Building a virtual Web host
Virtual iweb host refers to running multiple web sites in the same server, in which each site does not actually occupy the whole server independently, so it is called "virtual" web host. Through the virtual web host service, we can make full use of the hardware resources of the server, so as to greatly reduce the cost of website construction and operation.
Using httpd service can easily build a virtual host server. Only one httpd service can support a large number of K web sites at the same time. Apache virtual host is equivalent to a mutually independent site in the same server, so that one host can provide multiple web services. Each virtual host is independent and does not affect each other.
There are three types of virtual hosts supported by httpd service:
1. Domain name based:
Use a different domain name for each virtual host, but its corresponding IP address is the same. For example, ww benet . COM and www . acep. The 1P addresses of COM sites are 192.168.80.10. This is the most commonly used type of virtual web host.
2. Based on IP address:
Different domain names are used for each virtual host, and their corresponding IP addresses are also different. This method requires multiple network interfaces for the server, so it is not widely used.
3. Port based:
This method does not use domain names and IP addresses to distinguish different site contents, but uses different TCP port numbers. Therefore, users need to specify port numbers when browsing different virtual sites.
Domain name based virtual host
Provide domain name resolution for virtual host
1. Temporarily configure the mapping relationship between domain name and IP address in / etc/hosts file
2. Add virtual host configuration
Different installation methods edit different file paths
-
Source code compilation and installation of virtual host configuration file path
/usr/local/httpd/conf/extra/httpd-vhosts.conf
-
Virtual host profile path for RPM or YUM installation
/etc/httpd/conf.d/vhosts. conf
I use compiled installation here, because you can set parameters as needed for installation, and the installation version can be selected by yourself
[root@localhost conf]# vim /usr/local/httpd/conf/extra/httpd-vhosts.conf <VirtualHost 192.168.100.103:80> # ServerAdmin webmaster@dummy-host.example.com DocumentRoot "/var/www/html/lisi" ServerName www.lisi.com #ServerAlias www.dummy-host.example.com ErrorLog "logs/lisi.com-error_log" CustomLog "logs/lisi.com-access_log" common </VirtualHost> <VirtualHost 192.168.100.103:80> # ServerAdmin webmaster@dummy-host.example.com DocumentRoot "/var/www/html/zhangsan" ServerName www.zhangsan.com #ServerAlias www.dummy-host.example.com ErrorLog "logs/zhangsan.com-error_log" CustomLog "logs/zhangsan.com-access_log" common </VirtualHost> <Directory "/var/www/html"> Set directory access AllowOverride None Override not allowed apache Default configuration Options None Do not enable any server features Require all granted Allow all hosts access </Directory>
vim httpd.conf
3. Restart the service for verification
[root@localhost conf]# systemctl restart httpd
Options instruction explanation:
The main function of the Options command is to control which server features will be enabled for a specific record. You can configure virtual host, directory, and htaccess file.
Options command common options:
None: indicates that no server features are enabled.
FollowSymLinks: the server allows symbolic connections (soft links) in this directory.
Indexes: if the entered web address corresponds to a file record on the server, and there is no file specified by the Directory Index instruction in the Apache configuration file in this directory (for example: directoryindex.html index. PHP), all files in this directory will be listed.
MultiViews: if the path requested by the client may correspond to multiple types of files, the server will automatically select a file that best matches the client's requirements according to the specific circumstances of the client's request.
For example, in the file folder of the server site, there is a file named hello Jpg and hello Two files of HTML. At this time, the user enters“ http://localhost/file/hello ”, if there is no Hello subdirectory in the file folder, the server will try to find the file record in the form of Hello* File, and then return the best matching Hello according to the specific situation of the user's request Jpg or hello html.
All: indicates all properties except Multiviews. This is also the default setting for the options directive.
AllowOverride instruction interpretation:
. htaccess (distributed implicit configuration file): it provides a method to change the configuration for each directory, that is, a file containing specific instructions is placed in a specific directory, and the instructions act on this directory and all its subdirectories.
When AllowOverride is set to None, it is displayed in the corresponding configuration directory The htaccess file is not read, that is, it cannot take effect.
When AllowOverride is set to All, it will be read every time a request is made to access a file in the corresponding directory The configuration of htaccess file means that the original Apache instruction will be, Instruction rewriting in htaccess file.
In terms of performance and safety, it is generally avoided as much as possible Htaccess file, anything you want to put in The configurations in the htaccess file can be placed in the < Directory > section of the main configuration file (httpd.conf), which is efficient. Therefore, the AllowOverride property is generally configured to None.
Address restriction policy:
Require all granted: allow access to all hosts.
Require all denied: all hosts are denied access.
Require local: only local host access is allowed.
Require [not] host < host name or domain name list >: allow or deny access to the specified host or domain name. Require [not] IP < IP address or network segment list >: allow or deny network access to the specified IP address.
IP address based virtual host
1. Add an IP
[root@localhost conf]# ifconfig ens33:1 192.168.100.110/24
2. Enter httpd vhosts Modify in conf file
[root@localhost conf]# cd /usr/local/httpd/conf/ [root@localhost conf]# vim extra/httpd-vhosts.conf
3. Enter httpd Configuration in conf file
[root@localhost conf]# vim httpd.conf
4. Restart the service and check the listening address
5. Open browser verification
Port based virtual host
1. Enter httpd vhosts Modify in conf
[root@localhost conf]# vim extra/httpd-vhosts.conf
2. Enter httpd Modify in conf file
3. Restart the service and verify
systemctl restart httpd
Apache connection retention
[root@localhost conf]# vim /usr/local/httpd/conf/extra/httpd-default.conf KeepAlive On Set whether to turn on the connection retention function, followed by OFF Closed, connected oN Indicates open. You can decide whether to open it according to the concurrent requests of the website, that is, turn on the connection retention function when the concurrency is high, and turn off this function when the concurrency is not high MaxKeepAliveRequests 100 It is used to set the maximum number of requests that can be transmitted in a long connection. If the maximum number of requests exceeds, the connection will be disconnected. The setting of the maximum value depends on the content of the web page in the website. Generally, the number of reads will be more than all elements in the website. KeepAliveTimeout 5 Set the maximum interval between multiple requests for a connection from the same client, that is, the connection will be automatically disconnected after this time, so as to avoid the client occupying connection resources.
[root@localhost conf]# vim httpd.conf
Restart the service and keep the connection open
[root@localhost conf]# systemctl restart httpd.service
Building web virtual directory and user authorization rules
Enter httpd Configuration in conf file
[root@localhost conf]# vim httpd.conf
Create a directory bbs
[root@localhost html]# mkdir bbs
Write home page information
[root@localhost html]# echo '<h1>this is alias test web</h1>!' > bbs/index.html
Edit / etc / httpd conf
<Directory "/var/www/html">
AllowOverride None
Options None
Require all granted
</Directory>
[root@localhost html]# systemctl restart httpd
Building Web virtual directory and user authorization restrictions
Create an http user specified password
[root@localhost html]# vim /etc/httpd.conf
Restart the service to start verification
[root@localhost html]# systemctl restart httpd.service
Apache Web page and security optimization
Web page compression
Open compilation
make -j4 && make install
--52 that 's ok--modify Listen 192.198.100.103:80 --197 that 's ok--Uncomment, modify ServerName www.kgc.com:80 --105 note off LoadModule deflate_module modules/mod_deflate.so --Last line add-- <IfModule mod_deflate.c> AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml text/javascript text/jpg text/png DeflateCompressionLevel 6 SetOutputFilter DEFLATE </IfModule>
Restart the service and open web page verification
[root@localhost htdocs]# systemctl restart httpd.service
Verify on win10 (fiddler needs to be installed first)
Web cache
Set httpd Conf file backup
[root@localhost httpd-2.4.29]# cd /usr/local/httpd/conf/ [root@localhost httpd-2.4.29]# mv httpd.conf httpd.conf.bak2
Shut down the service for compilation and installation
[root@localhost httpd-2.4.29]# cd /opt/httpd-2.4.29/ [root@localhost httpd-2.4.29]# ./configure --prefix=/usr/local/httpd --enable-so --enable-rewrite --enable-charset-lite --enable-cgi --enable-deflate --enable-expires && make -j4 && make install
Modify profile
[root@localhost conf]# vim httpd.conf --52 that 's ok--modify Listen 192.198.100.103:80 --197 that 's ok--Uncomment, modify ServerName www.kgc.com:80 --111 Line uncomment LoadModule expires_module modules/mod_expires.so Add new content exactly <IfModule mod_expires.c> ExpiresActive On ExpiresDefault "access plus 60 seconds" </IfModule>
Does the retrieval service exist
Open browser verification
Configure Apache to implement anti-theft chain
Configure chain stealing host
Configure anti-theft chain host
1. Enter httpd Configuration in conf file
[root@localhost ~]# vim /etc/httpd.conf
2. Test
3. Enter httpd Configure the access path in the conf file
Require all granted
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://kgc.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://kgc.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.kgc.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.kgc.com/$ [NC]
RewriteRule .*\.(gif|jbg|swf)$ http://www.kgc.com/error.png
4. Set error Png picture import
[root@localhost ~]# cd /usr/local/httpd/htdocs/
Log in the win10 browser to verify whether the picture jumps. If the picture jumps, the anti-theft chain configuration is completed
