httpd配置(yum)

Apache(yum)

Apache和Nginx对比

  • Nginx相对于Apache:

    • 高并发响应性能非常好(单台万级并发连接30000-50000/s(简单静态页))

    • 反向代理性能非常好(可用于负载均衡)

    • 内存和CPU占用率低(为Apache的1/5-1/10)

    • 功能较Apache少(常用功能均有)

Apache和Nginx总结

  • Apache拥有丰富的模块组件支持,稳定性强,BUG少,动态内容处理强。

  • Nginx轻量级,占用资源少,负载均衡,高并发处理强,静态内容处理高效

中间件介绍

tomcat

weblogic

jboss

php

uwsgi

1.Apache基本配置

<Directory “/var/www/html”> #网站容器开始标识 Options Indexes FollowSymlinks #找不到主业是,以目录的方式呈现,允许链接到网站根目录以外 AllowOverride None #None不使用.htaccess控制,all允许 Require all granted #granted表示运行所有访问,denied表示拒绝所有访问 </Directory>

IP:192.168.1.12

# setenforce 0
# systemctl stop firewalld
# vim /etc/selinux/config
# yum install -y httpd
# systemctl restart httpd
# yum install -y lsof
# lsof -i:80
# systemctl restart httpd
​
//添加主页,默认也有
# cd /var/www/html/
# echo "hello world" > index.html
# systemctl restart httpd
# curl 192.168.1.2
# curl -I 192.168.1.2
​
//修改网站目录
# mkdir /www
# vim /etc/httpd/conf/httpd.conf
DocumentRoot    "/www"      # 约119行
<Directory "/www">      # 约131行
# cd /www
# echo "hi !!!" > index.html
# systemctl restart httpd
# curl 192.168.1.2
​
//修改主页类型
# vim /etc/httpd/conf/httpd.conf
index.html改index.php        # 约164行
# systemctl reload httpd
# # echo "php " > index.php

http://192.168.1.12

 

2.常用命令(源码)

安装

# yum -y install gcc make zlib-devel pcre pcre-devel openssl-devel  apr-*
# rpm -rf /tmp/
# cd /tmp
# yum provides rz
lrzsz-0.12.20-36.el7.x86_64
# yum install -y lrzsz-0.12.20-36.el7.x86_64
# rz        //选择上传的文件
# tar xf httpd-v2.4.41.tar.gz
# cd httpd-v2.4.41
# ./configure --prefix=/usr/local/apache2 && make && make install

  

常用命令

# /usr/local/apache2/bin/apachectl -M   # 查看常见的模块(动、静)
# /usr/local/apache2/bin/apachectl -l   # 查看加载的静态模块
# /usr/local/apache2/bin/apachectl -t   # 检查配置文件语法
# /usr/local/apache2/bin/apachectl graceful #加载配置文件、但不重启
# /usr/local/apache2/bin/apachectl  start/stop/restart
​
# /usr/local/apache2/conf/httpd.conf
ServerName localhost:80     #没有就添加
# /usr/local/apache2/bin/apachectl -t

  

3.配置用户认证

# vim /usr/local/apache2.4/conf/httpd.conf
//关键词httpd-vhost前面注释去掉
# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
    DocumentRoot "/data/www/abc"
    ServerName abc.com
     <Directory /data/www/abc>
    AllowOverride AuthConfig
    AuthName "zhao"
    AuthType Basic
    AuthUserFile /data/.htpasswd
     require valid-user
     </Directory>
</VirtualHost>
​
# htpasswd -c /data/htpasswd zhao
# cat /data/.htpasswd
# /usr/local/apache2/bin/apachectl  restart
//浏览器输入:192.168.1.2/data/www/abc

 

4.虚拟主机

# vim /usr/local/apache2.4/conf/httpd.conf
<Directory>
    AllowOverride   none
    Require all granted
</Directory>
//关键词httpd-vhost前面注释去掉
​
# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
    DocumentRoot "/tmp/111"
    ServerName www.111.com
</VirtualHost>
​
<VirtualHost *:80>
    DocumentRoot "/data/www"
    ServerName www.test.com
    ServerAlias www.aaa.com
</VirtualHost>
​
# mkdir /tmp/111
# echo "hello www.111.com" > /tmp/111/index.html
# mkdir -p /data/www
# echo "hello www.test.com and www.aaa.com" > /data/www/index.html

  

测试

//本地测试用到
# vim /etc/hosts
192.168.1.2     www.test.com
192.168.1.2     www.aaa.com
192.168.1.2     www.111.com
​
//测试
# ping www.test.com
# ping www.aaa.com
# ping www.111.com
# /usr/local/apache2/bin/apachectl  start
# killall httpd
# curl -x 192.168.1.2:80 www.test.com
# curl -x 192.168.1.2:80 www.aaa.com
# curl -x 192.168.1.2:80 www.111.com

  

5.配置rewrite规则

  • Apache中rewrite规则代码均写在<IfModule mod_rewrite.c>模块下

    需开启/usr/local/apache2.4/conf/httpd.conf下的模块

5.1 301永久跳转,302暂时跳转

<IfModule mod_rewrite.c>
    RewriteEngine on    # 打开rewrite功能
    RewriteCond %{HTTP_HOST} ^www.aaa.com$  [OR]
    RewriteCond %{HTTP_HOST} ^www.bbb.com$
    RewriteRule ^/(.*)$ http://www.test.com/$1 [R=301,L]
</IfModule>

RewriteCond跳转条件;RewriteRule跳转规则

 

实验

# vim /usr/local/apache2.4/conf/httpd.conf
156行模块注释去掉
481行开启虚拟主机文件注释去掉
​
# vim /usr/local/apache2/conf/extra/httpd-vhost.conf
<VirtualHost *:80>
    DocumentRoot "/data/www"
<IfModule mod_rewrite.c>
    RewriteEngine on    # 打开rewrite功能
    RewriteCond %{HTTP_HOST} ^www.aaa.com$  [OR]
    RewriteCond %{HTTP_HOST} ^www.bbb.com$
    RewriteRule ^/(.*)$ http://www.test.com/$1 [R=301,L]
</IfModule>
</VirtualHost>
# /usr/local/apache2/bin/apachectl -t   #检测
# mkdir -p /data/www
# echo "hello test.com" > /data/www/index.html
​
​
# vim /etc/hosts
192.168.1.2     www.aaa.com
192.168.1.2     www.bbb.com
192.168.1.2     www.test.com
​
# /usr/local/apache2/bin/apachectl restart
​
# curl www.aaa.com
301
# curl www.bbb.com
301
# curl www.test.com
hello test.com

  

 

5.2禁止指定user_agent

  

RewriteCond %{HTTP_USER_AGENT} ^.*curl.*	[NC,OR]		#禁止curl和chrome浏览器访问,不区分大小写
RewriteCond %{HTTP_USER_AGENT} ^.*chrome.*
RewriteRule .* - [F]	#为禁止的意思

  

实验

# vim /usr/local/apache2.4/conf/httpd.conf
156行模块注释去掉
481行开启虚拟主机文件注释去掉
# vim /usr/local/apache2/conf/extra/httpd-vhost.conf
<VirtualHost *:80>
    DocumentRoot "/data/www"
<IfModule mod_rewrite.c>
    RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^.*curl.*	[NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*chrome.*
RewriteRule .* - [F]
</IfModule>
</VirtualHost>

# vim /etc/hosts
192.168.1.2		www.aaa.com
192.168.1.2		www.bbb.com
192.168.1.2		www.test.com

# /usr/local/apache2/bin/apachectl restart
# curl www.test.com

 

5.3通过rewrite限制某个目录

RewriteCond %{REQUEST_URI} ^.*/tmp/.*  [NC] #禁止访问tmp目录
RewriteRule .* - [F]

 

5.4rewrite规则

  • R=301 强制外部重定向

  • [F]禁用URL,返回403HTTP状态码

  • NC不区分大小写

  • [OR]或者

5.5rewrite变量

%{HTTP_HOST}		#访问的user_agent
%{HTTP_USER_AGENT}	#当前访问的网站,只是指前缀部分,www.xxx.com,不包括http://和/
%{REQUEST_URI}		#访问相对地址,就是相对根目录的地址,就是域名/后面的部分,格式上包括最前面的"/"
www.123.com/abc/1.html	# www.123.com表示HOST,abc/1.html表示URI

6.防盗链

防止其他的网站大量使用自己网站里的一些图片,流量跑的是自己的网站,造成带宽的浪费,防止图片被盗用。

# vim /usr/local/
# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/abc.com"
    ServerName www.abc.com
    SetEnvIfNoCase Referer "^http://.*\.abc\.com" local_ref
    <filesmatch "\.(txt|doc|mp3|zip|rar|jpg|png|gif|css|js)">
    Order Allow,Deny
    Allow from env=local_ref
    </filesmatch>
    </Directory>
</VirtualHost>

  

6.访问控制

网络安全,如指定目录上传文件,避免木马,针对路径禁止解析php

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/abc.com"
    ServerName www.abc.com
    
    <Directory /data/wwwroot/abc.com/upload>	
        php_admin_flag engine off	#将PHP解析引擎关闭
    <Filesmatch "(.*)php">		#匹配
        Order deny,allow
        Deny from all		#禁止解析所有,若不加filematch,只是将engine off,在浏览器访问该文件时,会将php文件下载下来,这样不好
    </Filesmatch>
    </Directory>
</VirtualHost>

 

posted @ 2021-03-09 00:02  破碎的屋檐  阅读(333)  评论(0编辑  收藏  举报