httpd配置(yum)
Apache和Nginx对比
-
Nginx相对于Apache:
-
高并发响应性能非常好(单台万级并发连接30000-50000/s(简单静态页))
-
反向代理性能非常好(可用于负载均衡)
-
内存和CPU占用率低(为Apache的1/5-1/10)
-
功能较Apache少(常用功能均有)
-
Apache和Nginx总结
-
Apache拥有丰富的模块组件支持,稳定性强,BUG少,动态内容处理强。
-
Nginx轻量级,占用资源少,负载均衡,高并发处理强,静态内容处理高效
中间件介绍
tomcat
weblogic
jboss
php
uwsgi
1.Apache基本配置
<Directory “/var/www/html”> #网站容器开始标识 Options Indexes FollowSymlinks #找不到主业是,以目录的方式呈现,允许链接到网站根目录以外 AllowOverride None #None不使用.htaccess控制,all允许 Require all granted #granted表示运行所有访问,denied表示拒绝所有访问 </Directory>
IP:192.168.1.12
# setenforce 0 # systemctl stop firewalld # vim /etc/selinux/config # yum install -y httpd # systemctl restart httpd # yum install -y lsof # lsof -i:80 # systemctl restart httpd //添加主页,默认也有 # cd /var/www/html/ # echo "hello world" > index.html # systemctl restart httpd # curl 192.168.1.2 # curl -I 192.168.1.2 //修改网站目录 # mkdir /www # vim /etc/httpd/conf/httpd.conf DocumentRoot "/www" # 约119行 <Directory "/www"> # 约131行 # cd /www # echo "hi !!!" > index.html # systemctl restart httpd # curl 192.168.1.2 //修改主页类型 # vim /etc/httpd/conf/httpd.conf index.html改index.php # 约164行 # systemctl reload httpd # # echo "php " > index.php
安装
# yum -y install gcc make zlib-devel pcre pcre-devel openssl-devel apr-* # rpm -rf /tmp/ # cd /tmp # yum provides rz lrzsz-0.12.20-36.el7.x86_64 # yum install -y lrzsz-0.12.20-36.el7.x86_64 # rz //选择上传的文件 # tar xf httpd-v2.4.41.tar.gz # cd httpd-v2.4.41 # ./configure --prefix=/usr/local/apache2 && make && make install
常用命令
# /usr/local/apache2/bin/apachectl -M # 查看常见的模块(动、静) # /usr/local/apache2/bin/apachectl -l # 查看加载的静态模块 # /usr/local/apache2/bin/apachectl -t # 检查配置文件语法 # /usr/local/apache2/bin/apachectl graceful #加载配置文件、但不重启 # /usr/local/apache2/bin/apachectl start/stop/restart # /usr/local/apache2/conf/httpd.conf ServerName localhost:80 #没有就添加 # /usr/local/apache2/bin/apachectl -t
3.配置用户认证
# vim /usr/local/apache2.4/conf/httpd.conf
//关键词httpd-vhost前面注释去掉
# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/www/abc"
ServerName abc.com
<Directory /data/www/abc>
AllowOverride AuthConfig
AuthName "zhao"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</Directory>
</VirtualHost>
# htpasswd -c /data/htpasswd zhao
# cat /data/.htpasswd
# /usr/local/apache2/bin/apachectl restart
//浏览器输入:192.168.1.2/data/www/abc
4.虚拟主机
# vim /usr/local/apache2.4/conf/httpd.conf
<Directory>
AllowOverride none
Require all granted
</Directory>
//关键词httpd-vhost前面注释去掉
# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/tmp/111"
ServerName www.111.com
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/data/www"
ServerName www.test.com
ServerAlias www.aaa.com
</VirtualHost>
# mkdir /tmp/111
# echo "hello www.111.com" > /tmp/111/index.html
# mkdir -p /data/www
# echo "hello www.test.com and www.aaa.com" > /data/www/index.html
测试
//本地测试用到 # vim /etc/hosts 192.168.1.2 www.test.com 192.168.1.2 www.aaa.com 192.168.1.2 www.111.com //测试 # ping www.test.com # ping www.aaa.com # ping www.111.com # /usr/local/apache2/bin/apachectl start # killall httpd # curl -x 192.168.1.2:80 www.test.com # curl -x 192.168.1.2:80 www.aaa.com # curl -x 192.168.1.2:80 www.111.com
5.配置rewrite规则
-
Apache中rewrite规则代码均写在<IfModule mod_rewrite.c>模块下
需开启/usr/local/apache2.4/conf/httpd.conf下的模块
5.1 301永久跳转,302暂时跳转
<IfModule mod_rewrite.c>
RewriteEngine on # 打开rewrite功能
RewriteCond %{HTTP_HOST} ^www.aaa.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.bbb.com$
RewriteRule ^/(.*)$ http://www.test.com/$1 [R=301,L]
</IfModule>
RewriteCond跳转条件;RewriteRule跳转规则
实验
# vim /usr/local/apache2.4/conf/httpd.conf
156行模块注释去掉
481行开启虚拟主机文件注释去掉
# vim /usr/local/apache2/conf/extra/httpd-vhost.conf
<VirtualHost *:80>
DocumentRoot "/data/www"
<IfModule mod_rewrite.c>
RewriteEngine on # 打开rewrite功能
RewriteCond %{HTTP_HOST} ^www.aaa.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.bbb.com$
RewriteRule ^/(.*)$ http://www.test.com/$1 [R=301,L]
</IfModule>
</VirtualHost>
# /usr/local/apache2/bin/apachectl -t #检测
# mkdir -p /data/www
# echo "hello test.com" > /data/www/index.html
# vim /etc/hosts
192.168.1.2 www.aaa.com
192.168.1.2 www.bbb.com
192.168.1.2 www.test.com
# /usr/local/apache2/bin/apachectl restart
# curl www.aaa.com
301
# curl www.bbb.com
301
# curl www.test.com
hello test.com
5.2禁止指定user_agent
RewriteCond %{HTTP_USER_AGENT} ^.*curl.* [NC,OR] #禁止curl和chrome浏览器访问,不区分大小写
RewriteCond %{HTTP_USER_AGENT} ^.*chrome.*
RewriteRule .* - [F] #为禁止的意思
实验
# vim /usr/local/apache2.4/conf/httpd.conf
156行模块注释去掉
481行开启虚拟主机文件注释去掉
# vim /usr/local/apache2/conf/extra/httpd-vhost.conf
<VirtualHost *:80>
DocumentRoot "/data/www"
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^.*curl.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*chrome.*
RewriteRule .* - [F]
</IfModule>
</VirtualHost>
# vim /etc/hosts
192.168.1.2 www.aaa.com
192.168.1.2 www.bbb.com
192.168.1.2 www.test.com
# /usr/local/apache2/bin/apachectl restart
# curl www.test.com
5.3通过rewrite限制某个目录
RewriteCond %{REQUEST_URI} ^.*/tmp/.* [NC] #禁止访问tmp目录
RewriteRule .* - [F]
5.4rewrite规则
-
R=301 强制外部重定向
-
[F]禁用URL,返回403HTTP状态码
-
NC不区分大小写
-
[OR]或者
5.5rewrite变量
%{HTTP_HOST} #访问的user_agent
%{HTTP_USER_AGENT} #当前访问的网站,只是指前缀部分,www.xxx.com,不包括http://和/
%{REQUEST_URI} #访问相对地址,就是相对根目录的地址,就是域名/后面的部分,格式上包括最前面的"/"
www.123.com/abc/1.html # www.123.com表示HOST,abc/1.html表示URI
6.防盗链
防止其他的网站大量使用自己网站里的一些图片,流量跑的是自己的网站,造成带宽的浪费,防止图片被盗用。
# vim /usr/local/
# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/abc.com"
ServerName www.abc.com
SetEnvIfNoCase Referer "^http://.*\.abc\.com" local_ref
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|png|gif|css|js)">
Order Allow,Deny
Allow from env=local_ref
</filesmatch>
</Directory>
</VirtualHost>
6.访问控制
网络安全,如指定目录上传文件,避免木马,针对路径禁止解析php
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/abc.com"
ServerName www.abc.com
<Directory /data/wwwroot/abc.com/upload>
php_admin_flag engine off #将PHP解析引擎关闭
<Filesmatch "(.*)php"> #匹配
Order deny,allow
Deny from all #禁止解析所有,若不加filematch,只是将engine off,在浏览器访问该文件时,会将php文件下载下来,这样不好
</Filesmatch>
</Directory>
</VirtualHost>
配置若有遗漏或错误,请评论留言。
