屏蔽 apache 版本敏感信息信息
查看是否有gcc
[root@xuegod2 ~]# gcc
gcc gcc-ar gcc-nm gcc-ranlib
1 )
vim /usr/lib/systemd/system/httpd.service
写入以下内容
打开配置文件
[root@xuegod2 ~]# cd /usr/local/apache/conf/
[root@xuegod2 conf]#
[root@xuegod2 conf]# ls
extra httpd.conf httpd.conf.bak magic mime.types original
[root@xuegod2 conf]# vim httpd.conf
[root@xuegod2 conf]# vim extra/httpd-default.conf
重启apache
systemctl restart httpd
[root@xuegod3 ~]# curl -I 192.168.24.63
HTTP/1.1 200 OK
Date: Thu, 28 May 2020 10:46:43 GMT
Server: Apache 已经隐藏 apache 版本
Last-Modified: Mon, 11 Jun 2007 18:53:14 GMT
ETag: "2d-432a5e4a73a80"
Accept-Ranges: bytes
Content-Length: 45
Content-Type: text/html
2 ) 让版本号彻底消失
重新编译
systemctl stop httpd
[root@xuegod3 ~]# systemctl stop httpd
[root@xuegod3 ~]# lsof -i:80
[root@xuegod3 src]# rm -rf httpd-2.4.16
重新解压编译
从新再次编译
./configure --prefix=/usr/local/apache --sysconfdir=/etc/httpd --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --enable-deflate --with-apr-util=/usr/local/apr-util --enable-modules=most --enable-mpms-shared=all --with-mpm=event
make -j 4 && make install
[root@xuegod3 httpd-2.4.16]# systemctl daemon-reload
[root@xuegod3 httpd-2.4.16]# systemctl enable httpd
Failed to execute operation: Bad message
[root@xuegod3 httpd-2.4.16]# systemctl start httpd
[root@xuegod3 httpd-2.4.16]# lsof -i:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd 76374 root 4u IPv6 96918 0t0 TCP *:http (LISTEN)
httpd 76375 daemon 4u IPv6 96918 0t0 TCP *:http (LISTEN)
httpd 76376 daemon 4u IPv6 96918 0t0 TCP *:http (LISTEN)
httpd 76377 daemon 4u IPv6 96918 0t0 TCP *:http (LISTEN)
[root@xuegod3 httpd-2.4.16]#
测试成功
[root@xuegod3 httpd-2.4.16]# vim /etc/httpd/httpd.conf
重新启动
这里我们设置apache 的网站更目录和属组为daemon
[root@xuegod3 htdocs]# chown daemon.daemon /usr/local/apache/htdocs/ -R
[root@xuegod3 htdocs]# ll -sd /usr/local/apache/htdocs/
0 drwxr-xr-x. 2 daemon daemon 24 5月 28 18:20 /usr/local/apache/htdocs/
15.1.7 保护apache 日志,设置好apache 日志文件权限
对日志的授权,我们要将属主和属组都设置为root
开始设置错误页面
[root@xuegod3 htdocs]# vim /etc/httpd/httpd.conf
[root@xuegod3 htdocs]# echo "404 go to home " > /usr/local/apache/htdocs/404.html
[root@xuegod3 htdocs]# systemctl restart httpd.service
用浏览器测试成功
15.2.2 启用压缩模块 mod_deflate
查看模块
[root@xuegod3 htdocs]# /usr/local/apache/bin/apachectl -M
[root@xuegod3 apache]# ls modules/mod_deflate.so
modules/mod_deflate.so 已经安装
到配置文件中增加一行
[root@xuegod3 apache]# vim /etc/httpd/httpd.conf
写入以下内容
DeflateCompressionLevel 9
SetOutputFilter DEFLATE
DeflateFilterNote Input instream
DeflateFilterNote Output outstream
DeflateFilterNote Ratio ratio
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/javascript
[root@xuegod3 httpd-2.4.16]# ls modules/filters/mod_deflate.c
modules/filters/mod_deflate.c
测试压缩
[root@xuegod3 httpd-2.4.16]# vim /etc/httpd/httpd.conf
[root@xuegod3 httpd-2.4.16]# cd modules/
[root@xuegod3 modules]# cd metadata/
[root@xuegod3 metadata]# ll mod_expires.c
-rw-r--r--. 1 501 games 18396 5月 7 2014 mod_expires.c
在配置文件中写入 对全局
的配置在apache 主配置文件httpd.conf 的末尾如下采纳数即可,
vim /etc/httpd/httpd.conf
ExpiresActive on
ExpiresDefault "access plus 12 month"
ExpiresByType text/html "access plus 12 months"
ExpiresByType text/css "access plus 12 months"
ExpiresByType image/gif "access plus 12 months"
ExpiresByType image/jpeg "access plus 12 months"
ExpiresByType image/jpg "access plus 12 months"
ExpiresByType image/png "access plus 12 months"
EXpiresByType application/x-shockwave-flash "access plus 12 months"
EXpiresByType application/x-javascript "access plus 12 months"
ExpiresByType video/x-flv "access plus 12 months"
重启服务器
systemctl restart httpd
开始用浏览器测试
2 、 对目录
对目录进行缓存
查看apache 的运行模式
[root@xuegod3 ~]# /usr/local/apache/bin/httpd -M | grep event
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.24.63. Set the 'ServerName' directive globally to suppress this message
mpm_event_module (shared)
[root@xuegod3 ~]# ls /usr/local/apache/modules/mod_mpm_prefork.so
/usr/local/apache/modules/mod_mpm_prefork.so
再次重启httpd
[root@xuegod3 ~]# ps -aux | grep httpd | wc -l
7
[root@xuegod3 ~]# ps -aux | grep http | awk '{print $6}'
2116
1800
1800
1800
1800
1800
984
平均为1.7 M
[root@xuegod3 ~]# ps aux | grep http |awk '{sum += $6;n++};END{print sum/n}'
1728.57
15.4.8 如何设置最大连接数
计算后要减去服务器本身系统所需要的资源,比如,内存2G,减去500M 留给服务器,还有1.5G 那么最大的连接数就是1500/1.7 =1000 左右
重启apache 在打开网站看看是否还会有慢的情况
测试 观察apache de 最大连接数
[root@xuegod3 ~]# watch -n 1 "pgrep httpd | wc -l "
6 有6个进程
常用配置参考:
生产环境配置实例:
StartServers 5
MaxRequestWorkers 9600
ServerLimit 64
MinSpareThreads 25
MaxSpareThreads 500
ThreadLimit 200
ThreadsPerChild 150
MaxRequestsPerChild 0
此服务器配置:最多进程数:64个; 最多线程数(最大并发数) 64*150=9600 ;不可能超过64*200=12800