centos7 httpd配置

标签(空格分隔): 未分类

隐藏server信息

修改httpd.conf 设置,添加如下两行

ServerSignature Off

ServerTokens Prod

开启长连接

KeepAlive on

KeepAliveTimeout 60      #超时时间

MaxKeepAliveRequests 100   #超时时间内达到100个请求也将断开连接

启用文件压缩配置

在conf.d目录下新建配置文件compress.conf

	SetOutputFilter DEFLATE

    # mod_deflate configuration

	# Restrict compression to these MIME types

	AddOutputFilterByType DEFLATE text/plain

	AddOutputFilterByType DEFLATE text/html

	AddOutputFilterByType DEFLATE application/xhtml+xml

	AddOutputFilterByType DEFLATE text/xml

	AddOutputFilterByType DEFLATE application/xml

	AddOutputFilterByType DEFLATE application/x-javascript

	AddOutputFilterByType DEFLATE text/javascript

	AddOutputFilterByType DEFLATE text/css

	# Level of compression (Highest 9 - Lowest 1)

	DeflateCompressionLevel 9

	# Netscape 4.x has some problems.

	BrowserMatch ^Mozilla/4  gzip-only-text/html

	# Netscape 4.06-4.08 have some more problems

	BrowserMatch  ^Mozilla/4\.0[678]  no-gzip

	# MSIE masquerades as Netscape, but it is fine

	BrowserMatch \bMSI[E]  !no-gzip !gzip-only-text/html

httpd内置状态页面

在conf.d目录下编辑httpd-info.conf

<Location /server-status>

    SetHandler server-status

    require all denied

    Require ip 172.16.138.1

</Location>

extendedstatus on

配置https

安装mod_ssl模块

yum install mod_ssl -y

在conf.d目录下编辑ssl.conf

Listen 443

SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES

SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES

SSLHonorCipherOrder on 

SSLProtocol all -SSLv3

SSLProxyProtocol all -SSLv3

SSLPassPhraseDialog  builtin

SSLSessionCache        "shmcb:/usr/local/httpd/logs/ssl_scache(512000)"

SSLSessionCacheTimeout  300

<VirtualHost _default_:443>

DocumentRoot "/usr/local/httpd/htdocs"

ServerName www.example.com:443

ServerAdmin you@example.com

ErrorLog "/usr/local/httpd/logs/error_log"

TransferLog "/usr/local/httpd/logs/access_log"

SSLEngine on

SSLCertificateFile "/usr/local/httpd/conf/server.crt"

SSLCertificateKeyFile "/usr/local/httpd/conf/server.key"

#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt  #购买证书需修改此处配置

#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt  #自建证书修改配置

#修改上面四行的证书文件路径,

<FilesMatch "\.(cgi|shtml|phtml|php)$">

    SSLOptions +StdEnvVars

</FilesMatch>

<Directory "/usr/local/httpd/cgi-bin">

    SSLOptions +StdEnvVars

</Directory>

配置http强制跳转https

在主配置文件中添加如下字段

RewriteEngine On

RewriteCond %{HTTPS} !=on

RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

强制301重定向到https

<IfModule mod_rewrite.c>

RewriteEngine on

RewriteBase /

RewriteCond %{SERVER_PORT} !^443$

RewriteRule (.*) https://%{SERVER_NAME}/$1 [R=301,L]

</IfModule>

引用:https://blog.csdn.net/ithomer/article/details/78986266

配置basic访问验证

<Directory "/var/www/html">

 Options Indexes FollowSymLinks  #允许索引,和链接文件

 AllowOverride None

 authtype basic   #认证类型

 authname "test"   #浏览器弹框提示信息

 authuserfile /etc/httpd/.htpass   #认证用户文件

 #authgroupfile /etc/httpd/allow.group  #认证组文件

 #require group test

 require valid-user  #所有userfile文件的用户都可以访问

 #require user user1 user2  #user1 user2 可以访问

</Directory>

htpasswd -m -c /etc/httpd/.htpass tom 添加验证用户   #-c创建用户文件

组文件

mygroup: bob joe anne

配置digest访问验证

<Directory "/var/www/html">

 Options Indexes FollowSymLinks  #允许索引,和链接文件

 AllowOverride None

 authtype digest

 authname "digest test"

 authdigestprovider file

 authuserfile /etc/httpd/.htpass

 require valid-user

</Directory>

 require valid-user  #所有userfile文件的用户都可以访问 

</Directory>

创建用户文件

htdigest -c /etc/httpd/.htpass "digest test" tom #此处引号中内容需要与authname定义内容相同

虚拟主机配置

基于主机名的虚拟主机,在conf.d目录下编辑配置文件vhost-servername.conf

<VirtualHost *:80>

    DocumentRoot "/data/vhost1/"

    <Directory "/data/vhost1">

        <requireall>

                require all granted

        </requireall>

    </Directory>

    ServerName a.test.com

    ServerAlias www.dummy-host.example.com

    ErrorLog "logs/vhost.-error_log"

    CustomLog "logs/vhost-access_log" common

</VirtualHost>

<VirtualHost *:80>

    DocumentRoot "/data/vhost2"

        <Directory "/data/vhost2">

                <requireall>

                        require all granted

                </requireall>

        </Directory>

    ServerName b.test.com

    ErrorLog "logs/vhost2-error_log"

    CustomLog "logs/vhost2-access_log" common

</VirtualHost>

基于端口的虚拟主机,在conf.d目录下编辑配置文件vhost-port.conf

listen 80

listen 8080

<VirtualHost *:8080>

    DocumentRoot "/data/vhost1/"

    <Directory "/data/vhost1">

        <requireall>

                require all granted

        </requireall>

    </Directory>

    ServerName a.test.com

    ServerAlias www.dummy-host.example.com

    ErrorLog "logs/vhost.-error_log"

    CustomLog "logs/vhost-access_log" common

</VirtualHost>

<VirtualHost *:80>

    DocumentRoot "/data/vhost2"

        <Directory "/data/vhost2">

                <requireall>

                        require all granted

                </requireall>

        </Directory>

    ServerName b.test.com

    ErrorLog "logs/vhost2-error_log"

    CustomLog "logs/vhost2-access_log" common

</VirtualHost>

基于IP的虚拟主机,在conf.d目录下编辑配置文件vhost-ip.conf

listen 80

<VirtualHost 192.168.0.100:80>

    DocumentRoot "/data/vhost1/"

    <Directory "/data/vhost1">

        <requireall>

                require all granted

        </requireall>

    </Directory>

    ServerName a.test.com

    ServerAlias www.dummy-host.example.com

    ErrorLog "logs/vhost.-error_log"

    CustomLog "logs/vhost-access_log" common

</VirtualHost>

<VirtualHost 192.168.0.200:80>

    DocumentRoot "/data/vhost2"

        <Directory "/data/vhost2">

                <requireall>

                        require all granted

                </requireall>

        </Directory>

    ServerName b.test.com

    ErrorLog "logs/vhost2-error_log"

    CustomLog "logs/vhost2-access_log" common

</VirtualHost>

反向代理

在主配置文件中或者虚拟主机中添加如下字段

ProxyRequests off

#<Proxy />

#    Order deny,allow

#    Allow from all

#</Proxy>

ProxyPass / http://172.16.138.129

ProxyPassReverse / http://172.16.138.129

设置反向代理后端服务器日志记录真实IP地址

在代理服务器配置中添加如下配置

RemoteIPHeader X-Forwarded-For

RemoteIPTrustedProxy 172.16.138.129    #此处地址为后端服务器地址

后端服务器日志格式修改

默认格式为:

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

修改为:

LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

参考:https://blog.csdn.net/qq_22227087/article/details/91519602

日志字段说明

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined


%h:客户端IP地址;

%l:Remote User, 通常为一个减号(“-”);

%u:Remote user (from auth; may be bogus if return status (%s) is 401);非为登录访问时,其为一个减号;

%t:服务器收到请求时的时间;

%r:First line of request,即表示请求报文的首行;记录了此次请求的“方法”,“URL”以及协议版本;

%>s:响应状态码;

%b:响应报文的大小,单位是字节;不包括响应报文的http首部;

%{Referer}i:请求报文中首部“referer”的值;即从哪个页面中的超链接跳转至当前页面的;

%{User-Agent}i:请求报文中首部“User-Agent”的值;即发出请求的应用程序;

在线文档说明

http://httpd.apache.org/docs/2.4/mod/mod_log_config.html#formats

centos7 httpd配置的更多相关文章

  1. Linux CentOS7 httpd 配置注释

    本文首发:https://www.somata.work/2019/LinuxCentOShttpdConfigComment.html 如果没看懂可以去看看官方发布的文档 apache官方文档 co ...

  2. CentOS7安装配置Apache HTTP Server

    RPM安装httpd 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 # yum -yinstall http ...

  3. Centos7安装配置Apache+PHP+Mysql+phpmyadmin

    转载自: Centos7安装配置Apache+PHP+Mysql+phpmyadmin 一.安装Apache yum install httpd 安装成功后,Apache操作命令: systemctl ...

  4. Centos7网络配置,vsftpd安装及530报错解决

    今天在虚拟机安装CentOS7,准备全新安装LTMP,结果又是一堆问题,不过正好因为这些出错,又给自己长了见识. 1,CentOS7网络配置 最小化安装CentOs7后,ifconfig提示comma ...

  5. Centos7安装配置gitlab

    Centos7安装配置gitlab 这篇文字我会介绍在Centos7上安装gitlab,配置gitlab的smtp,并且创建项目demo. sudo yum install openssh-serve ...

  6. VMware中安装CentOS7网络配置静态IP地址,常用配置和工具安装

    VMware中安装CentOS7网络配置静态IP地址,常用配置和工具安装在阿里云开源镜像地址下载镜像Index of /centos/7.2.1511/isos/x86_64/http://mirro ...

  7. centos7初步配置

    centos7初步配置 首先安装lrzsz zip/unzip yum -y install lrzsz yum -y install zip unzip 安装vim yum install vim* ...

  8. centos7网络配置总结

    centos7网络配置 --wang 一.通过配置文件 配置/etc/sysconfig/network-scripts/en.. 记忆信息量大,易出错,不推荐使用.配置多台电脑静态ip可以通过复制模 ...

  9. CentOS7基本配置一

    CentOS7基本配置一 安装VMwareTools 1.点击重新安装VM-tool, 继而找到压缩文件VMwareTools-10.2.0...tar.gz,复制到桌面下,解压这么压缩文件到桌面下 ...

随机推荐

  1. hbase实践之写流程

    内容提要 一.写入流程 初始化ZooKeeper Session,建立长连接,获取META Region的地址. 获取rowkey对应的Region路由信息:来自.meta. 写入region 如何快 ...

  2. Python3-def

    def hello(): print("这是一个无参数的方法!") hello(); print("") def helloOne(str): print(st ...

  3. Codeforces Round #586 (Div. 1 + Div. 2) A. Cards

    链接: https://codeforces.com/contest/1220/problem/A 题意: When Serezha was three years old, he was given ...

  4. Java日期工具类DateUtils详解(转)

    jar包 appache下的 common-lang3 一. 对指定的日期新增年.月.周.日.小时.分钟.秒.毫秒 public static Date addDays(Date date, int ...

  5. Redis:RedisHelper(5)

    /// <summary> /// Redis 助手 /// </summary> public class RedisHelper { /// <summary> ...

  6. python计算余弦复杂度

    import numpy as np from sklearn.metrics.pairwise import cosine_similarity a = np.array([1, 2, 3, 4]) ...

  7. 乱搞 - LCT求LCA

    神犇学弟说LCA要用LCT求,于是我就听他的话写了一个LCT~ Code: #include <bits/stdc++.h> #define N 500005 #define lson t ...

  8. hdu 4998 Rotate 点的旋转 银牌题

    Rotate Time Limit: 2000/1000 MS (Java/Others)    Memory Limit: 65536/65536 K (Java/Others)Total Subm ...

  9. 【线性代数】2-6:三角矩阵( $A=LU$ and $A=LDU$ )

    title: [线性代数]2-6:三角矩阵( A=LUA=LUA=LU and A=LDUA=LDUA=LDU ) toc: true categories: Mathematic Linear Al ...

  10. Java的消息机制

    Java消息机制 1.问: 什么是 Java 消息服务?答: Java 消息服务(Java Message Service,JMS) API 是一个用于访问企业消息传递系统的 API.是 Java 2 ...