▶ 技術めも
Apache設定
Apache で同一IPからの接続数を制限する mod_limitipconn 設定方法Add Star
https://futuremix.org/2010/04/apache-mod_limitipconn
Apache httpd : mod_limitipconn を利用する
https://www.server-world.info/query?os=CentOS_7&p=httpd2&f=9
htpasswdコマンド
https://qiita.com/masakuni-ito/items/3d951035884184632b99
htpasswd -n -B -C 12 user1
Apache2.4 での設定
systemctl status httpd.service
systemctl start httpd.service
systemctl stop httpd.service
systemctl restart httpd.service
バーチャルホスト使用
httpd.conf
> # ServerName www.example.com:80
> NameVirtualHost *:80
Serverでapacheバージョン送信停止
httpd.conf
ServerTokens Prod
ServerSignature Off
トレイリングスラッシュの自動リダイレクトOFF(v2.2からデフォルトOFF)
httpd.conf
UseCanonicalName Off
%2Fを勝手にデコード対応
<VirtalHost>
AllowEncodedSlashes on
</VirtalHost>
X-Powered-Byでphpバージョン送信停止
php.ini
expose_php = Off
その他
authz_core:error apache 2.4 エラー(2.4で構文変更)
Apacheチューニング
httpd.conf
Apacheが%2Fを勝手にデコード
AllowEncodedSlashes On
httpd.conf
<VirtalHost>
...
AllowEncodedSlashes on
...
</VirtalHost>
ServerTokens Prod
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 60
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 15
<IfModule prefork.c>
StartServers 10
MinSpareServers 5
MaxSpareServers 15
ServerLimit 256
MaxClients 40
MaxRequestsPerChild 1000
</IfModule>
<IfModule worker.c>
StartServers 4
MaxClients 300
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
Listen 80
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
Include conf.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
UseCanonicalName Off
DocumentRoot "/var/www/html"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
DirectoryIndex index.html index.html.var
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</Files>
TypesConfig /etc/mime.types
DefaultType text/plain
HostnameLookups Off
ErrorLog logs/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog logs/access_log combined
ServerSignature Off
IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
AddLanguage en .en
AddLanguage ja .ja
LanguagePriority ja en
ForceLanguagePriority Prefer Fallback
AddDefaultCharset UTF-8
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
AddHandler type-map var
NameVirtualHost *:80
プロセスメモリ使用料
ps aux|grep -v Ss|grep '[h]ttpd'|head -1
conf.d
conf.d/php.conf
<IfModule prefork.c>
LoadModule php5_module modules/libphp5.so
</IfModule>
<IfModule worker.c>
LoadModule php5_module modules/libphp5-zts.so
</IfModule>
AddHandler php5-script .php
AddType text/html .php
DirectoryIndex index.php
conf.d/vh.conf
Include conf.d/vh/*.conf
conf.d/vh/tatenosystem.com.conf
<VirtualHost _default_:80>
ServerName tatenosystem.com
DocumentRoot /home/tatenosystem.com/public_html
ErrorLog logs/tatenosystem-error_log
CustomLog logs/tatenosystem-access_log combined
AllowEncodedSlashes On
<Directory /home/tatenosystem.com/public_html>
Options FollowSymLinks ExecCGI
AllowOverride All
</Directory>
</VirtualHost>
<VirtualHost _default_:80>
ServerName www.tatenosystem.com
DocumentRoot /home/tatenosystem.com/public_html
ErrorLog logs/tatenosystem-error_log
CustomLog logs/tatenosystem-access_log combined
</VirtualHost>
conf.d/vh/1.conf
存在しない ServerName アクセス対策
<VirtualHost *:80>
ServerName dummy
Redirect 403 /
</VirtualHost>
.htaccess
RewriteBase /
RewriteCond %{HTTP_HOST} ^(www\.tatenosystem\.com)(:80)? [NC]
RewriteRule ^(.*) http://tatenosystem.com/$1 [R=301,L]
php.ini
expose_php = Off
Link
過去めも
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 60
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 15
<IfModule prefork.c>
StartServers 10
MinSpareServers 5
MaxSpareServers 15
ServerLimit 256
MaxClients 40
MaxRequestsPerChild 1000
</IfModule>
<IfModule worker.c>
StartServers 4
MaxClients 300
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
Listen 80
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
Include conf.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
UseCanonicalName Off
DirectoryIndex index.html
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</Files>
TypesConfig /etc/mime.types
DefaultType text/plain
HostnameLookups Off
ErrorLog logs/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog logs/access_log combined
ServerSignature Off
AddLanguage ja .ja
LanguagePriority en ja
AddDefaultCharset UTF-8
NameVirtualHost *:80