配置文件概览

  • 主配置文件位置: /etc/httpd/conf/httpd.conf

  • httpd -t 可测试配置文件的语法是否有误

  • 配置文件大概分为3个部分,可以通过grep命令来大致查看:

1
2
3
4
[root@c2 conf]# grep "Section" httpd.conf
### Section 1: Global Environment
### Section 2: 'Main' server configuration
### Section 3: Virtual Hosts

  • 另外,Main server和Virtual Hosts配置同时只能有一个生效

  • 可以在/etc/httpd/conf.d/目录下定义以.conf结尾的文件来定义属性,也可以直接修改httpd.conf文件

httpd.conf配置文件的内容格式基本都是 

1
directive-name directive-value

比如

1
MaxKeepAliveRequests 100

几个命令

  • htpasswd:可用于生成访问控制所需的用户密码文件
    • -c:新建文件
    • -m:以md5的方式加密
    • -d:删除指定文件中的指定用户
1
2
3
4
5
6
7
8
9
10
11
[root@c2 conf.d]# htpasswd -c -m /etc/httpd/.users tom
New password: 
Re-type new password: 
Adding password for user tom
[root@c2 conf.d]# htpasswd -m /etc/httpd/.users cat
New password: 
Re-type new password: 
Adding password for user cat
[root@c2 conf.d]# cat /etc/httpd/.users 
tom:$apr1$j/IgPNIo$5zyp/tnoWrGencgOWlIYu/
cat:$apr1$W.Vbd.1S$2er0pf.3dtKjP71L9VPJI1
  • httpd
    • -l:查看内置模块:
    • -M:
1
2
3
4
5
6
[root@c2 conf.d]# httpd -l
Compiled in modules:
  core.c
  prefork.c
  http_core.c
  mod_so.c

常用配置说明

全局配置

基本配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# 显示服务器信息,详情可参考 : http://www.ha97.com/2505.html
ServerTokens OS
## ServerRoot
ServerRoot "/etc/httpd"
## PidFile run/httpd.pid
PidFile run/httpd.pid
# Timeout: The number of seconds before receives and sends time out.
Timeout 60
# 是否启用长连接
KeepAlive Off|On
# 一个长连接所允许的最大请求数目
# 0表示无限制
MaxKeepAliveRequests 100
# 一个长连接允许的最大"发呆时间",单位:秒
KeepAliveTimeout 15
#指定监听地址和端口
# Listen 192.168.1.111:80
Listen 80
# Load config files from the config directory "/etc/httpd/conf.d".
Include conf.d/*.conf
# 指定worker子进程以哪个用户的身份运行
User apache
Group apache

LoadModule

该指令配置httpd在启动的时候加载哪些模块

格式:

1
LoadModule 模块名 模块路径(相对)
1
2
3
4
5
6
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
........................

Options

  • None:不支持任何选项
  • Indexes:索引目录功能
  • FollowSymLinks:是否允许访问符号链接指向的原文件
  • Includes:是否允许服务器端包含(SSI-ServerSideInclude)
  • SymLinksifOwnerMatch
  • ExecCGI:允许允许CGI脚本
  • MultiViews:内容协商相关的多视图技术支持,比如国际化等
  • All:支持所有选项

Allow

定义基于主机的访问控制

1
2
3
4
5
6
7
# 顺序
Order allow,deny
Allow from all
# 只禁止192.168.0.1,172.16.100.177访问
Order from deny,allow
Deny 192.168.0.1,172.16.100.177
1
2
3
4
5
6
# 禁止任何用于远程访问以.ht开头的文件
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</Files>

AllowOverride

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
AllowOverride AuthConfig
# 认证类型:基本认证
AuthType Basic
# 认证提示
AuthName "Restricted Site ..."
# 认证所需用户密码文件位置
AuthUserFile "/etc/httpd/conf/.users"
# AuthGroupFile "/etc/httpd/conf/.groups"
# AuthUserFile所定义的所有用户都可以访问
Require valid-user
# 只允许tom访问
# Require user tom
# Require group my_group_name

Directory

本地文件系统

1
2
3
4
5
6
7
8
<Directory "/web/htdocs/4">
	Options None
	AllowOverride AuthConfig
	AuthType Basic
	AuthName "用户认证"
	AuthUserFile /etc/httpd/conf/.users
	Require valid-user
</Directory>

Location

1
2
3
4
5
6
<Location /status>
	SetHandler server-status
	Order Deny,Allow
	Deny from all
	Alow from foo.bar.com
</Location>

Main server配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
ServerAdmin root@localhost
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If this is not set to valid DNS name for your host, server-generated
# redirections will not work.  See also the UseCanonicalName directive.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
# You will have to access it by its address anyway, and this will make 
# redirections work in a sensible way.
#ServerName www.example.com:80
#
# UseCanonicalName: Determines how Apache constructs self-referencing 
# URLs and the SERVER_NAME and SERVER_PORT variables.
# When set "Off", Apache will use the Hostname and Port supplied
# by the client.  When set "On", Apache will use the value of the
# ServerName directive.
UseCanonicalName Off
# 站点根目录
DocumentRoot "/var/www/html"
# 默认主页
DirectoryIndex index.html index.html.var
# 支持的MIME类型定义文件所在路径
TypesConfig /etc/mime.types
# 默认的MIME类型
DefaultType text/plain
# 日志(access_log)中记录client的IP地址(Off)还是其hostname(On)
# 一般都是Off,因为反解析主机名较浪费时间
HostnameLookups Off
ErrorLog logs/error_log
# debug, info, notice, warn, error, crit,alert, emerg.
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
#此处的combined即为LogFormat的别名
CustomLog logs/access_log combined
# 别名
Alias /icons/ "/var/www/icons/"

虚拟主机配置

虚拟主机和Main Server同时只能有一个起作用,注释掉DocumentRoot即可禁用Main Server

对于虚拟主机的配置可直接在httpd.conf中编辑定义,也可在/etc/httpd/conf.d/目录下定义以.conf结尾的文件来定义。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# Use name-based virtual hosting.
#NameVirtualHost *:80
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
<VirtualHost *:80>
    ServerAdmin webmaster@dummy-host.example.com
    DocumentRoot /www/docs/dummy-host.example.com
    ServerName dummy-host.example.com
    ErrorLog logs/dummy-host.example.com-error_log
    CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>

基于主机名、IP、端口混合的虚拟主机定义例子:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
Listen 8080
# 在所有IP上,80端口使用基于主机名的虚拟主机
# NameVirtualHost *:80
<VirtualHost 192.168.1.103:80>
	ServerName my-host-1.com
	DocumentRoot /web/htdocs/1
	CustomLog logs/referer_log combined
	<Directory "/web/htdocs/1">
		Options Indexes
		AllowOverride None
    	Order deny,allow
    	# 拒绝192.168.1.106访问
    	Deny from 192.168.1.106
	</Directory>
</VirtualHost>
<VirtualHost 192.168.1.103:80>
	ServerName my-host-2.com
	DocumentRoot /web/htdocs/2
</VirtualHost>
<VirtualHost 192.168.1.166:80>
	ServerName my-host-3.com
	DocumentRoot /web/htdocs/3
</VirtualHost>
<VirtualHost 192.168.1.103:8080>
	# 添加:Listen 8080
	ServerName my-host-4.com
	DocumentRoot /web/htdocs/4
	<Directory "/web/htdocs/4">
		Options None
		AllowOverride AuthConfig
		AuthType Basic
		AuthName "用户认证"
		AuthUserFile /etc/httpd/conf/.users
		Require valid-user
	</Directory>
</VirtualHost>

和MPM相关的配置

MPM相关信息请看下文MPM章节

在`之间的配置只会在对应模块prefork启用时生效,其他类似。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
<IfModule prefork.c>
# 服务器刚启动时的服务进程数
StartServers       8
# 最少空闲进程数
MinSpareServers    5
# 最大空闲进程数
MaxSpareServers   20
# MaxClients的上限值
ServerLimit      256
# 最大同时支持的请求数
MaxClients       256
# 每个子进程最多响应多少次请求
#达到此值后强行杀死进程,并重新启动一个新的子进程
MaxRequestsPerChild  4000
</IfModule>
<IfModule worker.c>
StartServers         4
MaxClients         300
# 最少空闲线程数
MinSpareThreads     25
# 最大空闲线程数
MaxSpareThreads     75 
ThreadsPerChild     25
MaxRequestsPerChild  0
</IfModule>

MPM

Multi Process Modules

几个MPM模型

  • mpm_winnt
  • prefork
    • 一个请求用一个进程响应
    • 稳定
    • 性能低
  • worker
    • 每个进程产生多个线程
    • 一个请求用一个线程响应
  • event
    • 一个进程处理过个请求

各个模型对应的启动脚本如下

1
2
3
/usr/sbin/httpd
/usr/sbin/httpd.event
/usr/sbin/httpd.worker

各个MPM模型默认模块

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
[root@c2 conf.d]# httpd -l
Compiled in modules:
  core.c
  prefork.c
  http_core.c
  mod_so.c
[root@c2 conf.d]# httpd.worker -l
Compiled in modules:
  core.c
  worker.c
  http_core.c
  mod_so.c
[root@c2 conf.d]# httpd.event -l
Compiled in modules:
  core.c
  event.c
  http_core.c
  mod_so.c

修改httpd的MPM

1
vim /etc/sysconfig/httpd

修改HTTPD配置即可

1
#HTTPD=/usr/sbin/httpd.worker