本文是关于apache虚拟主机相关的配置,安装配置过程请参考http://ly36843.blog.51cto.com/3120113/1642118
一、配置www.a.com虚拟主机
编辑/usr/local/apache/conf/httpd.conf文件
[root@httpd ~]# vim /usr/local/apache/conf/httpd.conf Include conf/extra/httpd-vhosts.conf #打开这一样 编辑文件/usr/local/apache/conf/extra/httpd-vhosts.conf [root@httpd htdocs]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf #添加虚拟主机的内容 <VirtualHost *:80> DocumentRoot "/data/www/a.com" ServerName www.a.com ErrorLog "logs/www.a.com-error_log" CustomLog "logs/www.a.com-access_log" common </VirtualHost> #创建站点目录和首页文件 [root@httpd ~]# mkdir -p /data/www/a.com [root@httpd ~]# echo "www.a.com" >> /data/www/a.com/index.html
检查httpd配置文件是否有误
[root@httpd ~]# /usr/local/apache/bin/apachectl -t Syntax OK
平滑重启httpd服务
[root@httpd ~]# /usr/local/apache/bin/apachectl graceful [root@httpd ~]# netstat -anpt|grep httpd tcp 0 0 :::80 :::* LISTEN 59398/httpd
在windows的hosts文件中添加www.a.com的域名解析记录,并验证结果
访问结果显示权限拒绝,这是因为在配置文件中没有对站点目录进行授权,解决办法如下
[root@httpd htdocs]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf <VirtualHost *:80> DocumentRoot "/data/www/a-com/" ServerName www.a.com <Directory "/data/www/a-com"> Options FollowSymLinks #关闭索引 AllowOverride None Order allow,deny Allow from all Require all granted #在2.4版本以后对站点目录必须要打开Require all granted,否则访问站点会一直出现403错误 </Directory> ErrorLog "logs/www.a.com-error_log" CustomLog "logs/www.a.com-access_log" common </VirtualHost> #在此附上未添加Require all granted,直接访问站点,这里一直提示认证错误 [Tue May 05 18:42:01.871859 2015] [authz_core:error] [pid 62764:tid 139862784104192] [client 192.168.3.54:51766] AH01630: client denied by server configuration: /data/www/a-com
检查配置文件是否有错误
[root@httpd ~]# /usr/local/apache/bin/apachectl -t Syntax OK
平滑重启httpd服务
[root@httpd ~]# /usr/local/apache/bin/apachectl graceful [root@httpd ~]# netstat -anpt |grep httpd tcp 0 0 :::80 :::* LISTEN 59398/httpd
在windows下再次访问www.a.com
二、安装cronolog
下载cronolog源码
[root@httpd ~]# wget http://fossies.org/linux/www/cronolog-1.6.2.tar.gz
安装
[root@httpd ~]# tar xf cronolog-1.6.2.tar.gz [root@httpd ~]# cd cronolog-1.6.2 [root@httpd cronolog-1.6.2]# ./configure [root@httpd cronolog-1.6.2]# make && make install [root@httpd cronolog-1.6.2]# which cronolog /usr/local/sbin/cronolog
三、配置apache日志轮询
编辑虚拟主机配置文件/usr/local/apache/conf/extra/httpd-vhosts.conf
[root@httpd ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf #添加日志轮询内容 <VirtualHost *:80> DocumentRoot "/data/www/a-com/" ServerName www.a.com <Directory "/data/www/a-com"> Options FollowSymLinks AllowOverride None Order allow,deny Allow from all Require all granted </Directory> ErrorLog "logs/ #下面是日志轮询内容 CustomLog "|/usr/local/sbin/cronolog log/a.com_access_%Y%m%d.log" combined </VirtualHost>
检查配置文件
[root@httpd ~]# /usr/local/apache/bin/apachectl -t Syntax OK [root@httpd ~]# /usr/local/apache/bin/apachectl graceful
访问站点www.a.com,并查看结果
[root@httpd ~]# curl www.a.com www.a.com [root@httpd ~]# ll /usr/local/apache/log total 4 -rw-r--r-- 1 root root 179 May 6 10:04 a.com_access_20150506.log
再次以同样的方法添加站点www.abc.com的日志轮询
<VirtualHost *:80> DocumentRoot "/data/www/abc" <Directory "/data/www/abc"> Options FollowSymLinks AllowOverride None Order allow,deny Allow from all Require all granted </Directory> ServerName www.abc.com ErrorLog "logs/ #添加日志轮询内容 CustomLog "|/usr/local/sbin/cronolog log/abc.com_access_%Y%m%d.log" combined </VirtualHost> [root@httpd ~]# /usr/local/apache/bin/apachectl -t Syntax OK [root@httpd ~]# /usr/local/apache/bin/apachectl graceful [root@httpd ~]# curl www.abc.com www.abc.com [root@httpd ~]# ll /usr/local/apache/log total 8 -rw-r--r-- 1 root root 353 May 6 10:16 abc.com_access_20150506.log -rw-r--r-- 1 root root 179 May 6 10:04 a.com_access_20150506.log
四、配置站点用户认证
编辑虚拟主机配置文件/usr/local/apache/conf/extra/httpd-vhosts.conf
[root@httpd ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf <VirtualHost *:80> DocumentRoot "/data/www/a-com/" ServerName www.a.com <Directory "/data/www/a-com"> Options FollowSymLinks AllowOverride AuthConfig #表示启用验证 Order allow,deny Allow from all Require all granted </Directory> ErrorLog "logs/www.a.com-error_log" CustomLog "|/usr/local/sbin/cronolog log/a.com_access_%Y%m%d.log" combined </VirtualHost>
在/data/www/a-com创建.htaccess文件
[root@httpd conf]# cat /data/www/a-com/.htaccess AuthName "my web" AuthType Basic AuthUserFile /usr/local/apache/conf/.htpasswd require valid-user
创建验证文件的用户明和密码
[root@httpd ~]# /usr/local/apache/bin/htpasswd -c /usr/local/apache/conf/.httpasswd test New password: #输入密码:weyee Re-type new password: Adding password for user test [root@httpd ~]# /usr/local/apache/bin/apachectl -t Syntax OK [root@httpd ~]# /usr/local/apache/bin/apachectl graceful
/usr/local/apache2/bin/htpasswd 创建用户和密码的命令
格式为:htpasswd -c /data/www/.htpasswd username
第一次创建用户要用到-c 参数(create创建新文件);第2次添加用户,不用-c参数,如果加-c则会覆盖之前的文件。
.htpasswd是来存放用户名和密码的;可以使用cat查看;
修改密码的格式为:htpasswd -m /data/www/.htpasswd user2
-m 表示使用md5加密密码;默认是-d CRYPT加密。
-D 删除用户及密码
验证结果
五、配置域名跳转
编辑文件www.a.com虚拟主机的配置文件,设置访问a.com或者www.b.com都跳转到www.a.com主页上
<IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP_HOST} ^a.com$ [OR] RewriteCond %{HTTP_HOST} ^www.b.com$ RewriteRule ^/(.*)$ http://www.a.com/$1 [R=301,L] </IfModule>
在浏览器输入a.com或者www.b.com都是跳转到www.a.com主页上
六、配置静态文件缓存
编辑apache主配置文件/usr/local/apache/conf/httpd.conf
[root@httpd conf]# vim /usr/local/apache/conf/httpd.conf #打开页面缓存支持 LoadModule expires_module modules/mod_expires.so #添加缓存信息 <IfModule mod_expires.c> ExpiresActive on ExpiresByType image/gif "access plus 1 days" ExpiresByType image/jpeg "access plus 24 hours" ExpiresByType image/png "access plus 24 hours" #这里设置的是png后缀的文件缓存1天 ExpiresByType text/css "now plus 2 hour" ExpiresByType application/javascript "now plus 2 hours" ExpiresByType application/x-shockwave-flash "now plus 2 hours" ExpiresDefault "now plus 0 min" </IfModule>
测试结果
[root@httpd conf]# curl -I www.a.com/2.png HTTP/1.1 200 OK Date: Wed, 06 May 2015 05:36:04 GMT Server: Apache/2.4.12 (Unix) Last-Modified: Wed, 06 May 2015 05:36:04 GMT #显示的是6号访问的 ETag: W/"87e7-515634948b2c0" Accept-Ranges: bytes Content-Length: 34791 Cache-Control: max-age=86400 Expires: Thu, 07 May 2015 05:36:04 GMT #显示缓存到7号,有24小时的缓存时间 Content-Type: image/png
七、防盗链
防止网站的图片、文档、音乐等格式他人盗用链接,只允许指定的域名可以链接。模板如下,定义的文件格式可以自行添加;
SetEnvIfNoCase Referer "^http://www.123.com" local_ref SetEnvIfNoCase Referer "www.a.com" local_ref SetEnvIfNoCase Referer "www.b.com" local_ref SetEnvIfNoCase Referer "^$" local_ref <filesmatch "\.(txt|doc|mp3|zip|rar|jpeg|png|jpg|gif)"> Order Allow,Deny Allow from env=local_ref </filesmatch>
使用curl -e 检测防盗链,不是白名单的域名会显示403错误;
实验结果:其他网站使用链接地址会报403错误;401错误是网站有用户认证,需要加-u参数指定用户认证登录才可以。
[root@www]# curl -e "http://www.baidu.com/2.jpg" -x127.0.0.1:80 www.123.com/2.jpg -I HTTP/1.1 403 Forbidden Date: Sun, 03 May 2015 09:25:06 GMT Server: Apache/2.2.16 (Unix) DAV/2 PHP/5.3.28 Content-Type: text/html; charset=iso-8859-1 [root@www]# curl -e "http://www.a.com/2.jpg" -x127.0.0.1:80 www.123.com/2.jpg -I HTTP/1.1 401 Authorization Required Date: Sun, 03 May 2015 09:27:48 GMT Server: Apache/2.2.16 (Unix) DAV/2 PHP/5.3.28 WWW-Authenticate: Basic realm="my test web" Content-Type: text/html; charset=iso-8859-1 [root@www]# curl -u test:1234 -e "http://www.a.com/2.jpg" -x127.0.0.1:80 www.123.com/2.jpg -I HTTP/1.1 200 OK Date: Sun, 03 May 2015 09:28:08 GMT Server: Apache/2.2.16 (Unix) DAV/2 PHP/5.3.28 Last-Modified: Sun, 03 May 2015 08:58:38 GMT ETag: "3ffcf-0-51529a6b14497" Accept-Ranges: bytes Cache-Control: max-age=86400 Expires: Mon, 04 May 2015 09:28:08 GMT Content-Type: image/jpeg