#
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives(官方指示) that give the server its instructions(指示).
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
# with ServerRoot set to "/usr/local/apache2" will be interpreted(理解) by the
# server as "/usr/local/apache2/logs/access_log", whereas(然而) "/logs/access_log"
# will be interpreted as '/logs/access_log'. #
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex(互斥) directive, if file-based mutexes are used. If you wish to share the
# same ServerRoot for multiple httpd daemons(守护进程), you will need to change at
# least PidFile.
#
ServerRoot "/usr/local/apache" #
# Mutex: Allows you to set the mutex mechanism and mutex file directory
# for individual mutexes, or change the global defaults
#
# Uncomment and change the directory if mutexes are file-based and the default
# mutex file directory is not on a local disk or is not appropriate for some
# other reason.
#
# Mutex default:logs #
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 39.106.30.67:80
Listen 80 #
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbd_module modules/mod_authn_dbd.so
LoadModule authn_socache_module modules/mod_authn_socache.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_dbd_module modules/mod_authz_dbd.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_form_module modules/mod_auth_form.so
LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule allowmethods_module modules/mod_allowmethods.so
#LoadModule isapi_module modules/mod_isapi.so
#LoadModule file_cache_module modules/mod_file_cache.so
LoadModule cache_module modules/mod_cache.so
#LoadModule cache_disk_module modules/mod_cache_disk.so
LoadModule cache_socache_module modules/mod_cache_socache.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule socache_dbm_module modules/mod_socache_dbm.so
LoadModule socache_memcache_module modules/mod_socache_memcache.so
#LoadModule watchdog_module modules/mod_watchdog.so
#LoadModule macro_module modules/mod_macro.so
#LoadModule dbd_module modules/mod_dbd.so
#LoadModule bucketeer_module modules/mod_bucketeer.so
#LoadModule dumpio_module modules/mod_dumpio.so
LoadModule echo_module modules/mod_echo.so
#LoadModule example_hooks_module modules/mod_example_hooks.so
LoadModule case_filter_module modules/mod_case_filter.so
LoadModule case_filter_in_module modules/mod_case_filter_in.so
#LoadModule example_ipc_module modules/mod_example_ipc.so
LoadModule buffer_module modules/mod_buffer.so
LoadModule data_module modules/mod_data.so
LoadModule ratelimit_module modules/mod_ratelimit.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule request_module modules/mod_request.so
LoadModule include_module modules/mod_include.so
LoadModule filter_module modules/mod_filter.so
LoadModule reflector_module modules/mod_reflector.so
LoadModule substitute_module modules/mod_substitute.so
LoadModule sed_module modules/mod_sed.so
LoadModule charset_lite_module modules/mod_charset_lite.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule xml2enc_module modules/mod_xml2enc.so
LoadModule proxy_html_module modules/mod_proxy_html.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule log_debug_module modules/mod_log_debug.so
#LoadModule log_forensic_module modules/mod_log_forensic.so
#LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
#LoadModule ident_module modules/mod_ident.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
#LoadModule remoteip_module modules/mod_remoteip.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
#LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
#LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_express_module modules/mod_proxy_express.so
#LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so
LoadModule session_module modules/mod_session.so
LoadModule session_cookie_module modules/mod_session_cookie.so
#LoadModule session_dbd_module modules/mod_session_dbd.so
#LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
#LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
LoadModule ssl_module modules/mod_ssl.so
#LoadModule optional_hook_export_module modules/mod_optional_hook_export.so
#LoadModule optional_hook_import_module modules/mod_optional_hook_import.so
#LoadModule optional_fn_import_module modules/mod_optional_fn_import.so
#LoadModule optional_fn_export_module modules/mod_optional_fn_export.so
#LoadModule dialup_module modules/mod_dialup.so
LoadModule http2_module modules/mod_http2.so
LoadModule proxy_http2_module modules/mod_proxy_http2.so
#LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
#LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
#LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
#LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
LoadModule unixd_module modules/mod_unixd.so
#LoadModule heartbeat_module modules/mod_heartbeat.so
#LoadModule heartmonitor_module modules/mod_heartmonitor.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule asis_module modules/mod_asis.so
LoadModule info_module modules/mod_info.so
LoadModule suexec_module modules/mod_suexec.so
<IfModule !mpm_prefork_module>
#LoadModule cgid_module modules/mod_cgid.so
</IfModule>
<IfModule mpm_prefork_module>
#LoadModule cgi_module modules/mod_cgi.so
</IfModule>
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dav_lock_module modules/mod_dav_lock.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
#LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
#LoadModule imagemap_module modules/mod_imagemap.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
#LoadModule php5_module modules/libphp5.so
LoadModule php7_module modules/libphp7.so
PHPIniDir /usr/local/php7/etc <IfModule unixd_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User apache
Group apache </IfModule> # 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
# #
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.com
#
#ServerAdmin admin@localhost
ServerAdmin 284053253@qq.com #
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
ServerName 0.0.0.0:80 #
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
AllowOverride none
#Require all denied
</Directory> #
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
# #
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/data/www/default"
<Directory "/data/www/default">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks #
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# AllowOverride FileInfo AuthConfig Limit
#
AllowOverride None #
# Controls who can get stuff from this server.
#
#Require all granted
</Directory> #
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule> #
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ".ht*">
#Require all denied
</Files> #
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog "logs/error_log" #
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn <IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule> #
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise(反之), if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
CustomLog "logs/access_log" common #
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
#CustomLog "logs/access_log" combined
</IfModule> <IfModule alias_module>
#
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar #
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
#
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path. #
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
#
ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/" </IfModule> <IfModule cgid_module>
#
# ScriptSock: On threaded servers, designate(指派) the path to the UNIX
# socket used to communicate with the CGI daemon of mod_cgid.
#
#Scriptsock cgisock
</IfModule> #
# "/usr/local/apache/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "/usr/local/apache/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory> <IfModule headers_module>
#
# Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
# backend servers which have lingering(拖延) "httpoxy" defects.
# 'Proxy' request header is undefined by the IETF, not listed by IANA
#
RequestHeader unset Proxy early
</IfModule> <IfModule mime_module>
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
TypesConfig conf/mime.types #
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#
#AddType application/x-gzip .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-httpd-php .php .phtml
AddType appication/x-httpd-php-source .phps
AddType application/x-gzip .gz .tgz #
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
#AddHandler cgi-script .cgi # For type maps (negotiated resources):
#AddHandler type-map var #
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
</IfModule> #
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
#MIMEMagicFile conf/magic #
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
# #
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or one of the special
# values 'default', 'none' or 'unlimited'.
# Default setting is to accept 200 Ranges.
#MaxRanges unlimited #
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults: EnableMMAP On, EnableSendfile Off
#
#EnableMMAP off
#EnableSendfile on # Supplemental configuration
#
# The configuration files in the conf/extra/ directory can be
# included to add extra features or to modify the default configuration of
# the server, or you may simply copy their contents here and change as
# necessary. # Server-pool management (MPM specific)
#Include conf/extra/httpd-mpm.conf # Multi-language error messages
#Include conf/extra/httpd-multilang-errordoc.conf # Fancy directory listings
#Include conf/extra/httpd-autoindex.conf # Language settings
#Include conf/extra/httpd-languages.conf # User home directories
#Include conf/extra/httpd-userdir.conf # Real-time info on requests and configuration
Include conf/extra/httpd-info.conf # Virtual hosts
Include conf/extra/httpd-vhosts.conf # Local access to the Apache HTTP Server Manual
#Include conf/extra/httpd-manual.conf # Distributed authoring and versioning (WebDAV)
#Include conf/extra/httpd-dav.conf # Various default settings
#Include conf/extra/httpd-default.conf # Configure mod_proxy_html to understand HTML4/XHTML1
<IfModule proxy_html_module>
Include conf/extra/proxy-html.conf
</IfModule> # Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule> ServerTokens ProductOnly
ProtocolsHonorOrder On
Protocols h2 http/1.1 RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/?(.*)$ https://%{SERVER_NAME}/$1 [L,R]
这是apache http 服务器的主配置文件。包含发送给服务器的指令。查看细节:http://httpd.apache.org/docs/2.4/,特别是http://httpd.apache.org/docs/2.4/mod/directives.html,可以对每个指令进行讨论。不要只简单的读读这个配置文件,他们的介绍都是很粗略的,如果你不曾详细了解线上文档,可能会处处遇到警告。
Configuration and logfile names:如果你用/或者win32下的盘符:/指定了控制文件路径的话,则使用它,如果没有,则会前缀ServerRoot,比如日志文件access/access_log,而ServerRoot被设置为/usr/local/apache2,就会被连缀成/usr/local/apache2/logs/access_log去操作那个文件。ServerRoot是error,log等文件保存的根目录。
不要在所有目录结尾添加反斜杠。如果你的ServerRoot不是本地磁盘,如果使用基于文件的互斥的话,应该在互斥指令上指定本地盘。ServerRoot用于指定守护进程httpd的运行目录,httpd在启动之后将自动将进程的当前目录改变为这个目录,因此如果设置文件中指定的文件或目录是相对路径,那么真实路径就位于这个ServerRoot定义的路径之下。一定要在本地磁盘中指定一个LockFile指令。如果你希望让多个httpd守护进程共享服务器根目录,你至少需要更改LockFile和PidFile。
**ServerRoot "/usr/local/apache"
**ScoreBoardFile /var/run/httpd.scoreboard
httpd使用ScoreBoardFile来维护进程的内部数据,因此通常不需要改变这个参数,除非管理员想在一台计算机上运行几个Apache服务器,这时每个Apache服务器都需要独立的设置文件htt pd.conf,并使用不同的ScoreBoardFile。
互斥:允许你为多个不同的互斥对象设置互斥机制【mutex mechanism】和互斥文件目录,或者修改全局默认值。如果互斥对象是基于文件的以及默认的互斥文件目录不在本地磁盘或因为其它原因而不适用,那么取消注释并改变目录。【下面这个命令是改变互斥对象的目录】。
**Mutex default: logs (详解mutex)
A mutex is the basic synchronization method used within Traffic Server to protect data from simultaneous access by multiple threads. A mutex acts as a lock that protects data in one program thread from being accessed by another thread.
它的作用就是枢纽服务器的基础异步方法,用于保护多线程的相同请求的数据的保护。就像一个锁,对于一个程序线程来说,确保不能被另一个线程访问。
Listen:允许将ip和/或端口号绑定到apache,替代默认设置。参看<VirtualHost>指令。如Listen 12.34.56.78:80或者Listen:80来让特定ip或端口开放,可以阻止apache上绑定的所有ip被访问到。这是个必须指定的指令,否则无法启动。
When httpd starts, it binds to some port and address on the local machine and waits for incoming requests. By default, it listens to all addresses on the machine. However, it may need to be told to listen on specific ports, or only on selected addresses, or a combination of both. This is often combined with the Virtual Host feature, which determines how httpd responds to different IP addresses, hostnames and ports.
The Listen directive tells the server to accept incoming requests only on the specified port(s) or address-and-port combinations. If only a port number is specified in the Listendirective, the server listens to the given port on all interfaces. If an IP address is given as well as a port, the server will listen on the given port and interface. Multiple Listen directives may be used to specify a number of addresses and ports to listen on. The server will respond to requests from any of the listed addresses and ports.
httpd启动时,绑定了端口和地址在本机上,等候进入的请求。默认情况下,它坚挺所有这台及其上的地址,然后可以按需要指定端口或者地址,或者二者复合。通常结合虚拟主机特性,由它来决定响应不同的地址和端口请求。
动态共享对象支持(Dymanic shared object DSO)。为了能使用打包成DSO的module的功能,你可以在使用前添加相应的"LoadModule"在这个位置,静态编译的modules(可以通过httpd -l列出来)不需要在这里加载。
User/Group: 如果你希望httpd以不同用户和组运行,必须以root进行初始化,并且将切换。使用名字或数字来运行httpd,跟多数系统服务一样创建一个独立的用户或组来运行httpd是个良好的实践。
<IfModule unixd_module>
User apache
Group apache
</IfModule>
主服务配置。这个区块设置的值由主服务使用,它将对所有<VirtualHost>不做响应的请求进行响应。这些值为<VirtualHost>容器提供了默认值。所有这些指令可以出现在<VirtualHost>容器中,如果在<VirtualHost>中作了定义,将对这里的值覆盖。
ServerAdmin:你的地址,服务器的问题如何联系的邮箱。这个邮箱经常会出现在服务器管理页面,比如错误文档。
ServerName:给出服务器名字和端口,用于识别自身。这通常都是自动的,但是提醒你还是明确指定以避免启动中的问题。ServerName 0.0.0.0:80
<Directory />
AllowOverride none
#Require all denied
</Directory>
对全部服务器文件系统项进行否定访问,在其他的<Directory>块中必须明确允许访问到web内容目录。
注意在这个点往前,必须特别允许特定的属性为enabled,如果有些工作不合乎期望,确保已经指定为enabled。
DocumentRoot:对外提供服务的目录。默认情况下,所有的请求来自这个目录,但软连接和别名可能指向其他地方。DocumentRoot "/data/www/default"
<Directory "/data/www/default">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
Options指令的可能值为None,All,或者任何联合项,Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
注意MultiViews不在Options All指定之中,比较特殊。
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
Options指令复杂而重要。查看http://httpd.apache.org/docs/2.4/mod/core.html#options获取更多信息。
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# AllowOverride FileInfo AuthConfig Limit
Apache httpd.conf配置文件AllowOverride参数详解--http://www.upupw.net/server/n73.html
AllowOverride从字面上解释是允许覆盖的意思,即Apache允许另一配置文件覆盖现有配置文件。
我们通常利用Apache的rewrite模块对URL进行重写,rewrite规则会写在 .htaccess 文件里。但要使 apache 能够正常的读取.htaccess 文件的内容,就必须对.htaccess 所在目录进行配置。
从安全性考虑,根目录的AllowOverride属性一般都配置成不允许任何Override,即:
< Directory />
AllowOverride None
< /Directory>
在 AllowOverride 设置为 None 时, .htaccess 文件将被完全忽略。当此指令设置为 All 时,所有具有 “.htaccess” 作用域的指令都允许出现在 .htaccess 文件中。
而对于 URL rewrite 来说,至少需要把目录设置为:
< Directory /myblogroot/>
AllowOverride FileInfo
< /Directory>
以下是AllowOverride的详细参数:
AuthConfig
允许使用与认证授权相关的指令(AuthDBMGroupFile, AuthDBMUserFile, AuthGroupFile, AuthName, AuthType, AuthUserFile, Require, 等)。
FileInfo
允许使用控制文档类型的指令(DefaultType, ErrorDocument, ForceType, LanguagePriority, SetHandler, SetInputFilter, SetOutputFilter, mod_mime中的 Add* 和 Remove* 指令等等)、控制文档元数据的指令(Header, RequestHeader, SetEnvIf, SetEnvIfNoCase, BrowserMatch, CookieExpires, CookieDomain, CookieStyle, CookieTracking, CookieName)、mod_rewrite中的指令(RewriteEngine, RewriteOptions, RewriteBase, RewriteCond, RewriteRule)和mod_actions中的Action指令。
Indexes
允许使用控制目录索引的指令(AddDescription, AddIcon, AddIconByEncoding, AddIconByType, DefaultIcon, DirectoryIndex, FancyIndexing, HeaderName, IndexIgnore, IndexOptions, ReadmeName, 等)。
Limit
允许使用控制主机访问的指令(Allow, Deny, Order)。
Options[=Option,...]
允许使用控制指定目录功能的指令(Options和XBitHack)。可以在等号后面附加一个逗号分隔的(无空格的)Options选项列表,用来控制允许Options指令使用哪些选项。
AllowOverride控制.htaccess文件,可以是All ,None或者任何的复合关键词。
#
AllowOverride None
#
# Controls who can get stuff from this server.
控制哪些可以从服务器取到东西。
#
#Require all granted
</Directory>
DirectoryIndex: 设置如果一个目录被访问的时候apache提供服务的文件。
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>
下面行提供.htaccess和.htpasswd文件中可以被web客户端查看的文件。
<Files ".ht*">
#Require all denied
</Files>
ErrorLog:error log文件的位置,如果你不在<VirtualHost>中指定这个指令值,那么那个虚拟主机容器中的错误消息将记录在这儿。如果你在虚拟容器中指定了,将记录在那儿,而非这儿。
ErrorLog "logs/error_log"
LogLevel:控制被记录到error_log中的信息数量,可能的值包括:debug, info, notice, warn, error, crit, alert, emerg.
LogLevel warn
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
下面的指令定义了一些在CustomLog使用的格式化昵称。
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
%h 客户端ip地址
%l %u 这两个一般不用看
%t 时间
%r 访问方式内容
%>s 状态码
%b 理解为浏览器类型
也就是规定了日志文件中的各个字段的意思。
116.62.209.27 - - [02/Feb/2018:13:04:12 +0800] "GET /phpmyadmin/explicit_not_exist_path HTTP/1.1" 404 232
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
需要使用%I and %O使mod_logio.c可用
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions(事物) will be
# logged therein(在那里) and *not* in this file.
access logfile位置和格式化。如果在虚拟主机容器中定义了access logfiles,将记录在这儿。反之,则记录在那儿。
#
CustomLog "logs/access_log" common
#
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
如果提供了一个access logfile,代理,和参考信息(Combined Logfile Format),可以使用以下指令。像这样\"%{Referer}i\" \"%{User-Agent}i\"
#
#CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
#
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar
Redirect:用于定义永久或临时重定向
#
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
Alias:对web路径映射成文件系统路径。通常是那些不在DocumentRoot底下的可访问内容。
#
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
如果包含包含了/在/webpath中,服务器将在url中显示出来。将也可能需要提供<Directory>块来访问到那个文件路径。
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
ScriptAlias:这个控制含有服务器脚本的目录。ScriptAliases本质上跟Aliases相同,除了目标文件夹中的文档在被请求的时候被当作应用和由服务器运行,而不是作为文档发送到客户端。跟alias指令具有相同规则,带有/的情况。
#
ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"
</IfModule>
<IfModule cgid_module>
#
# ScriptSock: On threaded servers, designate the path to the UNIX
# socket used to communicate with the CGI daemon of mod_cgid.
ScriptSock:在线程服务器中,给unix socket指定的路径,用以同mod_cgid的cgi守护进程通讯。
#
#Scriptsock cgisock
</IfModule>
如果你配置了ScriptAlias,"/usr/local/apache/cgi-bin"应该被改变成那个存在的ScriptAliased cgi目录。
<Directory "/usr/local/apache/cgi-bin">
AllowOverride None 不允许重写
Options None 选项为none
Require all granted 授权所有访问者
</Directory>
<IfModule headers_module>
#
# Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
# backend servers which have lingering "httpoxy" defects.
# 'Proxy' request header is undefined by the IETF, not listed by IANA
允许通过配置文件控制任意的HTTP请求和应答头信息。这个模块提供了一些指令用于控制和修改HTTP请求头和应答头。这些头可以被合并、替换、删除。避免在这个或任何有潜在“httpoxy”漏洞的代理后端服务器上将http_proxy环境传递给CGI的环境。“proxy”请求标头不是由IETF(The Internet Engineering Task Force,国际互联网工程任务组)定义,也不是由IANA(The Internet Assigned Numbers Authority,互联网数字分配机构)登记。《HTTPOXY漏洞说明》
【HTTP协议系列5】http proxy原理--http://blog.****.net/zongzhiyuan/article/details/53700294
#
RequestHeader unset Proxy early
</IfModule>
Supplemental configuration
追加配置
目录conf/extra/中的配置文件包含了额外的特性或者是改变服务器默认配置,或者根据需要可以简单的将那些内容复制到这里并改变值。
MPM模式,一共有三种稳定的MPM(Multi-Processing Module,多进程处理模块)模式,(winnt模式,perfork模式,worker模式)。
升级apache--http://blog.****.net/laoyiin/article/details/50977354
apache的三种MPM模式比较--http://blog.jobbole.com/91920/
#Include conf/extra/httpd-mpm.conf'
复合语言错误消息
#Include conf/extra/httpd-multilang-errordoc.conf
动态目录列表形式配置;
#Include conf/extra/httpd-autoindex.conf
语言设置
#Include conf/extra/httpd-languages.conf
用户主目录
#Include conf/extra/httpd-userdir.conf
配置和请求的真实时间信息
Include conf/extra/httpd-info.conf
虚拟主机
Include conf/extra/httpd-vhosts.conf
本地访问Apache HTTP服务器手册
#Include conf/extra/httpd-manual.conf
分布式创作和版本控制(WebDAV)
#Include conf/extra/httpd-dav.conf
多种默认设置
#Include conf/extra/httpd-default.conf
识别HTML4/XHTML1的配置mod_proxy_html
<IfModule proxy_html_module>
Include conf/extra/proxy-html.conf
</IfModule>
安全连接(SSL/TLS)
Include conf/extra/httpd-ssl.conf
/dev/random和/dev/urandom是Linux系统中提供的随机伪设备,这两个设备的任务,是提供永不为空的随机字节数据流。很多解密程序与安全应用程序(如SSH Keys,SSL Keys等)需要它们提供的随机数据流。注意:以下配置必须必须存在用以支持没有/dev/random的平台开启ssl,等效是有一个静态的内编译的mod_ssl
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
ServerTokens ProductOnly
ProtocolsHonorOrder On 是否遵守在Protocols中设置的顺序。
Protocols h2 http/1.1 http:// 连接 (h2c) https:// 连接 (h2)
默认地,服务器HTTP响应头会包含apache和php版本号。像下面的,这是有危害的,因为这会让黑客通过知道详细的版本号而发起已知该版本的漏洞攻击。Server: Apache/2.2.17 (Unix) PHP/5.3.5
为了阻止这个,需要在httpd.conf设置ServerTokens为Prod,这会在响应头中显示“Server:Apache”而不包含任何的版本信息。
ServerTokens Prod
下面是ServerTokens的一些可能的赋值:
ServerTokens Prod 显示“Server: Apache”
ServerTokens Major 显示 “Server: Apache/2″
ServerTokens Minor 显示“Server: Apache/2.2″
ServerTokens Min 显示“Server: Apache/2.2.17″
ServerTokens OS 显示 “Server: Apache/2.2.17 (Unix)”
ServerTokens Full 显示 “Server: Apache/2.2.17 (Unix) PHP/5.3.5″ (如果你这指定任何的值,这个是默认的返回信息)