• httpd.conf详解,因为php始终报fileinfo扩展无法加载的错


      1 #
      2 # This is the main Apache HTTP server configuration file.  It contains the
      3 # configuration directives(官方指示) that give the server its instructions(指示).
      4 # See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
      5 # In particular, see 
      6 # <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
      7 # for a discussion of each configuration directive.
      8 #
      9 # Do NOT simply read the instructions in here without understanding
     10 # what they do.  They're here only as hints or reminders.  If you are unsure
     11 # consult the online docs. You have been warned.  
     12 #
     13 # Configuration and logfile names: If the filenames you specify for many
     14 # of the server's control files begin with "/" (or "drive:/" for Win32), the
     15 # server will use that explicit path.  If the filenames do *not* begin
     16 # with "/", the value of ServerRoot is prepended -- so "logs/access_log"
     17 # with ServerRoot set to "/usr/local/apache2" will be interpreted(理解) by the
     18 # server as "/usr/local/apache2/logs/access_log", whereas(然而) "/logs/access_log" 
     19 # will be interpreted as '/logs/access_log'.
     20 
     21 #
     22 # ServerRoot: The top of the directory tree under which the server's
     23 # configuration, error, and log files are kept.
     24 #
     25 # Do not add a slash at the end of the directory path.  If you point
     26 # ServerRoot at a non-local disk, be sure to specify a local disk on the
     27 # Mutex(互斥) directive, if file-based mutexes are used.  If you wish to share the
     28 # same ServerRoot for multiple httpd daemons(守护进程), you will need to change at
     29 # least PidFile.
     30 #
     31 ServerRoot "/usr/local/apache"
     32 
     33 #
     34 # Mutex: Allows you to set the mutex mechanism and mutex file directory
     35 # for individual mutexes, or change the global defaults
     36 #
     37 # Uncomment and change the directory if mutexes are file-based and the default
     38 # mutex file directory is not on a local disk or is not appropriate for some
     39 # other reason.
     40 #
     41 # Mutex default:logs
     42 
     43 #
     44 # Listen: Allows you to bind Apache to specific IP addresses and/or
     45 # ports, instead of the default. See also the <VirtualHost>
     46 # directive.
     47 #
     48 # Change this to Listen on specific IP addresses as shown below to 
     49 # prevent Apache from glomming onto all bound IP addresses.
     50 #
     51 #Listen 12.34.56.78:80
     52 Listen 39.106.30.67:80
     53 Listen 80
     54 
     55 #
     56 # Dynamic Shared Object (DSO) Support
     57 #
     58 # To be able to use the functionality of a module which was built as a DSO you
     59 # have to place corresponding `LoadModule' lines at this location so the
     60 # directives contained in it are actually available _before_ they are used.
     61 # Statically compiled modules (those listed by `httpd -l') do not need
     62 # to be loaded here.
     63 #
     64 # Example:
     65 # LoadModule foo_module modules/mod_foo.so
     66 #
     67 LoadModule authn_file_module modules/mod_authn_file.so
     68 LoadModule authn_dbm_module modules/mod_authn_dbm.so
     69 LoadModule authn_anon_module modules/mod_authn_anon.so
     70 LoadModule authn_dbd_module modules/mod_authn_dbd.so
     71 LoadModule authn_socache_module modules/mod_authn_socache.so
     72 LoadModule authn_core_module modules/mod_authn_core.so
     73 LoadModule authz_host_module modules/mod_authz_host.so
     74 LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
     75 LoadModule authz_user_module modules/mod_authz_user.so
     76 LoadModule authz_dbm_module modules/mod_authz_dbm.so
     77 LoadModule authz_owner_module modules/mod_authz_owner.so
     78 LoadModule authz_dbd_module modules/mod_authz_dbd.so
     79 LoadModule authz_core_module modules/mod_authz_core.so
     80 LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so
     81 LoadModule access_compat_module modules/mod_access_compat.so
     82 LoadModule auth_basic_module modules/mod_auth_basic.so
     83 LoadModule auth_form_module modules/mod_auth_form.so
     84 LoadModule auth_digest_module modules/mod_auth_digest.so
     85 #LoadModule allowmethods_module modules/mod_allowmethods.so
     86 #LoadModule isapi_module modules/mod_isapi.so
     87 #LoadModule file_cache_module modules/mod_file_cache.so
     88 LoadModule cache_module modules/mod_cache.so
     89 #LoadModule cache_disk_module modules/mod_cache_disk.so
     90 LoadModule cache_socache_module modules/mod_cache_socache.so
     91 LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
     92 LoadModule socache_dbm_module modules/mod_socache_dbm.so
     93 LoadModule socache_memcache_module modules/mod_socache_memcache.so
     94 #LoadModule watchdog_module modules/mod_watchdog.so
     95 #LoadModule macro_module modules/mod_macro.so
     96 #LoadModule dbd_module modules/mod_dbd.so
     97 #LoadModule bucketeer_module modules/mod_bucketeer.so
     98 #LoadModule dumpio_module modules/mod_dumpio.so
     99 LoadModule echo_module modules/mod_echo.so
    100 #LoadModule example_hooks_module modules/mod_example_hooks.so
    101 LoadModule case_filter_module modules/mod_case_filter.so
    102 LoadModule case_filter_in_module modules/mod_case_filter_in.so
    103 #LoadModule example_ipc_module modules/mod_example_ipc.so
    104 LoadModule buffer_module modules/mod_buffer.so
    105 LoadModule data_module modules/mod_data.so
    106 LoadModule ratelimit_module modules/mod_ratelimit.so
    107 LoadModule reqtimeout_module modules/mod_reqtimeout.so
    108 LoadModule ext_filter_module modules/mod_ext_filter.so
    109 LoadModule request_module modules/mod_request.so
    110 LoadModule include_module modules/mod_include.so
    111 LoadModule filter_module modules/mod_filter.so
    112 LoadModule reflector_module modules/mod_reflector.so
    113 LoadModule substitute_module modules/mod_substitute.so
    114 LoadModule sed_module modules/mod_sed.so
    115 LoadModule charset_lite_module modules/mod_charset_lite.so
    116 LoadModule deflate_module modules/mod_deflate.so
    117 LoadModule xml2enc_module modules/mod_xml2enc.so
    118 LoadModule proxy_html_module modules/mod_proxy_html.so
    119 LoadModule mime_module modules/mod_mime.so
    120 LoadModule log_config_module modules/mod_log_config.so
    121 #LoadModule log_debug_module modules/mod_log_debug.so
    122 #LoadModule log_forensic_module modules/mod_log_forensic.so
    123 #LoadModule logio_module modules/mod_logio.so
    124 LoadModule env_module modules/mod_env.so
    125 #LoadModule mime_magic_module modules/mod_mime_magic.so
    126 #LoadModule cern_meta_module modules/mod_cern_meta.so
    127 LoadModule expires_module modules/mod_expires.so
    128 LoadModule headers_module modules/mod_headers.so
    129 #LoadModule ident_module modules/mod_ident.so
    130 #LoadModule usertrack_module modules/mod_usertrack.so
    131 #LoadModule unique_id_module modules/mod_unique_id.so
    132 LoadModule setenvif_module modules/mod_setenvif.so
    133 LoadModule version_module modules/mod_version.so
    134 #LoadModule remoteip_module modules/mod_remoteip.so
    135 LoadModule proxy_module modules/mod_proxy.so
    136 LoadModule proxy_connect_module modules/mod_proxy_connect.so
    137 LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
    138 LoadModule proxy_http_module modules/mod_proxy_http.so
    139 LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
    140 LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
    141 #LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
    142 #LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
    143 #LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
    144 #LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
    145 #LoadModule proxy_express_module modules/mod_proxy_express.so
    146 #LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so
    147 LoadModule session_module modules/mod_session.so
    148 LoadModule session_cookie_module modules/mod_session_cookie.so
    149 #LoadModule session_dbd_module modules/mod_session_dbd.so
    150 #LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
    151 #LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
    152 LoadModule ssl_module modules/mod_ssl.so
    153 #LoadModule optional_hook_export_module modules/mod_optional_hook_export.so
    154 #LoadModule optional_hook_import_module modules/mod_optional_hook_import.so
    155 #LoadModule optional_fn_import_module modules/mod_optional_fn_import.so
    156 #LoadModule optional_fn_export_module modules/mod_optional_fn_export.so
    157 #LoadModule dialup_module modules/mod_dialup.so
    158 LoadModule http2_module modules/mod_http2.so
    159 LoadModule proxy_http2_module modules/mod_proxy_http2.so
    160 #LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
    161 #LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
    162 #LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
    163 #LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
    164 LoadModule unixd_module modules/mod_unixd.so
    165 #LoadModule heartbeat_module modules/mod_heartbeat.so
    166 #LoadModule heartmonitor_module modules/mod_heartmonitor.so
    167 LoadModule dav_module modules/mod_dav.so
    168 LoadModule status_module modules/mod_status.so
    169 LoadModule autoindex_module modules/mod_autoindex.so
    170 #LoadModule asis_module modules/mod_asis.so
    171 LoadModule info_module modules/mod_info.so
    172 LoadModule suexec_module modules/mod_suexec.so
    173 <IfModule !mpm_prefork_module>
    174     #LoadModule cgid_module modules/mod_cgid.so
    175 </IfModule>
    176 <IfModule mpm_prefork_module>
    177     #LoadModule cgi_module modules/mod_cgi.so
    178 </IfModule>
    179 LoadModule dav_fs_module modules/mod_dav_fs.so
    180 LoadModule dav_lock_module modules/mod_dav_lock.so
    181 LoadModule vhost_alias_module modules/mod_vhost_alias.so
    182 #LoadModule negotiation_module modules/mod_negotiation.so
    183 LoadModule dir_module modules/mod_dir.so
    184 #LoadModule imagemap_module modules/mod_imagemap.so
    185 LoadModule actions_module modules/mod_actions.so
    186 LoadModule speling_module modules/mod_speling.so
    187 LoadModule userdir_module modules/mod_userdir.so
    188 LoadModule alias_module modules/mod_alias.so
    189 LoadModule rewrite_module modules/mod_rewrite.so
    190 #LoadModule php5_module        modules/libphp5.so
    191 LoadModule php7_module        modules/libphp7.so
    192 PHPIniDir   /usr/local/php7/etc
    193 
    194 <IfModule unixd_module>
    195 #
    196 # If you wish httpd to run as a different user or group, you must run
    197 # httpd as root initially and it will switch.  
    198 #
    199 # User/Group: The name (or #number) of the user/group to run httpd as.
    200 # It is usually good practice to create a dedicated user and group for
    201 # running httpd, as with most system services.
    202 #
    203 User apache
    204 Group apache
    205 
    206 </IfModule>
    207 
    208 # 'Main' server configuration
    209 #
    210 # The directives in this section set up the values used by the 'main'
    211 # server, which responds to any requests that aren't handled by a
    212 # <VirtualHost> definition.  These values also provide defaults for
    213 # any <VirtualHost> containers you may define later in the file.
    214 #
    215 # All of these directives may appear inside <VirtualHost> containers,
    216 # in which case these default settings will be overridden for the
    217 # virtual host being defined.
    218 #
    219 
    220 #
    221 # ServerAdmin: Your address, where problems with the server should be
    222 # e-mailed.  This address appears on some server-generated pages, such
    223 # as error documents.  e.g. admin@your-domain.com
    224 #
    225 #ServerAdmin admin@localhost
    226 ServerAdmin 284053253@qq.com
    227 
    228 #
    229 # ServerName gives the name and port that the server uses to identify itself.
    230 # This can often be determined automatically, but we recommend you specify
    231 # it explicitly to prevent problems during startup.
    232 #
    233 # If your host doesn't have a registered DNS name, enter its IP address here.
    234 #
    235 ServerName 0.0.0.0:80
    236 
    237 #
    238 # Deny access to the entirety of your server's filesystem. You must
    239 # explicitly permit access to web content directories in other 
    240 # <Directory> blocks below.
    241 #
    242 <Directory />
    243     AllowOverride none
    244     #Require all denied
    245 </Directory>
    246 
    247 #
    248 # Note that from this point forward you must specifically allow
    249 # particular features to be enabled - so if something's not working as
    250 # you might expect, make sure that you have specifically enabled it
    251 # below.
    252 #
    253 
    254 #
    255 # DocumentRoot: The directory out of which you will serve your
    256 # documents. By default, all requests are taken from this directory, but
    257 # symbolic links and aliases may be used to point to other locations.
    258 #
    259 DocumentRoot "/data/www/default"
    260 <Directory "/data/www/default">
    261     #
    262     # Possible values for the Options directive are "None", "All",
    263     # or any combination of:
    264     #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    265     #
    266     # Note that "MultiViews" must be named *explicitly* --- "Options All"
    267     # doesn't give it to you.
    268     #
    269     # The Options directive is both complicated and important.  Please see
    270     # http://httpd.apache.org/docs/2.4/mod/core.html#options
    271     # for more information.
    272     #
    273     Options Indexes FollowSymLinks
    274 
    275     #
    276     # AllowOverride controls what directives may be placed in .htaccess files.
    277     # It can be "All", "None", or any combination of the keywords:
    278     #   AllowOverride FileInfo AuthConfig Limit
    279     #
    280     AllowOverride None
    281 
    282     #
    283     # Controls who can get stuff from this server.
    284     #
    285     #Require all granted
    286 </Directory>
    287 
    288 #
    289 # DirectoryIndex: sets the file that Apache will serve if a directory
    290 # is requested.
    291 #
    292 <IfModule dir_module>
    293     DirectoryIndex index.html index.php
    294 </IfModule>
    295 
    296 #
    297 # The following lines prevent .htaccess and .htpasswd files from being 
    298 # viewed by Web clients. 
    299 #
    300 <Files ".ht*">
    301     #Require all denied
    302 </Files>
    303 
    304 #
    305 # ErrorLog: The location of the error log file.
    306 # If you do not specify an ErrorLog directive within a <VirtualHost>
    307 # container, error messages relating to that virtual host will be
    308 # logged here.  If you *do* define an error logfile for a <VirtualHost>
    309 # container, that host's errors will be logged there and not here.
    310 #
    311 ErrorLog "logs/error_log"
    312 
    313 #
    314 # LogLevel: Control the number of messages logged to the error_log.
    315 # Possible values include: debug, info, notice, warn, error, crit,
    316 # alert, emerg.
    317 #
    318 LogLevel warn
    319 
    320 <IfModule log_config_module>
    321     #
    322     # The following directives define some format nicknames for use with
    323     # a CustomLog directive (see below).
    324     #
    325     LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
    326     LogFormat "%h %l %u %t "%r" %>s %b" common
    327 
    328     <IfModule logio_module>
    329       # You need to enable mod_logio.c to use %I and %O
    330       LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i" %I %O" combinedio
    331     </IfModule>
    332 
    333     #
    334     # The location and format of the access logfile (Common Logfile Format).
    335     # If you do not define any access logfiles within a <VirtualHost>
    336     # container, they will be logged here.  Contrariwise(反之), if you *do*
    337     # define per-<VirtualHost> access logfiles, transactions will be
    338     # logged therein and *not* in this file.
    339     #
    340     CustomLog "logs/access_log" common
    341 
    342     #
    343     # If you prefer a logfile with access, agent, and referer information
    344     # (Combined Logfile Format) you can use the following directive.
    345     #
    346     #CustomLog "logs/access_log" combined
    347 </IfModule>
    348 
    349 <IfModule alias_module>
    350     #
    351     # Redirect: Allows you to tell clients about documents that used to 
    352     # exist in your server's namespace, but do not anymore. The client 
    353     # will make a new request for the document at its new location.
    354     # Example:
    355     # Redirect permanent /foo http://www.example.com/bar
    356 
    357     #
    358     # Alias: Maps web paths into filesystem paths and is used to
    359     # access content that does not live under the DocumentRoot.
    360     # Example:
    361     # Alias /webpath /full/filesystem/path
    362     #
    363     # If you include a trailing / on /webpath then the server will
    364     # require it to be present in the URL.  You will also likely
    365     # need to provide a <Directory> section to allow access to
    366     # the filesystem path.
    367 
    368     #
    369     # ScriptAlias: This controls which directories contain server scripts. 
    370     # ScriptAliases are essentially the same as Aliases, except that
    371     # documents in the target directory are treated as applications and
    372     # run by the server when requested rather than as documents sent to the
    373     # client.  The same rules about trailing "/" apply to ScriptAlias
    374     # directives as to Alias.
    375     #
    376     ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"
    377 
    378 </IfModule>
    379 
    380 <IfModule cgid_module>
    381     #
    382     # ScriptSock: On threaded servers, designate(指派) the path to the UNIX
    383     # socket used to communicate with the CGI daemon of mod_cgid.
    384     #
    385     #Scriptsock cgisock
    386 </IfModule>
    387 
    388 #
    389 # "/usr/local/apache/cgi-bin" should be changed to whatever your ScriptAliased
    390 # CGI directory exists, if you have that configured.
    391 #
    392 <Directory "/usr/local/apache/cgi-bin">
    393     AllowOverride None
    394     Options None
    395     Require all granted
    396 </Directory>
    397 
    398 <IfModule headers_module>
    399     #
    400     # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
    401     # backend servers which have lingering(拖延) "httpoxy" defects.
    402     # 'Proxy' request header is undefined by the IETF, not listed by IANA
    403     #
    404     RequestHeader unset Proxy early
    405 </IfModule>
    406 
    407 <IfModule mime_module>
    408     #
    409     # TypesConfig points to the file containing the list of mappings from
    410     # filename extension to MIME-type.
    411     #
    412     TypesConfig conf/mime.types
    413 
    414     #
    415     # AddType allows you to add to or override the MIME configuration
    416     # file specified in TypesConfig for specific file types.
    417     #
    418     #AddType application/x-gzip .tgz
    419     #
    420     # AddEncoding allows you to have certain browsers uncompress
    421     # information on the fly. Note: Not all browsers support this.
    422     #
    423     #AddEncoding x-compress .Z
    424     #AddEncoding x-gzip .gz .tgz
    425     #
    426     # If the AddEncoding directives above are commented-out, then you
    427     # probably should define those extensions to indicate media types:
    428     #
    429     AddType application/x-compress .Z
    430     AddType application/x-httpd-php .php .phtml
    431     AddType appication/x-httpd-php-source .phps
    432     AddType application/x-gzip .gz .tgz
    433 
    434     #
    435     # AddHandler allows you to map certain file extensions to "handlers":
    436     # actions unrelated to filetype. These can be either built into the server
    437     # or added with the Action directive (see below)
    438     #
    439     # To use CGI scripts outside of ScriptAliased directories:
    440     # (You will also need to add "ExecCGI" to the "Options" directive.)
    441     #
    442     #AddHandler cgi-script .cgi
    443 
    444     # For type maps (negotiated resources):
    445     #AddHandler type-map var
    446 
    447     #
    448     # Filters allow you to process content before it is sent to the client.
    449     #
    450     # To parse .shtml files for server-side includes (SSI):
    451     # (You will also need to add "Includes" to the "Options" directive.)
    452     #
    453     #AddType text/html .shtml
    454     #AddOutputFilter INCLUDES .shtml
    455 </IfModule>
    456 
    457 #
    458 # The mod_mime_magic module allows the server to use various hints from the
    459 # contents of the file itself to determine its type.  The MIMEMagicFile
    460 # directive tells the module where the hint definitions are located.
    461 #
    462 #MIMEMagicFile conf/magic
    463 
    464 #
    465 # Customizable error responses come in three flavors:
    466 # 1) plain text 2) local redirects 3) external redirects
    467 #
    468 # Some examples:
    469 #ErrorDocument 500 "The server made a boo boo."
    470 #ErrorDocument 404 /missing.html
    471 #ErrorDocument 404 "/cgi-bin/missing_handler.pl"
    472 #ErrorDocument 402 http://www.example.com/subscription_info.html
    473 #
    474 
    475 #
    476 # MaxRanges: Maximum number of Ranges in a request before
    477 # returning the entire resource, or one of the special
    478 # values 'default', 'none' or 'unlimited'.
    479 # Default setting is to accept 200 Ranges.
    480 #MaxRanges unlimited
    481 
    482 #
    483 # EnableMMAP and EnableSendfile: On systems that support it, 
    484 # memory-mapping or the sendfile syscall may be used to deliver
    485 # files.  This usually improves server performance, but must
    486 # be turned off when serving from networked-mounted 
    487 # filesystems or if support for these functions is otherwise
    488 # broken on your system.
    489 # Defaults: EnableMMAP On, EnableSendfile Off
    490 #
    491 #EnableMMAP off
    492 #EnableSendfile on
    493 
    494 # Supplemental configuration
    495 #
    496 # The configuration files in the conf/extra/ directory can be 
    497 # included to add extra features or to modify the default configuration of 
    498 # the server, or you may simply copy their contents here and change as 
    499 # necessary.
    500 
    501 # Server-pool management (MPM specific)
    502 #Include conf/extra/httpd-mpm.conf
    503 
    504 # Multi-language error messages
    505 #Include conf/extra/httpd-multilang-errordoc.conf
    506 
    507 # Fancy directory listings
    508 #Include conf/extra/httpd-autoindex.conf
    509 
    510 # Language settings
    511 #Include conf/extra/httpd-languages.conf
    512 
    513 # User home directories
    514 #Include conf/extra/httpd-userdir.conf
    515 
    516 # Real-time info on requests and configuration
    517 Include conf/extra/httpd-info.conf
    518 
    519 # Virtual hosts
    520 Include conf/extra/httpd-vhosts.conf
    521 
    522 # Local access to the Apache HTTP Server Manual
    523 #Include conf/extra/httpd-manual.conf
    524 
    525 # Distributed authoring and versioning (WebDAV)
    526 #Include conf/extra/httpd-dav.conf
    527 
    528 # Various default settings
    529 #Include conf/extra/httpd-default.conf
    530 
    531 # Configure mod_proxy_html to understand HTML4/XHTML1
    532 <IfModule proxy_html_module>
    533 Include conf/extra/proxy-html.conf
    534 </IfModule>
    535 
    536 # Secure (SSL/TLS) connections
    537 Include conf/extra/httpd-ssl.conf
    538 #
    539 # Note: The following must must be present to support
    540 #       starting without SSL on platforms with no /dev/random equivalent
    541 #       but a statically compiled-in mod_ssl.
    542 #
    543 <IfModule ssl_module>
    544 SSLRandomSeed startup builtin
    545 SSLRandomSeed connect builtin
    546 </IfModule>
    547 
    548 ServerTokens ProductOnly
    549 ProtocolsHonorOrder On
    550 Protocols h2 http/1.1
    551 
    552 RewriteEngine on
    553 RewriteCond %{SERVER_PORT} !^443$
    554 RewriteRule ^/?(.*)$ https://%{SERVER_NAME}/$1 [L,R]
    View Code

    这是apache http 服务器的主配置文件。包含发送给服务器的指令。查看细节:http://httpd.apache.org/docs/2.4/,特别是http://httpd.apache.org/docs/2.4/mod/directives.html,可以对每个指令进行讨论。不要只简单的读读这个配置文件,他们的介绍都是很粗略的,如果你不曾详细了解线上文档,可能会处处遇到警告。

    Configuration and logfile names:如果你用/或者win32下的盘符:/指定了控制文件路径的话,则使用它,如果没有,则会前缀ServerRoot,比如日志文件access/access_log,而ServerRoot被设置为/usr/local/apache2,就会被连缀成/usr/local/apache2/logs/access_log去操作那个文件。ServerRoot是error,log等文件保存的根目录。

    不要在所有目录结尾添加反斜杠。如果你的ServerRoot不是本地磁盘,如果使用基于文件的互斥的话,应该在互斥指令上指定本地盘。ServerRoot用于指定守护进程httpd的运行目录,httpd在启动之后将自动将进程的当前目录改变为这个目录,因此如果设置文件中指定的文件或目录是相对路径,那么真实路径就位于这个ServerRoot定义的路径之下。一定要在本地磁盘中指定一个LockFile指令。如果你希望让多个httpd守护进程共享服务器根目录,你至少需要更改LockFile和PidFile。

    **ServerRoot "/usr/local/apache"

    **ScoreBoardFile /var/run/httpd.scoreboard  

    httpd使用ScoreBoardFile来维护进程的内部数据,因此通常不需要改变这个参数,除非管理员想在一台计算机上运行几个Apache服务器,这时每个Apache服务器都需要独立的设置文件htt pd.conf,并使用不同的ScoreBoardFile。

    互斥:允许你为多个不同的互斥对象设置互斥机制【mutex mechanism】和互斥文件目录,或者修改全局默认值。如果互斥对象是基于文件的以及默认的互斥文件目录不在本地磁盘或因为其它原因而不适用,那么取消注释并改变目录。【下面这个命令是改变互斥对象的目录】。

    **Mutex default: logs (详解mutex)

    mutex is the basic synchronization method used within Traffic Server to protect data from simultaneous access by multiple threads. A mutex acts as a lock that protects data in one program thread from being accessed by another thread.

    它的作用就是枢纽服务器的基础异步方法,用于保护多线程的相同请求的数据的保护。就像一个锁,对于一个程序线程来说,确保不能被另一个线程访问。

    Listen:允许将ip和/或端口号绑定到apache,替代默认设置。参看<VirtualHost>指令。如Listen 12.34.56.78:80或者Listen:80来让特定ip或端口开放,可以阻止apache上绑定的所有ip被访问到。这是个必须指定的指令,否则无法启动。

    When httpd starts, it binds to some port and address on the local machine and waits for incoming requests. By default, it listens to all addresses on the machine. However, it may need to be told to listen on specific ports, or only on selected addresses, or a combination of both. This is often combined with the Virtual Host feature, which determines how httpd responds to different IP addresses, hostnames and ports.

    The Listen directive tells the server to accept incoming requests only on the specified port(s) or address-and-port combinations. If only a port number is specified in the Listendirective, the server listens to the given port on all interfaces. If an IP address is given as well as a port, the server will listen on the given port and interface. Multiple Listen directives may be used to specify a number of addresses and ports to listen on. The server will respond to requests from any of the listed addresses and ports.

    httpd启动时,绑定了端口和地址在本机上,等候进入的请求。默认情况下,它坚挺所有这台及其上的地址,然后可以按需要指定端口或者地址,或者二者复合。通常结合虚拟主机特性,由它来决定响应不同的地址和端口请求。

    动态共享对象支持(Dymanic shared object DSO)。为了能使用打包成DSO的module的功能,你可以在使用前添加相应的"LoadModule"在这个位置,静态编译的modules(可以通过httpd -l列出来)不需要在这里加载。

    User/Group: 如果你希望httpd以不同用户和组运行,必须以root进行初始化,并且将切换。使用名字或数字来运行httpd,跟多数系统服务一样创建一个独立的用户或组来运行httpd是个良好的实践。

    <IfModule unixd_module>

    User apache
    Group apache

    </IfModule>

    主服务配置。这个区块设置的值由主服务使用,它将对所有<VirtualHost>不做响应的请求进行响应。这些值为<VirtualHost>容器提供了默认值。所有这些指令可以出现在<VirtualHost>容器中,如果在<VirtualHost>中作了定义,将对这里的值覆盖。

    ServerAdmin:你的地址,服务器的问题如何联系的邮箱。这个邮箱经常会出现在服务器管理页面,比如错误文档。

    ServerName:给出服务器名字和端口,用于识别自身。这通常都是自动的,但是提醒你还是明确指定以避免启动中的问题。ServerName 0.0.0.0:80

    <Directory />
    AllowOverride none
    #Require all denied
    </Directory>

    对全部服务器文件系统项进行否定访问,在其他的<Directory>块中必须明确允许访问到web内容目录。

    注意在这个点往前,必须特别允许特定的属性为enabled,如果有些工作不合乎期望,确保已经指定为enabled。

    DocumentRoot:对外提供服务的目录。默认情况下,所有的请求来自这个目录,但软连接和别名可能指向其他地方。DocumentRoot "/data/www/default"

    <Directory "/data/www/default">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    Options指令的可能值为None,All,或者任何联合项,Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.

    注意MultiViews不在Options All指定之中,比较特殊。
    #
    # The Options directive is both complicated and important. Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.

    Options指令复杂而重要。查看http://httpd.apache.org/docs/2.4/mod/core.html#options获取更多信息。

    #
    Options Indexes FollowSymLinks

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    # AllowOverride FileInfo AuthConfig Limit

    Apache httpd.conf配置文件AllowOverride参数详解--http://www.upupw.net/server/n73.html

    AllowOverride从字面上解释是允许覆盖的意思,即Apache允许另一配置文件覆盖现有配置文件。

    我们通常利用Apache的rewrite模块对URL进行重写,rewrite规则会写在 .htaccess 文件里。但要使 apache 能够正常的读取.htaccess 文件的内容,就必须对.htaccess 所在目录进行配置。

    从安全性考虑,根目录的AllowOverride属性一般都配置成不允许任何Override,即:

    < Directory /> 
    AllowOverride None 
    < /Directory>

    在 AllowOverride 设置为 None 时, .htaccess 文件将被完全忽略。当此指令设置为 All 时,所有具有 “.htaccess” 作用域的指令都允许出现在 .htaccess 文件中。

    而对于 URL rewrite 来说,至少需要把目录设置为:

    < Directory /myblogroot/> 
    AllowOverride FileInfo 
    < /Directory>

    以下是AllowOverride的详细参数:

    AuthConfig

    允许使用与认证授权相关的指令(AuthDBMGroupFile, AuthDBMUserFile, AuthGroupFile, AuthName, AuthType, AuthUserFile, Require, 等)。

    FileInfo

    允许使用控制文档类型的指令(DefaultType, ErrorDocument, ForceType, LanguagePriority, SetHandler, SetInputFilter, SetOutputFilter, mod_mime中的 Add* 和 Remove* 指令等等)、控制文档元数据的指令(Header, RequestHeader, SetEnvIf, SetEnvIfNoCase, BrowserMatch, CookieExpires, CookieDomain, CookieStyle, CookieTracking, CookieName)、mod_rewrite中的指令(RewriteEngine, RewriteOptions, RewriteBase, RewriteCond, RewriteRule)和mod_actions中的Action指令。

    Indexes

    允许使用控制目录索引的指令(AddDescription, AddIcon, AddIconByEncoding, AddIconByType, DefaultIcon, DirectoryIndex, FancyIndexing, HeaderName, IndexIgnore, IndexOptions, ReadmeName, 等)。

    Limit

    允许使用控制主机访问的指令(Allow, Deny, Order)。

    Options[=Option,...]

    允许使用控制指定目录功能的指令(Options和XBitHack)。可以在等号后面附加一个逗号分隔的(无空格的)Options选项列表,用来控制允许Options指令使用哪些选项。

    AllowOverride控制.htaccess文件,可以是All ,None或者任何的复合关键词。
    #
    AllowOverride None

    #
    # Controls who can get stuff from this server.

    控制哪些可以从服务器取到东西。
    #
    #Require all granted
    </Directory>

    DirectoryIndex: 设置如果一个目录被访问的时候apache提供服务的文件。

    <IfModule dir_module>
    DirectoryIndex index.html index.php
    </IfModule>

    下面行提供.htaccess和.htpasswd文件中可以被web客户端查看的文件。

    <Files ".ht*">
    #Require all denied
    </Files>

    ErrorLog:error log文件的位置,如果你不在<VirtualHost>中指定这个指令值,那么那个虚拟主机容器中的错误消息将记录在这儿。如果你在虚拟容器中指定了,将记录在那儿,而非这儿。
    ErrorLog "logs/error_log"

    LogLevel:控制被记录到error_log中的信息数量,可能的值包括:debug, info, notice, warn, error, crit, alert, emerg.

    LogLevel warn

    <IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).

    下面的指令定义了一些在CustomLog使用的格式化昵称。
    #
    LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
    LogFormat "%h %l %u %t "%r" %>s %b" common

    %h    客户端ip地址
    %l %u 这两个一般不用看
    %t 时间
    %r 访问方式内容
    %>s 状态码
    %b 理解为浏览器类型

    也就是规定了日志文件中的各个字段的意思。

    116.62.209.27 - - [02/Feb/2018:13:04:12 +0800] "GET /phpmyadmin/explicit_not_exist_path HTTP/1.1" 404 232

    <IfModule logio_module>
    # You need to enable mod_logio.c to use %I and %O

    需要使用%I and %O使mod_logio.c可用
    LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i" %I %O" combinedio
    </IfModule>

    #
    # The location and format of the access logfile (Common Logfile Format).
    # If you do not define any access logfiles within a <VirtualHost>
    # container, they will be logged here. Contrariwise, if you *do*
    # define per-<VirtualHost> access logfiles, transactions(事物) will be
    # logged therein(在那里) and *not* in this file.

    access logfile位置和格式化。如果在虚拟主机容器中定义了access logfiles,将记录在这儿。反之,则记录在那儿。
    #
    CustomLog "logs/access_log" common

    #
    # If you prefer a logfile with access, agent, and referer information
    # (Combined Logfile Format) you can use the following directive.

    如果提供了一个access logfile,代理,和参考信息(Combined Logfile Format),可以使用以下指令。像这样"%{Referer}i" "%{User-Agent}i"
    #
    #CustomLog "logs/access_log" combined
    </IfModule>


    <IfModule alias_module>
    #
    # Redirect: Allows you to tell clients about documents that used to
    # exist in your server's namespace, but do not anymore. The client
    # will make a new request for the document at its new location.
    # Example:

    # Redirect permanent /foo http://www.example.com/bar

    Redirect:用于定义永久或临时重定向

    #
    # Alias: Maps web paths into filesystem paths and is used to
    # access content that does not live under the DocumentRoot.
    # Example:
    # Alias /webpath /full/filesystem/path

    Alias:对web路径映射成文件系统路径。通常是那些不在DocumentRoot底下的可访问内容。
    #
    # If you include a trailing / on /webpath then the server will
    # require it to be present in the URL. You will also likely
    # need to provide a <Directory> section to allow access to
    # the filesystem path.

    如果包含包含了/在/webpath中,服务器将在url中显示出来。将也可能需要提供<Directory>块来访问到那个文件路径。

    #
    # ScriptAlias: This controls which directories contain server scripts.
    # ScriptAliases are essentially the same as Aliases, except that
    # documents in the target directory are treated as applications and
    # run by the server when requested rather than as documents sent to the
    # client. The same rules about trailing "/" apply to ScriptAlias
    # directives as to Alias.

    ScriptAlias:这个控制含有服务器脚本的目录。ScriptAliases本质上跟Aliases相同,除了目标文件夹中的文档在被请求的时候被当作应用和由服务器运行,而不是作为文档发送到客户端。跟alias指令具有相同规则,带有/的情况。
    #
    ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"

    </IfModule>

    <IfModule cgid_module>
    #
    # ScriptSock: On threaded servers, designate the path to the UNIX
    # socket used to communicate with the CGI daemon of mod_cgid.

    ScriptSock:在线程服务器中,给unix socket指定的路径,用以同mod_cgid的cgi守护进程通讯。
    #
    #Scriptsock cgisock
    </IfModule>

    如果你配置了ScriptAlias,"/usr/local/apache/cgi-bin"应该被改变成那个存在的ScriptAliased cgi目录。

    <Directory "/usr/local/apache/cgi-bin">
    AllowOverride None 不允许重写
    Options None 选项为none
    Require all granted 授权所有访问者
    </Directory>

    <IfModule headers_module>
    #
    # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
    # backend servers which have lingering "httpoxy" defects.
    # 'Proxy' request header is undefined by the IETF, not listed by IANA

    允许通过配置文件控制任意的HTTP请求和应答头信息。这个模块提供了一些指令用于控制和修改HTTP请求头和应答头。这些头可以被合并、替换、删除。避免在这个或任何有潜在“httpoxy”漏洞的代理后端服务器上将http_proxy环境传递给CGI的环境。“proxy”请求标头不是由IETF(The Internet Engineering Task Force,国际互联网工程任务组)定义,也不是由IANA(The Internet Assigned Numbers Authority,互联网数字分配机构)登记。《HTTPOXY漏洞说明

    【HTTP协议系列5】http proxy原理--http://blog.csdn.net/zongzhiyuan/article/details/53700294

    #
    RequestHeader unset Proxy early
    </IfModule>

    Supplemental configuration
    追加配置

    目录conf/extra/中的配置文件包含了额外的特性或者是改变服务器默认配置,或者根据需要可以简单的将那些内容复制到这里并改变值。

    MPM模式,一共有三种稳定的MPM(Multi-Processing Module,多进程处理模块)模式,(winnt模式,perfork模式,worker模式)。

    升级apache--http://blog.csdn.net/laoyiin/article/details/50977354

    apache的三种MPM模式比较--http://blog.jobbole.com/91920/

    #Include conf/extra/httpd-mpm.conf'

    复合语言错误消息

    #Include conf/extra/httpd-multilang-errordoc.conf

    动态目录列表形式配置;

    #Include conf/extra/httpd-autoindex.conf

    语言设置

    #Include conf/extra/httpd-languages.conf

    用户主目录

    #Include conf/extra/httpd-userdir.conf

    配置和请求的真实时间信息

    Include conf/extra/httpd-info.conf

    虚拟主机

    Include conf/extra/httpd-vhosts.conf

    本地访问Apache HTTP服务器手册

    #Include conf/extra/httpd-manual.conf

    分布式创作和版本控制(WebDAV)

    #Include conf/extra/httpd-dav.conf

    多种默认设置

    #Include conf/extra/httpd-default.conf

    识别HTML4/XHTML1的配置mod_proxy_html

    <IfModule proxy_html_module>
    Include conf/extra/proxy-html.conf
    </IfModule>

    安全连接(SSL/TLS)

    Include conf/extra/httpd-ssl.conf

    /dev/random和/dev/urandom是Linux系统中提供的随机伪设备,这两个设备的任务,是提供永不为空的随机字节数据流。很多解密程序与安全应用程序(如SSH Keys,SSL Keys等)需要它们提供的随机数据流。注意:以下配置必须必须存在用以支持没有/dev/random的平台开启ssl,等效是有一个静态的内编译的mod_ssl

    <IfModule ssl_module>
    SSLRandomSeed startup builtin
    SSLRandomSeed connect builtin
    </IfModule>

    ServerTokens ProductOnly
    ProtocolsHonorOrder On  是否遵守在Protocols中设置的顺序。
    Protocols h2 http/1.1  http:// 连接 (h2c) https:// 连接 (h2)

    默认地,服务器HTTP响应头会包含apache和php版本号。像下面的,这是有危害的,因为这会让黑客通过知道详细的版本号而发起已知该版本的漏洞攻击。Server: Apache/2.2.17 (Unix) PHP/5.3.5

    为了阻止这个,需要在httpd.conf设置ServerTokens为Prod,这会在响应头中显示“Server:Apache”而不包含任何的版本信息。

    ServerTokens Prod

    下面是ServerTokens的一些可能的赋值:

    ServerTokens Prod 显示“Server: Apache”
    ServerTokens Major 显示 “Server: Apache/2″
    ServerTokens Minor 显示“Server: Apache/2.2″
    ServerTokens Min 显示“Server: Apache/2.2.17″
    ServerTokens OS 显示 “Server: Apache/2.2.17 (Unix)”
    ServerTokens Full 显示 “Server: Apache/2.2.17 (Unix) PHP/5.3.5″ (如果你这指定任何的值,这个是默认的返回信息)

     

  • 相关阅读:
    手把手教你整Win10的Linux子系统(Ubuntu)
    Golang从入门到微服务
    GitHub总是打不开
    github无法push?看这篇文章就够了
    shell 操作mysql
    04 elasticsearch学习笔记-基本CRUD
    kibana-6.2.4-amd64的安装
    es 的reindex详解
    ruby 操作csv
    shell 去掉逗号_shell替换和去掉换行符
  • 原文地址:https://www.cnblogs.com/jiangtian/p/8404791.html
Copyright © 2020-2023  润新知