centos7 httpd配置

标签(空格分隔): 未分类

隐藏server信息

修改httpd.conf 设置,添加如下两行

ServerSignature Off

ServerTokens Prod

开启长连接

KeepAlive on

KeepAliveTimeout 60      #超时时间

MaxKeepAliveRequests 100   #超时时间内达到100个请求也将断开连接

启用文件压缩配置

在conf.d目录下新建配置文件compress.conf

	SetOutputFilter DEFLATE

    # mod_deflate configuration

	# Restrict compression to these MIME types

	AddOutputFilterByType DEFLATE text/plain

	AddOutputFilterByType DEFLATE text/html

	AddOutputFilterByType DEFLATE application/xhtml+xml

	AddOutputFilterByType DEFLATE text/xml

	AddOutputFilterByType DEFLATE application/xml

	AddOutputFilterByType DEFLATE application/x-javascript

	AddOutputFilterByType DEFLATE text/javascript

	AddOutputFilterByType DEFLATE text/css

	# Level of compression (Highest 9 - Lowest 1)

	DeflateCompressionLevel 9

	# Netscape 4.x has some problems.

	BrowserMatch ^Mozilla/4  gzip-only-text/html

	# Netscape 4.06-4.08 have some more problems

	BrowserMatch  ^Mozilla/4\.0[678]  no-gzip

	# MSIE masquerades as Netscape, but it is fine

	BrowserMatch \bMSI[E]  !no-gzip !gzip-only-text/html

httpd内置状态页面

在conf.d目录下编辑httpd-info.conf

<Location /server-status>

    SetHandler server-status

    require all denied

    Require ip 172.16.138.1

</Location>

extendedstatus on

配置https

安装mod_ssl模块

yum install mod_ssl -y

在conf.d目录下编辑ssl.conf

Listen 443

SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES

SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES

SSLHonorCipherOrder on 

SSLProtocol all -SSLv3

SSLProxyProtocol all -SSLv3

SSLPassPhraseDialog  builtin

SSLSessionCache        "shmcb:/usr/local/httpd/logs/ssl_scache(512000)"

SSLSessionCacheTimeout  300

<VirtualHost _default_:443>

DocumentRoot "/usr/local/httpd/htdocs"

ServerName www.example.com:443

ServerAdmin you@example.com

ErrorLog "/usr/local/httpd/logs/error_log"

TransferLog "/usr/local/httpd/logs/access_log"

SSLEngine on

SSLCertificateFile "/usr/local/httpd/conf/server.crt"

SSLCertificateKeyFile "/usr/local/httpd/conf/server.key"

#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt  #购买证书需修改此处配置

#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt  #自建证书修改配置

#修改上面四行的证书文件路径,

<FilesMatch "\.(cgi|shtml|phtml|php)$">

    SSLOptions +StdEnvVars

</FilesMatch>

<Directory "/usr/local/httpd/cgi-bin">

    SSLOptions +StdEnvVars

</Directory>

配置http强制跳转https

在主配置文件中添加如下字段

RewriteEngine On

RewriteCond %{HTTPS} !=on

RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

强制301重定向到https

<IfModule mod_rewrite.c>

RewriteEngine on

RewriteBase /

RewriteCond %{SERVER_PORT} !^443$

RewriteRule (.*) https://%{SERVER_NAME}/$1 [R=301,L]

</IfModule>

引用:https://blog.csdn.net/ithomer/article/details/78986266

配置basic访问验证

<Directory "/var/www/html">

 Options Indexes FollowSymLinks  #允许索引,和链接文件

 AllowOverride None

 authtype basic   #认证类型

 authname "test"   #浏览器弹框提示信息

 authuserfile /etc/httpd/.htpass   #认证用户文件

 #authgroupfile /etc/httpd/allow.group  #认证组文件

 #require group test

 require valid-user  #所有userfile文件的用户都可以访问

 #require user user1 user2  #user1 user2 可以访问

</Directory>

htpasswd -m -c /etc/httpd/.htpass tom 添加验证用户   #-c创建用户文件

组文件

mygroup: bob joe anne

配置digest访问验证

<Directory "/var/www/html">

 Options Indexes FollowSymLinks  #允许索引,和链接文件

 AllowOverride None

 authtype digest

 authname "digest test"

 authdigestprovider file

 authuserfile /etc/httpd/.htpass

 require valid-user

</Directory>

 require valid-user  #所有userfile文件的用户都可以访问 

</Directory>

创建用户文件

htdigest -c /etc/httpd/.htpass "digest test" tom #此处引号中内容需要与authname定义内容相同

虚拟主机配置

基于主机名的虚拟主机,在conf.d目录下编辑配置文件vhost-servername.conf

<VirtualHost *:80>

    DocumentRoot "/data/vhost1/"

    <Directory "/data/vhost1">

        <requireall>

                require all granted

        </requireall>

    </Directory>

    ServerName a.test.com

    ServerAlias www.dummy-host.example.com

    ErrorLog "logs/vhost.-error_log"

    CustomLog "logs/vhost-access_log" common

</VirtualHost>

<VirtualHost *:80>

    DocumentRoot "/data/vhost2"

        <Directory "/data/vhost2">

                <requireall>

                        require all granted

                </requireall>

        </Directory>

    ServerName b.test.com

    ErrorLog "logs/vhost2-error_log"

    CustomLog "logs/vhost2-access_log" common

</VirtualHost>

基于端口的虚拟主机,在conf.d目录下编辑配置文件vhost-port.conf

listen 80

listen 8080

<VirtualHost *:8080>

    DocumentRoot "/data/vhost1/"

    <Directory "/data/vhost1">

        <requireall>

                require all granted

        </requireall>

    </Directory>

    ServerName a.test.com

    ServerAlias www.dummy-host.example.com

    ErrorLog "logs/vhost.-error_log"

    CustomLog "logs/vhost-access_log" common

</VirtualHost>

<VirtualHost *:80>

    DocumentRoot "/data/vhost2"

        <Directory "/data/vhost2">

                <requireall>

                        require all granted

                </requireall>

        </Directory>

    ServerName b.test.com

    ErrorLog "logs/vhost2-error_log"

    CustomLog "logs/vhost2-access_log" common

</VirtualHost>

基于IP的虚拟主机,在conf.d目录下编辑配置文件vhost-ip.conf

listen 80

<VirtualHost 192.168.0.100:80>

    DocumentRoot "/data/vhost1/"

    <Directory "/data/vhost1">

        <requireall>

                require all granted

        </requireall>

    </Directory>

    ServerName a.test.com

    ServerAlias www.dummy-host.example.com

    ErrorLog "logs/vhost.-error_log"

    CustomLog "logs/vhost-access_log" common

</VirtualHost>

<VirtualHost 192.168.0.200:80>

    DocumentRoot "/data/vhost2"

        <Directory "/data/vhost2">

                <requireall>

                        require all granted

                </requireall>

        </Directory>

    ServerName b.test.com

    ErrorLog "logs/vhost2-error_log"

    CustomLog "logs/vhost2-access_log" common

</VirtualHost>

反向代理

在主配置文件中或者虚拟主机中添加如下字段

ProxyRequests off

#<Proxy />

#    Order deny,allow

#    Allow from all

#</Proxy>

ProxyPass / http://172.16.138.129

ProxyPassReverse / http://172.16.138.129

设置反向代理后端服务器日志记录真实IP地址

在代理服务器配置中添加如下配置

RemoteIPHeader X-Forwarded-For

RemoteIPTrustedProxy 172.16.138.129    #此处地址为后端服务器地址

后端服务器日志格式修改

默认格式为:

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

修改为:

LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

参考:https://blog.csdn.net/qq_22227087/article/details/91519602

日志字段说明

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined


%h:客户端IP地址;

%l:Remote User, 通常为一个减号(“-”);

%u:Remote user (from auth; may be bogus if return status (%s) is 401);非为登录访问时,其为一个减号;

%t:服务器收到请求时的时间;

%r:First line of request,即表示请求报文的首行;记录了此次请求的“方法”,“URL”以及协议版本;

%>s:响应状态码;

%b:响应报文的大小,单位是字节;不包括响应报文的http首部;

%{Referer}i:请求报文中首部“referer”的值;即从哪个页面中的超链接跳转至当前页面的;

%{User-Agent}i:请求报文中首部“User-Agent”的值;即发出请求的应用程序;

在线文档说明

http://httpd.apache.org/docs/2.4/mod/mod_log_config.html#formats

centos7 httpd配置的更多相关文章

  1. Linux CentOS7 httpd 配置注释

    本文首发:https://www.somata.work/2019/LinuxCentOShttpdConfigComment.html 如果没看懂可以去看看官方发布的文档 apache官方文档 co ...

  2. CentOS7安装配置Apache HTTP Server

    RPM安装httpd 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 # yum -yinstall http ...

  3. Centos7安装配置Apache+PHP+Mysql+phpmyadmin

    转载自: Centos7安装配置Apache+PHP+Mysql+phpmyadmin 一.安装Apache yum install httpd 安装成功后,Apache操作命令: systemctl ...

  4. Centos7网络配置,vsftpd安装及530报错解决

    今天在虚拟机安装CentOS7,准备全新安装LTMP,结果又是一堆问题,不过正好因为这些出错,又给自己长了见识. 1,CentOS7网络配置 最小化安装CentOs7后,ifconfig提示comma ...

  5. Centos7安装配置gitlab

    Centos7安装配置gitlab 这篇文字我会介绍在Centos7上安装gitlab,配置gitlab的smtp,并且创建项目demo. sudo yum install openssh-serve ...

  6. VMware中安装CentOS7网络配置静态IP地址,常用配置和工具安装

    VMware中安装CentOS7网络配置静态IP地址,常用配置和工具安装在阿里云开源镜像地址下载镜像Index of /centos/7.2.1511/isos/x86_64/http://mirro ...

  7. centos7初步配置

    centos7初步配置 首先安装lrzsz zip/unzip yum -y install lrzsz yum -y install zip unzip 安装vim yum install vim* ...

  8. centos7网络配置总结

    centos7网络配置 --wang 一.通过配置文件 配置/etc/sysconfig/network-scripts/en.. 记忆信息量大,易出错,不推荐使用.配置多台电脑静态ip可以通过复制模 ...

  9. CentOS7基本配置一

    CentOS7基本配置一 安装VMwareTools 1.点击重新安装VM-tool, 继而找到压缩文件VMwareTools-10.2.0...tar.gz,复制到桌面下,解压这么压缩文件到桌面下 ...

随机推荐

  1. sublimeTest3的安装注册插件

    [感谢:https://blog.csdn.net/wxl1555/article/details/69941451 ]1)下载:http://www.sublimetext.com/32)安装:(我 ...

  2. [MySQL优化] -- 如何查找SQL效率地下的原因

    [MySQL优化] -- 如何查找SQL效率地下的原因   来源: ChinaUnix博客 日期: 2009.07.20 16:12 (共有条评论) 我要评论       查询到效率低的 SQL 语句 ...

  3. Codeforces Round #590 (Div. 3) D. Distinct Characters Queries(线段树, 位运算)

    链接: https://codeforces.com/contest/1234/problem/D 题意: You are given a string s consisting of lowerca ...

  4. sb 的长度 和 文件大小

    StringBuilder sb = new StringBuilder(); ;i<;i++)  //1 0000 0000  1亿项 { sb.AppendFormat("{0}, ...

  5. EMS命令

    Tibco EMS 初级使用方法小结 http://blog.csdn.net/bincavin/article/details/8290905

  6. 51 Nod 1110距离之和最小V3

    1110 距离之和最小 V3 1 秒 131,072 KB 40 分 4 级题 X轴上有N个点,每个点除了包括一个位置数据X[i],还包括一个权值W[i].点P到点P[i]的带权距离 = 实际距离 * ...

  7. 2019.6.20 校内测试 NOIP模拟 Day 1 分析+题解

    这次是zay神仙给我们出的NOIP模拟题,不得不说好难啊QwQ,又倒数了~ T1 大美江湖 这个题是一个简单的模拟题.   ----zay 唯一的坑点就是打怪的时候计算向上取整时,如果用ceil函数一 ...

  8. JAVA之工作线程数究竟要设置多少

    一.需求缘起 Web-Server通常有个配置,最大工作线程数,后端服务一般也有个配置,工作线程池的线程数量,这个线程数的配置不同的业务架构师有不同的经验值,有些业务设置为CPU核数的2倍,有些业务设 ...

  9. jquery+ajax 实现搜索框提示

    <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8&quo ...

  10. 黑马lavarel教程---9、缓存操作

    黑马lavarel教程---9.缓存操作 一.总结 一句话总结: legend2项目中自己写的哪些文件操作都可以通过这里的缓存实现,简单方便 1.lavarel中如何使用后端主流的缓存如 Memcac ...