Apache HTTP Server 基础配置说明
一、配置文件结构
主要配置文件
1/etc/apache2/ # Debian/Ubuntu
2├── apache2.conf # 主配置文件
3├── ports.conf # 监听端口配置
4├── sites-available/ # 可用站点配置
5│ ├── 000-default.conf
6│ └── example.com.conf
7├── sites-enabled/ # 启用的站点(符号链接)
8├── mods-available/ # 可用模块
9└── mods-enabled/ # 启用的模块
10
11/usr/local/apache2/conf/ # 源码编译安装默认路径
12├── httpd.conf # 主配置文件
13├── extra/ # 额外配置文件
14└── vhosts/ # 虚拟主机配置
二、核心配置指令
1. 基本配置
1# 服务器根目录
2ServerRoot "/etc/apache2"
3
4# 监听端口
5Listen 80
6Listen 443
7
8# 服务器管理员邮箱
9ServerAdmin webmaster@localhost
10
11# 服务器名称(域名)
12ServerName www.example.com:80
2. 主服务器配置
1# 文档根目录
2DocumentRoot "/var/www/html"
3
4# 目录访问控制
5<Directory "/var/www/html">
6 Options Indexes FollowSymLinks
7 AllowOverride None
8 Require all granted
9</Directory>
10
11# 文件访问控制
12<Files ".ht*">
13 Require all denied
14</Files>
3. 日志配置
1# 错误日志
2ErrorLog ${APACHE_LOG_DIR}/error.log
3LogLevel warn
4
5# 访问日志
6LogFormat "%h %l %u %t \"%r\" %>s %b" common
7CustomLog ${APACHE_LOG_DIR}/access.log combined
三、虚拟主机配置
1. 基于IP的虚拟主机
1<VirtualHost 192.168.1.100:80>
2 ServerAdmin admin@site1.com
3 DocumentRoot "/var/www/site1"
4 ServerName site1.com
5 ErrorLog "logs/site1-error.log"
6 CustomLog "logs/site1-access.log" common
7</VirtualHost>
2. 基于域名的虚拟主机
1<VirtualHost *:80>
2 ServerName www.example.com
3 ServerAlias example.com *.example.com
4 DocumentRoot "/var/www/example"
5
6 <Directory "/var/www/example">
7 Options -Indexes +FollowSymLinks
8 AllowOverride All
9 Require all granted
10 </Directory>
11</VirtualHost>
12
13<VirtualHost *:80>
14 ServerName blog.example.com
15 DocumentRoot "/var/www/blog"
16</VirtualHost>
3. SSL虚拟主机
1<VirtualHost *:443>
2 ServerName secure.example.com
3 DocumentRoot "/var/www/secure"
4
5 SSLEngine on
6 SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
7 SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
8
9 # 强制HTTPS重定向(在80端口虚拟主机中配置)
10 <VirtualHost *:80>
11 ServerName secure.example.com
12 Redirect permanent / https://secure.example.com/
13 </VirtualHost>
14</VirtualHost>
四、常用模块配置
1. 重写模块(mod_rewrite)
1<Directory "/var/www/html">
2 RewriteEngine On
3
4 # 强制HTTPS
5 RewriteCond %{HTTPS} off
6 RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
7
8 # 重写URL
9 RewriteRule ^product/([0-9]+)/?$ product.php?id=$1 [NC,L]
10
11 # 禁止特定IP访问
12 RewriteCond %{REMOTE_ADDR} ^192\.168\.1\.100
13 RewriteRule .* - [F]
14</Directory>
2. 安全模块(mod_security)
1<IfModule mod_security2.c>
2 SecRuleEngine On
3 SecRequestBodyAccess On
4 SecResponseBodyAccess On
5
6 # 防止SQL注入
7 SecRule ARGS "union.*select" "id:1001,deny,status:403"
8
9 # 防止XSS攻击
10 SecRule ARGS "<script" "id:1002,deny,status:403"
11</IfModule>
3. 压缩模块(mod_deflate)
1<IfModule mod_deflate.c>
2 AddOutputFilterByType DEFLATE text/html text/plain text/xml
3 AddOutputFilterByType DEFLATE text/css
4 AddOutputFilterByType DEFLATE application/javascript
5 AddOutputFilterByType DEFLATE application/json
6
7 # 排除特定浏览器
8 BrowserMatch ^Mozilla/4 gzip-only-text/html
9</IfModule>
4. 缓存模块(mod_expires)
1<IfModule mod_expires.c>
2 ExpiresActive On
3
4 # 图片缓存1个月
5 ExpiresByType image/jpeg "access plus 1 month"
6 ExpiresByType image/png "access plus 1 month"
7
8 # CSS和JS缓存1周
9 ExpiresByType text/css "access plus 1 week"
10 ExpiresByType application/javascript "access plus 1 week"
11</IfModule>
五、性能优化配置
1. 进程管理(MPM配置)
1# prefork MPM(适合兼容性要求高的环境)
2<IfModule mpm_prefork_module>
3 StartServers 5
4 MinSpareServers 5
5 MaxSpareServers 10
6 MaxRequestWorkers 150
7 MaxConnectionsPerChild 0
8</IfModule>
9
10# worker MPM(适合高并发环境)
11<IfModule mpm_worker_module>
12 StartServers 3
13 MinSpareThreads 75
14 MaxSpareThreads 250
15 ThreadsPerChild 25
16 MaxRequestWorkers 400
17</IfModule>
2. 连接和超时设置
1Timeout 60
2KeepAlive On
3MaxKeepAliveRequests 100
4KeepAliveTimeout 5
六、安全配置
1. 基本安全设置
1# 隐藏Apache版本信息
2ServerTokens Prod
3ServerSignature Off
4
5# 禁止目录浏览
6Options -Indexes
7
8# 限制访问特定文件
9<FilesMatch "^\.">
10 Require all denied
11</FilesMatch>
12
13<FilesMatch "\.(htaccess|htpasswd|ini|log|sh|bak)$">
14 Require all denied
15</FilesMatch>
2. 防止点击劫持
1Header always append X-Frame-Options SAMEORIGIN
2Header set X-Content-Type-Options nosniff
3Header set X-XSS-Protection "1; mode=block"
七、.htaccess 文件示例
1# 密码保护目录
2AuthType Basic
3AuthName "Restricted Area"
4AuthUserFile /etc/apache2/.htpasswd
5Require valid-user
6
7# 自定义错误页面
8ErrorDocument 404 /errors/404.html
9ErrorDocument 500 /errors/500.html
10
11# 设置默认首页
12DirectoryIndex index.php index.html index.htm
13
14# 禁止特定User-Agent
15SetEnvIfNoCase User-Agent "badbot" bad_bot
16Order Allow,Deny
17Deny from env=bad_bot
18Allow from all
八、常用命令
1# 检查配置语法
2apachectl configtest
3# 或
4apache2ctl -t
5
6# 重新加载配置(不中断服务)
7systemctl reload apache2
8# 或
9service apache2 reload
10
11# 重启Apache
12systemctl restart apache2
13
14# 查看已加载模块
15apache2ctl -M
16
17# 查看编译参数
18apache2ctl -V
19
20# 启用/禁用站点
21a2ensite example.com.conf
22a2dissite example.com.conf
23
24# 启用/禁用模块
25a2enmod rewrite
26a2dismod rewrite
九、故障排查
1. 检查日志
1# 实时查看错误日志
2tail -f /var/log/apache2/error.log
3
4# 查看访问日志
5tail -f /var/log/apache2/access.log
6
7# 按日期分析日志
8grep "23/Oct/2024" /var/log/apache2/access.log
2. 常见问题
- 403 Forbidden: 检查目录权限和SELinux设置
- 500 Internal Error: 检查应用程序代码和错误日志
- 无法启动: 使用
apachectl configtest 检查配置语法
- 模块未加载: 确认模块是否启用,配置文件路径是否正确