httpd是Apache超文本传输协议(HTTP)服务器的主程序。它被设计为一个独立运行的后台进程,它会建立一个处理请求的子进程或线程的池对外提供服务。httpd支持基于 虚拟主机,以及基于HOST、IP、PORT实现虚拟主机,反向代理,负载均衡,路径别名,用户认证,basic,支持第三方模块等众多特性。本文主要描述了Linux下httpd(2.2版本)的相关基本配置。
1、配置文件概述
配置文件,主要分为3个部分:
# grep "Section" /etc/httpd/conf/httpd.conf
### Section 1: Global Environment(全局环境配置)
### Section 2: 'Main' server configuration (核心服务器配置)
### Section 3: Virtual Hosts(虚拟主机配置,即建多个站点)
注意:Main Server和Virtual Hosts不同时使用;默认启用的是Main Server;
配置文件的语法
指令 值
指令:不区分字符大小写
值:区分字符大小写
校验配置文件
httpd -t: 检查配置文件语法
service httpd configtest
当前配置使用的版本
# /usr/sbin/httpd -v
Server version: Apache/2.2.15 (Unix)
Server built: Aug 13 2013 17:29:28
2、关闭欢迎页面
/etc/httpd/conf.d/welcome.conf:重命名(不以.conf结尾)或删除
3、定义ServerRoot
ServerRoot "/etc/httpd"
定义httpd顶级目录,用于存放配置,错误,日志文件等
目录尾部不要使用斜杠
4、指定监听的地址和端口
Listen [IP:]PORT
注意:Listen可以出现多次
5、定义默认的主页面
DirectoryIndex index.html index.html.var index.php
6、设定默认字符集
AddDefaultCharset UTF-8
常用字符集:UTF-8, GBK, GB2312, GB18030
7、配置持久连接
KeepAlive Off|On 持久链接是开启还是关闭
MaxKeepAliveRequests 100 一次长连接最大能访问多少个资源,达到后会断开
KeepAliveTimeout 15 一次长连接的超时时长
8、模块动态装卸载
LoadModule foo_module modules/mod_foo.so
相对于ServerRoot参数所指定的路径;
ServerRoot /etc/httpd
可以参考: [Linux下安装Apache httpd](http://blog.csdn.net/leshami/article/details/49906229)
9、工作模式参数配置
<IfModule prefork.c> (prefork工作模式)
StartServers 8 (启动8个空闲进程)
MinSpareServers 5 (最少空闲进程为5)
MaxSpareServers 20 (最大空闲进程为20)
ServerLimit 256 (最多客户端数)
MaxClients 256 (最多客户端数)
MaxRequestsPerChild 4000 (每个子进程最大处理多少个请求)
</IfModule>
<IfModule worker.c> (work工作模式)
StartServers 4 (启动进程数)
MaxClients 300
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25 (每个进程最多启动多少个线程)
MaxRequestsPerChild 0
</IfModule>
注意:修改了装载的模块后,reload即可生效;
10、指定Main Server的docroot,用于设定URL的根路径,即与服务器上文件路径的映射关系
DocumentRoot "/var/www/html"
例如:/u01/web 此处DocumentRoot为/u01/web
文件系统路径:/u01/web/bbs/upload/a.rar
则URL路径为:http://Server_IP/bbs/upload/a.rar
# mkdir -p /u01/web
# echo "This is a new site location" > /u01/web/index.html
# vi /etc/httpd/conf/httpd.conf ###修改为/u01/web
# service httpd reload
# curl http://192.168.21.10
This is a new site location
11、站点路径访问控制
基于本地文件系统路径
<Directory "/path/to/some_directory">
Options Indexes FollowSymLinks
AllowOverride None
....
</Directory>
基于URL
<Location "/path/to/some_url">
</Location>
12、Directory容器中的访问控制定义
(a) Options (页面如何展示给用户看)
Indexes: 当访问的路径下无默认的主页面时,将所有资源以列表形式呈现给用户;危险,慎用;
FollowSysLinks:跟随符号链接指向的原文件(即能否访问链接文件);
上述选项,如果要去掉或者说关闭某项功能,则使用符号“-”,如下示例:
Options -Indexes FollowSymLinks
示例,关闭Indexes功能
# grep "\-Indexes" /etc/httpd/conf/httpd.conf
Options -Indexes FollowSymLinks
# service httpd reload
Reloading httpd:
[root@orasrv1 ~]# curl http://192.168.21.10
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title> ###收到403,没有访问许可
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /
on this server.</p>
<hr>
<address>Apache/2.2.15 (CentOS) Server at 192.168.21.10 Port 80</address>
</body></html>
(b) 基于IP的访问控制
Order allow,deny ###定义顺序
Allow from all ###允许所有主机访问
from后面能接受的地址格式:IP, Network Address
网络地址格式:
172.16
172.16.0.0
172.16.0.0/16
172.16.0.0/255.255.0.0
示例:
Order allow,deny
Deny from 172.16.100.77
Allow from 172.16
13、内置的status页面
<Location /server-status> ###是一个内置页,用于展示服务器性能
SetHandler server-status ###(处理器:是一个小程序)
Order deny,allow
Deny from all
Allow from 192.168
</Location>
ExtendedStatus On 可以通过配置该指令,获取更多的统计信息
示例:
# curl http://192.168.21.10/server-status
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
...........
<pre>
7957 in state: _ , 7958 in state: W , 7959 in state: _
7960 in state: _ , 7961 in state: _ , 7962 in state: _
7963 in state: _ , 7964 in state: _ ,
</pre>
............
</body></html>
14、虚拟主机
一个物理服务器(虚拟机)服务于多个站点:每个站点通过一个虚拟主机来实现;
httpd支持三种类型的虚拟主机:
基于IP
基于Port
基于Host
注意:禁用Main Server; 注释DocumentRoot指令即可;即虚拟主机与Main Server不兼容
定义虚拟主机:
<VirtualHost "IP:PORT">
ServerName
DocumentRoot
ServerAlias
<Directory >
</Directory>
ErrorLog
CustomLog
</VirtualHost>
示例1:基于IP,假定如下配置,当前主机上已配置2个IP
<VirtualHost 192.168.21.10:80>
ServerName websrv.ycdata.net
DocumentRoot "/Vhosts/websrv.ycdata.net"
</VirtualHost>
<VirtualHost 192.168.144.128:80>
ServerName bbs.ycdata.net
DocumentRoot "/Vhosts/bbs.ycdata.net"
</VirtualHost>
注,虚拟主机监听的端口必须和Listen监听的一样
# mkdir -p /Vhosts/websrv.ycdata.net
# mkdir -p /Vhosts/bbs.ycdata.net
# echo "<h1>you are visiting websrv.ycdata.net</h1>">/Vhosts/websrv.ycdata.net/index.html
# echo "<h1>you are visiting bbs.ycdata.net</h1>">/Vhosts/bbs.ycdata.net/index.html
# httpd -t
# service httpd reload
# curl http://192.168.21.10/
<h1>you are visiting websrv.ycdata.net</h1>
# curl http://192.168.144.128/
<h1>you are visiting bbs.ycdata.net</h1>
示例2:基于Port,假定如下配置
Listen 8080
Listen 8081
<VirtualHost 192.168.21.10:8080>
ServerName websrv.ycdata.net
DocumentRoot "/Vhosts/websrv.ycdata.net"
</VirtualHost>
<VirtualHost 192.168.21.10:8081>
ServerName bbs.ycdata.net
DocumentRoot "/Vhosts/bbs.ycdata.net"
</VirtualHost>
# httpd -t
# service httpd reload
# curl http://192.168.21.10:8080
<h1>you are visiting websrv.ycdata.net</h1>
# curl http://192.168.21.10:8081
<h1>you are visiting bbs.ycdata.net</h1>
示例3:基于Host
NameVirtualHost 192.168.21.10:80
<VirtualHost 192.168.21.10:80>
ServerName websrv.ycdata.net
DocumentRoot "/Vhosts/websrv.ycdata.net"
</VirtualHost>
<VirtualHost 192.168.21.10:80>
ServerName bbs.ycdata.net
DocumentRoot "/Vhosts/bbs.ycdata.net"
</VirtualHost>
修改windows客户端hosts如下
C:\Users\1636>type C:\Windows\System32\drivers\etc\hosts
192.168.21.10 websrv.ycdata.net
192.168.21.10 bbs.ycdata.net
# httpd -t
# service httpd reload
# 基于Windows端测试,截图略
15、配置日志功能
指令集位置,级别定义
ErrorLog logs/error_log:定义错误日志文件路径;会被虚拟机主机继承;也可以基于虚拟之际定义日志
LogLevel warn
支持这些级别:debug, info, notice, warn, error, crit, alert, emerg.
定义日志格式
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
%h Remote host
%l Remote logname (from identd, if supplied)
%u Remote user (from auth; may be bogus if return status (%s) is 401)
%t Time the request was received (standard english format)
%r First line of request
method url version
%s Status. For requests that got internally redirected, this is the status
of the *original* request --- %>s for the last.
%b Size of response in bytes, excluding HTTP headers. In CLF format,
i.e. a '-' rather than a 0 when no bytes are sent.
%{Foobar}i The contents of Foobar: header line(s) in the request sent to the server.
%{referer}i: 跳转至当前页面之前来源的上一次所在的页面;
%{User-Agent}i:用户代理;
详情请参考:http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats
定义访问日志,如下示例尾部使用了combined,则会使用我们自定义的日志格式
CustomLog logs/access_log combined
指令 日志文件 日志格式名称
16、与配置相关的一些命令
httpd程序自带的工具程序:
httpd: apache的服务程序
-t: 配置文件语法测试
-M: 列出所有已经装载的模块
-l: 列出所有的静态模块
-S:列出所有的虚拟主机
如,列出当前定义的虚拟主机
# httpd -S
VirtualHost configuration:
192.168.21.10:80 is a NameVirtualHost
default server websrv.ycdata.net (/etc/httpd/conf/httpd.conf:1022)
port 80 namevhost websrv.ycdata.net (/etc/httpd/conf/httpd.conf:1022)
port 80 namevhost bbs.ycdata.net (/etc/httpd/conf/httpd.conf:1026)
Syntax OK
apachectl: shell脚本,httpd服务控制
apxs: httpd得以扩展使用第三方模块的工具接口;
rotatelogs: 不关闭httpd而切换其使用到的日志文件
access_log, access_log.1, access_log.2