以centos6.5爲例
配置文件:
/etc/httpd/conf/httpd.conf
/etc/httpd/conf.d/*.conf
服務腳本:
/etc/rc.d/init.d/httpd
腳本配置文件:/etc/sysconfig/httpd
主程序文件:
/usr/sbin/httpd
/usr/sbin/httpd.event
/usr/sbin/httpd.worker
日誌文件:
/var/log/httpd:
access_log:訪問日誌
error_log:錯誤日誌
站點文檔(默認存放網站目錄):
/var/www/html
模塊文件路徑:
/usr/lib64/httpd/modules
服務控制和啓動:
chkconfig httpd on|off
service {start|stop|restart|status|configtest|reload} httpd1,安裝httpd,啓動服務並設置自動啓動
~]# yum install httpd -y
~]# chkconfig httpd on
~]# service httpd start 查看主配置段落
~]# grep -i 'section' /etc/httpd/conf/httpd.conf
# The configuration directives are grouped into three basic sections:
### Section 1: Global Environment #全局環境配置段
# The directives in this section affect the overall operation of Apache,
### Section 2: 'Main' server configuration 主配置段
# The directives in this section set up the values used by the 'main'
# WebDAV module configuration section.
### Section 3: Virtual Hosts #虛擬主機配置段
# The first VirtualHost section is used for requests without a known常用配置:
1、修改監聽的IP和PORT
Listen [IP:]PORT
(1) 省略IP表示爲0.0.0.0;
(2) Listen指令可重複出現多次;
Listen 80
Listen 8080
(3) 修改監聽socket,重啓服務進程方可
創建測試網頁
~]# /var/www/html/test.html
<html>
<head>
<title>百度</title>
</head>
<body>
<h1></h1>
<p> baidu... <a href="http://www.baidu.com"> bla... </a> </p>
<h2> </h2>
</body>
</html>
測試機安裝telnet
~]# yum install telnet -y
KeepAlive Off測試短連接
~]# telnet 172.16.100.65 80
Trying 172.16.100.65...
Connected to 172.16.100.65.
Escape character is '^]'.
GET /test.html HTTP/1.1
HOST:172.16.100.65
HTTP/1.1 200 OK
Date: Tue, 30 Oct 2018 23:03:09 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 30 Oct 2018 21:54:05 GMT
ETag: "4c0640-194-579793975ed24"
Accept-Ranges: bytes
Content-Length: 404
Connection: close #連接建立後立即端開
Content-Type: text/html; charset=UTF-8
<html>
<head>
<title>百度</title>
</head>
<body>
<h1></h1>
<p> baidu... <a href="http://www.baidu.com"> bla... </a> </p>
<h2> </h2>
</body>
</html>
Connection closed by foreign host.
備註:GET /test.html HTTP/1.0 回車一次 HOST:172.16.100.65回車2次
KeepAlive On測試持久鏈接
~]# service httpd restart
測試效果,15s後端口連接
~]# telnet 172.16.100.65 80
Trying 172.16.100.65...
Connected to 172.16.100.65.
Escape character is '^]'.
GET /test.html HTTP/1.1
HOST:172.16.100.65
HTTP/1.1 200 OK
Date: Tue, 30 Oct 2018 23:06:29 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 30 Oct 2018 21:54:05 GMT
ETag: "4c0640-194-579793975ed24"
Accept-Ranges: bytes
Content-Length: 404
Content-Type: text/html; charset=UTF-8
<html>
<head>
<title>百度</title>
</head>
<body>
<h1></h1>
<p> baidu... <a href="http://www.baidu.com"> bla... </a> </p>
<h2> </h2>
</body>
</html>
Connection closed by foreign host.
默認MPM模式爲prefork,變更爲worker模式
~]# vim /etc/sysconfig/httpd
~]# service httpd restart
停止 httpd: [確定]
正在啓動 httpd:httpd.worker: apr_sockaddr_info_get() failed for Centos6.5
httpd.worker: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
查看worker模式進程數
~]# ps aux | grep httpd
root 2959 0.0 0.1 186608 4168 ? Ss 08:16 0:00 /usr/sbin/httpd.worker
apache 2962 1.6 0.2 530868 9472 ? Sl 08:16 0:00 /usr/sbin/httpd.worker
apache 2963 4.0 0.2 530868 9468 ? Sl 08:16 0:00 /usr/sbin/httpd.worker
apache 2965 1.0 0.2 530868 9484 ? Sl 08:16 0:00 /usr/sbin/httpd.worker
root 3075 0.0 0.0 103256 840 pts/1 R+ 08:16 0:00 grep httpd
監控進程
~]# watch -n.5 'ps aux | grep httpd'
重啓看監控效果
~]# service httpd restart
創建web站點目錄(創建URL根路徑)
~]# mkdir -pv /web/host1
mkdir: 已創建目錄 "/web"
mkdir: 已創建目錄 "/web/host1"
[root@Centos6 ~]# vim /web/host1/index.html
<html>
<head>
<title>host1</title>
</head>
<body>
<h1></h1>
<p> host1 test.index... <a href="http://www.baidu.com"> bla... </a> </p>
<h2> </h2>
</body>
</html>
~]# vim /etc/httpd/conf/httpd.conf
DocumentRoot "/web/host1"
http://172.16.100.65
2、持久連接
Persistent Connection:tcp連續建立後,每個資源獲取完成後不全
斷開連接,而是繼續等待其它資源請求的進行;
如何斷開?
數量限制
時間限制
副作用:對併發訪問量較大的服務器,長連接機制會使得後續某些請求無法得到正常 響應;
折衷:使用較短的持久連接時長,以及較少的請求數量;
KeepAlive On|Off
KeepAliveTimeout 15
MaxKeepAliveRequests 100
測試:
telnet WEB_SERVER_IP PORT
GET /URL HTTP/1.1
Host: WEB_SERVER_IP
3、MPM
httpd-2.2不支持同時編譯多個MPM模塊,所以只能編譯選定要使用的那個;CentOS 6的rpm包爲此專門提供了三個應用程序文件,httpd(prefork), httpd.worker, httpd.event,分別用於實現對不同的MPM機制的支持;確認現在使用的是哪下程序文件的方法:
ps aux | grep httpd
默認使用的爲/usr/sbin/httpd,其爲prefork的MPM模塊 ;
查看httpd程序的模塊列表:
查看靜態編譯的模塊:
# httpd -l
查看靜態編譯及動態編譯的模塊:
# httpd -M
更換使用httpd程序,以支持其它MPM機制;
/etc/sysconfig/httpd
HTTPD=/usr/sbin/httpd.{worker,event}
注意:重啓服務進程方可生效
MPM配置:
prefork的配置
<IfModule prefork.c>
StartServers 8
MinSpareServers 5
MaxSpareServers 20
ServerLimit 256
MaxClients 256
MaxRequestsPerChild 4000
</IfModule>
worker的配置:
<IfModule worker.c>
StartServers 4
MaxClients 300
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
PV,UV
PV:Page View
UV: User View
4、DSO
配置指定實現模塊加載
LoadModule <mod_name> <mod_path>
模塊文件路徑可使用相對路徑:
相對於ServerRoot(默認/etc/httpd)
5、定義'Main' server的文檔頁面路徑
DocumentRoot ""
文檔路徑映射:
DoucmentRoot指向的路徑爲URL路徑的起始位置
其相當於站點URL的根路徑;
(FileSystem) /web/host1/index.html --> (URL) /index.html
6、站點訪問控制常見機制
可基於兩種機制指明對哪些資源進行何種訪問控制
<Directory "">
...
</Directory>
<File "">
...
</File>
<FileMatch "PATTERN">
...
</FileMatch>
URL路徑:
<Location "">
...
</Location>
<LocationMatch "">
...
</LocationMatch>
<Directory>中“基於源地址”實現訪問控制:
(1) Options
後跟1個或多個以空白字符分隔的“選項”列表;
Indexes:指明的URL路徑下不存在與定義的主頁面資源相符的資源文件時,返回索引列表給用戶;
FollowSymLinks:允許跟蹤符號鏈接文件所指向的源文件;
None:
All:
(2) AllowOverride與訪問控制相關的哪些指令可以放在.htaccess文件(每個目錄下都可以有一個)中;
All:
None:
(3) order和allow、deny
order:定義生效次序;寫在後面的表示默認法則;
Allow from, Deny from
來源地址:
IP
NetAddr:
172.16
172.16.0.0
172.16.0.0/16
172.16.0.0/255.255.0.0
7、定義站點主頁面:
DirectoryIndex index.html index.html.var
8、定義路徑別名
格式:
Alias /URL/ "/PATH/TO/SOMEDIR/"
DocumentRoot "/www/htdocs"
http://www.iecentury.com/download/bash-4.4.2-3.el6.x86_64.rpm
/www/htdocs/download/bash-4.4.2-3.el6.x86_64.rpm
Alias /download/ "/rpms/pub/"
http://www.iecentury.com/download/bash-4.4.2-3.el6.x86_64.rpm
/rpms/pub/bash-4.4.2-3.el6.x86_64.rpm
http://www.iecentury.com/images/logo.png
/www/htdocs/images/logo.png
9、設定默認字符集
AddDefaultCharset UTF-8
中文字符集:GBK, GB2312, GB18030
10、日誌設定
日誌類型:訪問日誌 和 錯誤日誌
錯誤日誌:
ErrorLog logs/error_log
LogLevel warn
Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
訪問日誌:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
CustomLog logs/access_log combined
LogFormat format strings:
http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats
%h:客戶端IP地址;
%l:Remote User, 通常爲一個減號(“-”);
%u:Remote user (from auth; may be bogus if return status (%s) is 401);非爲登錄訪問時,其爲一個減號;
%t:服務器收到請求時的時間;
%r:First line of request,即表示請求報文的首行;記錄了此次請求的“方法”,“URL”以及協議版本;
%>s:響應狀態碼;
%b:響應報文的大小,單位是字節;不包括響應報文的http首部;
%{Referer}i:請求報文中首部“referer”的值;即從哪個頁面中的超鏈接跳轉至當前頁面的;
%{User-Agent}i:請求報文中首部“User-Agent”的值;即發出請求的應用程序;
11、基於用戶的訪問控制
認證質詢:
WWW-Authenticate:響應碼爲401,拒絕客戶端請求,並說明要求客戶端提供賬號和密碼;
認證:
Authorization:客戶端用戶填入賬號和密碼後再次發送請求報文;認證通過時,則服務器發送響應的資源;
認證方式有兩種:
basic:明文
digest:消息摘要認證
安全域:需要用戶認證後方能訪問的路徑;應該通過名稱對其進行標
識,以便於告知用戶認證的原因;
用戶的賬號和密碼存放於何處?
虛擬賬號:僅用於訪問某服務時用到的認證標識
存儲:
文本文件;
SQL數據庫;
ldap目錄存儲;
basic認證配置示例:
(1) 定義安全域
<Directory "">
Options None
AllowOverride None
AuthType Basic
AuthName "String“
AuthUserFile "/PATH/TO/HTTPD_USER_PASSWD_FILE"
Require user username1 username2 ...
</Directory>
允許賬號文件中的所有用戶登錄訪問:
Require valid-user
(2) 提供賬號和密碼存儲(文本文件)
使用專用命令完成此類文件的創建及用戶管理
htpasswd [options] /PATH/TO/HTTPD_PASSWD_FILE username
-c:自動創建此處指定的文件,
因此,僅應該在此文件不存在時使用;
-m:md5格式加密
-s: sha格式加密
-D:刪除指定用戶
另外:基於組賬號進行認證;
(1) 定義安全域
<Directory "">
Options None
AllowOverride None
AuthType Basic
AuthName "String“
AuthUserFile "/PATH/TO/HTTPD_USER_PASSWD_FILE"
AuthGroupFile "/PATH/TO/HTTPD_GROUP_FILE"
Require group grpname1 grpname2 ...
</Directory>
(2) 創建用戶賬號和組賬號文件;
組文件:每一行定義一個組
GRP_NAME: username1 username2 ...
12、虛擬主機
站點標識: socket
IP相同,但端口不同;
IP不同,但端口均爲默認端口;
FQDN不同;
請求報文中首部
Host: www.iecentury.com
有三種實現方案:
基於ip:
爲每個虛擬主機準備至少一個ip地址;
基於port:
爲每個虛擬主機使用至少一個獨立的port;
基於FQDN:
爲每個虛擬主機使用至少一個FQDN;
注意:一般虛擬機不要與中心主機混用;因此,要使用虛擬主機,得
先禁用'main'主機;
禁用方法:註釋中心主機的DocumentRoot指令即可;
虛擬主機的配置方法:
<VirtualHost IP:PORT>
ServerName FQDN
DocumentRoot ""
</VirtualHost>
其它可用指令:
ServerAlias:虛擬主機的別名;可多次使用;
ErrorLog:
CustomLog:
<Directory "">
...
</Directory>
Alias
...
基於IP的虛擬主機示例:
<VirtualHost 172.16.100.6:80>
ServerName www.a.com
DocumentRoot "/www/a.com/htdocs"
</VirtualHost>
<VirtualHost 172.16.100.7:80>
ServerName www.b.net
DocumentRoot "/www/b.net/htdocs"
</VirtualHost>
<VirtualHost 172.16.100.8:80>
ServerName www.c.org
DocumentRoot "/www/c.org/htdocs"
</VirtualHost>
基於端口的虛擬主機:
<VirtualHost 172.16.100.6:80>
ServerName www.a.com
DocumentRoot "/www/a.com/htdocs"
</VirtualHost>
<VirtualHost 172.16.100.6:808>
ServerName www.b.net
DocumentRoot "/www/b.net/htdocs"
</VirtualHost>
<VirtualHost 172.16.100.6:8080>
ServerName www.c.org
DocumentRoot "/www/c.org/htdocs"
</VirtualHost>
基於FQDN的虛擬主機:
NameVirtualHost 172.16.100.6:80
<VirtualHost 172.16.100.6:80>
ServerName www.a.com
DocumentRoot "/www/a.com/htdocs"
</VirtualHost>
<VirtualHost 172.16.100.6:80>
ServerName www.b.net
DocumentRoot "/www/b.net/htdocs"
</VirtualHost>
<VirtualHost 172.16.100.6:80>
ServerName www.c.org
DocumentRoot "/www/c.org/htdocs"
</VirtualHost>
13、status頁面
LoadModule status_module modules/mod_status.so
<Location /server-status>
SetHandler server-status
Order allow,deny
Allow from 172.16
</Location>