Shulou(Shulou.com)05/31 Report--

This article shows you how to configure Apache, the content is concise and easy to understand, it will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

The configuration of Apache is configured by the httpd.conf file, so the following configuration instructions are modified in the httpd.conf file.

Configuration of the primary site (basic configuration)

(1) basic configuration:

ServerRoot "/ mnt/software/apache2" # the location of your apache software installation. If the other specified directory does not specify an absolute path, the directory is relative to that directory.

PidFile logs/httpd.pid # the process number file location of the first httpd process (the parent of all other processes).

The port number on which the Listen 80 # server is listening.

ServerName www.clusting.com:80 # main site name (the hostname of the website)

The email address of the ServerAdmin admin@clusting.com # administrator.

DocumentRoot "/ mnt/web/clusting" # the web page storage location of the main site.

The following is the access control to the directory of the main site:

Options FollowSymLinks

AllowOverride None

Order allow,deny

Allow from all

In the directory attribute configuration above, there are mainly the following options:

Options: configure which features to use in a specific directory. The common values and basic meanings are as follows:

ExecCGI: CGI scripts are allowed to be executed in this directory.

FollowSymLinks: allows file systems to use symbolic connections in this directory.

Indexes: when a user accesses this directory, if the user cannot find the home page file specified by DirectoryIndex (for example, index.html), the list of files in that directory is returned to the user.

SymLinksIfOwnerMatch: when using symbolic links, they can be accessed only if the owner of the symbolic link is the same as the owner of the actual file.

For other available values and meanings, please see: http://www.clusting.com/Apache/ApacheManual/mod/core.html#options

AllowOverride: allow instruction types to exist in .htaccess files (the file name of .htaccess file can be changed and its file name is determined by the AccessFileName directive):

None: when AllowOverride is set to None. Do not search for .htaccess files in this directory (you can reduce server overhead).

All: all directives can be used in the .htaccess file.

For other available values and meanings (such as Options FileInfo AuthConfig Limit, etc.), please see http://www.clusting.com/Apache/ApacheManual/mod/core.html#AllowOverride

Order: controls which of the two access rules, Allow or Deny, take precedence during access:

Allow: list of hosts that are allowed to access (available domain names or subnets, for example: Allow from 192.168.0.0and16).

Deny: list of hosts denied access.

For more detailed usage, please see: http://www.clusting.com/Apache/ApacheManual/mod/mod_access.html#order

Settings for DirectoryIndex index.html index.htm index.php # home page files (in this example, the home page files are set to: index.html,index.htm and index.php)

(2) Optimization of server (MPM: Multi-Processing Modules)

The main advantage of apache2 is its better support for multiprocessors, using the-with-mpm option to determine the working mode of apache2 at compile time. If you know how the current apache2 works, you can list all the modules of the apache through the httpd-l command, and you can know how it works:

Prefork: if httpd-l lists prefork.c, the following segments need to be configured:

The number of httpd processes started when StartServers 5 # started Apache.

The minimum number of idle processes held by the MinSpareServers 5 # server.

The maximum number of idle processes held by the MaxSpareServers 10 # server.

MaxClients 150 # maximum number of concurrent connections.

MaxRequestsPerChild 1000 # how many times each child process is requested for service and then kill is dropped. 0 means there is no limit, and the recommended setting is 1000.

In this working mode, the server starts 5 httpd processes (6 plus parent processes, which can be seen through the ps-ax | grep httpd command). When there is a user connection, apache uses an idle process to serve the connection, while the parent process fork a child process. Until the idle process in memory reaches MaxSpareServers. This mode is designed to be compatible with some older versions of programs. My default compile-time options.

Worker: if httpd-l lists worker.c, the following segments need to be configured:

The number of httpd processes started when StartServers 2 # started Apache.

MaxClients 150 # maximum number of concurrent connections.

The minimum number of idle threads held by the MinSpareThreads 25 # server.

The maximum number of idle threads held by the MaxSpareThreads 75 # server.

ThreadsPerChild 25 # the number of threads generated per child process.

MaxRequestsPerChild 0 # how many times each child process is requested for service and then kill is dropped. 0 means there is no limit, and the recommended setting is 1000.

In this mode, the thread listens for the customer's connection. When there is a new customer connection, one of the idle threads accepts the connection. The server starts two processes at startup, and each process produces a fixed number of threads (determined by ThreadsPerChild), so there are 50 threads at startup. When 50 threads are insufficient, the server automatically fork one process and generates another 25 threads.

Perchild: if httpd-l lists perchild.c, the following segments need to be configured:

The number of child processes started when the NumServers 5 # server starts

StartThreads 5 # number of threads started when each child process starts

Minimum number of free threads in MinSpareThreads 5 # memory

MaxSpareThreads 10 # maximum idle threads

MaxThreadsPerChild 2000 # the maximum number of requests per thread before exiting. 0 is not restricted.

MaxRequestsPerChild 10000 # how many times each child process has been served and then re-fork. 0 means unrestricted.

In this mode, the number of child processes is fixed and the number of threads is unlimited. When the client connects to the server, the idle thread provides the service. If there are not enough idle threads, the child process automatically generates threads to serve the new connection. This mode is used for multi-site servers.

(3) configuration of HTTP headback information:

ServerTokens Prod # this parameter sets the apache version information returned by the http header. The available values and meanings are as follows:

Prod: software name only, for example: apache

Major: includes the major version number, for example: apache/2

Minor: includes the minor version number, for example: apache/2.0

Min: only the full version number of apache, for example: apache/ 2.0.54

OS: including operating system type, for example: apache/2.0.54 (Unix)

Full: includes modules and module version numbers supported by apache, for example: Apache/2.0.54 (Unix) mod_ssl/2.0.54 OpenSSL/0.9.7g

ServerSignature Off # whether the server version information appears when the page generates an error. It is recommended to set to Off

(4) persistent connection settings

KeepAlive On # enables persistent connections. That is, when the client connects to the server, it still remains connected after downloading the data.

MaxKeepAliveRequests 100 # the maximum number of requests for a connection service.

How long does KeepAliveTimeout 30 # continue to connect and the connection no longer requests data, then disconnect the connection. The default is 15 seconds.

Alias Settin

For pages that are not in the directory specified by DocumentRoot, you can use either symbolic links or aliases. The settings for aliases are as follows:

Alias / download/ "/ var/www/download/" # can be accessed by typing: http://www.custing.com/download/

# access control settings for this directory

Options Indexes MultiViews

AllowOverride AuthConfig

Order allow,deny

Allow from all

CGI Settin

ScriptAlias / cgi-bin/ "/ mnt/software/apache2/cgi-bin/" # can be accessed by: http://www.clusting.com/cgi-bin/. But the CGI script files in this directory should be added with executable permissions!

# set directory properties

AllowOverride None

Options None

Order allow,deny

Allow from all

Settings of the personal home page (public_html)

UserDir public_html (the home page of the user is stored in the public_html directory under the user's home directory. URL http://www.clusting.com/~bearzhang/file.html will read the / home/bearzhang/public_html/file.html file)

Chmod 755 / home/bearzhang # enables other users to read the file.

UserDir / var/html (the URL http://www.clusting.com/~bearzhang/file.html will read / var/html/bearzhang/file.html)

UserDir / var/www/*/docs (the URL http://www.clusting.com/~bearzhang/file.html will read / var/www/bearzhang/docs/file.html)

Settings for logs

(1) setting of error log

The location where ErrorLog logs/error_log # logs are saved

Level of LogLevel warn # Log

The format of the display is getting worse:

[Mon Oct 10 15:54:29 2005] [error] [client 192.168.10.22] access to / download/ failed, reason: user admin not allowed access

(2) access log settings

The default formats for logs are as follows:

LogFormat "h l u t" r "> s b" {Referer} I "" {User-Agent} I "" combined

LogFormat'h l t'r'> s b 'common # common is the log format name

LogFormat "% {Referer} I->% U" referer

LogFormat "{User-agent} I" agent

CustomLog logs/access_log common

The parameters in the format are as follows:

% h-ip address or hostname of the client

% l-- The this is the RFC 1413 identity determined by the client identd, and the symbol "-" in the output indicates that the information here is invalid.

% u-the name of the customer who accessed the page obtained by the HTTP authentication system. It is valid only when there is authentication, and the symbol "-" in the output indicates that the information here is invalid.

% t-the time when the server finished processing the request.

"% r"-quotation marks are requests made by the customer that contain a lot of useful information.

% > s-this is the status code returned by the server to the client.

% b-- the last item is the number of bytes returned to the client without the response header.

"% {Referer} I"-this indicates the page from which the request was submitted.

"% {User-Agent} I"-this is the browser identification information provided by the customer's browser.

The following is an example of an access log:

192.168.10.22-bearzhang [10/Oct/2005:16:53:06 + 0800] "GET / download/ HTTP/1.1" 200 1228

192.168.10.22-[10/Oct/2005:16:53:06 + 0800] "GET / icons/blank.gif HTTP/1.1" 304-

192.168.10.22-[10/Oct/2005:16:53:06 + 0800] "GET / icons/back.gif HTTP/1.1" 304-

For a detailed explanation of each parameter, please see: http://www.clusting.com/Apache/ApacheManual/logs.html

Configuration of user authentication

(1) in the httpd.conf:

AccessFileName .htaccess

.

Alias / download/ "/ var/www/download/"

Options Indexes

AllowOverride AuthConfig

(2) create a password file:

/ usr/local/apache2/bin/htpasswd-c / var/httpuser/passwords bearzhang

(3) onfigure the server to request a password and tell the server which users are allowed access.

Vi / var/www/download/.htaccess:

AuthType Basic

AuthName "Restricted Files"

AuthUserFile / var/httpuser/passwords

Require user bearzhang

# Require valid-user # all valid user

Configuration of virtual host

(1) Virtual host configuration based on IP address

Listen 80

DocumentRoot / www/example1

ServerName www.example1.com

DocumentRoot / www/example2

ServerName www.example2.org

(2) Virtual host configuration based on IP and multi-port

Listen 172.20.30.40:80

Listen 172.20.30.40:8080

Listen 172.20.30.50:80

Listen 172.20.30.50:8080

DocumentRoot / www/example1-80

ServerName www.example1.com

DocumentRoot / www/example1-8080

ServerName www.example1.com

DocumentRoot / www/example2-80

ServerName www.example1.org

DocumentRoot / www/example2-8080

ServerName www.example2.org

(3) Domain name-based virtual host configuration on a server with a single IP address:

# Ensure that Apache listens on port 80

Listen 80

# Listen for virtual host requests on all IP addresses

NameVirtualHost *: 80

DocumentRoot / www/example1

ServerName www.example1.com

ServerAlias example1.com. * .example1.com

# Other directives here

DocumentRoot / www/example2

ServerName www.example2.org

# Other directives here

(4) configure a domain name-based virtual host on a server with multiple IP addresses:

Listen 80

# This is the "main" server running on 172.20.30.40

ServerName server.domain.com

DocumentRoot / www/mainserver

# This is the other address

NameVirtualHost 172.20.30.50

DocumentRoot / www/example1

ServerName www.example1.com

# Other directives here...

DocumentRoot / www/example2

ServerName www.example2.org

# Other directives here...

(5) run different sites on different ports (configure domain name-based virtual hosts on multi-port-based servers):

Listen 80

Listen 8080

NameVirtualHost 172.20.30.40:80

NameVirtualHost 172.20.30.40:8080

ServerName www.example1.com

DocumentRoot / www/domain-80

ServerName www.example1.com

DocumentRoot / www/domain-8080

ServerName www.example2.org

DocumentRoot / www/otherdomain-80

ServerName www.example2.org

DocumentRoot / www/otherdomain-8080

(6) configuration of domain name-based and IP-based hybrid virtual hosts:

Listen 80

NameVirtualHost 172.20.30.40

DocumentRoot / www/example1

ServerName www.example1.com

DocumentRoot / www/example2

ServerName www.example2.org

DocumentRoot / www/example3

ServerName www.example3.net

Configuration of SSL encryption

First of all, let's understand some basic concepts before configuring:

The concept of certificate: first have a root certificate, and then use the root certificate to sign the server certificate and the client certificate, the general understanding: the server certificate and the client certificate is a level relationship. SSL must install a server certificate to authenticate. Therefore: in this environment, there must be at least three certificates: root certificate, server certificate, and client certificate. Before generating a certificate, there is usually a private key, at the same time, the private key is used to generate the certificate request, and then the root certificate of the certificate server is used to issue the certificate.

The certificate used by SSL can be generated by itself or signed by a commercial CA, such as Verisign or Thawte.

Issue of certificate: if you are using a commercial certificate, please see the instructions of the relevant seller for the specific signing method; if it is a certificate issued by a confidant, you can use the CA.sh script tool that comes with openssl.

If you do not issue a certificate for a separate client, the client certificate does not need to be generated, and the client uses the same certificate as the server.

(1) the main parameters in the conf/ssl.conf configuration file are configured as follows:

Listen 443

SSLPassPhraseDialog buildin

# SSLPassPhraseDialog exec:/path/to/program

SSLSessionCache dbm:/usr/local/apache2/logs/ssl_scache

SSLSessionCacheTimeout 300

SSLMutex file:/usr/local/apache2/logs/ssl_mutex

# General setup for the virtual host

DocumentRoot "/ usr/local/apache2/htdocs"

ServerName www.example.com:443

ServerAdmin you@example.com

ErrorLog / usr/local/apache2/logs/error_log

TransferLog / usr/local/apache2/logs/access_log

SSLEngine on

SSLCipherSuite all, "ADH", "ADH", "export 56", "RC4,"RSAV,"HIGH,"MEDIUM,"LOW,"SSLv2,"EXP,"null."

SSLCertificateFile / usr/local/apache2/conf/ssl.crt/server.crt

SSLCertificateKeyFile / usr/local/apache2/conf/ssl.key/server.key

CustomLog / usr/local/apache2/logs/ssl_request_log "t h {SSL_PROTOCOL} x {SSL_CIPHER} x" r "b"

(2) create and use self-signed certificates:

A.Create a RSA private key for your Apache server

/ usr/local/openssl/bin/openssl genrsa-des3-out / usr/local/apache2/conf/ssl.key/server.key 1024

B. Create a Certificate Signing Request (CSR)

/ usr/local/openssl/bin/openssl req-new-key/ usr/local/apache2/conf/ssl.key/server.key-out / usr/local/apache2/conf/ssl.key/server.csr

C. Create a self-signed CA Certificate (X509 structure) with the RSA key of the CA

/ usr/local/openssl/bin/openssl req-x509-days 365-key/ usr/local/apache2/conf/ssl.key/server.key-in/ usr/local/apache2/conf/ssl.key/server.csr-out / usr/local/apache2/conf/ssl.crt/server.crt

/ usr/local/openssl/bin/openssl genrsa 1024-out server.key

/ usr/local/openssl/bin/openssl req-new-key server.key-out server.csr

/ usr/local/openssl/bin/openssl req-x509-days 365-key server.key-in server.csr-out server.crt

(3) create your own CA (authentication certificate) and use the CA to sign the server's certificate.

Mkdir / CA

Cd / CA

Cp openssl-0.9.7g/apps/CA.sh / CA

. / CA.sh-newca

Openssl genrsa-des3-out server.key 1024

Openssl req-new-key server.key-out server.csr

Cp server.csr newreq.pem

. / CA.sh-sign

Cp newcert.pem / usr/local/apache2/conf/ssl.crt/server.crt

Cp server.key / usr/local/apache2/conf/ssl.key/

The above content is how to configure Apache. Have you learned the knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.