HTTP Service 中篇

5、httpd 常见配置

5.1 显示服务器版本信息

[root@node-128 bin]# curl -I http://192.168.139.128
HTTP/1.1 200 OK
Date: Sun, 08 Dec 2019 10:04:44 GMT
Server: Apache/2.4.41 (Unix)
Last-Modified: Mon, 11 Jun 2007 18:53:14 GMT
ETag: "2d-432a5e4a73a80"
Accept-Ranges: bytes
Content-Length: 45
Content-Type: text/html

详细配置项：http://httpd.apache.org/docs/2.4/mod/core.html#servertokens

 创建子目录单独让其生效

[root@node-128 conf]# pwd
/app/httpd24/conf
[root@node-128 conf]# vim httpd.conf
添加一行：使其生效
Include conf/conf.d/*.conf
[root@node-128 conf]# mkdir conf.d
[root@node-128 conf]# ls
conf.d  extra  httpd.conf  httpd.conf.bak  magic  mime.types  original
[root@node-128 conf.d]# vim test.conf
添加
servertokens prod

[root@node-128 conf.d]# systemctl reload httpd
[root@node-128 conf.d]# curl -I http://192.168.139.128
HTTP/1.1 200 OK
Date: Sun, 08 Dec 2019 10:31:51 GMT
Server: Apache
Last-Modified: Mon, 11 Jun 2007 18:53:14 GMT
ETag: "2d-432a5e4a73a80"
Accept-Ranges: bytes
Content-Length: 45
Content-Type: text/html

5.2  监听的IP和Port

做法思路和前一个基本相似，这里不作详细说明了

Listen [IP:]PORT

说明：

(1) 省略IP表示为本机所有IP
(2) Listen指令至少一个，可重复出现多次

范例：

Listen 192.168.1.100:8080
Lsten 80

5.3 持久连接

Persistent Connection：连接建立，每个资源获取完成后不会断开连接，而是继续等待其它的请求完
成，默认关闭持久连接
断开条件：时间限制：以秒为单位， 默认5s，httpd-2.4 支持毫秒级
副作用：对并发访问量大的服务器，持久连接会使有些请求得不到响应
折衷：使用较短的持久连接时间
持久连接相关指令：

KeepAlive On|Off
KeepAliveTimeout 15 #连接持续15s,可以以ms为单位,默认值为5s
MaxKeepAliveRequests 500 #持久连接最大接收的请求数,默认值100

测试方法：

telnet WEB_SERVER_IP PORT
GET /URL HTTP/1.1
Host: WEB_SERVER_IP

5.4 DSO (Dynamic Shared Object)

Dynamic Shared Object，加载动态模块配置，不需重启即生效
动态模块所在路径： /usr/lib64/httpd/modules/
主配置 /etc/httpd/conf/httpd.conf 文件中指定加载模块配置文件

ServerRoot "/etc/httpd"
Include conf.modules.d/*.conf

配置指定实现模块加载格式：

LoadModule <mod_name> <mod_path>
[root@node-128 httpd24]# cd conf/
[root@node-128 conf]# ls
conf.d extra httpd.conf httpd.conf.bak magic mime.types original
[root@node-128 conf]# vim httpd.conf
Example:
# LoadModule foo_module modules/mod_foo.so
#
#LoadModule mpm_event_module modules/mod_mpm_event.so
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so

查看已加载的模块

httpd -M
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::d386:496:dd09:2c09%ens33. 
Set the 'ServerName' directive globally to suppress this message
Loaded Modules:
 core_module (static)
 so_module (static)
 http_module (static)
 mpm_prefork_module (shared)
 authn_file_module (shared)
 authn_core_module (shared)
 authz_host_module (shared)
 authz_groupfile_module (shared)
 authz_user_module (shared)
 authz_core_module (shared)
 access_compat_module (shared)
 auth_basic_module (shared)
 reqtimeout_module (shared)
-----------------------------------------省略---------------------------------------------

模块文件路径可使用相对路径：相对于ServerRoot（默认/etc/httpd）

5.5 MPM (Multi-Processing Module) 多路处理模块

 httpd 支持三种MPM工作模式：prefork, worker, event

centos7编译默认使用的工作模式
[root@node-128 extra]# httpd -M |grep mpm
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::d386:496:dd09:2c09%ens33. 
Set the 'ServerName' directive globally to suppress this message
mpm_prefork_module (shared)

切换MPM模式

[root@node-128 conf]# ls
conf.d  extra  httpd.conf  httpd.conf.bak  magic  mime.types  original
修改配置文件：
[root@node-128 conf]# vim httpd.conf
#LoadModule mpm_event_module modules/mod_mpm_event.so
#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
LoadModule mpm_worker_module modules/mod_mpm_worker.so
LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
[root@node-128 conf]# httpd -M |grep mpm
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::d386:496:dd09:2c09%ens33. Set the 'ServerName' directive globally to suppress this message
 mpm_worker_module (shared)

5.6 prefork 模式相关的配置：（event、worker模式类似）

[root@node-128 conf]# ls
conf.d  extra  httpd.conf  httpd.conf.bak  magic  mime.types  original
[root@node-128 conf]# cd extra/
[root@node-128 extra]# ls
httpd-autoindex.conf  httpd-languages.conf           httpd-ssl.conf
httpd-dav.conf        httpd-manual.conf              httpd-userdir.conf
httpd-default.conf    httpd-mpm.conf                 httpd-vhosts.conf
httpd-info.conf       httpd-multilang-errordoc.conf  proxy-html.conf
[root@node-128 extra]# vim httpd-mpm.conf
# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxRequestWorkers: maximum number of server processes allowed to start
# MaxConnectionsPerChild: maximum number of connections a server process serves
#                         before terminating
<IfModule mpm_prefork_module>
    StartServers             5
    MinSpareServers          5
    MaxSpareServers         10  
    MaxRequestWorkers      250               #最大的并发连接数
    MaxConnectionsPerChild   0               #子进程最多能处理的请求数量。在处理
</IfModule>

# worker MPM
# StartServers: initial number of server processes to start
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestWorkers: maximum number of worker threads
# MaxConnectionsPerChild: maximum number of connections a server process serves
#                         before terminating
<IfModule mpm_worker_module>
    StartServers             3
    MinSpareThreads         75
    MaxSpareThreads        250
    ThreadsPerChild         25
    MaxRequestWorkers      400
    MaxConnectionsPerChild   0

设置访问路径权限的几个要素：

1、DocumentRoot：网站访问指定文档的真实路径

2、<Directory directory-path> ... </Directory>：封装网页默认读取的目录，类似的还有基于文件、文件通配符、正则表达式、URL路径

3、DirectoryIndex ： 后面那个文件在前优先读取，如果前面不存在则读取后面文件

4、各种控制指令：Options、AllowOverride指令等等

5.7 定义Main server的文档页面路径

[root@node-128 www]# echo '/data/www/index.html' > /data/www/index.html
[root@node-128 www]# vim /app/httpd24/conf/httpd.conf
改变这两行：
DocumentRoot "/data/www"
<Directory "/data/www">

说明：
DocumentRoot指向的路径为URL路径的起始位置
/path 必须显式授权后才可以访问

5.8 定义站点主页面

DirectoryIndex index.php index.html

5.9 可实现访问控制的资源

可以针对文件系统和URI的资源进行访问控制
文件系统路径：

#基于目录
<Directory “/path">
...
</Directory>
#基于文件
<File “/path/file”>
...
</File>
#基于正则表达式
<FileMatch “regex”>
...
</FileMatch>

URL路径：

<Location "URL">
...
</Location>
<LocationMatch "regex">
...
</LocationMatch>

5.10 针对目录实现访问控制

后跟1个或多个以空白字符分隔的选项列表， 在选项前的+，- 表示增加或删除指定选项
常见选项：
Indexes：指明的URL路径下不存在与定义的主页面资源相符的资源文件时，返回索引列表给用户
FollowSymLinks：允许访问符号链接文件所指向的源文件
None：全部禁用
All： 全部允许

范例：

<Directory /web/docs>
Options Indexes FollowSymLinks
</Directory>
<Directory /web/docs/spec>
Options FollowSymLinks
</Directory>