文章目录
实验环境
基于httpd-2.4.41源码编译安装。安装路径:/mnt/app/httpd
配置文件
配置文件:
/mnt/app/httpd/conf/httpd.conf
/mnt/app/httpd/conf/extra/*.conf
1、服务监听
#conf/httpd.conf
Listen [ip:]port
# (1)ip可省,表示0.0.0.0
# (2)Listen可出现多次
# listen 80
# listen 8080
2、服务根目录
#conf/httpd.conf
ServerRoot "/mnt/app/httpd" #服务根目录
3、服务属主,属组
#conf/httpd.conf
User apache #属主
Group apache #属组
4、超时设置
#conf/extra/httpd-default.conf
Timeout 60 #接收和发送超时时长
5、持久链接
#conf/extra/httpd-default.conf
KeepAlive On|Off #保持连接开启或关闭
KeepAliveTimeout 5 #时间限制,超时断开连接
MaxKeepAliveRequests 100 #数量限制,超设定请求文件数断开连接
测试
telnet web_server_ip port
GET /url http/1.1
Host:web_server_ip
6、MPM
- prefork:多进程模型,一个进程响应一个请求
- worker:多线程模型,一个线程响应一个请求
- event:事件驱动模型,一个进程响应n个请求
httpd2.4才有event
查看
[root@arch httpd]# ./bin/httpd -l | grep event
event.c
[root@arch httpd]# ./bin/httpd -M | grep event
mpm_event_module (static)
配置
#conf/extra/httpd-mpm.conf
<IfModule mpm_prefork_module>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxRequestWorkers 250
MaxConnectionsPerChild 0
</IfModule>
<IfModule mpm_worker_module>
StartServers 3 #启动时进程数数
MinSpareThreads 75 #最小空闲进程数
MaxSpareThreads 250 #最大空闲进程数
ThreadsPerChild 25 #每个进程可启动线程数
MaxRequestWorkers 400 #最大接收请求数
MaxConnectionsPerChild 0 #每个进程最大请求数,0不做限制
</IfModule>
<IfModule mpm_event_module>
StartServers 3
MinSpareThreads 75
MaxSpareThreads 250
ThreadsPerChild 25
MaxRequestWorkers 400
MaxConnectionsPerChild 0
</IfModule>
7、DSO
#conf/httpd.conf
LoadModule <mod_name> <mod_path>
#路径相对于ServerRoot
8、文档路径
#conf/httpd.conf
DocumentRoot "/path/dir"
#绝对路径
9、站点路径
文件系统路径
<Directory "/path/dir"> #路径名、支持通配
......
</Directory>
<DirectoryMatch "pattern"> #路径名、支持正则
......
</DirectoryMatch>
<Files "/path/file"> #文件名、支持通配
......
</Files>
<FilesMatch "pattern"> #文件名、支持正则
......
</FilesMatch>
URL路径
<Location "/url"> #url、支持通配
...... #如www.domain.com/url,匹配/url部分
</Location>
<LocationMatch "pattern"> #url、支持正则
......
</LocationMatch>
Options
Indexes #主页丢失,列出路径下文件
FollowSymLinks #显示或隐藏符号链接文件
None #关闭所有选项
All #启用所有选项
AllowOverride
每个目录下存在一个.htaccess文件,定义目录访问控制,AllowOverride指明哪些命令可在.htaccess文件生效
None #关闭所有特性
All #启用所有特性
AuthConfig #基于用户认证时设置该值,此时将可以使用AuthGroupFile, AuthName, AuthType, AuthUserFile, equire等认证相关指令。
FileInfo #控制文档类型时使用该值,此时将可以使用ErrorDocument, SetHandler,以及一些URL重写的指令。
Indexes #控制目录索引时使用该值,此时可以使用AddIcon, DirectoryIndex。
Limit #是否允许使用order、allow、deny指令,这三个指令已经废弃,目前还存在是为了兼容老版本。
Require
Require all {granted | denied} #允许或拒绝所有访问
Require [not] {ip | host} value #允许或拒绝特定ip或主机
#黑名单
Require all granted
Require not ip 10.10.10.20
#白名单
Require all denied
Require ip 10.10.10.20
10、定义主页
DirectoryIndex index.html index.php
11、路径别名
Alias /webpath /full/filesystem/path
12、日志管理
错误日志
ErrorLog "logs/error_log" #日志路径
LogLevel warn #debug, info, notice, warn, error, crit,alert, emerg
访问日志
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog "logs/access_log" common
</IfModule>
%h:客户端IP地址;
%l:Remote logname,客户用户通过identd登录时使用名,通常为一个减号(“-”)
%u:Remote user,认证登录的用户,非登录访问时,其为一个减号(“-”)
%t:服务器收到请求时的时间
%r:请求报文的第一行
%>s:响应码
%B:响应包大小,含头
%b:响应包大小,不含头
%{Referer}i:请求报文中首部“referer”的值,即从哪个页面中的超链接跳转至当前页面的
%{User-Agent}i:请求报文中首部“User-Agent”的值,即发出请求的应用程序
更多日志格式参见官方文档
13、状态页面
#conf/httpd.conf
LoadModule status_module modules/mod_info.so #httpd服务器信息
LoadModule status_module modules/mod_status.so #httpd服务器状态信息
Include conf/extra/httpd-info.conf
#conf/extra/httpd-info.conf
<Location /server-status>
SetHandler server-status
Require ip 10.10.10
</Location>
<Location /server-info>
SetHandler server-info
Require ip 10.10.10
</Location>
14、用户访问控制
认证方式有两种:可定义在和中
- basic:明文,配合htpasswd
- digest:消息摘要,配合htdigest
{htpasswd | htdigest} [options] /PATH/TO/HTTPD_PASSWD_FILE username
-c:自动创建此处指定的文件
-m:md5格式加密
-s: sha格式加密
-b: 显示指定密码
-D:删除指定用户
basic配置示例(digest同理)
基于/server-status,做访问控制
基于用户
- 定义安全区域
#新建子配置文件
[root@arch httpd]# cat conf/extra/basic_auth.conf
<Location "/server-status">
Options None
AllowOverride None
AuthType Basic
AuthName "server-status just for admin"
AuthUserFile "/mnt/app/httpd/basic_user"
Require user admin
#Require valid-user #验证文件中所有用户
</Location>
- 主配置文件
#编辑主配置文件./conf/httpd.conf
LoadModule auth_basic_module modules/mod_auth_basic.so
Include conf/extra/basic_auth.conf
- 创建认证文件
#首次创建加-c选项
[root@arch httpd]# ./bin/htpasswd -cbs basic_user admin 123
[root@arch httpd]# ./bin/htpasswd -bs basic_user zs 123
[root@arch httpd]# cat basic_user
admin:{SHA}QL0AFWMIX8NRZTKeof9cXsvbvu8=
zs:{SHA}QL0AFWMIX8NRZTKeof9cXsvbvu8=
基于组
- 定义安全区域
#新建子配置文件
[root@arch httpd]# cat conf/extra/basic_auth.conf
<Location "/server-status">
Options None
AllowOverride None
AuthType Basic
AuthName "server-status just for admin"
AuthUserFile "/mnt/app/httpd/basic_user"
AuthGroupFile "/mnt/app/httpd/basic_group"
Require group admin_group custom_group
#Require valid-user #验证文件中所有用户
</Location>
- 主配置文件
#编辑主配置文件./conf/httpd.conf
LoadModule auth_basic_module modules/mod_auth_basic.so
Include conf/extra/basic_auth.conf
- 创建认证文件
#首次创建加-c选项
[root@arch httpd]# ./bin/htpasswd -cbs basic_user admin1 123
[root@arch httpd]# ./bin/htpasswd -cbs basic_user admin2 123
[root@arch httpd]# ./bin/htpasswd -bs basic_user zs1 123
[root@arch httpd]# ./bin/htpasswd -bs basic_user zs2 123
[root@arch httpd]# cat basic_user
zs1:{SHA}QL0AFWMIX8NRZTKeof9cXsvbvu8=
zs2:{SHA}QL0AFWMIX8NRZTKeof9cXsvbvu8=
admin1:{SHA}QL0AFWMIX8NRZTKeof9cXsvbvu8=
admin2:{SHA}QL0AFWMIX8NRZTKeof9cXsvbvu8=
- 用户分组
[root@arch httpd]# cat basic_group
admin_group: admin1 admin2
custom_group: zs1 zs2
15、虚拟主机
三种方案:
- 基于ip
- 基于port
- 基于FQDN
#conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin you@example.com
ServerName example.com
DocumentRoot "/file/dir"
<Directory "/file/dir">
Options None
AllowOverride None
Require all granted
</Directory>
ServerAlias example.com www.example.com
ErrorLog "logs/example.com-error_log"
CustomLog "logs/example.com-access_log" common
</VirtualHost>
基于ip
<VirtualHost 10.10.10.10:80>
ServerName example1.com
DocumentRoot "/file/dir1"
<Directory "/file/dir1">
Options None
AllowOverride None
Require all granted
</Directory>
ErrorLog "logs/example.com-error_log"
CustomLog "logs/example.com-access_log" common
</VirtualHost>
<VirtualHost 10.10.10.11:80>
ServerName example2.com
DocumentRoot "/file/dir2"
<Directory "/file/dir2">
Options None
AllowOverride None
Require all granted
</Directory>
ErrorLog "logs/example.com-error_log"
CustomLog "logs/example.com-access_log" common
</VirtualHost>
基于port
<VirtualHost 10.10.10.10:80>
ServerName example1.com
DocumentRoot "/file/dir1"
<Directory "/file/dir1">
Options None
AllowOverride None
Require all granted
</Directory>
ErrorLog "logs/example.com-error_log"
CustomLog "logs/example.com-access_log" common
</VirtualHost>
<VirtualHost 10.10.10.10:8080>
ServerName example2.com
DocumentRoot "/file/dir2"
<Directory "/file/dir2">
Options None
AllowOverride None
Require all granted
</Directory>
ErrorLog "logs/example.com-error_log"
CustomLog "logs/example.com-access_log" common
</VirtualHost>
基于fqdn
<VirtualHost 10.10.10.10:80>
ServerName example1.com
DocumentRoot "/file/dir1"
<Directory "/file/dir1">
Options None
AllowOverride None
Require all granted
</Directory>
ErrorLog "logs/example.com-error_log"
CustomLog "logs/example.com-access_log" common
</VirtualHost>
<VirtualHost 10.10.10.10:80>
ServerName example2.com
DocumentRoot "/file/dir2"
<Directory "/file/dir2">
Options None
AllowOverride None
Require all granted
</Directory>
ErrorLog "logs/example.com-error_log"
CustomLog "logs/example.com-access_log" common
</VirtualHost>
16、压缩传输
编译安装mod_deflate.so
[root@arch filters]# pwd
/mnt/src/httpd-2.4.41/modules/filters
[root@arch filters]# /mnt/app/httpd/bin/apxs -a -i -c mod_deflate.c
- 主配置文件
#conf/httpd.conf
LoadFile /usr/lib64/libz.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule filter_module modules/mod_filter.so
Include conf/extra/httpd-deflate.conf
- 新建压缩配置文件
#conf/extra/httpd-deflate.conf
<IfModule deflate_module>
#不指定其他选项表示对所有内容输出压缩
SetOutputFilter DEFLATE #设置过滤器"DEFLATE"
DeflateCompressionLevel 9 #设置压缩等级,1-9,9最高
#设置不对请求的文件后缀名为gif、jpg、jpeg、png等图片格式压缩
#SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ no-gzip dont-vary
#SetEnvIfNoCase Request_URI .(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
#SetEnvIfNoCase Request_URI .(?:pdf|mov|avi|mp3|mp4|rvmb)$ no-gzip dont-vary
#对html、xml...等类型文件进行压缩
#AddOutputFilter DEFLATE html xml php js css
#设置压缩mime类型
#AddOutputFilterByType DEFLATE text/* #对所有文本类型压缩,含text/plain、text/html...
#AddOutputFilterByType DEFLATE text/plain
#AddOutputFilterByType DEFLATE text/html
#AddOutputFilterByType DEFLATE application/xhtml+xml
#AddOutputFilterByType DEFLATE text/xml
#AddOutputFilterByType DEFLATE application/xml
#AddOutputFilterByType DEFLATE application/x-javascript
#AddOutputFilterByType DEFLATE text/javascript
#AddOutputFilterByType DEFLATE text/css
#匹配不支持压缩的浏览器,不进行压缩
#BrowserMatch ^Mozilla/4 gzip-only-text/html
#BrowserMatch ^Mozilla/4\.0[678] no-gzip
#BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
</IfModule>
17、HTTPS
编译安装mod_ssl.so
[root@arch ssl]# pwd
/mnt/src/httpd-2.4.41/modules/ssl
[root@arch ssl]# /mnt/app/httpd/bin/apxs -i -c -a -D -I /mnt/src/httpd-2.4.41/modules/md/ -lcrypto -lssl -ldl *.c
#-I 引入文件路径,编译时需要头文件mod_md.h,该文件位于md文件下
#conf/httpd.conf
LoadModule ssl_module modules/mod_ssl.so
#conf/extra/httpd-ssl.conf
Listen 443
<VirtualHost *:443>
SSLEngine on #开启ssl引擎
ServerName www.example.com:443
ServerAdmin you@example.com
DocumentRoot "/mnt/app/httpd/htdocs"
<Directory "/mnt/app/httpd/htdocs">
Options None
AllowOverride None
Require all granted
</Directory>
ErrorLog "/mnt/app/httpd/logs/error_log"
CustomLog "/mnt/app/httpd/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLCertificateFile "/mnt/app/httpd/conf/server.crt" #证书
SSLCertificateKeyFile "/mnt/app/httpd/conf/server.key" #私钥
18、反向代理
19、curl
curl [options...] <url>
-A/--user-agent <string> 设置用户代理发送给服务器
-basic 使用HTTP基本认证
--tcp-nodelay 使用TCP_NODELAY选项
-e/--referer <URL> 来源网址
--cacert <file> CA证书 (SSL)
--compressed 要求返回是压缩的格式
-H/--header <line>自定义首部信息传递给服务器
-I/--head 只显示响应报文首部信息
--limit-rate <rate> 设置传输速度
-u/--user <user[:password]>设置服务器的用户和密码
-0/--http1.0 使用HTTP 1.0
-o/--output FILE 写入到文件
单独编译模块
需进入源码包,找到对应模块的源码文件,使用apxs进行编译
/mnt/app/httpd/bin/apxs
-c 执行编译操作
-i 安装操作,安装一个或多个动态共享对象到服务器的modules目录
-a 自动增加一个LoadModule行到httpd.conf文件,以激活此模块
-A 与-a类似,但是它增加的LoadModule行前有井号前缀(#)
压力测试
ab命令
ab [options] [http://]hostname[:port]/path
-n:模拟请求总数
-c:模拟并发数
-k:模拟持久连接
示例
[root@cr ~]# ab -n 10000 -c 100 49.233.190.182/index.php
This is ApacheBench, Version 2.3 <$Revision: 1843412 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 49.233.190.182 (be patient)
Completed 1000 requests
Completed 2000 requests
Completed 3000 requests
Completed 4000 requests
Completed 5000 requests
Completed 6000 requests
Completed 7000 requests
Completed 8000 requests
Completed 9000 requests
Completed 10000 requests
Finished 10000 requests
Server Software: Apache/2.4.41
Server Hostname: 49.233.190.182
Server Port: 80
Document Path: /index.php
Document Length: 0 bytes
Concurrency Level: 100
Time taken for tests: 153.431 seconds
Complete requests: 10000
Failed requests: 0
Non-2xx responses: 10000
Total transferred: 9830000 bytes
HTML transferred: 0 bytes
Requests per second: 65.18 [#/sec] (mean)
Time per request: 1534.306 [ms] (mean)
Time per request: 15.343 [ms] (mean, across all concurrent requests)
Transfer rate: 62.57 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 5 29.8 0 1054
Processing: 16 1526 443.8 1634 3673
Waiting: 14 1526 443.8 1634 3672
Total: 16 1531 443.7 1635 3677
Percentage of the requests served within a certain time (ms)
50% 1635
66% 1723
75% 1776
80% 1807
90% 1933
95% 2115
98% 2549
99% 2869
100% 3677 (longest request)