1 #
2 # This is the main Apache HTTP server configuration file. It contains the
3 # configuration directives(官方指示) that give the server its instructions(指示).
4 # See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
5 # In particular, see
6 # <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
7 # for a discussion of each configuration directive.
8 #
9 # Do NOT simply read the instructions in here without understanding
10 # what they do. They're here only as hints or reminders. If you are unsure
11 # consult the online docs. You have been warned.
12 #
13 # Configuration and logfile names: If the filenames you specify for many
14 # of the server's control files begin with "/" (or "drive:/" for Win32), the
15 # server will use that explicit path. If the filenames do *not* begin
16 # with "/", the value of ServerRoot is prepended -- so "logs/access_log"
17 # with ServerRoot set to "/usr/local/apache2" will be interpreted(理解) by the
18 # server as "/usr/local/apache2/logs/access_log", whereas(然而) "/logs/access_log"
19 # will be interpreted as '/logs/access_log'.
20
21 #
22 # ServerRoot: The top of the directory tree under which the server's
23 # configuration, error, and log files are kept.
24 #
25 # Do not add a slash at the end of the directory path. If you point
26 # ServerRoot at a non-local disk, be sure to specify a local disk on the
27 # Mutex(互斥) directive, if file-based mutexes are used. If you wish to share the
28 # same ServerRoot for multiple httpd daemons(守护进程), you will need to change at
29 # least PidFile.
30 #
31 ServerRoot "/usr/local/apache"
32
33 #
34 # Mutex: Allows you to set the mutex mechanism and mutex file directory
35 # for individual mutexes, or change the global defaults
36 #
37 # Uncomment and change the directory if mutexes are file-based and the default
38 # mutex file directory is not on a local disk or is not appropriate for some
39 # other reason.
40 #
41 # Mutex default:logs
42
43 #
44 # Listen: Allows you to bind Apache to specific IP addresses and/or
45 # ports, instead of the default. See also the <VirtualHost>
46 # directive.
47 #
48 # Change this to Listen on specific IP addresses as shown below to
49 # prevent Apache from glomming onto all bound IP addresses.
50 #
51 #Listen 12.34.56.78:80
52 Listen 39.106.30.67:80
53 Listen 80
54
55 #
56 # Dynamic Shared Object (DSO) Support
57 #
58 # To be able to use the functionality of a module which was built as a DSO you
59 # have to place corresponding `LoadModule' lines at this location so the
60 # directives contained in it are actually available _before_ they are used.
61 # Statically compiled modules (those listed by `httpd -l') do not need
62 # to be loaded here.
63 #
64 # Example:
65 # LoadModule foo_module modules/mod_foo.so
66 #
67 LoadModule authn_file_module modules/mod_authn_file.so
68 LoadModule authn_dbm_module modules/mod_authn_dbm.so
69 LoadModule authn_anon_module modules/mod_authn_anon.so
70 LoadModule authn_dbd_module modules/mod_authn_dbd.so
71 LoadModule authn_socache_module modules/mod_authn_socache.so
72 LoadModule authn_core_module modules/mod_authn_core.so
73 LoadModule authz_host_module modules/mod_authz_host.so
74 LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
75 LoadModule authz_user_module modules/mod_authz_user.so
76 LoadModule authz_dbm_module modules/mod_authz_dbm.so
77 LoadModule authz_owner_module modules/mod_authz_owner.so
78 LoadModule authz_dbd_module modules/mod_authz_dbd.so
79 LoadModule authz_core_module modules/mod_authz_core.so
80 LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so
81 LoadModule access_compat_module modules/mod_access_compat.so
82 LoadModule auth_basic_module modules/mod_auth_basic.so
83 LoadModule auth_form_module modules/mod_auth_form.so
84 LoadModule auth_digest_module modules/mod_auth_digest.so
85 #LoadModule allowmethods_module modules/mod_allowmethods.so
86 #LoadModule isapi_module modules/mod_isapi.so
87 #LoadModule file_cache_module modules/mod_file_cache.so
88 LoadModule cache_module modules/mod_cache.so
89 #LoadModule cache_disk_module modules/mod_cache_disk.so
90 LoadModule cache_socache_module modules/mod_cache_socache.so
91 LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
92 LoadModule socache_dbm_module modules/mod_socache_dbm.so
93 LoadModule socache_memcache_module modules/mod_socache_memcache.so
94 #LoadModule watchdog_module modules/mod_watchdog.so
95 #LoadModule macro_module modules/mod_macro.so
96 #LoadModule dbd_module modules/mod_dbd.so
97 #LoadModule bucketeer_module modules/mod_bucketeer.so
98 #LoadModule dumpio_module modules/mod_dumpio.so
99 LoadModule echo_module modules/mod_echo.so
100 #LoadModule example_hooks_module modules/mod_example_hooks.so
101 LoadModule case_filter_module modules/mod_case_filter.so
102 LoadModule case_filter_in_module modules/mod_case_filter_in.so
103 #LoadModule example_ipc_module modules/mod_example_ipc.so
104 LoadModule buffer_module modules/mod_buffer.so
105 LoadModule data_module modules/mod_data.so
106 LoadModule ratelimit_module modules/mod_ratelimit.so
107 LoadModule reqtimeout_module modules/mod_reqtimeout.so
108 LoadModule ext_filter_module modules/mod_ext_filter.so
109 LoadModule request_module modules/mod_request.so
110 LoadModule include_module modules/mod_include.so
111 LoadModule filter_module modules/mod_filter.so
112 LoadModule reflector_module modules/mod_reflector.so
113 LoadModule substitute_module modules/mod_substitute.so
114 LoadModule sed_module modules/mod_sed.so
115 LoadModule charset_lite_module modules/mod_charset_lite.so
116 LoadModule deflate_module modules/mod_deflate.so
117 LoadModule xml2enc_module modules/mod_xml2enc.so
118 LoadModule proxy_html_module modules/mod_proxy_html.so
119 LoadModule mime_module modules/mod_mime.so
120 LoadModule log_config_module modules/mod_log_config.so
121 #LoadModule log_debug_module modules/mod_log_debug.so
122 #LoadModule log_forensic_module modules/mod_log_forensic.so
123 #LoadModule logio_module modules/mod_logio.so
124 LoadModule env_module modules/mod_env.so
125 #LoadModule mime_magic_module modules/mod_mime_magic.so
126 #LoadModule cern_meta_module modules/mod_cern_meta.so
127 LoadModule expires_module modules/mod_expires.so
128 LoadModule headers_module modules/mod_headers.so
129 #LoadModule ident_module modules/mod_ident.so
130 #LoadModule usertrack_module modules/mod_usertrack.so
131 #LoadModule unique_id_module modules/mod_unique_id.so
132 LoadModule setenvif_module modules/mod_setenvif.so
133 LoadModule version_module modules/mod_version.so
134 #LoadModule remoteip_module modules/mod_remoteip.so
135 LoadModule proxy_module modules/mod_proxy.so
136 LoadModule proxy_connect_module modules/mod_proxy_connect.so
137 LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
138 LoadModule proxy_http_module modules/mod_proxy_http.so
139 LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
140 LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
141 #LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
142 #LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
143 #LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
144 #LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
145 #LoadModule proxy_express_module modules/mod_proxy_express.so
146 #LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so
147 LoadModule session_module modules/mod_session.so
148 LoadModule session_cookie_module modules/mod_session_cookie.so
149 #LoadModule session_dbd_module modules/mod_session_dbd.so
150 #LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
151 #LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
152 LoadModule ssl_module modules/mod_ssl.so
153 #LoadModule optional_hook_export_module modules/mod_optional_hook_export.so
154 #LoadModule optional_hook_import_module modules/mod_optional_hook_import.so
155 #LoadModule optional_fn_import_module modules/mod_optional_fn_import.so
156 #LoadModule optional_fn_export_module modules/mod_optional_fn_export.so
157 #LoadModule dialup_module modules/mod_dialup.so
158 LoadModule http2_module modules/mod_http2.so
159 LoadModule proxy_http2_module modules/mod_proxy_http2.so
160 #LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
161 #LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
162 #LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
163 #LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
164 LoadModule unixd_module modules/mod_unixd.so
165 #LoadModule heartbeat_module modules/mod_heartbeat.so
166 #LoadModule heartmonitor_module modules/mod_heartmonitor.so
167 LoadModule dav_module modules/mod_dav.so
168 LoadModule status_module modules/mod_status.so
169 LoadModule autoindex_module modules/mod_autoindex.so
170 #LoadModule asis_module modules/mod_asis.so
171 LoadModule info_module modules/mod_info.so
172 LoadModule suexec_module modules/mod_suexec.so
173 <IfModule !mpm_prefork_module>
174 #LoadModule cgid_module modules/mod_cgid.so
175 </IfModule>
176 <IfModule mpm_prefork_module>
177 #LoadModule cgi_module modules/mod_cgi.so
178 </IfModule>
179 LoadModule dav_fs_module modules/mod_dav_fs.so
180 LoadModule dav_lock_module modules/mod_dav_lock.so
181 LoadModule vhost_alias_module modules/mod_vhost_alias.so
182 #LoadModule negotiation_module modules/mod_negotiation.so
183 LoadModule dir_module modules/mod_dir.so
184 #LoadModule imagemap_module modules/mod_imagemap.so
185 LoadModule actions_module modules/mod_actions.so
186 LoadModule speling_module modules/mod_speling.so
187 LoadModule userdir_module modules/mod_userdir.so
188 LoadModule alias_module modules/mod_alias.so
189 LoadModule rewrite_module modules/mod_rewrite.so
190 #LoadModule php5_module modules/libphp5.so
191 LoadModule php7_module modules/libphp7.so
192 PHPIniDir /usr/local/php7/etc
193
194 <IfModule unixd_module>
195 #
196 # If you wish httpd to run as a different user or group, you must run
197 # httpd as root initially and it will switch.
198 #
199 # User/Group: The name (or #number) of the user/group to run httpd as.
200 # It is usually good practice to create a dedicated user and group for
201 # running httpd, as with most system services.
202 #
203 User apache
204 Group apache
205
206 </IfModule>
207
208 # 'Main' server configuration
209 #
210 # The directives in this section set up the values used by the 'main'
211 # server, which responds to any requests that aren't handled by a
212 # <VirtualHost> definition. These values also provide defaults for
213 # any <VirtualHost> containers you may define later in the file.
214 #
215 # All of these directives may appear inside <VirtualHost> containers,
216 # in which case these default settings will be overridden for the
217 # virtual host being defined.
218 #
219
220 #
221 # ServerAdmin: Your address, where problems with the server should be
222 # e-mailed. This address appears on some server-generated pages, such
223 # as error documents. e.g. admin@your-domain.com
224 #
225 #ServerAdmin admin@localhost
226 ServerAdmin 284053253@qq.com
227
228 #
229 # ServerName gives the name and port that the server uses to identify itself.
230 # This can often be determined automatically, but we recommend you specify
231 # it explicitly to prevent problems during startup.
232 #
233 # If your host doesn't have a registered DNS name, enter its IP address here.
234 #
235 ServerName 0.0.0.0:80
236
237 #
238 # Deny access to the entirety of your server's filesystem. You must
239 # explicitly permit access to web content directories in other
240 # <Directory> blocks below.
241 #
242 <Directory />
243 AllowOverride none
244 #Require all denied
245 </Directory>
246
247 #
248 # Note that from this point forward you must specifically allow
249 # particular features to be enabled - so if something's not working as
250 # you might expect, make sure that you have specifically enabled it
251 # below.
252 #
253
254 #
255 # DocumentRoot: The directory out of which you will serve your
256 # documents. By default, all requests are taken from this directory, but
257 # symbolic links and aliases may be used to point to other locations.
258 #
259 DocumentRoot "/data/www/default"
260 <Directory "/data/www/default">
261 #
262 # Possible values for the Options directive are "None", "All",
263 # or any combination of:
264 # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
265 #
266 # Note that "MultiViews" must be named *explicitly* --- "Options All"
267 # doesn't give it to you.
268 #
269 # The Options directive is both complicated and important. Please see
270 # http://httpd.apache.org/docs/2.4/mod/core.html#options
271 # for more information.
272 #
273 Options Indexes FollowSymLinks
274
275 #
276 # AllowOverride controls what directives may be placed in .htaccess files.
277 # It can be "All", "None", or any combination of the keywords:
278 # AllowOverride FileInfo AuthConfig Limit
279 #
280 AllowOverride None
281
282 #
283 # Controls who can get stuff from this server.
284 #
285 #Require all granted
286 </Directory>
287
288 #
289 # DirectoryIndex: sets the file that Apache will serve if a directory
290 # is requested.
291 #
292 <IfModule dir_module>
293 DirectoryIndex index.html index.php
294 </IfModule>
295
296 #
297 # The following lines prevent .htaccess and .htpasswd files from being
298 # viewed by Web clients.
299 #
300 <Files ".ht*">
301 #Require all denied
302 </Files>
303
304 #
305 # ErrorLog: The location of the error log file.
306 # If you do not specify an ErrorLog directive within a <VirtualHost>
307 # container, error messages relating to that virtual host will be
308 # logged here. If you *do* define an error logfile for a <VirtualHost>
309 # container, that host's errors will be logged there and not here.
310 #
311 ErrorLog "logs/error_log"
312
313 #
314 # LogLevel: Control the number of messages logged to the error_log.
315 # Possible values include: debug, info, notice, warn, error, crit,
316 # alert, emerg.
317 #
318 LogLevel warn
319
320 <IfModule log_config_module>
321 #
322 # The following directives define some format nicknames for use with
323 # a CustomLog directive (see below).
324 #
325 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
326 LogFormat "%h %l %u %t \"%r\" %>s %b" common
327
328 <IfModule logio_module>
329 # You need to enable mod_logio.c to use %I and %O
330 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
331 </IfModule>
332
333 #
334 # The location and format of the access logfile (Common Logfile Format).
335 # If you do not define any access logfiles within a <VirtualHost>
336 # container, they will be logged here. Contrariwise(反之), if you *do*
337 # define per-<VirtualHost> access logfiles, transactions will be
338 # logged therein and *not* in this file.
339 #
340 CustomLog "logs/access_log" common
341
342 #
343 # If you prefer a logfile with access, agent, and referer information
344 # (Combined Logfile Format) you can use the following directive.
345 #
346 #CustomLog "logs/access_log" combined
347 </IfModule>
348
349 <IfModule alias_module>
350 #
351 # Redirect: Allows you to tell clients about documents that used to
352 # exist in your server's namespace, but do not anymore. The client
353 # will make a new request for the document at its new location.
354 # Example:
355 # Redirect permanent /foo http://www.example.com/bar
356
357 #
358 # Alias: Maps web paths into filesystem paths and is used to
359 # access content that does not live under the DocumentRoot.
360 # Example:
361 # Alias /webpath /full/filesystem/path
362 #
363 # If you include a trailing / on /webpath then the server will
364 # require it to be present in the URL. You will also likely
365 # need to provide a <Directory> section to allow access to
366 # the filesystem path.
367
368 #
369 # ScriptAlias: This controls which directories contain server scripts.
370 # ScriptAliases are essentially the same as Aliases, except that
371 # documents in the target directory are treated as applications and
372 # run by the server when requested rather than as documents sent to the
373 # client. The same rules about trailing "/" apply to ScriptAlias
374 # directives as to Alias.
375 #
376 ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"
377
378 </IfModule>
379
380 <IfModule cgid_module>
381 #
382 # ScriptSock: On threaded servers, designate(指派) the path to the UNIX
383 # socket used to communicate with the CGI daemon of mod_cgid.
384 #
385 #Scriptsock cgisock
386 </IfModule>
387
388 #
389 # "/usr/local/apache/cgi-bin" should be changed to whatever your ScriptAliased
390 # CGI directory exists, if you have that configured.
391 #
392 <Directory "/usr/local/apache/cgi-bin">
393 AllowOverride None
394 Options None
395 Require all granted
396 </Directory>
397
398 <IfModule headers_module>
399 #
400 # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
401 # backend servers which have lingering(拖延) "httpoxy" defects.
402 # 'Proxy' request header is undefined by the IETF, not listed by IANA
403 #
404 RequestHeader unset Proxy early
405 </IfModule>
406
407 <IfModule mime_module>
408 #
409 # TypesConfig points to the file containing the list of mappings from
410 # filename extension to MIME-type.
411 #
412 TypesConfig conf/mime.types
413
414 #
415 # AddType allows you to add to or override the MIME configuration
416 # file specified in TypesConfig for specific file types.
417 #
418 #AddType application/x-gzip .tgz
419 #
420 # AddEncoding allows you to have certain browsers uncompress
421 # information on the fly. Note: Not all browsers support this.
422 #
423 #AddEncoding x-compress .Z
424 #AddEncoding x-gzip .gz .tgz
425 #
426 # If the AddEncoding directives above are commented-out, then you
427 # probably should define those extensions to indicate media types:
428 #
429 AddType application/x-compress .Z
430 AddType application/x-httpd-php .php .phtml
431 AddType appication/x-httpd-php-source .phps
432 AddType application/x-gzip .gz .tgz
433
434 #
435 # AddHandler allows you to map certain file extensions to "handlers":
436 # actions unrelated to filetype. These can be either built into the server
437 # or added with the Action directive (see below)
438 #
439 # To use CGI scripts outside of ScriptAliased directories:
440 # (You will also need to add "ExecCGI" to the "Options" directive.)
441 #
442 #AddHandler cgi-script .cgi
443
444 # For type maps (negotiated resources):
445 #AddHandler type-map var
446
447 #
448 # Filters allow you to process content before it is sent to the client.
449 #
450 # To parse .shtml files for server-side includes (SSI):
451 # (You will also need to add "Includes" to the "Options" directive.)
452 #
453 #AddType text/html .shtml
454 #AddOutputFilter INCLUDES .shtml
455 </IfModule>
456
457 #
458 # The mod_mime_magic module allows the server to use various hints from the
459 # contents of the file itself to determine its type. The MIMEMagicFile
460 # directive tells the module where the hint definitions are located.
461 #
462 #MIMEMagicFile conf/magic
463
464 #
465 # Customizable error responses come in three flavors:
466 # 1) plain text 2) local redirects 3) external redirects
467 #
468 # Some examples:
469 #ErrorDocument 500 "The server made a boo boo."
470 #ErrorDocument 404 /missing.html
471 #ErrorDocument 404 "/cgi-bin/missing_handler.pl"
472 #ErrorDocument 402 http://www.example.com/subscription_info.html
473 #
474
475 #
476 # MaxRanges: Maximum number of Ranges in a request before
477 # returning the entire resource, or one of the special
478 # values 'default', 'none' or 'unlimited'.
479 # Default setting is to accept 200 Ranges.
480 #MaxRanges unlimited
481
482 #
483 # EnableMMAP and EnableSendfile: On systems that support it,
484 # memory-mapping or the sendfile syscall may be used to deliver
485 # files. This usually improves server performance, but must
486 # be turned off when serving from networked-mounted
487 # filesystems or if support for these functions is otherwise
488 # broken on your system.
489 # Defaults: EnableMMAP On, EnableSendfile Off
490 #
491 #EnableMMAP off
492 #EnableSendfile on
493
494 # Supplemental configuration
495 #
496 # The configuration files in the conf/extra/ directory can be
497 # included to add extra features or to modify the default configuration of
498 # the server, or you may simply copy their contents here and change as
499 # necessary.
500
501 # Server-pool management (MPM specific)
502 #Include conf/extra/httpd-mpm.conf
503
504 # Multi-language error messages
505 #Include conf/extra/httpd-multilang-errordoc.conf
506
507 # Fancy directory listings
508 #Include conf/extra/httpd-autoindex.conf
509
510 # Language settings
511 #Include conf/extra/httpd-languages.conf
512
513 # User home directories
514 #Include conf/extra/httpd-userdir.conf
515
516 # Real-time info on requests and configuration
517 Include conf/extra/httpd-info.conf
518
519 # Virtual hosts
520 Include conf/extra/httpd-vhosts.conf
521
522 # Local access to the Apache HTTP Server Manual
523 #Include conf/extra/httpd-manual.conf
524
525 # Distributed authoring and versioning (WebDAV)
526 #Include conf/extra/httpd-dav.conf
527
528 # Various default settings
529 #Include conf/extra/httpd-default.conf
530
531 # Configure mod_proxy_html to understand HTML4/XHTML1
532 <IfModule proxy_html_module>
533 Include conf/extra/proxy-html.conf
534 </IfModule>
535
536 # Secure (SSL/TLS) connections
537 Include conf/extra/httpd-ssl.conf
538 #
539 # Note: The following must must be present to support
540 # starting without SSL on platforms with no /dev/random equivalent
541 # but a statically compiled-in mod_ssl.
542 #
543 <IfModule ssl_module>
544 SSLRandomSeed startup builtin
545 SSLRandomSeed connect builtin
546 </IfModule>
547
548 ServerTokens ProductOnly
549 ProtocolsHonorOrder On
550 Protocols h2 http/1.1
551
552 RewriteEngine on
553 RewriteCond %{SERVER_PORT} !^443$
554 RewriteRule ^/?(.*)$ https://%{SERVER_NAME}/$1 [L,R]
这是apache http 服务器的主配置文件。包含发送给服务器的指令。查看细节:http://httpd.apache.org/docs/2.4/,特别是http://httpd.apache.org/docs/2.4/mod/directives.html,可以对每个指令进行讨论。不要只简单的读读这个配置文件,他们的介绍都是很粗略的,如果你不曾详细了解线上文档,可能会处处遇到警告。
Configuration and logfile names:如果你用/或者win32下的盘符:/指定了控制文件路径的话,则使用它,如果没有,则会前缀ServerRoot,比如日志文件access/access_log,而ServerRoot被设置为/usr/local/apache2,就会被连缀成/usr/local/apache2/logs/access_log去操作那个文件。ServerRoot是error,log等文件保存的根目录。
不要在所有目录结尾添加反斜杠。如果你的ServerRoot不是本地磁盘,如果使用基于文件的互斥的话,应该在互斥指令上指定本地盘。ServerRoot用于指定守护进程httpd的运行目录,httpd在启动之后将自动将进程的当前目录改变为这个目录,因此如果设置文件中指定的文件或目录是相对路径,那么真实路径就位于这个ServerRoot定义的路径之下。一定要在本地磁盘中指定一个LockFile指令。如果你希望让多个httpd守护进程共享服务器根目录,你至少需要更改LockFile和PidFile。
**ServerRoot "/usr/local/apache"
**ScoreBoardFile /var/run/httpd.scoreboard
httpd使用ScoreBoardFile来维护进程的内部数据,因此通常不需要改变这个参数,除非管理员想在一台计算机上运行几个Apache服务器,这时每个Apache服务器都需要独立的设置文件htt pd.conf,并使用不同的ScoreBoardFile。
互斥:允许你为多个不同的互斥对象设置互斥机制【mutex mechanism】和互斥文件目录,或者修改全局默认值。如果互斥对象是基于文件的以及默认的互斥文件目录不在本地磁盘或因为其它原因而不适用,那么取消注释并改变目录。【下面这个命令是改变互斥对象的目录】。
**Mutex default: logs (详解mutex)
A mutex is the basic synchronization method used within Traffic Server to protect data from simultaneous access by multiple threads. A mutex acts as a lock that protects data in one program thread from being accessed by another thread.
它的作用就是枢纽服务器的基础异步方法,用于保护多线程的相同请求的数据的保护。就像一个锁,对于一个程序线程来说,确保不能被另一个线程访问。
Listen:允许将ip和/或端口号绑定到apache,替代默认设置。参看<VirtualHost>指令。如Listen 12.34.56.78:80或者Listen:80来让特定ip或端口开放,可以阻止apache上绑定的所有ip被访问到。这是个必须指定的指令,否则无法启动。
When httpd starts, it binds to some port and address on the local machine and waits for incoming requests. By default, it listens to all addresses on the machine. However, it may need to be told to listen on specific ports, or only on selected addresses, or a combination of both. This is often combined with the Virtual Host feature, which determines how httpd
responds to different IP addresses, hostnames and ports.
The Listen
directive tells the server to accept incoming requests only on the specified port(s) or address-and-port combinations. If only a port number is specified in the Listen
directive, the server listens to the given port on all interfaces. If an IP address is given as well as a port, the server will listen on the given port and interface. Multiple Listen
directives may be used to specify a number of addresses and ports to listen on. The server will respond to requests from any of the listed addresses and ports.
httpd启动时,绑定了端口和地址在本机上,等候进入的请求。默认情况下,它坚挺所有这台及其上的地址,然后可以按需要指定端口或者地址,或者二者复合。通常结合虚拟主机特性,由它来决定响应不同的地址和端口请求。
动态共享对象支持(Dymanic shared object DSO)。为了能使用打包成DSO的module的功能,你可以在使用前添加相应的"LoadModule"在这个位置,静态编译的modules(可以通过httpd -l列出来)不需要在这里加载。
User/Group: 如果你希望httpd以不同用户和组运行,必须以root进行初始化,并且将切换。使用名字或数字来运行httpd,跟多数系统服务一样创建一个独立的用户或组来运行httpd是个良好的实践。
<IfModule unixd_module>
User apache
Group apache
</IfModule>
主服务配置。这个区块设置的值由主服务使用,它将对所有<VirtualHost>不做响应的请求进行响应。这些值为<VirtualHost>容器提供了默认值。所有这些指令可以出现在<VirtualHost>容器中,如果在<VirtualHost>中作了定义,将对这里的值覆盖。
ServerAdmin:你的地址,服务器的问题如何联系的邮箱。这个邮箱经常会出现在服务器管理页面,比如错误文档。
ServerName:给出服务器名字和端口,用于识别自身。这通常都是自动的,但是提醒你还是明确指定以避免启动中的问题。ServerName 0.0.0.0:80
<Directory />
AllowOverride none
#Require all denied
</Directory>
对全部服务器文件系统项进行否定访问,在其他的<Directory>块中必须明确允许访问到web内容目录。
注意在这个点往前,必须特别允许特定的属性为enabled,如果有些工作不合乎期望,确保已经指定为enabled。
DocumentRoot:对外提供服务的目录。默认情况下,所有的请求来自这个目录,但软连接和别名可能指向其他地方。DocumentRoot "/data/www/default"
<Directory "/data/www/default">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
Options指令的可能值为None,All,或者任何联合项,Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
注意MultiViews不在Options All指定之中,比较特殊。
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
Options指令复杂而重要。查看http://httpd.apache.org/docs/2.4/mod/core.html#options获取更多信息。
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# AllowOverride FileInfo AuthConfig Limit
Apache httpd.conf配置文件AllowOverride参数详解--http://www.upupw.net/server/n73.html
AllowOverride从字面上解释是允许覆盖的意思,即Apache允许另一配置文件覆盖现有配置文件。
我们通常利用Apache的rewrite模块对URL进行重写,rewrite规则会写在 .htaccess 文件里。但要使 apache 能够正常的读取.htaccess 文件的内容,就必须对.htaccess 所在目录进行配置。
从安全性考虑,根目录的AllowOverride属性一般都配置成不允许任何Override,即:
< Directory />
AllowOverride None
< /Directory>
在 AllowOverride 设置为 None 时, .htaccess 文件将被完全忽略。当此指令设置为 All 时,所有具有 “.htaccess” 作用域的指令都允许出现在 .htaccess 文件中。
而对于 URL rewrite 来说,至少需要把目录设置为:
< Directory /myblogroot/>
AllowOverride FileInfo
< /Directory>
以下是AllowOverride的详细参数:
AuthConfig
允许使用与认证授权相关的指令(AuthDBMGroupFile, AuthDBMUserFile, AuthGroupFile, AuthName, AuthType, AuthUserFile, Require, 等)。
FileInfo
允许使用控制文档类型的指令(DefaultType, ErrorDocument, ForceType, LanguagePriority, SetHandler, SetInputFilter, SetOutputFilter, mod_mime中的 Add* 和 Remove* 指令等等)、控制文档元数据的指令(Header, RequestHeader, SetEnvIf, SetEnvIfNoCase, BrowserMatch, CookieExpires, CookieDomain, CookieStyle, CookieTracking, CookieName)、mod_rewrite中的指令(RewriteEngine, RewriteOptions, RewriteBase, RewriteCond, RewriteRule)和mod_actions中的Action指令。
Indexes
允许使用控制目录索引的指令(AddDescription, AddIcon, AddIconByEncoding, AddIconByType, DefaultIcon, DirectoryIndex, FancyIndexing, HeaderName, IndexIgnore, IndexOptions, ReadmeName, 等)。
Limit
允许使用控制主机访问的指令(Allow, Deny, Order)。
Options[=Option,...]
允许使用控制指定目录功能的指令(Options和XBitHack)。可以在等号后面附加一个逗号分隔的(无空格的)Options选项列表,用来控制允许Options指令使用哪些选项。
AllowOverride控制.htaccess文件,可以是All ,None或者任何的复合关键词。
#
AllowOverride None
#
# Controls who can get stuff from this server.
控制哪些可以从服务器取到东西。
#
#Require all granted
</Directory>
DirectoryIndex: 设置如果一个目录被访问的时候apache提供服务的文件。
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>
下面行提供.htaccess和.htpasswd文件中可以被web客户端查看的文件。
<Files ".ht*">
#Require all denied
</Files>
ErrorLog:error log文件的位置,如果你不在<VirtualHost>中指定这个指令值,那么那个虚拟主机容器中的错误消息将记录在这儿。如果你在虚拟容器中指定了,将记录在那儿,而非这儿。
ErrorLog "logs/error_log"
LogLevel:控制被记录到error_log中的信息数量,可能的值包括:debug, info, notice, warn, error, crit, alert, emerg.
LogLevel warn
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
下面的指令定义了一些在CustomLog使用的格式化昵称。
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
%h 客户端ip地址
%l %u 这两个一般不用看
%t 时间
%r 访问方式内容
%>s 状态码
%b 理解为浏览器类型
也就是规定了日志文件中的各个字段的意思。
116.62.209.27 - - [02/Feb/2018:13:04:12 +0800] "GET /phpmyadmin/explicit_not_exist_path HTTP/1.1" 404 232
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
需要使用%I and %O使mod_logio.c可用
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions(事物) will be
# logged therein(在那里) and *not* in this file.
access logfile位置和格式化。如果在虚拟主机容器中定义了access logfiles,将记录在这儿。反之,则记录在那儿。
#
CustomLog "logs/access_log" common
#
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
如果提供了一个access logfile,代理,和参考信息(Combined Logfile Format),可以使用以下指令。像这样\"%{Referer}i\" \"%{User-Agent}i\"
#
#CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
#
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar
Redirect:用于定义永久或临时重定向
#
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
Alias:对web路径映射成文件系统路径。通常是那些不在DocumentRoot底下的可访问内容。
#
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
如果包含包含了/在/webpath中,服务器将在url中显示出来。将也可能需要提供<Directory>块来访问到那个文件路径。
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
ScriptAlias:这个控制含有服务器脚本的目录。ScriptAliases本质上跟Aliases相同,除了目标文件夹中的文档在被请求的时候被当作应用和由服务器运行,而不是作为文档发送到客户端。跟alias指令具有相同规则,带有/的情况。
#
ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"
</IfModule>
<IfModule cgid_module>
#
# ScriptSock: On threaded servers, designate the path to the UNIX
# socket used to communicate with the CGI daemon of mod_cgid.
ScriptSock:在线程服务器中,给unix socket指定的路径,用以同mod_cgid的cgi守护进程通讯。
#
#Scriptsock cgisock
</IfModule>
如果你配置了ScriptAlias,"/usr/local/apache/cgi-bin"应该被改变成那个存在的ScriptAliased cgi目录。
<Directory "/usr/local/apache/cgi-bin">
AllowOverride None 不允许重写
Options None 选项为none
Require all granted 授权所有访问者
</Directory>
<IfModule headers_module>
#
# Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
# backend servers which have lingering "httpoxy" defects.
# 'Proxy' request header is undefined by the IETF, not listed by IANA
允许通过配置文件控制任意的HTTP请求和应答头信息。这个模块提供了一些指令用于控制和修改HTTP请求头和应答头。这些头可以被合并、替换、删除。避免在这个或任何有潜在“httpoxy”漏洞的代理后端服务器上将http_proxy环境传递给CGI的环境。“proxy”请求标头不是由IETF(The Internet Engineering Task Force,国际互联网工程任务组)定义,也不是由IANA(The Internet Assigned Numbers Authority,互联网数字分配机构)登记。《HTTPOXY漏洞说明》
【HTTP协议系列5】http proxy原理--http://blog.csdn.net/zongzhiyuan/article/details/53700294
#
RequestHeader unset Proxy early
</IfModule>
Supplemental configuration
追加配置
目录conf/extra/中的配置文件包含了额外的特性或者是改变服务器默认配置,或者根据需要可以简单的将那些内容复制到这里并改变值。
MPM模式,一共有三种稳定的MPM(Multi-Processing Module,多进程处理模块)模式,(winnt模式,perfork模式,worker模式)。
升级apache--http://blog.csdn.net/laoyiin/article/details/50977354
apache的三种MPM模式比较--http://blog.jobbole.com/91920/
#Include conf/extra/httpd-mpm.conf'
复合语言错误消息
#Include conf/extra/httpd-multilang-errordoc.conf
动态目录列表形式配置;
#Include conf/extra/httpd-autoindex.conf
语言设置
#Include conf/extra/httpd-languages.conf
用户主目录
#Include conf/extra/httpd-userdir.conf
配置和请求的真实时间信息
Include conf/extra/httpd-info.conf
虚拟主机
Include conf/extra/httpd-vhosts.conf
本地访问Apache HTTP服务器手册
#Include conf/extra/httpd-manual.conf
分布式创作和版本控制(WebDAV)
#Include conf/extra/httpd-dav.conf
多种默认设置
#Include conf/extra/httpd-default.conf
识别HTML4/XHTML1的配置mod_proxy_html
<IfModule proxy_html_module>
Include conf/extra/proxy-html.conf
</IfModule>
安全连接(SSL/TLS)
Include conf/extra/httpd-ssl.conf
/dev/random和/dev/urandom是Linux系统中提供的随机伪设备,这两个设备的任务,是提供永不为空的随机字节数据流。很多解密程序与安全应用程序(如SSH Keys,SSL Keys等)需要它们提供的随机数据流。注意:以下配置必须必须存在用以支持没有/dev/random的平台开启ssl,等效是有一个静态的内编译的mod_ssl
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
ServerTokens ProductOnly
ProtocolsHonorOrder On 是否遵守在Protocols中设置的顺序。
Protocols h2 http/1.1 http:// 连接 (h2c) https:// 连接 (h2)
默认地,服务器HTTP响应头会包含apache和php版本号。像下面的,这是有危害的,因为这会让黑客通过知道详细的版本号而发起已知该版本的漏洞攻击。Server: Apache/2.2.17 (Unix) PHP/5.3.5
为了阻止这个,需要在httpd.conf设置ServerTokens为Prod,这会在响应头中显示“Server:Apache”而不包含任何的版本信息。
ServerTokens Prod
下面是ServerTokens的一些可能的赋值:
ServerTokens Prod 显示“Server: Apache”
ServerTokens Major 显示 “Server: Apache/2″
ServerTokens Minor 显示“Server: Apache/2.2″
ServerTokens Min 显示“Server: Apache/2.2.17″
ServerTokens OS 显示 “Server: Apache/2.2.17 (Unix)”
ServerTokens Full 显示 “Server: Apache/2.2.17 (Unix) PHP/5.3.5″ (如果你这指定任何的值,这个是默认的返回信息)