5、httpd 常见配置
5.1 显示服务器版本信息
[root@node-128 bin]# curl -I http://192.168.139.128 HTTP/1.1 200 OK Date: Sun, 08 Dec 2019 10:04:44 GMT Server: Apache/2.4.41 (Unix) Last-Modified: Mon, 11 Jun 2007 18:53:14 GMT ETag: "2d-432a5e4a73a80" Accept-Ranges: bytes Content-Length: 45 Content-Type: text/html
详细配置项:http://httpd.apache.org/docs/2.4/mod/core.html#servertokens
创建子目录单独让其生效
[root@node-128 conf]# pwd /app/httpd24/conf [root@node-128 conf]# vim httpd.conf 添加一行:使其生效 Include conf/conf.d/*.conf [root@node-128 conf]# mkdir conf.d [root@node-128 conf]# ls conf.d extra httpd.conf httpd.conf.bak magic mime.types original [root@node-128 conf.d]# vim test.conf 添加 servertokens prod
[root@node-128 conf.d]# systemctl reload httpd [root@node-128 conf.d]# curl -I http://192.168.139.128 HTTP/1.1 200 OK Date: Sun, 08 Dec 2019 10:31:51 GMT Server: Apache Last-Modified: Mon, 11 Jun 2007 18:53:14 GMT ETag: "2d-432a5e4a73a80" Accept-Ranges: bytes Content-Length: 45 Content-Type: text/html
5.2 监听的IP和Port
做法思路和前一个基本相似,这里不作详细说明了
Listen [IP:]PORT
说明:
(1) 省略IP表示为本机所有IP
(2) Listen指令至少一个,可重复出现多次
范例:
Listen 192.168.1.100:8080 Lsten 80
5.3 持久连接
Persistent Connection:连接建立,每个资源获取完成后不会断开连接,而是继续等待其它的请求完
成,默认关闭持久连接
断开条件:时间限制:以秒为单位, 默认5s,httpd-2.4 支持毫秒级
副作用:对并发访问量大的服务器,持久连接会使有些请求得不到响应
折衷:使用较短的持久连接时间
持久连接相关指令:
KeepAlive On|Off KeepAliveTimeout 15 #连接持续15s,可以以ms为单位,默认值为5s MaxKeepAliveRequests 500 #持久连接最大接收的请求数,默认值100
测试方法:
telnet WEB_SERVER_IP PORT GET /URL HTTP/1.1 Host: WEB_SERVER_IP
5.4 DSO (Dynamic Shared Object)
Dynamic Shared Object,加载动态模块配置,不需重启即生效
动态模块所在路径: /usr/lib64/httpd/modules/
主配置 /etc/httpd/conf/httpd.conf 文件中指定加载模块配置文件
ServerRoot "/etc/httpd" Include conf.modules.d/*.conf
配置指定实现模块加载格式:
LoadModule <mod_name> <mod_path> [root@node-128 httpd24]# cd conf/ [root@node-128 conf]# ls conf.d extra httpd.conf httpd.conf.bak magic mime.types original [root@node-128 conf]# vim httpd.conf Example: # LoadModule foo_module modules/mod_foo.so # #LoadModule mpm_event_module modules/mod_mpm_event.so LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
查看已加载的模块
httpd -M AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::d386:496:dd09:2c09%ens33.
Set the 'ServerName' directive globally to suppress this message Loaded Modules: core_module (static) so_module (static) http_module (static) mpm_prefork_module (shared) authn_file_module (shared) authn_core_module (shared) authz_host_module (shared) authz_groupfile_module (shared) authz_user_module (shared) authz_core_module (shared) access_compat_module (shared) auth_basic_module (shared) reqtimeout_module (shared) -----------------------------------------省略---------------------------------------------
模块文件路径可使用相对路径:相对于ServerRoot(默认/etc/httpd)
5.5 MPM (Multi-Processing Module) 多路处理模块
httpd 支持三种MPM工作模式:prefork, worker, event
centos7编译默认使用的工作模式 [root@node-128 extra]# httpd -M |grep mpm AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::d386:496:dd09:2c09%ens33.
Set the 'ServerName' directive globally to suppress this message mpm_prefork_module (shared)
切换MPM模式
[root@node-128 conf]# ls conf.d extra httpd.conf httpd.conf.bak magic mime.types original 修改配置文件: [root@node-128 conf]# vim httpd.conf #LoadModule mpm_event_module modules/mod_mpm_event.so #LoadModule mpm_prefork_module modules/mod_mpm_prefork.so LoadModule mpm_worker_module modules/mod_mpm_worker.so LoadModule authn_file_module modules/mod_authn_file.so #LoadModule authn_dbm_module modules/mod_authn_dbm.so [root@node-128 conf]# httpd -M |grep mpm AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::d386:496:dd09:2c09%ens33. Set the 'ServerName' directive globally to suppress this message mpm_worker_module (shared)
5.6 prefork 模式相关的配置:(event、worker模式类似)
[root@node-128 conf]# ls conf.d extra httpd.conf httpd.conf.bak magic mime.types original [root@node-128 conf]# cd extra/ [root@node-128 extra]# ls httpd-autoindex.conf httpd-languages.conf httpd-ssl.conf httpd-dav.conf httpd-manual.conf httpd-userdir.conf httpd-default.conf httpd-mpm.conf httpd-vhosts.conf httpd-info.conf httpd-multilang-errordoc.conf proxy-html.conf [root@node-128 extra]# vim httpd-mpm.conf # prefork MPM # StartServers: number of server processes to start # MinSpareServers: minimum number of server processes which are kept spare # MaxSpareServers: maximum number of server processes which are kept spare # MaxRequestWorkers: maximum number of server processes allowed to start # MaxConnectionsPerChild: maximum number of connections a server process serves # before terminating <IfModule mpm_prefork_module> StartServers 5 MinSpareServers 5 MaxSpareServers 10 MaxRequestWorkers 250 #最大的并发连接数 MaxConnectionsPerChild 0 #子进程最多能处理的请求数量。在处理 </IfModule> # worker MPM # StartServers: initial number of server processes to start # MinSpareThreads: minimum number of worker threads which are kept spare # MaxSpareThreads: maximum number of worker threads which are kept spare # ThreadsPerChild: constant number of worker threads in each server process # MaxRequestWorkers: maximum number of worker threads # MaxConnectionsPerChild: maximum number of connections a server process serves # before terminating <IfModule mpm_worker_module> StartServers 3 MinSpareThreads 75 MaxSpareThreads 250 ThreadsPerChild 25 MaxRequestWorkers 400 MaxConnectionsPerChild 0
设置访问路径权限的几个要素:
1、DocumentRoot:网站访问指定文档的真实路径
2、<Directory directory-path> ... </Directory>:封装网页默认读取的目录,类似的还有基于文件、文件通配符、正则表达式、URL路径
3、DirectoryIndex : 后面那个文件在前优先读取,如果前面不存在则读取后面文件
4、各种控制指令:Options、AllowOverride指令等等
5.7 定义Main server的文档页面路径
[root@node-128 www]# echo '/data/www/index.html' > /data/www/index.html [root@node-128 www]# vim /app/httpd24/conf/httpd.conf 改变这两行: DocumentRoot "/data/www" <Directory "/data/www">
说明:
DocumentRoot指向的路径为URL路径的起始位置
/path 必须显式授权后才可以访问
5.8 定义站点主页面
DirectoryIndex index.php index.html
5.9 可实现访问控制的资源
可以针对文件系统和URI的资源进行访问控制
文件系统路径:
#基于目录 <Directory “/path"> ... </Directory> #基于文件 <File “/path/file”> ... </File> #基于正则表达式 <FileMatch “regex”> ... </FileMatch>
URL路径:
<Location "URL"> ... </Location> <LocationMatch "regex"> ... </LocationMatch>
5.10 针对目录实现访问控制
后跟1个或多个以空白字符分隔的选项列表, 在选项前的+,- 表示增加或删除指定选项
常见选项:
Indexes:指明的URL路径下不存在与定义的主页面资源相符的资源文件时,返回索引列表给用户
FollowSymLinks:允许访问符号链接文件所指向的源文件
None:全部禁用
All: 全部允许
范例:
<Directory /web/docs> Options Indexes FollowSymLinks </Directory> <Directory /web/docs/spec> Options FollowSymLinks </Directory>