模块的做用如下: mod_access 提供基于主机的访问控制命令 mod_actions 能够运行基于MIME类型的CGI脚本或HTTP请求方法 mod_alias 能执行URL重定向服务 mod_asis 使文档能在没有HTTP头标的情况下被发送到客户端 mod_auth 支持使用存储在文本文件中的用户名、口令实现认证 mod_auth_dbm 支持使用DBM文件存储基本HTTP认证 mod_auth_mysql 支持使用MySQL数据库实现基本HTTP认证 mod_auth_anon 允许以匿名方式访问需要认证的区域 mod_auth_external支持使用第三方认证 mod_autoindex 当缺少索引文件时,自动生成动态目录列表 mod_cern_meta 提供对元信息的支持 mod_cgi 支持CGI mod_dir 能够重定向任何对不包括尾部斜杠字符命令的请求 mod_env 使你能够将环境变量传递给CGI或SSI脚本 mod_expires 让你确定Apache在服务器响应请求时如何处理Expires mod_headers 能够操作HTTP应答头标 mod_imap 提供图形映射支持 mod_include 使支持SSI mod_info 对服务器配置提供了全面的描述 mod_log_agent 允许在单独的日志文件中存储用户代理的信息 mod_log_config 支持记录日志 mod_log_referer 提供了将请求中的Referer头标写入日志的功能 mod_mime 用来向客户端提供有关文档的元信息 mod_negotiation 提供了对内容协商的支持 mod_setenvif 使你能够创建定制环境变量 mod_speling 使你能够处理含有拼写错误或大小写错误的URL请求 mod_status 允许管理员通过WEB管理Apache mod_unique_id 为每个请求提供在非常特殊的条件下保证是唯一的标识
常用模块
LoadModule dir_module modules/mod_dir.so LoadModule mime_module modules/mod_mime.so LoadModule expires_module modules/mod_expires.so LoadModule config_log_module modules/mod_log_config.so LoadModule alias_module modules/mod_alias.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule access_module modules/mod_access.so LoadModule auth_module modules/mod_auth.so
48.2.1. Output a list of modules compiled into the server.
This will not list dynamically loaded modules included using the LoadModule directive.
[root@development bin]# httpd -l Compiled in modules: core.c worker.c http_core.c mod_so.c
48.2.2. Core
48.2.2.1. Listen
绑定多个IP
#Listen 80 Listen 192.168.3.40:80 Listen 192.168.4.40:80 Listen 192.168.5.40:80
48.2.2.2. Filesystem and Webspace
ref: http://httpd.apache.org/docs/2.2/en/sections.html
Filesystem Containers
<Directory /var/web/dir1> Options +Indexes </Directory> <Files private.html> Order allow,deny Deny from all </Files> <Directory /var/web/dir1> <Files private.html> Order allow,deny Deny from all </Files> </Directory>
Webspace Containers
<LocationMatch ^/private> Order Allow,Deny Deny from all </LocationMatch>
Wildcards and Regular Expressions
A non-regex wildcard section that changes the configuration of all user directories could look as follows: <Directory /home/*/public_html> Options Indexes </Directory> Using regex sections, we can deny access to many types of image files at once: <FilesMatch \.(?i:gif|jpe?g|png)$> Order allow,deny Deny from all </FilesMatch>
48.2.2.2.1. Options
<DirectoryMatch (/var/www/logs|/var/www/logs/*)> Options FollowSymLinks MultiViews Indexes DirectoryIndex index.html AllowOverride AuthConfig Order Allow,Deny Allow From All AuthName "Logs Access" AuthType Basic AuthUserFile /etc/nagios3/htpasswd.users require valid-user </DirectoryMatch>
- None是禁止所有
- Indexes 当没有index.html 的时候列出目录
- FollowSymLinks 允许符号连接,可以通过符号连接跨越DocumentRoot
- AllowOverride 定义是否允许各个目录用目录中的.htaccess覆盖这里设定的Options
48.2.2.3. Etag
<Directory /www> <Files ~ "\.(gif|jpe?g|png|html|css|js)$"> FileETag INode MTime Size </Files> </Directory>
48.2.2.4. 隐藏 Apache 版本信息
ServerTokens ProductOnly ServerSignature Off
48.2.3. mpm
48.2.3.1. event
ThreadLimit 需要自行添加
ServerLimit 需要自行添加
<IfModule mpm_event_module> ThreadLimit 256 ServerLimit 4096 StartServers 4 MinSpareThreads 75 MaxSpareThreads 250 ThreadsPerChild 128 MaxRequestWorkers 4096 MaxConnectionsPerChild 0 </IfModule>
48.2.3.2. worker
worker
# Server-pool management (MPM specific) Include conf/extra/httpd-mpm.conf
conf/extra/httpd-mpm.conf
mpm_worker_module
<IfModule mpm_worker_module> ServerLimit 16 ThreadLimit 128 StartServers 8 MaxClients 2048 MinSpareThreads 64 MaxSpareThreads 128 ThreadsPerChild 128 MaxRequestsPerChild 10000 </IfModule> <IfModule mpm_worker_module> ServerLimit 24 ThreadLimit 128 StartServers 8 MaxClients 3072 MinSpareThreads 64 MaxSpareThreads 128 ThreadsPerChild 128 MaxRequestsPerChild 10000 </IfModule> <IfModule mpm_worker_module> ServerLimit 16 ThreadLimit 256 StartServers 8 MaxClients 4096 MinSpareThreads 64 MaxSpareThreads 256 ThreadsPerChild 256 MaxRequestsPerChild 10000 </IfModule>
ServerLimit 默认是16,它决定系统最多启动几个httpd进程。 ThreadLimit 默认是64, ThreadsPerChild* ServerLimit=系统支持的最大并发。 MaxClients<ThreadsPerChild* ServerLimit,MaxClients如果大于400将被限制在400. 400只是理论最大并发,实际并发就是MaxClients的值。 理论并发有什么用我不知道。 指令说明: StartServers:设置服务器启动时建立的子进程数量。因为子进程数量动态的取决于负载的轻重,所有一般没有必要调整这个参数。 ServerLimit:服务器允许配置的进程数上限。只有在你需要将MaxClients和ThreadsPerChild设置成需要超过默认值16个子进程的时候才需要使用这个指令。不要将该指令的值设置的比MaxClients 和ThreadsPerChild需要的子进程数量高。修改此指令的值必须完全停止服务后再启动才能生效,以restart方式重启动将不会生效。 ThreadLimit:设置每个子进程可配置的线程数ThreadsPerChild上限,该指令的值应当和ThreadsPerChild可能达到的最大值保持一致。修改此指令的值必须完全停止服务后再启动才能生效,以restart方式重启动将不会生效。 MaxClients:用于伺服客户端请求的最大接入请求数量(最大线程数)。任何超过MaxClients限制的请求都将进入等候队列。默认值是"400",16 (ServerLimit)乘以25(ThreadsPerChild)的结果。因此要增加MaxClients的时候,你必须同时增加 ServerLimit的值。笔者建议将初始值设为(以Mb为单位的最大物理内存/2),然后根据负载情况进行动态调整。比如一台4G内存的机器,那么初始值就是4000/2=2000。 MinSpareThreads:最小空闲线程数,默认值是"75"。这个MPM将基于整个服务器监视空闲线程数。如果服务器中总的空闲线程数太少,子进程将产生新的空闲线程。 MaxSpareThreads:设置最大空闲线程数。默认值是"250"。这个MPM将基于整个服务器监视空闲线程数。如果服务器中总的空闲线程数太多,子进程将杀死多余的空闲线程。MaxSpareThreads的取值范围是有限制的。Apache将按照如下限制自动修正你设置的值:worker要求其大于等于 MinSpareThreads加上ThreadsPerChild的和。 ThreadsPerChild:每个子进程建立的线程数。默认值是25。子进程在启动时建立这些线程后就不再建立新的线程了。每个子进程所拥有的所有线程的总数要足够大,以便可以处理可能的请求高峰。 MaxRequestsPerChild:设置每个子进程在其生存期内允许伺服的最大请求数量。到达MaxRequestsPerChild的限制后,子进程将会结束。如果MaxRequestsPerChild为"0",子进程将永远不会结束。将MaxRequestsPerChild设置成非零值有两个好处:可以防止(偶然的)内存泄漏无限进行而耗尽内存; 给进程一个有限寿命,从而有助于当服务器负载减轻的时候减少活动进程的数量。 如果设置为非零值,笔者建议设为10000-30000之间的一个值。 公式: ThreadLimit >= ThreadsPerChild MaxClients <= ServerLimit * ThreadsPerChild 必须是ThreadsPerChild的倍数 MaxSpareThreads >= MinSpareThreads+ThreadsPerChild
48.2.4. Apache Log
48.2.4.1. LogLevel
日志级别
语法:LogLevel level
可以选择下列level,依照重要性降序排列: emerg 紧急(系统无法使用) alert 必须立即采取措施 crit 致命情况 error 错误情况 warn 警告情况 notice 一般重要情况 info 普通信息 debug 调试信息
LogLevel crit
48.2.4.2. LogFormat
分割log日志文件
<IfModule log_config_module> # # The following directives define some format nicknames for use with # a CustomLog directive (see below). # #LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{email}C %{nickname}C" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module> # You need to enable mod_logio.c to use %I and %O LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> # # The location and format of the access logfile (Common Logfile Format). # If you do not define any access logfiles within a <VirtualHost> # container, they will be logged here. Contrariwise, if you *do* # define per-<VirtualHost> access logfiles, transactions will be # logged therein and *not* in this file. # #CustomLog logs/access_log common # # If you prefer a logfile with access, agent, and referer information # (Combined Logfile Format) you can use the following directive. # CustomLog logs/access_log combined #CookieLog logs/cookie_log </IfModule>
48.2.4.3. Compressed
# compressed logs $ CustomLog "|/usr/bin/gzip -c >> /var/log/access_log.gz" common
48.2.4.4. rotatelogs - Piped logging program to rotate Apache logs
rotatelogs是一个配合Apache管道日志功能使用的简单程序。举例:
rotatelogs logfile [ rotationtime [ offset ]] | [ filesizeM ] 选项 logfile 它加上基准名就是日志文件名。如果logfile中包含’%',则它会被视为用于的strftime(3)的格式字串;否则,它会被自动加上以秒为单位的.nnnnnnnnnn后缀。这两种格式都表示新的日志开始使用的时间。 rotationtime 日志文件回卷的以秒为单位的间隔时间 offset 相对于UTC的时差的分钟数。如果省略,则假定为0,并使用UTC时间。比如,要指定UTC时差为-5小时的地区的当地时间,则此参数应为-300。 filesizeM 指定回卷时以兆字节为单位的后缀字母M的文件大小,而不是指定回卷时间或时差。 下列日志文件格式字串可以为所有的strftime(3)实现所支持,见各种扩展库对应的strftime(3)的手册。 %A 星期名全称(本地的) %a 3个字符的星期名(本地的) %B 月份名的全称(本地的) %b 3个字符的月份名(本地的) %c 日期和时间(本地的) %d 2位数的一个月中的日期数 %H 2位数的小时数(24小时制) %I 2位数的小时数(12小时制) %j 3位数的一年中的日期数 %M 2位数的分钟数 %m 2位数的月份数 %p am/pm 12小时制的上下午(本地的) %S 2位数的秒数 %U 2位数的一年中的星期数(星期天为一周的第一天) %W 2位数的一年中的星期数(星期一为一周的第一天) %w 1位数的星期几(星期天为一周的第一天) %X 时间 (本地的) %x 日期 (本地的) %Y 4位数的年份 CustomLog "|bin/rotatelogs /var/logs/logfile 86400" common 此配置会建立文件"/var/logs/logfile.nnnn",其中的nnnn是名义上的日志启动时的系统时间(此时间总是滚动时间的倍数,可以用于cron脚本的同步)。在滚动时间到达时(在此例中是24小时以后),会产生一个新的日志。 CustomLog "|bin/rotatelogs /var/logs/logfile 5M" common 此配置会在日志文件大小增长到5兆字节时滚动该日志。 ErrorLog "|bin/rotatelogs /var/logs/errorlog.%Y-%m-%d-%H_%M_%S 5M" 此配置会在错误日志大小增长到5兆字节时滚动该日志,日志文件名后缀会按照如下格式创建:errorlog.YYYY-mm-dd-HH_MM_SS ErrorLog "| /usr/local/apache/bin/rotatelogs /www/logs/www.example.com/error_%Y_%m_%d_log 86400 480" CustomLog "| /usr/local/apache/bin/rotatelogs /www/logs/www.example.com/access_%Y_%m_%d_log 86400 480" common CustomLog "|/usr/local/httpd/bin/rotatelogs /www/logs/www.example.com/access.%Y-%m-%d.log 86400 480" combined
86400:表示 24小时 60*60*24
480: 表示时区偏移 8 时区等于 60*8
48.2.4.5. cronolog
cronolog
cd /usr/local/src/ wget http://cronolog.org/download/cronolog-1.6.2.tar.gz tar zxvf cronolog-1.6.2.tar.gz cd cronolog-1.6.2 ./configure --prefix=/usr/local/cronolog make make install
CustomLog "|/usr/local/cronolog/sbin/cronolog /opt/apache/logs/access_log.%Y%m%d" combined
48.2.4.6. 日志合并
合并多个服务器的日志文件(如log1、log2、log3),并输出到log_all中的方法是:
$ sort -m -t " " -k 4 -o log_all log1 log2 log3
48.2.4.7. 日志归档
30 4 * * * /usr/bin/gzip -f /www/logs/access.`date -d yesterday +%Y-%m-%d`.log
48.2.4.8. logger
https://www.sit.auckland.ac.nz/Logging_to_syslog_with_Apache
Logging to syslog with Apache First you will need to install syslog-ng. This is the logging server that will send the log data to the syslog box. apt-get update && apt-get install syslog-ng syslog-ng uses a socket device to accept data from apache or whatever program is creating the logs. Use the configuration here: Syslog-ng default config. The first part indicates what the socket will be called and where it will live. The second part tells syslog-ng where to send the collected data. The restart syslog-ng (/etc/init.d/syslog-ng restart)l. Configure apache's logging Add these directives to send apache's logs via a socket to syslog CustomLog "|/usr/bin/logger -s -t 'monitor.cs.auckland.ac.nz' -p info -u /var/log/apache_log.socket" Combined ErrorLog "|/usr/bin/logger -s -t 'monitor.cs.auckland.ac.nz' -p err -u /var/log/apache_log.socket" Apache will then use the logger program to send data to syslog. /var/log/apache_log.socket refers to the device that syslog-ng has created. Data sent to this device is sent over the network to the main syslog box. Troubleshooting It seems that apache 2.0.54-5 does not like logging to a file and to a process at the same time. In this case log entries will become re-ordered or missed out. You can use the test scripts below to check if this is happening. Testing Here are some useful scripts that can help with testing to make sure the logging is working as expected. You can simulate http accesses using lynx with this command: watch lynx -source http://monitor.cs.auckland.ac.nz/ Which will make a http request every two seconds. Or, for a better test: for i in `seq 1 100`; do lynx -source http://monitor.cs.auckland.ac.nz/$i;sleep 3;done The result of this test is a sequence of log entires from 1 to 100. If entries are missing or in the wrong order, you know there is a problem.
48.2.4.9. other
CustomLog "|/usr/bin/your_script" Combined ErrorLog "|/usr/bin/your_script"
48.2.5. mod_access
<Directory /www> Order Allow,Deny </Directory> <Directory /www> Order Deny,Allow Deny from all Allow from apache.org </Directory> <Directory /www> Order Allow,Deny Allow from apache.org Deny from foo.apache.org </Directory>
A (partial) domain-name Example: Allow from apache.org A full IP address Example: Allow from 10.1.2.3 A partial IP address Example: Allow from 10.1 A network/netmask pair Example: Allow from 10.1.0.0/255.255.0.0 A network/nnn CIDR specification Example: Allow from 10.1.0.0/16
<DirectoryMatch (/usr/share/nagios3/htdocs|/usr/lib/cgi-bin/nagios3|/etc/nagios3/stylesheets)> Options FollowSymLinks DirectoryIndex index.html AllowOverride AuthConfig Order Allow,Deny Allow From All AuthName "Nagios Access" AuthType Basic AuthUserFile /etc/nagios3/htpasswd.users # nagios 1.x: #AuthUserFile /etc/nagios/htpasswd.users require valid-user </DirectoryMatch>
Apache httpd 2.4.x
<Directory "/www/www.example.com"> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory>
48.2.6. VirtualHost
conf/extra/httpd-vhosts.conf
or
/etc/httpd/conf.d/vhost.conf
NameVirtualHost *:80 <VirtualHost *:80> ServerAdmin webmaster@dummy-host.example.com DocumentRoot "/usr/local/httpd-2.2.14/docs/dummy-host.example.com" ServerName dummy-host.example.com ServerAlias www.dummy-host.example.com ErrorLog "logs/dummy-host.example.com-error_log" CustomLog "logs/dummy-host.example.com-access_log" common </VirtualHost>
48.2.6.1. ServerName/ServerAlias
ServerName dummy-host.example.com ServerAlias www.dummy-host.example.com
48.2.6.2. rotatelogs
CustomLog "|/usr/local/httpd/bin/rotatelogs /www/logs/www.example.com/access.%Y-%m-%d.log 86400 480" combined ErrorLog "|/usr/local/httpd/bin/rotatelogs /www/logs/www.example.com/error.%Y-%m-%d.log 86400 480"
48.2.7. Alias / AliasMatch
Alias /image /ftp/pub/image AliasMatch ^/icons(.*) /usr/local/apache/icons$1
cat /etc/httpd/conf.d/logs.conf Alias /logs "/www/logs" <Directory "/www/logs"> Options FollowSymLinks MultiViews Indexes AllowOverride None Order allow,deny Allow from all # Order deny,allow # Deny from all # Allow from 127.0.0.1 # AuthName "Logs Access" # AuthType Basic # AuthUserFile /etc/httpd/htpasswd.users # Require valid-user </Directory>
48.2.8. Redirect / RedirectMatch
Redirect
Redirect /service http://foo2.example.com/service Redirect permanent /one http://example.com/two Redirect 303 /three http://example.com/other
RedirectMatch
RedirectMatch (.*)\.gif$ http://www.domain.com$1.jpg
<VirtualHost *:80> ServerName www.old.com DocumentRoot /path/to/htdocs ...... <Directory "/path/to/htdocs"> RedirectMatch ^/(.*)$ http://www.new.com/$1 </Directory> </VirtualHost>
48.2.9. Rewrite
Rewrite 需要 AllowOverride All
<Directory "/www"> # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.2/mod/core.html#options # for more information. # Options Indexes FollowSymLinks # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # #AllowOverride None AllowOverride All # # Controls who can get stuff from this server. # Order allow,deny Allow from all </Directory>
48.2.9.1. R=301
RewriteEngine on RewriteCond %{HTTP_HOST} ^x.x.x.x [NC] RewriteRule ^/(.*)$ http://www.example.com/$1 [L,R=301]
例 48.3. R=301
<VirtualHost *:80> ServerAdmin webmaster@example.com ServerName www.example.com ServerAlias www.second.com RewriteEngine On RewriteCond %{HTTP_HOST} ^www.example.com [NC] RewriteRule ^/(.*)$ http://www.other.com/$1 [L,R=301] RewriteCond %{HTTP_HOST} ^www.second.com [NC] RewriteRule ^/(.*)$ http://www.other.com/$1 [L,R=301] </VirtualHost>
48.2.9.2. Rewrite + JkMount
JkMount 与 Rewrite 同时使用时
RewriteRule ^/communtiy/top/(.*)$ /community.do?method=activeContent&id=$1 [PT]
后面用[PT]
48.2.9.3. Apache redirect domain.com to www.domain.com
$ vi .htaccess RewriteEngine on RewriteCond %{HTTP_HOST} ^domain\.com RewriteRule ^(.*)$ http://www.domain.com/$1 [R=permanent,L]
48.2.9.4. 正则匹配扩展名
<VirtualHost *:80> ServerAdmin webmaster@example.com DocumentRoot "/www/www.example.com/images" ServerName images.example.com RewriteEngine On RewriteRule ^(.+)(jpg|gif|bmp|jpeg|ico|png|css)$ http://images.other.com/$1$2 [R] ErrorLog "logs/images.example.com-error.log" </VirtualHost>
<VirtualHost *:80> ServerAdmin webmaster@example.com ServerName images.example.com RewriteEngine On RewriteCond %{HTTP_HOST} ^images.example.com [NC] RewriteRule ^/(.*) http://images.other.com/$1 [L] CustomLog "|/usr/local/httpd/bin/rotatelogs /www/logs/images/access.%Y-%m-%d.log 100M" common </VirtualHost>
48.2.10. Proxy
ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass / http://your.domain.com:8080/ ProxyPassReverse / http://your.domain.com:8080/
48.2.10.1. Reverse proxy
/etc/httpd/conf.d/rails.conf
Listen 8080 ProxyRequests Off <Proxy balancer://cluster> BalancerMember http://127.0.0.1:3001 BalancerMember http://127.0.0.1:3002 BalancerMember http://127.0.0.1:3003 BalancerMember http://127.0.0.1:3004 BalancerMember http://127.0.0.1:3005 </Proxy> <VirtualHost *:8080> ServerName www.example.com:8080 DocumentRoot /var/www/project/public ProxyPass /images ! ProxyPass /stylesheets ! ProxyPass /javascripts ! ProxyPass / balancer://cluster/ ProxyPassReverse / balancer://cluster/ ProxyPreserveHost on </VirtualHost>
48.2.11. Deflate
mod_deflate
httpd.conf中中加入下列语句:
<IfModule mod_deflate.c> SetOutputFilter DEFLATE DeflateCompressionLevel 9 AddOutputFilterByType DEFLATE text/html text/plain text/xml application/x-httpd-php AddOutputFilter DEFLATE txt css js SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary DeflateFilterNote Input input_info DeflateFilterNote Output output_info DeflateFilterNote Ratio ratio_info LogFormat '"%r" %{output_info}n/%{input_info}n (%{ratio_info}n%%)' deflate CustomLog logs/deflate_log.log deflate </IfModule>
对目录/usr/local/apache/htdocs有效
<Directory "/usr/local/apache/htdocs"> AllowOverride None Options None Order allow,deny Allow from all SetOutputFilter DEFLATE DeflateCompressionLevel 9 AddOutputFilterByType DEFLATE text/html text/plain text/xml application/x-httpd-php AddOutputFilter DEFLATE txt css js SetEnvIfNoCase Request_URI \ \.(?:gif|jpe?g|png)$ no-gzip dont-vary </Directory>
<Location /> AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript AddOutputFilterByType DEFLATE application/javascript application/x-javascript application/x-httpd-php AddOutputFilter DEFLATE txt css js SetOutputFilter DEFLATE </Location>
Log定义
DeflateFilterNote Input instream # 未压缩前 DeflateFilterNote Output outstream # 压缩后 DeflateFilterNote Ratio ratio # 百分比 LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate # 格式定义 CustomLog logs/deflate_log.log deflate # 日志位置 CustomLog "|/usr/local/httpd/bin/rotatelogs /www/logs/deflate.%Y-%m-%d.log 86400 480" deflate # 分割日志位置
48.2.11.1. 测试 gzip,deflate 模块
telnet www.bg7nyt.cn 80
GET /index.html HTTP/1.0 Host: www.bg7nyt.cn Accept-Encoding: gzip,deflate
你看到的是乱码,而不是HTML.
curl -H Accept-Encoding:gzip,defalte http://www.example.com/index.html | gunzip
gunzip 可以解压压缩内容
48.2.12. Expires
ExpiresActive On ExpiresByType image/gif "access plus 1 month" ExpiresByType image/jpeg "access plus 1 month" ExpiresByType image/x-icon "access plus 1 month" ExpiresByType image/png "access plus 1 month" ExpiresByType text/html "access plus 30 minutes" ExpiresByType text/css "access plus 30 minutes" ExpiresByType text/js "access plus 30 minutes" ExpiresByType application/x-javascript "access plus 30 minutes" ExpiresByType application/x-shockwave-flash "access plus 30 minutes"
48.2.12.1. FilesMatch
<FilesMatch “\.(ico|jpg|jpeg|png|gif|js|css|swf|html|htm|gzip)$”> ExpiresActive on ExpiresDefault “access plus 2 hours” </FilesMatch>
48.2.12.2. Cache-Control
<FilesMatch "\.(gif|jpe?g|png|ico|css|js|swf)$"> Header set Cache-Control “max-age=1800, public” Header set Cache-Control "s-maxage=600" </FilesMatch>
max-age 针对浏览器推送缓存时间
s-maxage 针对代理服务器推送缓存时间
48.2.12.3. ETag
<FilesMatch "\.(gif|jpe?g|png|ico|css|js|swf)$"> FileETag none </FilesMatch> <FilesMatch "\.(gif|jpe?g|png|ico|css|js|swf)$"> FileETag MTime </FilesMatch>
禁用ETag, FileETag none
INode 使用文件i-node 做为 etag
MTime 使用修改时间做为etag
Size 使用文件尺寸做为etag
All 相当于 FileETag INode MTime Size
48.2.13. Cache
htcacheclean -- program for cleaning the disk cache.
48.2.13.1. mod_disk_cache
<IfModule mod_cache.c> CacheDefaultExpire 86400 <ifModule mod_disk_cache.c> CacheEnable disk / CacheRoot /tmp/apacheCache CacheDirLevels 5 CacheDirLength 5 CacheMaxFileSize 1048576 CacheMinFileSize 10 </ifModule mod_disk_cache.c> </IfModule mod_cache.c>
48.2.13.2. mod_mem_cache
<IfModule mod_cache.c> <ifModule mod_mem_cache.c> CacheEnable mem / MCacheMaxObjectCount 20000 MCacheMaxObjectSize 1048576 MCacheMaxStreamingBuffer 65536 MCacheMinObjectSize 10 MCacheRemovalAlgorithm GDSF MCacheSize 131072 </ifModule mod_disk_cache.c> </IfModule mod_cache.c>
48.2.14. usertrack
跟踪用户信息
跟踪用户的cookie,使用log日志文件记录用户的cookie
LoadModule usertrack_module modules/mod_usertrack.so CookieTracking on CookieDomain .example.com CookieExpires "10 years" CookieStyle Cookie LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{cookie}n" combined
48.2.15. Charset
Default charset
AddCharset UTF-8 .html AddType 'text/html; charset=UTF-8' html AddDefaultCharset UTF-8
Files match
<FilesMatch "\.(htm|html|css|js)$"> ForceType 'text/html; charset=UTF-8' </FilesMatch> <FilesMatch "\.(htm|html|css|js)$"> AddDefaultCharset UTF-8 </FilesMatch>
Changing the occasional file
<Files "example.html"> AddCharset UTF-8 .html </Files> <Files "example.html"> ForceType 'text/html; charset=UTF-8' </Files>
48.2.16. Dir
<IfModule dir_module> DirectoryIndex index.html index.php </IfModule>
48.2.17. Includes
<Directory "/www"> Options Indexes FollowSymLinks +Includes </Directory>
<IfModule mime_module> AddType text/html .shtml AddOutputFilter INCLUDES .shtml </IfModule>
48.2.18. Apache Status
开启Apache的status模块,需要修改httpd.conf,增加以下配置段:
ExtendedStatus On <Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from 125.76.229.113 </Location>
http://www.domain.com/server-status
Automatic Updates
http://your.server.name/server-status?refresh=N
http://localhost/server-status?auto
扩展状态,提供更详细的信息
ExtendedStatus On
48.2.19. Mod Perl
ref: http://search.cpan.org/~agrundma/Catalyst-Engine-Apache-1.07/lib/Catalyst/Engine/Apache2/MP20.pm
$ sudo apt-get install libapache2-mod-perl2 $ sudo apt-get install libcatalyst-engine-apache-perl
$ sudo vi /etc/apache2/sites-available/catalyst.conf
例 48.4. mod_perl.conf
PerlSwitches -I/var/www/MyApp/lib # Preload your entire application PerlModule MyApp <VirtualHost 192.168.245.129:80> ServerName 192.168.245.129 DocumentRoot /var/www/MyApp/root <Directory /var/www/MyApp/root> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> # If the server is started as: # httpd -X -D PERLDB # then debugging will be turned on # <IfDefine PERLDB> # PerlRequire conf/db.pl # <Location /> # PerlFixupHandler Apache::DB # </Location> # </IfDefine> <Location /> SetHandler modperl PerlResponseHandler MyApp </Location> Alias /static /var/www/MyApp/root/static <Location /static> SetHandler default-handler </Location> </VirtualHost>
db.pl
use APR::Pool (); use Apache::DB (); Apache::DB->init();
enable site
$ sudo a2ensite mod_perl.conf $ sudo /etc/init.d/apache2 restart
48.2.20. mod_pagespeed -
https://developers.google.com/speed/pagespeed/mod
48.2.21. Module FAQ
[root@srv-2 modules]# /etc/init.d/httpd start Starting httpd: Syntax error on line 358 of /etc/httpd/conf/httpd.conf: Invalid command 'Order', perhaps mis-spelled or defined by a module not included in the server configuration [FAILED] LoadModule access_module /etc/httpd/modules/mod_access.so LoadModule auth_module /etc/httpd/modules/mod_auth.so [root@srv-2 modules]# /etc/init.d/httpd start Starting httpd: Syntax error on line 368 of /etc/httpd/conf/httpd.conf: Invalid command 'UserDir', perhaps mis-spelled or defined by a module not includ ed in the server configuration [FAILED] LoadModule userdir_module /etc/httpd/modules/mod_userdir.so [root@srv-2 modules]# /etc/init.d/httpd start Starting httpd: Syntax error on line 396 of /etc/httpd/conf/httpd.conf: Invalid command 'DirectoryIndex', perhaps mis-spelled or defined by a module not included in the server configuration [FAILED] LoadModule dir_module /etc/httpd/modules/mod_dir.so [root@srv-2 modules]# /etc/init.d/httpd start Starting httpd: Syntax error on line 419 of /etc/httpd/conf/httpd.conf: Invalid command 'TypesConfig', perhaps mis-spelled or defined by a module not in cluded in the server configuration [FAILED] LoadModule mime_module /etc/httpd/modules/mod_mime.so [root@srv-2 modules]# /etc/init.d/httpd start Starting httpd: Syntax error on line 491 of /etc/httpd/conf/httpd.conf: Invalid command 'LogFormat', perhaps mis-spelled or defined by a module not incl uded in the server configuration [FAILED] LoadModule log_config_module /etc/httpd/modules/mod_log_config.so [root@srv-2 modules]# /etc/init.d/httpd start Starting httpd: Syntax error on line 555 of /etc/httpd/conf/httpd.conf: Invalid command 'Alias', perhaps mis-spelled or defined by a module not included in the server configuration [FAILED] LoadModule alias_module /etc/httpd/modules/mod_alias.so [root@srv-2 modules]# /etc/init.d/httpd start Starting httpd: Syntax error on line 582 of /etc/httpd/conf/httpd.conf: Invalid command 'SetEnvIf', perhaps mis-spelled or defined by a module not inclu ded in the server configuration [FAILED] LoadModule setenvif_module /etc/httpd/modules/mod_setenvif.so [root@srv-2 modules]# /etc/init.d/httpd start Starting httpd: Syntax error on line 636 of /etc/httpd/conf/httpd.conf: Invalid command 'IndexOptions', perhaps mis-spelled or defined by a module not i ncluded in the server configuration [FAILED] LoadModule autoindex_module /etc/httpd/modules/mod_autoindex.so [root@srv-2 modules]# /etc/init.d/httpd start Starting httpd: Syntax error on line 784 of /etc/httpd/conf/httpd.conf: Invalid command 'LanguagePriority', perhaps mis-spelled or defined by a module n ot included in the server configuration [FAILED] LoadModule negotiation_module /etc/httpd/modules/mod_negotiation.so [root@srv-2 modules]# /etc/init.d/httpd start Starting httpd: [ OK ] [root@srv-2 modules]#
48.2.22. mod_setenvif
屏蔽爬虫
<directory "/www/example.com"> Order allow,deny Allow from all BrowserMatchNoCase "iaskspider" badguy BrowserMatchNoCase "QihooBot" badguy BrowserMatchNoCase "larbin" badguy BrowserMatchNoCase "iearthworm" badguy BrowserMatchNoCase "Outfoxbot" badguy BrowserMatchNoCase "lanshanbot" badguy BrowserMatchNoCase "Arthur" badguy BrowserMatchNoCase "InfoPath" badguy BrowserMatchNoCase "DigExt" badguy BrowserMatchNoCase "Embedded" badguy BrowserMatchNoCase "EmbeddedWB" badguy BrowserMatchNoCase "Wget" badguy BrowserMatchNoCase "CNCDialer" badguy BrowserMatchNoCase "LWP::Simple" badguy BrowserMatchNoCase "WPS" badguy deny from env=badguy </directory>
屏蔽下载
BrowserMatch "NetAnt" badguy BrowserMatch "GetRight" badguy BrowserMatch "JetCar" badguy BrowserMatch "Mass Downloader" badguy BrowserMatch "ReGet" badguy BrowserMatch "DLExpert" badguy BrowserMatch "FlashGet" badguy BrowserMatch "Offline Explorer" badguy BrowserMatch "Teleport" badguy ........... order deny,allow deny from env=badguy allow from all
48.2.23. PHP 程序安全问题 php_admin_value
php 安全
php_admin_value open_basedir /var/www/htdocs/
<IfModule mod_php5.c> php_value include_path ".:/usr/local/lib/php" php_admin_flag engine on </IfModule> <IfModule mod_php4.c> php_value include_path ".:/usr/local/lib/php" php_admin_flag engine on </IfModule>
48.2.24. mod_spdy
mod_spdy 是用于 Apache HTTP 服务器的 Google SPDY 协议实现模块,
SPDY并不是一种用于替代HTTP的协议,而是对HTTP协议的增强。新协议的功能包括数据流的多路复用、请求优先级,以及HTTP包头压缩。谷歌已经开发一个网络服务器原型机,以及支持SPDY协议的Chrome浏览器版本。
原文出处:Netkiller 系列 手札
本文作者:陈景峯
转载请与作者联系,同时请务必标明文章原始出处和作者信息及本声明。