Apache 安裝、配置、優化
安裝 Apache 2.0.48 (查看Install手冊)
考慮到以後要 rewite_url 來使 google 更加容易收錄網站,特地添加了 mod_rewrite 。
同時為了限制流量,特別加了 mod_limitpcnn.c 補丁 , 所以多了一個 --enable-forward 選項。
建議安裝完畢以後不要刪除安裝目錄,以便以後升級時使用。
記得升級前關閉 apache2.0
編譯過程:
代碼:
#./configure --enable-so --enable-speling --enable-rewrite --with-ssl=/usr/local/ssl --enable-forward
# make
# make install
這個例子裡面是編譯了 mod_so,mod_speling 和 openssl 支持。
同樣有另外幾種寫法
代碼:
#./configure --enable-modules=so --enable-modules=speling --enable-modules=rewrite
或者
代碼:
#./configure --enable-modules=”so speling”
--enable-MODULE[=shared] 編譯並包含模塊 MODULE. MODULE 是文檔中去掉” _module ”的模塊名。要將一個模塊編譯成為 DSO, 需要加 -shared 選項 , 即 --enable-mods-shared 。 (查看 MODULE 手冊)
注意 :"如果希望核心能夠裝載 DSO,而不實際編譯任何動態模塊,則要明確指定 --enable-modules=so 或者 --enable-so" (查看 DSO 手冊),所以前面的順序不能交換順序。 查看所有apache 的 configure 參數
安裝完畢後可以用以下命令來查看啟動了那些模塊
代碼:
# apachectl -l
Compiled in modules:
core.c
mod_access.c
mod_auth.c
mod_include.c
mod_log_config.c
mod_env.c
mod_setenvif.c
prefork.c
http_core.c
mod_mime.c
mod_status.c
mod_autoindex.c
mod_asis.c
mod_cgi.c
mod_negotiation.c
mod_dir.c mod_imap.c
mod_actions.c
mod_speling.c
mod_userdir.c
mod_alias.c
mod_rewrite.c
mod_so.c
接著,將啟動程序放入開機程序中去。 如果要啟動 ssl 加密網頁,則必須通過手動啟動 apache2.0 (參見 ssl 部分 )
代碼:
# echo "/usr/local/apache2/bin/apachectl start" >> /etc/rc.d/rc.local
參考:
代碼:
If you want your server to continue running after a system reboot ,
you should add a call to apachectl to your system startup files (typically rc.local or
a file in an rc.N directory). This will start Apache as root. Before doing this ensure
that your server is properly configured for security and access restrictions.
在 profile 裡面添加以上的語句來設置路徑,使得在 bash 下更容易控制 apachectl, 省去了輸入路徑的麻煩。
代碼:
# vi /etc/profile
PATH=" $PATH:usr/local/apache2/bin:”
配置 apache2.0
代碼:
# vi /usr/local/apache2/conf/httpd.conf
配置文件請看文件 httpd.conf (設置文檔目錄為/home/dalouis/public_html)
代碼:
#chmod 755 – R /home/dalouis/
設置目錄的可讀性為 drwxr-xr-x(755), 否則會出現 "Forbidden You don't have permission to access / on this server."
一些關於安全性的配置:
考慮到 cgi-bin 的安全性問題,我們暫時將 cgi-bin 去掉。將所有 httpd.conf 中的所有關於 cgi-bin 的行加上 #.
Xiyang 的配置
我用的: mod_limitipconn, mod_expires, mod_gzip, mod_php4, mod_so, mod_access, mod_alias, mod_userdir, mod_dir, mod_autoindex, mod_status, mod_mime, mod_log_config, http_core
關於超時的問題
在我編寫好所有的產品查看頁面的時候,經常會出現因為超時,或者流量過大 ,apache 停止工作的問題,原因有二,一是代碼的不科學性,二是 apache 的設置問題。
以下是對設置的一點改動:
代碼:
# KeepAlive: Whether or not to allow persistent connections(more than
# one request per connection). Set to "Off" to deactivate.
# KeepAlive Off
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
# MaxKeepAliveRequests 0
# KeepAliveTimeout: Number of seconds to wait for the next request
# from the same client on the same connection.
# KeepAliveTimeout 0
• 記錄訪問者的 HTTP-REFERER 和 AGENT, 有助於統計來者是通過什麼搜索引擎找到我們的網站的。 或者在原有的CustomLog行,將參數由 common 改成 combined
代碼:
# If you would like to have agent and referer logfiles,
# uncomment the following directives.
CustomLog logs/referer_log referer
CustomLog logs/agent_log agent
CustomLog logs/www.domain.com-access_log combined
使用 mod_limitipconn.c 來限制 apache 的並發數
Package: http://dominia.org/djao/limit/這裡的安裝建議使用動態 DSO 並 patch apache2.0, 以使得 apache2.0 可以認識在代理後方的 IP 。但是要 重新編譯 apache2.0, 以下是介紹。
代碼:
##Instructions for building DSO with proxy tracking:
# tar xzvf httpd-2.0.39.tar.gz
# tar xzvf mod_limitipconn-0.22.tar.gz
# cd httpd-2.0.39
# patch -p1 < ../mod_limitipconn-0.22/apachesrc.diff
# ./buildconf
# ./configure --enable-so --enable-speling --enable-rewrite --with-ssl=/usr/local/ssl --enable-forward
# make
# make install
# cd ../mod_limitipconn-0.22
# PATH=/usr/local/apache2/bin:$PATH
# make install
安裝過程
# lynx http://dominia.org/djao/limit/mod_limitipconn-0.22.tar.gz
# tar -zxvf mod_limitipconn-0.22.tar.gz
# cd httpd-2.0.48
# patch -p1 < ../mod_limitipconn-0.22/apachesrc.diff
patching file configure.in
Hunk #1 succeeded at 373 (offset 55 lines).
patching file include/scoreboard.h
patching file modules/generators/mod_status.c
Hunk #1 succeeded at 746 (offset -1 lines).
patching file server/scoreboard.c
# ./configure --enable-so --enable-speling --enable-rewrite --with-ssl=/usr/local/ssl --enable-forward
# make
# make install
# cd ../mod_limitipconn-0.22
# PATH=/usr/local/apache2/bin:$PATH
# make install
----------------------------------------------------------------------
Libraries have been installed in:
/usr/local/apache2/modules
If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
- add LIBDIR to the `LD_LIBRARY_PATH' environment variable
during execution
- add LIBDIR to the `LD_RUN_PATH' environment variable
during linking
- use the `-Wl,--rpath -Wl,LIBDIR' linker flag
- have your system administrator add LIBDIR to `/etc/ld.so.conf'
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
chmod 755 /usr/local/apache2/modules/mod_limitipconn.so
[activating module `limitipconn' in /usr/local/apache2/conf/httpd.conf]
檢查 httpd.conf 文件,發現增加了一下一行
代碼:
LoadModule limitipconn_module modules/mod_limitipconn.so
同時需要設置以下參數在 httpd.conf 中 , 也可以在單個虛擬服務器中。
代碼:
ExtendedStatus On
# Only needed if the module is compiled as a DSO
LoadModule limitipconn_module lib/apache/mod_limitipconn.so
<IfModule mod_limitipconn.c>
<Location /somewhere>
MaxConnPerIP 3
# exempting images from the connection limit is often a good
# idea if your web page has lots of inline images, since these
# pages often generate a flurry of concurrent image requests
# NoIPLimit image/*
# In this case, all MIME types other than audio/mpeg and video*
# are exempt from the limit check
# OnlyIPLimit audio/mpeg video
</Location>
</IfModule>
注意: LoadModule limitipconn_module modules/mod_limitipconn.so 必須放在虛擬服務器之前!否則不能啟動。
定制 Apache index 目錄
在 Apache 中設置目錄 <Directory> 有 Options Indexes 屬性的時候,可以索引文件夾內容,但是如果要定制顯示的內容,就必須添加以下幾行到各個服務器的設置中去。(可以是全局,也可以是虛擬服務器或者目錄) MODULE: mod_autoindex
代碼:
ReadmeName /README.shtml
HeaderName /HEADER.shtml
IndexOptions +SuppressHTMLPreamble FancyIndexing VersionSort FoldersFirst NameWidth=* (Optoional)
但是,我在按照步驟,添加以上設置、設置文件夾可被索引屬性、制作頁首和頁尾上傳後,仍舊發現不能顯示。最終發現,由於我安裝了 PHP, 為了使得 PHP 代碼可以被嵌入 .html 和 .htm 文檔中,我將 httpd.conf 中的一條屬性設置為:
代碼:
AddType application/x-httpd-php .php .html .htm
這使得 apache 不能識別原本設置的 README.html 和 HEADER.html,以下這點是從apache 的文檔中找到類似的解說.
參考
代碼:
Filename must resolve to a document with a major content
type of text/* ( e.g. , text/html , text/plain , etc.). This
means that filename may refer to a CGI script if the script's actual
file type (as opposed to its output) is marked as text/html such
as with a directive like:
AddType text/html .cgi
Content negotiation will be performed if Options MultiViews
is in effect. If filename resolves to a static text/html document
(not a CGI script) and either one of the options Includes
or IncludesNOEXEC is enabled, the file will be processed for
server-side includes (see the mod_include documentation).
我將上述 PHP 的 Type 的最終 .html 和 .htm 去掉以後,就可以正常顯示了。於是想辦法新添加一個種後綴名為 README 和 HEADER 專用:
代碼:
AddType text/html .shtml
然後修改 README.html 和 HEADER.html 為 README.shtml 和 HEADER.shtml 即可。
要注意的是,因為我要列出的目錄都為 open source, 所以有很多名字為“ README ”的文件。因此,要將其中的一條配置做小小的修改。(就是隱藏某些文件的配置)
代碼:
IndexIgnore .??* *~ *# HEADER.* README.* RCS CVS *,v *,t