httpd配置(yum)
Apache和Nginx对比
-
Nginx相对于Apache:
-
高并发响应性能非常好(单台万级并发连接30000-50000/s(简单静态页))
-
反向代理性能非常好(可用于负载均衡)
-
内存和CPU占用率低(为Apache的1/5-1/10)
-
功能较Apache少(常用功能均有)
-
Apache和Nginx总结
-
Apache拥有丰富的模块组件支持,稳定性强,BUG少,动态内容处理强。
-
Nginx轻量级,占用资源少,负载均衡,高并发处理强,静态内容处理高效
中间件介绍
tomcat
weblogic
jboss
php
uwsgi
1.Apache基本配置
<Directory “/var/www/html”> #网站容器开始标识 Options Indexes FollowSymlinks #找不到主业是,以目录的方式呈现,允许链接到网站根目录以外 AllowOverride None #None不使用.htaccess控制,all允许 Require all granted #granted表示运行所有访问,denied表示拒绝所有访问 </Directory>
IP:192.168.1.12
# setenforce 0 # systemctl stop firewalld # vim /etc/selinux/config # yum install -y httpd # systemctl restart httpd # yum install -y lsof # lsof -i:80 # systemctl restart httpd //添加主页,默认也有 # cd /var/www/html/ # echo "hello world" > index.html # systemctl restart httpd # curl 192.168.1.2 # curl -I 192.168.1.2 //修改网站目录 # mkdir /www # vim /etc/httpd/conf/httpd.conf DocumentRoot "/www" # 约119行 <Directory "/www"> # 约131行 # cd /www # echo "hi !!!" > index.html # systemctl restart httpd # curl 192.168.1.2 //修改主页类型 # vim /etc/httpd/conf/httpd.conf index.html改index.php # 约164行 # systemctl reload httpd # # echo "php " > index.php
安装
# yum -y install gcc make zlib-devel pcre pcre-devel openssl-devel apr-* # rpm -rf /tmp/ # cd /tmp # yum provides rz lrzsz-0.12.20-36.el7.x86_64 # yum install -y lrzsz-0.12.20-36.el7.x86_64 # rz //选择上传的文件 # tar xf httpd-v2.4.41.tar.gz # cd httpd-v2.4.41 # ./configure --prefix=/usr/local/apache2 && make && make install
常用命令
# /usr/local/apache2/bin/apachectl -M # 查看常见的模块(动、静) # /usr/local/apache2/bin/apachectl -l # 查看加载的静态模块 # /usr/local/apache2/bin/apachectl -t # 检查配置文件语法 # /usr/local/apache2/bin/apachectl graceful #加载配置文件、但不重启 # /usr/local/apache2/bin/apachectl start/stop/restart # /usr/local/apache2/conf/httpd.conf ServerName localhost:80 #没有就添加 # /usr/local/apache2/bin/apachectl -t
3.配置用户认证
# vim /usr/local/apache2.4/conf/httpd.conf //关键词httpd-vhost前面注释去掉 # vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf <VirtualHost *:80> DocumentRoot "/data/www/abc" ServerName abc.com <Directory /data/www/abc> AllowOverride AuthConfig AuthName "zhao" AuthType Basic AuthUserFile /data/.htpasswd require valid-user </Directory> </VirtualHost> # htpasswd -c /data/htpasswd zhao # cat /data/.htpasswd # /usr/local/apache2/bin/apachectl restart //浏览器输入:192.168.1.2/data/www/abc
4.虚拟主机
# vim /usr/local/apache2.4/conf/httpd.conf <Directory> AllowOverride none Require all granted </Directory> //关键词httpd-vhost前面注释去掉 # vim /usr/local/apache2/conf/extra/httpd-vhosts.conf <VirtualHost *:80> DocumentRoot "/tmp/111" ServerName www.111.com </VirtualHost> <VirtualHost *:80> DocumentRoot "/data/www" ServerName www.test.com ServerAlias www.aaa.com </VirtualHost> # mkdir /tmp/111 # echo "hello www.111.com" > /tmp/111/index.html # mkdir -p /data/www # echo "hello www.test.com and www.aaa.com" > /data/www/index.html
测试
//本地测试用到 # vim /etc/hosts 192.168.1.2 www.test.com 192.168.1.2 www.aaa.com 192.168.1.2 www.111.com //测试 # ping www.test.com # ping www.aaa.com # ping www.111.com # /usr/local/apache2/bin/apachectl start # killall httpd # curl -x 192.168.1.2:80 www.test.com # curl -x 192.168.1.2:80 www.aaa.com # curl -x 192.168.1.2:80 www.111.com
5.配置rewrite规则
-
Apache中rewrite规则代码均写在<IfModule mod_rewrite.c>模块下
需开启/usr/local/apache2.4/conf/httpd.conf下的模块
5.1 301永久跳转,302暂时跳转
<IfModule mod_rewrite.c> RewriteEngine on # 打开rewrite功能 RewriteCond %{HTTP_HOST} ^www.aaa.com$ [OR] RewriteCond %{HTTP_HOST} ^www.bbb.com$ RewriteRule ^/(.*)$ http://www.test.com/$1 [R=301,L] </IfModule>
RewriteCond跳转条件;RewriteRule跳转规则
实验
# vim /usr/local/apache2.4/conf/httpd.conf 156行模块注释去掉 481行开启虚拟主机文件注释去掉 # vim /usr/local/apache2/conf/extra/httpd-vhost.conf <VirtualHost *:80> DocumentRoot "/data/www" <IfModule mod_rewrite.c> RewriteEngine on # 打开rewrite功能 RewriteCond %{HTTP_HOST} ^www.aaa.com$ [OR] RewriteCond %{HTTP_HOST} ^www.bbb.com$ RewriteRule ^/(.*)$ http://www.test.com/$1 [R=301,L] </IfModule> </VirtualHost> # /usr/local/apache2/bin/apachectl -t #检测 # mkdir -p /data/www # echo "hello test.com" > /data/www/index.html # vim /etc/hosts 192.168.1.2 www.aaa.com 192.168.1.2 www.bbb.com 192.168.1.2 www.test.com # /usr/local/apache2/bin/apachectl restart # curl www.aaa.com 301 # curl www.bbb.com 301 # curl www.test.com hello test.com
5.2禁止指定user_agent
RewriteCond %{HTTP_USER_AGENT} ^.*curl.* [NC,OR] #禁止curl和chrome浏览器访问,不区分大小写 RewriteCond %{HTTP_USER_AGENT} ^.*chrome.* RewriteRule .* - [F] #为禁止的意思
实验
# vim /usr/local/apache2.4/conf/httpd.conf 156行模块注释去掉 481行开启虚拟主机文件注释去掉 # vim /usr/local/apache2/conf/extra/httpd-vhost.conf <VirtualHost *:80> DocumentRoot "/data/www" <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP_USER_AGENT} ^.*curl.* [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^.*chrome.* RewriteRule .* - [F] </IfModule> </VirtualHost> # vim /etc/hosts 192.168.1.2 www.aaa.com 192.168.1.2 www.bbb.com 192.168.1.2 www.test.com # /usr/local/apache2/bin/apachectl restart # curl www.test.com
5.3通过rewrite限制某个目录
RewriteCond %{REQUEST_URI} ^.*/tmp/.* [NC] #禁止访问tmp目录 RewriteRule .* - [F]
5.4rewrite规则
-
R=301 强制外部重定向
-
[F]禁用URL,返回403HTTP状态码
-
NC不区分大小写
-
[OR]或者
5.5rewrite变量
%{HTTP_HOST} #访问的user_agent %{HTTP_USER_AGENT} #当前访问的网站,只是指前缀部分,www.xxx.com,不包括http://和/ %{REQUEST_URI} #访问相对地址,就是相对根目录的地址,就是域名/后面的部分,格式上包括最前面的"/" www.123.com/abc/1.html # www.123.com表示HOST,abc/1.html表示URI
6.防盗链
防止其他的网站大量使用自己网站里的一些图片,流量跑的是自己的网站,造成带宽的浪费,防止图片被盗用。
# vim /usr/local/ # vim /usr/local/apache2/conf/extra/httpd-vhosts.conf <VirtualHost *:80> DocumentRoot "/data/wwwroot/abc.com" ServerName www.abc.com SetEnvIfNoCase Referer "^http://.*\.abc\.com" local_ref <filesmatch "\.(txt|doc|mp3|zip|rar|jpg|png|gif|css|js)"> Order Allow,Deny Allow from env=local_ref </filesmatch> </Directory> </VirtualHost>
6.访问控制
网络安全,如指定目录上传文件,避免木马,针对路径禁止解析php
<VirtualHost *:80> DocumentRoot "/data/wwwroot/abc.com" ServerName www.abc.com <Directory /data/wwwroot/abc.com/upload> php_admin_flag engine off #将PHP解析引擎关闭 <Filesmatch "(.*)php"> #匹配 Order deny,allow Deny from all #禁止解析所有,若不加filematch,只是将engine off,在浏览器访问该文件时,会将php文件下载下来,这样不好 </Filesmatch> </Directory> </VirtualHost>