服务器评测
[root@localhost ~]# yum -y groupinstall “万维网服务器”
[root@localhost ~]# grep -v ‘^#’ /etc/httpd/conf/httpd.conf |uniq
ServerTokens OS //允许在错误页面显示操作系统的版本,改成Prod可以隐藏该信息
ServerRoot “/etc/httpd” //apache的配置文件路径
PidFile run/httpd.pid //pid文件位置
Timeout 120 //请求超时时间为2分钟
KeepAlive Off //KeepAlive 配置指令决定当处理完用户发起的 HTTP 请求后是否立即关闭 TCP 连接
MaxKeepAliveRequests 100
KeepAliveTimeout 15
##以下的配置涉及到服务器调优方面,可参考http://lamp.linux.gov.cn/Apache/ApacheMenu/mod/mpm_common.html##
//以下是Apache的mpm的prefork模块对于服务器性能的设定
StartServers 8 //启动Apache的时候就产生8个进程
MinSpareServers 5 //最少应当有5个Apache进程
MaxSpareServers 20 //最多的进程数不等超过20个
ServerLimit 256 //最大允许的子进程数
MaxClients 256 //最大的客户端并发链接数
MaxRequestsPerChild 4000 //每个子进程在其生存期内允许的最大请求数量
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
###############################################
Listen 80 //侦听80端口
LoadModule auth_basic_module modules/mod_auth_basic.so //加载的模块,可以使用/usr/sbin/apachectl -l命令查看加载的模块
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
…………………………输出省略………………………………
Include conf.d/*.conf //包含/etc/httpd/conf.d/下的所有以conf结尾的配置文件
User apache //以Apache用户和组的身份运行
Group apache
ServerAdmin root@localhost //管理员的电子邮件地址
UseCanonicalName Off
DocumentRoot “/var/www/html” //默认的网站工作目录
Options FollowSymLinks`
AllowOverride None
Options Indexes FollowSymLinks //开启索引和软链接访问功能
AllowOverride None //不允许请求头重写
Order allow,deny //定义访问策略,先允许,后拒绝
Allow from all //允许所有访问
//以下是关于Apache发布系统用户家目录下的public_html中网站的设定,设定此项需要注意selinux和home目录
的权限
#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
UserDir disable
#
# To enable requests to /~user/ to serve the user’s public_html
# directory, remove the “UserDir disable” line above, and uncomment
# the following line instead:
#
#UserDir public_html
DirectoryIndex index.html index.html.var //定义首页文件的文件名
AccessFileName .htaccess //指定网站根目录下的.htaccess文件为请求头控制文件
Order allow,deny
Deny from all
TypesConfig /etc/mime.types
DefaultType text/plain //html明文
MIMEMagicFile conf/magic
HostnameLookups Off //关闭客户端dns反解
ErrorLog logs/error_log //定义错误日志位置
LogLevel warn //日志级别为警告
LogFormat “%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”” combined //定义组合日志的格式
LogFormat “%h %l %u %t \”%r\” %>s %b” common //定义普通日志的格式
LogFormat “%{Referer}i -> %U” referer
LogFormat “%{User-agent}i” agent
CustomLog logs/access_log combined //定义访问日志保存位置和使用组合日志格式
ServerSignature On //在错误页面允许显示Apache的版本信息,可改成Off隐藏
ScriptAlias /cgi-bin/ “/var/www/cgi-bin/” //允许执行cgi
AllowOverride None
Options None
Order allow,deny
Allow from all
虚拟主机配置实例:
ServerAdmin ylw6006@163.com
DocumentRoot /var/www/192.168.122.10
ServerName 192.168.122.10
ScriptAlias /cgi-bin/ “/var/www/192.168.122.10-cgi”
Options Indexes FollowSymlinks
Allowoverride AuthConfig
Order deny,allow
deny from 192.168.122.50
Allow from 192.168.122.1
ErrorLog logs/192.168.122.10-error_log
CustomLog logs/192.168.122.10-access_log common
[root@localhost www]# ls -Zd 192.168.122.10*
drwxr-xr-x root root system_u:object_r:httpd_sys_content_t 192.168.122.10
drwxr-xr-x root root system_u:object_r:httpd_sys_content_t 192.168.122.10-cgi
[root@localhost www]# cat /var/www/192.168.122.10/.htaccess
authname “Please enter your username and password for login……”
authtype basic
authuserfile /etc/httpd/conf/.htpasswd.192.168.122.10
require valid-user
[root@localhost www]# htpasswd -cm /etc/httpd/conf/.htpasswd.192.168.122.10 yang
New password:
Re-type new password:
Adding password for user yang
[root@localhost ~]# cat /etc/httpd/conf.d/welcome.conf
#
# Options -Indexes
# ErrorDocument 403 /error/noindex.html
#
[root@localhost ~]# service httpd restart
192.168.122.50访问测试
[root@localhost 192.168.122.10-cgi]# ls -Z
-rwxr-xr-x root root system_u:object_r:httpd_sys_content_t test.sh
[root@localhost 192.168.122.10-cgi]# cat test.sh
#!/bin/sh
echo Content-type: text/html
echo
echo “
“
echo “today is `date`”
echo “this web server ip is `grep -i ipaddr /etc/sysconfig/network-scripts/ifcfg-eth0 | cut -d ‘=’ -f 2`”
echo “”
