centos7 httpd配置

标签(空格分隔): 未分类

隐藏server信息

修改httpd.conf 设置,添加如下两行

ServerSignature Off

ServerTokens Prod

开启长连接

KeepAlive on

KeepAliveTimeout 60      #超时时间

MaxKeepAliveRequests 100   #超时时间内达到100个请求也将断开连接

启用文件压缩配置

在conf.d目录下新建配置文件compress.conf

	SetOutputFilter DEFLATE

    # mod_deflate configuration

	# Restrict compression to these MIME types

	AddOutputFilterByType DEFLATE text/plain

	AddOutputFilterByType DEFLATE text/html

	AddOutputFilterByType DEFLATE application/xhtml+xml

	AddOutputFilterByType DEFLATE text/xml

	AddOutputFilterByType DEFLATE application/xml

	AddOutputFilterByType DEFLATE application/x-javascript

	AddOutputFilterByType DEFLATE text/javascript

	AddOutputFilterByType DEFLATE text/css

	# Level of compression (Highest 9 - Lowest 1)

	DeflateCompressionLevel 9

	# Netscape 4.x has some problems.

	BrowserMatch ^Mozilla/4  gzip-only-text/html

	# Netscape 4.06-4.08 have some more problems

	BrowserMatch  ^Mozilla/4\.0[678]  no-gzip

	# MSIE masquerades as Netscape, but it is fine

	BrowserMatch \bMSI[E]  !no-gzip !gzip-only-text/html

httpd内置状态页面

在conf.d目录下编辑httpd-info.conf

<Location /server-status>

    SetHandler server-status

    require all denied

    Require ip 172.16.138.1

</Location>

extendedstatus on

配置https

安装mod_ssl模块

yum install mod_ssl -y

在conf.d目录下编辑ssl.conf

Listen 443

SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES

SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES

SSLHonorCipherOrder on 

SSLProtocol all -SSLv3

SSLProxyProtocol all -SSLv3

SSLPassPhraseDialog  builtin

SSLSessionCache        "shmcb:/usr/local/httpd/logs/ssl_scache(512000)"

SSLSessionCacheTimeout  300

<VirtualHost _default_:443>

DocumentRoot "/usr/local/httpd/htdocs"

ServerName www.example.com:443

ServerAdmin you@example.com

ErrorLog "/usr/local/httpd/logs/error_log"

TransferLog "/usr/local/httpd/logs/access_log"

SSLEngine on

SSLCertificateFile "/usr/local/httpd/conf/server.crt"

SSLCertificateKeyFile "/usr/local/httpd/conf/server.key"

#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt  #购买证书需修改此处配置

#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt  #自建证书修改配置

#修改上面四行的证书文件路径,

<FilesMatch "\.(cgi|shtml|phtml|php)$">

    SSLOptions +StdEnvVars

</FilesMatch>

<Directory "/usr/local/httpd/cgi-bin">

    SSLOptions +StdEnvVars

</Directory>

配置http强制跳转https

在主配置文件中添加如下字段

RewriteEngine On

RewriteCond %{HTTPS} !=on

RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

强制301重定向到https

<IfModule mod_rewrite.c>

RewriteEngine on

RewriteBase /

RewriteCond %{SERVER_PORT} !^443$

RewriteRule (.*) https://%{SERVER_NAME}/$1 [R=301,L]

</IfModule>

引用:https://blog.csdn.net/ithomer/article/details/78986266

配置basic访问验证

<Directory "/var/www/html">

 Options Indexes FollowSymLinks  #允许索引,和链接文件

 AllowOverride None

 authtype basic   #认证类型

 authname "test"   #浏览器弹框提示信息

 authuserfile /etc/httpd/.htpass   #认证用户文件

 #authgroupfile /etc/httpd/allow.group  #认证组文件

 #require group test

 require valid-user  #所有userfile文件的用户都可以访问

 #require user user1 user2  #user1 user2 可以访问

</Directory>

htpasswd -m -c /etc/httpd/.htpass tom 添加验证用户   #-c创建用户文件

组文件

mygroup: bob joe anne

配置digest访问验证

<Directory "/var/www/html">

 Options Indexes FollowSymLinks  #允许索引,和链接文件

 AllowOverride None

 authtype digest

 authname "digest test"

 authdigestprovider file

 authuserfile /etc/httpd/.htpass

 require valid-user

</Directory>

 require valid-user  #所有userfile文件的用户都可以访问 

</Directory>

创建用户文件

htdigest -c /etc/httpd/.htpass "digest test" tom #此处引号中内容需要与authname定义内容相同

虚拟主机配置

基于主机名的虚拟主机,在conf.d目录下编辑配置文件vhost-servername.conf

<VirtualHost *:80>

    DocumentRoot "/data/vhost1/"

    <Directory "/data/vhost1">

        <requireall>

                require all granted

        </requireall>

    </Directory>

    ServerName a.test.com

    ServerAlias www.dummy-host.example.com

    ErrorLog "logs/vhost.-error_log"

    CustomLog "logs/vhost-access_log" common

</VirtualHost>

<VirtualHost *:80>

    DocumentRoot "/data/vhost2"

        <Directory "/data/vhost2">

                <requireall>

                        require all granted

                </requireall>

        </Directory>

    ServerName b.test.com

    ErrorLog "logs/vhost2-error_log"

    CustomLog "logs/vhost2-access_log" common

</VirtualHost>

基于端口的虚拟主机,在conf.d目录下编辑配置文件vhost-port.conf

listen 80

listen 8080

<VirtualHost *:8080>

    DocumentRoot "/data/vhost1/"

    <Directory "/data/vhost1">

        <requireall>

                require all granted

        </requireall>

    </Directory>

    ServerName a.test.com

    ServerAlias www.dummy-host.example.com

    ErrorLog "logs/vhost.-error_log"

    CustomLog "logs/vhost-access_log" common

</VirtualHost>

<VirtualHost *:80>

    DocumentRoot "/data/vhost2"

        <Directory "/data/vhost2">

                <requireall>

                        require all granted

                </requireall>

        </Directory>

    ServerName b.test.com

    ErrorLog "logs/vhost2-error_log"

    CustomLog "logs/vhost2-access_log" common

</VirtualHost>

基于IP的虚拟主机,在conf.d目录下编辑配置文件vhost-ip.conf

listen 80

<VirtualHost 192.168.0.100:80>

    DocumentRoot "/data/vhost1/"

    <Directory "/data/vhost1">

        <requireall>

                require all granted

        </requireall>

    </Directory>

    ServerName a.test.com

    ServerAlias www.dummy-host.example.com

    ErrorLog "logs/vhost.-error_log"

    CustomLog "logs/vhost-access_log" common

</VirtualHost>

<VirtualHost 192.168.0.200:80>

    DocumentRoot "/data/vhost2"

        <Directory "/data/vhost2">

                <requireall>

                        require all granted

                </requireall>

        </Directory>

    ServerName b.test.com

    ErrorLog "logs/vhost2-error_log"

    CustomLog "logs/vhost2-access_log" common

</VirtualHost>

反向代理

在主配置文件中或者虚拟主机中添加如下字段

ProxyRequests off

#<Proxy />

#    Order deny,allow

#    Allow from all

#</Proxy>

ProxyPass / http://172.16.138.129

ProxyPassReverse / http://172.16.138.129

设置反向代理后端服务器日志记录真实IP地址

在代理服务器配置中添加如下配置

RemoteIPHeader X-Forwarded-For

RemoteIPTrustedProxy 172.16.138.129    #此处地址为后端服务器地址

后端服务器日志格式修改

默认格式为:

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

修改为:

LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

参考:https://blog.csdn.net/qq_22227087/article/details/91519602

日志字段说明

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined


%h:客户端IP地址;

%l:Remote User, 通常为一个减号(“-”);

%u:Remote user (from auth; may be bogus if return status (%s) is 401);非为登录访问时,其为一个减号;

%t:服务器收到请求时的时间;

%r:First line of request,即表示请求报文的首行;记录了此次请求的“方法”,“URL”以及协议版本;

%>s:响应状态码;

%b:响应报文的大小,单位是字节;不包括响应报文的http首部;

%{Referer}i:请求报文中首部“referer”的值;即从哪个页面中的超链接跳转至当前页面的;

%{User-Agent}i:请求报文中首部“User-Agent”的值;即发出请求的应用程序;

在线文档说明

http://httpd.apache.org/docs/2.4/mod/mod_log_config.html#formats

centos7 httpd配置的更多相关文章

  1. Linux CentOS7 httpd 配置注释

    本文首发:https://www.somata.work/2019/LinuxCentOShttpdConfigComment.html 如果没看懂可以去看看官方发布的文档 apache官方文档 co ...

  2. CentOS7安装配置Apache HTTP Server

    RPM安装httpd 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 # yum -yinstall http ...

  3. Centos7安装配置Apache+PHP+Mysql+phpmyadmin

    转载自: Centos7安装配置Apache+PHP+Mysql+phpmyadmin 一.安装Apache yum install httpd 安装成功后,Apache操作命令: systemctl ...

  4. Centos7网络配置,vsftpd安装及530报错解决

    今天在虚拟机安装CentOS7,准备全新安装LTMP,结果又是一堆问题,不过正好因为这些出错,又给自己长了见识. 1,CentOS7网络配置 最小化安装CentOs7后,ifconfig提示comma ...

  5. Centos7安装配置gitlab

    Centos7安装配置gitlab 这篇文字我会介绍在Centos7上安装gitlab,配置gitlab的smtp,并且创建项目demo. sudo yum install openssh-serve ...

  6. VMware中安装CentOS7网络配置静态IP地址,常用配置和工具安装

    VMware中安装CentOS7网络配置静态IP地址,常用配置和工具安装在阿里云开源镜像地址下载镜像Index of /centos/7.2.1511/isos/x86_64/http://mirro ...

  7. centos7初步配置

    centos7初步配置 首先安装lrzsz zip/unzip yum -y install lrzsz yum -y install zip unzip 安装vim yum install vim* ...

  8. centos7网络配置总结

    centos7网络配置 --wang 一.通过配置文件 配置/etc/sysconfig/network-scripts/en.. 记忆信息量大,易出错,不推荐使用.配置多台电脑静态ip可以通过复制模 ...

  9. CentOS7基本配置一

    CentOS7基本配置一 安装VMwareTools 1.点击重新安装VM-tool, 继而找到压缩文件VMwareTools-10.2.0...tar.gz,复制到桌面下,解压这么压缩文件到桌面下 ...

随机推荐

  1. 使用EntityFramework6连接MySql数据库-db first方式

    准备工具: VS2013.MySQL For VisualStudio 1.1.4.Connector/Net 6.8.3 程序包管理器执行命令: Install-Package EntityFram ...

  2. Elastic-Job开发指南(转)

    原文地址:http://dangdangdotcom.github.io/elastic-job/post/1.x/user_guide/ 开发指南 代码开发 作业类型 目前提供3种作业类型,分别是S ...

  3. HDU 6074 - Phone Call | 2017 Multi-University Training Contest 4

    看标程的代码这么短,看我的.... 难道是静态LCA模板太长了? /* HDU 6074 - Phone Call [ LCA,并查集 ] | 2017 Multi-University Traini ...

  4. (十八)链接数据库,QSqlTableModel

    QMYSQL——mysql QSQLITE——sqlite QOICQ——orcale 所需头文件 .pro增加 sql #include <QSqlDatabase> #include ...

  5. [Luogu] Mayan游戏

    https://www.luogu.org/problemnew/show/P1312 太恶心了 #include <cstdio> #include <algorithm> ...

  6. 【luoguP1991】 无线通讯网--最小生成树

    题目描述 国防部计划用无线网络连接若干个边防哨所.2 种不同的通讯技术用来搭建无线网络: 每个边防哨所都要配备无线电收发器:有一些哨所还可以增配卫星电话. 任意两个配备了一条卫星电话线路的哨所(两边都 ...

  7. 早停!? earlystopping for keras

    为了获得性能良好的神经网络,网络定型过程中需要进行许多关于所用设置(超参数)的决策.超参数之一是定型周期(epoch)的数量:亦即应当完整遍历数据集多少次(一次为一个epoch)?如果epoch数量太 ...

  8. js监听页面标签切换

    var OriginTitile = document.title, titleTime; document.addEventListener('visibilitychange', function ...

  9. selenium-爬取小说

    selenium-爬取小说 1 import requests 2 from bs4 import BeautifulSoup 3 import sys 4 from selenium import ...

  10. FatMouse's Speed

    J - FatMouse's Speed DP的题写得多了慢慢也有了思路,虽然也还只是很简单的DP. 因为需要输出所有选择的老鼠,所以刚开始的时候想利用状态压缩来储存所选择的老鼠,后面才发现n太大1& ...