前言:
http服务器程序:httpd(apache), nginx, lighttpd。(处理静态内容)
应用程序服务器:IIS:.NET tomcat: .jsp (能够处理动态内容)
===============================================分割线======================================
httpd的特性:
(1)高度模块化:core+modules
(2)DSO机制:dynamic shared object(动态共享对象,可以支持动态装卸载模块)
(3)MPM:Multipath processing Modules(多路处理模块)
①prefork:多进程模型,每个进程响应一个请求。
一个主进程:负责生成子进程以处理用户请求,并回收子进程,负责创 建套接字,不处理请求,只将请求派发给某子进程进行处 理;
多个子进程:每个子进程处理一个请求;
工作模型:会预先生成几个空闲进程,随时等待用于响应用户请求,并 提前定义最大空闲和最小空闲;
②worker:多进程多线程模型,每一个线程处理一个用户请求;
一个主进程:负责生成子进程以处理用户请求,并回收子进程,负责创 建套接字,不处理请求,只将请求派发给某子进程进行处 理;
多个子进程:每个子进程负责生成多个线程;
每个线程:负责处理用户请求;
并发相应数量:m(子进程数量)*n(每个子进程所能创建的最大线程数 量)
③event:事件驱动模型(多进程模型),每个进程响应多个请求。
一个主进程:负责生成子进程以处理用户请求,并回收子进程,负责创 建套接字,不处理请求,只将请求派发给某子进程进行处 理;
子进程:基于事件驱动机制直接响应多个请求;
http-2.2中为测试使用模型,2.4可在生产环境中使用。
http的程序版本:
http 1.3、2.0、2.2、2.4(目前最新稳定版)
http的功能:
①CGI:Common Gateway Interface(通用网关接口)
②虚拟主机:IP,PORT,FQDN
③反向代理
④负载均衡机制
⑤路径别名
⑥丰富的用户认证机制(basic,digest)
⑦支持第三方模块
.....
安装http:
rpm包:CentOS发行版中直接提供
编译安装:定制新功能,补漏洞等其他原因采用。
httpd的程序环境:
CentOS 6:http-2.2
配置文件:/etc/httpd/conf/httpd.conf
/etc/httpd/conf.d/*.conf
服务脚本:/etc/rc.d/init.d/httpd
脚本配置文件:/etc/sysconfig/httpd
主程序文件:/usr/sbin/httpd (prefork)默认
/usr/sbin/http.event
/usr/sbin/http.worker
日志文件:/var/log/httpd:
access_log:访问日志
error_log:错误日志
站点文档:/var/www/html
模块文件路径:/usr/lib64/httpd/modules
服务控制和启动:chkconfig http on|off
service {start|stop|restart|status|configtest|reload} httpd
CentOS 7:httpd-2.4
配置文件:
/etc/httpd/conf/httpd.conf
/etc/httpd/conf.d/*.conf
模块相关的配置文件:/etc/httpd/conf.modules.d/*.conf
systemd unit file:
/usr/lib/systemd/system/httpd.service
主程序文件:
/usr/sbin/httpd
httpd-2.4支持MPM的动态切换;
日志文件:
/var/log/httpd:
access_log:访问日志
error_log:错误日志
站点文档:
/var/www/html
模块文件路径:
/usr/lib64/httpd/modules
服务控制:
systemctl enable|disable httpd.service
systemctl {start|stop|restart|status} httpd.service
=============================================分割线========================================
httpd-2.2的常用配置:
主配置文件:/etc/httpd/conf/httpd.conf
### Section 1: Global Environment(全局配置段)
### Section 2: ‘Main‘ server configuration(中心主机配置段)
### Section 3: Virtual Hosts(虚拟主机配置段)
(注:第二段和第三段不能同时使用,默认使用第二段)
配置格式:
directive value
directive:不区分字符大小写;
value:为路径时,是否区分字符大小写,取决于文件系统;
常用配置:
1、修改监听的IP和PORT
Listen [IP:]PORT
①省略IP表示为0.0.0.0
②Listen指令可重复出现多次
Listen 80
Listen 8080
(注:修改完需要重启服务)
# # Listen: Allows you to bind Apache to specific IP addresses and/or # ports, in addition to the default. See also the <VirtualHost> # directive. # # Change this to Listen on specific IP addresses as shown below to # prevent Apache from glomming onto all bound IP addresses (0.0.0.0) # #Listen 12.34.56.78:80 Listen 80 Listen 8080 #增加监听端口 [root@Tzz conf]# service httpd restart #重启服务 [root@Tzz conf]# netstat -tnpl | grep "httpd" tcp 0 0 :::8080 :::* LISTEN 3020/httpd tcp 0 0 :::80 :::* LISTEN 3020/httpd
2、持久连接
Persistent Connection:tcp连续建立连接后,每个资源获取完成后不全断开连接,而是继 续等待其他资源请求的进行
如何断开连接:数量限制、时间限制
(注:这种长连接机制会使并发访问量较大的服务器后续的某些请求无法得到正常访问)
我们可以使用较短的持久连接时长,以及较少的请求数量;
# KeepAlive: Whether or not to allow persistent connections (more than # one request per connection). Set to "Off" to deactivate. # KeepAlive on #表示打开持久连接选项 # # MaxKeepAliveRequests: The maximum number of requests to allow # during a persistent connection. Set to 0 to allow an unlimited amount. # We recommend you leave this number high, for maximum performance. # MaxKeepAliveRequests 100 #持久连接的请求数量不能超过100 # # KeepAliveTimeout: Number of seconds to wait for the next request from the # same client on the same connection. # KeepAliveTimeout 15 #持久连接的时间不能超过15秒
3、MPM
http-2.2不支持同时编译多个MPM模块,所以只能编译选择要使用的MPM模块;CentOS 6的rpm包为此专门提供了三个应用程序文件,httpd(prefork)默认使用的MPM模块, httpd.worker, httpd.event,分别用于实现对不同的MPM机制的支持;确认现在使用的是哪下程序文件的方法:
[root@Tzz conf]# ps aux | grep "httpd" root 3446 0.0 0.8 185928 3900 ? Ss 09:50 0:00 /usr/sbin/httpd apache 3449 0.0 0.5 186060 2496 ? S 09:50 0:00 /usr/sbin/httpd apache 3450 0.0 0.5 186060 2516 ? S 09:50 0:00 /usr/sbin/httpd apache 3451 0.0 0.5 186060 2496 ? S 09:50 0:00 /usr/sbin/httpd apache 3452 0.0 0.5 186060 2496 ? S 09:50 0:00 /usr/sbin/httpd apache 3453 0.0 0.5 186060 2496 ? S 09:50 0:00 /usr/sbin/httpd apache 3454 0.0 0.5 186060 2496 ? S 09:50 0:00 /usr/sbin/httpd apache 3455 0.0 0.5 186060 2496 ? S 09:50 0:00 /usr/sbin/httpd apache 3456 0.0 0.5 186060 2496 ? S 09:50 0:00 /usr/sbin/httpd root 3458 0.0 0.1 103308 852 pts/0 S+ 09:50 0:00 grep httpd
[root@Tzz conf]# /usr/sbin/httpd -l #查看静态编译的模块: Compiled in modules: core.c prefork.c http_core.c mod_so.c
[root@Tzz conf]# /usr/sbin/httpd -M #查看静态编译及动态编译的模块 Loaded Modules: core_module (static) mpm_prefork_module (static) http_module (static) so_module (static) auth_basic_module (shared) auth_digest_module (shared) authn_file_module (shared) authn_alias_module (shared) authn_anon_module (shared) authn_dbm_module (shared) authn_default_module (shared) authz_host_module (shared) authz_user_module (shared) authz_owner_module (shared) authz_groupfile_module (shared) authz_dbm_module (shared) authz_default_module (shared) ldap_module (shared) authnz_ldap_module (shared) include_module (shared) log_config_module (shared) logio_module (shared) env_module (shared) ext_filter_module (shared) mime_magic_module (shared) expires_module (shared) deflate_module (shared) headers_module (shared) usertrack_module (shared) setenvif_module (shared) mime_module (shared) dav_module (shared) status_module (shared) autoindex_module (shared) info_module (shared) dav_fs_module (shared) vhost_alias_module (shared) negotiation_module (shared) dir_module (shared) actions_module (shared) speling_module (shared) userdir_module (shared) alias_module (shared) substitute_module (shared) rewrite_module (shared) proxy_module (shared) proxy_balancer_module (shared) proxy_ftp_module (shared) proxy_http_module (shared) proxy_ajp_module (shared) proxy_connect_module (shared) cache_module (shared) suexec_module (shared) disk_cache_module (shared) cgi_module (shared) version_module (shared) dnssd_module (shared) Syntax OK
更换使用httpd程序,以支持其它MPM机制;
[root@Tzz conf]# vim /etc/sysconfig/httpd # Configuration file for the httpd service. # # The default processing model (MPM) is the process-based # ‘prefork‘ model. A thread-based model, ‘worker‘, is also # available, but does not work with some modules (such as PHP). # The service must be stopped before changing this variable. # HTTPD=/usr/sbin/httpd.worker #修改时先关闭服务(httpd-2.2不支持event模式) [root@Tzz conf]# ps aux | grep "httpd" root 3298 0.0 0.8 186136 4116 ? Ss 09:48 0:00 /usr/sbin/httpd.worker apache 3301 0.0 0.6 530396 3348 ? Sl 09:48 0:00 /usr/sbin/httpd.worker apache 3303 0.0 0.6 530396 3340 ? Sl 09:48 0:00 /usr/sbin/httpd.worker apache 3304 0.0 0.6 530396 3340 ? Sl 09:48 0:00 /usr/sbin/httpd.worker root 3414 0.0 0.1 103308 852 pts/0 S+ 09:48 0:00 grep httpd
MPM的配置:
prefork的配置
[root@Tzz conf]# vim httpd.conf # prefork MPM # StartServers: number of server processes to start # MinSpareServers: minimum number of server processes which are kept spare # MaxSpareServers: maximum number of server processes which are kept spare # ServerLimit: maximum value for MaxClients for the lifetime of the server # MaxClients: maximum number of server processes allowed to start # MaxRequestsPerChild: maximum number of requests a server process serves <IfModule prefork.c> StartServers 8 #服务器启动时默认开启的进程数目 MinSpareServers 5 #最少空闲进程数 MaxSpareServers 20 #最大空闲进程 ServerLimit 256 #允许启动的最大在线进程数量 MaxClients 256 #最大并发响应数量 MaxRequestsPerChild 4000 #每个子进程可以处理的最大请求数量 </IfModule>
worker的配置:
[root@Tzz conf]# vim httpd.conf # worker MPM # StartServers: initial number of server processes to start # MaxClients: maximum number of simultaneous client connections # MinSpareThreads: minimum number of worker threads which are kept spare # MaxSpareThreads: maximum number of worker threads which are kept spare # ThreadsPerChild: constant number of worker threads in each server process # MaxRequestsPerChild: maximum number of requests a server process serves <IfModule worker.c> StartServers 4 #默认启动进程数 MaxClients 300 #最大并发响应数量 MinSpareThreads 25 #最小空闲线程数量 MaxSpareThreads 75 #最大空闲线程数量 ThreadsPerChild 25 #每个进程最大可以生成的线程 MaxRequestsPerChild 0 #每个线程能处理的最大请求数量(0表示无限 </IfModule>
( PV,UV
PV:Page View
UV: User View )
4、DSO(动态共享对象)
配置指定配置文件实现模块加载
LoadModule <mod_name> <mod_path>
模块文件路径可使用相对路径:
相对于ServerRoot(默认/etc/httpd)
# # Dynamic Shared Object (DSO) Support # # To be able to use the functionality of a module which was built as a DSO you # have to place corresponding `LoadModule‘ lines at this location so the # directives contained in it are actually available _before_ they are used. # Statically compiled modules (those listed by `httpd -l‘) do not need # to be loaded here. # # Example: # LoadModule foo_module modules/mod_foo.so # LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule auth_digest_module modules/mod_auth_digest.so LoadModule authn_file_module modules/mod_authn_file.so LoadModule authn_alias_module modules/mod_authn_alias.so LoadModule authn_anon_module modules/mod_authn_anon.so LoadModule authn_dbm_module modules/mod_authn_dbm.so #已经装载的模块(没完整列出) # The following modules are not loaded by default: # #LoadModule asis_module modules/mod_asis.so #LoadModule authn_dbd_module modules/mod_authn_dbd.so #LoadModule cern_meta_module modules/mod_cern_meta.so #LoadModule cgid_module modules/mod_cgid.so #LoadModule dbd_module modules/mod_dbd.so #LoadModule dumpio_module modules/mod_dumpio.so #LoadModule filter_module modules/mod_filter.so #LoadModule ident_module modules/mod_ident.so #LoadModule log_forensic_module modules/mod_log_forensic.so #LoadModule unique_id_module modules/mod_unique_id.so #没有装载的模块
5、中心主机,定义‘Main‘server的文档页面路径
DocumentRoot ""
文档路径映射:
DoucmentRoot指向的路径为URL路径的起始位置
其相当于站点URL的根路径:
例如:(FileSystem) /web/host1/index.html --> (URL) /index.html
# # DocumentRoot: The directory out of which you will serve your # documents. By default, all requests are taken from this directory, but # symbolic links and aliases may be used to point to other locations. # DocumentRoot "/var/www/html" #此为访问页面URL的根目录
修改访问页面的根目录:
# # DocumentRoot: The directory out of which you will serve your # documents. By default, all requests are taken from this directory, but # symbolic links and aliases may be used to point to other locations. # DocumentRoot "/web/host1" #此处修改为我提前创建好的目录 [root@Tzz conf]# vim /web/host1/index.html <h1>New Location</h1> #此为我修改后的页面文档内容 [root@Tzz conf]# service httpd reload Reloading httpd:
验证结果:
更改完配置文件中的中心文档页面路径之后主页面就会显示我们事先预定好的页面文档内容。
6、站点访问控制常见机制
可基于两种机制指明对哪些资源进行何种访问控制
①文件系统路径:
<Directory "">
....
</Directory>
<File "">
....
</File>
②URL路径:
<Location "">
....
</Location>
<Directory>中“基于源地址”实现访问控制:
<Directory "/var/www/html"> # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn‘t give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.2/mod/core.html#options # for more information. # Options Indexes FollowSymLinks # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride None # # Controls who can get stuff from this server. # Order allow,deny Allow from all </Directory>
(1) Options:后跟1个或多个以空白字符分隔的“选项”列表;
# # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn‘t give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.2/mod/core.html#options # for more information. # Options Indexes FollowSymLinks
1)Indexes:指明的URL路径下不存在与定义的主页面资源相符的资源文件时,返回索引列 表给用户;(明确该页面为下载站点时启用)
2)FollowSymLinks:允许跟踪符号链接文件所指向的源文件;
3)None
4)All
测试Idexes的结果:
<Directory "/web/host1"> # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn‘t give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.2/mod/core.html#options # for more information. # Options Indexes FollowSymLinks [root@Tzz conf]# service httpd reload Reloading httpd:
Options中如果有Indexes选项时,当你查找的请求没有对应资源时就会返回请求路径下的文件列表,如下图所示:(此种方法不安全,当网站中存放有重要数据时返回出来的数据就能被用户随意查看了,只有在下载页面上才有必要开启此功能)
把该选项去掉后就会提示没有权限:
Options FollowSymLinks
测试FollowSymLinks选项:
[root@Tzz host1]# ln -sv /etc/fstab /web/host1/test2.html #在根URL下创建fstab的符号链接 `/web/host1/test2.html‘ -> `/etc/fstab‘ [root@Tzz host1]# ll total 4 lrwxrwxrwx 1 root root 10 Jan 12 12:00 test2.html -> /etc/fstab -rw-r--r-- 1 root root 23 Jan 12 10:34 test.html [root@Tzz host1]# service httpd reload Reloading httpd:
(2) AllowOverride
与访问控制相关的哪些指令可以放在.htaccess文件中(每个目录下都可以有一个);
但会降低网页解析性能
# # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride None
1)All:
2)None:
(3) order和allow、deny
order:定义生效次序;写在后面的表示默认法则;
Allow from, Deny from
来源地址:
IP
NetAddr:
172.16
172.16.0.0
172.16.0.0/16
172.16.0.0/255.255.0.0
# # Controls who can get stuff from this server. # Order allow,deny Allow from all
7、定义站点主页面
# # DirectoryIndex: sets the file that Apache will serve if a directory # is requested. # # The index.html.var file (a type-map) is used to deliver content- # negotiated documents. The MultiViews Option can be used for the # same purpose, but it is much slower. # DirectoryIndex index.html index.html.var #默认为这两个文件为主页面
8、定义路径别名(路径映射)
格式:Alias /URL/ "/PATH/TO/SOMEFILE"
定义路径别名:
[root@Tzz conf]# mkdir /web/host1/download [root@Tzz conf]# cd /web/host1/download [root@Tzz download]# vim index.html <h1>/web/host1/download</h1> [root@Tzz download]# mkdir -pv /www/host1 mkdir: created directory `/www‘ mkdir: created directory `/www/host1‘ [root@Tzz download]# vim /www/host1/index.html <h1>/www/host1</h1>
[root@Tzz download]# cd /etc/httpd/conf [root@Tzz conf]# vim httpd.conf Alias /icons/ "/var/www/icons/" Alias /download/ "/www/host1/" [root@Tzz conf]# service httpd reload Reloading httpd:
9、设定默认字符集
# # Specify a default charset for all content served; this enables # interpretation of all content as UTF-8 by default. To use the # default browser choice (ISO-8859-1), or to allow the META tags # in HTML content to override this choice, comment out this # directive: # AddDefaultCharset UTF-8
中文字符集:GBK, GB2312, GB18030
原文地址:http://tz666.blog.51cto.com/10990100/1734328
