httpd-2.4的常用配置

httpd-2.4:

新特性:

(1) MPM支持运行为DSO机制;以模块形式按需加载;

(2) event MPM生产环境可用;

(3) 异步读写机制;

(4) 支持每模块及每目录的单独日志级别定义;

(5) 每请求相关的专用配置;

(6) 增强版的表达式分析式;

(7) 毫秒级持久连接时长定义;

(8) 基于FQDN的虚拟主机也不再需要NameVirutalHost指令;

(9) 新指令,AllowOverrideList;

(10) 支持用户自定义变量;

(11) 更低的内存消耗;

 

新模块:

(1) mod_proxy_fcgi

(2) mod_proxy_scgi

(3) mod_remoteip

修改了一些配置机制:

不再支持使用Order,Deny,Allow来坐基于IP的控制访问;

安装httpd-2.4

依赖于apr-1.4+, apr-util-1.4+, [apr-iconv]

apr: apache portable runtime

https://apr.apache.org/

CentOS 6:

默认:apr-1.3.9, apr-util-1.3.9

开发环境包组:Development Tools, Server Platform Development

开发程序包:pcre-devel

#yum groupinstall “Development Tools” “Server Platform Development” -y

#yum install pcre-devel -y

 

编译安装步骤:

(1) apr-1.4+

# ./configure –prefix=/usr/local/apr

# make && make install

(2) apr-util-1.4+

# ./configure –prefix=/usr/local/apr-util –with-apr=/usr/local/apr

# make && make install

(3) httpd-2.4

# ./configure –prefix=/usr/local/apache24 –sysconfdir=/etc/httpd24 –enable-so –enable-ssl –enable-cgi –enable-rewrite –with-zlib –with-pcre –with-apr=/usr/local/apr –with-apr-util=/usr/local/apr-util –enable-modules=most –enable-mpms-shared=all –with-mpm=prefork

# make && make install

自带的服务控制脚本:apachectl

#vim /etc/profile.d/httpd.sh

#. /etc/profile.d/httpd.sh

#export PATH=/usr/local/apache24/bin:$PATH

也可以修改/etc/rc.d/init.d/httpd脚本

(4)编译后需要转换MPM在httpd.conf中找 mpm_event_module或 mpm_worker_module 注释去掉

 

CentOS 7:

# yum install httpd

 

配置文件:

/etc/httpd/conf/httpd.conf

/etc/httpd/conf.modules.d/*.conf

/etc/httpd/conf.d/*.conf

 

配置应用:

(1) 切换使用的MPM

编辑配置文件/etc/httpd/conf.modules.d/00-mpm.conf,启用要启用的MPM相关的LoadModule指令即可。

(2) 基于IP的访问控制

允许所有主机访问:Require all granted

拒绝所有主机访问:Require all deny

控制特定的IP访问:

Require ip IPADDR:授权指定来源的IP访问;

Require not ip IPADDR:拒绝控制特定的主机访问:

Require host HOSTNAME:授权指定来源的主机访问;

Require not host HOSTNAME:拒绝

 

HOSTNAME:

FQDN:特定主机

domin.tld:指定域名下的所有主机

放在<RequireAll>

</RequireAll>

例子

<RequireAll>

Require all granted

Require not ip 172.16.100.2

</RequireAll>

 

(3) 虚拟主机

基于FQDN的虚拟主机也不再需要NameVirutalHost指令;

<VirtualHost *:80>

ServerName www.b.net

DocumentRoot “/apps/b.net/htdocs”

<Directory “/apps/b.net/htdocs”>

Options None

AllowOverride None

Require all granted

</Directory>

</VirtualHost>

注意:任意目录下的页面只有显式授权才能被访问;

 

(4) ssl

启用模块

LoadModule ssl_module modules/mod_ssl.so

 

(5) KeepAliveTimeout #ms

毫秒级持久连接时长定义;

参考资料:

马哥Linux运维教程为本篇文章的主要参考资料