Apache 配置总结

发表于 | 分类于 | | 阅读次数

本文记录了 Apache 一系列常用的配置,包括但不限于:rewrite、cgi、自定义错误页、gzip、静态缓存。

若未作特别声明,均在/etc/httpd/conf.d/目录中进行配置!

Apache 虚拟主机

<VirtualHost *:80>
    ServerName www.zfl.com
    DocumentRoot /var/www/html
    DirectoryIndex index.html
</VirtualHost>

## 绑定多个域名
ServerName zfl.com
ServerAlias www.zfl.com m.zfl.com

Apache 目录浏览

--- /opt/www/httpd/conf/httpd.conf ---
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule dir_module modules/mod_dir.so
Include conf/extra/httpd-autoindex.conf
Include conf/extra/httpd-vhosts.conf
--- /opt/www/httpd/conf/httpd.conf ---

--- /opt/www/httpd/conf/extra/httpd-vhosts.conf ---
<VirtualHost *:80>
    ServerName www.zfl.com
    DocumentRoot /opt/www/httpd/htdocs
    DirectoryIndex index.html index.php index.htm
    <Directory /opt/www/httpd/htdocs>
        Options +Indexes
    </Directory>
</VirtualHost>
--- /opt/www/httpd/conf/extra/httpd-vhosts.conf ---

隐藏版本信息

--- conf/httpd.conf ---
Include conf/extra/httpd-default.conf
--- conf/httpd.conf ---

--- conf/extra/httpd-default.conf ---
ServerTokens Prod
ServerSignature Off
--- conf/extra/httpd-default.conf ---

启用 MPM 模式

Apache 2.4 默认 event

--- httpd.conf ---
LoadModule mpm_event_module modules/mod_mpm_event.so
Include conf/extra/httpd-mpm.conf
--- httpd.conf ---

添加模块(编译)

cd /usr/local/src/httpd/modules/metadata/
/opt/www/httpd/bin/apxs -c -i -a mod_expires.c

AllowOverride、Options

## AllowOverride ##
AllowOverride参数就是指明Apache服务器是否去找.htacess文件作为配置文件,
如果设置为None,那么服务器将忽略.htacess文件,
如果设置为All,那么所有在.htaccess文件里有的指令都将被重写

## Options ##
允许目录浏览,执行CGI程序,允许跟随符号链接等

<VirtualHost *:80>
    ServerName www.zfl.com
    DocumentRoot /var/www/html
    DirectoryIndex index.html
    <Directory /var/www/html>
        AllowOverride None
        Options None
    </Directory>
</VirtualHost>

## AllowOverride:
AuthConfig  允许使用所有的权限指令,他们包括AuthDBMGroupFile AuthDBMUserFile  AuthGroupFile  AuthName AuthTypeAuthUserFile和Require
FileInfo    允许使用文件控制类型的指令。它们包括AddEncoding AddLanguage  AddType  DEfaultType ErrorDocument LanguagePriority
Indexes     允许使用目录控制类型的指令。它们包括AddDescription  AddIcon  AddIconByEncoding AddIconByType  DefaultIcon  DirectoryIndex  FancyIndexing  HeaderName  IndexIgnore  IndexOptions ReadmeName
Limit       允许使用权限控制指令。它们包括Allow Deny和Order
Options     允许使用控制目录特征的指令.他们包括Options 和XBitHack

## Options:
All             准许以下除MultiViews以外所有功能
MultiViews      允许多重内容被浏览,如果你的目录下有一个叫做foo.txt的文件,那么你可以通过/foo来访问到它,这对于一个多语言内容的站点比较有用
Indexes         若该目录下无index文件,则准许显示该目录下的文件以供选择
IncludesNOEXEC  准许SSI,但不可使用#exec和#include功能
Includes        准许SSI
FollowSymLinks  在该目录中,服务器将跟踪符号链接。注意,即使服务器跟踪符号链接,它也不会改变用来匹配不同区域的路径名,如果在<Local>;标记内设置,该选项会被忽略
SymLinksIfOwnerMatch  在该目录中仅仅跟踪本站点内的链接
ExecCGI         在该目录下准许使用CGI

## 注意 ##
当 Options 参数前面有 +/- 号时(如:+ExecCGI):
+   所有前面加有"+"号的可选项将强制覆盖当前的可选项设置
-   所有前面有"-"号的可选项将强制从当前可选项设置中去除

Order Deny Allow

## 用于访问控制,允许、拒绝 ##
<VirtualHost *:80>
    ServerName www.zfl.com
    DocumentRoot /var/www/html
    DirectoryIndex index.html
    <Directory /var/www/html>
        Deny from 192.168.255.103 # 禁止来自192.168.255.103的访问
        # Allow from All # 允许任何合法请求
    </Directory>
</VirtualHost>

## Order 定义优先级 ##
<VirtualHost *:80>
    ServerName www.zfl.com
    DocumentRoot /var/www/html
    DirectoryIndex index.html
    <Directory /var/www/html>
        Order Allow,Deny
        Allow from All
        Deny from 192.168.255.103
    </Directory>
</VirtualHost>

后面的优先级高,如上例:Deny优先级比Allow高
apache先匹配Allow,然后匹配Deny
当出现冲突项时,冲突部分以优先级高的为准!

所以:
apache 先匹配allow -> 发现允许所有
然后匹配deny -> 发现拒绝来自192.168.255.103的访问
deny优先级高,所以综合起来就是允许除了192.168.255.103外的所有访问

eg:
    Order Allow,Deny
    Deny from All
    Allow from All       # 拒绝所有访问

    Order Deny,Allow
    Deny from All
    Allow from All       # 允许所有访问

Apache CGI 配置

# $conf/httpd.conf 中取消注释此行,启用 cgi 模块
LoadModule cgid_module modules/mod_cgid.so

# 假设 "/var/www/html/cgi-bin/" 目录是存放 cgi 程序的
<VirtualHost *:80>
    ServerName www.zfl.com
    DocumentRoot /var/www/html
    DirectoryIndex index.html
    ScriptAlias /cgi-bin/ /var/www/html/cgi-bin/
    <Directory /var/www/html/cgi-bin>
        Options ExecCGI
        AddHandler cgi-script .cgi .py .pl .sh
    </Directory>
</VirtualHost>

自定义错误页

<VirtualHost *:80>
    ServerName www.zfl.com
    DocumentRoot /var/www/html
    DirectoryIndex index.html
    ErrorDocument 404 /404.html
    ErrorDocument 403 /403.html
    ErrorDocument 500 /500.html
</VirtualHost>

gzip 页面压缩

<VirtualHost *:80>
    ServerName www.zfl.com
    DocumentRoot /var/www/html
    DirectoryIndex index.html
    ErrorDocument 404 /404.html
    ErrorDocument 403 /403.html
    ErrorDocument 500 /500.html
    <IfModule deflate_module>
        SetOutputFilter DEFLATE
        SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ no-gzip dont-vary
        SetEnvIfNoCase Request_URI .(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
        SetEnvIfNoCase Request_URI .(?:pdf|doc|avi|mov|mp3|rm)$ no-gzip dont-vary
        AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
        AddOutputFilterByType DEFLATE application/x-javascript application/x-httpd-php application/x-httpd-fastphp
    </IfModule>
</VirtualHost>

http 静态缓存

<VirtualHost *:80>
    ServerName www.zfl.com
    DocumentRoot /var/www/html
    DirectoryIndex index.html
    ErrorDocument 404 /404.html
    ErrorDocument 403 /403.html
    ErrorDocument 500 /500.html
    <IfModule mod_expires.c>
        ExpiresActive on
        ExpiresDefault A864000 # 10天
        ExpiresBytype text/css "access plus 14 days"
        ExpiresByType text/javascript "access plus 14 days"
        ExpiresByType application/x-javascript "access plus 14 days"
        ExpiresByType application/x-shockwave-flash "access plus 14 days"
        ExpiresByType image/* "access plus 14 days"
        ExpiresByType text/html "access plus 14 days"
        <FilesMatch ".(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|jpg|gif)$">
            ExpiresDefault A864000
        </FilesMatch>
    </IfModule>
</VirtualHost>

重写模块 rewrite

## 和nginx差不多,都是正则匹配替换 ##

1. 当访问的uri匹配 ^/root/.*$ 时,rewrite至/403.html 页面
<VirtualHost *:80>
    ServerName www.zfl.com
    DocumentRoot /var/www/html
    DirectoryIndex index.html
    RewriteEngine on
    RewriteCond %{REQUEST_URI} ^/root/.*$ [NC] # 相当于nginx 的 if
    RewriteRule ^.*$ /403.html [NC,L]  # 相当于nginx 的 rewrite
</VirtualHost>

2. 重定向http至https
<VirtualHost *:80>
    ServerName www.zfl9.com
    RewriteEngine on
    RewriteRule ^(.*)$ https://www.zfl9.com$1 [R=301,L]
</VirtualHost>

## flag
R[=code](force redirect)            强制外部重定向(默认302)
F(force URL to be forbidden)        禁用URL,返回403HTTP状态码
G(force URL to be gone)             强制URL为GONE,返回410HTTP状态码
P(force proxy)                      强制使用代理转发
L(last rule)                        表明当前规则是最后一条规则,停止分析以后规则的重写
N(next round)                       重新从第一条规则开始运行重写过程
C(chained with next rule)           与下一条规则关联
T=MIME-type(force MIME type)        强制MIME类型
NS (used only if no internal sub-request)   只用于不是内部子请求
NC(no case)                         不区分大小写
QSA(query string append)            追加请求字符串
NE(no URI escaping of output)       不在输出转义特殊字符
PT(pass through to next handler)    传递给下一个处理

## Apache变量
HTTP头
    HTTP_USER_AGENT
    HTTP_REFERER
    HTTP_COOKIE
    HTTP_FORWARDED
    HTTP_HOST
    HTTP_PROXY_CONNECTION
    HTTP_ACCEPT

连接与请求
    REMOTE_ADDR
    REMOTE_HOST
    REMOTE_PORT
    REMOTE_USER
    REMOTE_IDENT
    REQUEST_METHOD
    SCRIPT_FILENAME
    PATH_INFO
    QUERY_STRING
    AUTH_TYPE

服务器本身
    DOCUMENT_ROOT
    SERVER_ADMIN
    SERVER_NAME
    SERVER_ADDR
    SERVER_PORT
    SERVER_PROTOCOL
    SERVER_SOFTWARE

日期与时间
    TIME_YEAR
    TIME_MON
    TIME_DAY
    TIME_HOUR
    TIME_MIN
    TIME_SEC
    TIME_WDAY
    TIME

其他
    API_VERSION
    THE_REQUEST
    REQUEST_URI
    REQUEST_FILENAME
    IS_SUBREQ
    HTTPS