ServerRoot "/usr/local"
ServerRoot is used to specify the running directory of the daemon httpd. After httpd starts, it will automatically change the current directory of the process to this directory. Therefore, if the file or directory specified in the settings file is a relative path, then the real path is located in this ServerR oot definition Under the path.
ScoreBoardFile /var/run/httpd.scoreboard
httpd uses ScoreBoardFile to maintain the internal data of the process, so it is usually not necessary to change this parameter, unless the administrator wants to run several Apache servers on one computer, at this time each Apache server needs a separate setting file htt pd.conf, And use a different ScoreBoardFile.
#ResourceConfig conf/srm.conf
#AccessConfig conf/access.conf
These two parameters, ResourceConfig and AccessConfig, are used to be compatible with older versions of Apache that use srm.conf and access.conf configuration files. If there is no need for compatibility, you can specify the corresponding setting file as /dev/null, which means that there is no other setting file, and only one file httpd.conf is used to save all the setting options.
PidFile /var/run/httpd.pid
The file specified by PidFile will record the process number of the httpd daemon. Because httpd can automatically copy itself, there are multiple httpd processes in the system, but only one process is the first started process, which is the parent process of other processes. The signal sent by the process will affect all httpd processes. The process number of the httpd parent process is recorded in the file defined by PidFILE.
Timeout 300
Timeout defines the timeout interval between the client program and the server connection. After this time interval (seconds) is exceeded, the server will disconnect from the client.
KeepAlive On
In HTTP 1.0, one connection can only be used to transmit one HTTP request, and the KeepAlive parameter is used to support the one-time connection and multiple transmission functions of HTTP 1.1 version, so that multiple HTTP requests can be transmitted in one connection. Although only newer browsers support this feature, still enable this option.
MaxKeepAliveRequests 100
MaxKeepAliveRequests is the maximum number of HTTP requests that can be made for one connection. Setting its value to 0 will support unlimited transmission requests within one connection. In fact, no client program requests too many pages in one connection, and the connection is usually completed before this upper limit is reached.
KeepAliveTimeout 15
KeepAliveTimeout tests the time between multiple request transmissions in a connection. If the server has completed a request but has not received the next request from the client program, the server will disconnect after the interval exceeds the value set by this parameter. connection.
ThreadsPerChild 50
Set the number of processes used by the server.
# This is based on the server's response speed, too large a number will slow down
MaxRequestsPerChild 30
Web services that use sub-processes to provide services. The commonly used method is that a sub-process serves a connection. The problem is that each connection needs to generate and exit the system operation of the sub-process, which makes these additional processing processes occupy The massive processing power of the computer. Therefore, the best way is that a child process can serve multiple connection requests, so that there is no need for the system consumption of these spawning and exiting processes. Apache uses this method. After a connection is over, the child process does not exit. It stays in the system and waits for the next service request, which greatly improves performance.
However, since the child process has to continuously apply for and release memory during the processing, more times will cause some memory garbage, which will affect the stability of the system and the effective use of system resources. Therefore, after a copy has processed a certain number of requests, the child process copy can be allowed to exit, and then a clean copy can be copied from the original htt pd process, which can improve the stability of the system. In this way, the number of service requests processed by each child process is defined by MaxRe questPerChild. The default setting is 30. This value is too conservative for a FreeBSD system with high stability. It can be set to 1000 or higher, and set to 0 to support unlimited service processing for each copy.
For safety, set to zero
#Listen 3000
#Listen 12.34.56.78:80
#BindAddress *
The Listen parameter can specify that the server monitors HTTP requests on other ports in addition to the standard port 80. Since the FreeBSD system can have multiple IP addresses at the same time, it is also possible to specify that the server only listens to HTTP requests to a certain BindAddress IP address. If this item is not configured, the server will respond to all IP requests.
Even if the BindAddress parameter is used, the server only responds to requests for one IP address, but by using the extended Listen parameter, the HTTP daemon can still respond to requests for other IP addresses. At this time, the usage of the Listen parameter is the same as the second example above. This more complicated usage is mainly used to set up virtual hosts. From now on, you can use the VirtualHost parameter to define virtual hosts for different IPs. However, this usage is the method of setting virtual hosts in the earlier HTTP 1.0 standard. Each virtual host needs an IP address, which is actually not very useful. In HTTP 1.1, support for virtual hosts with single IP addresses and multiple domain names has been added, making the settings of virtual hosts more meaningful.
#ExtendedStatus On
The Apache server can report its own operating status through a special HTTP request. Turning on this ExtendedStatus parameter allows the server to report more comprehensive operating status information
-------------------------------------------------- -------------------------------
ServerAdmin you@your.address
Perhaps the only thing that should be changed in the configuration file is ServerAdmin. This item is used to configure the email address of the administrator of the WWW server, which will be returned to the browser if there is an error in the HTTP service, so that the Web user can contact the administrator. Report error. It is customary to use the webmaster on the server as the administrator of the WWW server, and send emails sent to the webmaster to the real web administrator through the alias mechanism of the mail server.
ServerName localhost
By default, there is no need to specify this ServerName parameter, the server will automatically obtain its own name through the name resolution process, but if there is a problem with the server's name resolution (usually the reverse resolution is incorrect), or there is no official DNS name , You can also specify the IP address here. When the ServerName setting is incorrect, the server cannot start normally.
Usually a web server can have multiple names, and client browsers can use all these names or IP addresses to access this server, but in the absence of a virtual host defined, the server always responds to the browser with its own official name. ServerName defines the official name recognized by the Web server itself. For example, a server name (type A is defined in DNS) is freebsd.exmaple.org.cn, and an alias (CNAME record) is defined as www for the convenience of memory. .exmaple.org.cn, then the name automatically parsed by Apache is freebsd.example.org.cn, so no matter which name the client browser uses to send the request, the server always tells the client program that it is freebsd.example.org.cn . Although this generally does not cause any problems, considering that the server may be migrated to other computers one day, and only want to complete the migration task by changing the www alias configuration in DNS, so I don’t want customers to use freebsd records in their bookmarks Under the address of this server, you must use ServerName to re-specify the official name of the server.
DocumentRoot "/usr/local/www/data"
DocumentRoot defines the storage path of the hypertext documents published by the server, and the URL requested by the client program is mapped to the web page file in this directory. The subdirectories under this directory, as well as the files and directories indicated by symbolic links can be accessed by the browser, but the same relative directory name should be used in the URL.
Note that although the symbolic link is logically located under the root document directory, it can actually be located in any directory on the computer, so the client program can access the directories outside the root document directory, which increases flexibility while increasing But it reduces security. Apache provides the FollowSymLinks option in directory access control to turn on or off the feature that supports symbolic links.
Options FollowSymLinks
AllowOverride None
The Apache server can perform document access control for directories. However, access control can be achieved in two ways. One is to set each directory in the configuration file httpd.conf (or access.conf), and the other is to set it in each directory. Set the access control file under this directory, usually the name of the access control file is .htaccess. Although these two methods can be used to control browser access, the method of using configuration files requires restarting the httpd daemon after each change, which is relatively inflexible, so it is mainly used to configure the overall security control strategy of the server system. It is more flexible and convenient to use the .htaccess file in each directory to set the access control of a specific directory.
The Directory statement is used to define access restrictions for a directory. Here you can see its standard syntax, which defines access restrictions for a directory. The setting in the above example is for the root directory of the system, setting the option FollowSymLinks to allow symbolic links, and using AllowOverride None to indicate that the access control files in this directory are not allowed to change the configuration performed here, which also means that there is no need to view The corresponding access control file in this directory.
Since Apache's access control settings for a directory can be inherited by the next-level directories, the settings for the root directory will affect its sub-directories. Note that due to the setting of AllowOverride None, the Apache server does not need to view the access control files in the root directory, nor does it need to view the access control files in the following directories at all levels, until httpd.conf (or access.conf) is a directory Alloworride is specified, which means that the access control file is allowed to be viewed. Since Apache uses inheritance for directory access control, if the access control file is allowed to be viewed from the root directory, then Apache must view the access control file level by level, which will affect system performance. By default, this feature of the root directory is turned off, allowing Apache to search downwards from the specified directory in httpd.conf, reducing the number of search levels and increasing system performance. Therefore, setting AllowOverride None for the system root directory is not only helpful for system security, but also beneficial for system performance.
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
What is defined here is the access settings of the directory where the system publishes external documents. Different AllowOverride options are set to define the relationship between the directory settings in the configuration file and the security control file under the user directory, and the Options option is used to define the characteristics of the directory.
The configuration file and the access control file under each directory can set access restrictions. The setting file is set by the administrator, and the access control file under each directory is set by the owner of the directory, so the administrator can specify the directory Whether the owner of the can overwrite the settings of the system in the settings file, this needs to be set with the AllowOverride parameter, usually the value that can be set is:
The effect of the setting of AllowOverride on the role of each directory access control file
All default value, so that the access control file can overwrite the system configuration
None server ignores access control file settings
Options allows the access control file to use the Options parameter to define the options of the directory
FileInfo allows parameter settings such as AddType to be used in the access control file
AuthConfig allows the access control file to use AuthName, AuthType and other authentication mechanisms for each user, which enables the owner of the directory to protect the directory with a password and user name
Limit allows restrictions on the IP address and name of clients accessing the directory
Each directory has certain attributes. You can use Options to control some access feature settings under this directory. The following are commonly used feature options:
Options settings Server feature settings
All all directory features are valid, this is the default state
None all directory features are
