1 # 2 # This is the main Apache HTTP server configuration file. It contains the 3 # configuration directives(官方指示) that give the server its instructions(指示). 4 # See <URL:http://httpd.apache.org/docs/2.4/> for detailed information. 5 # In particular, see 6 # <URL:http://httpd.apache.org/docs/2.4/mod/directives.html> 7 # for a discussion of each configuration directive. 8 # 9 # Do NOT simply read the instructions in here without understanding 10 # what they do. They‘re here only as hints or reminders. If you are unsure 11 # consult the online docs. You have been warned. 12 # 13 # Configuration and logfile names: If the filenames you specify for many 14 # of the server‘s control files begin with "/" (or "drive:/" for Win32), the 15 # server will use that explicit path. If the filenames do *not* begin 16 # with "/", the value of ServerRoot is prepended -- so "logs/access_log" 17 # with ServerRoot set to "/usr/local/apache2" will be interpreted(理解) by the 18 # server as "/usr/local/apache2/logs/access_log", whereas(然而) "/logs/access_log" 19 # will be interpreted as ‘/logs/access_log‘. 20 21 # 22 # ServerRoot: The top of the directory tree under which the server‘s 23 # configuration, error, and log files are kept. 24 # 25 # Do not add a slash at the end of the directory path. If you point 26 # ServerRoot at a non-local disk, be sure to specify a local disk on the 27 # Mutex(互斥) directive, if file-based mutexes are used. If you wish to share the 28 # same ServerRoot for multiple httpd daemons(守护进程), you will need to change at 29 # least PidFile. 30 # 31 ServerRoot "/usr/local/apache" 32 33 # 34 # Mutex: Allows you to set the mutex mechanism and mutex file directory 35 # for individual mutexes, or change the global defaults 36 # 37 # Uncomment and change the directory if mutexes are file-based and the default 38 # mutex file directory is not on a local disk or is not appropriate for some 39 # other reason. 40 # 41 # Mutex default:logs 42 43 # 44 # Listen: Allows you to bind Apache to specific IP addresses and/or 45 # ports, instead of the default. See also the <VirtualHost> 46 # directive. 47 # 48 # Change this to Listen on specific IP addresses as shown below to 49 # prevent Apache from glomming onto all bound IP addresses. 50 # 51 #Listen 12.34.56.78:80 52 Listen 39.106.30.67:80 53 Listen 80 54 55 # 56 # Dynamic Shared Object (DSO) Support 57 # 58 # To be able to use the functionality of a module which was built as a DSO you 59 # have to place corresponding `LoadModule‘ lines at this location so the 60 # directives contained in it are actually available _before_ they are used. 61 # Statically compiled modules (those listed by `httpd -l‘) do not need 62 # to be loaded here. 63 # 64 # Example: 65 # LoadModule foo_module modules/mod_foo.so 66 # 67 LoadModule authn_file_module modules/mod_authn_file.so 68 LoadModule authn_dbm_module modules/mod_authn_dbm.so 69 LoadModule authn_anon_module modules/mod_authn_anon.so 70 LoadModule authn_dbd_module modules/mod_authn_dbd.so 71 LoadModule authn_socache_module modules/mod_authn_socache.so 72 LoadModule authn_core_module modules/mod_authn_core.so 73 LoadModule authz_host_module modules/mod_authz_host.so 74 LoadModule authz_groupfile_module modules/mod_authz_groupfile.so 75 LoadModule authz_user_module modules/mod_authz_user.so 76 LoadModule authz_dbm_module modules/mod_authz_dbm.so 77 LoadModule authz_owner_module modules/mod_authz_owner.so 78 LoadModule authz_dbd_module modules/mod_authz_dbd.so 79 LoadModule authz_core_module modules/mod_authz_core.so 80 LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so 81 LoadModule access_compat_module modules/mod_access_compat.so 82 LoadModule auth_basic_module modules/mod_auth_basic.so 83 LoadModule auth_form_module modules/mod_auth_form.so 84 LoadModule auth_digest_module modules/mod_auth_digest.so 85 #LoadModule allowmethods_module modules/mod_allowmethods.so 86 #LoadModule isapi_module modules/mod_isapi.so 87 #LoadModule file_cache_module modules/mod_file_cache.so 88 LoadModule cache_module modules/mod_cache.so 89 #LoadModule cache_disk_module modules/mod_cache_disk.so 90 LoadModule cache_socache_module modules/mod_cache_socache.so 91 LoadModule socache_shmcb_module modules/mod_socache_shmcb.so 92 LoadModule socache_dbm_module modules/mod_socache_dbm.so 93 LoadModule socache_memcache_module modules/mod_socache_memcache.so 94 #LoadModule watchdog_module modules/mod_watchdog.so 95 #LoadModule macro_module modules/mod_macro.so 96 #LoadModule dbd_module modules/mod_dbd.so 97 #LoadModule bucketeer_module modules/mod_bucketeer.so 98 #LoadModule dumpio_module modules/mod_dumpio.so 99 LoadModule echo_module modules/mod_echo.so 100 #LoadModule example_hooks_module modules/mod_example_hooks.so 101 LoadModule case_filter_module modules/mod_case_filter.so 102 LoadModule case_filter_in_module modules/mod_case_filter_in.so 103 #LoadModule example_ipc_module modules/mod_example_ipc.so 104 LoadModule buffer_module modules/mod_buffer.so 105 LoadModule data_module modules/mod_data.so 106 LoadModule ratelimit_module modules/mod_ratelimit.so 107 LoadModule reqtimeout_module modules/mod_reqtimeout.so 108 LoadModule ext_filter_module modules/mod_ext_filter.so 109 LoadModule request_module modules/mod_request.so 110 LoadModule include_module modules/mod_include.so 111 LoadModule filter_module modules/mod_filter.so 112 LoadModule reflector_module modules/mod_reflector.so 113 LoadModule substitute_module modules/mod_substitute.so 114 LoadModule sed_module modules/mod_sed.so 115 LoadModule charset_lite_module modules/mod_charset_lite.so 116 LoadModule deflate_module modules/mod_deflate.so 117 LoadModule xml2enc_module modules/mod_xml2enc.so 118 LoadModule proxy_html_module modules/mod_proxy_html.so 119 LoadModule mime_module modules/mod_mime.so 120 LoadModule log_config_module modules/mod_log_config.so 121 #LoadModule log_debug_module modules/mod_log_debug.so 122 #LoadModule log_forensic_module modules/mod_log_forensic.so 123 #LoadModule logio_module modules/mod_logio.so 124 LoadModule env_module modules/mod_env.so 125 #LoadModule mime_magic_module modules/mod_mime_magic.so 126 #LoadModule cern_meta_module modules/mod_cern_meta.so 127 LoadModule expires_module modules/mod_expires.so 128 LoadModule headers_module modules/mod_headers.so 129 #LoadModule ident_module modules/mod_ident.so 130 #LoadModule usertrack_module modules/mod_usertrack.so 131 #LoadModule unique_id_module modules/mod_unique_id.so 132 LoadModule setenvif_module modules/mod_setenvif.so 133 LoadModule version_module modules/mod_version.so 134 #LoadModule remoteip_module modules/mod_remoteip.so 135 LoadModule proxy_module modules/mod_proxy.so 136 LoadModule proxy_connect_module modules/mod_proxy_connect.so 137 LoadModule proxy_ftp_module modules/mod_proxy_ftp.so 138 LoadModule proxy_http_module modules/mod_proxy_http.so 139 LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so 140 LoadModule proxy_scgi_module modules/mod_proxy_scgi.so 141 #LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so 142 #LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so 143 #LoadModule proxy_ajp_module modules/mod_proxy_ajp.so 144 #LoadModule proxy_balancer_module modules/mod_proxy_balancer.so 145 #LoadModule proxy_express_module modules/mod_proxy_express.so 146 #LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so 147 LoadModule session_module modules/mod_session.so 148 LoadModule session_cookie_module modules/mod_session_cookie.so 149 #LoadModule session_dbd_module modules/mod_session_dbd.so 150 #LoadModule slotmem_shm_module modules/mod_slotmem_shm.so 151 #LoadModule slotmem_plain_module modules/mod_slotmem_plain.so 152 LoadModule ssl_module modules/mod_ssl.so 153 #LoadModule optional_hook_export_module modules/mod_optional_hook_export.so 154 #LoadModule optional_hook_import_module modules/mod_optional_hook_import.so 155 #LoadModule optional_fn_import_module modules/mod_optional_fn_import.so 156 #LoadModule optional_fn_export_module modules/mod_optional_fn_export.so 157 #LoadModule dialup_module modules/mod_dialup.so 158 LoadModule http2_module modules/mod_http2.so 159 LoadModule proxy_http2_module modules/mod_proxy_http2.so 160 #LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so 161 #LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so 162 #LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so 163 #LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so 164 LoadModule unixd_module modules/mod_unixd.so 165 #LoadModule heartbeat_module modules/mod_heartbeat.so 166 #LoadModule heartmonitor_module modules/mod_heartmonitor.so 167 LoadModule dav_module modules/mod_dav.so 168 LoadModule status_module modules/mod_status.so 169 LoadModule autoindex_module modules/mod_autoindex.so 170 #LoadModule asis_module modules/mod_asis.so 171 LoadModule info_module modules/mod_info.so 172 LoadModule suexec_module modules/mod_suexec.so 173 <IfModule !mpm_prefork_module> 174 #LoadModule cgid_module modules/mod_cgid.so 175 </IfModule> 176 <IfModule mpm_prefork_module> 177 #LoadModule cgi_module modules/mod_cgi.so 178 </IfModule> 179 LoadModule dav_fs_module modules/mod_dav_fs.so 180 LoadModule dav_lock_module modules/mod_dav_lock.so 181 LoadModule vhost_alias_module modules/mod_vhost_alias.so 182 #LoadModule negotiation_module modules/mod_negotiation.so 183 LoadModule dir_module modules/mod_dir.so 184 #LoadModule imagemap_module modules/mod_imagemap.so 185 LoadModule actions_module modules/mod_actions.so 186 LoadModule speling_module modules/mod_speling.so 187 LoadModule userdir_module modules/mod_userdir.so 188 LoadModule alias_module modules/mod_alias.so 189 LoadModule rewrite_module modules/mod_rewrite.so 190 #LoadModule php5_module modules/libphp5.so 191 LoadModule php7_module modules/libphp7.so 192 PHPIniDir /usr/local/php7/etc 193 194 <IfModule unixd_module> 195 # 196 # If you wish httpd to run as a different user or group, you must run 197 # httpd as root initially and it will switch. 198 # 199 # User/Group: The name (or #number) of the user/group to run httpd as. 200 # It is usually good practice to create a dedicated user and group for 201 # running httpd, as with most system services. 202 # 203 User apache 204 Group apache 205 206 </IfModule> 207 208 # ‘Main‘ server configuration 209 # 210 # The directives in this section set up the values used by the ‘main‘ 211 # server, which responds to any requests that aren‘t handled by a 212 # <VirtualHost> definition. These values also provide defaults for 213 # any <VirtualHost> containers you may define later in the file. 214 # 215 # All of these directives may appear inside <VirtualHost> containers, 216 # in which case these default settings will be overridden for the 217 # virtual host being defined. 218 # 219 220 # 221 # ServerAdmin: Your address, where problems with the server should be 222 # e-mailed. This address appears on some server-generated pages, such 223 # as error documents. e.g. [email protected]domain.com 224 # 225 #ServerAdmin [email protected] 226 ServerAdmin 284053253@qq.com 227 228 # 229 # ServerName gives the name and port that the server uses to identify itself. 230 # This can often be determined automatically, but we recommend you specify 231 # it explicitly to prevent problems during startup. 232 # 233 # If your host doesn‘t have a registered DNS name, enter its IP address here. 234 # 235 ServerName 0.0.0.0:80 236 237 # 238 # Deny access to the entirety of your server‘s filesystem. You must 239 # explicitly permit access to web content directories in other 240 # <Directory> blocks below. 241 # 242 <Directory /> 243 AllowOverride none 244 #Require all denied 245 </Directory> 246 247 # 248 # Note that from this point forward you must specifically allow 249 # particular features to be enabled - so if something‘s not working as 250 # you might expect, make sure that you have specifically enabled it 251 # below. 252 # 253 254 # 255 # DocumentRoot: The directory out of which you will serve your 256 # documents. By default, all requests are taken from this directory, but 257 # symbolic links and aliases may be used to point to other locations. 258 # 259 DocumentRoot "/data/www/default" 260 <Directory "/data/www/default"> 261 # 262 # Possible values for the Options directive are "None", "All", 263 # or any combination of: 264 # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews 265 # 266 # Note that "MultiViews" must be named *explicitly* --- "Options All" 267 # doesn‘t give it to you. 268 # 269 # The Options directive is both complicated and important. Please see 270 # http://httpd.apache.org/docs/2.4/mod/core.html#options 271 # for more information. 272 # 273 Options Indexes FollowSymLinks 274 275 # 276 # AllowOverride controls what directives may be placed in .htaccess files. 277 # It can be "All", "None", or any combination of the keywords: 278 # AllowOverride FileInfo AuthConfig Limit 279 # 280 AllowOverride None 281 282 # 283 # Controls who can get stuff from this server. 284 # 285 #Require all granted 286 </Directory> 287 288 # 289 # DirectoryIndex: sets the file that Apache will serve if a directory 290 # is requested. 291 # 292 <IfModule dir_module> 293 DirectoryIndex index.html index.php 294 </IfModule> 295 296 # 297 # The following lines prevent .htaccess and .htpasswd files from being 298 # viewed by Web clients. 299 # 300 <Files ".ht*"> 301 #Require all denied 302 </Files> 303 304 # 305 # ErrorLog: The location of the error log file. 306 # If you do not specify an ErrorLog directive within a <VirtualHost> 307 # container, error messages relating to that virtual host will be 308 # logged here. If you *do* define an error logfile for a <VirtualHost> 309 # container, that host‘s errors will be logged there and not here. 310 # 311 ErrorLog "logs/error_log" 312 313 # 314 # LogLevel: Control the number of messages logged to the error_log. 315 # Possible values include: debug, info, notice, warn, error, crit, 316 # alert, emerg. 317 # 318 LogLevel warn 319 320 <IfModule log_config_module> 321 # 322 # The following directives define some format nicknames for use with 323 # a CustomLog directive (see below). 324 # 325 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined 326 LogFormat "%h %l %u %t \"%r\" %>s %b" common 327 328 <IfModule logio_module> 329 # You need to enable mod_logio.c to use %I and %O 330 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio 331 </IfModule> 332 333 # 334 # The location and format of the access logfile (Common Logfile Format). 335 # If you do not define any access logfiles within a <VirtualHost> 336 # container, they will be logged here. Contrariwise(反之), if you *do* 337 # define per-<VirtualHost> access logfiles, transactions will be 338 # logged therein and *not* in this file. 339 # 340 CustomLog "logs/access_log" common 341 342 # 343 # If you prefer a logfile with access, agent, and referer information 344 # (Combined Logfile Format) you can use the following directive. 345 # 346 #CustomLog "logs/access_log" combined 347 </IfModule> 348 349 <IfModule alias_module> 350 # 351 # Redirect: Allows you to tell clients about documents that used to 352 # exist in your server‘s namespace, but do not anymore. The client 353 # will make a new request for the document at its new location. 354 # Example: 355 # Redirect permanent /foo http://www.example.com/bar 356 357 # 358 # Alias: Maps web paths into filesystem paths and is used to 359 # access content that does not live under the DocumentRoot. 360 # Example: 361 # Alias /webpath /full/filesystem/path 362 # 363 # If you include a trailing / on /webpath then the server will 364 # require it to be present in the URL. You will also likely 365 # need to provide a <Directory> section to allow access to 366 # the filesystem path. 367 368 # 369 # ScriptAlias: This controls which directories contain server scripts. 370 # ScriptAliases are essentially the same as Aliases, except that 371 # documents in the target directory are treated as applications and 372 # run by the server when requested rather than as documents sent to the 373 # client. The same rules about trailing "/" apply to ScriptAlias 374 # directives as to Alias. 375 # 376 ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/" 377 378 </IfModule> 379 380 <IfModule cgid_module> 381 # 382 # ScriptSock: On threaded servers, designate(指派) the path to the UNIX 383 # socket used to communicate with the CGI daemon of mod_cgid. 384 # 385 #Scriptsock cgisock 386 </IfModule> 387 388 # 389 # "/usr/local/apache/cgi-bin" should be changed to whatever your ScriptAliased 390 # CGI directory exists, if you have that configured. 391 # 392 <Directory "/usr/local/apache/cgi-bin"> 393 AllowOverride None 394 Options None 395 Require all granted 396 </Directory> 397 398 <IfModule headers_module> 399 # 400 # Avoid passing HTTP_PROXY environment to CGI‘s on this or any proxied 401 # backend servers which have lingering(拖延) "httpoxy" defects. 402 # ‘Proxy‘ request header is undefined by the IETF, not listed by IANA 403 # 404 RequestHeader unset Proxy early 405 </IfModule> 406 407 <IfModule mime_module> 408 # 409 # TypesConfig points to the file containing the list of mappings from 410 # filename extension to MIME-type. 411 # 412 TypesConfig conf/mime.types 413 414 # 415 # AddType allows you to add to or override the MIME configuration 416 # file specified in TypesConfig for specific file types. 417 # 418 #AddType application/x-gzip .tgz 419 # 420 # AddEncoding allows you to have certain browsers uncompress 421 # information on the fly. Note: Not all browsers support this. 422 # 423 #AddEncoding x-compress .Z 424 #AddEncoding x-gzip .gz .tgz 425 # 426 # If the AddEncoding directives above are commented-out, then you 427 # probably should define those extensions to indicate media types: 428 # 429 AddType application/x-compress .Z 430 AddType application/x-httpd-php .php .phtml 431 AddType appication/x-httpd-php-source .phps 432 AddType application/x-gzip .gz .tgz 433 434 # 435 # AddHandler allows you to map certain file extensions to "handlers": 436 # actions unrelated to filetype. These can be either built into the server 437 # or added with the Action directive (see below) 438 # 439 # To use CGI scripts outside of ScriptAliased directories: 440 # (You will also need to add "ExecCGI" to the "Options" directive.) 441 # 442 #AddHandler cgi-script .cgi 443 444 # For type maps (negotiated resources): 445 #AddHandler type-map var 446 447 # 448 # Filters allow you to process content before it is sent to the client. 449 # 450 # To parse .shtml files for server-side includes (SSI): 451 # (You will also need to add "Includes" to the "Options" directive.) 452 # 453 #AddType text/html .shtml 454 #AddOutputFilter INCLUDES .shtml 455 </IfModule> 456 457 # 458 # The mod_mime_magic module allows the server to use various hints from the 459 # contents of the file itself to determine its type. The MIMEMagicFile 460 # directive tells the module where the hint definitions are located. 461 # 462 #MIMEMagicFile conf/magic 463 464 # 465 # Customizable error responses come in three flavors: 466 # 1) plain text 2) local redirects 3) external redirects 467 # 468 # Some examples: 469 #ErrorDocument 500 "The server made a boo boo." 470 #ErrorDocument 404 /missing.html 471 #ErrorDocument 404 "/cgi-bin/missing_handler.pl" 472 #ErrorDocument 402 http://www.example.com/subscription_info.html 473 # 474 475 # 476 # MaxRanges: Maximum number of Ranges in a request before 477 # returning the entire resource, or one of the special 478 # values ‘default‘, ‘none‘ or ‘unlimited‘. 479 # Default setting is to accept 200 Ranges. 480 #MaxRanges unlimited 481 482 # 483 # EnableMMAP and EnableSendfile: On systems that support it, 484 # memory-mapping or the sendfile syscall may be used to deliver 485 # files. This usually improves server performance, but must 486 # be turned off when serving from networked-mounted 487 # filesystems or if support for these functions is otherwise 488 # broken on your system. 489 # Defaults: EnableMMAP On, EnableSendfile Off 490 # 491 #EnableMMAP off 492 #EnableSendfile on 493 494 # Supplemental configuration 495 # 496 # The configuration files in the conf/extra/ directory can be 497 # included to add extra features or to modify the default configuration of 498 # the server, or you may simply copy their contents here and change as 499 # necessary. 500 501 # Server-pool management (MPM specific) 502 #Include conf/extra/httpd-mpm.conf 503 504 # Multi-language error messages 505 #Include conf/extra/httpd-multilang-errordoc.conf 506 507 # Fancy directory listings 508 #Include conf/extra/httpd-autoindex.conf 509 510 # Language settings 511 #Include conf/extra/httpd-languages.conf 512 513 # User home directories 514 #Include conf/extra/httpd-userdir.conf 515 516 # Real-time info on requests and configuration 517 Include conf/extra/httpd-info.conf 518 519 # Virtual hosts 520 Include conf/extra/httpd-vhosts.conf 521 522 # Local access to the Apache HTTP Server Manual 523 #Include conf/extra/httpd-manual.conf 524 525 # Distributed authoring and versioning (WebDAV) 526 #Include conf/extra/httpd-dav.conf 527 528 # Various default settings 529 #Include conf/extra/httpd-default.conf 530 531 # Configure mod_proxy_html to understand HTML4/XHTML1 532 <IfModule proxy_html_module> 533 Include conf/extra/proxy-html.conf 534 </IfModule> 535 536 # Secure (SSL/TLS) connections 537 Include conf/extra/httpd-ssl.conf 538 # 539 # Note: The following must must be present to support 540 # starting without SSL on platforms with no /dev/random equivalent 541 # but a statically compiled-in mod_ssl. 542 # 543 <IfModule ssl_module> 544 SSLRandomSeed startup builtin 545 SSLRandomSeed connect builtin 546 </IfModule> 547 548 ServerTokens ProductOnly 549 ProtocolsHonorOrder On 550 Protocols h2 http/1.1 551 552 RewriteEngine on 553 RewriteCond %{SERVER_PORT} !^443$ 554 RewriteRule ^/?(.*)$ https://%{SERVER_NAME}/$1 [L,R]
这是apache http 服务器的主配置文件。包含发送给服务器的指令。查看细节:http://httpd.apache.org/docs/2.4/,特别是http://httpd.apache.org/docs/2.4/mod/directives.html,可以对每个指令进行讨论。不要只简单的读读这个配置文件,他们的介绍都是很粗略的,如果你不曾详细了解线上文档,可能会处处遇到警告。
Configuration and logfile names:如果你用/或者win32下的盘符:/指定了控制文件路径的话,则使用它,如果没有,则会前缀ServerRoot,比如日志文件access/access_log,而ServerRoot被设置为/usr/local/apache2,就会被连缀成/usr/local/apache2/logs/access_log去操作那个文件。ServerRoot是error,log等文件保存的根目录。
不要在所有目录结尾添加反斜杠。如果你的ServerRoot不是本地磁盘,如果使用基于文件的互斥的话,应该在互斥指令上指定本地盘。ServerRoot用于指定守护进程httpd的运行目录,httpd在启动之后将自动将进程的当前目录改变为这个目录,因此如果设置文件中指定的文件或目录是相对路径,那么真实路径就位于这个ServerRoot定义的路径之下。一定要在本地磁盘中指定一个LockFile指令。如果你希望让多个httpd守护进程共享服务器根目录,你至少需要更改LockFile和PidFile。
**ServerRoot "/usr/local/apache"
**ScoreBoardFile /var/run/httpd.scoreboard
httpd使用ScoreBoardFile来维护进程的内部数据,因此通常不需要改变这个参数,除非管理员想在一台计算机上运行几个Apache服务器,这时每个Apache服务器都需要独立的设置文件htt pd.conf,并使用不同的ScoreBoardFile。
互斥:允许你为多个不同的互斥对象设置互斥机制【mutex mechanism】和互斥文件目录,或者修改全局默认值。如果互斥对象是基于文件的以及默认的互斥文件目录不在本地磁盘或因为其它原因而不适用,那么取消注释并改变目录。【下面这个命令是改变互斥对象的目录】。
**Mutex default: logs (详解mutex)
A mutex is the basic synchronization method used within Traffic Server to protect data from simultaneous access by multiple threads. A mutex acts as a lock that protects data in one program thread from being accessed by another thread.
它的作用就是枢纽服务器的基础异步方法,用于保护多线程的相同请求的数据的保护。就像一个锁,对于一个程序线程来说,确保不能被另一个线程访问。
Listen:允许将ip和/或端口号绑定到apache,替代默认设置。参看<VirtualHost>指令。如Listen 12.34.56.78:80或者Listen:80来让特定ip或端口开放,可以阻止apache上绑定的所有ip被访问到。这是个必须指定的指令,否则无法启动。
When httpd starts, it binds to some port and address on the local machine and waits for incoming requests. By default, it listens to all addresses on the machine. However, it may need to be told to listen on specific ports, or only on selected addresses, or a combination of both. This is often combined with the Virtual Host feature, which determines how httpd
responds to different IP addresses, hostnames and ports.
The Listen
directive tells the server to accept incoming requests only on the specified port(s) or address-and-port combinations. If only a port number is specified in the Listen
directive, the server listens to the given port on all interfaces. If an IP address is given as well as a port, the server will listen on the given port and interface. Multiple Listen
directives may be used to specify a number of addresses and ports to listen on. The server will respond to requests from any of the listed addresses and ports.
httpd启动时,绑定了端口和地址在本机上,等候进入的请求。默认情况下,它坚挺所有这台及其上的地址,然后可以按需要指定端口或者地址,或者二者复合。通常结合虚拟主机特性,由它来决定响应不同的地址和端口请求。
动态共享对象支持(Dymanic shared object DSO)。为了能使用打包成DSO的module的功能,你可以在使用前添加相应的"LoadModule"在这个位置,静态编译的modules(可以通过httpd -l列出来)不需要在这里加载。
User/Group: 如果你希望httpd以不同用户和组运行,必须以root进行初始化,并且将切换。使用名字或数字来运行httpd,跟多数系统服务一样创建一个独立的用户或组来运行httpd是个良好的实践。
<IfModule unixd_module>
User apache
Group apache
</IfModule>
主服务配置。这个区块设置的值由主服务使用,它将对所有<VirtualHost>不做响应的请求进行响应。这些值为<VirtualHost>容器提供了默认值。所有这些指令可以出现在<VirtualHost>容器中,如果在<VirtualHost>中作了定义,将对这里的值覆盖。
ServerAdmin:你的地址,服务器的问题如何联系的邮箱。这个邮箱经常会出现在服务器管理页面,比如错误文档。
ServerName:给出服务器名字和端口,用于识别自身。这通常都是自动的,但是提醒你还是明确指定以避免启动中的问题。ServerName 0.0.0.0:80
<Directory />
AllowOverride none
#Require all denied
</Directory>
对全部服务器文件系统项进行否定访问,在其他的<Directory>块中必须明确允许访问到web内容目录。
注意在这个点往前,必须特别允许特定的属性为enabled,如果有些工作不合乎期望,确保已经指定为enabled。
DocumentRoot:对外提供服务的目录。默认情况下,所有的请求来自这个目录,但软连接和别名可能指向其他地方。DocumentRoot "/data/www/default"
<Directory "/data/www/default">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
Options指令的可能值为None,All,或者任何联合项,Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn‘t give it to you.
注意MultiViews不在Options All指定之中,比较特殊。
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
Options指令复杂而重要。查看http://httpd.apache.org/docs/2.4/mod/core.html#options获取更多信息。
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# AllowOverride FileInfo AuthConfig Limit
Apache httpd.conf配置文件AllowOverride参数详解--http://www.upupw.net/server/n73.html
AllowOverride从字面上解释是允许覆盖的意思,即Apache允许另一配置文件覆盖现有配置文件。
我们通常利用Apache的rewrite模块对URL进行重写,rewrite规则会写在 .htaccess 文件里。但要使 apache 能够正常的读取.htaccess 文件的内容,就必须对.htaccess 所在目录进行配置。
从安全性考虑,根目录的AllowOverride属性一般都配置成不允许任何Override,即:
< Directory /> AllowOverride None < /Directory>
在 AllowOverride 设置为 None 时, .htaccess 文件将被完全忽略。当此指令设置为 All 时,所有具有 “.htaccess” 作用域的指令都允许出现在 .htaccess 文件中。
而对于 URL rewrite 来说,至少需要把目录设置为:
< Directory /myblogroot/> AllowOverride FileInfo < /Directory>
以下是AllowOverride的详细参数:
AuthConfig
允许使用与认证授权相关的指令(AuthDBMGroupFile, AuthDBMUserFile, AuthGroupFile, AuthName, AuthType, AuthUserFile, Require, 等)。
FileInfo
允许使用控制文档类型的指令(DefaultType, ErrorDocument, ForceType, LanguagePriority, SetHandler, SetInputFilter, SetOutputFilter, mod_mime中的 Add* 和 Remove* 指令等等)、控制文档元数据的指令(Header, RequestHeader, SetEnvIf, SetEnvIfNoCase, BrowserMatch, CookieExpires, CookieDomain, CookieStyle, CookieTracking, CookieName)、mod_rewrite中的指令(RewriteEngine, RewriteOptions, RewriteBase, RewriteCond, RewriteRule)和mod_actions中的Action指令。
Indexes
允许使用控制目录索引的指令(AddDescription, AddIcon, AddIconByEncoding, AddIconByType, DefaultIcon, DirectoryIndex, FancyIndexing, HeaderName, IndexIgnore, IndexOptions, ReadmeName, 等)。
Limit
允许使用控制主机访问的指令(Allow, Deny, Order)。
Options[=Option,...]
允许使用控制指定目录功能的指令(Options和XBitHack)。可以在等号后面附加一个逗号分隔的(无空格的)Options选项列表,用来控制允许Options指令使用哪些选项。
AllowOverride控制.htaccess文件,可以是All ,None或者任何的复合关键词。
#
AllowOverride None
#
# Controls who can get stuff from this server.
控制哪些可以从服务器取到东西。
#
#Require all granted
</Directory>
DirectoryIndex: 设置如果一个目录被访问的时候apache提供服务的文件。
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>
下面行提供.htaccess和.htpasswd文件中可以被web客户端查看的文件。
<Files ".ht*">
#Require all denied
</Files>
ErrorLog:error log文件的位置,如果你不在<VirtualHost>中指定这个指令值,那么那个虚拟主机容器中的错误消息将记录在这儿。如果你在虚拟容器中指定了,将记录在那儿,而非这儿。
ErrorLog "logs/error_log"
LogLevel:控制被记录到error_log中的信息数量,可能的值包括:debug, info, notice, warn, error, crit, alert, emerg.
LogLevel warn
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
下面的指令定义了一些在CustomLog使用的格式化昵称。
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
%h 客户端ip地址
%l %u 这两个一般不用看
%t 时间
%r 访问方式内容
%>s 状态码
%b 理解为浏览器类型
也就是规定了日志文件中的各个字段的意思。
116.62.209.27 - - [02/Feb/2018:13:04:12 +0800] "GET /phpmyadmin/explicit_not_exist_path HTTP/1.1" 404 232
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
需要使用%I and %O使mod_logio.c可用
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions(事物) will be
# logged therein(在那里) and *not* in this file.
access logfile位置和格式化。如果在虚拟主机容器中定义了access logfiles,将记录在这儿。反之,则记录在那儿。
#
CustomLog "logs/access_log" common
#
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
如果提供了一个access logfile,代理,和参考信息(Combined Logfile Format),可以使用以下指令。像这样\"%{Referer}i\" \"%{User-Agent}i\"
#
#CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
#
# Redirect: Allows you to tell clients about documents that used to
# exist in your server‘s namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar
Redirect:用于定义永久或临时重定向
#
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
Alias:对web路径映射成文件系统路径。通常是那些不在DocumentRoot底下的可访问内容。
#
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
如果包含包含了/在/webpath中,服务器将在url中显示出来。将也可能需要提供<Directory>块来访问到那个文件路径。
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
ScriptAlias:这个控制含有服务器脚本的目录。ScriptAliases本质上跟Aliases相同,除了目标文件夹中的文档在被请求的时候被当作应用和由服务器运行,而不是作为文档发送到客户端。跟alias指令具有相同规则,带有/的情况。
#
ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"
</IfModule>
<IfModule cgid_module>
#
# ScriptSock: On threaded servers, designate the path to the UNIX
# socket used to communicate with the CGI daemon of mod_cgid.
ScriptSock:在线程服务器中,给unix socket指定的路径,用以同mod_cgid的cgi守护进程通讯。
#
#Scriptsock cgisock
</IfModule>
如果你配置了ScriptAlias,"/usr/local/apache/cgi-bin"应该被改变成那个存在的ScriptAliased cgi目录。
<Directory "/usr/local/apache/cgi-bin">
AllowOverride None 不允许重写
Options None 选项为none
Require all granted 授权所有访问者
</Directory>
<IfModule headers_module>
#
# Avoid passing HTTP_PROXY environment to CGI‘s on this or any proxied
# backend servers which have lingering "httpoxy" defects.
# ‘Proxy‘ request header is undefined by the IETF, not listed by IANA
允许通过配置文件控制任意的HTTP请求和应答头信息。这个模块提供了一些指令用于控制和修改HTTP请求头和应答头。这些头可以被合并、替换、删除。避免在这个或任何有潜在“httpoxy”漏洞的代理后端服务器上将http_proxy环境传递给CGI的环境。“proxy”请求标头不是由IETF(The Internet Engineering Task Force,国际互联网工程任务组)定义,也不是由IANA(The Internet Assigned Numbers Authority,互联网数字分配机构)登记。《HTTPOXY漏洞说明》
【HTTP协议系列5】http proxy原理--http://blog.csdn.net/zongzhiyuan/article/details/53700294
#
RequestHeader unset Proxy early
</IfModule>
Supplemental configuration
追加配置
目录conf/extra/中的配置文件包含了额外的特性或者是改变服务器默认配置,或者根据需要可以简单的将那些内容复制到这里并改变值。
MPM模式,一共有三种稳定的MPM(Multi-Processing Module,多进程处理模块)模式,(winnt模式,perfork模式,worker模式)。
升级apache--http://blog.csdn.net/laoyiin/article/details/50977354
apache的三种MPM模式比较--http://blog.jobbole.com/91920/
#Include conf/extra/httpd-mpm.conf‘
复合语言错误消息
#Include conf/extra/httpd-multilang-errordoc.conf
动态目录列表形式配置;
#Include conf/extra/httpd-autoindex.conf
语言设置
#Include conf/extra/httpd-languages.conf
用户主目录
#Include conf/extra/httpd-userdir.conf
配置和请求的真实时间信息
Include conf/extra/httpd-info.conf
虚拟主机
Include conf/extra/httpd-vhosts.conf
本地访问Apache HTTP服务器手册
#Include conf/extra/httpd-manual.conf
分布式创作和版本控制(WebDAV)
#Include conf/extra/httpd-dav.conf
多种默认设置
#Include conf/extra/httpd-default.conf
识别HTML4/XHTML1的配置mod_proxy_html
<IfModule proxy_html_module>
Include conf/extra/proxy-html.conf
</IfModule>
安全连接(SSL/TLS)
Include conf/extra/httpd-ssl.conf
/dev/random和/dev/urandom是Linux系统中提供的随机伪设备,这两个设备的任务,是提供永不为空的随机字节数据流。很多解密程序与安全应用程序(如SSH Keys,SSL Keys等)需要它们提供的随机数据流。注意:以下配置必须必须存在用以支持没有/dev/random的平台开启ssl,等效是有一个静态的内编译的mod_ssl
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
ServerTokens ProductOnly
ProtocolsHonorOrder On 是否遵守在Protocols中设置的顺序。
Protocols h2 http/1.1 http:// 连接 (h2c) https:// 连接 (h2)
默认地,服务器HTTP响应头会包含apache和php版本号。像下面的,这是有危害的,因为这会让黑客通过知道详细的版本号而发起已知该版本的漏洞攻击。Server: Apache/2.2.17 (Unix) PHP/5.3.5
为了阻止这个,需要在httpd.conf设置ServerTokens为Prod,这会在响应头中显示“Server:Apache”而不包含任何的版本信息。
ServerTokens Prod
下面是ServerTokens的一些可能的赋值:
ServerTokens Prod 显示“Server: Apache”
ServerTokens Major 显示 “Server: Apache/2″
ServerTokens Minor 显示“Server: Apache/2.2″
ServerTokens Min 显示“Server: Apache/2.2.17″
ServerTokens OS 显示 “Server: Apache/2.2.17 (Unix)”
ServerTokens Full 显示 “Server: Apache/2.2.17 (Unix) PHP/5.3.5″ (如果你这指定任何的值,这个是默认的返回信息)