centos7 httpd配置
centos7 httpd配置
标签(空格分隔): 未分类
隐藏server信息
修改httpd.conf 设置,添加如下两行
ServerSignature Off
ServerTokens Prod
开启长连接
KeepAlive on
KeepAliveTimeout 60 #超时时间
MaxKeepAliveRequests 100 #超时时间内达到100个请求也将断开连接
启用文件压缩配置
在conf.d目录下新建配置文件compress.conf
SetOutputFilter DEFLATE
# mod_deflate configuration
# Restrict compression to these MIME types
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/css
# Level of compression (Highest 9 - Lowest 1)
DeflateCompressionLevel 9
# Netscape 4.x has some problems.
BrowserMatch ^Mozilla/4 gzip-only-text/html
# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4\.0[678] no-gzip
# MSIE masquerades as Netscape, but it is fine
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
httpd内置状态页面
在conf.d目录下编辑httpd-info.conf
<Location /server-status>
SetHandler server-status
require all denied
Require ip 172.16.138.1
</Location>
extendedstatus on
配置https
安装mod_ssl模块
yum install mod_ssl -y
在conf.d目录下编辑ssl.conf
Listen 443
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLHonorCipherOrder on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/usr/local/httpd/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost _default_:443>
DocumentRoot "/usr/local/httpd/htdocs"
ServerName www.example.com:443
ServerAdmin you@example.com
ErrorLog "/usr/local/httpd/logs/error_log"
TransferLog "/usr/local/httpd/logs/access_log"
SSLEngine on
SSLCertificateFile "/usr/local/httpd/conf/server.crt"
SSLCertificateKeyFile "/usr/local/httpd/conf/server.key"
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt #购买证书需修改此处配置
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt #自建证书修改配置
#修改上面四行的证书文件路径,
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/httpd/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
配置http强制跳转https
在主配置文件中添加如下字段
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
强制301重定向到https
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R=301,L]
</IfModule>
引用:https://blog.csdn.net/ithomer/article/details/78986266
配置basic访问验证
<Directory "/var/www/html">
Options Indexes FollowSymLinks #允许索引,和链接文件
AllowOverride None
authtype basic #认证类型
authname "test" #浏览器弹框提示信息
authuserfile /etc/httpd/.htpass #认证用户文件
#authgroupfile /etc/httpd/allow.group #认证组文件
#require group test
require valid-user #所有userfile文件的用户都可以访问
#require user user1 user2 #user1 user2 可以访问
</Directory>
htpasswd -m -c /etc/httpd/.htpass tom 添加验证用户 #-c创建用户文件
组文件
mygroup: bob joe anne
配置digest访问验证
<Directory "/var/www/html">
Options Indexes FollowSymLinks #允许索引,和链接文件
AllowOverride None
authtype digest
authname "digest test"
authdigestprovider file
authuserfile /etc/httpd/.htpass
require valid-user
</Directory>
require valid-user #所有userfile文件的用户都可以访问
</Directory>
创建用户文件
htdigest -c /etc/httpd/.htpass "digest test" tom #此处引号中内容需要与authname定义内容相同
虚拟主机配置
基于主机名的虚拟主机,在conf.d目录下编辑配置文件vhost-servername.conf
<VirtualHost *:80>
DocumentRoot "/data/vhost1/"
<Directory "/data/vhost1">
<requireall>
require all granted
</requireall>
</Directory>
ServerName a.test.com
ServerAlias www.dummy-host.example.com
ErrorLog "logs/vhost.-error_log"
CustomLog "logs/vhost-access_log" common
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/data/vhost2"
<Directory "/data/vhost2">
<requireall>
require all granted
</requireall>
</Directory>
ServerName b.test.com
ErrorLog "logs/vhost2-error_log"
CustomLog "logs/vhost2-access_log" common
</VirtualHost>
基于端口的虚拟主机,在conf.d目录下编辑配置文件vhost-port.conf
listen 80
listen 8080
<VirtualHost *:8080>
DocumentRoot "/data/vhost1/"
<Directory "/data/vhost1">
<requireall>
require all granted
</requireall>
</Directory>
ServerName a.test.com
ServerAlias www.dummy-host.example.com
ErrorLog "logs/vhost.-error_log"
CustomLog "logs/vhost-access_log" common
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/data/vhost2"
<Directory "/data/vhost2">
<requireall>
require all granted
</requireall>
</Directory>
ServerName b.test.com
ErrorLog "logs/vhost2-error_log"
CustomLog "logs/vhost2-access_log" common
</VirtualHost>
基于IP的虚拟主机,在conf.d目录下编辑配置文件vhost-ip.conf
listen 80
<VirtualHost 192.168.0.100:80>
DocumentRoot "/data/vhost1/"
<Directory "/data/vhost1">
<requireall>
require all granted
</requireall>
</Directory>
ServerName a.test.com
ServerAlias www.dummy-host.example.com
ErrorLog "logs/vhost.-error_log"
CustomLog "logs/vhost-access_log" common
</VirtualHost>
<VirtualHost 192.168.0.200:80>
DocumentRoot "/data/vhost2"
<Directory "/data/vhost2">
<requireall>
require all granted
</requireall>
</Directory>
ServerName b.test.com
ErrorLog "logs/vhost2-error_log"
CustomLog "logs/vhost2-access_log" common
</VirtualHost>
反向代理
在主配置文件中或者虚拟主机中添加如下字段
ProxyRequests off
#<Proxy />
# Order deny,allow
# Allow from all
#</Proxy>
ProxyPass / http://172.16.138.129
ProxyPassReverse / http://172.16.138.129
设置反向代理后端服务器日志记录真实IP地址
在代理服务器配置中添加如下配置
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 172.16.138.129 #此处地址为后端服务器地址
后端服务器日志格式修改
默认格式为:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
修改为:
LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
参考:https://blog.csdn.net/qq_22227087/article/details/91519602
日志字段说明
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
%h:客户端IP地址;
%l:Remote User, 通常为一个减号(“-”);
%u:Remote user (from auth; may be bogus if return status (%s) is 401);非为登录访问时,其为一个减号;
%t:服务器收到请求时的时间;
%r:First line of request,即表示请求报文的首行;记录了此次请求的“方法”,“URL”以及协议版本;
%>s:响应状态码;
%b:响应报文的大小,单位是字节;不包括响应报文的http首部;
%{Referer}i:请求报文中首部“referer”的值;即从哪个页面中的超链接跳转至当前页面的;
%{User-Agent}i:请求报文中首部“User-Agent”的值;即发出请求的应用程序;
在线文档说明
http://httpd.apache.org/docs/2.4/mod/mod_log_config.html#formats
centos7 httpd配置的更多相关文章
- Linux CentOS7 httpd 配置注释
本文首发:https://www.somata.work/2019/LinuxCentOShttpdConfigComment.html 如果没看懂可以去看看官方发布的文档 apache官方文档 co ...
- CentOS7安装配置Apache HTTP Server
RPM安装httpd 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 # yum -yinstall http ...
- Centos7安装配置Apache+PHP+Mysql+phpmyadmin
转载自: Centos7安装配置Apache+PHP+Mysql+phpmyadmin 一.安装Apache yum install httpd 安装成功后,Apache操作命令: systemctl ...
- Centos7网络配置,vsftpd安装及530报错解决
今天在虚拟机安装CentOS7,准备全新安装LTMP,结果又是一堆问题,不过正好因为这些出错,又给自己长了见识. 1,CentOS7网络配置 最小化安装CentOs7后,ifconfig提示comma ...
- Centos7安装配置gitlab
Centos7安装配置gitlab 这篇文字我会介绍在Centos7上安装gitlab,配置gitlab的smtp,并且创建项目demo. sudo yum install openssh-serve ...
- VMware中安装CentOS7网络配置静态IP地址,常用配置和工具安装
VMware中安装CentOS7网络配置静态IP地址,常用配置和工具安装在阿里云开源镜像地址下载镜像Index of /centos/7.2.1511/isos/x86_64/http://mirro ...
- centos7初步配置
centos7初步配置 首先安装lrzsz zip/unzip yum -y install lrzsz yum -y install zip unzip 安装vim yum install vim* ...
- centos7网络配置总结
centos7网络配置 --wang 一.通过配置文件 配置/etc/sysconfig/network-scripts/en.. 记忆信息量大,易出错,不推荐使用.配置多台电脑静态ip可以通过复制模 ...
- CentOS7基本配置一
CentOS7基本配置一 安装VMwareTools 1.点击重新安装VM-tool, 继而找到压缩文件VMwareTools-10.2.0...tar.gz,复制到桌面下,解压这么压缩文件到桌面下 ...
随机推荐
- 前端知识体系:JavaScript基础-原型和原型链-实现继承的几种方式以及他们的优缺点
实现继承的几种方式以及他们的优缺点(参考文档1.参考文档2.参考文档3) 要搞懂JS继承,我们首先要理解原型链:每一个实例对象都有一个__proto__属性(隐式原型),在js内部用来查找原型链:每一 ...
- qt触摸屏隐藏鼠标指针
方法1:运行加参数-nomouse 方法2:QWidget::setCursor(QCursor(Qt::BlankCursor) 例:this->setCursor(Qt::BlankCurr ...
- BZOJ 3744 Gty的妹子序列 做法集结
我只会O(nnlogn)O(n\sqrt nlogn)O(nnlogn)的 . . . . 这是分块+树状数组+主席树的做法O(nnlogn)O(n\sqrt nlogn)O(nnlogn) 搬来 ...
- Maven 配置问题 - could not find resource mybatis-config.xml
需要在pom中加入以下代码 <build> <resources> <resource> <directory>src/main/resources&l ...
- React生命周期, 兄弟组件之间通信
1.一个demo(https://www.reactjscn.com/docs/state-and-lifecycle.html) class Clock extends React.Componen ...
- http协议。会话控制cookie、session
http协议是无状态的协议.每次访问页面的http协议都是独立的,正是因为http协议是无状态的,所以导致访问一个页面后再去访问另一个页面的时候,一些数据会消失,比如:用户的登录信息就会消失.那么怎么 ...
- Java数据库小项目02--管家婆项目
目录 项目要求 开发环境搭建 工具类JDBCUtils 创建管家婆数据表 项目分层 MainApp层 MainView层 ZhangWuController层 ZhangWuService层 Zhan ...
- Java进阶知识12 Hibernate多对多双向关联(Annotation+XML实现)
1.Annotation 注解版 1.1.应用场景(Student-Teacher):当学生知道有哪些老师教,老师也知道自己教哪些学生时,可用双向关联 1.2.创建Teacher类和Student类 ...
- [Hihocoder] 字符串排序
题目 http://hihocoder.com/problemset/problem/1712 题解 https://www.zybuluo.com/wsndy-xx/note/1135606
- Python之从继承到C3算法
在Python2.X和Python3.X有很多不同的地方,其中一个区别就是和继承有关. 在Python3.X中,一个类如果没有指明其继承哪个类的时候,其默认就是继承object类. 而在Python2 ...