Apache 核心配置详解

Apache Core Configuration Detailed

概述 (Overview)

Apache的核心配置决定了服务器的基本行为和性能特征。本文将深入探讨Apache的核心配置指令，包括服务器身份、目录访问控制、文件处理和性能调优等关键配置项。

Apache's core configuration determines the server's basic behavior and performance characteristics. This article will delve into Apache's core configuration directives, including server identity, directory access control, file handling, and performance tuning key configuration items.

1. 服务器身份配置 (Server Identity Configuration)

1.1 基本服务器信息 (Basic Server Information)

# 服务器管理员邮箱
ServerAdmin webmaster@example.com

# 服务器名称
ServerName www.example.com:80

# 服务器签名
ServerSignature On

# 服务器令牌
ServerTokens Full

1.2 服务器身份安全设置 (Server Identity Security Settings)

# 隐藏Apache版本信息 (安全加固)
ServerTokens Prod
ServerSignature Off

# 自定义服务器标识
# (需要mod_security模块)
SecServerSignature "Microsoft-IIS/10.0"

2. 目录和文件访问控制 (Directory and File Access Control)

2.1 目录配置 (Directory Configuration)

# 基本目录配置
<Directory "/var/www/html">
    # 目录选项
    Options Indexes FollowSymLinks

    # 覆盖规则
    AllowOverride All

    # 访问控制
    Require all granted
</Directory>

# 禁止访问特定目录
<Directory "/var/www/html/private">
    Require all denied
</Directory>

# 限制特定IP访问
<Directory "/var/www/html/admin">
    Require ip 192.168.1.0/24
    Require ip 10.0.0.5
</Directory>

2.2 文件访问控制 (File Access Control)

# 禁止访问特定文件类型
<Files "*.conf">
    Require all denied
</Files>

# 禁止访问隐藏文件
<FilesMatch "^\.">
    Require all denied
</FilesMatch>

# 保护敏感文件
<Files "wp-config.php">
    Require all denied
</Files>

2.3 目录选项详解 (Directory Options Detailed)

# Options指令详解
<Directory "/var/www/html">
    # Indexes: 允许目录列表
    # FollowSymLinks: 允许符号链接
    # ExecCGI: 允许执行CGI脚本
    # Includes: 允许服务器端包含
    # MultiViews: 允许内容协商
    Options Indexes FollowSymLinks ExecCGI Includes MultiViews

    # 控制哪些选项可以被覆盖
    AllowOverride All

    # 访问控制
    Require all granted
</Directory>

3. 文档根目录和索引文件 (Document Root and Index Files)

3.1 文档根目录配置 (Document Root Configuration)

# 设置文档根目录
DocumentRoot "/var/www/html"

# 虚拟主机中的文档根目录
<VirtualHost *:80>
    ServerName www.example.com
    DocumentRoot /var/www/example

    # 目录特定配置
    <Directory "/var/www/example">
        Options FollowSymLinks
        AllowOverride None
        Require all granted
    </Directory>
</VirtualHost>

3.2 索引文件配置 (Index File Configuration)

# 设置索引文件优先级
DirectoryIndex index.html index.php index.htm default.html

# 使用mod_dir模块的高级索引
<IfModule mod_dir.c>
    DirectoryIndex index.html index.php
</IfModule>

# 自定义目录索引页面
<Directory "/var/www/html">
    DirectoryIndex disabled
</Directory>

4. 文件处理和MIME类型 (File Handling and MIME Types)

4.1 MIME类型配置 (MIME Type Configuration)

# 添加自定义MIME类型
AddType application/x-httpd-php .php .php5
AddType text/html .shtml
AddType application/json .json

# 设置默认字符集
AddDefaultCharset UTF-8

# 基于文件扩展名的字符集
AddCharset UTF-8 .html .css .js .xml

4.2 处理器配置 (Handler Configuration)

# 设置处理器
AddHandler cgi-script .cgi .pl
AddHandler server-parsed .shtml
AddHandler type-map var

# PHP处理器配置
<FilesMatch \.php$>
    SetHandler application/x-httpd-php
</FilesMatch>

5. 性能相关配置 (Performance Related Configuration)

5.1 连接和超时设置 (Connection and Timeout Settings)

# 主机名查找
HostnameLookups Off

# 超时设置
Timeout 60

# 保持连接
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5

# 请求行限制
LimitRequestLine 8190
LimitRequestFields 100
LimitRequestFieldSize 8190
LimitRequestBody 52428800

5.2 缓冲区设置 (Buffer Settings)

# 输入/输出缓冲区
# (需要Apache 2.4.10+)
# AcceptFilter http none
# AcceptFilter https none

# 大文件传输优化
EnableMMAP On
EnableSendfile On

6. 日志配置 (Log Configuration)

6.1 错误日志配置 (Error Log Configuration)

# 错误日志文件
ErrorLog /var/log/apache2/error.log

# 错误日志级别
LogLevel warn

# 虚拟主机错误日志
<VirtualHost *:80>
    ServerName www.example.com
    ErrorLog /var/log/apache2/example_error.log
    LogLevel info
</VirtualHost>

6.2 访问日志配置 (Access Log Configuration)

# 基本访问日志
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
CustomLog /var/log/apache2/access.log combined

# 自定义日志格式
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined_with_time

# 条件日志记录
SetEnvIf Request_URI "^/health" dontlog
CustomLog /var/log/apache2/access.log combined env=!dontlog

7. 安全相关配置 (Security Related Configuration)

7.1 基本安全设置 (Basic Security Settings)

# 隐藏服务器信息
ServerTokens Prod
ServerSignature Off

# 禁止访问版本控制目录
<DirectoryMatch "^/.*/\.(svn|git)/">
    Require all denied
</DirectoryMatch>

# 禁止访问备份文件
<FilesMatch "\.(bak|backup|old|orig|save|swp|tmp)$">
    Require all denied
</FilesMatch>

7.2 请求限制 (Request Limitations)

# 限制HTTP方法
<LimitExcept GET POST HEAD>
    Require all denied
</LimitExcept>

# 限制请求大小
LimitRequestBody 10485760  # 10MB

# 限制URL长度
LimitRequestLine 8190

8. 核心模块配置 (Core Module Configuration)

8.1 mod_rewrite配置 (mod_rewrite Configuration)

# 启用重写引擎
RewriteEngine On

# 重写日志 (仅Apache 2.2及更早版本)
# RewriteLog /var/log/apache2/rewrite.log
# RewriteLogLevel 3

# 基本重写规则
RewriteRule ^/old-page\.html$ /new-page.html [R=301,L]

8.2 mod_alias配置 (mod_alias Configuration)

# 别名配置
Alias /icons/ "/usr/share/apache2/icons/"

# 脚本别名
ScriptAlias /cgi-bin/ "/usr/lib/cgi-bin/"

# 重定向
Redirect permanent /old-site/ http://www.newsite.com/

9. 配置管理脚本 (Configuration Management Scripts)

9.1 配置验证脚本 (Configuration Validation Script)

#!/bin/bash
# config-validator.sh

validate_config() {
    echo "=== Apache Configuration Validation ==="

    # 检查配置语法
    if sudo apache2ctl configtest; then
        echo "✓ Configuration syntax is OK"
    else
        echo "✗ Configuration syntax error"
        return 1
    fi

    # 检查模块加载
    echo
    echo "Loaded modules:"
    apache2ctl -M | grep -E "(core|mpm|rewrite|ssl|proxy)" | head -10

    # 检查虚拟主机
    echo
    echo "Virtual host configuration:"
    apache2ctl -S 2>/dev/null | head -10

    # 检查监听端口
    echo
    echo "Listening ports:"
    sudo netstat -tlnp | grep apache2

    echo
    echo "Configuration validation completed successfully!"
}

validate_config

9.2 配置备份脚本 (Configuration Backup Script)

#!/bin/bash
# config-backup.sh

backup_config() {
    local backup_dir="/opt/apache-backups"
    local timestamp=$(date +%Y%m%d_%H%M%S)
    local backup_path="$backup_dir/backup_$timestamp"

    # 创建备份目录
    sudo mkdir -p "$backup_path"

    # 备份主配置文件
    sudo cp /etc/apache2/apache2.conf "$backup_path/"
    sudo cp /etc/apache2/httpd.conf "$backup_path/" 2>/dev/null || true

    # 备份虚拟主机配置
    sudo cp -r /etc/apache2/sites-available/ "$backup_path/"

    # 备份模块配置
    sudo cp -r /etc/apache2/mods-available/ "$backup_path/"

    # 备份SSL配置 (如果存在)
    if [ -d "/etc/apache2/ssl/" ]; then
        sudo cp -r /etc/apache2/ssl/ "$backup_path/"
    fi

    echo "Configuration backed up to: $backup_path"

    # 清理旧备份 (保留最近7天)
    find "$backup_dir" -mindepth 1 -maxdepth 1 -mtime +7 -type d -exec rm -rf {} \;
}

backup_config

10. 性能监控和调优 (Performance Monitoring and Tuning)

10.1 性能监控脚本 (Performance Monitoring Script)

#!/bin/bash
# performance-monitor.sh

monitor_performance() {
    echo "=== Apache Performance Monitor ==="

    # 检查进程状态
    echo "Apache processes:"
    ps aux | grep apache2 | grep -v grep | wc -l

    # 检查内存使用
    echo
    echo "Memory usage:"
    ps -o pid,vsz,rss,comm -C apache2 | tail -n +2

    # 检查连接状态
    echo
    echo "Connection status:"
    sudo netstat -an | grep :80 | awk '{print $6}' | sort | uniq -c

    # 检查服务器状态 (如果启用)
    echo
    echo "Server status (if available):"
    curl -s http://localhost/server-status?auto 2>/dev/null | head -10 || echo "Server status not available"
}

monitor_performance

小结 (Summary)

通过本文学习，你应该掌握：

1. Apache服务器身份配置和安全设置
2. 目录和文件访问控制的详细配置
3. 文档根目录和索引文件的管理
4. MIME类型和处理器配置
5. 性能相关的核心配置选项
6. 日志配置和管理技巧
7. 安全相关的配置设置
8. 核心模块的配置方法
9. 配置验证和备份脚本的使用
10. 性能监控和调优方法

Apache的核心配置是服务器稳定运行的基础，正确理解和配置这些选项对于系统管理员至关重要。在下一篇文章中，我们将详细介绍Apache的日志配置与管理。