Apache只配置文件解析2

最新推荐文章于 2020-02-27 16:18:46 发布

Moon_K_H

最新推荐文章于 2020-02-27 16:18:46 发布

阅读量505

点赞数

分类专栏： Apache

Apache 专栏收录该内容

10 篇文章 0 订阅

订阅专栏

安装

The Apache2 web server is available in Ubuntu Linux. To install Apache2:

在终端命令行输入如下命令：
```
sudo apt-get install apache2
```

配置

Apache2 is configured by placing directives in plain text configuration files. These directives are separated between the following files and directories:

apache2.conf: Apache2 的主要配置文件。包含了 Apache2 的全局的配置。
httpd.conf: historically the main Apache2 configuration file, named after the httpd daemon. Now the file does not exist. In older versions of Ubuntu the file might be present, but empty, as all configuration options have been moved to the below referenced directories.
conf-available: this directory contains available configuration files. All files that were previously in /etc/apache2/conf.d should be moved to/etc/apache2/conf-available.
conf-enabled: holds symlinks to the files in /etc/apache2/conf-available. When a configuration file is symlinked, it will be enabled the next time apache2 is restarted.
环境变量设置：　文件下的 Apache2 环境　变量设置。
mods-available：该目录包含的配置文件都装载模块和设置它们。不管怎样并非所有模块都会有具体的配置文件。
mods-enabled：保持符号链接文件在 /etc/apache2/mods-available。当一模块配置文件被设为符号连接后会在下一次apache2重启时激活。
ports.conf：房屋指示以确定 Apache2 正在监听哪些 TCP 端口。
sites-available: 这个目录下有 Apache2 虚拟主机的配置文件。虚拟主机使 Apache2 能够配置多个站点，这些站点有各自不同的配置。
sites-enabled: like mods-enabled, sites-enabled contains symlinks to the /etc/apache2/sites-available directory. Similarly when a configuration file in sites-available is symlinked, the site configured by it will be active once Apache2 is restarted.
magic: instructions for determining MIME type based on the first few bytes of a file.

除此之外，其他的配置文件可能会增加使用头文件指令，并和通配符用于包括许多配置文件。任何说明可放置于这些任意配置文件中。

The server also reads a file containing mime document types; the filename is set by the TypesConfig directive, typically via /etc/apache2/mods-available/mime.conf, which might also include additions and overrides, and is /etc/mime.types by default.

基本设置

This section explains Apache2 server essential configuration parameters. Refer to the Apache2 Documentation for more details.

Apache2 ships with a virtual-host-friendly default configuration. That is, it is configured with a single default virtual host (using theVirtualHost directive) which can be modified or used as-is if you have a single site, or used as a template for additional virtual hosts if you have multiple sites. If left alone, the default virtual host will serve as your default site, or the site users will see if the URL they enter does not match the ServerName directive of any of your custom sites. To modify the default virtual host, edit the file /etc/apache2/sites-available/000-default.conf.

虚拟主机的语句设置仅应用于特定的虚拟主机。如果一个语句在服务器范围中设置而没有在虚拟主机设置中定义，那么将使用缺省设置。例如，您可以定义网络管理员的邮件地址而无需为每个虚拟主机都分别定义邮件地址。

如果您想设定一个新的虚拟主机或站点，请复制该文件到以您选择名称的同一目录下。例如：
```
sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/mynewsite.conf
```
编辑新文件配置新的站点就要使用下列的一些指示说明。
ServerAdmin 语句指定服务器管理员的邮件地址，缺省值是 webmaster@localhost。应该改成您的邮件地址 (如果您是服务器管理员的话)。如果您的网站有问题，Apache2 将显示包含该邮件地址的错误信息以便报告该问题。在 /etc/apache2/sites-available 目录中您网站的配置文件里可以找到该语句。
Listen 语句指定端口以及可选的 IP 地址，Apache2 将在其上监听。如果 IP 地址没有被指定，Apache2 将监听所有指向其所运行机器上的 IP 地址。Listen 语句的缺省值是 80。把其改成 127.0.0.1:80 将使 Apache2 只在您的环回接口上临听以致于它相对于 Internet 不可用。也可改变其监听端口如81，或保持原样以便正常操作。该语句可以在它自己的文件 /etc/apache2/ports.conf 中发现并修改。
The ServerName directive is optional and specifies what FQDN your site should answer to. The default virtual host has no ServerName directive specified, so it will respond to all requests that do not match a ServerName directive in another virtual host. If you have just acquired the domain name ubunturocks.com and wish to host it on your Ubuntu server, the value of the ServerName directive in your virtual host configuration file should be ubunturocks.com. Add this directive to the new virtual host file you created earlier (/etc/apache2/sites-available/mynewsite.conf).

可能还需要把您的站点来响应 www.ubunturocks.com ，因为许多用户会认定加上前缀 www 是适当的。使用服务器别名指令来做这事。可能需要在服务别名指令中使用通配符。

比如，下一步的配置会引导您站点来响应在 .ubunturocks.com 的任意请求结束域。
```
服务器别名 *.ubunturocks.com
```
The DocumentRoot directive specifies where Apache2 should look for the files that make up the site. The default value is /var/www/html, as specified in /etc/apache2/sites-available/000-default.conf. If desired, change this value in your site's virtual host file, and remember to create that directory if necessary!

Enable the new VirtualHost using the a2ensite utility and restart Apache2:

sudo a2ensite mynewsite
sudo service apache2 restart

确定为虚拟主机用广泛的名字来代替新站点。一种方法是以虚拟主机的服务器名指令来命名。

同样，使用 a2dissite 功能来关闭站点。使用多个虚拟主机来为故障排除配置问题是非常有用的。

sudo a2dissite mynewsite
sudo service apache2 restart

缺省设置

这部分内容说明 Apache2 服务器缺省设置的配置。举个例子，如果您添加一个虚拟主机，您为该虚拟主机配置的设置将优先于缺省虚拟主机。如果在该虚拟主机的设置中有个语句没有定义，那么将使用缺省值。

当用户在目录名后使用斜杠 (/) 来请求一个目录索引时，The DirectoryIndex 将通过服务器提供缺省页服务。

For example, when a user requests the page http://www.example.com/this_directory/, he or she will get either the DirectoryIndex page if it exists, a server-generated directory list if it does not and the Indexes option is specified, or a Permission Denied page if neither is true. The server will try to find one of the files listed in the DirectoryIndex directive and will return the first one it finds. If it does not find any of these files and if Options Indexes is set for that directory, the server will generate and return a list, in HTML format, of the subdirectories and files in the directory. The default value, found in /etc/apache2/mods-available/dir.conf is "index.html index.cgi index.pl index.php index.xhtml index.htm". Thus, if Apache2 finds a file in a requested directory matching any of these names, the first will be displayed.
The ErrorDocument directive allows you to specify a file for Apache2 to use for specific error events. For example, if a user requests a resource that does not exist, a 404 error will occur. By default, Apache2 will simply return a HTTP 404 Return code. Read/etc/apache2/conf-available/localized-error-pages.conf for detailed instructions for using ErrorDocument, including locations of example files.
By default, the server writes the transfer log to the file /var/log/apache2/access.log. You can change this on a per-site basis in your virtual host configuration files with the CustomLog directive, or omit it to accept the default, specified in /etc/apache2/conf.d/other-vhosts-access-log. You may also specify the file to which errors are logged, via the ErrorLog directive, whose default is/var/log/apache2/error.log. These are kept separate from the transfer logs to aid in troubleshooting problems with your Apache2 server. You may also specify the LogLevel (the default value is "warn") and the LogFormat (see /etc/apache2/apache2.conf for the default value).
由每个目录基础来决定一些选项，而不是每个服务器。选项是这些指令的其中之一。一节目录就是封闭的 XML-like 标签，像这样：
```
<Directory /var/www/html/mynewsite>
...
</Directory>
```
选项指令在目录接收一个或多个值(除了其它之外)，由空格所分隔：
- ExecCGI - 允许执行 CGI 脚本。如果该选项没有设置，则 CGI 脚本将不能执行。
  
  许多文件都不应该做为 CGI 脚本所执行。这会非常危险。CGI 脚本应该单独保存在一目录里和你的外部启动文档所分开，只有这目录已经设置了 ExecCGI 选项。CGI 脚本的默认位置是 /usr/lib/cgi-bin 。
- Includes - Allow server-side includes. Server-side includes allow an HTML file to include other files. See Apache SSI documentation (Ubuntu community) for more information.
- 允许服务端包含 IncludesNOEXEC ，但要在 CGI 脚本里禁用 #exec 和 #include 命令。
- Indexes - 显示一个按特定格式的文件目录,如果被请求的目录中 DirectoryIndex (比如index.html)不存在。
  
  出于安全考虑，这个通常不会设置，无疑也不应在您 DocumentRoot 目录中设置。只有在您确定您希望用户看到目录的整个内容时请小心地基于每个目录启用该选项。
- Multiview - Support content-negotiated multiviews; this option is disabled by default for security reasons. See the Apache2 documentation on this option.
- SymLinksIfOwnerMatch - 仅在软连接与其目的文件或目录拥有相同所有者时才使用。

httpd 设置

本节说明了一些基本的 httpd 守护进程的配置设置。

LockFile - 当服务器编译时使用了 USE_FCNTL_SERIALIZED_ACCEPT 或 USE_FLOCK_SERIALIZED_ACCEPT 参数时，使用 LockFile 语句来设置 lockfile 的路径。它必须保存在本地磁盘上，它应该设置成缺省值，除非日志目录被定位在 NFS 共享上。如果是这种情况，缺省值应该被改为本地磁盘的位置并且其目录只对 root 用户可读。

PidFile - PidFile 语句设置服务器记录其进程 ID (pid) 的文件。该文件只对 root 用户可读。在大多数情况下，应该保留其缺省值。

User - The User directive sets the userid used by the server to answer requests. This setting determines the server's access. Any files inaccessible to this user will also be inaccessible to your website's visitors. The default value for User is "www-data".

除非您的确知道您在做什么，否则请不要将 User 设为 root 用户。用 root 作为 User 的值将会在您的 Web 服务器中产生极大的安全漏洞。

Group - Group 指令和 User 指令类似。Group 指令设置服务器响应请求使用的用户组。默认组为"www-data"。

Apache2 模块

Apache2 is a modular server. This implies that only the most basic functionality is included in the core server. Extended features are available through modules which can be loaded into Apache2. By default, a base set of modules is included in the server at compile-time. If the server is compiled to use dynamically loaded modules, then modules can be compiled separately, and added at any time using the LoadModule directive. Otherwise, Apache2 must be recompiled to add or remove modules.

Ubuntu把Apache2编译成可以动态加载模块的形式。配置命令可以通过包含在<IfModule>块中的方式包含到某个模块中。

您可以安装额外的 Apache2 模块，并和您的 Web 服务器使用这些模块。例如，运行以下终端提示的命令来安装 MySQL 认证模块：

sudo apt-get install libapache2-mod-auth-mysql

请浏览 /etc/apache2/mods-available 目录，能提供更多的模块。

使用 a2enmod 功能来激活模块：

sudo a2enmod auth_mysql
sudo service apache2 restart

同样的，a2dismod 将禁用模块。

sudo a2dismod auth_mysql
sudo service apache2 restart

HTTPS 配置

mod_ssl模块为Apache2服务器提供了一个重要特性 - 对传送内容的加密功能。因此，当您使用SSL浏览信息的时候,即导航栏中有https:// 前缀的情况。

软件包 apache2-common 中包含了 mod_ssl 模块。在终端命令行中输入如下命令以使用 mod_ssl 模块：

sudo a2enmod ssl

There is a default HTTPS configuration file in /etc/apache2/sites-available/default-ssl.conf. In order for Apache2 to provide HTTPS, acertificate and key file are also needed. The default HTTPS configuration will use a certificate and key generated by the ssl-cert package. They are good for testing, but the auto-generated certificate and key should be replaced by a certificate specific to the site or server. For information on generating a key and obtaining a certificate see 证书

要为 Apache2 配置 HTTPS，请输入以下内容：

sudo a2ensite default-ssl

目录 /etc/ssl/certs 和 /etc/ssl/private 是默认的安全区域.如果您要把证书和密钥安装到其他的目录下，请确认更改了SSLCertificateFile 和 SSLCertificateKeyFile 的配置。

现在 Appache2 已经配置了 HTTPS。要使新设置生效，请重新启动服务：

sudo service apache2 restart

Depending on how you obtained your certificate you may need to enter a passphrase when Apache2 starts.

你可通过在浏览器地址栏输入https://your_hostname/url/来进入安装服务器页面。

Sharing Write Permission

For more than one user to be able to write to the same directory it will be necessary to grant write permission to a group they share in common. The following example grants shared write permission to /var/www/html to the group "webmasters".

sudo chgrp -R webmasters /var/www/html
sudo find /var/www/html -type d -exec chmod g=rwxs "{}" \;
sudo find /var/www/html -type f -exec chmod g=rws  "{}" \;

如果需要对一个目录设置多于一个的授权访问组，请使用访问控制列表 (ACLs)。

参考资料

Apache2 Documentation contains in depth information on Apache2 configuration directives. Also, see the apache2-doc package for the official Apache2 docs.
请浏览 Mod SSL 文件站点可以查到更多的 SSL 相关信息。
奥赖利的 Apache 菜谱是个能完成特定 Apache2 配置的好资料。
和 Ubuntu 有关 Apache2 的更多问题，请访问在 freenode.net 的 #ubuntu-server IRC 频道。
通常与 PHP 和 MySQL 集成；Apache MySQL PHP Ubuntu Wiki 页面是个很好的资源。

Moon_K_H

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
Apache只配置文件解析2

安装The Apache2 web server is available in Ubuntu Linux. To install Apache2:在终端命令行输入如下命令：sudo apt-get install apache2配置Apache2 is configure
复制链接

扫一扫