上一篇详细介绍了http基础与httpd的安装;这篇详细介绍下httpd-2.2的部分配置参数
一、配置文件和基本格式
配置文件路径:/etc/httpd/conf/httpd.conf
配置参数 值
1、配置指令不区分字符大小写;但是值有可能区分字符大小写
2、有些指令可以重复出现多次
配置文件格式:
1、全局配置
2、主机配置:用于仅提供一个站点
3、虚拟主机:用于提供多个站点(和主机配置不能同时生效)
配置文件语法测试:{service httpd configtest | httpd -t}
二、详细配置
1、监听套接字
#配置文件事例#Listen 12.34.56.78:80Listen 80Listen 8080Listen 192.168.1.110:8082
此指令可以出现多次;用于指定监听多个不同的套接字:
[Linux]#httpd -tSyntax OK[Linux]#service httpd reloadReloading httpd: [Linux]#ss -tnlState Recv-Q Send-Q Local Address:Port Peer Address:PortLISTEN 0 128 :::111 :::*LISTEN 0 128 *:111 *:*LISTEN 0 128 :::8080 :::*LISTEN 0 128 :::80 :::*LISTEN 0 128 192.168.1.186:8082 *:*
2、配置使用Keep Alive
# KeepAlive: Whether or not to allow persistent connections (more than# one request per connection). Set to "Off" to deactivate.##KeepAlive OnKeepAlive OffMaxKeepAliveRequests 100 #持久连接最大请求数KeepAliveTimeout 15 #超时时间
3、多道处理模块MPM
查看系统默认启用的模块
[Linux]#httpd -lCompiled in modules: core.c prefork.c #默认启用prefork模块 http_core.c mod_so.c[Linux]##如需启用worker模块;需要更改配置文件[Linux]#vi /etc/sysconfig/httpd#HTTPD=/usr/sbin/httpd.worker #启用该项后重启httpd
配置模块信息
[Linux]#vi /etc/httpd/conf/httpd.conf# prefork MPM# StartServers: number of server processes to start# MinSpareServers: minimum number of server processes which are kept spare# MaxSpareServers: maximum number of server processes which are kept spare# ServerLimit: maximum value for MaxClients for the lifetime of the server# MaxClients: maximum number of server processes allowed to start# MaxRequestsPerChild: maximum number of requests a server process servesprefork 稳定性较好,一个线程崩溃不会影响其他线程判断prefork模块是否存在StartServers 8 默认启动的工作进程数;不包含主进程MinSpareServers 5 最少空闲进程数MaxSpareServers 20 最大空闲进程数ServerLimit 256 最大活动进程数MaxClients 256 最多允许发起的请求的个数MaxRequestsPerChild 4000 每个子进程在生命周期内所能够服务的最多请求个数 # worker MPM# StartServers: initial number of server processes to start# MaxClients: maximum number of simultaneous client connections# MinSpareThreads: minimum number of worker threads which are kept spare# MaxSpareThreads: maximum number of worker threads which are kept spare# ThreadsPerChild: constant number of worker threads in each server process# MaxRequestsPerChild: maximum number of requests a server process servesworker 多个进程;一个进程崩溃会影响其下的其他线程判断worker模块是否存在StartServers 4 启动的子进程的个数MaxClients 300 并发请求的最大个数MinSpareThreads 25 最少空闲线程数MaxSpareThreads 75 最大空闲线程数ThreadsPerChild 25 每个子进程可生成的线程数MaxRequestsPerChild 0 每个子进程在生命周期内所能够服务的最多请求个数;0表示不做限定
4、DSO模块的加载方式
LoadModule module_name /path/to/module
可以使用相对路径和绝对路径;相对路径则对于ServerRoot所定义的位置而言;
更改完成后service httpd reload可生效
# LoadModule foo_module modules/mod_foo.so#LoadModule auth_basic_module modules/mod_auth_basic.soLoadModule auth_digest_module modules/mod_auth_digest.soLoadModule authn_file_module modules/mod_authn_file.soLoadModule authn_alias_module modules/mod_authn_alias.soLoadModule authn_anon_module modules/mod_authn_anon.so##[Linux]#httpd -M #可以查看系统所有装载模块Loaded Modules: core_module (static) mpm_prefork_module (static) http_module (static) so_module (static) auth_basic_module (shared) auth_digest_module (shared) authn_file_module (shared) authn_alias_module (shared)
5、配置站点根目录和页面属性
# DocumentRoot: The directory out of which you will serve your# documents. By default, all requests are taken from this directory, but# symbolic links and aliases may be used to point to other locations.#DocumentRoot "/var/www/html"DocumentRoot "/path/to/somewhere(站点路径)" #格式# The Options directive is both complicated and important. Please see 下述站点有配置详细说明# http://httpd.apache.org/docs/2.2/mod/core.html#options# for more information.##页面访问属性## Options Indexes FollowSymLinks###Indexes 缺少默认页面时;允许将目录中的所有文件已列表形式返回给用户FollowSymLinks 允许跟随符号链接所指向的原始文件;危险None 所有都不启用All 所有都启用ExecCGI 是否允许使用mod_cgi模块执行CGI脚本Includes 是否允许使用mod_include模块实现服务器端包含(SSI)MultiViews 允许使用mod_negotiation实现内容协商SymLinksIfOwnerMatch 在链接文件属主属组与原始文件的属主属组相同时;允许跟随符号链接所指向的原始文件### AllowOverride controls what directives may be placed in .htaccess files.# It can be "All", "None", or any combination of the keywords:# Options FileInfo AuthConfig Limit基于主机的访问控制## AllowOverride None 表示下面这些控制机制是否被禁用;None表示不被禁用## Controls who can get stuff from this server.# #allow允许;deny不允许 Order allow,deny #默认deny;没有allow的都deny;可以写多条;自上而下匹配 Allow from all 格式:from IP Deny #二者都匹配或二者都无匹配项时,则以后者为准;否则,则以匹配到的为准 #最佳匹配:从列表中找出最小的能匹配到访问者的地址的条目为最终是生效的#详细参考http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow
6、定义默认主页面
# The index.html.var file (a type-map) is used to deliver content-# negotiated documents. The MultiViews Option can be used for the# same purpose, but it is much slower.#DirectoryIndex index.html index.html.var #自左而右依次查找
7、用户目录
# The path to the end user account 'public_html' directory must be# accessible to the webserver userid. This usually means that ~userid权限说明# must have permissions of 711, ~userid/public_html must have permissions# of 755, and documents contained therein must be world-readable.# Otherwise, the client will only receive a "403 Forbidden" message.## See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden## # UserDir is disabled by default since it can confirm the presence # of a username on the system (depending on home directory # permissions). # UserDir disabled disabled 禁止 UserDir public_html 用户家目录下的目录名称,所有位于此目录中的文件均可通过前述的访问路径进行访问;用户的家目录的赋予运行httpd进程的用户拥有执行权限; # # To enable requests to /~user/ to serve the user's public_html # directory, remove the "UserDir disabled" line above, and uncomment # the following line instead: # #UserDir public_html
8、配置日志功能
/var/log/httpd/access.log && error.log
access.log:其需要记录的内容需要自定义
访问日志:
CustomLog "/path/to/access_log_file" Format_Name
LogFormat Format_String Format_Nam# The following directives define some format nicknames for use with# a CustomLog directive (see below).#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedLogFormat "%h %l %u %t \"%r\" %>s %b" commonLogFormat "%{Referer}i -> %U" refererLogFormat "%{User-agent}i" agent###%h:客户端地址%l:远程登录名;通常为-%u:认证时的远程用户名;通常为-%t:接受到请求时的时间;%r:请求报文的起始行;%>s:响应状态码;%b:响应报文的长度;单位字节;不包含HTTP首部%{Header_Name}i:记录指定请求报文首部的内容(value)%U:请求的URL;不包含其他任何请求串##具体请参照http://httpd.apache.org/docs/2.2/mod/mod_log_config.html## ErrorLog: The location of the error log file.# If you do not specify an ErrorLog directive within a # container, error messages relating to that virtual host will be# logged here. If you *do* define an error logfile for a # container, that host's errors will be logged there and not here.#ErrorLog logs/error_log 9、路径别名和默认字符集
Alias /alias/ "/path/to/somewhere/" :前面别名结尾有/后面结尾就一定得有/
# We include the /icons/ alias for FancyIndexed directory listings. If you# do not use FancyIndexing, you may comment this out.#Alias /icons/ "/var/www/icons/"###字符集# Specify a default charset for all content served; this enables# interpretation of all content as UTF-8 by default. To use the# default browser choice (ISO-8859-1), or to allow the META tags# in HTML content to override this choice, comment out this# directive:#AddDefaultCharset UTF-8
10、CGI脚本路径别名
URL --> FileSystem Directory
CGI:Common Gateway Interface
有很多机制需要SUID或SGID权限;
httpd无法直接执行脚本;基于CGI协议调用脚本解释器;等待脚本解释器返回结果到web服务器
# ScriptAlias: This controls which directories contain server scripts.# ScriptAliases are essentially the same as Aliases, except that# documents in the realname directory are treated as applications and# run by the server when requested rather than as documents sent to the client.# The same rules about trailing "/" apply to ScriptAlias directives as to# Alias.#ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"ScriptAlias /URL/ "/path/to/somewhere/" #格式;路径需要执行权限##测试cat << EOFContent-Type: text/htmlThe hostname is:`hostname`.The time is:`date`.EOF
11、基于用户的访问控制
虚拟用户:不是系统的账号密码;
在配置文件LoadModule下(auth)开头的认证类型:
basic:基本认证;账号和密钥明文发送;
digest:摘要认证;hash编程之后发送
认证提供者(authentication provider):账号和密钥的存放位置(authn)
授权机制(authentication):根据什么进行授权(authz)
1、编辑配置文件使用:
[Linux]#vi /etc/httpd/conf/httpd.conf#在网站附近下找一个位置新建一个 #指定目录文件 Options None #没有任何选项 AllowOverride AuthConfig #使用认证配置 AuthType Basic #认证类型 AuthName "Private Area" #质询时窗口标题# AuthBasicProvider file #认证提供者;默认为文件 AuthUserFile /etc/httpd/conf/.htpasswd #指定文件存放用户账号# AuthGroupFile /etc/httpd/conf/.htgroup #指定文件存放组# Require group GroupName #指定组名 Require valid-user #所有的合法账户
2、使用htpasswd命令生成认证库
[Linux]#htpasswd -b /etc/httpd/conf/.htpasswd pipi pipiAdding password for user pipi[Linux]#详细参数可以man htpasswdSYNOPSIS htpasswd [ -c ] [ -m ] [ -D ] passwdfile username htpasswd -b [ -c ] [ -m | -d | -p | -s ] [ -D ] passwdfile username password htpasswd -n [ -m | -d | -s | -p ] username htpasswd -nb [ -m | -d | -s | -p ] username password
12、虚拟主机
一个物理服务器提供多个站点;使用虚拟主机得先取消中心主机
1、基于不同的IP实现不同的虚拟
使用不同IP;
2、基于不同的port实现不同的虚拟主机
使用不同端口
3、基于不同的FQDN实现不同的虚拟主机
使用不同的ServerName的值:FQDN
# DocumentRoot: The directory out of which you will serve your# documents. By default, all requests are taken from this directory, but# symbolic links and aliases may be used to point to other locations.##DocumentRoot "/var/www/html" #这项需要先注释;中心主机##基于主机名不同进行测试;下面这项需要开启;IP和port是不需要开启的NameVirtualHost *:80## NOTE: NameVirtualHost cannot be used without a port specifier# (e.g. :80) if mod_ssl is being used, due to the nature of the# SSL protocol.## VirtualHost example:# Almost any Apache directive may go into a VirtualHost container.# The first VirtualHost section is used for requests without a known# server name.#ServerAdmin webmaster@pipi.com DocumentRoot /var/www/docs/pipi #指定站点路径 ServerName www.pipi.com #指定FQDN ErrorLog logs/pipi.com-error_log #指定错误日志路径及名称 CustomLog logs/pipi.com-access_log common #指定访问日志路径及名称 ServerAdmin webmaster@soul.org DocumentRoot /var/www/docs/soul ServerName www.soul.org ErrorLog logs/soul.org-error_log CustomLog logs/soul.org-access_log common ServerAdmin webmaster@dark.net DocumentRoot /www/docs/dark ServerName www.dark.net ErrorLog logs/dark.net-error_log CustomLog logs/dark.net-access_log common ##配置完成后需要在对应的路径下建立相应的文件[Linux]#httpd -tSyntax OK[Linux]#service httpd restartStopping httpd: [ OK ]Starting httpd: [ OK ][Linux]#
配置完成后如在linux下测试则修改/etc/hosts文件;windows下修改C:\Windows\System32\drivers\etc\hosts文件
X.X.X.129 www.pipi.comX.X.X.129 www.soul.orgX.X.X.129 www.dark.net
修改完成后直接访问即可。
#查看日志文件[Linux]#cd /var/log/httpd/[Linux]#lsaccess_log dark.net-access_log error_log pipi.com-access_log soul.org-access_logaccess_log-20140309 dark.net-error_log error_log-20140309 pipi.com-error_log soul.org-error_log[Linux]#
httpd的部分参数介绍到这里;下一篇将介绍https的实现httpd-2.4的编译安装。
如有错误,恳请纠正。