本文共 12687 字,大约阅读时间需要 42 分钟。
一段时间以来一直自己研究apache。关于配置文件一直都是一知半解。最近照着配置文件,翻着词典,弄清楚了配置文件注解的意思。方便像我一样初学apache的朋友们更快的理解httpd.conf文件。
我的环境是apache2.2.23,版本不同的,配置文件里参数大同小异。
# This is the main Apache HTTP server configuration file. It contains the # configuration directives that give the server its instructions. # See <URL:http://httpd.apache.org/docs/2.2> for detailed information. # In particular, see # <URL:http://httpd.apache.org/docs/2.2/mod/directives.html> # for a discussion of each configuration directive. # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned.
翻译:上面一段话不详细翻译,大意是可以参照官方文档以及对于配置文件里的各参数要理解等等。
# Configuration and logfile names: If the filenames you specify for many # of the server's control files begin with "/" (or "drive:/" for Win32), the # server will use that explicit path. If the filenames do *not* begin # with "/", the value of ServerRoot is prepended -- so 'log/access_log' # with ServerRoot set to '/www' will be interpreted by the # server as '/www/log/access_log', where as '/log/access_log' will be # interpreted as '/log/access_log'.
翻译:大意:在此配置文件中涉及到路径的时候,如果以"/"(或者 "drive:/" win平台)开头的话,服务器会直接使用这个绝对路径;如果路径没有以"/"开头(即以相对路径),那么ServerRoot(会在下文中配置)的值会附加到给出的这个相对路径之前。例如ServerRoot配置为'/www',log文件路径设置为'log/access_log',那么服务器会将log路径解释为'/www/log/access.log'。
# ServerRoot: The top of the directory tree under which the server's # configuration, error, and log files are kept. # Do not add a slash at the end of the directory path. If you point # ServerRoot at a non-local disk, be sure to point the LockFile directive # at a local disk. If you wish to share the same ServerRoot for multiple # httpd daemons, you will need to change at least LockFile and PidFile.
翻译:以上一段主要解释了ServerRoot这个参数的含义:是整个apache服务器目录的最顶端,其他文档目录或者日志目录等均存在于此目录下,简单说就是apache服务器的安装目录(注意这个路径后面不能加斜杠,如下行中2.2.23后不能有/)
ServerRoot "/usr/local/httpd2.2.23" ServerTokens Full
注释:ServerTokens参数用于设置客户端可查看到的apache版本信息和系统信息等,例如我通过火狐的firebug插件看到我的服务器端信息如下:
ServerApache/2.2.23 (Unix) mod_jk/1.2.37
下面是ServerTokens可能的赋值以及该赋值将显示的内容: ServerTokens Prod 显示“Server: Apache” ServerTokens Major 显示 “Server: Apache/2″ ServerTokens Minor 显示“Server: Apache/2.2″ ServerTokens Min 显示“Server: Apache/2.2.23″ ServerTokens OS 显示 “Server: Apache/2.2.23 (Unix)” ServerTokens Full 显示 “Server: Apache/2.2.23 (Unix)
mod_jk/1.2.37
″
一般情况下,我们暴露给客户端的信息越少越好
继续看配置文件
# Listen: Allows you to bind Apache to specific IP addresses and/or # ports, instead of the default. See also the <VirtualHost> # directive. # # Change this to Listen on specific IP addresses as shown below to # prevent Apache from glomming onto all bound IP addresses.
翻译:介绍
en"参数。这个参数允许你制定apache只监听特定的IP以及特定端口,这个选项亦可用于下文对于虚拟主机"List
<VirtualHost>
的配置
#Listen 12.34.56.78:80 Listen 80
注释:我的配置文件中没有指定IP,只是让apache监听本机的80端口。
# Dynamic Shared Object (DSO) Support # # To be able to use the functionality of a module which was built as a DSO you # have to place corresponding `LoadModule' lines at this location so the # directives contained in it are actually available _before_ they are used. # Statically compiled modules (those listed by `httpd -l') do not need # to be loaded here.
翻译:动态共享目标支持
为了使用以DSO模式加载的模块的功能,你需要在这个位置添加相应的`LoadModule'行,以便于这个模块能够被正确的使用。以静态方式编译在apache里的模块则不需要此操作(静态模块可以通过 httpd -l 命令查看)
# Example: # LoadModule foo_module modules/mod_foo.so # LoadModule expires_module modules/mod_expires.so LoadModule usertrack_module modules/mod_usertrack.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_connect_module modules/mod_proxy_connect.so LoadModule proxy_ftp_module modules/mod_proxy_ftp.so LoadModule proxy_http_module modules/mod_proxy_http.so ... ...
注释:以上是我的apache中加载的DSO,为了节约篇幅没有摘全。
<IfModule !mpm_netware_module> <IfModule !mpm_winnt_module>
# If you wish httpd to run as a different user or group, you must run # httpd as root initially and it will switch. # User/Group: The name (or #number) of the user/group to run httpd as. # It is usually good practice to create a dedicated user and group for # running httpd, as with most system services.
翻译:如果你想以其他用户运行apache,你必须先以root用户运行httpd命令,然后他会自动转换到你指定的用户(直译比较抽象,就是设置了下面的User和Group后,apache会以root用户启动一个httpd进程作为管理进程,每个apache服务器有一个管理httpd进程和多个工作httpd进程。如下设置,我的工作进程以apache用户运行,这样主要是为了安全考虑)
User apache Group apache </IfModule> </IfModule>
ExtendedStatus On注释:设置服务器产生的状态信息。可以通过下文配置,通过浏览器查看apache状态
MaxConnPerIP 1
注释:设置每个IP最大连接数
# 'Main' server configuration # # The directives in this section set up the values used by the 'main' # server, which responds to any requests that aren't handled by a # <VirtualHost> definition. These values also provide defaults for # any <VirtualHost> containers you may define later in the file. # # All of these directives may appear inside <VirtualHost> containers, # in which case these default settings will be overridden for the # virtual host being defined.
翻译:‘主要’服务器配置(主服务器的所有指令均可以用到虚拟主机部分,虚拟主机部分的指令参数优先权高于主服务器部分的指令参数)
这一部分的指令用来设置主(默认)服务器的参数,用来响应任何不能够被‘虚拟主机’部分处理的请求。这些参数也提供了一个默认值给所有‘虚拟主机’部分,你也可以在虚拟主机里单独定义这些参数。
# ServerAdmin: Your address, where problems with the server should be # e-mailed. This address appears on some server-generated pages, such # as error documents. e.g. admin@your-domain.com # ServerAdmin you@example.com
注释:这部分定义了管理员的email,当Apache出现故障时可以给管理员发邮件(前提是本机要有邮件服务才行,实际意义不大)。
# ServerName gives the name and port that the server uses to identify itself. # This can often be determined automatically, but we recommend you specify # it explicitly to prevent problems during startup. # # If your host doesn't have a registered DNS name, enter its IP address here. # ServerName localhost.localdomain
翻译:‘服务器名’给出了服务器用以识别自己的名称以及端口。此参数也可以不修改,但是我们建议你明确的指定它以防止启动过程中出现问题。
如果你没有经过注册的域名,就把服务器的IP地址写到这里。
# DocumentRoot: The directory out of which you will serve your # documents. By default, all requests are taken from this directory, but # symbolic links and aliases may be used to point to other locations. # DocumentRoot "/usr/local/httpd2.2.23/htdocs"
翻译:根目录:默认用这个目录用来存放网站的所有内容。但是可以通过‘符号链接’和‘别名’来指向其他位置。
# Each directory to which Apache has access can be configured with respect # to which services and features are allowed and/or disabled in that # directory (and its subdirectories). # # First, we configure the "default" to be a very restrictive set of # features.
翻译:每一个Apache可以进入的目录都可以配置访问权限和规则(允许/不允许以及更为详细的访问控制)。
首先,我们配置一个权限非常小的默认权限给根目录及其子目录
<Directory /> Options FollowSymLinks AllowOverride None Order deny,allow Deny from all </Directory>
此处,关于options需要详解一下:options指令控制了在特定目录中将使用哪些服务器特性。
可选项能设置为None
,在这种情况下,将不启用任何额外特性。或设置为以下选项中的一个或多个:
FollowSymLinks 服务器会在此目录中使用符号连接
Includes 允许服务器端包含。
IncludesNOEXEC 允许服务器端包含,但禁用#exec命令和#exec CGI。但仍可以从ScriptAliase 目录使用#include虚拟CGI脚本。
Indexes 如果一个映射到目录的URL被请求,而此目录中又没有DirectoryIndex(例如:index.html),那么服务器会返回一个格式化后的目录列表。
MultiViews 允许内容协商的多重视图。
SymLinksIfOwnerMatch 服务器仅在符号连接与其目的目录或文件拥有者具有同样的用户id时才使用它。
所有选项之前可以通过“+”“-”来控制。如果一个目录设置了options,他的父目录也设置了options,那么对于这个目录则只有它本身的options生效。但是如果父目录设置了options,子目录通过“+”“-”设置了权限,那么他将会强制叠加到父目录的设置上。例如
<Directory /web/docs> Options Indexes FollowSymLinks </Directory> <Directory /web/docs/spec> Options +Includes -Indexes </Directory>
那么就会有FollowSymLinks
和Includes
设置到/web/docs/spec目录上。
# Note that from this point forward you must specifically allow # particular features to be enabled - so if something's not working as # you might expect, make sure that you have specifically enabled it # below.
翻译:注意从这里开始你必须明确指定允许的特性--所以如果哪里不像你期望的那样工作,确认你已经在下文指定了允许它。 # This should be changed to whatever you set DocumentRoot to.翻译:这些你应该改变成你设置的根目录
<Directory "/usr/local/httpd2.2.23/htdocs"> # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # # for more information. # Options Indexes FollowSymLinks # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit AllowOverride None注释:AllowOverride控制是否读取“.htaccess”文件的内容以及可以在“.htaccess”文件里面使用哪些控制命令。其参数有 All None以及以下参数的任意组合(根目录要设置为None,处于安全以及性能考虑。因为如果根目录设置为All,则服务器会由当前访问文件向上一直寻找到根目录,依次寻找.htaccess文件,对性能影响较大)
AuthConfig
允许使用与认证授权相关的指令
(AuthDBMGroupFile, AuthDBMUserFile, AuthGroupFile, AuthName, AuthType, AuthUserFile, Require, 等)
FileInfo
允许使用控制文档类型的指令 (DefaultType, ErrorDocument, ForceType, LanguagePriority, SetHandler, SetInputFilter, SetOutputFilter, mod_mime中的 Add* 和 Remove* 指令等等)、控制文档元数据的指令(Header, RequestHeader, SetEnvIf, SetEnvIfNoCase, BrowserMatch, CookieExpires, CookieDomain, CookieStyle, CookieTracking, CookieName)、mod_rewrite中的指令(RewriteEngine, RewriteOptions, RewriteBase, RewriteCond, RewriteRule)和mod_actions中的Action指令。
Indexes
允许使用控制目录索引的指令(AddDescription, AddIcon, AddIconByEncoding, AddIconByType, DefaultIcon, DirectoryIndex, FancyIndexing, HeaderName, IndexIgnore, IndexOptions, ReadmeName, 等)。
Limit
允许使用控制主机访问的指令(Allow, Deny, Order)。
Options[=Option,...]
允许使用控制指定目录功能的指令(Options和XBitHack)。可以在等号后面附加一个逗号分隔的(无空格的)Options选项列表,用来控制允许Options指令使用哪些选项。
# Controls who can get stuff from this server. Order allow,deny Allow from all </Directory>
# DirectoryIndex: sets the file that Apache will serve if a directory # is requested.
翻译:目录索引:设置apache将会显示的一个页面如果访问请求一个目录的话(即默认首页的文件名)
<IfModule dir_module> DirectoryIndex index.html </IfModule>
# The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients.
翻译:接下来几行设置组织客户端查看.htaccess文件的内容
<FilesMatch "^\.ht"> Order allow,deny Deny from all Satisfy All </FilesMatch>
# ErrorLog: The location of the error log file. # If you do not specify an ErrorLog directive within a <VirtualHost> # container, error messages relating to that virtual host will be # logged here. If you *do* define an error logfile for a <VirtualHost> # container, that host's errors will be logged there and not here.翻译:错误日志的存放位置。如果你没有在<VirtualHost>部分设置错误日志存放位置的话,那么涉及到这个虚拟主机的错误日志将记录到这里。
ErrorLog "logs/error_log"
# LogLevel: Control the number of messages logged to the error_log. # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg.翻译:日志级别:控制记录日志的详细程度。 LogLevel warn
<IfModule log_config_module> # The following directives define some format nicknames for use with # a CustomLog directive (see below).
翻译:接下来的指令定义了日志格式并且你可以给日志格式自定义名称以便引用。
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module> # You need to enable mod_logio.c to use %I and %O LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> # The location and format of the access logfile (Common Logfile Format). # If you do not define any access logfiles within a <VirtualHost> # container, they will be logged here. Contrariwise, if you *do* # define per-<VirtualHost> access logfiles, transactions will be # logged therein and *not* in this file. # CustomLog "logs/access_log" combined # # If you prefer a logfile with access, agent, and referer information # (Combined Logfile Format) you can use the following directive.翻译:如果你喜欢访问日志记录包括用户ip、用户浏览器、用户操作系统等更详细的信息,你应该使用combined格式 #CustomLog "logs/access_log" combined </IfModule>
<IfModule alias_module> # Redirect: Allows you to tell clients about documents that used to # exist in your server's namespace, but do not anymore. The client # will make a new request for the document at its new location.
翻译:重定向:允许你告诉客户端以前存在于你命名空间上的文档现在已经不在了。客户端会重新建立到新位置(域名)的链接
# Example: # Redirect permanent /foo http://www.example.com/bar # # Alias: Maps web paths into filesystem paths and is used to # access content that does not live under the DocumentRoot.
翻译:别名:映射网站目录到文件系统目录(即可以使用网站的相对路径来映射到一个不在DocumentRoot目录内的路径)
# Example: # Alias /webpath /full/filesystem/path # # If you include a trailing / on /webpath then the server will # require it to be present in the URL. You will also likely # need to provide a <Directory> section to allow access to # the filesystem path. # # ScriptAlias: This controls which directories contain server scripts. # ScriptAliases are essentially the same as Aliases, except that # documents in the target directory are treated as applications and # run by the server when requested rather than as documents sent to the # client. The same rules about trailing "/" apply to ScriptAlias # directives as to Alias. # ScriptAlias /cgi-bin/ "/usr/local/httpd2.2.23/cgi-bin/" </IfModule>
转载地址:http://whdla.baihongyu.com/