centos7 httpd配置
centos7 httpd配置
标签(空格分隔): 未分类
隐藏server信息
修改httpd.conf 设置,添加如下两行
ServerSignature Off
ServerTokens Prod
开启长连接
KeepAlive on
KeepAliveTimeout 60 #超时时间
MaxKeepAliveRequests 100 #超时时间内达到100个请求也将断开连接
启用文件压缩配置
在conf.d目录下新建配置文件compress.conf
SetOutputFilter DEFLATE
# mod_deflate configuration
# Restrict compression to these MIME types
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/css
# Level of compression (Highest 9 - Lowest 1)
DeflateCompressionLevel 9
# Netscape 4.x has some problems.
BrowserMatch ^Mozilla/4 gzip-only-text/html
# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4\.0[678] no-gzip
# MSIE masquerades as Netscape, but it is fine
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
httpd内置状态页面
在conf.d目录下编辑httpd-info.conf
<Location /server-status>
SetHandler server-status
require all denied
Require ip 172.16.138.1
</Location>
extendedstatus on
配置https
安装mod_ssl模块
yum install mod_ssl -y
在conf.d目录下编辑ssl.conf
Listen 443
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLHonorCipherOrder on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/usr/local/httpd/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost _default_:443>
DocumentRoot "/usr/local/httpd/htdocs"
ServerName www.example.com:443
ServerAdmin you@example.com
ErrorLog "/usr/local/httpd/logs/error_log"
TransferLog "/usr/local/httpd/logs/access_log"
SSLEngine on
SSLCertificateFile "/usr/local/httpd/conf/server.crt"
SSLCertificateKeyFile "/usr/local/httpd/conf/server.key"
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt #购买证书需修改此处配置
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt #自建证书修改配置
#修改上面四行的证书文件路径,
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/httpd/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
配置http强制跳转https
在主配置文件中添加如下字段
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
强制301重定向到https
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R=301,L]
</IfModule>
引用:https://blog.csdn.net/ithomer/article/details/78986266
配置basic访问验证
<Directory "/var/www/html">
Options Indexes FollowSymLinks #允许索引,和链接文件
AllowOverride None
authtype basic #认证类型
authname "test" #浏览器弹框提示信息
authuserfile /etc/httpd/.htpass #认证用户文件
#authgroupfile /etc/httpd/allow.group #认证组文件
#require group test
require valid-user #所有userfile文件的用户都可以访问
#require user user1 user2 #user1 user2 可以访问
</Directory>
htpasswd -m -c /etc/httpd/.htpass tom 添加验证用户 #-c创建用户文件
组文件
mygroup: bob joe anne
配置digest访问验证
<Directory "/var/www/html">
Options Indexes FollowSymLinks #允许索引,和链接文件
AllowOverride None
authtype digest
authname "digest test"
authdigestprovider file
authuserfile /etc/httpd/.htpass
require valid-user
</Directory>
require valid-user #所有userfile文件的用户都可以访问
</Directory>
创建用户文件
htdigest -c /etc/httpd/.htpass "digest test" tom #此处引号中内容需要与authname定义内容相同
虚拟主机配置
基于主机名的虚拟主机,在conf.d目录下编辑配置文件vhost-servername.conf
<VirtualHost *:80>
DocumentRoot "/data/vhost1/"
<Directory "/data/vhost1">
<requireall>
require all granted
</requireall>
</Directory>
ServerName a.test.com
ServerAlias www.dummy-host.example.com
ErrorLog "logs/vhost.-error_log"
CustomLog "logs/vhost-access_log" common
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/data/vhost2"
<Directory "/data/vhost2">
<requireall>
require all granted
</requireall>
</Directory>
ServerName b.test.com
ErrorLog "logs/vhost2-error_log"
CustomLog "logs/vhost2-access_log" common
</VirtualHost>
基于端口的虚拟主机,在conf.d目录下编辑配置文件vhost-port.conf
listen 80
listen 8080
<VirtualHost *:8080>
DocumentRoot "/data/vhost1/"
<Directory "/data/vhost1">
<requireall>
require all granted
</requireall>
</Directory>
ServerName a.test.com
ServerAlias www.dummy-host.example.com
ErrorLog "logs/vhost.-error_log"
CustomLog "logs/vhost-access_log" common
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/data/vhost2"
<Directory "/data/vhost2">
<requireall>
require all granted
</requireall>
</Directory>
ServerName b.test.com
ErrorLog "logs/vhost2-error_log"
CustomLog "logs/vhost2-access_log" common
</VirtualHost>
基于IP的虚拟主机,在conf.d目录下编辑配置文件vhost-ip.conf
listen 80
<VirtualHost 192.168.0.100:80>
DocumentRoot "/data/vhost1/"
<Directory "/data/vhost1">
<requireall>
require all granted
</requireall>
</Directory>
ServerName a.test.com
ServerAlias www.dummy-host.example.com
ErrorLog "logs/vhost.-error_log"
CustomLog "logs/vhost-access_log" common
</VirtualHost>
<VirtualHost 192.168.0.200:80>
DocumentRoot "/data/vhost2"
<Directory "/data/vhost2">
<requireall>
require all granted
</requireall>
</Directory>
ServerName b.test.com
ErrorLog "logs/vhost2-error_log"
CustomLog "logs/vhost2-access_log" common
</VirtualHost>
反向代理
在主配置文件中或者虚拟主机中添加如下字段
ProxyRequests off
#<Proxy />
# Order deny,allow
# Allow from all
#</Proxy>
ProxyPass / http://172.16.138.129
ProxyPassReverse / http://172.16.138.129
设置反向代理后端服务器日志记录真实IP地址
在代理服务器配置中添加如下配置
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 172.16.138.129 #此处地址为后端服务器地址
后端服务器日志格式修改
默认格式为:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
修改为:
LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
参考:https://blog.csdn.net/qq_22227087/article/details/91519602
日志字段说明
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
%h:客户端IP地址;
%l:Remote User, 通常为一个减号(“-”);
%u:Remote user (from auth; may be bogus if return status (%s) is 401);非为登录访问时,其为一个减号;
%t:服务器收到请求时的时间;
%r:First line of request,即表示请求报文的首行;记录了此次请求的“方法”,“URL”以及协议版本;
%>s:响应状态码;
%b:响应报文的大小,单位是字节;不包括响应报文的http首部;
%{Referer}i:请求报文中首部“referer”的值;即从哪个页面中的超链接跳转至当前页面的;
%{User-Agent}i:请求报文中首部“User-Agent”的值;即发出请求的应用程序;
在线文档说明
http://httpd.apache.org/docs/2.4/mod/mod_log_config.html#formats
centos7 httpd配置的更多相关文章
- Linux CentOS7 httpd 配置注释
本文首发:https://www.somata.work/2019/LinuxCentOShttpdConfigComment.html 如果没看懂可以去看看官方发布的文档 apache官方文档 co ...
- CentOS7安装配置Apache HTTP Server
RPM安装httpd 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 # yum -yinstall http ...
- Centos7安装配置Apache+PHP+Mysql+phpmyadmin
转载自: Centos7安装配置Apache+PHP+Mysql+phpmyadmin 一.安装Apache yum install httpd 安装成功后,Apache操作命令: systemctl ...
- Centos7网络配置,vsftpd安装及530报错解决
今天在虚拟机安装CentOS7,准备全新安装LTMP,结果又是一堆问题,不过正好因为这些出错,又给自己长了见识. 1,CentOS7网络配置 最小化安装CentOs7后,ifconfig提示comma ...
- Centos7安装配置gitlab
Centos7安装配置gitlab 这篇文字我会介绍在Centos7上安装gitlab,配置gitlab的smtp,并且创建项目demo. sudo yum install openssh-serve ...
- VMware中安装CentOS7网络配置静态IP地址,常用配置和工具安装
VMware中安装CentOS7网络配置静态IP地址,常用配置和工具安装在阿里云开源镜像地址下载镜像Index of /centos/7.2.1511/isos/x86_64/http://mirro ...
- centos7初步配置
centos7初步配置 首先安装lrzsz zip/unzip yum -y install lrzsz yum -y install zip unzip 安装vim yum install vim* ...
- centos7网络配置总结
centos7网络配置 --wang 一.通过配置文件 配置/etc/sysconfig/network-scripts/en.. 记忆信息量大,易出错,不推荐使用.配置多台电脑静态ip可以通过复制模 ...
- CentOS7基本配置一
CentOS7基本配置一 安装VMwareTools 1.点击重新安装VM-tool, 继而找到压缩文件VMwareTools-10.2.0...tar.gz,复制到桌面下,解压这么压缩文件到桌面下 ...
随机推荐
- C# 动态语言扩展(11)
在 C# 4 开始添加 dynamic 类型.Mono C# 已经支持 C# 6.0 了. DLR C# 4 动态功能是 Dynamic Language Runtime (动态语言运行时,DLR)的 ...
- duilib学习领悟(1)
学习duilib已经有一段时间,一直没时间写总结,今天得出空来,写写心得体会! 由于本人知识有限,若有错误地方,望批评指正.多谢.! 初识duilib 刚开始接触duilib的时候,觉的他好神奇,整个 ...
- vue 多层组件相互嵌套的时候 数据源更新 dom没更新 彻底清除组件缓存
当项目中存在多层组件相互嵌套 组件存在严重缓存时 this.$nextTick(() => { ..... }); 不管用 this.$forceUpdate(); 不管用 只能通过深拷贝浅拷 ...
- [2019牛客多校第二场][A. Eddy Walker]
题目链接:https://ac.nowcoder.com/acm/contest/882/A 题目大意:圆上有\(n\)个点,标号从\(0\)到\(n-1\),初始一个人在点\(0\),每次会等概率向 ...
- BZOJ 3744 Gty的妹子序列 分块+树状数组
具体分析见 搬来大佬博客 时间复杂度 O(nnlogn)O(n\sqrt nlogn)O(nnlogn) CODE #include <cmath> #include <cctyp ...
- vue-cropperjs 图片裁剪上传功能使用方法记录
引入: 官网:https://www.npmjs.com/package/vue-cropperjs 控制台输入: npm install --save vue-cropperjs vue 项目中引入 ...
- eclipse运行内存超出
问题分析: 1:可能是eclipse自身的运行内存不够 2:可能是java中的jre内存不够 修改方法: 1 改eclipse的运行内存 在eclipse.ini文件中 -startupplugins ...
- Java基础__Java中集合类
ArrayList:有序.可重复.线程不安全.内部使用数组进行存储 LinkedList:有序.可重复.线程不安全.内部使用引用进行存储[可以很方便的进行插入.删除数据] Vector:有序.可重复. ...
- Nginx之配置文件的解析
1. ngx_command_t 为了统一配置项目的解析,Nginx 定义了如下数据类型对所有的 Nginx 配置项进行了统一的描述. typedef struct ngx_command_s ngx ...
- Beta冲刺(1/5)
队名:new game 组长博客:戳 作业博客:戳 组员情况 鲍子涵(队长) 过去两天完成了哪些任务 验收游戏素材 学习Unity 2D Animation系统 接下来的计划 制作游戏需要的人物动画 ...