Personal blog address: http://www.pojun.tech/ Welcome to visit
Server application
Usually, as we say, there are two types of server applications: http server and application server. The typical representatives of http server are Apache Http Server and Nginx. The typical representatives of application server are IIS,Tomcat and jetty.
_Many friends who have done java development should know Apache Tomcat, but what are the specific differences and connections between them? You can inquire about the information on the Internet by yourselves, or you can refer to it by yourselves. https://www.zhihu.com/question/32212996 Let's get to know.
Of course, you can also go to this website to check the market share of current mainstream servers. https://www.netcraft.com/
Full Resolution of Apache Httpd 2.2 Configuration
At present, in the field of computer operation and maintenance, there are several popular architectures, LAMP and LNMP. Here A in LAMP refers to Apache Httpd Server.
Httpd version 2.2 is installed by default in_CentOS 6 system, while Httpd version 2.4 is supported by default in CentOS 7 system. They are different in use. At the same time, if you want to install Httpd2.4 on CentOS 6, it will take some effort.
In this article, let's take a look at the configuration of Apache Httpd 2.2. The rest will be introduced later.
The Programming Environment of httpd in CentOS 6
configuration file
/etc/httpd/conf/httpd.conf
/etc/httpd/conf.d/*.conf
Check for syntax errors in the modified configuration file
httpd –t service httpd configtest
httpd service script
/etc/rc.d/init.d/httpd
Configuration files for httpd service scripts
/etc/sysconfig/httpd
Service Control and Startup
chkconfig httpd on|off
service {start|stop|restart|status|configtest|reload} httpd
Document Root Directory of Website Pages
/var/www/html
Module file path
/etc/httpd/modules /usr/lib64/httpd/modules
Main program file
/usr/sbin/httpd
/usr/sbin/httpd.worker
/usr/sbin/httpd.event
Main process file
/etc/httpd/run/httpd.pid
Log File Directory
/var/log/httpd access_log: Access log error_log: Error log
Help Document Pack
httpd-manual
Composition of httpd configuration file
# As you can see from the following command, the configuration file consists of the following three parts.
[root@centos6 ~]$grep "Section" /etc/httpd/conf/httpd.conf
### Section 1: Global Environment
### Section 2: 'Main' server configuration
### Section 3: Virtual Hosts
Configuration format
# Instruction value
directive value
directive: Instructions, case-insensitive
value: Whether a value is case-sensitive when it is a path depends on the file system.
All of the above can be viewed in rpm-ql httpd.
Having learned the basic information above, let's start the httpd service.
root@centos6 ~]$service httpd start
Starting httpd: httpd: apr_sockaddr_info_get() failed for centos6.pojun.tech
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[ OK ]
From the information above, we can see that there are two small problems. Now let's solve these two small problems. From the description of the problem, we can see that HTTPD service can not specify the name of the server host, and it is better to specify it with 127.0.0.1.
Let's modify the file / etc/httpd/conf/httpd.conf.
In this way, when you restart, there will be no problem hints.
Common configurations of httpd 2.2
The configuration information mentioned here is located at / etc/httpd/conf/httpd.conf
1. Display version information of server
Displaying the version information of the server means that in our daily work, we may use some means to obtain the server information of some network segments. If the information of our HTTP server is completely exposed to a strange user, it will greatly lead to the security risk of the server.
Below is the server information that we get to Microsoft through tools. Under the Tucao, Microsoft even uses other people's servers.
Here is the information about my local Http 2.2 server
[root@centos6 ~]$curl -I 172.18.2.66
HTTP/1.1 200 OK
Date: Tue, 26 Sep 2017 09:22:39 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 25 Sep 2017 07:28:24 GMT
ETag: "320951-0-559fe80fa6ca6"
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=UTF-8
Here we can see that not only the version of the server is exposed, but also the information of the operating system. Next, we will introduce the Httpd server display information settings.
_Configuration using Server Tokens Major | Minor | Min [imal] | Prod [Product Only] | OS | Full.
# Show only product name
ServerTokens Prod[uctOnly] : Server: Apache
# Display large version number
ServerTokens Major: Server: Apache/2
# Display minor version number
ServerTokens Minor: Server: Apache/2.2
# Display the exact version number
ServerTokens Min[imal]: Server: Apache/2.2.15
# display system
ServerTokens OS: Server: Apache/2.2.15 (CentOS)
#All show.
ServerTokens Full (or not specified): Server: Apache/2.0.41
(Unix) PHP/4.2.2 MyMod/1.2
Generally speaking, prod is recommended. The less information is exposed, the more secure it is.
2. Modifying IP and PORT for listening
The configuration format is Listen [IP:]PORT
- IP is omitted as 0.0.0;
- At least one Listen instruction can be repeated many times
- Modify the monitor socket and restart the service process before it takes effect
3. Persistent connection
_Persistent Connection: Connections are established, each resource will not be disconnected after the completion of acquisition, but continue to wait for other requests to complete, the default closure of persistent connections.
Conditions for disconnecting a persistent connection:
- Quantitative Limitation: Assume 100
- Time limit: HTTPD-2.4 supports milliseconds in seconds.
Side effects: For servers with large concurrent access, the persistent connection function will use some requests that are not responded to
Solution: Use a shorter durable connection time.
4. MPM (Multi-Processing Module) Multiprocessing Module
httpd 2.2 provides three different types of multiprocessing modules. Prefork, worker, event (experimental stage).
To specify the appropriate processing module, modify the / etc/sysconfig/httpd file.
Each multiprocessing module is configured to open / etc/httpd/conf/httpd.conf
Configuration information of prefork module
The meaning of the parameters is shown below.
- StartServers: The default number of processes at the start of the service
- MinSpare Servers: Minimum number of processes
- MaxSpareServers: Maximum number of idle processes
- Server Limit: Maximum number of processes, maximum 20,000
- MaxClients: Maximum concurrency
- MaxRequestsPerChild: The maximum number of requests that a subprocess can handle. After processing MaxRequestsPerChild requests, the child process will be terminated by the parent process, at which time the memory occupied by the child process will be released (never released at 0).
Configuration information of worker module
The meaning of the parameters is shown below.
- StartServers: The default number of processes at the start of the service
- MaxClients: Maximum concurrency
- MinSpareThreads: The minimum number of idle threads, below which the system will immediately start a new process
- MaxSpareThreads: Maximum number of idle threads, which may conflict with the StartServers value
- ThreadPerChild: Number of threads supported by each process, because this value causes conflicts between StartServers and MaxSpareThreads values.
- MaxRequestsPerChild: The maximum number of requests that a subprocess can handle. After processing MaxRequestsPerChild requests, the child process will be terminated by the parent process, at which time the memory occupied by the child process will be released (never released at 0).
5. DSO: Dynamic Shared Object Dynamic Module Configuration
_Use the httpd-M command to view the dynamic modules currently loaded.
Configuration specifies the implementation module loading format: LoadModule < mod_name > < mod_path >
Module file paths can use relative paths: ServerRoot is specified in the / etc/httpd/conf/httpd.conf file relative to ServerRoot (default / etc/httpd)
For example, auth_basic_module/mod_auth_basic.so is the module that specifies that the user needs to provide authentication when accessing the server.
6. Define the Document Page Path of'Main'server
The so-called default home page means that when we access it only through domain name, the system will jump to a page by default. This page is the default home page, so the default home page path can be set here.
The path that DocumentRoot points to is the starting position of the URL path
7. Define the main page of the site
The home page of the site is what we call the default home page.
8. Common mechanisms of site access control
There are two kinds of access control mechanisms: client source address and user account.
- Path Control Based on File System
<Directory "/path">
...
</Directory>
<File "/path/file">
...
</File>
<FileMatch "PATTERN">
...
</FileMatch>
- URL-based path control
<Location "">
...
</Location>
<LocationMatch "">
...
</LocationMatch>
9. <Directory> Access Control Based on Source Address
- Options: A list of options separated by one or more blank characters is followed. Pre-election +,- Represents adding or deleting specified options.
- Indexes: designative URL When there is no resource file in the path that matches the defined home page resource, the index list is returned to the user.
- FollowSymLinks: Allow access to source files pointed to by symbolically linked files
- None: Disable All
- All: All permissible
- AllowOverride: Which instructions related to access control can be placed in a specified directory.htaccess(from AccessFileName In a specified) file, the previous configuration instructions are overwritten and valid only for statements.
- AllowOverride All: All instructions are valid
- AllowOverride None: .htaccess Invalid files such as AllowOverride AuthConfig Indexes except AuthConfig and Indexes Other instructions cannot be overwritten
- order and allow,deny:
- order: Define the order of validity; write down the default rule
Order allow,deny
Order deny,allow
Allow from, Deny from
Here are some examples
<Directory /web/docs>
Options Indexes Allow to view indexes
</Directory>
<Directory /web/docs/spec>
Options FollowSymLinks Allow access to connections
</Directory>
<files "*.txt">
order deny,allow
deny from 172.16. 100.100
allow from 172.16
</files>
<files "*.txt">
order allow,deny
deny from 172.16.100.100
allow from 172.16
</files>
10. Log Settings
There are two types of access logs, error logs.
Error log
loglevel optional values: debug, info, notice, warn,errorcrit, alert, emerg
Access log
Define the format of the log
Use of logs
- % h Client IP Address
- % l For remote users, mod_ident ity is enabled to be valid, usually a minus sign "-"
- % u authentication (basic, digest) remote user, a minus sign for non-login access -"
- % The time when the t server receives the request
- % R First line of request, which means the first line of the request message, records the "method", "URL" and protocol version of the request.
- %> s response state code
- % b The size of the response message in bytes; excluding the header of the response message http
- % {Referer}i requests the value of the first "referer" in the message; that is, from which page the hyperlink jumps to the current page
- % The value of the first "User-Agent" in the {User-Agent}i request message; that is, the application that made the request
11. Setting the default character set
Set the default character set of the server. Usually UTF-8 is used. This is an international universal character set.
12. Define path aliases
Format: Alias/URL/"/PATH/"
After the alias is set, when we access through the url, the server automatically points the resource path to the location indicated by the alias.
For example, http://127.0.0.1/icons/ =>/var/www/icons/
13. User-based access control
Authentication Question: WWW-Authenticate: Response Code 401, Deny Client Request, and Explain Request Client to Provide Account and Password
Authorization: The client user fills in the account number and password and sends the request message again; when the authentication passes, the server sends the response.
There are two ways of resource authentication:
- Basic (plain text)
- digest (message digest authentication, poor compatibility)
Security Domain: A path that can be accessed only after user authentication is required; it should be identified by name in order to inform the user of the reason for authentication.
User's account and password:
- Virtual Account: Authentication Identity Only Used to Access a Service
- Storage: Text file, SQL database, ldap directory storage, nis, etc.
(1) Examples of authentication configuration based on basic
1. Define the security domain
Create a new configuration file ending with. conf and place it in / etc/httpd/conf.d / directory.
This directory is the path to the custom configuration file. / etc/httpd / is the Server Root we mentioned earlier
<Directory "/path">
Options None
AllowOverride None
AuthType Basic # Ways of validation
AuthName "String" # Verification prompt information
AuthUserFile "/PATH/HTTPD_USER_PASSWD_FILE" #Password File Storage Path
Require user username1 username2 ... # Input User Name
</Directory>
2. Provide account and password storage (text file), use special commands to complete the creation of such files and user management.
# / PATH/HTTPD_PASSWD_FILE This path has been specified in the previous configuration
htpasswd [options] /PATH/HTTPD_PASSWD_FILE username
-c: Automatically create files, only when files do not exist
-m: md5 Format encryption
-s: sha Format encryption
-D: Delete the specified user
(2) Group-based authentication configuration
1. Define the security domain
<Directory "/path">
AuthType Basic
AuthName "String"
AuthUserFile "/PATH/HTTPD_USER_PASSWD_FILE"
AuthGroupFile "/PATH/HTTPD_GROUP_FILE"
Require group grpname1 grpname2 ...
</Directory>
2. Create user account and group file, group file: each line defines a group
Group-based authentication configuration example
<Directory "/www/htdocs/admin">
Options None
AllowOverride None
AuthType Basic
AuthName "Administator private"
AuthUserFile "/etc/httpd/conf.d/.htpasswd"
AuthGroupFile "/etc/httpd/conf.d/.htgroup"
Require group webadmins
</Directory>
vim /etc/httpd/conf.d/.htgroup
webadmins:hehe haha
14. Virtual Host
(1) ip-based: prepare at least one IP address for each virtual host
IP-based control
<VirtualHost 172.16.100.6:80>
ServerName www.a.com
DocumentRoot "/www/a.com/htdocs"
</VirtualHost>
<VirtualHost 172.16.100.7:80>
ServerName www.b.net
DocumentRoot "/www/b.net/htdocs"
</VirtualHost>
<VirtualHost 172.16.100.8:80>
ServerName www.c.org
DocumentRoot "/www/c.org/htdocs"
</VirtualHost>
(2) Port-based: Use at least one separate port for each virtual host
Port-based configuration allows different ports to be monitored for a host, but it is important to note that the listen port number must be added before the configuration file.
# If these two listen s are not added, the port-based configuration will not work because they are not monitored.
listen 808
listen 8080
<VirtualHost 172.16.100.6:80>
ServerName www.a.com
DocumentRoot "/www/a.com/htdocs"
</VirtualHost>
<VirtualHost 172.16.100.6:808>
ServerName www.b.net
DocumentRoot "/www/b.net/htdocs"
</VirtualHost>
<VirtualHost 172.16.100.6:8080>
ServerName www.c.org
DocumentRoot "/www/c.org/htdocs"
</VirtualHost>
(3) Based on FQDN: Use at least one FQDN for each virtual host
Domain name-based virtual host. It's very important to add NameVirtualHost *:80 If you want to use this method. If you don't add shares, there is no effect.
# This sentence must be added.
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.a.com
DocumentRoot "/www/a.com/htdocs"
</VirtualHost>
<VirtualHost *:80>
ServerName www.b.net
DocumentRoot "/www/b.net/htdocs"
</VirtualHost>
<VirtualHost *:80>
ServerName www.c.org
DocumentRoot "/www/c.org/htdocs"
</VirtualHost>
Summarize the configuration method of virtual host
The configuration method structure of the virtual host is as follows. It is recommended that the configuration be stored in a separate configuration file.
<VirtualHost IP:PORT>
ServerName FQDN
DocumentRoot "/path"
</VirtualHost>
Other available instructions:
ServerAlias: Alias for virtual hosts; can be used multiple times
ErrorLog: Error log
CustomLog: Access log
<Directory "/path">
</Directory>
Alias
15. status page
The status page is compiled in a dynamic module, and if you want to use this function, you need to add the dynamic module to the configuration file.
# If the following line is commented out, be sure to remove the comment.
# If there is no module, add it manually
LoadModule status_module modules/mod_status.so
<Location /server-status>
SetHandler server-status
Order allow,deny
Allow from 172.16
</Location>
ExtendedStatus On Display extended information
The successful status page is shown in the following figure
After the above configurations, we have a general understanding of the basic settings of Apache httpd 2.2. If you want a detailed configuration, you can refer to Apache's official documentation. http://httpd.apache.org/docs/2.2/ If you have any questions, please leave a message.