{{ cat }}'s docs

apache: 1.1.0 配置说明

1. 配置结构

.
├── extra                                     # 扩展子配置目录
│   ├── httpd-autoindex.conf
│   ├── httpd-dav.conf
│   ├── httpd-default.conf
│   ├── httpd-info.conf
│   ├── httpd-languages.conf
│   ├── httpd-manual.conf
│   ├── httpd-mpm.conf
│   ├── httpd-multilang-errordoc.conf
│   ├── httpd-ssl.conf
│   ├── httpd-userdir.conf
│   ├── httpd-vhosts.conf
│   └── proxy-html.conf
├── httpd.conf                                # 主配置文件(配置入口)
├── magic                                     # 和mime相关的,详情见http://httpd.apache.org/docs/current/mod/mod_mime_magic.html#mimemagicfile
├── mime.types                                # mime文件,指定文件类型的
└── original                                  # 原始配置文件副本
    ├── extra
    │   ├── httpd-autoindex.conf
    │   ├── httpd-dav.conf
    │   ├── httpd-default.conf
    │   ├── httpd-info.conf
    │   ├── httpd-languages.conf
    │   ├── httpd-manual.conf
    │   ├── httpd-mpm.conf
    │   ├── httpd-multilang-errordoc.conf
    │   ├── httpd-ssl.conf
    │   ├── httpd-userdir.conf
    │   ├── httpd-vhosts.conf
    │   └── proxy-html.conf
    └── httpd.conf

3 directories, 29 files

重点:httpd.conf是主配文件,也是配置文件的入口,其他配置文件都通过这里Include

PS: 主配文件也可以修改,可以在启动时动态指定,但是一般都是用默认的

2. httpd.conf常见配置

# 这里是指定httpd的软件目录
ServerRoot "/usr/local/httpd-2.4.41"

# 监听的域名可以通过指定多个Listen来监听多个端口
# 443因为牵扯到要加载mod_ssl模块,所以是需要一定条件来监听
Listen 80

# 可以通过调整LoadModule配置,来增删加载的模块
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule filter_module modules/mod_filter.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so

# php的模块
LoadModule php5_module        modules/libphp5.so


# 这种if的模块,只有在httpd启动或者重启的时候才会执行,一旦条件匹配
# 将会应用到全局
<IfModule unixd_module>
User  www
Group www
</IfModule>

ServerAdmin you@example.com

# 这里是安全配置,避免有人通过某些方式访问整个系统文件
<Directory />
    # 禁用.htaccess
    AllowOverride none
    # 全部禁止访问根目录
    Require all denied
</Directory>

# <Directory directory-path> ... </Directory>
# directory-path可以加双引号,也可以不加,但是中间有空格的时候,必须加
# directory-path可以用wildcard匹配,?代表任意字符,*代表任意多个字符
# 但是/任何情况下不会被匹配,所以/*/html不会匹配/var/www/html,但是会匹配/data/html
DocumentRoot "/usr/local/httpd-2.4.41/htdocs"
<Directory "/usr/local/httpd-2.4.41/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>

# 安全配置,禁止所有人访问.htaccess等文件
<Files ".ht*">
    Require all denied
</Files>

ErrorLog "logs/error_log"
LogLevel warn

# 日志格式配置
<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    CustomLog "logs/access_log" common
</IfModule>

<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/usr/local/httpd-2.4.41/cgi-bin/"
</IfModule>
<IfModule cgid_module>
</IfModule>
<Directory "/usr/local/httpd-2.4.41/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>
<IfModule headers_module>
    RequestHeader unset Proxy early
</IfModule>
<IfModule mime_module>
    TypesConfig conf/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType application/x-httpd-php .php
</IfModule>

# 引入外部配置
# 1. 引入mpm的配置
Include conf/extra/httpd-mpm.conf
# 2. 引入虚拟主机配置
Include conf/site-enabled/*.conf

<IfModule proxy_html_module>
Include conf/extra/proxy-html.conf
</IfModule>

# 在启用mod_ssl模块的情况下,再来监听443
# ssl_module和mod_ssl是一样效果的
# <IfModule mod_ssl.c>
# Listen 443
# </IfModule>
<IfModule ssl_module>
Listen 443
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

3. VirtualHost常见配置

<VirtualHost *:80>
    # ServerName指定一个唯一的值,来和其他的虚拟主机区分
    ServerName example.com
    # ServerAlias来扩展监听多个域名
    ServerAlias www.example.com *.example.com
    DocumentRoot "/data/html"
    DirectoryIndex index.html index.php
    ErrorLog  "logs/example-error_log"
    CustomLog "logs/example-access_log" common
</VirtualHost>

<VirtualHost *:443>
    ServerName example-ssl.com
    ServerAlias www.example-ssl.com *.example-ssl.com
    SSLEngine on
    SSLCertificateFile "/path/to/www.example.com.cert"
    SSLCertificateKeyFile "/path/to/www.example.com.key"
    DocumentRoot "/data/html"
    DirectoryIndex index.html index.php
    ErrorLog  "logs/example-ssl-error_log"
    CustomLog "logs/example-ssl-access_log" common
</VirtualHost>

4. 如何同时监听80和443

apache是无法和nginx一样,同时监听80和443的,但是可以用下面的方式来达到节省配置项的效果 example.conf

<VirtualHost *:80>
    Include conf/site-enabled/example.include
</VirtualHost>

<VirtualHost *:443>
    SSLEngine on
    Include conf/site-enabled/example.include
</VirtualHost>

example.include

    ServerName example-ssl.com
    ServerAlias www.example-ssl.com *.example-ssl.com
    SSLCertificateFile "/path/to/www.example.com.cert"
    SSLCertificateKeyFile "/path/to/www.example.com.key"
    DocumentRoot "/data/html"
    DirectoryIndex index.html index.php
    ErrorLog  "logs/example-ssl-error_log"
    CustomLog "logs/example-ssl-access_log" common