首页 > 代码库 > 配置apache

配置apache

Apache安装

端口号:80

线上使用的较多的版本为2.0或者2.2,网址http://apache.fayea.com/httpd,所谓的apache,它真正的名字叫httpd

查看apache编译参数:cat /usr/local/apache2/build/config.nice

查看apapche模块:/usr/local/apache2/bin/apachectl-M

检查apache配置文件是否有误:/usr/local/apache2/bin/apachectl–t

启动apapche:/usr/local/apache2/bin/apachectlstart

加载apache配置文件:/usr/local/apache2/bin/apachectlgraceful

默认虚拟主机原理:当用IP去访问默认的是第一台虚拟主机,所以设置空文件让你403,只允许用域名访问

检查安全机制是否开启:getenforce

关闭安全机制:setenforce0

查看防火墙规则:iptables–nvL

清除防火墙规则:iptables–F

保存防火墙规则:serviceiptables save

状态码:

200:表示正常

301:表示域名跳转

401:表示需要输入用户名和密码

403:表示可能被禁止访问

302404:表示输入的路径可能有错

500:表示php脚本有问题

熟练apache2.2apache2.4

apache 2.2版本安装

步骤:

         cd/usr/local/src

         wgethttp://apache.fayea.com/httpd/httpd-2.2.31.tar.bz2

         tar-jxvf httpd-2.2.31.tar.bz2

         wgethttp://www.lishiming.net/data/attachment/forum/epel-release-6-8_32.noarch.rpm

         rpm-ivh epel-release-6-8_32.noarch.rpm

         yuminstall -y zlib-devel             //编译需要的包

         yuminstall -y pcre pcre-devel apr apr-devel             //编译需要的包

         yuminstall -y gcc               //编译需要的包

         cdhttpd-2.2.31

         ./configure--prefix=/usr/local/apache2 --with-included-apr --enable-so--enable-deflate=shared --enable-expires=shared --enable-rewrite=shared--with-pcre

         echo$?

         make

         echo$?

         makeinstall

         echo$?

cp/usr/local/apache2/bin/apachectl /etc/init.d/httpd

         /etc/init.d/httpdstart

 

apache加入系统服务

vim /etc/init.d/httpd

#!/bin/bash添加两行

#chkconfig: 35 70 30

#description Apache

 

chkconfig --add httpd

chkconfig httpd on

/etc/init.d/httpd start

apache 2.4版本安装

centos6yum安装的apr版本已经不适用httpd-2.4版本了。所以,需要源码编译apr以及apr-util

apr网址:http://mirrors.cnnic.cn/

步骤:

cd /usr/local/src

wget http://mirrors.cnnic.cn/apache/httpd/httpd-2.4.23.tar.bz2

wget http://mirrors.cnnic.cn/apache/apr/apr-1.5.2.tar.bz2

wget http://mirrors.cnnic.cn/apache/apr/apr-util-1.5.4.tar.gz

yum install -y zlib-devel

yum install -y gcc

yum install -y pcre pcre-devel 

tar jxvf apr-1.5.2.tar.bz2

cd apr-1.5.2

./configure --prefix=/usr/local/apr

echo $?

make

make install

echo $?

cd ..

tar zxvf apr-util-1.5.4.tar.gz

cd apr-util-1.5.4

./configure --prefix=/usr/local/apr-util--with-apr=/usr/local/apr/

echo $?

make

make install

cd ..

tar -jxvf httpd-2.4.23.tar.bz2

cd httpd-2.4.23

./configure --prefix=/usr/local/apache2--with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/           //注意指定编译安装aprapr-util的目录,否则报错

make

make install

 

 

 

 

 

apache添加模块(略)

添加模块用到了apache的扩展工具  apxs

先确认apache是否已经加载了 mod_so 模块

 

apache配置虚拟主机

//1.打开虚拟主机开关

vim /usr/local/apache2/conf/httpd.conf

 

# Virtual hosts

#Include conf/extra/httpd-vhosts.conf            //#去掉

//2.打开虚拟主机配置文件

vim/usr/local/apache2/conf/extra/httpd-vhosts.conf

#配置默认虚拟主机

NameVirtualHost *:80

 

<VirtualHost *:80>

   DocumentRoot "/tmp/www"

   ServerName 123.com

</VirtualHost>

#配置第二台虚拟主机

<VirtualHost *:80>

   DocumentRoot "/data/www"

   ServerName www.test.com

ServerAlias www.aaa.com

#不记录指定文件类型:注意在访问日志加上env=!image-request

SetEnvIfRequest_URI ".*\.gif$" image-request

   SetEnvIf Request_URI ".*\.jpg$" image-request

   SetEnvIf Request_URI ".*\.png$" image-request

   SetEnvIf Request_URI ".*\.bmp$" image-request

   SetEnvIf Request_URI ".*\.swf$" image-request

   SetEnvIf Request_URI ".*\.js$" image-request

   SetEnvIf Request_URI ".*\.css$" image-request

 

#日志切割

         ErrorLog"logs/test.com-error_log"

   CustomLog "|/usr/local/apache2/bin/rotatelogs -l/usr/local/apache2/logs/test.com-access_%Y%m%d.log 86400" combined env=!image-request

#配置防盗链

SetEnvIfNoCaseReferer "^http://.*\.test\.com" local_ref

SetEnvIfNoCaseReferer ".*\.apelearn\.com" local_ref

SetEnvIfNoCase Referer "^$" local_ref

   <filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif|png)">

       Order Allow,Deny

       Allow from env=local_ref

   </filesmatch>

#访问控制,针对uri去限制

<filesmatch"(.*)admin(.*)">

       Order deny,allow

       Deny from all

       Allow from 127.0.0.1

       Allow from 192.168.134.1

</filesmatch>

#访问控制,针对某个目录去限制

   <Directory /data/www/>

       Order deny,allow

       Deny from all

       Allow from 127.0.0.1

       Allow from 192.168.134.1

   </Directory>

 

#配置静态缓存

<IfModulemod_expires.c>

      ExpiresActive on

      ExpiresByType image/gif "access plus 1 days"

      ExpiresByType image/jpeg "access plus 24 hours"

      ExpiresByType image/png "access plus 24 hours"

      ExpiresByType text/css "now plus 2 hour"

      ExpiresByType application/x-javascript "now plus 2 hours"

      ExpiresByType application/javascript "now plus 2 hours"

      ExpiresByType application/x-shockwave-flash "now plus 2 hours"

      ExpiresDefault "now plus 0 min"

   </IfModule>

#域名301跳转

    <IfModulemod_rewrite.c>

       RewriteEngine on

       RewriteCond %{HTTP_HOST} ^www.aaa.com$

       RewriteRule ^/(.*)$ http://www.test.com/$1 [R=301,L]

#禁止指定user_agent

RewriteCond %{HTTP_USER_AGENT} ^.*curl.* [NC,OR]

       RewriteCond %{HTTP_USER_AGENT} ^.*Chrome.* [NC]

#通过rewrite限制某个目录

RewriteCond %{REQUEST_URI} ^.*/tmp/* [NC]

       RewriteRule .* - [F]

</IfModule>

 

 

#禁止解析php

<Directory/data/www/data>

      php_admin_flag engine off

      <filesmatch "(.*)php">

           Order deny,allow

           Deny from all

      </filesmatch>

   </Directory>

#apache用户认证

   <Directory /data/www/abc>

       AllowOverride AuthConfig

       AuthName "hongda"

       AuthType Basic

       AuthUserFile /data/www/.htpasswd

       require valid-user

   </Directory>

</VirtualHost>

 

//      第一个主机为默认虚拟主机,当输入IP时,默认指向第一主机,若默认虚拟主机不想

//   被访问,设置个空目录即可。一个IP可以对应多个域名,不在虚拟主机的域名也不能//   访问

// 配置防盗链理解referer,对于一个网站连接的referer,是最上面的那个网址(如www.baidu.com)就是这个网战链接的refer         ,其中用到了filesmatch语法,表示匹配的意思

// 配置静态缓存引用模块IfModulemod_expires.c,其中nowaccess的作用都一样

// 域名301跳转引用模块IfModulemod_rewrite.c,理解其中的变量名

// 访问控制中的deny allow的规则是看order后面,哪个在前,哪个在后,只看前后,不看上下,如果deny在前,就在先看deny from,再看allow from

// 禁止解析php,禁止解析的目录是用户能上传文件的目录/data/www/data/attachment/forum/201604/29/

其中php_admin_flag engine off是禁止解析php,下面那段是不让它下载

/data/www                         //目录是discuz论坛存放的配置文件

/data/www/abc                //是要认证的目录

/data/www/.htpasswd      //认证存放用户名和密码,使用apachehtpassed工具创建用户

//      不记录指定文件类型,先定义一个变量image-request,然后在访问日志加一个取反标记env=!image-request

htpasswd –c /data/www/.htpasswd user1              //这是第一次创建加-c

htpasswd /data/www/.htpasswd user2               //第二次创建,目录已存在,不用加-c


本文出自 “11736718” 博客,请务必保留此出处http://11746718.blog.51cto.com/11736718/1870792

配置apache