教你使用Apache搭建Http

Apache2默认采用的是80端口号，因此直接通过公网ip或域名就能访问。现实中，很多服务器本身就部署了许多其它服务，80端口号往往被占用，因此就需要将Apache2改成其它访问端口。

修改端口，首先需要修改/etc/apache2/ports.conf这个文件：
这里吧80改成其它不冲突的端口号，我这里以1024为例

#Listen 80
Listen 1024

Listen 443

#<VirtualHost *:80>
<VirtualHost *:1024>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
注：这个文件中还有一个DocumentRoot，修改该参数可以调整文件系统的根路径。

修改完成之后，重启apache2：

1
/etc/init.d/apache2 restart
此时，就可以通过访问域名:1024的形式访问到同样内容，例如我的服务器访问url为http://xdxsb.top:1024

设置访问限制
个人服务器很容易遭到别人的攻击，如果有人开好多线程来反复请求下载，这就将导致流量带宽消耗巨大，甚至会让服务器宕机。因此，长期提供下载服务的服务器必须设置访问限制。
配置文件参数详解
访问限制主要涉及到/etc/apache2/apache2.conf这个配置文件，首先来对该文件进行解读。
这个文件内容如下：

This is the main Apache server configuration file. It contains the

configuration directives that give the server its instructions.

See http://httpd.apache.org/docs/2.4/ for detailed information about

the directives and /usr/share/doc/apache2/README.Debian about Debian specific

hints.

Summary of how the Apache 2 configuration works in Debian:

The Apache 2 web server configuration in Debian is quite different to

upstream’s suggested way to configure the web server. This is because Debian’s

default Apache2 installation attempts to make adding and removing modules,

virtual hosts, and extra configuration directives as flexible as possible, in

order to make automating the changes and administering the server as easy as

possible.

It is split into several files forming the configuration hierarchy outlined

below, all located in the /etc/apache2/ directory:

/etc/apache2/

|-- apache2.conf

| `-- ports.conf

|-- mods-enabled

| |-- *.load

| `-- *.conf

|-- conf-enabled

| `-- *.conf

`-- sites-enabled

`-- *.conf

* apache2.conf is the main configuration file (this file). It puts the pieces

together by including all remaining configuration files when starting up the

web server.

* ports.conf is always included from the main configuration file. It is

supposed to determine listening ports for incoming connections which can be

customized anytime.

* Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/

directories contain particular configuration snippets which manage modules,

global configuration fragments, or virtual host configurations,

respectively.

They are activated by symlinking available configuration files from their

respective *-available/ counterparts. These should be managed by using our

helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See

their respective man pages for detailed information.

* The binary is called apache2. Due to the use of environment variables, in

the default configuration, apache2 needs to be started/stopped with

/etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not

work with the default configuration.

Global configuration

ServerRoot: The top of the directory tree under which the server’s

configuration, error, and log files are kept.

NOTE! If you intend to place this on an NFS (or otherwise network)

mounted filesystem then please read the Mutex documentation (available

at URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex);

you will save yourself a lot of trouble.

Do NOT add a slash at the end of the directory path.

#ServerRoot “/etc/apache2”

The accept serialization lock file MUST BE STORED ON A LOCAL DISK.

#Mutex file:${APACHE_LOCK_DIR} default

The directory where shm and other runtime files will be stored.

DefaultRuntimeDir ${APACHE_RUN_DIR}

PidFile: The file in which the server should record its process

identification number when it starts.

This needs to be set in /etc/apache2/envvars

PidFile ${APACHE_PID_FILE}

Timeout: The number of seconds before receives and sends time out.

Timeout 300

KeepAlive: Whether or not to allow persistent connections (more than

one request per connection). Set to “Off” to deactivate.

KeepAlive On

MaxKeepAliveRequests: The maximum number of requests to allow

during a persistent connection. Set to 0 to allow an unlimited amount.

We recommend you leave this number high, for maximum performance.

MaxKeepAliveRequests 100

KeepAliveTimeout: Number of seconds to wait for the next request from the

same client on the same connection.

KeepAliveTimeout 5

These need to be set in /etc/apache2/envvars

User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}

HostnameLookups: Log the names of clients or just their IP addresses

e.g., www.apache.org (on) or 204.62.129.132 (off).

The default is off because it’d be overall better for the net if people

had to knowingly turn this feature on, since enabling it means that

each client request will result in AT LEAST one lookup request to the

nameserver.

HostnameLookups Off

ErrorLog: The location of the error log file.

If you do not specify an ErrorLog directive within a

container, error messages relating to that virtual host will be

logged here. If you do define an error logfile for a

container, that host’s errors will be logged there and not here.

ErrorLog ${APACHE_LOG_DIR}/error.log

LogLevel: Control the severity of messages logged to the error_log.

Available values: trace8, …, trace1, debug, info, notice, warn,

error, crit, alert, emerg.

It is also possible to configure the log level for particular modules, e.g.

“LogLevel info ssl:warn”

LogLevel warn

Include module configuration:

IncludeOptional mods-enabled/.load
IncludeOptional mods-enabled/.conf

Include list of ports to listen on

Include ports.conf

Sets the default security model of the Apache2 HTTPD server. It does

not allow access to the root filesystem outside of /usr/share and /var/www.

The former is used by web applications packaged in Debian,

the latter may be used for local directories served by the web server. If

your system is serving content from a sub-directory in /srv you must allow

access here, or in any related virtual host.

Options FollowSymLinks AllowOverride None Require all denied

参数解释：

PidFile:记录服务器启动进程号的文件

Timeout:接收和发送前超时秒数

KeepAlive:是否允许稳固的连接(每个连接有多个请求)，设为"Off"则停用

MaxKeepAliveRequests:在稳固连接期间允许的最大请求数，设为0表示无限制接入

KeepAliveTimeout:在同一个连接上从同一台客户上接收请求的秒数

User/Group:运行的用户和组

HostnameLookups：指定记录用户端的名字还是IP地址
例如，本指令为on时记录主机名，如www.apache.org；为off时记录IP地址，204.62.129.132。默认值为off，这要比设为on好得多，因为如果设为on则每个用户端请求都将会至少造成对 nameserver 进行一次查询。

ErrorLog:错误日志文件定位

LogLevel:控制记录在错误日志文件中的日志信息
可选值：debug，info，notice，warn，error，crit，alert，emerg

Directory：在标签对里面可以设置各文件夹属性

Options：控制在特定目录中将使用哪些服务器特性

All：除MultiViews之外的所有特性，这是默认设置
ExecCG：允许使用mod_cgi执行CGI脚本
FollowSymLinks：服务器允许在此目录中使用符号连接，如果此配置位于配置段中，则会被忽略
Includes：允许使用mod_include提供的服务器端包含
IncludesNOEXEC：允许服务器端包含，但禁用"#exec cmd"和"#exec cgi"，但仍可以从ScriptAlias目录使用"#include virtual"虚拟CGI脚本
Indexes：如果一个映射到目录的URL被请求，而此目录中又没有DirectoryIndex(例如：index.html)，那么服务器会返回由mod_autoindex生成的一个格式化后的目录列表
MultiViews：允许使用mod_negotiation提供内容协商的"多重视图"(MultiViews)
SymLinksIfOwnerMatch：服务器仅在符号连接与其目的目录或文件的拥有者具有相同的uid时才使用它。 如果此配置出现在配置段中，则将被忽略
AllowOverride：确定允许存在于.htaccess文件中的指令类型
语法：AllowOverride All|None|directive-type [directive-type]
如果此指令被设置为None ，那么.htaccess文件将被完全忽略。
directive-type可以是下列各组指令之一：

AuthConfig : 允许使用与认证授权相关的指令
FileInfo : 允许使用控制文档类型的指令、控制文档元数据的指令、mod_rewrite中的指令、mod_actions中的Action指令
Indexes : 允许使用控制目录索引的指令
Limit : 允许使用控制主机访问的指令
Order：控制默认的访问状态与Allow和Deny指令生效的顺序

Deny,Allow : Deny指令在Allow指令之前被评估。默认允许所有访问。任何不匹配Deny指令或者匹配Allow指令的客户都被允许访问
Allow,Deny : Allow指令在Deny指令之前被评估。默认拒绝所有访问。任何不匹配Allow指令或者匹配Deny指令的客户都将被禁止访问
Mutual-failure : 只有出现在Allow列表并且不出现在Deny列表中的主机才被允许访问。这种顺序与"Order Allow,Deny"具有同样效果
Allow：控制哪些主机可以访问服务器的该区域。可以根据主机名、IP地址、 IP地址范围或其他环境变量中捕获的客户端请求特性进行控制。
语法：Allow from all|host|env=env-variable [host|env=env-variable]

Deny：控制哪些主机被禁止访问服务器的该区域。可以根据主机名、IP地址、 IP地址范围或其他环境变量中捕获的客户端请求特性进行控制。
语法：Deny from all|host|env=env-variable [host|env=env-variable]

Require：访问限制

• all granted：表示允许所有主机访问
• all denied：表示拒绝所有主机访问
• local：表示仅允许本地主机访问
• [not] host <主机名或域名列表>：表示允许或拒绝指定主机或域名访问
• [not] ip <IP地址或网段列表>：表示允许或拒绝指定的IP地址或网段访问

AccessFileName：设置分布式配置文件的名字，默认为.htaccess
如果为某个目录启用了分布式配置文件功能，那么在向客户端返回其中的文档时，服务器将在这个文档所在的各级目录中查找此配置文件

<FilesMatch"^.ht">：拒绝对.ht开头文件的访问,以保护.htaccess文件

LogFormat：定义访问日志的格式