httpd是Apache超文本传输协议(HTTP)服务器的主程序。它被设计为一个独立运行的后台进程,它会建立一个处理请求的子进程或线程的池对外提供服务。httpd支持基于 虚拟主机,以及基于HOST、IP、PORT实现虚拟主机,反向代理,负载均衡,路径别名,用户认证,basic,支持第三方模块等众多特性。本文主要描述了Linux下httpd(2.2版本)的相关基本配置。
1、配置文件概述 配置文件,主要分为3个部分: # grep "Section" /etc/httpd/conf/httpd.conf ### Section 1: Global Environment(全局环境配置) ### Section 2: 'Main' server configuration (核心服务器配置) ### Section 3: Virtual Hosts(虚拟主机配置,即建多个站点) 注意:Main Server和Virtual Hosts不同时使用;默认启用的是Main Server; 配置文件的语法 指令 值 指令:不区分字符大小写 值:区分字符大小写 校验配置文件 httpd -t: 检查配置文件语法 service httpd configtest 当前配置使用的版本 # /usr/sbin/httpd -v Server version: Apache/2.2.15 (Unix) Server built: Aug 13 2013 17:29:28 2、关闭欢迎页面 /etc/httpd/conf.d/welcome.conf:重命名(不以.conf结尾)或删除 3、定义ServerRoot ServerRoot "/etc/httpd" 定义httpd顶级目录,用于存放配置,错误,日志文件等 目录尾部不要使用斜杠 4、指定监听的地址和端口 Listen [IP:]PORT 注意:Listen可以出现多次 5、定义默认的主页面 DirectoryIndex index.html index.html.var index.php 6、设定默认字符集 AddDefaultCharset UTF-8 常用字符集:UTF-8, GBK, GB2312, GB18030 7、配置持久连接 KeepAlive Off|On 持久链接是开启还是关闭 MaxKeepAliveRequests 100 一次长连接最大能访问多少个资源,达到后会断开 KeepAliveTimeout 15 一次长连接的超时时长 8、模块动态装卸载 LoadModule foo_module modules/mod_foo.so 相对于ServerRoot参数所指定的路径; ServerRoot /etc/httpd 可以参考: [Linux下安装Apache httpd](.csdn.net/leshami/article/details/49906229) 9、工作模式参数配置 <IfModule prefork.c> (prefork工作模式) StartServers 8 (启动8个空闲进程) MinSpareServers 5 (最少空闲进程为5) MaxSpareServers 20 (最大空闲进程为20) ServerLimit 256 (最多客户端数) MaxClients 256 (最多客户端数) MaxRequestsPerChild 4000 (每个子进程最大处理多少个请求) </IfModule> <IfModule worker.c> (work工作模式) StartServers 4 (启动进程数) MaxClients 300 MinSpareThreads 25 MaxSpareThreads 75 ThreadsPerChild 25 (每个进程最多启动多少个线程) MaxRequestsPerChild 0 </IfModule> 注意:修改了装载的模块后,reload即可生效; 10、指定Main Server的docroot,用于设定URL的根路径,即与服务器上文件路径的映射关系 DocumentRoot "/var/www/html" 例如:/u01/web 此处DocumentRoot为/u01/web 文件系统路径:/u01/web/bbs/upload/a.rar 则URL路径为:http://Server_IP/bbs/upload/a.rar # mkdir -p /u01/web # echo "This is a new site location" > /u01/web/index.html # vi /etc/httpd/conf/httpd.conf ###修改为/u01/web # service httpd reload # curl This is a new site location 11、站点路径访问控制 基于本地文件系统路径 <Directory "/path/to/some_directory"> Options Indexes FollowSymLinks AllowOverride None .... </Directory> 基于URL <Location "/path/to/some_url"> </Location> 12、Directory容器中的访问控制定义 (a) Options (页面如何展示给用户看) Indexes: 当访问的路径下无默认的主页面时,将所有资源以列表形式呈现给用户;危险,慎用; FollowSysLinks:跟随符号链接指向的原文件(即能否访问链接文件); 上述选项,如果要去掉或者说关闭某项功能,则使用符号“-”,如下示例: Options -Indexes FollowSymLinks 示例,关闭Indexes功能 # grep "\-Indexes" /etc/httpd/conf/httpd.conf Options -Indexes FollowSymLinks # service httpd reload Reloading httpd: [root@orasrv1 ~]# curl <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> ###收到403,没有访问许可 </head><body> <h1>Forbidden</h1> <p>You don't have permission to access / on this server.</p> <hr> <address>Apache/2.2.15 (CentOS) Server at 192.168.21.10 Port 80</address> </body></html> (b) 基于IP的访问控制 Order allow,deny ###定义顺序 Allow from all ###允许所有主机访问 from后面能接受的地址格式:IP, Network Address 网络地址格式: 172.16 172.16.0.0 172.16.0.0/16 172.16.0.0/255.255.0.0 示例: Order allow,deny Deny from 172.16.100.77 Allow from 172.16 13、内置的status页面 <Location /server-status> ###是一个内置页,用于展示服务器性能 SetHandler server-status ###(处理器:是一个小程序) Order deny,allow Deny from all Allow from 192.168 </Location> ExtendedStatus On 可以通过配置该指令,获取更多的统计信息 示例: # curl <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> ........... <pre> 7957 in state: _ , 7958 in state: W , 7959 in state: _ 7960 in state: _ , 7961 in state: _ , 7962 in state: _ 7963 in state: _ , 7964 in state: _ , </pre> ............ </body></html> 14、虚拟主机 一个物理服务器(虚拟机)服务于多个站点:每个站点通过一个虚拟主机来实现; httpd支持三种类型的虚拟主机: 基于IP 基于Port 基于Host 注意:禁用Main Server; 注释DocumentRoot指令即可;即虚拟主机与Main Server不兼容 定义虚拟主机: <VirtualHost "IP:PORT"> ServerName DocumentRoot ServerAlias <Directory > </Directory> ErrorLog CustomLog </VirtualHost> 示例1:基于IP,假定如下配置,当前主机上已配置2个IP <VirtualHost 192.168.21.10:80> ServerName websrv.ycdata.net DocumentRoot "/Vhosts/websrv.ycdata.net" </VirtualHost> <VirtualHost 192.168.144.128:80> ServerName bbs.ycdata.net DocumentRoot "/Vhosts/bbs.ycdata.net" </VirtualHost> 注,虚拟主机监听的端口必须和Listen监听的一样 # mkdir -p /Vhosts/websrv.ycdata.net # mkdir -p /Vhosts/bbs.ycdata.net # echo "<h1>you are visiting websrv.ycdata.net</h1>">/Vhosts/websrv.ycdata.net/index.html # echo "<h1>you are visiting bbs.ycdata.net</h1>">/Vhosts/bbs.ycdata.net/index.html # httpd -t # service httpd reload # curl <h1>you are visiting websrv.ycdata.net</h1> # curl <h1>you are visiting bbs.ycdata.net</h1> 示例2:基于Port,假定如下配置 Listen 8080 Listen 8081 <VirtualHost 192.168.21.10:8080> ServerName websrv.ycdata.net DocumentRoot "/Vhosts/websrv.ycdata.net" </VirtualHost> <VirtualHost 192.168.21.10:8081> ServerName bbs.ycdata.net DocumentRoot "/Vhosts/bbs.ycdata.net" </VirtualHost> # httpd -t # service httpd reload # curl :8080 <h1>you are visiting websrv.ycdata.net</h1> # curl :8081 <h1>you are visiting bbs.ycdata.net</h1> 示例3:基于Host NameVirtualHost 192.168.21.10:80 <VirtualHost 192.168.21.10:80> ServerName websrv.ycdata.net DocumentRoot "/Vhosts/websrv.ycdata.net" </VirtualHost> <VirtualHost 192.168.21.10:80> ServerName bbs.ycdata.net DocumentRoot "/Vhosts/bbs.ycdata.net" </VirtualHost> 修改windows客户端hosts如下 C:\Users\1636>type C:\Windows\System32\drivers\etc\hosts 192.168.21.10 websrv.ycdata.net 192.168.21.10 bbs.ycdata.net # httpd -t # service httpd reload # 基于Windows端测试,截图略 15、配置日志功能 指令集位置,级别定义 ErrorLog logs/error_log:定义错误日志文件路径;会被虚拟机主机继承;也可以基于虚拟之际定义日志 LogLevel warn 支持这些级别:debug, info, notice, warn, error, crit, alert, emerg. 定义日志格式 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined %h Remote host %l Remote logname (from identd, if supplied) %u Remote user (from auth; may be bogus if return status (%s) is 401) %t Time the request was received (standard english format) %r First line of request method url version %s Status. For requests that got internally redirected, this is the status of the *original* request --- %>s for the last. %b Size of response in bytes, excluding HTTP headers. In CLF format, i.e. a '-' rather than a 0 when no bytes are sent. %{Foobar}i The contents of Foobar: header line(s) in the request sent to the server. %{referer}i: 跳转至当前页面之前来源的上一次所在的页面; %{User-Agent}i:用户代理; 详情请参考:http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats 定义访问日志,如下示例尾部使用了combined,则会使用我们自定义的日志格式 CustomLog logs/access_log combined 指令 日志文件 日志格式名称 16、与配置相关的一些命令 httpd程序自带的工具程序: httpd: apache的服务程序 -t: 配置文件语法测试 -M: 列出所有已经装载的模块 -l: 列出所有的静态模块 -S:列出所有的虚拟主机 如,列出当前定义的虚拟主机 # httpd -S VirtualHost configuration: 192.168.21.10:80 is a NameVirtualHost default server websrv.ycdata.net (/etc/httpd/conf/httpd.conf:1022) port 80 namevhost websrv.ycdata.net (/etc/httpd/conf/httpd.conf:1022) port 80 namevhost bbs.ycdata.net (/etc/httpd/conf/httpd.conf:1026) Syntax OK apachectl: shell脚本,httpd服务控制 apxs: httpd得以扩展使用第三方模块的工具接口; rotatelogs: 不关闭httpd而切换其使用到的日志文件 access_log, access_log.1, access_log.2