httpd系列-01-常用配置

配置文件概览

• 主配置文件位置: /etc/httpd/conf/httpd.conf

• httpd -t 可测试配置文件的语法是否有误

• 配置文件大概分为3个部分，可以通过grep命令来大致查看:

[root@c2 conf]# grep "Section" httpd.conf
### Section 1: Global Environment
### Section 2: 'Main' server configuration
### Section 3: Virtual Hosts

• 另外,Main server和Virtual Hosts配置同时只能有一个生效

• 可以在/etc/httpd/conf.d/目录下定义以.conf结尾的文件来定义属性，也可以直接修改httpd.conf文件

httpd.conf配置文件的内容格式基本都是

directive-name directive-value

比如

MaxKeepAliveRequests 100

几个命令

• htpasswd：可用于生成访问控制所需的用户密码文件
  
  • -c:新建文件
  • -m:以md5的方式加密
  • -d:删除指定文件中的指定用户

[root@c2 conf.d]# htpasswd -c -m /etc/httpd/.users tom
New password: 
Re-type new password: 
Adding password for user tom
[root@c2 conf.d]# htpasswd -m /etc/httpd/.users cat
New password: 
Re-type new password: 
Adding password for user cat
[root@c2 conf.d]# cat /etc/httpd/.users 
tom:$apr1$j/IgPNIo$5zyp/tnoWrGencgOWlIYu/
cat:$apr1$W.Vbd.1S$2er0pf.3dtKjP71L9VPJI1

• httpd
  
  • -l:查看内置模块:
  • -M:

[root@c2 conf.d]# httpd -l
Compiled in modules:
  core.c
  prefork.c
  http_core.c
  mod_so.c

常用配置说明

全局配置

基本配置

# 显示服务器信息,详情可参考 : http://www.ha97.com/2505.html
ServerTokens OS

## ServerRoot
ServerRoot "/etc/httpd"

## PidFile run/httpd.pid
PidFile run/httpd.pid

# Timeout: The number of seconds before receives and sends time out.
Timeout 60

# 是否启用长连接
KeepAlive Off|On

# 一个长连接所允许的最大请求数目
# 0表示无限制
MaxKeepAliveRequests 100

# 一个长连接允许的最大"发呆时间",单位:秒
KeepAliveTimeout 15

#指定监听地址和端口
# Listen 192.168.1.111:80
Listen 80

# Load config files from the config directory "/etc/httpd/conf.d".
Include conf.d/*.conf

# 指定worker子进程以哪个用户的身份运行
User apache
Group apache

LoadModule

该指令配置httpd在启动的时候加载哪些模块

格式:

LoadModule 模块名 模块路径(相对)

LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
........................

Options

• None:不支持任何选项
• Indexes:索引目录功能
• FollowSymLinks:是否允许访问符号链接指向的原文件
• Includes:是否允许服务器端包含(SSI-ServerSideInclude)
• SymLinksifOwnerMatch
• ExecCGI:允许允许CGI脚本
• MultiViews:内容协商相关的多视图技术支持,比如国际化等
• All:支持所有选项

Allow

定义基于主机的访问控制

# 顺序
Order allow,deny
Allow from all

# 只禁止192.168.0.1,172.16.100.177访问
Order from deny,allow
Deny 192.168.0.1,172.16.100.177

# 禁止任何用于远程访问以.ht开头的文件
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</Files>

AllowOverride

AllowOverride AuthConfig

# 认证类型:基本认证
AuthType Basic

# 认证提示
AuthName "Restricted Site ..."

# 认证所需用户密码文件位置
AuthUserFile "/etc/httpd/conf/.users"
# AuthGroupFile "/etc/httpd/conf/.groups"

# AuthUserFile所定义的所有用户都可以访问
Require valid-user
# 只允许tom访问
# Require user tom
# Require group my_group_name

Directory

本地文件系统

<Directory "/web/htdocs/4">
    Options None
    AllowOverride AuthConfig
    AuthType Basic
    AuthName "用户认证"
    AuthUserFile /etc/httpd/conf/.users
    Require valid-user
</Directory>

Location

<Location /status>
    SetHandler server-status
    Order Deny,Allow
    Deny from all
    Alow from foo.bar.com
</Location>

Main server配置

ServerAdmin root@localhost

#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If this is not set to valid DNS name for your host, server-generated
# redirections will not work.  See also the UseCanonicalName directive.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
# You will have to access it by its address anyway, and this will make 
# redirections work in a sensible way.
#ServerName www.example.com:80

#
# UseCanonicalName: Determines how Apache constructs self-referencing 
# URLs and the SERVER_NAME and SERVER_PORT variables.
# When set "Off", Apache will use the Hostname and Port supplied
# by the client.  When set "On", Apache will use the value of the
# ServerName directive.
UseCanonicalName Off

# 站点根目录
DocumentRoot "/var/www/html"

# 默认主页
DirectoryIndex index.html index.html.var

# 支持的MIME类型定义文件所在路径
TypesConfig /etc/mime.types

# 默认的MIME类型
DefaultType text/plain

# 日志(access_log)中记录client的IP地址(Off)还是其hostname(On)
# 一般都是Off,因为反解析主机名较浪费时间
HostnameLookups Off

ErrorLog logs/error_log

# debug, info, notice, warn, error, crit,alert, emerg.
LogLevel warn



LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

#此处的combined即为LogFormat的别名
CustomLog logs/access_log combined

# 别名
Alias /icons/ "/var/www/icons/"

虚拟主机配置

虚拟主机和Main Server同时只能有一个起作用，注释掉DocumentRoot即可禁用Main Server
对于虚拟主机的配置可直接在httpd.conf中编辑定义，也可在/etc/httpd/conf.d/目录下定义以.conf结尾的文件来定义。

# Use name-based virtual hosting.
#NameVirtualHost *:80

# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
<VirtualHost *:80>
    ServerAdmin webmaster@dummy-host.example.com
    DocumentRoot /www/docs/dummy-host.example.com
    ServerName dummy-host.example.com
    ErrorLog logs/dummy-host.example.com-error_log
    CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>

基于主机名、IP、端口混合的虚拟主机定义例子:

Listen 8080

# 在所有IP上，80端口使用基于主机名的虚拟主机
# NameVirtualHost *:80

<VirtualHost 192.168.1.103:80>
    ServerName my-host-1.com
    DocumentRoot /web/htdocs/1
    CustomLog logs/referer_log combined
    <Directory "/web/htdocs/1">
        Options Indexes
        AllowOverride None
        Order deny,allow
        # 拒绝192.168.1.106访问
        Deny from 192.168.1.106
    </Directory>
</VirtualHost>

<VirtualHost 192.168.1.103:80>
    ServerName my-host-2.com
    DocumentRoot /web/htdocs/2
</VirtualHost>

<VirtualHost 192.168.1.166:80>
    ServerName my-host-3.com
    DocumentRoot /web/htdocs/3
</VirtualHost>

<VirtualHost 192.168.1.103:8080>
    # 添加:Listen 8080
    ServerName my-host-4.com
    DocumentRoot /web/htdocs/4
    <Directory "/web/htdocs/4">
        Options None
        AllowOverride AuthConfig
        AuthType Basic
        AuthName "用户认证"
        AuthUserFile /etc/httpd/conf/.users
        Require valid-user
    </Directory>
</VirtualHost>

和MPM相关的配置

MPM相关信息请看下文MPM章节

在<IfModule prefork.c></IfModule>之间的配置只会在对应模块prefork启用时生效，其他类似。

<IfModule prefork.c>
# 服务器刚启动时的服务进程数
StartServers       8
# 最少空闲进程数
MinSpareServers    5
# 最大空闲进程数
MaxSpareServers   20
# MaxClients的上限值
ServerLimit      256
# 最大同时支持的请求数
MaxClients       256
# 每个子进程最多响应多少次请求
#达到此值后强行杀死进程，并重新启动一个新的子进程
MaxRequestsPerChild  4000
</IfModule>


<IfModule worker.c>
StartServers         4
MaxClients         300
# 最少空闲线程数
MinSpareThreads     25
# 最大空闲线程数
MaxSpareThreads     75 
ThreadsPerChild     25
MaxRequestsPerChild  0
</IfModule>

MPM

Multi Process Modules

几个MPM模型

• mpm_winnt
• prefork
  
  • 一个请求用一个进程响应
  • 稳定
  • 性能低
• worker
  
  • 每个进程产生多个线程
  • 一个请求用一个线程响应
• event
  
  • 一个进程处理过个请求

各个模型对应的启动脚本如下

/usr/sbin/httpd
/usr/sbin/httpd.event
/usr/sbin/httpd.worker

各个MPM模型默认模块

[root@c2 conf.d]# httpd -l
Compiled in modules:
  core.c
  prefork.c
  http_core.c
  mod_so.c
[root@c2 conf.d]# httpd.worker -l
Compiled in modules:
  core.c
  worker.c
  http_core.c
  mod_so.c
[root@c2 conf.d]# httpd.event -l
Compiled in modules:
  core.c
  event.c
  http_core.c
  mod_so.c

修改httpd的MPM

vim /etc/sysconfig/httpd

修改HTTPD配置即可

#HTTPD=/usr/sbin/httpd.worker