# TypesConfig describes where the mime.types file (or equivalent) is
# to be found.
#
# 由于有许多MIME类型数据的文件,大部分都以后缀为其类型的代表。这样就可以让浏览器知道
# 用什么程序打开什么样类型的文件。这个文件在/etc目录下。
#
<IfModule mod_mime.c>
TypesConfig /etc/mime.types
</IfModule>
#
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
# 当无法判断类型的时候,默认把未知的类型当成一般文字文件来进行处理。如果想让未知类型文件由浏览器来通知
# 用户下载,应将text/plain改为application/octet-stream。就可以了
#
DefaultType text/plain
#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
# mod_mime_magic is not part of the default server (you have to add
# it yourself with a LoadModule [see the DSO paragraph in the 'Global
# Environment' section], or recompile the server and include mod_mime_magic
# as part of the configuration), so it's enclosed in an <IfModule> container.
# This means that the MIMEMagicFile directive will only be processed if the
# module is part of the server.
#
# 除了从文件的后缀来判断文件的类型,还可以在进一步的分析文件的一些特征,这样就能够更加真实的判断文件的MIME类型了。
# 这个功能必须要加载mod_mime_magic.c这个模块。在默认情况下这个模块并没有被加载。
#
<IfModule mod_mime_magic.c>
# MIMEMagicFile /usr/share/magic.mime
MIMEMagicFile conf/magic
</IfModule>
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
# 如果打算记录连接到此WEB SERVER的主机名称则可以将OFF改为ON,否则服务器只可记住连接到这个WEB SERVER上来的IP ADDRESS
#
HostNameLookups off
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
# 记录浏览者载入WEB PAGE时所发生的错误,以及关闭或启动HTTPD的信息。
#
ErrorLog logs/error_log
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
# 设置要存入error_log文件的信息等级
#
LogLevel warn
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
# 记录每个记录的格式,格式有combined(组合模式),common(普通模式),referer(交付模式),agent(代理模式)四种.
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
# 定义每种模式所用的日志文件存放在哪个目录中
#
# CustomLog /var/log/httpd/access_log common
CustomLog logs/access_log combined
#
# If you would like to have agent and referer logfiles, uncomment the
# following directives.
#
#CustomLog logs/referer_log referer
#CustomLog logs/agent_log agent
#
# If you prefer a single logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
#CustomLog logs/access_log combined
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (error documents, FTP directory listings,
# mod_status and mod_info output etc., but not CGI generated documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
# 当客户端请求的WEB PAGE不存在的时候,服务器将产生错误文档。错误文档的最后一行将包含WEB SERVER的名称
# APACHE的版本信息等。建议设置为OFF,若将此处添加为Email则相当于选项ON,并且还会显示出管理员的EMAIL地址
#
ServerSignature On
# EBCDIC configuration:
# (only for mainframes using the EBCDIC codeset, currently one of:
# Fujitsu-Siemens' BS2000/OSD, IBM's OS/390 and IBM's TPF)!!
# The following default configuration assumes that "text files"
# are stored in EBCDIC (so that you can operate on them using the
# normal POSIX tools like grep and sort) while "binary files" are
# stored with identical octets as on an ASCII machine.
#
# The directives are evaluated in configuration file order, with
# the EBCDICConvert directives applied before EBCDICConvertByType.
#
# If you want to have ASCII HTML documents and EBCDIC HTML documents
# at the same time, you can use the file extension to force
# conversion off for the ASCII documents:
# > AddType text/html .ahtml
# > EBCDICConvert Off=InOut .ahtml
#
# EBCDICConvertByType On=InOut text/* message/* multipart/*
# EBCDICConvertByType On=In application/x-www-form-urlencoded
# EBCDICConvertByType On=InOut application/postscript model/vrml
# EBCDICConvertByType Off=InOut */*
#
# Aliases: Add here as many aliases as you need (with no limit). The format is
# Alias fakename realname
#
# 允许利用一个别名替代完整路径名称
#
<IfModule mod_alias.c>
#
# Note that if you include a trailing / on fakename then the server will
# require it to be present in the URL. So "/icons" isn't aliased in this
# example, only "/icons/". If the fakename is slash-terminated, then the
# realname must also be slash terminated, and if the fakename omits the
# trailing slash, the realname must also omit it.
#
# 利用/icons/替代/var/www/icons,这样就不用去到DocumentRoot的目录下进行查找了,一般用
# Alias都是为了映射一些公用的文件目录。Alias一般是用于在一般目录下的。
#
Alias /icons/ "/var/www/icons/"
<Directory "/var/www/icons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
# This Alias will project the on-line documentation tree under /manual/
# even if you change the DocumentRoot. Comment it if you don't want to
# provide access to the on-line documentation.
#
# Alias /manual/ "/etc/httpd/htdocs/manual/"
#
# <Directory "/etc/httpd/htdocs/manual">
# Options Indexes FollowSymlinks MultiViews
# AllowOverride None
# Order allow,deny
# Allow from all
# </Directory>
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the realname directory are treated as applications and
# run by the server when requested rather than as documents sent to the client.
# The same rules about trailing "/" apply to ScriptAlias directives as to
# Alias.
#
# ScriptAlias是专门用于映射CGI程序的路径的,这样就可以执行CGI的程序来获得程序所执行出来的结果。这样就不会
# 返回出CGI程序内容本身了。
#
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
#
# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
# 设定/var/www/cgi-bin这个目录的权限。
#
<Directory "/var/www/cgi-bin">
AllowOverride None
#
# 将OPTIONS参数NONE改为ExecCGI就可以执行CGI的程序了
#
Options None
Order allow,deny
Allow from all
</Directory>
</IfModule>
# End of aliases.
#
# Redirect allows you to tell clients about documents which used to exist in
# your server's namespace, but do not anymore. This allows you to tell the
# clients where to look for the relocated document.
#
# 如果地址已经改变可以将旧地址改为新的地址,这样就不会丢失连接了
# 例如:Redirect http://test.thizlinux.com.cn/luntan.html http://test.thizlinux.com.cn/bbs.html
#
# Format: Redirect old-URI new-URL
#
#
# Directives controlling the display of server-generated directory listings.
#
<IfModule mod_autoindex.c>
#
# FancyIndexing is whether you want fancy directory indexing or standard
#
# 可以从浏览器中显示目录的文件列表,设置这条语句是在列出文件时,用不同小图标来表示不同类型的文件
# 可以用AddIconByType选项来设置。图标存放在/var/www/icons目录下。
#
IndexOptions FancyIndexing Name>
#
# AddIcon* directives tell the server which icon to show for different
# files or filename extensions. These are only displayed for
# FancyIndexed directories.
#
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
#
# DefaultIcon is which icon to show for files which do not have an icon
# explicitly set.
#
# 对于不未知的类型文件,用未知的图标来表示
#
DefaultIcon /icons/unknown.gif
#
# AddDescription allows you to place a short description after a file in
# server-generated indexes. These are only displayed for FancyIndexed
# directories.
# Format: AddDescription "description" filename
#
# 利用AddDescription语句还可以对文件加上说明,这样就可以告诉用户什么样的后缀是什么意思
#
#AddDescription "GZIP compressed document" .gz
#AddDescription "tar archive" .tar
#AddDescription "GZIP compressed tar archive" .tgz
#
# ReadmeName is the name of the README file the server will look for by
# default, and append to directory listings.
#
# HeaderName is the name of a file which should be prepended to
# directory indexes.
#
# If MultiViews are amongst the Options in effect, the server will
# first look for name.html and include it if found. If name.html
# doesn't exist, the server will then look for name.txt and include
# it as plaintext if found.
#
# 在列出文件列表后,可以在文件列表的头(HEADER),尾(README)加上说明。两个文件需要自己创建
#
ReadmeName README
HeaderName HEADER
#
# IndexIgnore is a set of filenames which directory indexing should ignore
# and not include in the listing. Shell-style wildcarding is permitted.
#
# 同时可以控制列表那些指定的文件不可以列出,下面的意思是HEADER和README就不可被列出。
#
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
</IfModule>
# End of indexing directives.
#
# Document types.
#
<IfModule mod_mime.c>
#
# AddEncoding allows you to have certain browsers (Mosaic/X 2.1+) uncompress
# information on the fly. Note: Not all browsers support this.
# Despite the name similarity, the following Add* directives have nothing
# to do with the FancyIndexing customization directives above.
#
# 利用AddEncoding当遇到.z与.gz,.tar后缀文件时,让SERVER自动解压。
#
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz
#
# AddLanguage allows you to specify the language of a document. You can
# then use content negotiation to give a browser a file in a language
# it can understand.
#
# Note 1: The suffix does not have to be the same as the language
# keyword --- those with documents in Polish (whose net-standard
# language code is pl) may wish to use "AddLanguage pl .po" to
# avoid the ambiguity with the common suffix for perl scripts.
#
# Note 2: The example entries below illustrate that in quite
# some cases the two character 'Language' abbreviation is not
# identical to the two character 'Country' code for its country,
# E.g. 'Danmark/dk' versus 'Danish/da'.
#
# Note 3: In the case of 'ltz' we violate the RFC by using a three char
# specifier. But there is 'work in progress' to fix this and get
# the reference data for rfc1766 cleaned up.
#
# Danish (da) - Dutch (nl) - English (en) - Estonian (ee)
# French (fr) - German (de) - Greek-Modern (el)
# Italian (it) - Korean (kr) - Norwegian (no) - Norwegian Nynorsk (nn)
# Portugese (pt) - Luxembourgeois* (ltz)
# Spanish (es) - Swedish (sv) - Catalan (ca) - Czech(cz)
# Polish (pl) - Brazilian Portuguese (pt-br) - Japanese (ja)
# Russian (ru)
#
# 这些都属于语言设置,其功能是允许服务器将适用于WEB PAGE浏览器版本的文件传送给WEB PAGE浏览器。因为
# 一个HTML文档可以有不同的语言版本。对于中文可以不用设置
#
AddLanguage da .dk
AddLanguage nl .nl
AddLanguage en .en
AddLanguage et .ee
AddLanguage fr .fr
AddLanguage de .de
AddLanguage el .el
AddLanguage he .he
AddCharset ISO-8859-8 .iso8859-8
AddLanguage it .it
AddLanguage ja .ja
AddCharset ISO-2022-JP .jis
AddLanguage kr .kr
AddCharset ISO-2022-KR .iso-kr
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddCharset ISO-8859-2 .iso-pl
AddLanguage pt .pt
AddLanguage pt-br .pt-br
AddLanguage ltz .lu
AddLanguage ca .ca
AddLanguage es .es
AddLanguage sv .se
AddLanguage cz .cz
AddLanguage ru .ru
AddLanguage zh-tw .tw
AddLanguage tw .tw
AddCharset Big5 .Big5 .big5
AddCharset WINDOWS-1251 .cp-1251
AddCharset CP866 .cp866
AddCharset ISO-8859-5 .iso-ru
AddCharset KOI8-R .koi8-r
AddCharset UCS-2 .ucs2
AddCharset UCS-4 .ucs4
AddCharset UTF-8 .utf8
# LanguagePriority allows you to give precedence to some languages
# in case of a tie during content negotiation.
#
# Just list the languages in decreasing order of preference. We have
# more or less alphabetized them here. You probably want to change this.
#
# LanguagePriority是用来设定不同语言的优先级的,这样就可以按照顺序来用不同的语言版本回应请求
#
<IfModule mod_negotiation.c>
LanguagePriority en da nl et fr de el it ja kr no pl pt pt-br ru ltz ca es sv tw
</IfModule>
#
# AddType allows you to tweak mime.types without actually editing it, or to
# make certain files to be certain types.
#
# For example, the PHP 3.x module (not part of the Apache distribution - see
# http://www.php.net) will typically use:
#
# 加载相应的模块可以让服务器允许使用PHP,PHP3,PHP4
#
<IfModule mod_php3.c>
AddType application/x-httpd-php3 .php3
AddType application/x-httpd-php3-source .phps
</IfModule>
#
# And for PHP 4.x, use:
#
<IfModule mod_php4.c>
AddType application/x-httpd-php .php .php4 .php3 .phtml
AddType application/x-httpd-php-source .phps
</IfModule>
#
# For PHP/FI (PHP2), use:
#
<IfModule mod_php.c>
AddType application/x-httpd-php .phtml
</IfModule>
AddType application/x-tar .tgz
#
# AddHandler allows you to map certain file extensions to "handlers",
# actions unrelated to filetype. These can be either built into the server
# or added with the Action command (see below)
#
# If you want to use server side includes, or CGI outside
# ScriptAliased directories, uncomment the following lines.
#
# To use CGI scripts:
#
# 如果遇到某些扩展名时应该用什么方式来进行处理。下面的意思是:如果扩展名是.cgi的,应当作CGI-Script来处理
#
#AddHandler cgi-script .cgi
#
# To use server-parsed HTML files
#
# 如果扩展名为.shtml则有服务器来解释WEB PAGE中的SSI命令。但是必须要在目录声明中使用:
# Options Includes如果使用Options IncludesNOExec则表明可以执行SSI,但是不可以引用
# 外部的命令或者是程序
#
# 还有一种是XBitBack选项设置,如果设置为ON,则SERVER会检查所有的text/html的文档,但是
# 这样会导致系统可用率的降低,一般都应该设置为OFF
#
AddType text/html .shtml
AddHandler server-parsed .shtml
#
# Uncomment the following line to enable Apache's send-asis HTTP file
# feature
#
# 允许SERVER直接发送扩展名为.asis的文件
#
#AddHandler send-as-is asis
#
# If you wish to use server-parsed imagemap files, use
#
# 允许WEB PAGE使用CGI处理的网页地图
#
AddHandler imap-file map
#
# To enable type maps, you might want to use
#
# 启用这个语句,可让SERVER在内容协商的时候可以更精确的获得结果
#
#AddHandler type-map var
</IfModule>
# End of document types.
#
# MetaDir: specifies the name of the directory in which Apache can find
# meta information files. These files contain additional HTTP headers
# to include when sending the document
#
# 设置SERVER可以使用的META信息所在的目录,一般没什么太大的作用
#
#MetaDir .web
#
# MetaSuffix: specifies the file name suffix for the file containing the
# meta information.
#
# 设置META文件的后缀
#
#MetaSuffix .meta
#
# Customizable error response (Apache style)
# these come in three flavors
#
# 以下三种是代表着当浏览者存取WEB PAGE时发生错误,按照一定的条件显示三种中的其中一种
#
# 1) plain text
#ErrorDocument 500 "The server made a boo boo.
# n.b. the single leading (") marks it as text, it does not get output
#
# 2) local redirects
#ErrorDocument 404 /missing.html
# to redirect to local URL /missing.html
#ErrorDocument 404 /cgi-bin/missing_handler.pl
# N.B.: You can redirect to a script or a document using server-side-includes.
#
# 3) external redirects
#ErrorDocument 402 http://some.other_server.com/subscription_info.html
# N.B.: Many of the environment variables associated with the original
# request will *not* be available to such a script.
#
# Customize behaviour based on the browser
#
<IfModule mod_setenvif.c>
#
# The following directives modify normal HTTP response behavior.
# The first directive disables keepalive for Netscape 2.x and browsers that
# spoof it. There are known problems with these browser implementations.
# The second directive is for Microsoft Internet Explorer 4.0b2
# which has a broken HTTP/1.1 implementation and does not properly
# support keepalive when it is used on 301 or 302 (redirect) responses.
#
# 如果使用Mozilla MSIE4就不能提供keepalive这种功能,这样可以使老版本的浏览器兼容
#
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
#
# The following directive disables HTTP/1.1 responses to browsers which
# are in violation of the HTTP/1.0 spec by not being able to grok a
# basic 1.1 response.
#
# 如果使用以下三种程序,则应该以HTTP1.0的规格来响应这个请求
#
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
</IfModule>
# End of browser customization directives
# Allow server status reports, with the URL of http://servername/server-status
# Change the ".your_domain.com" to match your domain to enable.
#
# 如果起用下面的区块,则客户端可以输入http://server-name/server-status来查看系统当前的状态
#
#<Location /server-status>
# SetHandler server-status
# Order deny,allow
# Deny from all
#
# 只允许从.your_domain.com来查看
#
# Allow from .your_domain.com
#</Location>
#
# Allow remote server configuration reports, with the URL of
# http://servername/server-info (requires that mod_info.c be loaded).
# Change the ".your_domain.com" to match your domain to enable.
#
# 如果起用下面的区块,则客户端可以输入http://server-name/server-info来查看系统的相关信息
#
#<Location /server-info>
# SetHandler server-info
# Order deny,allow
# Deny from all
# Allow from .your_domain.com
#</Location>
#
# Allow access to local system documentation from localhost
#
Alias /doc/ /usr/share/doc/
<Directory /usr/share/doc>
order deny,allow
deny from all
#
# 这个目录只允许本地端的用户浏览
#
allow from localhost .localdomain
Options Indexes FollowSymLinks
</Directory>
#
# There have been reports of people trying to abuse an old bug from pre-1.1
# days. This bug involved a CGI script distributed as a part of Apache.
# By uncommenting these lines you can redirect these attacks to a logging
# script on phf.apache.org. Or, you can record them yourself, using the script
# support/phf_abuse_log.cgi.
#
# 在以前的APACHE版本中有一些BUG,启动这个区块可以将其导向到错误的WEB PAGE上
#
#<Location /cgi-bin/phf*>
# Deny from all
# ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi
#</Location>
#
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#
# 可以利用APACHE做PROXY SERVER,但是要有mod_proxy.c这个模块,而下面的目录区块是用来设置访问权限和缓存的各项参数的
#
#<IfModule mod_proxy.c>
# ProxyRequests On
# <Directory proxy:*>
# Order deny,allow
# Deny from all
#
# 如果要启用此功能,则要将.your_domain.com改为真实的DOMAIN_NAME(.thizlinux.com.cn)
#
# Allow from .your_domain.com
# </Directory>
#
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#
# 此设置用于处理HTTP1.1的Via:文件头的功能
#
# ProxyVia On
#
# To enable the cache as well, edit and uncomment the following lines:
# (no caching without CacheRoot)
#
# 选择缓存要存放在哪个目录下
#
# CacheRoot "/var/cache/httpd"
#
# 定义缓存的大小,这里是为5K
#
# CacheSize 5
#
# 定义每隔几个小时去检查缓存的大小
#
# CacheGcInterval 4
#
# 一份文件最久可留在缓存中的时间是多少小时
#
# CacheMaxExpire 24
#
# 定义自上次更新后多久就需要本删除的系数,即为:一个WEB PAGE在缓存里面保留24小时,在乘以0.1,即为在上次更新后2.4小时后
# 就会被删除。但是若计算出来的结果大于CacheMaxExpire的数值,则以CacheMaxExpire的数值为准
#
# CacheLastModifiedFactor 0.1
#
# 对于使用非HTTP的传输协议,在经过多少小时后,这个文件将会从缓存中删除
#
# CacheDefaultExpire 1
#
# 定义那些文件或者是哪些域名里面的内容不要缓存
#
# NoCache a_domain.com another_domain.edu joes.garage_sale.com
#</IfModule>
# End of proxy directives.
### Section 3: Virtual Hosts
###
### 三:虚拟主机的设置
###
#
# VirtualHost: If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Use name-based virtual hosting.
#
# 设置虚拟主机的IP或者是域名,并且可以添加端口
# NameVirtualHost 192.168.0.168
# NameVirtualHost 192.168.0.168:80
#
#NameVirtualHost *
NameVirtualHost 192.168.0.168
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
# VirtualHost的后面可以写上IP,或者是域名,地址一定要和NanmeVirtualHost一致。
#
#<VirtualHost *>
#
# 指定WEB SERVER的EMAIL地址
#
# ServerAdmin webmaster@dummy-host.example.com
#
# 存放网页的跟目录
#
# DocumentRoot /www/docs/dummy-host.example.com
#
# 指定ServerName的虚拟主机名称。即为域名
#
# ServerName dummy-host.example.com
#
# 指定错误信息记录文件
#
# ErrorLog logs/dummy-host.example.com-error_log
# CustomLog logs/dummy-host.example.com-access_log common
#</VirtualHost>
#
# 可以在一个IP上创建多个虚拟主机,但是存放的目录不能一致
# 例:
#<VirtualHost 192.168.0.168>
# ServerAdmin root@thizlinux.com.
# DocumentRoot /html/www
# ServerName www.thizlinux.com
#</VirtualHost>
#<VirtualHost 192.168.0.168>
# ServerAdmin root@thizlinux.com.
# DocumentRoot /news
# ServerName new.thizlinux.com
#</VirtualHost>
#<VirtualHost _default_:*>
#</VirtualHost>
##
## SSL Global Context
##
## 如果定义了HAVE——SSL,则可以配置SSL的认证服务
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
#
# Some MIME-types for downloading Certificates and CRLs
#
<IfDefine HAVE_SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfDefine>
<IfModule mod_ssl.c>
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
#SSLSessionCache none
#SSLSessionCache shmht:logs/ssl_scache(512000)
#SSLSessionCache shmcb:logs/ssl_scache(512000)
SSLSessionCache shm:logs/ssl_scache(512000)
SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
SSLMutex file:logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
# Logging:
# The home of the dedicated SSL protocol logfile. Errors are
# additionally duplicated in the general error log file. Put
# this somewhere where it cannot be used for symlink attacks on
# a real server (i.e. somewhere where only root can write).
# Log levels are (ascending order: higher ones include lower ones):
# none, error, warn, info, trace, debug.
SSLLog logs/ssl_engine_log
SSLLogLevel error
</IfModule>
<IfDefine HAVE_SSL>
##
## SSL Virtual Host Context
##
<VirtualHost _default_:443>
# General setup for the virtual host
#DocumentRoot "/etc/httpd/htdocs"
#ServerName new.host.name
#ServerAdmin you@your.address
ErrorLog logs/error_log
TransferLog logs/access_log
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A test
# certificate can be generated with `make certificate' under
# built time. Keep in mind that if you've both a RSA and a DSA
# certificate you can configure both in parallel (to also allow
# the use of DSA ciphers, etc.)
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
#SSLCertificateFile /etc/httpd/conf/ssl.crt/server-dsa.crt
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<IfDefine tomcat>
include /usr/tomcat/conf/mod_jk.conf-auto
</IfDefine>
</VirtualHost>
转载于:https://blog.51cto.com/susir/330360
484
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
