u% t\"% r\ "% > s% b" common # configuration log format LogFormat "% h% l% t\"% r\ "% > s% b\"% {Referer} I\ "\"% {User-Agent} I\ "% I% O" combinedio CustomLog "logs/access_log" common # access log format

The meaning of the respective paragraphs of LogFormat Format_String Format_Name #

% h: client address

% l: Telnet name, usually-

% u: remote user name at authentication, or-when there is no authentication

% t: time when the request was received

% r: the starting line of the request message

% > s: response status code

% b: length of response message in bytes

% {Header_Name} I: record the contents of the specified request header (value)

[root@mylinux logs] # cat access_log 192.168.191.1-[26/May/2017:07:32:23 + 0800] "GET / HTTP/1.1" 200 45192.168.191.1-[26/May/2017:07:32:23 + 0800] "GET / favicon.ico HTTP/1.1" 404 209192.168.191.1-[02/Jun/2017:04:17:02 + 0800] "GET / HTTP/1.1 "200 45192.168.191.1-[02/Jun/2017:04:17:02 + 0800]" GET / favicon.ico HTTP/1.1 "404 209192.168.191.1-[02/Jun/2017:04:17:02 + 0800]" GET / favicon.ico HTTP/1.1 "404 209192.168.191.1-[02/Jun/2017:04:20:12 + 0800]" GET / doc HTTP/1.1 "301 235192.168 .191.1-[02/Jun/2017:04:20:12 + 0800] "GET / doc/ HTTP/1.1" 200 332192.168.191.1-[02/Jun/2017:04:30:51 + 0800] "GET / log HTTP/1.1" 404 201

Error log

The error log is another standard log provided by Apache, which records error messages that occur during the operation of the Apache server. The httpd.conf configuration file provides two configuration parameters:

ErrorLog "logs/error_log" # error log file LogLevel warn # error log level

There are several error log levels:

The severity level indicates that the unavailable 2alert of the 1emerg system requires immediate attention. 3

Crit critical situation 4

Error error message 5

Warn warning message 6

Situations where notice needs to be noticed 7

Info General Information 8

Debug information output by a program running in debug mode

The information at emerg level is the most serious and the debug level is the lowest. If the error log is set to the warn level, all error messages with a severity of 1-5 will be logged.

[root@mylinux logs] # cat error_log [Fri May 26 07 Fri May 20 Fri May 43.874118 2017] [mpm_event:notice] [pid 39580:tid 140405771355904] AH00489: Apache/2.4.25 (Unix) configured-- resuming normal operations [Fri May 26 0715 0720 Fri May 43.874427 2017] [core:notice] [pid 39580:tid 140405771355904] AH00094: Command line:'/ usr/local/apache/bin/httpd' [Fri May 26 0771355904] [mpm_] Event:notice] [pid 39580:tid 140405771355904] AH00491: caught SIGTERM Shutting down [Fri May 26 07 mpm_event:notice] [pid 39676:tid 140351188608768] AH00489: Apache/2.4.25 (Unix) configured-- resuming normal operations [Fri May 2607VIE29 AH00489 51.085382 2017] [core:notice] [pid 39676:tid 140351188608768] AH00094: Command line:'/ usr/local/apache/bin/httpd' [Fri May 2607Vera 2957.164059 2017] [mpm_event:notice] [pid 39676:tid 140351188608768] AH00491: caught SIGTERM, shutting down

As can be seen from the contents of the file, each line records an error, which is composed of three parts.

Time error level error message

7.4. Apache security configuration

Apache provides a variety of security control methods, including setting Web access control, user login password authentication and .htaccess files. Through these technical means, we can further improve the security level of the Apache server and reduce the risk of the server being exposed to * or data theft.

access control

Setting access control is one of the most effective means to improve the security level of Apache server. The Diretory section is used to set directory-related parameters and instructions, including access control and authentication.

Directory-related configuration parameters and instructions

Allow directive: used to set which clients can access Apache

Allow from [All/ full domain name / partial domain name / IP address / network address / CIDR address].

All: represents all clients

Full domain name: indicates the client corresponding to the domain name, such as www.domain.com

Partial domain name: indicates all clients in the domain name, such as domain.com

IP address: such as 192.168.1.1

Network address: such as 172.20.17.0Universe 256.356.355.0

CIDR address: such as 172.20.17.0ax 24

Deny directive: used to set which clients are denied access to Apache

Order directive: used to specify the order in which access rules are executed

Order Allow,Deny: execute the allow access rule first, and then execute the deny access rule

Order Deny,Allow: execute the deny access rule first, and then execute the allow access rule

User authentication

The user authentication of Apache includes basic authentication and summary authentication. Abstract authentication is more secure than basic authentication, but not all browsers support summary authentication. To use user authentication, first create an authentication password file that holds the user and password. The htpasswd command is provided in Apache to create and modify authentication password files.

[root@mylinux httpd24] # htpasswd-c / etc/httpd24/.htpasswd sam # add authentication password file New password: Re-type new password: Adding password for user sam [root@mylinux httpd24] # vim httpd.conf # add configuration information # directories to be authenticated Options None AllowOverride AuthConfig AuthType Basic # Authentication type AuthName "Private Area" AuthUserFile / etc/httpd24/.htpasswd # indicates the location of the authentication password file Require valid-user [root@mylinux httpd24] # apachectl configtestSyntax OK [root@mylinux httpd24] # apachectl restart [root@mylinux fin] # ls # fin directory applications index.html info man [root@mylinux fin] # cat index.html # index.html file content Auth

7.5. Virtual host

Virtual host service refers to virtualizing a physical host server into a polymorphic Web server, which can effectively save hardware resources and facilitate management. Apache supports three different ways of hosting virtual hosts:

Implement different virtual hosts based on different IP: changing IP

Implement different virtual hosts based on different port: changing port

Implement different virtual hosts based on different FQDN: change the value of ServerName

Virtual Host based on IP

The IP-based virtual host service provider must set up multiple IP at the same time, and the server determines the virtual host requested by the user according to the IP address of the user's request. When using a virtual host, you must shut down the central host.

[root@mylinux fin] # ifconfig # current IPeth0 Link encap:Ethernet HWaddr 00:0C:29:B7:AB:D0 inet addr:192.168.191.128 Bcast:192.168.191.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:feb7:abd0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3627 errors:0 dropped:0 overruns:0 frame: 0 TX packets:2866 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:353550 (345.2 KiB) TX bytes:516806 (504.6 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: 1swap 128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0b) TX bytes:0 (0.0b) [root@mylinux fin] # ifconfig eth0:1 192.168.191.100 netmask 255.255.255.25 add IP address [root@mylinux fin] # ifconfig eth0:2 192. 168.191.101 netmask 255.255.255.25" add IP address [root@mylinux fin] # ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:B7:AB:D0 inet addr:192.168.191.128 Bcast:192.168.191.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:feb7:abd0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX Packets:9337 errors:0 dropped:0 overruns:0 frame:0 TX packets:7346 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:899106 (878.0 KiB) TX bytes:1155902 (1.1MiB) eth0:1 Link encap:Ethernet HWaddr 00:0C:29:B7:AB:D0 inet addr:192.168.191.100 Bcast:192.168.191.100 Mask:255.255 . 255.255 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1eth0:2 Link encap:Ethernet HWaddr 00:0C:29:B7:AB:D0 inet addr:192.168.191.101 Bcast:192.168.191.101 Mask:255.255.255.255 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 Inet6 addr: 1 inet6 addr 128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:20 errors:0 dropped:0 overruns:0 frame:0 TX packets:20 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2148 (2.0 KiB) TX bytes:2148 (2.0 KiB) [root@mylinux httpd24] # vim httpd.conf # Open the main configuration file # DocumentRoot "/ usr/local/apache/htdocs" # comment the line Close the central host Include / etc/httpd24/extra/httpd-vhosts.conf # launch the virtual host configuration file [root@mylinux httpd24] # vim extra/httpd-vhosts.conf # to configure ServerAdmin webmaster@dummy-host.example.com DocumentRoot "/ usr/local/apache/docs/server1" ServerName www.server1.com ErrorLog "logs/server1.error_" to the dedicated virtual host configuration file Log "CustomLog" logs/server1.access_log "common ServerAdmin webmaster@dummy-host.example.com DocumentRoot" / usr/local/apache/docs/server2 "ServerName www.server2.com ErrorLog" logs/server2.error_log "CustomLog" logs/server2.access_log "common [root@mylinux httpd24] # apachectl configtestSyntax OK [root@mylinux httpd24] # cd / usr/local/apache/ # create Home [root@mylinux apache] # mkdir docs [root@mylinux apache ] # cd docs/ [root@mylinux docs] # mkdir {server1 Server2} [root@mylinux docs] # cd server1/ [root@mylinux server1] # echo "www.server1.com" > index.html [root@mylinux server1] # cd.. [root@mylinux docs] # cd server2/ [root@mylinux server2] # echo "www.server2.com" > index.html [root@mylinux server2] # apachectl restart

Virtual host service based on hostname

The specific configuration process is as follows:

[root@mylinux extra] # vim / etc/hosts # add hostname resolution 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4::1 localhost localhost.localdomain localhost6 localhost6.localdomain6192.168.191.128 www.server1.com192.168.191.128 www.server2.com "/ etc/hosts" 4L 222C written [root@mylinux httpd24] # vim httpd.conf # Open the main configuration file # DocumentRoot "/ usr/local/apache/htdocs" # comment the line Close the central host Include / etc/httpd24/extra/httpd-vhosts.conf # launch the virtual host configuration file [root@mylinux httpd24] # vim extra/httpd-vhosts.conf # to configure ServerAdmin webmaster@dummy-host.example.com DocumentRoot "/ usr/local/apache/docs/server1" ServerName www.server1.com ErrorLog "logs/server1.error_log" CustomLog "logs/server1.access to the dedicated virtual host configuration file _ log "common Options Indexes FollowSymLinks AllowOverride None Require all granted ServerAdmin webmaster@dummy-host.example.com DocumentRoot" / usr/local/apache/docs/server2 "ServerName www.server2.com ErrorLog" logs/server2.error_log "CustomLog" logs/server2.access_log "common Options Indexes FollowSymLinks AllowOverride None Require all granted [root@mylinux extra] # apachectl configtestSyntax OK [root@mylinux extra] # Apachectl restart [root@mylinux extra] # curl # Test www.server1.com [root@mylinux extra] # curl # Test www.server2.com

Prevent image theft on the website

In order to prevent other websites from illegally stealing the picture files in this site, it can be configured in Apache to prohibit the illegal theft of pictures. Assuming that the domain name of this website is www.myweb.com, users can add the following to the configuration file:

SetEnvIfNoCase Referer "^ http://www.myweb.com/" local_ref=1 Order Allow,Deny Allow from env=local_ref

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.