linux服務之httpd
http://mirrors.cnnic.cn/apache/httpd/docs/ 英文pdf文檔下載php
Apache HTTP Project’s goalcss
It is the Apache HTTP Project’s first goal to create a robust and correct implementation of the HTTP server RFC. Additional goals include security, scalability and optimization.
html
預分支(Pre-Forking)模型 Unix上的Apache是應用了預分支模型的服務器。父進程的責任僅在於繁衍子進程,它從不響應來自socket的任何請求。python
ServerRoot 指的是配置文件根
DocumentRoot 指的是網頁文件根nginx
兩種消息類型都由,4部分組成
1.開始行,說明是請求或是應答
GET /geo/geo.js HTTP/1.1\r\n
HTTP/1.1 200 OK\r\n
2.零個或多個字段頭也叫headers
Host: api.g-fox.cn\r\n
Accept: */*\r\n
Server: nginx\r\n
Date: Sun, 06 Dec 2015 02:26:31 GMT\r\n
3.空行CRLF,指示headers結束
\r\n
4.可能有消息體web
清除firefox 單站點緩存shell
其實在「管理全部歷史記錄」裏面能夠,在某一個記錄上右鍵——清除此站點信息apache
測試配置文件的語法編程
14:12:03 97 /etc/httpd/conf:#apachectl -t -f /etc/httpd/conf/new.conf
httpd: Syntax error on line 2 of /etc/httpd/conf/new.conf: Include takes one argument, Name of the config file to be included
14:12:17 98 /etc/httpd/conf:#apachectl -t -f /etc/httpd/conf/httpd.conf
Syntax OK
api
webspace path
filesystem path
因此最後總結出要更改配置文件,不要在/etc/httpd/conf/httpd.conf上變更,而是在/etc/httpd/conf.d/下面新建*.conf文件來操做
編碼問題
今天從這篇文章中學習了apache關於defaultcharset的設置和優先級的問題。 1.頁面沒有指定charset , Apache配置defaultcharset gbk , 頁面文件編碼是utf-8。 執行結果是頁面亂碼。這個幾乎是確定的,在頁面沒有meta指明charset,而服務器的defaultcharset又沒有被註釋掉,能夠確定頁面是會亂碼的,這個時候服務器的設置生效; 2.頁面指定charset爲utf-8, Apache配置defaultcharset gbk. 頁面文件是utf-8。 執行結果是頁面亂碼。這個就驗證了當服務器的defaultcharset打開時,會忽略掉頁面的編碼設置; 3.PHP header申明charset爲utf8, Apache配置defaultcharst gbk,頁面文件編碼是utf8。 執行結果是頁面正常。這個說明header中指定的信息的優先級要高於服務器及瀏覽器的設置; 4.Apache設置DefaultCharset off。 頁面顯示正常。 當且僅當應答內容是text/plain或text/html時,此指令將會在HTTP應答頭中加入的默認字符集。理論上這將覆蓋在文檔體中經過<meta>標 籤指定的字符集,可是實際的行爲一般取決於用戶瀏覽器的設置。AddDefaultCharset Off 將會禁用此功能。 AddDefaultCharset On 將啓用Apache內部的默認字符集iso-8859-1 。您也能夠指定使用在IANA註冊過的字符集名字 中的另一個charset 。好比說: AddDefaultCharset utf-8 若是服務器和頁面都沒有指定編碼,我想這時編碼是由瀏覽器的默認編碼來肯定的,這時Firefox和IE就會發生區別,固然是指安裝在中文系統裏的瀏覽器,若是系統不一樣我想結果還會有差別。
[root@localhost ~]# httpd -l Compiled in modules: core.c prefork.c http_core.c mod_so.c C:\Apache22\bin>httpd.exe -l Compiled in modules: core.c mod_win32.c mpm_winnt.c http_core.c mod_so.c
僞靜態
針對此版本的Discuz_X3.2_SC_UTF8.zip
URL 靜態化是一個利於搜索引擎的設置,經過 URL 靜態化,達到原來是動態的 PHP 頁面轉換爲靜態化的 HTML 頁面,固然,這裏的靜態化是一種假靜態,目的只是提升搜索引擎的搜索量,Comsenz 旗下的產品 Discuz!、SupeSite/X-Space、ECShop、SupeV、UCHome 等都支持此功能。固然這個功能還須要服務器環境的支持,下面介紹一下如何在 Apache 服務器下配置 URL 靜態化的 Rewrite 規則。
步驟:
用管理員登陸後臺,全局》SEO優化》URL靜態化》勾選-提交-查看當前的 Rewrite 規則
會出現一個頁面,有6部分,複製對應的內容,粘貼到/etc/httpd/conf/httpd.conf中,而後重啓httpd,就可生效。
也就是說若是是Apache Web Server(獨立主機用戶),就複製它下面的內容。若是是其它,就複製其它的內容。
目錄瀏覽
開啓目錄瀏覽
目錄瀏覽功能就是可讓在沒有索引文件的狀態下實現瀏覽當前目錄下的全部文件及目錄,下面咱們一塊兒來看看apache開啓目錄瀏覽功能的方法,但願例子可以幫助到各位。
無論哪一個目錄,若是沒有directoryindex 指令後面的文件名,就是開啓了瀏覽功能,不須要加options indexes指令
根目錄瀏覽
開啓根目錄瀏覽,只須要關閉#Include conf.d/*.conf這行便可,或者註釋掉welcome.conf中的內容(通常選這個),若是根下無index.html或其它索引文件,會默認列出目錄,要禁止的話
加上options -indexes指令,其它的目錄均可以加以保護,參看訪問控制與認證受權
別名目錄瀏覽
定義一個別名,而且在lib64有問題時,能夠重定向到別處
LoadModule autoindex_module modules/mod_autoindex.so LoadModule dir_module modules/mod_dir.so
alias /dist "/lib64"
<Directory "/lib64/">
Options indexes FollowSymLinks
# Options -indexes FollowSymLinks
IndexOptions NameWidth=10 Charset=UTF-8
Redirect permanent /dist/ http://172.16.1.47/tt/
</Directory>
LoadModule autoindex_module modules/mod_autoindex.so
DirectoryIndex index.php default.php index.html index.html.var
per-user web
[Thu Nov 12 09:04:29 2015] [error] [client 192.168.1.88] File does not exist: /var/www/html/~a1
useradd a1
passwd a1
登陸一次
mkdir public_html
echo "a1111111" > public_html/index.html
chmod 711 public_html
在httpd.conf中添加
<IfModule mod_userdir.c>
UserDir public_html
</IfModule>
userdir指令的context是server config和virtual host,不能用在dirctory中,參看文檔的該指令描述
便可,若是還要細化控制,再添加以下
#<Directory /home/*/public_html>
# AllowOverride FileInfo AuthConfig Limit
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
# <Limit GET POST OPTIONS>
# Order allow,deny
# Allow from all
# </Limit>
# <LimitExcept GET POST OPTIONS>
# Order deny,allow
# Deny from all
# </LimitExcept>
#</Directory>
apache -k restart
瀏覽器訪問http://192.168.1.47/~a1測試效果
webdav
[Thu Nov 12 09:10:50 2015] [error] [client 192.168.1.88] (13)Permission denied: access to /webdav denied
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
webdav與per user web同樣,只能在server config 或virtual host中配置,即只能在httpd.conf中配置,不然不生效
在httpd.conf中添加以下
<IfModule mod_dav_fs.c>
# Location of the WebDAV lock database.
DAVLockDB /var/lib/dav/lockdb
</IfModule>
Alias /webdav "/home/a1/"
<Directory "/home/a1/">
Dav On
</Directory>
lockdb路徑能夠任意,成功鏈接以後,會自動建立以下文件
[root@localhost conf.d]# ll /var/lib/dav/
total 4
-rw-r--r-- 1 apache apache 0 Nov 12 10:36 lockdb.dir
-rw-r--r-- 1 apache apache 1024 Nov 12 10:38 lockdb.pag
apache -k restart
在win7計算機中映射網絡驅動器 \\172.16.1.47\webdav 添加成功,而後就能夠上傳網站文件,修改測試很是方便
Authentication is any process by which you verify that someone is who they claim they are. Authorization is any process by which someone is allowed to be where they want to go, or to have information that they want to have.
(For general access control, see the Access Control How-To (p. 208) )
Access control refers to any means of controlling access to any resource.
訪問控制
訪問控制 access control by host
先搞清楚是拒絕優先,仍是容許優先,肯定之後,就能夠設置順序了
只拒絕這個ip,其它容許
order deny,allow
deny from 192.168.1.65
只容許這個網段,其它所有禁止
order allow,deny
allow from 172.16.1.0/25
LoadModule authz_host_module modules/mod_authz_host.so
三個指令
allow
deny
order
訪問控制 access control by environment variable
LoadModule setenvif_module modules/mod_setenvif.so
認證受權 file,dbm,.htaccess
個別目錄須要認證的話,在要保護的目錄下使用.htaccess文件較靈活,但若是多個目錄的話,一次寫入<directory>較方便
先建立密碼文件 [root@localhost conf.d]# htpasswd -c us fgy New password: Re-type new password: Adding password for user fgy 添加新用戶 [root@localhost conf.d]# htpasswd us ken New password: Re-type new password: Adding password for user ken [root@localhost conf.d]# cat us fgy:wOFUYK2pU5Cm6 ken:RjZTIeFiLO6mU 沒有刪除用戶的操做,直接將us裏的相應行刪除便可 基本認證受權的兩種方法 一是在directory中設置 二是在.htaccess文件中設置,將其放入想要保護的目錄中便可
authtype basic/digest 可是並不是全部的瀏覽器都支持摘要認證 require user ken 單用戶或多用戶
require valid-user 全部用戶
在相應的directory中添加以下便可,authname名稱無所謂 authname oo authtype basic authuserfile /etc/httpd/conf.d/us require valid-user
1.將上面的4行放入.htaccess文件中, 2.並在相應的<directory>中只添加allowoverride all這一行 3.重啓apache .htaccess文件又稱爲「分佈式配置文件」,該文件能夠覆蓋httpd.conf文件中的配置,可是它只能設置對目錄的訪問控制和用戶認證。.htaccess文件能夠有多個,每一個.htaccess文件的做用範圍僅限於該文件所存放的目錄以及該目錄下的全部子目錄。雖然.htaccess能實現的功能在<Directory>段中都可以實現,可是由於在.htaccess修改配置後並不須要重啓Apache服務就能生效,因此在一些對停機時間要求較高的系統中可使用。
建立密碼文件
[root@localhost conf.d]# htdbm -c dbm1 fgy1
Enter password :
Re-type password :
Database dbm1 created.
修改用戶密碼
[root@localhost conf.d]# htdbm dbm1 fgy1
Enter password :
Re-type password :
Database dbm1 modified.
添加用戶
[root@localhost conf.d]# htdbm dbm1 fgy2
Enter password :
Re-type password :
Database dbm1 updated.
刪除用戶
[root@localhost conf.d]# htdbm -x dbm1 fgy4
Database dbm1 modified.
列出用戶
[root@localhost conf.d]# htdbm -l dbm1
Dumping records from database -- dbm1
Username Comment
fgy1
Total #records : 1
[root@localhost conf.d]# ll
total 20
-rw-r--r--. 1 root root 0 Nov 11 16:12 dbm1.dir
-rw-r--r--. 1 root root 1024 Nov 11 16:13 dbm1.pag
-rw-r--r--. 1 root root 392 Aug 25 01:53 README
-rw-r--r--. 1 root root 496 Nov 11 16:12 test.conf
-rw-r--r--. 1 root root 36 Nov 11 13:59 us
-rw-r--r--. 1 root root 303 Nov 11 10:34 welcome.conf
[root@localhost conf.d]# apachectl -k restart
[root@localhost conf.d]# vi test.conf
alias /dir "/etc"
<directory "/etc/">
authname "dbmmange"
authtype basic
authbasicprovider dbm
authdbmuserfile /etc/httpd/conf.d/dbm1
require valid-user
</directory>
ldap
LoadModule ldap_module modules/mod_ldap.so LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
性能測試
14:23:55 20 ~:#ab -n 50 localhost/etc
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking localhost (be patient).....done
Server Software: Apache/2.2.15
Server Hostname: localhost
Server Port: 80
Document Path: /etc
Document Length: 201 bytes
Concurrency Level: 1
Time taken for tests: 0.015 seconds
Complete requests: 50
Failed requests: 0
Write errors: 0
Non-2xx responses: 50
Total transferred: 19050 bytes
HTML transferred: 10050 bytes
Requests per second: 3328.67 [#/sec] (mean)
Time per request: 0.300 [ms] (mean)
Time per request: 0.300 [ms] (mean, across all concurrent requests)
Transfer rate: 1238.50 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.0 0 0
Processing: 0 0 0.3 0 2
Waiting: 0 0 0.1 0 1
Total: 0 0 0.3 0 2
Percentage of the requests served within a certain time (ms)
50% 0
66% 0
75% 0
80% 0
90% 0
95% 0
98% 2
99% 2
100% 2 (longest request)
14:26:05 23 ~:#ab -n 500 http://172.16.1.42/
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 172.16.1.42 (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Finished 500 requests
Server Software: nginx/1.4.7
Server Hostname: 172.16.1.42
Server Port: 80
Document Path: /
Document Length: 168 bytes
Concurrency Level: 1
Time taken for tests: 0.153 seconds
Complete requests: 500
Failed requests: 0
Write errors: 0
Non-2xx responses: 500
Total transferred: 158500 bytes
HTML transferred: 84000 bytes
Requests per second: 3259.18 [#/sec] (mean)
Time per request: 0.307 [ms] (mean)
Time per request: 0.307 [ms] (mean, across all concurrent requests)
Transfer rate: 1008.94 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.0 0 1
Processing: 0 0 0.0 0 1
Waiting: 0 0 0.0 0 1
Total: 0 0 0.1 0 1
Percentage of the requests served within a certain time (ms)
50% 0
66% 0
75% 0
80% 0
90% 0
95% 0
98% 1
99% 1
100% 1 (longest request)
日誌記錄
定義了4個暱稱
combined
common
referer
agent
combinedio
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
192.168.2.80 - - [07/Apr/2015:14:34:50 +0800] "GET /docs/ HTTP/1.1" 200 1664 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36"
192.168.2.80 - - [07/Apr/2015:14:34:53 +0800] "GET /docs/html/ HTTP/1.1" 200 17621 "http://192.168.2.84/docs/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36"
192.168.2.80 - - [07/Apr/2015:14:34:55 +0800] "GET /docs/html/manual.css HTTP/1.1" 404 296 "http://192.168.2.84/docs/html/basics.html" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36"
192.168.2.80 - - [07/Apr/2015:14:34:58 +0800] "GET /docs/html/graph_overview.html HTTP/1.1" 200 3693 "http://192.168.2.84/docs/html/basics.html" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36"
192.168.2.80 - - [07/Apr/2015:14:34:58 +0800] "GET /docs/html/manual.css HTTP/1.1" 404 296 "http://192.168.2.84/docs/html/graph_overview.html" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36"
192.168.2.80 - - [07/Apr/2015:14:35:41 +0800] "GET / HTTP/1.1" 200 1468 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36"
1.85.49.230 - - [07/Apr/2015:15:01:14 +0800] "GET / HTTP/1.1" 200 1468 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0"
1.85.49.230 - - [07/Apr/2015:15:01:14 +0800] "GET /cacti/images/auth_login.gif HTTP/1.1" 200 21265 "http://125.76.228.16:2002/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0
192.168.1.88 - fgy1 [26/Nov/2015:08:42:35 +0800] "PROPFIND /webdav/Thumbs.db HTTP/1.1" 404 291 "-" "Microsoft-WebDAV-MiniRedir/6.1.7601" 192.168.1.88 - fgy1 [26/Nov/2015:08:42:37 +0800] "GET /webdav/er.txt HTTP/1.1" 200 5 "-" "Microsoft-WebDAV-MiniRedir/6.1.7601" 192.168.1.88 - fgy1 [26/Nov/2015:08:43:14 +0800] "PROPFIND /webdav HTTP/1.1" 301 311 "-" "Microsoft-WebDAV-MiniRedir/6.1.7601" 192.168.1.88 - - [26/Nov/2015:08:43:14 +0800] "PROPFIND /webdav/ HTTP/1.1" 401 478 "-" "Microsoft-WebDAV-MiniRedir/6.1.7601" 192.168.1.88 - fgy1 [26/Nov/2015:08:43:14 +0800] "PROPFIND /webdav/ HTTP/1.1" 207 842 "-" "Microsoft-WebDAV-MiniRedir/6.1.7601" 該問題獲得解決了,必定得分清楚Apache的幾種標籤:<Directory>,<Files>,<Location>,分別是目錄,文件,網絡空間。若是用了代理就得用<Location>。 個人Apache+Tomcat 集羣,用到了代理模式,最近一直有PROPFIND的大量請求,並且IP不固定,因此想禁掉該類請求方式,故個人配置以下: <Location /> <Limit PROPFIND> Order allow,deny Deny from all </Limit> </Location>
含義精解(服務的中止與重啓)
####發送TERM或者stop信號
Sending the or signal to the parent causes it to immediately attempt to kill off all of its children. It may take it several seconds to complete killing off its children. Then the parent itself exits. Any requests in progress are terminated, and no further requests are served.
kill -TERM `cat /var/run/httpd/httpd.pid`或者apachectl -k stop
####發送HUP或者restart信號
Sending the HUP or restart signal to the parent causes it to kill off its children like in TERM, but the parent doesn't exit. It re-reads its configuration files, and re-opens any log files. Then it spawns a new set of children and continues serving hits.
發送hup或者restart信號給父進程會引發它殺死全部的子進程(就像term信號同樣),但父進程不退出。它重讀配置文件,而且從新打開日誌文件。而後派生一組新的子進程並繼續服務。
09:58:58 49 /var/run/httpd:#cat httpd.pid 14688 09:59:02 50 /var/run/httpd:#ps -ef|grep http root 14688 1 0 09:54 ? 00:00:00 /usr/sbin/httpd -k start apache 14689 14688 0 09:54 ? 00:00:00 /usr/sbin/httpd -k start apache 14690 14688 0 09:54 ? 00:00:00 /usr/sbin/httpd -k start apache 14691 14688 0 09:54 ? 00:00:00 /usr/sbin/httpd -k start apache 14692 14688 0 09:54 ? 00:00:00 /usr/sbin/httpd -k start root 14777 13050 0 09:59 pts/0 00:00:00 grep http 09:59:07 51 /var/run/httpd:#kill -HUP `cat httpd.pid`或者apachectl -k restart
####父進程pid號未變驗證了父進程不退出 09:59:35 52 /var/run/httpd:#ps -ef|grep http root 14688 1 0 09:54 ? 00:00:00 /usr/sbin/httpd -k start apache 14795 14688 0 09:59 ? 00:00:00 /usr/sbin/httpd -k start apache 14796 14688 0 09:59 ? 00:00:00 /usr/sbin/httpd -k start apache 14797 14688 0 09:59 ? 00:00:00 /usr/sbin/httpd -k start apache 14798 14688 0 09:59 ? 00:00:00 /usr/sbin/httpd -k start root 14800 13050 0 09:59 pts/0 00:00:00 grep http 09:59:57 54 /var/run/httpd:#cat httpd.pid 14688
####發送USR1或者graceful信號
The USR1 or graceful signal causes the parent process to advise the children to exit after their current request (or to exit immediately if they're not serving anything).
10:21:43 64 /var/run/httpd:#kill -USR1 `cat httpd.pid`或者apachectl -k graceful
####從日誌中能夠看出是發出什麼信號的
10:22:01 66 /var/run/httpd:#tail -f /var/log/httpd/error_log
[Sun Sep 06 10:12:04 2015] [notice] SIGHUP received. Attempting to restart
[Sun Sep 06 10:12:04 2015] [notice] Digest: generating secret for digest authentication ...
[Sun Sep 06 10:12:04 2015] [notice] Digest: done
[Sun Sep 06 10:12:04 2015] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 configured -- resuming normal operations
[Sun Sep 06 10:21:59 2015] [notice] Graceful restart requested, doing restart
[Sun Sep 06 10:21:59 2015] [notice] Digest: generating secret for digest authentication ...
[Sun Sep 06 10:21:59 2015] [notice] Digest: done
[Sun Sep 06 10:21:59 2015] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 configured -- resuming normal operations
TERMstop
錯誤排障
11:57:05 111 /var/www/html/doc/mrtg2:#service httpd reload
Reloading httpd: [FAILED]
11:57:07 112 /var/www/html/doc/mrtg2:#service httpd status
httpd dead but pid file exists
11:57:15 113 /var/www/html/doc/mrtg2:#rm -rf /var/run/httpd/httpd.pid
11:57:29 114 /var/www/html/doc/mrtg2:#service httpd start
Starting httpd: [FAILED]
11:57:34 115 /var/www/html/doc/mrtg2:#service httpd status
httpd dead but subsys locked
12:00:16 121 /var/www/html/doc/mrtg2:#rm -rf /var/lock/subsys/httpd
12:00:44 122 /var/www/html/doc/mrtg2:#service httpd start
Starting httpd: [ OK ]
查看錯誤日誌解決以上問題
12:08:57 130 /var/www/html/doc/mrtg2:#less /var/log/httpd/error_log
[Fri Apr 24 11:55:24 2015] [notice] SIGHUP received. Attempting to restart
unable to start piped log program '/usr/local/apache/bin/rotatelogs /var/log/access_log 86400': No such file or directory
Unable to open logs
unable to start piped log program '/usr/local/apache/bin/rotatelogs /var/log/access_log 86400': No such file or directory
Unable to open logs
semaphore是一個內部用於與其子進程進行交流的工具," No space left on device: Couldn't create accept lock "的意思是說apache不能再建立新的semaphore進程。 用以下命令查看有多少 semaphore在運行。 #ipcs -s 你將會看到 ------ Semaphore Arrays -------- key semid owner perms nsems 0x00000000 68681743 apache 600 1 0x00000000 68714515 apache 600 1 0x00000000 68747291 apache 600 1 你可運行以下命令來安全的殺死每一個 Semaphore(信號量) #ipcrm -s <semid> <semid>是上面ipcs -s輸出的第二列值。 想要一次性將全部的Semaphore所有殺死,請運行以下命令: for semid in `ipcs -s |awk '{print $2}'`; do ipcrm -s $semid; done 若是不能再建立更多的Semaphores: 有些時候你可能想改變系統容許建立 semaphores的數量。這就須要改變內核參數。 運行如下命令來查看當前參數: #ipcs -l 修改 /etc/sysctl.conf文件,增長以下兩行: kernel.msgmni = 1024 kernel.sem = 250 256000 32 1024 運行命令# sysctl -p 使剛改的參數生效。 (kernel.msgmni 該文件指定消息隊列標識的最大數目,即系統範圍內最大多少個消息隊列。缺省設置 :16) 關於/var/lock/subsys目錄 總的來講,系統關閉的過程(發出關閉信號,調用服務自身的進程)中會檢查/var/lock/subsys下的文件,逐一關閉每一個服務,若是某一運行的服務在/var/lock/subsys下沒有相應的選項。在 系統關閉的時候,會像殺死普通進程同樣殺死這個服務。經過察看/etc/rc.d/init.d下的腳本,能夠發現每一個服務本身操縱時都會去查看/var/lock/subsys下相應的服務。
This is the status code that the server sends back to the client. This information is very valuable, because it reveals whether the request resulted in a successful response (codes beginning in 2), a redirection (codes beginning in 3), an error caused by the client (codes beginning in 4), or an error in the server (codes beginning in 5). The full list of possible status codes can be found in the HTTP specification (RFC2616 section 10).
這是服務器返回給客戶端的狀態代碼。這個信息很是有價值,由於它顯示請求是否以一個成功應答(代碼以2開頭),一個重定向(代碼以3開頭),一個由客戶端引發的錯誤(代碼以4開頭),或者一個服務端的錯誤(代碼以5開頭)爲結果。一份可能的狀態代碼的徹底列表能在HTTP規範中被發現。
Status-Code =
"100" ; Section 10.1.1: Continue
| "101" ; Section 10.1.2: Switching Protocols
| "200" ; Section 10.2.1: OK
| "201" ; Section 10.2.2: Created
| "202" ; Section 10.2.3: Accepted
| "203" ; Section 10.2.4: Non-Authoritative Information
| "204" ; Section 10.2.5: No Content
| "205" ; Section 10.2.6: Reset Content
| "206" ; Section 10.2.7: Partial Content
| "300" ; Section 10.3.1: Multiple Choices
| "301" ; Section 10.3.2: Moved Permanently
| "302" ; Section 10.3.3: Found
| "303" ; Section 10.3.4: See Other
| "304" ; Section 10.3.5: Not Modified
| "305" ; Section 10.3.6: Use Proxy
| "307" ; Section 10.3.8: Temporary Redirect
| "400" ; Section 10.4.1: Bad Request
| "401" ; Section 10.4.2: Unauthorized
| "402" ; Section 10.4.3: Payment Required
| "403" ; Section 10.4.4: Forbidden
| "404" ; Section 10.4.5: Not Found
| "405" ; Section 10.4.6: Method Not Allowed
| "406" ; Section 10.4.7: Not Acceptable
| "407" ; Section 10.4.8: Proxy Authentication Required
| "408" ; Section 10.4.9: Request Time-out
| "409" ; Section 10.4.10: Conflict
| "410" ; Section 10.4.11: Gone
| "411" ; Section 10.4.12: Length Required
| "412" ; Section 10.4.13: Precondition Failed
| "413" ; Section 10.4.14: Request Entity Too Large
| "414" ; Section 10.4.15: Request-URI Too Large
| "415" ; Section 10.4.16: Unsupported Media Type
| "416" ; Section 10.4.17: Requested range not satisfiable
| "417" ; Section 10.4.18: Expectation Failed
| "500" ; Section 10.5.1: Internal Server Error
| "501" ; Section 10.5.2: Not Implemented
| "502" ; Section 10.5.3: Bad Gateway
| "503" ; Section 10.5.4: Service Unavailable
| "504" ; Section 10.5.5: Gateway Time-out
| "505" ; Section 10.5.6: HTTP Version not supported
| extension-code
extension-code = 3DIGIT
Reason-Phrase = *<TEXT, excluding CR, LF>
需求:指定的ip訪問status與info,非法ip在日誌中留有記錄
三步走就能夠用這個地址訪問了server-info與server-status的配置是同樣的 http://172.16.1.44/server-status http://172.16.1.44/server-info 改配置 1.開模塊, 2.去註釋,並容許要容許的主機。順序爲先拒絕後容許,拒絕全部,再容許個別。ExtendedStatus On只是爲了在server-status中顯示更多信息罷了 3.重啓服務器生效 vi httpd.conf 修改三個地方 1.LoadModule status_module modules/mod_status.so 2.ExtendedStatus On 3. <Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from 172.16.1.254 </Location> 4.service httpd reload 看日誌 access_log 192.168.1.90 - - [24/Apr/2015:09:58:12 +0800] "GET /server-info HTTP/1.1" 403 290 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0" error_log [Fri Apr 24 09:58:12 2015] [error] [client 192.168.1.90] client denied by server configuration: /var/www/html/server-info
需求:查看文件列表形式
註釋掉這一行,就能夠看到文件的列表形式 #Include conf.d/*.conf <Directory "/var/www/html"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory>
需求:輪替日誌
CustomLog "|/usr/sbin/rotatelogs /var/log/httpd/access_log 86400" common 上面這個可能不能正常使用,因此用下面的那一條,在httpd.conf中加入下面的一條指令,而後訪問頁面,日誌就會在定義的時間內替換。 CustomLog "||/usr/sbin/rotatelogs /var/log/httpd/access_log 86400" common [root@84-monitor httpd]# vi /etc/httpd/conf/httpd.conf [root@84-monitor httpd]# service httpd reload Starting httpd: [ OK ] 定義時間內沒有訪問,不會輪替。有訪問,86400這個時間一到就輪替。 [root@84-monitor httpd]# ll total 104 -rw-r--r--. 1 root root 1001 Apr 3 17:46 access_log -rw-r--r--. 1 root root 950 Apr 3 18:00 access_log.1428055200 -rw-r--r--. 1 root root 950 Apr 3 18:01 access_log.1428055260 -rw-r--r--. 1 root root 2850 Apr 3 18:02 access_log.1428055320 -rw-r--r--. 1 root root 475 Apr 3 18:03 access_log.1428055380
cgi腳本 bash,perl,python,php,等
cgi腳本時,兩種類型的報錯
[Wed May 06 15:23:29 2015] [error] [client 192.168.1.88] (8)Exec format error: exec of '/var/www/cgi-bin/a' failed
[Wed May 06 15:23:29 2015] [error] [client 192.168.1.88] Premature end of script headers: a
[Wed May 06 15:41:08 2015] [error] [client 192.168.1.88] malformed header from script. Bad header=a.sh: a.sh
LoadModule cgi_module modules/mod_cgi.so
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
確保以上兩條指令開啓
bash腳本
1.修改cgi-bin目錄的權限,而後在此目錄下新建腳本文件 2.內容以下 vi b #! /bin/bash echo Content-type: text/html echo "" ifconfig 注意到上面的輸出的第一行必須是輸出「Content-type: text/html「不然Apache識別不了這個文本頁面的輸出。 3.瀏覽器訪問 http://172.16.1.44/cgi-bin/b
python腳本
16:33:45 141 /var/www/cgi-bin:#vi a
#! /usr/bin/python
print("Content-type: text/html\n")
print(5*5)
#! /usr/bin/python
print("Content-type: text/html\n")
a=['spam','eggs',30,50]
print(a[2])
php腳本
http://www.ietf.org/rfc/rfc3875 cgi/1.1
CGI是一種接口的標準,並不區分編程語言,也就是說,CGI能夠用任何一種語言編寫,只要這種語言具備標準輸入、輸出和環境變量。CGI會將標準輸出重定向到給http的response,返回給瀏覽器。
CGI嚴格的介紹,公共網關接口CGI(Common GatewayInterface) 是WWW技術中最重要的技術之一,有着不可替代的重要地位。CGI是外部應用程序(CGI程序)與Web服務器之間的接口標準,是在CGI程序和Web服務器之間傳遞信息的規程。CGI規範容許Web服務器執行外部程序,並將它們的輸出發送給Web瀏覽器,CGI將Web的一組簡單的靜態超媒體文檔變成一個完整的新的交互式媒體。
CGI的輸出結果須要是HTML形式或瀏覽器能顯示的形式,不然其結果不會在瀏覽器中顯示。 另外在CGI程序的全部輸出前面必須有一個MIME類型的頭,即HTTP頭,對瀏覽器指明所接收內容的類型,大多數狀況下,形如: Content-type: text/html 網絡訪問CGI程序,瀏覽器中可能會發生四種狀況: CGI程序的輸出 太好了!這說明一切正常。 CGI程序的源代碼或者一個"POST Method Not Allowed"消息 這說明Apache沒有被正確配置以執行CGI程序,從新閱讀配置Apache看看遺漏了什麼。 一個以"Forbidden"開頭的消息 這說明有權限問題。參考Apache error log和下面的文件的權限。 一個"Internal Server Error"消息 查閱Apache error log,能夠找到CGI程序產生的出錯消息"Premature end of script headers"。對此,須要檢查下列各項,以找出不能產生正確HTTP頭的緣由。 文件的權限 記住,服務器不是以你的用戶身份運行的,就是說,在服務器啓動後,擁有的是一個非特權用戶的權限-一般是``nobody''或者``www'' -而須要更大的權限以容許文件的執行。一般,給予``nobody''足夠的權限以執行文件的方法是,對文件賦予everyone execute權限: chmod a+x first.pl 另外,若是須要對其餘文件進行讀取或寫入,也必須對這些文件賦予正確的權限。 若是服務器被配置爲使用su exec則是一個例外。這個程序容許CGI程序根據其所在虛擬主機或用戶宿主目錄的不一樣而以不一樣的用戶權限運行。Su exec有極其嚴格的權限校驗,任何校驗失敗都會使CGI程序運行失敗而產生"Internal Server Error"。對此,須要檢查su exec的日誌文件以發現哪一個安全校驗出問題了。 路徑信息 當你在命令行執行一個程序,某些信息會自動傳給shell而無須你操心,好比一個路徑,告訴shell你所引用的文件能夠在哪兒找到。 可是,在CGI程序經過網站服務器執行時,則沒有此路徑,因此,你在CGI程序中引用的任何程序(如sendmail)都必須指定其完整的路徑,使shell能找到它們以執行你的CGI程序。 一種普通的用法是,在CGI程序的第一行中指明解釋器(一般是perl),形如: #!/usr/bin/perl 必須保證它的確指向解釋器。 語法錯誤 多數CGI程序失敗的緣由在於程序自己有問題,尤爲是在已經消除上述兩種錯誤而CGI掛起的狀況下。在用瀏覽器測試之前,先在命令行中執行你的程序,可以發現大多數的問題。 出錯記錄 出錯記錄是你的朋友。任何錯誤都會在出錯記錄中有記載,因此你應該首先查看它。若是你的網站空間提供者不容許訪問出錯記錄,那麼你應該考慮換一個空間提供者。學會閱讀出錯記錄,能夠快速找出問題並快速解決。
相關文章
- 1. Linux 中httpd服務
- 2. Linux之Web服務(2)Httpd服務配置之二
- 3. Linux之Web服務(2)Httpd服務配置之四
- 4. Linux之Web服務(2)Httpd服務配置之一
- 5. Linux之Web服務(2)Httpd服務配置之三
- 6. Linux的httpd服務搭建
- 7. linux下搭建httpd服務
- 8. Linux配置httpd服務
- 9. httpd服務器
- 10. httpd服務
- 更多相關文章...
- • 啓動MySQL服務 - MySQL教程
- • Git 服務器搭建 - Git 教程
- • Spring Cloud 微服務實戰(三) - 服務註冊與發現
- • 互聯網組織的未來:剖析GitHub員工的任性之源
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章