centos7 httpd配置
centos7 httpd配置
标签(空格分隔): 未分类
隐藏server信息
修改httpd.conf 设置,添加如下两行
ServerSignature Off
ServerTokens Prod
开启长连接
KeepAlive on
KeepAliveTimeout 60 #超时时间
MaxKeepAliveRequests 100 #超时时间内达到100个请求也将断开连接
启用文件压缩配置
在conf.d目录下新建配置文件compress.conf
SetOutputFilter DEFLATE
# mod_deflate configuration
# Restrict compression to these MIME types
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/css
# Level of compression (Highest 9 - Lowest 1)
DeflateCompressionLevel 9
# Netscape 4.x has some problems.
BrowserMatch ^Mozilla/4 gzip-only-text/html
# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4\.0[678] no-gzip
# MSIE masquerades as Netscape, but it is fine
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
httpd内置状态页面
在conf.d目录下编辑httpd-info.conf
<Location /server-status>
SetHandler server-status
require all denied
Require ip 172.16.138.1
</Location>
extendedstatus on
配置https
安装mod_ssl模块
yum install mod_ssl -y
在conf.d目录下编辑ssl.conf
Listen 443
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLHonorCipherOrder on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/usr/local/httpd/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost _default_:443>
DocumentRoot "/usr/local/httpd/htdocs"
ServerName www.example.com:443
ServerAdmin you@example.com
ErrorLog "/usr/local/httpd/logs/error_log"
TransferLog "/usr/local/httpd/logs/access_log"
SSLEngine on
SSLCertificateFile "/usr/local/httpd/conf/server.crt"
SSLCertificateKeyFile "/usr/local/httpd/conf/server.key"
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt #购买证书需修改此处配置
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt #自建证书修改配置
#修改上面四行的证书文件路径,
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/httpd/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
配置http强制跳转https
在主配置文件中添加如下字段
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
强制301重定向到https
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R=301,L]
</IfModule>
引用:https://blog.csdn.net/ithomer/article/details/78986266
配置basic访问验证
<Directory "/var/www/html">
Options Indexes FollowSymLinks #允许索引,和链接文件
AllowOverride None
authtype basic #认证类型
authname "test" #浏览器弹框提示信息
authuserfile /etc/httpd/.htpass #认证用户文件
#authgroupfile /etc/httpd/allow.group #认证组文件
#require group test
require valid-user #所有userfile文件的用户都可以访问
#require user user1 user2 #user1 user2 可以访问
</Directory>
htpasswd -m -c /etc/httpd/.htpass tom 添加验证用户 #-c创建用户文件
组文件
mygroup: bob joe anne
配置digest访问验证
<Directory "/var/www/html">
Options Indexes FollowSymLinks #允许索引,和链接文件
AllowOverride None
authtype digest
authname "digest test"
authdigestprovider file
authuserfile /etc/httpd/.htpass
require valid-user
</Directory>
require valid-user #所有userfile文件的用户都可以访问
</Directory>
创建用户文件
htdigest -c /etc/httpd/.htpass "digest test" tom #此处引号中内容需要与authname定义内容相同
虚拟主机配置
基于主机名的虚拟主机,在conf.d目录下编辑配置文件vhost-servername.conf
<VirtualHost *:80>
DocumentRoot "/data/vhost1/"
<Directory "/data/vhost1">
<requireall>
require all granted
</requireall>
</Directory>
ServerName a.test.com
ServerAlias www.dummy-host.example.com
ErrorLog "logs/vhost.-error_log"
CustomLog "logs/vhost-access_log" common
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/data/vhost2"
<Directory "/data/vhost2">
<requireall>
require all granted
</requireall>
</Directory>
ServerName b.test.com
ErrorLog "logs/vhost2-error_log"
CustomLog "logs/vhost2-access_log" common
</VirtualHost>
基于端口的虚拟主机,在conf.d目录下编辑配置文件vhost-port.conf
listen 80
listen 8080
<VirtualHost *:8080>
DocumentRoot "/data/vhost1/"
<Directory "/data/vhost1">
<requireall>
require all granted
</requireall>
</Directory>
ServerName a.test.com
ServerAlias www.dummy-host.example.com
ErrorLog "logs/vhost.-error_log"
CustomLog "logs/vhost-access_log" common
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/data/vhost2"
<Directory "/data/vhost2">
<requireall>
require all granted
</requireall>
</Directory>
ServerName b.test.com
ErrorLog "logs/vhost2-error_log"
CustomLog "logs/vhost2-access_log" common
</VirtualHost>
基于IP的虚拟主机,在conf.d目录下编辑配置文件vhost-ip.conf
listen 80
<VirtualHost 192.168.0.100:80>
DocumentRoot "/data/vhost1/"
<Directory "/data/vhost1">
<requireall>
require all granted
</requireall>
</Directory>
ServerName a.test.com
ServerAlias www.dummy-host.example.com
ErrorLog "logs/vhost.-error_log"
CustomLog "logs/vhost-access_log" common
</VirtualHost>
<VirtualHost 192.168.0.200:80>
DocumentRoot "/data/vhost2"
<Directory "/data/vhost2">
<requireall>
require all granted
</requireall>
</Directory>
ServerName b.test.com
ErrorLog "logs/vhost2-error_log"
CustomLog "logs/vhost2-access_log" common
</VirtualHost>
反向代理
在主配置文件中或者虚拟主机中添加如下字段
ProxyRequests off
#<Proxy />
# Order deny,allow
# Allow from all
#</Proxy>
ProxyPass / http://172.16.138.129
ProxyPassReverse / http://172.16.138.129
设置反向代理后端服务器日志记录真实IP地址
在代理服务器配置中添加如下配置
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 172.16.138.129 #此处地址为后端服务器地址
后端服务器日志格式修改
默认格式为:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
修改为:
LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
参考:https://blog.csdn.net/qq_22227087/article/details/91519602
日志字段说明
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
%h:客户端IP地址;
%l:Remote User, 通常为一个减号(“-”);
%u:Remote user (from auth; may be bogus if return status (%s) is 401);非为登录访问时,其为一个减号;
%t:服务器收到请求时的时间;
%r:First line of request,即表示请求报文的首行;记录了此次请求的“方法”,“URL”以及协议版本;
%>s:响应状态码;
%b:响应报文的大小,单位是字节;不包括响应报文的http首部;
%{Referer}i:请求报文中首部“referer”的值;即从哪个页面中的超链接跳转至当前页面的;
%{User-Agent}i:请求报文中首部“User-Agent”的值;即发出请求的应用程序;
在线文档说明
http://httpd.apache.org/docs/2.4/mod/mod_log_config.html#formats
centos7 httpd配置的更多相关文章
- Linux CentOS7 httpd 配置注释
本文首发:https://www.somata.work/2019/LinuxCentOShttpdConfigComment.html 如果没看懂可以去看看官方发布的文档 apache官方文档 co ...
- CentOS7安装配置Apache HTTP Server
RPM安装httpd 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 # yum -yinstall http ...
- Centos7安装配置Apache+PHP+Mysql+phpmyadmin
转载自: Centos7安装配置Apache+PHP+Mysql+phpmyadmin 一.安装Apache yum install httpd 安装成功后,Apache操作命令: systemctl ...
- Centos7网络配置,vsftpd安装及530报错解决
今天在虚拟机安装CentOS7,准备全新安装LTMP,结果又是一堆问题,不过正好因为这些出错,又给自己长了见识. 1,CentOS7网络配置 最小化安装CentOs7后,ifconfig提示comma ...
- Centos7安装配置gitlab
Centos7安装配置gitlab 这篇文字我会介绍在Centos7上安装gitlab,配置gitlab的smtp,并且创建项目demo. sudo yum install openssh-serve ...
- VMware中安装CentOS7网络配置静态IP地址,常用配置和工具安装
VMware中安装CentOS7网络配置静态IP地址,常用配置和工具安装在阿里云开源镜像地址下载镜像Index of /centos/7.2.1511/isos/x86_64/http://mirro ...
- centos7初步配置
centos7初步配置 首先安装lrzsz zip/unzip yum -y install lrzsz yum -y install zip unzip 安装vim yum install vim* ...
- centos7网络配置总结
centos7网络配置 --wang 一.通过配置文件 配置/etc/sysconfig/network-scripts/en.. 记忆信息量大,易出错,不推荐使用.配置多台电脑静态ip可以通过复制模 ...
- CentOS7基本配置一
CentOS7基本配置一 安装VMwareTools 1.点击重新安装VM-tool, 继而找到压缩文件VMwareTools-10.2.0...tar.gz,复制到桌面下,解压这么压缩文件到桌面下 ...
随机推荐
- [唐胡璐]Selenium技巧- IE浏览器Zoom和Protected Model Setting
Selenium Webdriver在IE下跑脚本的时候要保证页面大小为100%,且要在IE internet options, selectSecurity tab and uncheck “Ena ...
- Java 显示调用隐式调用
当你没有使用父类默认的构造方法时,此时在子类的构造方法中就需要显示的调用父类定义的构造方法.比如:父类:class Animal{ private String name; //如果你定义一个新的构造 ...
- CF732D Exams 二分 贪心
思路:二分+贪心 提交次数:10次以上 错因:刚开始以为二分(边界,$+1or-1$)写错了,调了半天,后来才发现是$ck()$写错了.开始只判了最后是否小于零,而应该中间一旦小于零就$return\ ...
- python-解决pip安装速度慢的问题--豆瓣镜像
https://www.cnblogs.com/ZhangRuoXu/p/6370107.html https://blog.csdn.net/tianguiyuyu/article/details/ ...
- 转载像元素周期表一样的html5的标签图集
转载请注明出处. HTML5标签集合
- [bat]删除文件
删除文件 del /f /s /q D:\HRG\NEW_Vn\CSV\*.meta 删除空文件夹 只能先删完文件夹中的文件,再删除空文件夹 rd /s /q D:\HRG\NEW_Vn\CSV\ 脚 ...
- Codeforces 808 E. Selling Souvenirs(三分)
E. Selling Souvenirs 题意: n件物品,有重量和价值,重量只有三种1,2,3.问取不超过m重量的物品的价值总和最大是多少.(n<=1e5,w<=3e5) 思路: n*w ...
- 关于kafka定期清理日志后再消费报错kafka.common.OffsetOutOfRangeException的解决
环境: kafka 0.10 spark 2.1.0 zookeeper 3.4.5-cdh5.14.0 公司阿里云测试机,十月一放假前,没有在继续消费,假期过后回来再使用spark strea ...
- layer是一款近年来备受青睐的web弹层组件
layer.closeAll(); //疯狂模式,关闭所有层 layer.closeAll('dialog'); //关闭信息框 layer.closeAll('page'); //关闭所有页面层 l ...
- nginx的ngx_str_t
在nginx里的ngx_tr_t结构是字符串定义如下 typedef struct { size_t len; u_char *data; }ngx_str_t; 在给这样的结构体赋值的时候,ngin ...