LAMP之Apache
Apache是世界使用排名第一的Web服务器软件。它可以运行在几乎所有广泛使用的计算机平台上,由于其跨平台和安全性被广泛使用,是最流行的Web服务器端软件之一。快速、可靠并且可通过简单的API扩充,将Perl/Python等解释器编译到服务器中。
特点:
功能强大、配置简单、速度快、应用广泛、性能稳定可靠,同时还可以做代理服务器或负载均衡
应用场景:
运行静态页面、图片(据说处理静态小文件能力不如Nginx)
结合PHP引擎运行PHP等程序,LAMP组合
结合tomcat、resin运行jsp、java等程序
作代理、负载均衡,rewrite规则过滤等
1、Apache的安装
检查系统是否自带httpd(一般自带版本比较低,卸载掉)
[root@localhost1 software]# rpm -qa httpd*
[root@localhost1 software]#
、如果没有自带 Apache 服务软件,可以不需要进行下面的卸载
[root@Centos ~]# rpm -e --nodeps httpd-2.2.-.el6.centos.x86_64
warning: /etc/httpd/conf/httpd.conf saved as /etc/httpd/conf/httpd.conf.rpmsave
[root@Centos ~]# rpm -e --nodeps httpd-tools-2.2.-.el6.centos.x86_64
[root@localhost1 ~]# cd /home/cairui/
[root@localhost1 cairui]# ls
[root@localhost1 cairui]# mkdir software
[root@localhost1 cairui]# cd software/
[root@localhost1 software]# wget http://mirrors.hust.edu.cn/apache//httpd/httpd-2.2.34.tar.gz
---- ::-- http://mirrors.hust.edu.cn/apache//httpd/httpd-2.2.34.tar.gz
Resolving mirrors.hust.edu.cn... 202.114.18.160
Connecting to mirrors.hust.edu.cn|202.114.18.160|:... connected.
HTTP request sent, awaiting response... OK
Length: (7.3M) [application/octet-stream]
Saving to: “httpd-2.2..tar.gz” %[====================================>] ,, 212K/s in 45s -- :: ( KB/s) - “httpd-2.2..tar.gz” saved [/] [root@localhost1 software]# ls
httpd-2.2..tar.gz
[root@localhost1 httpd-2.2.]# tar zxvf httpd-2.2..tar.gz
[root@localhost1 software]# cd httpd-2.2.
[root@localhost1 httpd-2.2.]# ll
total
-rw-r--r-- Nov ABOUT_APACHE
-rw-r--r-- Jul acinclude.m4
-rw-r--r-- Oct Apache.dsw
drwxr-xr-x Jul build
-rw-r--r-- Aug BuildAll.dsp
-rw-r--r-- Jul BuildBin.dsp
-rwxr-xr-x Sep buildconf
-rw-r--r-- Jun CHANGES
-rw-r--r-- Feb config.layout
-rwxr-xr-x Jul configure
-rw-r--r-- May configure.in
drwxr-xr-x Jul docs
-rw-r--r-- Nov emacs-style
-rw-r--r-- May httpd.dep
-rw-r--r-- Jun httpd.dsp
-rw-r--r-- May httpd.mak
-rw-r--r-- Jul httpd.spec
drwxr-xr-x Jul include
-rw-r--r-- Jan INSTALL
-rw-r--r-- Dec InstallBin.dsp
-rw-r--r-- Nov LAYOUT
-rw-r--r-- May libhttpd.dep
-rw-r--r-- Jan libhttpd.dsp
-rw-r--r-- May libhttpd.mak
-rw-r--r-- Jan LICENSE
-rw-r--r-- Nov Makefile.in
-rw-r--r-- Jan Makefile.win
drwxr-xr-x Jul modules
-rw-r--r-- Jan NOTICE
-rw-r--r-- Mar NWGNUmakefile
drwxr-xr-x Jul os
-rw-r--r-- Jan README
-rw-r--r-- Aug README.platforms
-rw-r--r-- Dec README-win32.txt
-rw-r--r-- Mar ROADMAP
drwxr-xr-x Jul server
drwxr-xr-x Jul srclib
drwxr-xr-x Jul support
drwxr-xr-x Jul test
-rw-r--r-- Oct VERSIONING
[root@localhost1 httpd-2.2.]# cat README
Apache HTTP Server
What is it?
-----------
The Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant
web server. Originally designed as a replacement for the NCSA HTTP
Server, it has grown to be the most popular web server on the
Internet. As a project of the Apache Software Foundation, the
developers aim to collaboratively develop and maintain a robust,
commercial-grade, standards-based server with freely available
source code.
The Latest Version
------------------
Details of the latest version can be found on the Apache HTTP
server project page under <http://httpd.apache.org/>.
Documentation
-------------
The documentation available as of the date of this release is
included in HTML format in the docs/manual/ directory. The most
up-to-date documentation for the 2.2.x releases can be found at
<http://httpd.apache.org/docs/2.2/>.
Installation
------------
Please see the file called INSTALL. Platform specific notes can be
found in README.platforms.
Licensing
---------
Please see the file called LICENSE.
Cryptographic Software Notice #加密软件的通知
-----------------------------
This distribution may include software that has been designed for use
with cryptographic software. The country in which you currently reside
may have restrictions on the import, possession, use, and/or re-export
to another country, of encryption software. BEFORE using any encryption
software, please check your country's laws, regulations and policies
concerning the import, possession, or use, and re-export of encryption
software, to see if this is permitted. See <http://www.wassenaar.org/>
for more information.
The U.S. Government Department of Commerce, Bureau of Industry and
Security (BIS), has classified this software as Export Commodity
Control Number (ECCN) 5D002.C., which includes information security
software using or performing cryptographic functions with asymmetric
algorithms. The form and manner of this Apache Software Foundation
distribution makes it eligible for export under the License Exception
ENC Technology Software Unrestricted (TSU) exception (see the BIS
Export Administration Regulations, Section 740.13) for both object
code and source code.
The following provides more details on the included files that
may be subject to export controls on cryptographic software:
Apache httpd 2.0 and later versions include the mod_ssl module under
modules/ssl/
for configuring and listening to connections over SSL encrypted
network sockets by performing calls to a general-purpose encryption
library, such as OpenSSL or the operating system's platform-specific
SSL facilities.
In addition, some versions of apr-util provide an abstract interface
for SSL encrypted network sockets in the files under the directory
srclib/apr-util/ssl/
that makes use of a general-purpose encryption library, such as
OpenSSL or the operating system's platform-specific SSL facilities.
Apache httpd currently does not use that apr-util interface.
Some object code distributions of Apache httpd, indicated with the
word "crypto" in the package name, may include object code for the
OpenSSL encryption library as distributed in open source form from
<http://www.openssl.org/source/>.
The above files are optional and may be removed if the cryptographic
functionality is not desired or needs to be excluded from redistribution.
Distribution packages of Apache httpd that include the word "nossl"
in the package name have been created without the above files and are
therefore not subject to this notice.
Contacts
--------
o If you want to be informed about new code releases, bug fixes,
security fixes, general news and information about the Apache server
subscribe to the apache-announce mailing list as described under
<http://httpd.apache.org/lists.html#http-announce>
o If you want freely available support for running Apache please join the
Apache user community by subscribing to Users Mailing List at
<http://httpd.apache.org/userslist.html> or one of the following
USENET newsgroups:
comp.infosystems.www.servers.unix
comp.infosystems.www.servers.ms-windows
Also available at:
<http://groups.google.com/groups?group=comp.infosystems.www.servers>
o If you want commercial support for running Apache please contact
one of the companies and contractors which are listed at
<http://www.apache.org/info/support.cgi>
o If you have a concrete bug report for Apache please go to the
Apache Group Bug Database and submit your report:
<http://httpd.apache.org/bug_report.html>
o If you want to participate in actively developing Apache please
subscribe to the `dev@httpd.apache.org' mailing list as described at
<http://httpd.apache.org/lists.html#http-dev>
Acknowledgments
----------------
We wish to acknowledge the following copyrighted works that
make up portions of the Apache software:
Portions of this software were developed at the National Center
for Supercomputing Applications (NCSA) at the University of
Illinois at Urbana-Champaign.
This software contains code derived from the RSA Data Security
Inc. MD5 Message-Digest Algorithm, including various
modifications by Spyglass Inc., Carnegie Mellon University, and
Bell Communications Research, Inc (Bellcore).
Regular expression support is provided by the PCRE library package, which
is open source software, written by Philip Hazel, and copyright by the
University of Cambridge, England. The original software is available from
ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
Apache relies heavily on the use of autoconf and libtool to provide
a build environment.
[root@localhost1 httpd-2.2.]# cat INSTALL APACHE INSTALLATION OVERVIEW CAUTION
------- This package represents a legacy version of the Apache HTTP Server software
and is not current. Please note that Apache Web Server Project will only provide maintenance
releases of the 2.2.x flavor through June of , and will provide some
security patches beyond this date through at least December of .
Minimal maintenance patches of 2.2.x are expected throughout this period,
and users are strongly discouraged from deploying this legacy release. #不建议安装较低版本,因为不会再维护 Also note, this package includes very stale and known-vulnerable versions
of the Expat [http://expat.sourceforge.net/] and PCRE [http://www.pcre.org/]
packages. Users are strongly encouraged to first install the most recent
versions of these components. #强烈建议安装最新版本 Quick Start - Unix
------------------ For complete installation documentation, see [ht]docs/manual/install.html or
http://httpd.apache.org/docs/2.2/install.html $ ./configure --prefix=PREFIX
$ make
$ make install
$ PREFIX/bin/apachectl start NOTES: * Replace PREFIX with the filesystem path under which
Apache should be installed. A typical installation
might use "/usr/local/apache2" for PREFIX (without the
quotes). * If you are a developer who will be linking your code with
Apache or using a debugger to step through server code,
./configure's --with-included-apr option may be advantageous,
as it removes the possibility of version or compile-option
mismatches with APR and APR-util code. (Many OSes now
include their own version of APR and APR-util.) * If you are a developer building Apache directly from
Subversion, you will need to run ./buildconf before running
configure. This script bootstraps the build environment and
requires Python as well as GNU autoconf and libtool. If you
build Apache from a release tarball, you don't have to run
buildconf. * If you want to build a threaded MPM (for instance worker)
on FreeBSD, be aware that threads do not work well with
Apache on FreeBSD versions before 5.4-RELEASE. If you wish
to try a threaded Apache on an earlier version of FreeBSD,
use the --enable-threads parameter to ./configure in
addition to the --with-mpm parameter. * If you are building directly from Subversion on Mac OS X
(Darwin), make sure to use GNU Libtool 1.4. or newer. All
recent versions of the developer tools on this platform
include a sufficiently recent version of GNU Libtool (named
glibtool, but buildconf knows where to find it). For a short impression of what possibilities you have, here is a
typical example which configures Apache for the installation tree
/sw/pkg/apache with a particular compiler and flags plus the two
additional modules mod_rewrite and mod_speling for later loading
through the DSO mechanism: $ CC="pgcc" CFLAGS="-O2" \
./configure --prefix=/sw/pkg/apache \
--enable-rewrite=shared \
--enable-speling=shared The easiest way to find all of the configuration flags for Apache 2.2
is to run ./configure --help. Quick Start - Windows
--------------------- For complete documentation, see manual/platform/windows.html.en or
http://httpd.apache.org/docs/2.2/platform/windows.html. The Apache/Win32 binaries are distributed as Windows Installer packages
(.msi) named httpd-2.2.xx-win32-x86-no_ssl.msi for a version without mod_ssl
and httpd-2.2.xx-win32-x86-openssl-0.9.8x.msi for a version including the
mod_ssl plus the openssl library and command line utility. These packages
may be unpacked without "installing" them by using the msiexec /a option. If you have unpacked a source distribution (named httpd-2.2.x-win32-src.zip,
without any -x86 notation) you must compile the package yourself, see the links
mentioned above. Unless you intended to do this, please look again for the
binary package from http://www.apache.org/dist/httpd/binaries/win32/ and
install the desired .msi package. The .msi package configures the httpd.conf file, and installs and starts
the Apache2. service for you. It also installs plenty of useful shortcuts
and the taskbar ApacheMonitor. We strongly encourage you to use it. Postscript
---------- The Apache HTTP Server group cannot field user's installation questions.
There are many valuable forums to help you get started. Please refer your
questions to the appropriate forum, such as the Users Mailing List at
http://httpd.apache.org/userslist.html or the usenet newsgroups
comp.infosystems.www.servers.unix or
comp.infosystems.www.servers.ms-windows. Thanks for using the Apache HTTP Server, version 2.2. The Apache Software Foundation
http://www.apache.org/
[root@localhost1 httpd-2.2.]# ./configure --help
`configure' configures this package to adapt to many kinds of systems. Usage: ./configure [OPTION]... [VAR=VALUE]... To assign environment variables (e.g., CC, CFLAGS...), specify them as
VAR=VALUE. See below for descriptions of some of the useful variables. #指定环境变量(例如,CC, CFLAGS…),指定它们为。VAR =价值。以下是一些有用的变量的描述。
Defaults for the options are specified in brackets. Configuration:
-h, --help display this help and exit
--help=short display options specific to this package
--help=recursive display the short help of all the included packages
-V, --version display version information and exit
-q, --quiet, --silent do not print `checking ...' messages
--cache-file=FILE cache test results in FILE [disabled]
-C, --config-cache alias for `--cache-file=config.cache'
-n, --no-create do not create output files
--srcdir=DIR find the sources in DIR [configure dir or `..'] Installation directories:
--prefix=PREFIX install architecture-independent files in PREFIX #指定安装目录,默认为/usr/local/apache2
[/usr/local/apache2]
--exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
[PREFIX] By default, `make install' will install all the files in
`/usr/local/apache2/bin', `/usr/local/apache2/lib' etc. You can specify
an installation prefix other than `/usr/local/apache2' using `--prefix',
for instance `--prefix=$HOME'. For better control, use the options below. Fine tuning of the installation directories: #安装目录的微调
--bindir=DIR user executables [EPREFIX/bin] #用户可执行文件
--sbindir=DIR system admin executables [EPREFIX/sbin]
--libexecdir=DIR program executables [EPREFIX/libexec]
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
--datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
--datadir=DIR read-only architecture-independent data [DATAROOTDIR]
--infodir=DIR info documentation [DATAROOTDIR/info]
--localedir=DIR locale-dependent data [DATAROOTDIR/locale]
--mandir=DIR man documentation [DATAROOTDIR/man]
--docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE]
--htmldir=DIR html documentation [DOCDIR]
--dvidir=DIR dvi documentation [DOCDIR]
--pdfdir=DIR pdf documentation [DOCDIR]
--psdir=DIR ps documentation [DOCDIR] System types:
--build=BUILD configure for building on BUILD [guessed]
--host=HOST cross-compile to build programs to run on HOST [BUILD]
--target=TARGET configure for building compilers for TARGET [HOST] Optional Features: #可选特性
--disable-option-checking ignore unrecognized --enable/--with options #忽略 unrecognized --enable/--with选项
--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) #不包括FEATURE(和 --enale-FEATURE=no一样)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
--enable-layout=LAYOUT
--enable-v4-mapped Allow IPv6 sockets to handle IPv4 connections #允许IPv6处理IPv4连接
--enable-exception-hook Enable fatal exception hook
--enable-maintainer-mode
Turn on debugging and compile time warnings #打开调试并且编译时警告
--enable-pie Build httpd as a Position Independent Executable
--enable-modules=MODULE-LIST
Space-separated list of modules to enable | "all" |
"most"
--enable-mods-shared=MODULE-LIST
Space-separated list of shared modules to enable |
"all" | "most"
--disable-authn-file file-based authentication control
--enable-authn-dbm DBM-based authentication control
--enable-authn-anon anonymous user authentication control
--enable-authn-dbd SQL-based authentication control
--disable-authn-default authentication backstopper
--enable-authn-alias auth provider alias
--disable-authz-host host-based authorization control
--disable-authz-groupfile
'require group' authorization control
--disable-authz-user 'require user' authorization control
--enable-authz-dbm DBM-based authorization control
--enable-authz-owner 'require file-owner' authorization control
--enable-authnz-ldap LDAP based authentication
--disable-authz-default authorization control backstopper
--disable-auth-basic basic authentication
--enable-auth-digest RFC2617 Digest authentication
--enable-isapi isapi extension support
--enable-file-cache File cache
--enable-cache dynamic file caching
--enable-disk-cache disk caching module
--enable-mem-cache memory caching module
--enable-dbd Apache DBD Framework
--enable-bucketeer buckets manipulation filter
--enable-dumpio I/O dump filter
--enable-echo ECHO server
--enable-example example and demo module
--enable-case-filter example uppercase conversion filter
--enable-case-filter-in example uppercase conversion input filter
--enable-reqtimeout Limit time waiting for request from client
--enable-ext-filter external filter module
--disable-include Server Side Includes
--disable-filter Smart Filtering
--enable-substitute response content rewrite-like filtering
--disable-charset-lite character set translation
--enable-charset-lite character set translation
--enable-deflate Deflate transfer encoding support #压缩传输编码的支持,提高传输速度,提升用户访问体验
--enable-ldap LDAP caching and connection pooling services
--disable-log-config logging configuration
--enable-log-forensic forensic logging
--enable-logio input and output logging
--disable-env clearing/setting of ENV vars
--enable-mime-magic automagically determining MIME type
--enable-cern-meta CERN-type meta files
--enable-expires Expires header control #EXPIRES头部控制,激活允许通过配置文件控制HTTP的头文件,即对网站的图片等内容,提供在客户端浏览器缓存的设置
--enable-headers HTTP header control #HTTP的头部控制
--enable-ident RFC identity check
--enable-usertrack user-session tracking
--enable-unique-id per-request unique ids
--disable-setenvif basing ENV vars on headers
--disable-version determining httpd version in config files
--enable-proxy Apache proxy module
--enable-proxy-connect Apache proxy CONNECT module
--enable-proxy-ftp Apache proxy FTP module
--enable-proxy-http Apache proxy HTTP module
--enable-proxy-scgi Apache proxy SCGI module
--enable-proxy-ajp Apache proxy AJP module
--enable-proxy-balancer Apache proxy BALANCER module
--enable-ssl SSL/TLS support (mod_ssl)
--enable-distcache Select distcache support in mod_ssl
--enable-optional-hook-export
example optional hook exporter
--enable-optional-hook-import
example optional hook importer
--enable-optional-fn-import
example optional function importer
--enable-optional-fn-export
example optional function exporter
--enable-static-support Build a statically linked version of the support
binaries
--enable-static-htpasswd
Build a statically linked version of htpasswd
--enable-static-htdigest
Build a statically linked version of htdigest
--enable-static-rotatelogs
Build a statically linked version of rotatelogs
--enable-static-logresolve
Build a statically linked version of logresolve
--enable-static-htdbm Build a statically linked version of htdbm
--enable-static-ab Build a statically linked version of ab
--enable-static-checkgid
Build a statically linked version of checkgid
--enable-static-htcacheclean
Build a statically linked version of htcacheclean
--enable-static-httxt2dbm
Build a statically linked version of httxt2dbm
--enable-http HTTP protocol handling
--disable-mime mapping of file-extension to MIME
--enable-dav WebDAV protocol handling
--disable-status process/thread monitoring
--disable-autoindex directory listing
--disable-asis as-is filetypes
--enable-info server information
--enable-suexec set uid and gid for spawned processes
--disable-cgid CGI scripts
--enable-cgi CGI scripts
--disable-cgi CGI scripts
--enable-cgid CGI scripts
--enable-dav-fs DAV provider for the filesystem
--enable-dav-lock DAV provider for generic locking
--enable-vhost-alias mass virtual hosting module
--disable-negotiation content negotiation
--disable-dir directory request handling
--enable-imagemap server-side imagemaps
--disable-actions Action triggering on requests
--enable-speling correct common URL misspellings
--disable-userdir mapping of requests to user-specific directories
--disable-alias mapping of requests to different filesystem parts
--enable-rewrite rule based URL manipulation #提供基于URL规则的重写功能,根据已知URL地址,转换其他要访问的URL地址
--enable-so DSO capability #DSO的能力,即在以后亿DSO的方式编译安装共享模块 Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--with-included-apr Use bundled copies of APR/APR-Util
--with-apr=PATH prefix for installed APR or the full path to
apr-config
--with-apr-util=PATH prefix for installed APU or the full path to
apu-config
--with-pcre=PATH Use external PCRE library
--with-port=PORT Port on which to listen (default is )
--with-sslport=SSLPORT Port on which to securelisten (default is )
--with-z=DIR use a specific zlib library
--with-sslc=DIR RSA SSL-C SSL/TLS toolkit
--with-ssl=DIR OpenSSL SSL/TLS toolkit
--with-mpm=MPM Choose the process model for Apache to use.
MPM={beos|event|worker|prefork|mpmt_os2|winnt} #选择用于Apache的模式,生产模式用worker,此模式原理是更多使用线程来处理请求
--with-module=module-type:module-file
Enable module-file in the modules/<module-type>
directory. #允许多少模块在编译中
--with-program-name alternate executable name
--with-suexec-bin Path to suexec binary
--with-suexec-caller User allowed to call SuExec
--with-suexec-userdir User subdirectory
--with-suexec-docroot SuExec root directory
--with-suexec-uidmin Minimal allowed UID
--with-suexec-gidmin Minimal allowed GID
--with-suexec-logfile Set the logfile
--with-suexec-safepath Set the safepath
--with-suexec-umask umask for suexec'd process Some influential environment variables:
CC C compiler command
CFLAGS C compiler flags
LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
nonstandard directory <lib dir>
LIBS libraries to pass to the linker, e.g. -l<library>
CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
you have headers in a nonstandard directory <include dir>
CPP C preprocessor Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations. Report bugs to the package provider.
2、apache依赖组件安装
[root@localhost1 httpd-2.2.]# yum install gcc* zlib* -y
[root@localhost1 opt]# ./configure --prefix=/opt/apache2.2.34 --enable-deflate --enable-expires --enable-headers --enable-modules=most --enable-so --with-mpm=worker --enable-rewrite
[root@localhost1 opt]# make & make install
[root@localhost1 opt]# cd /opt/
[root@localhost1 opt]# ls
apache2.2.34
[root@localhost1 opt]# ln -s apache2.2.34/ apache/
ln: target `apache/' is not a directory: No such file or directory
[root@localhost1 opt]# ln -s apache2.2.34/ apache
[root@localhost1 opt]# ls
apache apache2.2.34
启动服务:
[root@localhost1 opt]# /opt/apache/bin/apachectl start
httpd: apr_sockaddr_info_get() failed for localhost1
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
服务启动成功,但由于没有DNS出现这种提示,解决办法如下
[root@localhost1 conf]# vim /opt/apache/conf/httpd.conf ^C ServerName www.example.com:==========>localhost:(192.168.1.2:) [root@localhost1 conf]# /opt/apache/bin/apachectl graceful
It works!表示配置成功。
3、Apache重要目录
[root@localhost1 apache]# ll
total
drwxr-xr-x root root Feb : bin #apche命令的目录,如服务启动命令
drwxr-xr-x root root Feb : build
drwxr-xr-x root root Feb : cgi-bin
drwxr-xr-x root root Feb : conf
drwxr-xr-x root root Feb : error
drwxr-xr-x root root Jul htdocs 默认站点目录
drwxr-xr-x root root Feb : icons
drwxr-xr-x root root Feb : include
drwxr-xr-x root root Feb : lib
drwxr-xr-x root root Feb : logs 日志目录
drwxr-xr-x root root Feb : man
drwxr-xr-x root root Jul manual
drwxr-xr-x root root Feb : modules apache的模块目录,一些程序经过编译后都存放在这里
(1)
[root@localhost1 apache]# tree -l bin/
[error opening dir]
bin/
├── ab HTTP服务器性能测试工具
├── apachectl 服务的启动命令,同样它也是一个脚本
├── apr--config
├── apu--config
├── apxs 是一个为HTTP服务器编译和安装扩展模块的工具
├── checkgid
├── dbmmanage
├── envvars
├── envvars-std
├── htcacheclean 这是清理磁盘缓冲区的命令,需要在编译时指定相关的参数,很少使用
├── htdbm
├── htdigest
├── htpasswd 建立和更新基本认证文件,后面配置监控服务会用到
├── httpd 是apache的控制命令程序,apachectl执行时会调用httpd
├── httxt2dbm
├── logresolve
└── rotatelogs apache自带的日志轮训命令 directories, files
(2)
[root@localhost1 apache]# tree -L conf/
conf/
├── extra apache额外的配置文件目录,实际生产环境中经常使用或修改,如httpd-vhosts.conf默认在此
├── httpd.conf 主配置文件
├── magic
├── mime.types
└── original directories, files
(3)
[root@localhost1 apache]# tree -L htdocs/
htdocs/
└── index.html directories, file
[root@localhost1 htdocs]# cat index.html
<html><body><h1>It works!</h1></body></html>
(4)
[root@localhost1 apache]# tree -L logs/
logs/
├── access_log 默认访问日志目录
├── cgisock.
├── error_log 错误日志文件,服务启动故障或其他问题,都可以查看此文件
└── httpd.pid directories, files
主配置文件:
[root@localhost1 conf]# egrep -v "^.*#|^$" httpd.conf |nl
ServerRoot "/opt/apache2.2.34" #apache根目录,只能root访问,一般不做修改
Listen 80 apache监听端口,默认为80端口
<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
User daemon apache的用户,默认是daemon,实际生产环境建议修改
Group daemon
</IfModule>
</IfModule>
ServerAdmin you@example.com 系统管理员的邮箱,实际生产环境中修改为管理邮箱,有故障可直接发送至邮箱
ServerName localhost:(192.168.181.128:)
DocumentRoot "/opt/apache2.2.34/htdocs"
<Directory /> 禁止访问文件系统所在的目录
Options FollowSymLinks
AllowOverride None 禁止用户对目录配置文件进行修改
Order deny,allow
Deny from all
</Directory>
<Directory "/opt/apache2.2.34/htdocs"> apache默认网站站点目录路径
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<IfModule dir_module>
DirectoryIndex index.html配置的默认首页文件,如虚拟机没有设置,默认就调用这里的配置,首页文件可以有多个,每个文件用空格分开,调用时,前面的优先匹配
</IfModule>
<FilesMatch "^\.ht"> 防止.htaccess和.htpasswd等隐藏文件被Web用户查看
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
ErrorLog "logs/error_log" 错误日志路径
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" common
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/opt/apache2.2.34/cgi-bin/"
</IfModule>
<IfModule cgid_module>
</IfModule>
<Directory "/opt/apache2.2.34/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
DefaultType text/plain
<IfModule headers_module>
RequestHeader unset Proxy early
</IfModule>
<IfModule mime_module>
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
Apache扩展的配置文件
Apache扩展的配置文件是通过httpd.conf主配置文件中嵌入Include命令来实现,不过默认情况下是这样:
# Virtual hosts
#Include conf/extra/httpd-vhosts.conf # Various default settings
#Include conf/extra/httpd-default.conf 去掉注释,即加入扩展
使用tree列出apache扩展的配置文件所有目录的配置文件
[root@localhost1 conf]# tree -L /opt/apache/conf/extra/
/opt/apache/conf/extra/
├── httpd-autoindex.conf
├── httpd-dav.conf dav支持配置
├── httpd-default.conf apache相关服务参数(超时时间、保持连续时间等)
├── httpd-info.conf
├── httpd-languages.conf 语言支持配置
├── httpd-manual.conf
├── httpd-mpm.conf 服务器池管理,也就是优化apache的一个配置文件
├── httpd-multilang-errordoc.conf
├── httpd-ssl.conf 提供apache ssl支持配配置文件
├── httpd-userdir.conf
└── httpd-vhosts.conf 虚拟主机的配置文件 directories, files
[root@localhost1 conf]# cat extra/httpd-vhosts.conf
#
# Virtual Hosts
#
# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below. #如果你希望维护多个域名/主机名,你可以为她们设置虚拟主机容器。大部分只使用基于名称的虚拟主机。
#
# Please see the documentation at
# <URL:http://httpd.apache.org/docs/2.2/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration. #
# Use name-based virtual hosting.
#
NameVirtualHost *:80 80监听端口 #
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost *:>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/opt/apache2.2.34/docs/dummy-host.example.com"
ServerName dummy-host.example.com 这里配置提供的域名,生产环境需要把域名解析到服务器上,同时配置到外网IP上
ServerAlias www.dummy-host.example.com 设置别名,此功能需要 apache mod_alias模块支持
ErrorLog "logs/dummy-host.example.com-error_log" 错误日志目录
CustomLog "logs/dummy-host.example.com-access_log" common 日志配置文件
</VirtualHost> <VirtualHost *:>
ServerAdmin webmaster@dummy-host2.example.com
DocumentRoot "/opt/apache2.2.34/docs/dummy-host2.example.com"
ServerName dummy-host2.example.com
ErrorLog "logs/dummy-host2.example.com-error_log"
CustomLog "logs/dummy-host2.example.com-access_log" common
</VirtualHost>
查看apache编译参数
[root@localhost1 conf]# cat /opt/apache/build/config.nice
#! /bin/sh
#
# Created by configure "./configure" \
"--prefix=/opt/apache2.2.34" \
"--enable-deflate" \
"--enable-expires" \
"--enable-headers" \
"--enable-modules=most" \
"--enable-so" \
"--with-mpm=worker" \
"--enable-rewrite" \
"$@"
4、Apache服务基于域名的虚拟主机配置
开启虚拟机功能
[root@localhost1 conf]# grep "httpd-vhosts.conf" /opt/apache/conf/httpd.conf
Include conf/extra/httpd-vhosts.conf
配置虚拟主机配置文件(httpd-vhosts.conf)
[root@localhost1 extra]# cat httpd-vhosts.conf
#
# Virtual Hosts
#
# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# <URL:http://httpd.apache.org/docs/2.2/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration. #
# Use name-based virtual hosting.
#
NameVirtualHost *:80 #这一行一定要去掉,不然会出错,此文件只保留下面的配置文件 #
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost *:>
ServerAdmin @qq.com
DocumentRoot "/data/www/bbs"
ServerName bbs.abc.com
ServerAlias abc.com
ErrorLog "logs/bbs-error_log"
CustomLog "logs/bbs_access_log" common
</VirtualHost>
修改完成之后,在apache主配置文件中(httpd.conf)中加入虚拟机许可
修改windows本地hosts
错误总结:
配置了下虚拟主机,localhost打开发现错误:
HTTP 错误 - 禁止访问,即403 Forbidden:You don't have permission to access / on this server. 可能是权限不足引起的问题。 解决方法:
打开apache的配置文件httpd.conf,逐行检查。
找到: 代码示例:
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory> 由于配置了php后,此处“Deny from all”为拒绝一切连接。 把此行修改为 “Allow from all”,即可解决问题。 修改后的代码为: 代码示例:
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
allow from all
</Directory> 浏览器里打开http://localhost,问题解决。 总结:
在apache服务器中,遇到403禁止访问时,重点关注下apache的httpd.conf配置文件中,是否有“Deny from all”这样的代码。
这个可能是修改了某些配置文件后,重启apache,被自动更改的。 附,另外一个apache 403错误的例子。 apache 403错误,显示信息如下:
您无权查看该网页
您可能没有权限用您提供的凭据查看此目录或网页
如果您确信能够查看该目录或网页,请尝试使用 192.168.1.5 主页上所列的电子邮件地址或电话与网站联系。
可以单击搜索,寻找 Internet 上的信息。 HTTP 错误 - 禁止访问
Internet Explorer 去掉显示友好信息的钩后显示Forbidden You don't have permission to access \ on this server.
检查了一遍配置文件httpd.conf,找到这么一段: 代码示例:
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
deny from all
Satisfy all
</Directory> 然后试着把deny from all中的deny改成了allow,保存后重起了apache,访问测试网站完全正常了。
APACHE升级到2.2版本之后,提供和支持不少模块的支持,性能和安全上也有不少改进。
以前配置好apache的httpd.conf之后,即可使用。
但现在必须额外对这个文件进行其他方面的配置,不然会出现 http 403权限问题错误。 解决方法。
以下为httpd.conf文件的其中一段原代码。
把下面代码红色标志进行更改: 代码示例:
<Directory "E:/wamp/www">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# [url]http://httpd.apache.org/docs/2.2/mod/core.html#options[/url]
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride all
#
# Controls who can get stuff from this server.
#
# onlineoffline tag - don't remove
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Directory> 红色部分更改为 Allow from all ,也就是所有访问允许通过。
http://blog.csdn.net/u011130583/article/details/42363831
5、基于端口的虚拟主机配置
实际生产环境中有很多是基于域名的虚拟主机,有很多引用场景:公司内网(如网站后台界面、其他发布类的页面)都是基于端口的虚拟配置。
默认情况http默认监听80端口,所以配置基于端口的主机,就是想应的增加监听端口
[root@localhost1 ~]# cat /opt/apache/conf/extra/httpd-vhosts.conf | grep -v "#" <VirtualHost 192.168.181.128:>
ServerAdmin @qq.com
DocumentRoot "/data/www/bbs"
ServerName 192.168.181.1
ServerAlias abc.com
ErrorLog "logs/bbs-error_log"
CustomLog "logs/bbs-access_log" common
</VirtualHost> <VirtualHost 192.168.181.128:>
ServerAdmin @qq.com
DocumentRoot "/data/www/blog"
ServerName 192.168.181.2
ServerAlias abc.com
ErrorLog "logs/bbs-error_log"
CustomLog "logs/bbs-access_log" common
</VirtualHost>
[root@localhost1 ~]# cat /opt/apache/conf/httpd.conf | grep -v "#" ServerRoot "/opt/apache2.2.34" Listen
Listen 8888
Listen 9999 <IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
User daemon
Group daemon </IfModule>
</IfModule> ServerAdmin you@example.com ServerName 192.168.181.128: DocumentRoot "/opt/apache2.2.34/htdocs" <Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
</Directory> <Directory "/opt/apache2.2.34/htdocs">
Options -Indexes FollowSymLinks AllowOverride None Order allow,deny
Allow from all </Directory> <IfModule dir_module>
DirectoryIndex index.html
</IfModule> <FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch> ErrorLog "logs/error_log" LogLevel warn <IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule> CustomLog "logs/access_log" common </IfModule> <IfModule alias_module> ScriptAlias /cgi-bin/ "/opt/apache2.2.34/cgi-bin/" </IfModule> <IfModule cgid_module>
</IfModule> <Directory "/opt/apache2.2.34/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory> DefaultType text/plain <IfModule headers_module>
RequestHeader unset Proxy early
</IfModule> <IfModule mime_module>
TypesConfig conf/mime.types AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz </IfModule> Include conf/extra/httpd-mpm.conf Include conf/extra/httpd-vhosts.conf <IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule> <Directory "/data/www/bbs">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory> <Directory "/data/www/blog">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
[root@localhost1 ~]# cat /data/www/bbs/index.html
this is a bbs page
[root@localhost1 ~]# cat /data/www/blog/index.html
this is blog page
[root@localhost1 ~]# cat /opt/apache/conf/extra/httpd-vhosts.conf | grep -v "#" <VirtualHost *:>
ServerAdmin @qq.com
DocumentRoot "/data/www/bbs"
ServerName bbs.abc.com
ServerAlias abc.com
ErrorLog "logs/bbs-error_log"
CustomLog "logs/bbs-access_log" common
</VirtualHost> <VirtualHost *:>
ServerAdmin @qq.com
DocumentRoot "/data/www/blog"
ServerName blog.abc.com
ServerAlias abc.com
ErrorLog "logs/bbs-error_log"
CustomLog "logs/bbs-access_log" common
</VirtualHost>
6、Apache服务mod_expires缓存模块
简介:
此模块是允许通过Apache配置文件控制HTTP的“expires”和“cache-control”头的内容,用于控制服务器应答时的“expires”头的内容和“cache-control”头的max-age的指令,这个有效期可以设置为对于源文件最后的修改时间或客户端访问的时间
这些HTTP头向客户端表明了内容的有效性和持久性,如果客户端本地有缓存,则用户再次访问时读取的内容就是从缓存里读取的(缓存没有失效的情况下)而不是从服务器端读取的,客户端还会检查缓存中的内容,看看是不是需要从服务器端进行更新,从而增加用户的体验度,减少服务器的压力,实际生产环境中也是重要的调优参数之一。
(1)检查与安装模块
具体编译命令如下
[root@Centos httpd-2.4.]# ./configure\
--enable-expires
以 DSO 的方式编译安装如下
cd /Downloads/tools/httpd2.2.24/modules/metadata/
/application/apache/bin/apxs -c -i -a mod_expires.c
参数说明
-a 此选项会自动增加一个 LoadModule 行到 httpd.conf 文件中,来激活模块,如果此行已存在,则启用
-c 此选项表示需要执行编译操作
-i 此选项表示需要执行安装操作,以安装一个或多个动态共享对象到服务器 modules 目录中
[root@Centos modules]# cd /Downloads/tools/httpd-2.4./modules/metadata/
[root@Centos metadata]# /application/apache/bin/apxs -a -c -i mod_expires.c
处程省略
----------------------------------------------------------------------
chmod /application/apache2.4.23/modules/mod_expires.so
[activating module `expires' in /application/apache2.4.23/conf/httpd.conf]
检查当前的http headers信息
[root@localhost1 httpd-2.2.]# curl -I http://bbs.abc.com:8888/
HTTP/1.1 OK
Date: Tue, Feb :: GMT
Server: Apache/2.2. (Unix) DAV/
Last-Modified: Tue, Feb :: GMT
ETag: "a059e-13-566276a119d53"
Accept-Ranges: bytes
Content-Length:
Content-Type: text/html
(2)配置模块
配置模块有两种模式:主配置里面配置与单个虚拟主机配置文件里配置
配置HTTP主配置文件如下
[root@localhost1 httpd-2.2.]# vim /opt/apache/conf/httpd.conf
[root@localhost1 httpd-2.2.]# tail - /opt/apache/conf/httpd.conf
ExpiresActive on
ExpiresDefault "access plus 12 month"
ExpiresByType text/css "access plus 12 month"
ExpiresByType image/gif "access plus 12 month"
ExpiresByType image/jpge "access plus 12 month"
ExpiresByType image/jpg "access plus 12 month"
ExpiresByType image/png "access plus 12 month"
ExpiresByType application/x-shockwave-flash "access plus 12 month"
ExpiresByType application/x-javascript "access plus 12 month"
ExpiresByType video/x-flv "access plus 12 month"
[root@localhost1 httpd-2.2.]# tail - /opt/apache/conf/httpd.conf
Allow from all
</Directory> <Directory "/data/www/blog">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory> ExpiresActive on
ExpiresDefault "access plus 12 month"
ExpiresByType text/css "access plus 12 month"
ExpiresByType image/gif "access plus 12 month"
ExpiresByType image/jpge "access plus 12 month"
ExpiresByType image/jpg "access plus 12 month"
ExpiresByType image/png "access plus 12 month"
ExpiresByType application/x-shockwave-flash "access plus 12 month"
ExpiresByType application/x-javascript "access plus 12 month"
ExpiresByType video/x-flv "access plus 12 month"
[root@localhost1 bbs]# curl -I http://bbs.abc.com:8888/
HTTP/1.1 OK
Date: Tue, Feb :: GMT
Server: Apache/2.2. (Unix) DAV/
Last-Modified: Tue, Feb :: GMT
ETag: "a059e-13-566276a119d53"
Accept-Ranges: bytes
Content-Length:
Cache-Control: max-age=
Expires: Fri, Feb :: GMT
Content-Type: text/html
说明如果配置HTTP主配置文件,则全局生效,虚拟主机配置文件则不需要配置
配置单个虚拟主机文件如下:
<VirtualHost *:>
ServerAdmin admini@abc.com
DocumentRoot "/data/www/blog"
ServerName blog.abc.com
ServerAlias blog1.com
ErrorLog "logs/bbs-error_log"
CustomLog "logs/bbs-access_log" common
ExpiresActive on
ExpiresDefault "access plus 12 month"
ExpiresByType text/css "access plus 12 month"
ExpiresByType image/gif "access plus 12 month"
ExpiresByType image/jpge "access plus 12 month"
ExpiresByType image/jpg "access plus 12 month"
ExpiresByType image/png "access plus 12 month"
ExpiresByType application/x-shockwave-flash "access plus 12 month"
ExpiresByType application/x-javascript "access plus 12 month"
ExpiresByType video/x-flv "access plus 12 month"
(3)mod_expires模块的优点:
提升用户对网站的体验度:由于一些文件缓存在本地,访问速度提升了,用户体验也就提升了
减少服务器带宽与负载压力:由于用户访问时时读取本地缓存的文件内容,减少了与服务器之间的交互,从而减少了服务器的压力
节约维护服务器成本:和上述一样,服务器压力小了,维护人员也会相应的减少,服务器配件配置更新的速度也会相应的慢下来
注:这个缓存也会有失效的时候就是用户主动清空浏览器缓存或者有效期过期
7、Apache的mod_deflate压缩模块
简介:
此压缩模块提供了DEFLATE输出过滤器,允许服务器将内容发送给客户端之前进行压缩,节省带宽资源
[root@localhost1 bbs]# /opt/apache/bin/apachectl -l | grep 'deflate'
mod_deflate.c
[root@localhost1 bbs]# curl -I http://bbs.abc.com:8888/
HTTP/1.1 OK
Date: Tue, Feb :: GMT
Server: Apache/2.2. (Unix) DAV/
Last-Modified: Tue, Feb :: GMT
ETag: "a059e-13-566276a119d53"
Accept-Ranges: bytes
Content-Length:
Cache-Control: max-age=
Expires: Fri, Feb :: GMT
Content-Type: text/html
[root@localhost1 bbs]# vim /opt/apache/conf/httpd.conf
[root@localhost1 bbs]# tail - /opt/apache/conf/httpd.conf
</Directory> ExpiresActive on
ExpiresDefault "access plus 12 month"
ExpiresByType text/css "access plus 12 month"
ExpiresByType image/gif "access plus 12 month"
ExpiresByType image/jpge "access plus 12 month"
ExpiresByType image/jpg "access plus 12 month"
ExpiresByType image/png "access plus 12 month"
ExpiresByType application/x-shockwave-flash "access plus 12 month"
ExpiresByType application/x-javascript "access plus 12 month"
ExpiresByType video/x-flv "access plus 12 month" <IfModule mod_deflate.c>
DeflateCompressionLevel 9
SetOutputFilter DEFLATE
AddOutputFilterByType DEFLATE text/html text/plain /text/xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE text/css
</IfModule>
[root@localhost1 bbs]# /opt/apache/bin/apachectl -t
Syntax OK
[root@localhost1 bbs]# /opt/apache/bin/apachectl graceful
[root@localhost1 bbs]# lsof -i tcp:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd root 6w IPv6 0t0 TCP *:ddi-tcp- (LISTEN)
httpd daemon 6u IPv6 0t0 TCP *:ddi-tcp- (LISTEN)
httpd daemon 6u IPv6 0t0 TCP *:ddi-tcp- (LISTEN)
[root@localhost1 bbs]# curl -I http://bbs.abc.com:8888/1.jpg
HTTP/1.1 OK
Date: Tue, Feb :: GMT
Server: Apache/2.2. (Unix) DAV/
Last-Modified: Wed, Nov :: GMT
ETag: "a059a-bdb1-55f1ac137c7c0"
Accept-Ranges: bytes
Content-Length:
Cache-Control: max-age=
Expires: Fri, Feb :: GMT
Vary: Accept-Encoding #出现这个提示表明已经启用压缩
Content-Type: image/jpeg
8、Apache服务日志轮询配置(安装配置cronolog)
Apache服务安装后,默认有自己的日志服务,现在一般生产环境不太常用默认的日志服务
默认日志服务如下
[root@localhost1 bin]# ll
total
-rwxr-xr-x root root Feb : ab
-rwxr-xr-x root root Feb : apachectl
-rwxr-xr-x root root Feb : apr--config
-rwxr-xr-x root root Feb : apu--config
-rwxr-xr-x root root Feb : apxs
-rwxr-xr-x root root Feb : checkgid
-rwxr-xr-x root root Feb : dbmmanage
-rw-r--r-- root root Feb : envvars
-rw-r--r-- root root Feb : envvars-std
-rwxr-xr-x root root Feb : htcacheclean
-rwxr-xr-x root root Feb : htdbm
-rwxr-xr-x root root Feb : htdigest
-rwxr-xr-x root root Feb : htpasswd
-rwxr-xr-x root root Feb : httpd
-rwxr-xr-x root root Feb : httxt2dbm
-rwxr-xr-x root root Feb : logresolve
-rwxr-xr-x 1 root root 24964 Feb 26 17:10 rotatelogs #默认日志服务
查看服务安装是否成功
[root@Centos cronolog-1.6.]# ls /usr/local/sbin/
cronolog cronosplit
编辑主配置文件修改日志配置
[root@Centos cronolog-1.6.]# vi /application/apache/conf/extra/httpd-vhosts.conf
#port bash name
<VirtualHost *:>
ServerAdmin admini@abc.com
DocumentRoot "/data/www/bbs"
ServerName bbs.abc.com
ServerAlias bbs.com
ErrorLog "logs/bbs-error_log"
#CustomLog "logs/bbs-access_log" common#注释掉原来的配置,新增下面一行配置
CustomLog "|/usr/local/sbin/cronolog /application/apache/logs/bbs-access_%d.log" combined
#按天来轮询日志信息
"/application/apache2.4.23/conf/extra/httpd-vhosts.conf" 43L, 1397C written
检查语法与重启服务
[root@Centos cronolog-1.6.]# /application/apache/bin/apachectl -t
Syntax OK
[root@Centos cronolog-1.6.]# /application/apache/bin/apachectl graceful
、 查看日志信息
进入日志记录的目录查看
[root@Centos cronolog-1.6.]# cd /application/apache/logs/
[root@Centos logs]# ll
total
-rw-r--r--. root root Sep : access_log
-rw-r--r--. root root Sep : bbs-access_log
-rw-r--r--. root root Sep : bbs-error_log
-rw-r--r--. root root Sep : blog-access_log
-rw-r--r--. root root Sep : blog-error_log
-rw-r--r--. root root Sep : error_log
-rw-r--r--. root root Sep : httpd.pid
上面是原来的日志目录内容,接下来我们访问站点看看目录内容会不会有变化
/
[root@Centos logs]# ll
total
-rw-r--r--. root root Sep : access_log
-rw-r--r--. root root Sep : bbs-access_23.log
-rw-r--r--. root root Sep : bbs-access_log
-rw-r--r--. root root Sep : bbs-error_log
-rw-r--r--. root root Sep : blog-access_log
-rw-r--r--. root root Sep : blog-error_log
-rw-r--r--. root root Sep : error_log
-rw-r--r--. root root Sep : httpd.pid
表明配置是正确的,访问站点后会自动生成以天为单位的日志文件
[root@Centos logs]# date -s '09/24/16'
Sat Sep :: CST
[root@Centos logs]# ll
total
-rw-r--r--. root root Sep : access_log
-rw-r--r--. root root Sep : bbs-access_23.log
-rw-r--r--. root root Sep : bbs-access_24.log
-rw-r--r--. root root Sep : bbs-access_log
-rw-r--r--. root root Sep : bbs-error_log
-rw-r--r--. root root Sep : blog-access_log
-rw-r--r--. root root Sep : blog-error_log
-rw-r--r--. root root Sep : error_log
-rw-r--r--. root root Sep : httpd.pid
修改时间后,目录会自动生产一个日志文件
、 日志记录的信息
[root@Centos logs]# tail -f /application/apache/logs/bbs-access_24.log
192.168.1.200 - - [/Sep/::: +] "GET / HTTP/1.1" "-" "Mozilla/5.0 (compatible;
MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
192.168.1.200 - - [/Sep/::: +] "GET / HTTP/1.1" "-" "Mozilla/5.0 (compatible;
MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
目前是六行信息,我们在客户端刷新网页看看变化
[root@Centos logs]# tail -f /application/apache/logs/bbs-access_24.log
192.168.1.200 - - [/Sep/::: +] "GET / HTTP/1.1" "-" "Mozilla/5.0 (compatible;
MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
/
192.168.1.200 - - [/Sep/::: +] "GET / HTTP/1.1" "-" "Mozilla/5.0 (compatible;
MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
192.168.1.200 - - [/Sep/::: +] "GET / HTTP/1.1" "-" "Mozilla/5.0 (compatible;
MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
192.168.1.200 - - [/Sep/::: +] "GET / HTTP/1.1" "-" "Mozilla/5.0 (compatible;
MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
刷新两次就会增加两行的日志记录,信息里说明有:客户端地址、访问时间、协议、客户端系统版本、浏览器
9、Apache服务优化配置
(1)修改默认配置用户
Apache默认用户是deamon
[root@localhost1 logs]# egrep "User|Group" /opt/apache/conf/httpd.conf
# User/Group: The name (or #number) of the user/group to run httpd as.
User apache
Group apache
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
# User home directories
(2)错误页面修改
[root@Centos ~]# grep "Error" /application/apache/conf/httpd.conf
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
ErrorLog "logs/error_log"
#ErrorDocument "The server made a boo boo."
#ErrorDocument /missing.html # ErrorDocument http://www.abc.com 跳转到指定页面
#ErrorDocument "/cgi-bin/missing_handler.pl"
#ErrorDocument http://www.example.com/subscription_info.html:
(3)使用worker模式
编译安装时已经使用worker模式,提高并发
(4)屏蔽Apache版本信息
修改 httpd.conf 文件,打开模块
[root@Centos conf]# cat /application/apache/conf/httpd.conf|grep httpd-default
#Include conf/extra/httpd-default.conf
修改成 Include conf/extra/httpd-default.conf
[root@Centos conf]# sed -i 's#\#Include conf/extra/httpd-default.conf#Include conf/extra/httpd-default.conf#g'
//application/apache/conf/httpd.conf
[root@Centos conf]# cat /application/apache/conf/httpd.conf|grep httpd-default
Include conf/extra/httpd-default.conf
[root@Centos conf]# ../bin/apachectl -t
Syntax OK
[root@Centos conf]# ../bin/apachectl graceful
[root@Centos apache]# egrep -v "^.*#|^$" ./conf/extra/httpd-default.conf
Timeout
KeepAlive On
MaxKeepAliveRequests
KeepAliveTimeout
UseCanonicalName Off
AccessFileName .htaccess
ServerTokens Full-----------------------------------------------> ServerTokens Prod
ServerSignature On---------------------------------------------> ServerSignature Off
HostnameLookups Off
<IfModule reqtimeout_module>
RequestReadTimeout header=-,MinRate= body=,MinRate=
</IfModule>
(5)禁止目录浏览权限
</IfModule>
<Directory "/data/www/blog">
Options Indexes FollowSymLinks #修改成 OptionsFollowSymLinks
AllowOverride None
Require all granted
</Directory>
(6)禁止用户覆盖(重载)
</IfModule>
<Directory "/data/www/blog">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
(7)开启Apache防盗链功能
此功能是为了其它用户使用站点中的文件,但是不是下载到本地然后上传到 B 网站,而是直接使用文件的链接,
所以当别的用户访问这个链接时,其实真正访问的不是 B 网站,而是我们的站点服务器,一旦这种流量增加,
就会增加服务器的负载,所以这也是优化的重要参数之一
首先在/application/apache/conf/httpd.conf 文件里打开如下模块
LoadModule rewrite_module modules/mod_rewrite.so
<IfModule rewrite_module >
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.abc.com.org/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.abc.com.org$ [NC]
RewriteCond %{HTTP_REFERER} !^ abc.com.org/.*$ [NC]
</IfModule>
优化的参数太多,具体应用还得实际生产环境的需求
(8)禁止PHP解析指定站点的目录
<Directory "/data/www/blog">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
php_flag engine off #防止上传 PHP 木马文件,远程执行
</Directory>
LAMP之Apache的更多相关文章
- 转:CentOS/Debian/Ubuntu一键安装LAMP(Apache/MySQL/PHP)环境
CentOS/Debian/Ubuntu一键安装LAMP(Apache/MySQL/PHP) 今天遇到一个网友提到需要在Linux VPS服务器中安装LAMP(Apache/MySQL/PHP)网站环 ...
- CentOS 6.6安装配置LAMP服务器(Apache+PHP5+MySQL)
准备篇: CentOS 6.6系统安装配置图解教程 http://www.osyunwei.com/archives/8398.html 1.配置防火墙,开启80端口.3306端口 vi /etc/s ...
- CentOS 6.4安装配置LAMP服务器(Apache+PHP5+MySQL)
这篇文章主要介绍了CentOS 6.4安装配置LAMP服务器(Apache+PHP5+MySQL)的方法,需要的朋友可以参考下 文章写的不错,很详细:IDO转载自网络: 准备篇: 1.配置防火墙,开启 ...
- CentOS 7.0安装配置LAMP服务器(Apache+PHP+MariaDB)
CentOS 7.0默认使用的是firewall作为防火墙,这里改为iptables防火墙. 1.关闭firewall: systemctl stop firewalld.service #停止fir ...
- 阿里云服务器CentOS 5.7(64位)安装配置LAMP服务器(Apache+PHP5+MySQL)
一.快速安装Apache+PHP5+MySql ----------------------------------------------------- 补充:由于163的yum源上只有php5.1 ...
- Centos下安装配置LAMP(Linux+Apache+MySQL+PHP)
Centos下安装配置LAMP(Linux+Apache+MySQL+PHP) 关于LAMP的各种知识,还请大家自行百度谷歌,在这里就不详细的介绍了,今天主要是介绍一下在Centos下安装,搭建一 ...
- CentOS 6.3安装配置LAMP服务器(Apache+PHP5+MySQL)
准备篇: 1.配置防火墙,开启80端口.3306端口 vi /etc/sysconfig/iptables -A INPUT -m state --state NEW -m tcp -p tcp -- ...
- Linux Ubuntu 14.04安装LAMP(Apache+MySQL+PHP)网站环境
从虚拟主机到VPS/服务器的过度,对于普通的非技术型的站长用户来说可能稍许有一些困难,麦子建议我们如果能够在虚拟主机环境中满足建站需要的, 还是用虚拟主机比较好.除非我们真的有需要或者希望从虚拟主机过 ...
- CentOS 6.5安装配置LAMP服务器(Apache+PHP5+MySQL)的方法
CentOS 6.5安装配置LAMP服务器(Apache+PHP5+MySQL)的方法 准备篇: 1.配置防火墙,开启80端口.3306端口vi /etc/sysconfig/iptables-A I ...
- Install LAMP Server (Apache, MariaDB, PHP) On CentOS/RHEL/Scientific Linux 7
Install LAMP Server (Apache, MariaDB, PHP) On CentOS/RHEL/Scientific Linux 7 By SK - August 12, 201 ...
随机推荐
- Cortex-M0(+)内核的处理器架构简介
Cortex-M0(+)内核的处理器架构简介 2015年03月02日 16:51:12 阅读数:3158 系统架构 Cortex-M0处理器具有32位系统总线接口,以及32位地址线,即有4GB的地址空 ...
- mina在spring中的配置多个端口
本次练习中是监听2个端口 applicationContext-mina.xml: <?xml version="1.0" encoding="UTF-8" ...
- Maven的Snapshot版本与Release版本
1. Snapshot版本代表不稳定.尚处于开发中的版本 2. Release版本则代表稳定的版本 3. 什么情况下该用SNAPSHOT? 协同开发时,如果A依赖构件B,由于B会更新,B应该使用SNA ...
- leetcode665
这道题目,主要是判断相邻的两个值的大小,并按照要求的方式,将数组的数值都修正为符合要求的值. 然后通过一次的遍历,计算所累积的移动次数. bool checkPossibility(vector< ...
- mui封装的ajax请求
由于项目中引进MUI框架,所以就不需要引进jquery,但需要和后台交互时,常写为jquery格式:所以笔者觉得有必要将mui封装的ajax请求在这里提一下: 1,mui框架基于htm5plus的XM ...
- ASCII / Unicode / UTF-8 / GBK
1 ASCII ASCII(American Standard Code for Information Interchange,美国标准信息交换代码)是基于拉丁字母的一套电脑编码系统,主要用于显示现 ...
- 3D模型浏览器的实现思路
前段时间正好浏览了数据结构中关于图的部分,突然就意识到一个问题,3D模型就是用无向图来存储的.仔细想一想是不是这样呢? 一个3D模型去掉材质之后剩下的部分就是点以及点和点之间的连线了,点我们用三维坐标 ...
- apache隐藏入口文件index.php
LoadModule rewrite_module modules/mod_rewrite.so
- Java面试问题列表
- 使用 Bulma
一.起因 最近我在学习 SASS,通过它,可以将 CSS 像编程语言一样书写. 在最近之前,我又学习了 Flex 布局,用起来很方便. 所以,我学习了 Bulma 这个纯 CSS 框架--使用 Fle ...