APACHE安裝配置說明

時間 2019-11-17

原文原文鏈接

1、軟件下載

一、apache：http://archive.apache.org/dist/httpd/httpd-2.2.12.tar.gz或者http://apache.etoak.com/httpd/httpd-2.2.13.tar.gzphp

2、環境檢查

# rpm -qa|grep zlib
zlib-devel-1.2.3-3
zlib-1.2.3-3
# rpm -qa|grep ssl
openssl-devel-0.9.8b-10.el5
openssl-0.9.8b-10.el5html

若是須要依賴包，安裝其對應的devel包便可，此處僅用到zlib和ssl。另，若是有httpd包，要先卸載掉或中止其服務。linux

3、編譯安裝

一、針對安裝目的的說明（來自INSTALL文件）

若是是開發者則使用此選項，--with-included-apr利於鏈接apache的代碼或者是調試apache，其消除了因爲版本或者編譯中跟APR或者APR-util代碼產生的不匹配；web

若是從子版本編譯apache，要先運行buildconf（須要Python，GNU autoconf和libtool），而後運行configure。發行包不用。正則表達式

若是要在FreeBSD5.4以前編譯時包含apache的threaded MPM，須要使用--enable-threads和--with-mpm 參數shell

在Mac上編譯子版本，要使用GNU Libtool 1.4.2及以上版本數據庫

二、關於SSL加密和正則表達式（來自文件README）

Apache2.0及以上版本在目錄modules/ssl/下包含了mod_ssl模塊用於配置和監聽ssl網絡接口的鏈接。（另外，一些apr-util版本在目錄srclib/apr-util/ssl/下提供了ssl網絡接口）帶有單詞crypto的包的名字，可能包含openssl加密庫的目標代碼。若是apache的加密功能不理想或者要排除再重分配，則可使用包的名字包含nossl的發佈包。express

Apache使用PCRE包包含的正則表達式。apache

三、對configure參數的說明

配置幫助表：api

-h, --help	顯示幫助信息	display this help and exit
--help=short	用short參數將只顯示正在運行的當前腳本的選項，而不能列出適用於Apache配置腳本所運行的外部配置腳本的選項	display options specific to this package
--help=recursive	使用recursive參數將顯示全部程序包的簡短描述	display the short help of all the included packages
-V, --version	顯示版本	display version information and exit
-q, --quiet, --silent	不顯示checking……信息	do not print`checking...' messages
--cache-file=FILE	在指定文件中存儲測試結果	cache test results in FILE [disabled]
-C, --config-cache	在文件config.cache中存儲測試結果	alias for `--cache file=config.cache'
-n, --no-create	configure腳本運行結束後不輸出結果文件，經常使用於正式編譯前的測試。	do not create output files
--srcdir=DIR	源文件庫所在目錄	find the sources in DIR [configure dir or `..']

安裝目錄：

--prefix=PREFIX	體系無關文件的頂級安裝目錄PREFIX ，也就Apache的安裝目錄	install architecture-independent files in PREFIX [/usr/local/apache2]
--exec-prefix=EPREFIX	體系相關文件的頂級安裝目錄EPREFIX ，把體系相關的文件安裝到不一樣的位置能夠方便地在不一樣主機之間共享體系相關的文件	install architecture-dependent files in EPREFIX [PREFIX]

默認狀況下，make install 將會把全部文件分別安裝到/usr/local/apache2/bin , /usr/local/apache2/lib 目錄下。能夠用 --prefix 指定一個不一樣於/usr/local/apache2的安裝前綴，好比：--prefix=$HOME 。
By default, `make install' will install all the files in
`/usr/local/apache2/bin', `/usr/local/apache2/lib' etc. You can specify
an installation prefix other than `/usr/local/apache2' using `--prefix',
for instance `--prefix=$HOME'.

詳細安裝目錄設置：

默認安裝目錄參考config.layout,其中RHEL的默認目錄設置以下：
    prefix:        /usr
    exec_prefix:   ${prefix}
    bindir:        ${prefix}/bin
    sbindir:       ${prefix}/sbin
    libdir:        ${prefix}/lib
    libexecdir:    ${prefix}/lib/apache
    mandir:        ${prefix}/man
    sysconfdir:    /etc/httpd/conf
    datadir:       /var/www
    installbuilddir: ${datadir}/build
    errordir:      ${datadir}/error
    iconsdir:      ${datadir}/icons
    htdocsdir:     ${datadir}/html
    manualdir:     ${datadir}/manual
    cgidir:        ${datadir}/cgi-bin
    includedir:    ${prefix}/include/apache
    localstatedir: /var
    runtimedir:    ${localstatedir}/run
    logfiledir:    ${localstatedir}/log/httpd
    proxycachedir: ${localstatedir}/cache/httpd

自設定詳細安裝目錄

--bindir=DIR	用戶可執行目錄DIR。用於存放對網站管理員頗有幫助的htpasswd, dbmmanage之類的支持程序	user executables [EPREFIX/bin]
--sbindir=DIR	系統管理員可執行目錄DIR ，用於存放運行HTTP服務器所必須的httpd, apachectl, suexec之類的服務程序	system admin executables [EPREFIX/sbin]
--libexecdir=DIR	程序可執行目錄DIR ，也就是動態加載模塊目錄	program executables [EPREFIX/libexec]
--sysconfdir=DIR	只讀的單一機器數據目錄DIR ，用於存放httpd.conf和mime.types之類的服務器配置文件	read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR	可改寫的體系無關數據目錄DIR	modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR	可改寫的單一機器數據目錄DIR	modifiable single-machine data [PREFIX/var]
--libdir=DIR	對象代碼庫目錄DIR	object code libraries [EPREFIX/lib]
--includedir=DIR	Apache的C頭文件目錄DIR	C header files [PREFIX/include]
--oldincludedir=DIR	非gcc的C頭文件目錄DIR	C header files for non-gcc [/usr/include]
--datarootdir=DIR	Web服務器只讀的體系無關數據根目錄	read-only arch.-independent data root [PREFIX/share]
--datadir=DIR	Web服務器只讀的體系無關數據目錄DIR	read-only architecture-independent data [DATAROOTDIR]
--infodir=DIR	信息文檔目錄DIR	info documentation [DATAROOTDIR/info]
--localedir=DIR	地區相關數據DIR	locale-dependent data [DATAROOTDIR/locale]
--mandir=DIR	手冊文檔目錄DIR	man documentation [DATAROOTDIR/man]
--docdir=DIR	手冊目錄	documentation root [DATAROOTDIR/doc/PACKAGE]
--htmldir=DIR	HTML格式幫助文檔目錄	html documentation [DOCDIR]
--dvidir=DIR	dvi格式幫助文檔目錄	dvi documentation [DOCDIR]
--pdfdir=DIR	pdf格式幫助文檔目錄	pdf documentation [DOCDIR]
--psdir=DIR	ps格式幫助文檔目錄	ps documentation [DOCDIR]

交叉編譯選項：

這些選項用於交叉編譯在其餘平臺上運行的Apache HTTP服務器。在同一平臺上編譯和運行Apache HTTP服務器一般不須要使用這些選項，腳本會自動檢測並設置。

--build=BUILD	指定編譯工具所在系統的系統類型BUILD	configure for building on BUILD [guessed]
--host=HOST	指定Apache HTTP服務器將要進行交叉編譯時運行的目標系統類型HOST	cross-compile to build programs to run on HOST [BUILD]
--target=TARGET	指定交叉編譯所產生的目標代碼類型	configure for building compilers for TARGET [HOST]

特徵選項：

--disable-option-checking	忽略沒法識別的enable或with選項	ignore unrecognized --enable/--with options
--disable-FEATURE	不使用任何軟件特性	do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG]	使用軟件特性	include FEATURE [ARG=yes]
--enable-layout=LAYOUT	預約義的安裝路徑佈局。選項使用config.layout文件中的配置。只使用"--enable-layout", 而不指定LAYOUT, 至關於"--enable-layout=Apache"
--enable-v4-mapped	使用相同的套接字同時處理IPv4和IPv6的鏈接，也就是啓用地址映射。在FreeBSD、NetBSD、OpenBSD之外的平臺上是默認值。	Allow IPv6 sockets to handle IPv4 connections
--enable-exception-hook	容許在子進程崩潰之後啓用一個鉤子來運行異常處理程序。	Enable fatal exception hook
--enable-maintainer-mode	使用全部警告和調試符號編譯源代碼，請勿用於正式服務器，它會影響性能。	Turn on debugging and compile time warnings
--enable-pie	編譯http做爲一個獨立的可執行文件。	Build httpd as a Position Independent Executable
--enable-modules=MODULE-LIST	啓用的模塊，用空格分別列出，或使用all，most列出全部或經常使用的模塊。	Space-separated list of modules to enable \| "all" \| "most"
--enable-mods-shared=MODULE-LIST	啓用的共享DSO模塊，用空格分別列出，或使用all，most列出全部或經常使用的共享DOS模塊。(注1)	Space-separated list of shared modules to enable \| "all" \| "most"
--disable-authn-file	禁用基於文件的驗證控制	file-based authentication control
--enable-authn-dbm	啓用基於DBM的驗證機制	DBM-based authentication control
--enable-authn-anon	啓用匿名的驗證機制	anonymous user authentication control
--enable-authn-dbd	啓用基於SQL的驗證機制	SQL-based authentication control
--disable-authn-default	禁止默認的驗證機制方式backstopper	authentication backstopper
--enable-authn-alias	啓用別名驗證	auth provider alias
--disable-authz-host	禁用基於主機的受權機制	host-based authorization control
--disable-authz-groupfile	禁用組受權機制	'require group' authorization control
--disable-authz-user	禁用用戶受權機制	'require user' authorization control
--enable-authz-dbm	基於DBM數據庫的受權機制	DBM-based authorization control
--enable-authz-owner	基於文件全部者的受權機制	'require file-owner' authorization control
--enable-authnz-ldap	啓用基於LDAP的的受權方式	LDAP based authentication
--disable-authz-default	禁用默認的backstopper受權方式	authorization control backstopper
--disable-auth-basic	禁用基本驗證	basic authentication
--enable-auth-digest	啓用RFC2617摘要式身份驗證	RFC2617 Digest authentication
--enable-isapi	啓用ISAPI擴展支持（注2）	isapi extension support
--enable-file-cache	啓用文件緩存	File cache
--enable-cache	啓用動態文件緩存	dynamic file caching
--enable-disk-cache	啓用磁盤緩存模塊	disk caching module
--enable-mem-cache	啓用內存緩存模塊	memory caching module
--enable-dbd	啓用apache的DBD框架	Apache DBD Framework
--enable-bucketeer	水桶操做過濾器	buckets manipulation filter
--enable-dumpio	I/O轉儲過濾器	I/O dump filter
--enable-echo	啓用回顯服務	ECHO server
--enable-example	實例和演示模塊	example and demo module
--enable-case-filter	啓用大寫轉換過濾器	example uppercase conversion filter
--enable-case-filter-in	啓用大寫轉換輸入過濾器	example uppercase conversion input filter
--enable-ext-filter	擴展過濾模塊	external filter module
--disable-include	禁用服務器端嵌入(SSI)	Server Side Includes
--disable-filter	禁用智能過濾	Smart Filtering
--enable-substitute	答覆的內容重寫式過濾	response content rewrite-like filtering
--disable-charset-lite	禁用字符集轉換	character set translation
--enable-charset-lite	啓用字符集轉換	character set translation
--enable-deflate	壓縮轉換編碼支持	Deflate transfer encoding support
--enable-ldap	啓用LDAP的高速緩存和鏈接池服務	LDAP caching and connection pooling services
--disable-log-config	禁用日誌配置	logging configuration
--enable-log-forensic	啓用forensic日誌記錄	forensic logging
--enable-logio	輸入和輸出記錄	input and output logging
--disable-env	禁用環境變量，清除設置環境變量	clearing/setting of ENV vars
--enable-mime-magic	自動肯定MIME類型	automagically determining MIME type
--enable-cern-meta	啓用CERN類型元文件	CERN-type meta files
--enable-expires	頭部有效期控制	Expires header control
--enable-headers	HTTP頭控制HTTP	header control
--enable-ident	RFC 1413身份檢查	RFC 1413 identity check
--enable-usertrack	用戶session跟蹤	user-session tracking
--enable-unique-id	啓用每一個請求惟一的ID	per-request unique ids
--disable-setenvif	基於頭部的環境變量	basing ENV vars on headers
--disable-version	經過配置文件中決定http版本	determining httpd version in config files
--enable-proxy apache	代理模塊	Apache proxy module
--enable-proxy-connect apache	代理鏈接模塊	Apache proxy CONNECT module
--enable-proxy-ftp	apache代理ftp模塊	Apache proxy FTP module
--enable-proxy-http	apache代理http模塊	Apache proxy HTTP module
--enable-proxy-ajp	apache代理ajp模塊	Apache proxy AJP module
--enable-proxy-balancer	apache代理balancer模塊	Apache proxy BALANCER module
--enable-ssl	啓用ssl支持	SSL/TLS support (mod_ssl)
--enable-distcache	在mod_ssl模塊中啓用Distcache。磁盤緩存(Distcache)用於分佈式的會話緩存。主要用在 SSL/TLS 服務器。它能夠被 Apache 使用。大多數的臺式機應該關閉它。	Select distcache support in mod_ssl
--enable-optional-hook-export	啓用可選鉤子輸出者示例	example optional hook exporter
--enable-optional-hook-import	啓用可選鉤子輸入者示例	example optional hook importer
--enable-optional-fn-import	啓用可選函數輸入者示例	example optional function importer
--enable-optional-fn-export	啓用可選函數輸出者示例	example optional function exporter
--enable-static-support	爲所支持的二進制文件創建一個靜態連接的版本	Build a statically linked version of the support binaries
--enable-static-htpasswd	創建靜態版本的htpasswd	Build a statically linked version of htpasswd
--enable-static-htdigest	創建htdigest的靜態版本	Build a statically linked version of htdigest
--enable-static-rotatelogs	創建rotatelogs的靜態版本	Build a statically linked version of rotatelogs
--enable-static-logresolve	創建logresolve的靜態版本	Build a statically linked version of logresolve
--enable-static-htdbm	創建htdbm的靜態版本	Build a statically linked version of htdbm
--enable-static-ab	創建ab的靜態版本	Build a statically linked version of ab
--enable-static-checkgid	創建checkgid的靜態版本	Build a statically linked version of checkgid
--enable-static-htcacheclean	創建htcacheclean的靜態版本	Build a statically linked version of htcacheclean
--enable-static-httxt2dbm	創建httxt2dbm的靜態版本	Build a statically linked version of httxt2dbm
--enable-http	啓用http協議處理	HTTP protocol handling
--disable-mime	禁用映射文件擴展名到mime類型	mapping of file-extension to MIME
--enable-dav	啓用webdav協議處理	WebDAV protocol handling
--disable-status	禁用進程或線程的監控	process/thread monitoring
--disable-autoindex	禁用目錄列表	directory listing
--disable-asis	禁用as-is文件類型	as-is filetypes
--enable-info	啓用服務器信息	server information
--enable-suexec	啓用suexec，爲產生的進程設置uid和gid	set uid and gid for spawned processes
--disable-cgid	禁用CGID	CGI scripts
--enable-cgi	啓用CGI	CGI scripts
--disable-cgi	禁用CGI	CGI scripts
--enable-cgid	啓用CGID	CGI scripts
--enable-dav-fs	啓用DAV文件系統提供者	DAV provider for the filesystem
--enable-dav-lock	啓用DAV提供者的通常鎖定	DAV provider for generic locking
--enable-vhost-alias	啓用大規模的虛擬主機模塊	mass virtual hosting module
--disable-negotiation	禁用內容協商	content negotiation
--disable-dir	禁用目錄請求處理	directory request handling
--enable-imagemap	啓用服務器端圖片映射圖	server-side imagemaps
--disable-actions	禁用請求上的行爲觸發器	Action triggering on requests
--enable-speling	啓用常見的URL拼寫錯誤糾正	correct common URL misspellings
--disable-userdir	禁用特定用戶目錄的請求的映射	mapping of requests to user-specific directories
--disable-alias	禁用不一樣文件系統部分的請求的映射	mapping of requests to different filesystem parts
--enable-rewrite	基本的URL操縱規則，即啓用URL重寫規則	rule based URL manipulation
--enable-so	啓用DSO性能	DSO capability

注：

一、模塊列表：

基本(B)模塊默認包含，必須明確禁用；擴展(E)/實驗(X)模塊默認不包含，必須明確啓用

模塊名稱	狀態	簡要描述
mod_actions	(B)	基於媒體類型或請求方法，爲執行CGI腳本而提供
mod_alias	(B)	提供從文件系統的不一樣部分到文檔樹的映射和URL重定向
mod_asis	(B)	發送本身包含HTTP頭內容的文件
mod_auth_basic	(B)	使用基本認證
mod_authn_default	(B)	在未正確配置認證模塊的狀況下簡單拒絕一切認證信息
mod_authn_file	(B)	使用純文本文件爲認證提供支持
mod_authz_default	(B)	在未正確配置受權支持模塊的狀況下簡單拒絕一切受權請求
mod_authz_groupfile	(B)	使用純文本文件爲組提供受權支持
mod_authz_host	(B)	供基於主機名、IP地址、請求特徵的訪問控制
mod_authz_user	(B)	基於每一個用戶提供受權支持
mod_autoindex	(B)	自動對目錄中的內容生成列表，相似於"ls"或"dir"命令
mod_cgi	(B)	在非線程型MPM(prefork)上提供對CGI腳本執行的支持
mod_cgid	(B)	在線程型MPM(worker)上用一個外部CGI守護進程執行CGI腳本
mod_dir	(B)	指定目錄索引文件以及爲目錄提供"尾斜槓"重定向
mod_env	(B)	容許Apache修改或清除傳送到CGI腳本和SSI頁面的環境變量
mod_filter	(B)	根據上下文實際狀況對輸出過濾器進行動態配置
mod_imagemap	(B)	處理服務器端圖像映射
mod_include	(B)	實現服務端包含文檔(SSI)處理
mod_isapi	(B)	僅限於在Windows平臺上實現ISAPI擴展
mod_log_config	(B)	容許記錄日誌和定製日誌文件格式
mod_mime	(B)	根據文件擴展名決定應答的行爲(處理器/過濾器)和內容(MIME類型/語言/字符集/編碼)
mod_negotiation	(B)	提供內容協商支持
mod_nw_ssl	(B)	僅限於在NetWare平臺上實現SSL加密支持
mod_setenvif	(B)	根據客戶端請求頭字段設置環境變量
mod_status	(B)	生成描述服務器狀態的Web頁面
mod_userdir	(B)	容許用戶從本身的主目錄中提供頁面(使用"/~username")
mod_auth_digest	(X)	使用MD5摘要認證(更安全，可是隻有最新的瀏覽器才支持)
mod_authn_alias	(E)	基於實際認證支持者建立擴展的認證支持者，併爲它起一個別名以便於引用
mod_authn_anon	(E)	提供匿名用戶認證支持
mod_authn_dbd	(E)	使用SQL數據庫爲認證提供支持
mod_authn_dbm	(E)	使用DBM數據庫爲認證提供支持
mod_authnz_ldap	(E)	容許使用一個LDAP目錄存儲用戶名和密碼數據庫來執行基本認證和受權
mod_authz_dbm	(E)	使用DBM數據庫文件爲組提供受權支持
mod_authz_owner	(E)	基於文件的全部者進行受權
mod_cache	(E)	基於URI鍵的內容動態緩衝(內存或磁盤)
mod_cern_meta	(E)	容許Apache使用CERN httpd元文件，從而能夠在發送文件時對頭進行修改
mod_charset_lite	(X)	容許對頁面進行字符集轉換
mod_dav	(E)	容許Apache提供DAV協議支持
mod_dav_fs	(E)	爲mod_dav訪問服務器上的文件系統提供支持
mod_dav_lock	(E)	爲mod_dav鎖定服務器上的文件提供支持
mod_dbd	(E)	管理SQL數據庫鏈接，爲須要數據庫功能的模塊提供支持
mod_deflate	(E)	壓縮發送給客戶端的內容
mod_disk_cache	(E)	基於磁盤的緩衝管理器
mod_dumpio	(E)	將全部I/O操做轉儲到錯誤日誌中
mod_echo	(X)	一個很簡單的協議演示模塊
mod_example	(X)	一個很簡單的Apache模塊API演示模塊
mod_expires	(E)	容許經過配置文件控制HTTP的"Expires:"和"Cache-Control:"頭內容
mod_ext_filter	(E)	使用外部程序做爲過濾器
mod_file_cache	(X)	提供文件描述符緩存支持，從而提升Apache性能
mod_headers	(E)	容許經過配置文件控制任意的HTTP請求和應答頭信息
mod_ident	(E)	實現RFC1413規定的ident查找
mod_info	(E)	生成Apache配置狀況的Web頁面
mod_ldap	(E)	爲其它LDAP模塊提供LDAP鏈接池和結果緩衝服務
mod_log_forensic	(E)	實現"對比日誌"，即在請求被處理以前和處理完成以後進行兩次記錄
mod_logio	(E)	對每一個請求的輸入/輸出字節數以及HTTP頭進行日誌記錄
mod_mem_cache	(E)	基於內存的緩衝管理器
mod_mime_magic	(E)	經過讀取部分文件內容自動猜想文件的MIME類型
mod_proxy	(E)	提供HTTP/1.1的代理/網關功能支持
mod_proxy_ajp	(E)	mod_proxy的擴展，提供Apache JServ Protocol支持
mod_proxy_balancer	(E)	mod_proxy的擴展，提供負載平衡支持
mod_proxy_connect	(E)	mod_proxy的擴展，提供對處理HTTP CONNECT方法的支持
mod_proxy_ftp	(E)	mod_proxy的FTP支持模塊
mod_proxy_http	(E)	mod_proxy的HTTP支持模塊
mod_rewrite	(E)	一個基於必定規則的實時重寫URL請求的引擎
mod_so	(E)	容許運行時加載DSO模塊
mod_speling	(E)	自動糾正URL中的拼寫錯誤
mod_ssl	(E)	使用安全套接字層(SSL)和傳輸層安全(TLS)協議實現高強度加密傳輸
mod_suexec	(E)	使用與調用web服務器的用戶不一樣的用戶身份來運行CGI和SSI程序
mod_unique_id	(E)	爲每一個請求生成惟一的標識以便跟蹤
mod_usertrack	(E)	使用Session跟蹤用戶(會發送不少Cookie)，以記錄用戶的點擊流
mod_version	(E)	提供基於版本的配置段支持
mod_vhost_alias	(E)	提供大批量虛擬主機的動態配置支持

二、Apache HTTP服務器是一個模塊化的軟件，管理員能夠經過選擇服務器中包含的模塊進行功能增減。模塊能夠在編譯時被靜態包含進httpd二進制文件，也能夠編譯成獨立於httpd二進制文件的動態共享對象(DSO)。DSO模塊能夠與服務器一塊兒編譯，也能夠用Apache擴展工具(apxs)單獨編譯。

三、ISAPI 服務器擴展是能夠被 HTTP 服務器加載和調用的 DLL。Internet 服務器擴展也稱爲 Internet 服務器應用程序 (ISA)，用於加強符合 Internet 服務器 API (ISAPI) 的服務器的功能。ISA 經過瀏覽器應用程序調用，而且將類似的功能提供給通用網關接口 (CGI) 應用程序。

可選包選項:

--with-PACKAGE[=ARG]	包含包的語法	use PACKAGE [ARG=yes]
--without-PACKAGE	不使用該包語法	do not use PACKAGE (same as --with-PACKAGE=no)
--with-included-apr	捆綁拷貝apr/apr-util信息	Use bundled copies of APR/APR-Util
--with-apr=PATH	apr的安裝目錄	prefix for installed APR or the full path to
--with-apr-util=PATH	apu的安裝目錄	prefix for installed APU or the full path to apu-config
--with-pcre=PATH	使用擴展的PCRE正則表達式庫	Use external PCRE library
--with-port=PORT	監聽端口	Port on which to listen (default is 80)
--with-sslport=SSLPORT	ssl的監聽端口	Port on which to securelisten (default is 443)
--with-z=DIR	zlib的庫文件位置	use a specific zlib library
--with-sslc=DIR	RSA SSL-C SSL/TLS軟件包目錄	RSA SSL-C SSL/TLS toolkit
--with-ssl=DIR	openssl包的位置。	OpenSSL SSL/TLS toolkit
--with-mpm=MPM	選擇apache所使用的處理模塊。（注1）	Choose the process model for Apache to use. MPM={beos\|event\|worker\|prefork\|mpmt_os2}
--with-module=module-type:module-file	添加第三方模塊。（注2）	Enable module-file in the modules/<module-type>directory.
--with-program-name	指定可執行程序的名字[默認爲：httpd]，若使用此選項則默認配置文件的名字將同時變成"NAME.conf"。	alternate executable name
--with-suexec-bin	suexec二進制文件目錄[默認--sbindir]	Path to suexec binary
--with-suexec-calle	容許調用suexec的用戶，改用戶必須和運行httpd子進程的用戶相同	User allowed to call SuExec
--with-suexec-userdir	用戶主目錄下容許suexec對其中的文件具備執行權限的子目錄，僅在將suexec和用戶網站目錄(由mod_userdir提供支持)一塊兒使用的狀況下才須要設置此選項[public_html]	User subdirectory
--with-suexec-docroot	容許suexec對其中的文件具備執行權限的根目錄[--datadir/htdocs]	SuExec root directory
--with-suexec-uidmin	容許執行suexec的最小UID[100]	Minimal allowed UID
--with-suexec-gidmin	容許執行suexec的最小GID[100]	Minimal allowed GID
--with-suexec-logfile	suexec日誌文件名[默認文件名爲：suexec_log ，位於--logfiledir目錄下]	Set the logfile
--with-suexec-safepath	對suexec"安全"的PATH環境變量的值[/usr/local/bin:/usr/bin:/bin]	Set the safepath
--with-suexec-umask	suexec進程的umask[取決於系統的設定]	umask for suexec'd process

注：一、MPM是你想要使用的多路處理模塊的名字。若是你不使用這個選項，那麼將會使用對應於各平臺的默認MPM。

二、module-file是模塊的源代碼文件名，該文件必須位於Apahe源代碼目錄樹的"modules/module-type"目錄下，若是configure沒有在那裏找到module-file ，則將它看做一個絕對路徑名並嘗試將其複製到"modules/module-type"目錄中，若是"modules/module-type"目錄不存在，configure將新建一個"modules/module-type"目錄並在其中放置一個標準的Makefile.in文件。這種方法有兩個明顯的缺陷：模塊的源代碼必須是單一文件；模塊只能靜態鏈接進核心，而不能做爲DSO模塊。因此通常並不使用此方法，而是使用apxs(Apache擴展工具)來添加第三方模塊支持。

編譯器選項：

CC	指定的C編譯器	C compiler command
CFLAGS	C編譯器的FLAGS	C compiler flags
LDFLAGS	鏈接器flags，好比使用"-L-Llibdir"指定一個非標準的庫文件目錄libdir	linker flags, e.g. -L<lib dir> if you have libraries in a nonstandard directory <lib dir>
LIBS	設定線程模型	libraries to pass to the linker, e.g. -l<library>
CPPFLAGS	C/C++預處理程序flags，好比使用"-Iincludedir"指定一個非標準的頭文件目錄includedir	C/C++/Objective C preprocessor flags, e.g. -I<include dir> if you have headers in a nonstandard directory <include dir>
CPP	C預處理程序	C preprocessor

四、編譯安裝

./configure --prefix=/usr/local/apache --enable-authn-dbm --enable-authz-dbm --enable-ssl --enable-vhost-alias --enable-rewrite --enable-so --enable-charset-lite --enable-deflate --with-z --with-ssl --with-mpm=prefork

make

make install

4、服務配置

一、配置文件概述

1>Apache的配置文件是包含若干指令的純文本文件。主配置文件一般叫httpd.conf ，其位置是編譯時肯定的，但能夠用命令行參數 -f 來改變。Apache配置文件的每一行包含一個指令，在行尾使用反斜槓"\"能夠表示續行，可是反斜槓與下一行之間不能有任何其餘字符(包括空白字符)。配置文件中的指令是不區分大小寫的，可是指令的參數(argument)一般是大小寫敏感的。以"#"開頭的行被視爲註解並被忽略。註解不能出如今指令的後邊。空白行和指令前的空白字符將被忽略，所以能夠採用縮進以保持配置層次的清晰。主配置文件更改後從新啓動Apache後纔會生效。能夠用 apachectl configtest 或者命令行選項 -t 檢查配置文件中的錯誤，而無須啓動Apache服務器。

2>配置文件中能夠用Include指令和通配符附加許多其餘配置文件。任何配置文件均可以使用任何指令。

3>服務器還會讀取一個包含MIME文件類型的文件，其文件名由TypesConfig指令肯定，默認值是mime.types。

4>Apache是模塊化的服務器，這意味着核心中只包含實現最基本功能的模塊。擴展功能能夠做爲模塊動態加載。默認狀況下，只有base組的模塊被編譯進了服務器。若是服務器在編譯時包含了DSO模塊，那麼各模塊能夠獨立編譯，並可隨時用LoadModule指令加載；不然，要增長或刪除模塊必須從新編譯整個Apache。用於特定模塊的指令能夠用<IfModule>指令包含起來，使之有條件地生效。命令行參數 -l 能夠查看已經編譯到服務器中的模塊。

二、配置文件說明

###################文件說明###################
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
###################配置說明##########################
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/foo_log"
# with ServerRoot set to "/usr/local/apache" will be interpreted by the
# server as "/usr/local/apache/logs/foo_log".
#若是包含的配置文件以根目錄/開始，則使用指出的明確路徑，要是非根目錄開始，則路徑爲：查找路徑=ServerRoot目錄+所寫目錄
##################軟件主目錄################
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to point the LockFile directive
# at a local disk. If you wish to share the same ServerRoot for multiple
# httpd daemons, you will need to change at least LockFile and PidFile.
#
#ServerRoot：服務配置文件，日誌，錯誤日誌等的根目錄，即軟件所在目錄。
#注意不要再目錄後加/，若是目錄非本地磁盤，要先在本地磁盤使用LockFile指令來指明。若是要爲多個httpd程序共享根目錄，須要至少改變LockFile和PidFile。即，要保證apache的進程文件的獨佔性。
ServerRoot "/usr/local/apache"
#################監聽端口和IP############################
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
#apache程序運行的監聽IP地址和端口，即http訪問地址+端口，默認80
Listen 80
#####################要加載的DSO模塊##########################
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#須要動態加載的DSO模塊寫在這裏以使程序啓動時加載。格式如例子所述，靜態編譯的模塊不須要寫在這裏，由httpd -l來加載靜態模塊
# Example:
# LoadModule foo_module modules/mod_foo.so
#

<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
#非NetWare和winnt模式下
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
####################軟件運行用戶設定###################
#若是要更換不一樣的用戶或組來運行apache，你必須先以root運行，而後他將會切換到所設置用戶。跟大多數的系統服務同樣，爲apache單獨創建一個用戶和組來運行它是一個很好的作法。（注意，此項是設置在非NetWare和非win系統下才需配置，不然無需配置）
User daemon
Group daemon

</IfModule>
</IfModule>
######################Apache主配置部分###############
###############概要說明##########
# 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#主站點的配置選項，該選項的配置爲主機配置的默認值，若是定義了虛擬主機，裏面的命令會覆蓋此處的值，不然使用該處配置的值。
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.com
##############服務器聯繫人#############
ServerAdmin you@example.com

##################服務器網站域名指定###############
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#服務器域名指定。這裏通常能夠自動識別，也能夠給出域名和端口以明確指定（虛擬主機多用此選項），若是沒有註冊DNS，可使用IP地址。
#ServerName www.example.com:80

################網站根目錄#############
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#站點根目錄。通常網站請求直接來此處尋找網頁，可是動態連接或別名可能被使用從而指向其餘地點。
DocumentRoot "/usr/local/apache/htdocs"

##################網站目錄全局設置##############
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#apache能訪問的每個目錄均可以配置哪些特性能開啓禁用，特性設置對子目錄有效。默認給出的是一個很是嚴格的特性設置。
# First, we configure the "default" to be a very restrictive set of
# features.
#
#Options指令控制了在特定目錄中將使用哪些服務器特性。其值以下：None All Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#option能夠爲None ，在這種狀況下，將不啓用任何額外特性。或設置爲如下選項中的一個或多個：
#All ：除MultiViews以外的全部特性。這是默認設置。
#ExecCGI：容許使用mod_cgi執行CGI腳本。
#FollowSymLinks：服務器容許在此目錄中使用符號鏈接。注意：即便服務器會使用符號鏈接，但它不會改變用於匹配<Directory>段的路徑名。
#Includes：容許使用mod_include提供的服務器端包含。
#IncludesNOEXEC：容許服務器端包含，但禁用"#exec cmd"和"#exec cgi"。但仍能夠從ScriptAlias目錄使用"#include virtual"虛擬CGI腳本。
#Indexes：若是一個映射到目錄的URL被請求，而此目錄中又沒有DirectoryIndex(例如：index.html)，那麼服務器會返回由mod_autoindex生成的一個格式化後的目錄列表。
#MultiViews：容許使用mod_negotiation提供內容協商的"多重視圖"(MultiViews)。
#SymLinksIfOwnerMatch：服務器僅在符號鏈接與其目的目錄或文件的擁有者具備相同的uid時才使用它。
#通常來講，若是一個目錄被屢次設置了Options ，則最特殊的一個會被徹底接受(其它的被忽略)，而各個可選項的設定彼此並不融合。然而，若是全部做用於Options指令的可選項前都加有"+"或"-"符號，此可選項將被合併。全部前面加有"+"號的可選項將強制覆蓋當前的可選項設置，而全部前面有"-"號的可選項將強制從當前可選項設置中去除。

#AllowOverride指令控制容許存在於.htaccess文件中的指令類型，其值以下：Options FileInfo AuthConfig Limit All None
#當服務器發現一個.htaccess文件(由AccessFileName指定)時，它須要知道在這個文件中聲明的哪些指令能覆蓋在此以前指定的配置指令。AllowOverride僅在不包含正則表達式的<Directory>配置段中才是有效的。在<Location>, <DirectoryMatch>, <Files>配置段中都是無效的。若是此指令被設置爲None ，那麼.htaccess文件將被徹底忽略。事實上，服務器根本不會讀取.htaccess文件。當此指令設置爲 All時，全部具備".htaccess"做用域的指令都容許出如今.htaccess文件中。
#選項：
#AuthConfig：容許使用與認證受權相關的指令(AuthDBMGroupFile, AuthDBMUserFile, AuthGroupFile, AuthName, AuthType, AuthUserFile, Require, 等)。
#FileInfo：容許使用控制文檔類型的指令(DefaultType, ErrorDocument, ForceType, LanguagePriority, SetHandler, SetInputFilter, SetOutputFilter, mod_mime中的 Add* 和 Remove* 指令等等)、控制文檔元數據的指令(Header, RequestHeader, SetEnvIf, SetEnvIfNoCase, BrowserMatch, CookieExpires, CookieDomain, CookieStyle, CookieTracking, CookieName)、mod_rewrite中的指令(RewriteEngine, RewriteOptions, RewriteBase, RewriteCond, RewriteRule)和mod_actions中的Action指令。
#Indexes：容許使用控制目錄索引的指令(AddDescription, AddIcon, AddIconByEncoding, AddIconByType, DefaultIcon, DirectoryIndex, FancyIndexing, HeaderName, IndexIgnore, IndexOptions, ReadmeName, 等)。
#Limit:容許使用控制主機訪問的指令(Allow, Deny, Order)。
#Options[=Option,...]容許使用控制指定目錄功能的指令(Options和XBitHack)。能夠在等號後面附加一個逗號分隔的(無空格的)Options選項列表，用來控制容許Options指令使用哪些選項。

#Order指令：控制是否容許從服務器上獲取東西，即控制默認的訪問狀態與Allow和Deny指令生效的順序
#Allow指令：控制哪些主機可以訪問服務器
#Deny指令：控制哪些主機被禁止訪問服務器
<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>

#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#

################網站主根目錄設置############
# This should be changed to whatever you set DocumentRoot to.
#此處用於更改你將要設置的站點根目錄
<Directory "/usr/local/apache/htdocs">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important. Please see
    # http://httpd.apache.org/docs/2.2/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    AllowOverride None

    #
    # Controls who can get stuff from this server.
    #
    Order allow,deny
    Allow from all

</Directory>

####################網站主頁索引##############
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#在目錄被請求是查找的主文件。即設置網站主頁格式。
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>

###################ht文件等是否被查看設定##############
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#以下配置保護正則表達式中所描述的文件不被web所查看
#Satisfy指令：同時使用Allow和Require時的訪問策略。參數能夠設置爲 All 或 Any 。這個指令僅在某個特定區域的訪問控制同時被用戶名/密碼和客戶端主機地址進行限定的時候起做用。默認行爲(All)採起客戶端首先經過地址訪問限制而且輸入有效的用戶名和密碼的方式。使用可選項 Any 將使客戶端在經過主機限制或是輸入一個有效的用戶名和密碼兩種方式之一獲得訪問權限。這樣，就能夠經過密碼來限制一個區域的訪問，但容許某些特定地址的客戶端訪問時不須要輸入密碼。
<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</FilesMatch>

#################錯誤日誌存儲地點##############
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#錯誤日誌。若是虛擬主機未配置錯誤日誌參數，則都寫着次數，若是虛擬主機配置了此參數，則使用虛擬主機參數所定義的文件。
ErrorLog "logs/error_log"

##################日誌存儲級別（即日誌內容和格式）####################
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#控制記錄到日誌的消息的級別。可選值有debug, info, notice, warn, error, crit, alert, emerg.
LogLevel warn

<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
#下面的指令定義了一些爲用戶指令而使用的別名的格式。Apache配置中，LogFormat可用變量格式字符串描述
#%% 百分號(Apache2.0.44或更高的版本)
#%a 遠端IP地址
#%A 本機IP地址
#%B 除HTTP頭之外傳送的字節數
#%b 以CLF格式顯示的除HTTP頭之外傳送的字節數，也就是當沒有字節傳送時顯示'-'而不是0。
#%{Foobar}C 在請求中傳送給服務端的cookieFoobar的內容。
#%D 服務器處理本請求所用時間，以微爲單位。
#%{FOOBAR}e 環境變量FOOBAR的值
#%f 文件名
#%h 遠端主機
#%H 請求使用的協議
#%{Foobar}i 發送到服務器的請求頭Foobar:的內容。
#%l 遠端登陸名(由identd而來，若是支持的話)，除非IdentityCheck設爲"On"，不然將獲得一個"-"。
#%m 請求的方法
#%{Foobar}n 來自另外一個模塊的註解Foobar的內容。
#%{Foobar}o 應答頭Foobar:的內容。
#%p 服務器服務於該請求的標準端口。
#%P 爲本請求提供服務的子進程的PID。
#%{format}P 服務於該請求的PID或TID(線程ID)，format的取值範圍爲：pid和tid(2.0.46及之後版本)以及hextid(須要APR1.2.0及以上版本)
#%q 查詢字符串(若存在則由一個"?"引導，不然返回空串)
#%r 請求的第一行
#%s 狀態。對於內部重定向的請求，這個狀態指的是原始請求的狀態，---%>s則指的是最後請求的狀態。
#%t 時間，用普通日誌時間格式(標準英語格式)
#%{format}t 時間，用strftime(3)指定的格式表示的時間。(默認狀況下按本地化格式)
#%T 處理完請求所花時間，以秒爲單位。
#%u 遠程用戶名(根據驗證信息而來；若是返回status(%s)爲401，多是假的)
#%U 請求的URL路徑，不包含查詢字符串。
#%v 對該請求提供服務的標準ServerName。
#%V 根據UseCanonicalName指令設定的服務器名稱。
#%X 請求完成時的鏈接狀態：X= 鏈接在應答完成前中斷。
#+= 應答傳送完後繼續保持鏈接。
#-= 應答傳送完後關閉鏈接。

#(在1.3之後的版本中，這個指令是%c，但這樣就和過去的SSL語法：%{var}c衝突了)

#%I 接收的字節數，包括請求頭的數據，而且不能爲零。要使用這個指令你必須啓用mod_logio模塊。
#%O 發送的字節數，包括請求頭的數據，而且不能爲零。要使用這個指令你必須啓用mod_logio模塊。
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      #使用此模塊要加載mod_logio模塊
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    #
    # The location and format of the access logfile (Common Logfile Format).
    # If you do not define any access logfiles within a <VirtualHost>
    # container, they will be logged here. Contrariwise, if you *do*
    # define per-<VirtualHost> access logfiles, transactions will be
    # logged therein and *not* in this file.
    #訪問日誌文件（普通文件格式）的位置。若是虛擬主機內定義了，則使用虛擬主機的定義，不然使用此處的定義
    CustomLog "logs/access_log" common

    #
    # If you prefer a logfile with access, agent, and referer information
    # (Combined Logfile Format) you can use the following directive.
    #若是您喜歡訪問代理日誌文件和referer信息（綜合日誌文件格式），你可使用下面的指令。
    #CustomLog "logs/access_log" combined
</IfModule>
#############################域名重定向設定#####################
<IfModule alias_module>
    #
    # Redirect: Allows you to tell clients about documents that used to
    # exist in your server's namespace, but do not anymore. The client
    # will make a new request for the document at its new location.
    # Example:
    # Redirect permanent /foo http://www.example.com/bar
    #重定向：容許你告訴曾經存在於您的服務器的網站文檔，但不是如今。客戶端會收到那個舊文件所在的新位置。
    #
    # Alias: Maps web paths into filesystem paths and is used to
    # access content that does not live under the DocumentRoot.
    # Example:
    # Alias /webpath /full/filesystem/path
    #映射web路徑到文件系統路徑下，用於訪問那些不在網站根目錄下的文件
    # If you include a trailing / on /webpath then the server will
    # require it to be present in the URL. You will also likely
    # need to provide a <Directory> section to allow access to
    # the filesystem path.
    #若是你使用站點路徑，服務器將請求現存的url路徑，你可能須要提供個<Directory> 部分以容許訪問物理路徑。
    #
    # ScriptAlias: This controls which directories contain server scripts.
    # ScriptAliases are essentially the same as Aliases, except that
    # documents in the target directory are treated as applications and
    # run by the server when requested rather than as documents sent to the
    # client. The same rules about trailing "/" apply to ScriptAlias
    # directives as to Alias.
    #ScriptAlias指令：此控制哪一個目錄包含服務器腳本。
    #ScriptAliases實質上基本與別名相同，除了在目標目錄中的文件當發生請求訪問時被視爲應用程序並在服務器運行，而不是文件被髮送到客戶端。對尾隨一樣的規則「/」適用於在ScriptAlias指令和Alias。
    ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"

</IfModule>
############################CGI守護進程設定####################
<IfModule cgid_module>
    #
    # ScriptSock: On threaded servers, designate the path to the UNIX
    # socket used to communicate with the CGI daemon of mod_cgid.
    #ScriptSock：在線程服務器上，指定的路徑到UNIX接口能夠用來與mod_cgid的CGI守護進程通訊。
    #Scriptsock logs/cgisock
</IfModule>

#
# "/usr/local/apache/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#若是配置了ScriptAliased，要把"/usr/local/apache/cgi-bin"改爲你的ScriptAliased CGI所在的目錄
<Directory "/usr/local/apache/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>

#######################MIME類型設定######################
# DefaultType: the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#默認類型：若是服務器不能從擴展名決定文檔類型，將使用此處定義的默認類型。若是服務器包含了不少文本或html文檔"text/plain" 是一個很好的值。若是你的內容大部分是二進制文件，例如應用程序或鏡像，你可使用"application/octet-stream" 來使瀏覽器顯示爲二進制文件類型。
DefaultType text/plain

<IfModule mime_module>
    #
    # TypesConfig points to the file containing the list of mappings from
    # filename extension to MIME-type.
    #TypesConfig列表指明經過文件擴展名所映射的MIME類型
    TypesConfig conf/mime.types

    #
    # AddType allows you to add to or override the MIME configuration
    # file specified in TypesConfig for specific file types.
    #AddType容許你添加或覆蓋在TypesConfig中所指定的文件類型的MIME類型的配置
    #AddType application/x-gzip .tgz
    #
    # AddEncoding allows you to have certain browsers uncompress
    # information on the fly. Note: Not all browsers support this.
    #AddEncoding容許你使某些瀏覽器在傳輸過程當中解壓信息。注意：不是全部瀏覽器都支持。
    #AddEncoding x-compress .Z
    #AddEncoding x-gzip .gz .tgz
    #
    # If the AddEncoding directives above are commented-out, then you
    # probably should define those extensions to indicate media types:
    #若是如上的AddEncoding指令註釋掉了，你可能應該定義這些擴展媒體類型說明
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

    #
    # AddHandler allows you to map certain file extensions to "handlers":
    # actions unrelated to filetype. These can be either built into the server
    # or added with the Action directive (see below)
    #AddHandler容許某些文件擴展名映射到「handlers」：行爲無關的文件類型。這些能夠是內置到服務器或操做指令增長（見下文）。要使用ScriptAliased目錄之外的CGI腳本的（你還須要添加「ExecCGI」到「Options」指令。）
    # To use CGI scripts outside of ScriptAliased directories:
    # (You will also need to add "ExecCGI" to the "Options" directive.)
    #
    #AddHandler cgi-script .cgi

# For type maps (negotiated resources):爲類型映射（談判源）
#AddHandler type-map var

    #
    # Filters allow you to process content before it is sent to the client.
    #過濾器容許內容被髮送到客戶端前被處理。爲在解析.shtml文件服務器端包含（ssl）文件。（你也須要添加Include到Options指令中）
    # To parse .shtml files for server-side includes (SSI):
    # (You will also need to add "Includes" to the "Options" directive.)
    #
    #AddType text/html .shtml
    #AddOutputFilter INCLUDES .shtml
</IfModule>

#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#mod_mime_magic模塊容許服務器使用從文件自己的內容中各個暗示來決定其類型。MIMEMagicFile指令告訴模塊在哪裏找到暗示定義的位置。
#MIMEMagicFile conf/magic

#########################訪問錯誤重定向######################
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#定製的錯誤響應有三種：1）純文本2）本地重定向3）外部重定向，下面是例子
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#

########################MMAP設定####################
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall is used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
#EnableMMAP和EnableSendfile：在支持它的系統上，內存映射或發送文件系統調用是用來提供文件系統。這一般提供了服務器性能，再在關閉時必須從掛載的文件系統或者所支持該功能的函數中保存，不然可能損壞您的系統。
#EnableMMAP off
#EnableSendfile off
############################其餘導入的配置文件################
# Supplemental configuration
#
# The configuration files in the conf/extra/ directory can be
# included to add extra features or to modify the default configuration of
# the server, or you may simply copy their contents here and change as
# necessary.
#參考配置
#在conf/extra目錄下的配置文件能夠添加特性或者修改服務器上的默認配置，或者你能夠簡單的拷貝內容而後根據須要更改。

# Server-pool management (MPM specific)服務器池管理（MPM）
#Include conf/extra/httpd-mpm.conf

# Multi-language error messages多語言錯誤信息
#Include conf/extra/httpd-multilang-errordoc.conf

# Fancy directory listings目錄列表
#Include conf/extra/httpd-autoindex.conf

# Language settings語言設定
#Include conf/extra/httpd-languages.conf

# User home directories用戶目錄設定
#Include conf/extra/httpd-userdir.conf

# Real-time info on requests and configuration實時信息的要求和配置
#Include conf/extra/httpd-info.conf

# Virtual hosts虛擬主機配置
#Include conf/extra/httpd-vhosts.conf

# Local access to the Apache HTTP Server Manual本地訪問Apache HTTP服務器手冊
#Include conf/extra/httpd-manual.conf

# Distributed authoring and versioning (WebDAV)WebDAV配置
#Include conf/extra/httpd-dav.conf

# Various default settings各類默認設置
#Include conf/extra/httpd-default.conf
#############################SSL設定###############################
# Secure (SSL/TLS) connections加密鏈接設置
#Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#注意：要支持以下功能必須存在在沒有ssl的平臺上（和no /dev/random 等價），而是靜態編譯了mod_ssl。
#僞隨機數生成器（PRNG）播種源
<IfModule ssl_module>
SSLRandomSeed startup builtin使用內建方式啓動
SSLRandomSeed connect builtin使用內建方式鏈接
</IfModule>

三、附加配置文件說明

httpd-autoindex.conf(控制目錄列表顯示)

#
# Directives controlling the display of server-generated directory listings.
#這些指令控制服務器顯示生成的目錄列表，須要mod_autoindex, mod_alias模塊
# Required modules: mod_autoindex, mod_alias
#
# To see the listing of a directory, the Options directive for the
# directory must include "Indexes", and the directory must not contain
# a file matching those listed in the DirectoryIndex directive.
#要查看一個目錄列表，目錄的Options指令必須包括「索引」，而且目錄不能包含一個DirectoryIndex指令列出的文件。

#
# IndexOptions: Controls the appearance of server-generated directory
# listings.
#IndexOptions控制服務器目錄列表的生成
IndexOptions FancyIndexing HTMLTable VersionSort

# We include the /icons/ alias for FancyIndexed directory listings. If
# you do not use FancyIndexing, you may comment this out.
#經過使用爲/icons/爲目錄列表作別名。若是不使用FancyIndexing，則註釋掉此項。
Alias /icons/ "/usr/local/apache/icons/"

<Directory "/usr/local/apache/icons">
    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

#
# AddIcon* directives tell the server which icon to show for different
# files or filename extensions. These are only displayed for
# FancyIndexed directories.
#AddIcon *指令告訴服務器顯示不一樣的文件或文件擴展名的圖標。這只是爲顯示FancyIndexed指令
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*

AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core

AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^

#
# DefaultIcon is which icon to show for files which do not have an icon
# explicitly set.
#設置默認的（即不識別的擴展名）圖標。
DefaultIcon /icons/unknown.gif

#
# AddDescription allows you to place a short description after a file in
# server-generated indexes. These are only displayed for FancyIndexed
# directories.
# Format: AddDescription "description" filename
#AddDescription容許您爲服務器上在文件中生成的索引建立一個簡短的說明。這只是顯示爲FancyIndexed指令。格式：AddDescription「說明」文件類型
#AddDescription "GZIP compressed document" .gz
#AddDescription "tar archive" .tar
#AddDescription "GZIP compressed tar archive" .tgz

#
# ReadmeName is the name of the README file the server will look for by
# default, and append to directory listings.
#
# HeaderName is the name of a file which should be prepended to
# directory indexes.
#ReadmeName是README文件的名稱，服務器默認狀況下將尋找並追加到目錄列表。HeaderName是應追加到目錄列表的文件名
ReadmeName README.html
HeaderName HEADER.html

#
# IndexIgnore is a set of filenames which directory indexing should ignore
# and not include in the listing. Shell-style wildcarding is permitted.
#IndexIgnore要忽略的文件。容許使用shell的通配符
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t

httpd-vhosts.conf（虛擬主機配置）

#
# Virtual Hosts
#
# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#若是要保留多個域名/主機在你的服務器上，你能夠爲它們設置虛擬主機。大部分的配置使用基於域名的虛擬主機，因此不須要擔憂IP地址問題，這一點能夠在下面經過星號來表示。
# Please see the documentation at
# <URL:http://httpd.apache.org/docs/2.2/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.
#你可使用-S指令來驗證你的虛擬主機文件配置。

#
# Use name-based virtual hosting.
#
NameVirtualHost *:80

#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#虛擬主機示例：大部分的Apache指令能夠放在虛擬主機容器中。第一個就是個模板。
<VirtualHost *:80>
    ServerAdmin webmaster@dummy-host.example.com
    DocumentRoot "/usr/local/apache/docs/dummy-host.example.com"
    ServerName dummy-host.example.com
    ServerAlias www.dummy-host.example.com
    ErrorLog "logs/dummy-host.example.com-error_log"
    CustomLog "logs/dummy-host.example.com-access_log" common
</VirtualHost>

<VirtualHost *:80>
    ServerAdmin webmaster@dummy-host2.example.com
    DocumentRoot "/usr/local/apache/docs/dummy-host2.example.com"
    ServerName dummy-host2.example.com
    ErrorLog "logs/dummy-host2.example.com-error_log"
    CustomLog "logs/dummy-host2.example.com-access_log" common
</VirtualHost>

httpd-userdir.conf（用戶主目錄做爲網站）

# Settings for user home directories
#
# Required module: mod_userdir

#用戶主目錄設置：目錄名是當一個請求到達時追加到用戶的家目錄。注意你必須爲這些目錄設置默認的訪問控制
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received. Note that you must also set
# the default access control for these directories, as in the example below.
#
UserDir public_html

#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#用戶目錄的控制訪問。下面是個例子
<Directory "/home/*/public_html">
    AllowOverride FileInfo AuthConfig Limit Indexes
    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    <Limit GET POST OPTIONS>
        Order allow,deny
        Allow from all
    </Limit>
    <LimitExcept GET POST OPTIONS>
        Order deny,allow
        Deny from all
    </LimitExcept>
</Directory>
#參考http://www.phpchina.com/manual/apache/mod/mod_userdir.html

httpd-manual.conf（服務器文件訪問）

#在服務器上提供文件訪問
# Provide access to the documentation on your server as
# http://yourserver.example.com/manual/
# The documentation is always available at
# http://httpd.apache.org/docs/2.2/
#
# Required modules: mod_alias, mod_setenvif, mod_negotiation
#

AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br|ru|tr))?(/.*)?$ "/usr/local/apache/manual$1"

<Directory "/usr/local/apache/manual">
    Options Indexes
    AllowOverride None
    Order allow,deny
    Allow from all

    <Files *.html>
        SetHandler type-map
    </Files>
    # .tr is text/troff in mime.types!
    <Files *.html.tr.utf8>
        ForceType text/html
    </Files>

SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|pt-br|ru|tr)/ prefer-language=$1
RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|pt-br|ru|tr)){2,}(/.*)?$ /manual/$1$2

    LanguagePriority en de es fr ja ko pt-br ru tr
    #可用語言類型
    ForceLanguagePriority Prefer Fallback
    #首先從上面取一個可用的語言類型，若找不到，則機器試圖使用最接近的語言
</Directory>

httpd-dav.conf（DAV配置）

#
# Distributed authoring and versioning (WebDAV)
#
# Required modules: mod_dav, mod_dav_fs, mod_setenvif, mod_alias
# mod_auth_digest, mod_authn_file
#

# The following example gives DAV write access to a directory called
# "uploads" under the ServerRoot directory.
# 下面的例子給出了使用DAV在根目錄下上傳文件的例子。在httpd.conf中指定的用戶或組須要對DavLockDB中的目錄有寫權限，而且在任何目錄中，要指定Dav On
# The User/Group specified in httpd.conf needs to have write permissions
# on the directory where the DavLockDB is placed and on any directory where
# "Dav On" is specified.

DavLockDB "/usr/local/apache/var/DavLock"

Alias /uploads "/usr/local/apache/uploads"

<Directory "/usr/local/apache/uploads">
Dav On

Order Allow,Deny
Allow from all

AuthType Digest
AuthName DAV-upload

    # You can use the htdigest program to create the password database:
    #   htdigest -c "/usr/local/apache/user.passwd" DAV-upload admin
    #你可使用htdigest程序建立個密碼數據庫。
    AuthUserFile "/usr/local/apache/user.passwd"
    AuthDigestProvider file

    # Allow universal read-access, but writes are restricted
    # to the admin user.
    #容許廣泛讀訪問，但僅限於寫的管理員用戶
    <LimitExcept GET OPTIONS>
        require user admin
    </LimitExcept>
</Directory>

#
# The following directives disable redirects on non-GET requests for
# a directory that does not include the trailing slash. This fixes a
# problem with several clients that do not appropriately handle
# redirects for folders with DAV methods.
#下面的指令禁用了在對不包括尾部有斜線的目錄非get請求的重定向。這些修正了一些客戶端不能對DAV方法的文件夾妥善處理重定向。
#
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully

httpd-info.conf（服務器信息報告）

#
# Get information about the requests being processed by the server
# and the configuration of the server.
# 獲取服務器當前處理的請求和服務器配置的信息
# Required modules: mod_status (for the server-status handler),
# mod_info (for the server-info handler)

#容許使用網址http://servername/server-status經過mod_status生成服務器狀態報告。
# Allow server status reports generated by mod_status,
# with the URL of http://servername/server-status
# Change the ".example.com" to match your domain to enable.

<Location /server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from .example.com
</Location>

#
# ExtendedStatus controls whether Apache will generate "full" status
# information (ExtendedStatus On) or just basic information (ExtendedStatus
# Off) when the "server-status" handler is called. The default is Off.
#ExtendedStatus控制apache是否容許生成所有的狀態信息。on生成全部信息，off是基本信息，默認off。
#ExtendedStatus On

#容許經過網址 http://servername/server-info顯示遠程服務器配置報告
# Allow remote server configuration reports, with the URL of
#  http://servername/server-info (requires that mod_info.c be loaded).
# Change the ".example.com" to match your domain to enable.
#
<Location /server-info>
    SetHandler server-info
    Order deny,allow
    Deny from all
    Allow from .example.com
</Location>

httpd-default.conf（http默認參數）

#
# This configuration file reflects default settings for Apache HTTP Server.
#
# You may change these, but chances are that you may not need to.
#這個配置文件反應的是apache的默認配置，可是通常可能用不到

#
# Timeout: The number of seconds before receives and sends time out.
#在收到和發送前的超時時間
Timeout 300

#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#是否容許持續鏈接。off不容許。
KeepAlive On

#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#容許在一個持續鏈接中最大的請求數量。0不限制。爲了性能，不建議設置的數值過高。
MaxKeepAliveRequests 100

#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#等待來自同一個鏈接的同一個客戶端的下一個請求的秒數
KeepAliveTimeout 5

#
# UseCanonicalName: Determines how Apache constructs self-referencing
# URLs and the SERVER_NAME and SERVER_PORT variables.
# When set "Off", Apache will use the Hostname and Port supplied
# by the client. When set "On", Apache will use the value of the
# ServerName directive.
#UseCanonicalName指令：決定Apache如何構造自引用的URL和SERVER_NAME和SERVER_PORT變量。當設置爲「關閉」，Apache會使用由客戶提供的主機名和端口。當設置爲「On」，Apache會使用ServerName指令的值。
UseCanonicalName Off

#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#須要在目錄中額外配置指令的文件。
AccessFileName .htaccess

#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#能夠選擇性的添加一行包含服務器版本和虛擬主機名的生成頁面（包含內部錯誤文檔，ftp目錄列表，mod_status和mod_info輸出等，可是不包括CGI生成文檔或者用戶錯誤文檔）。Email選項會發送郵件給服務器管理員。
ServerSignature On

#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#記錄客戶端的域名（on）或者他們的IP地址（off）。默認是off由於記錄域名須要請求DNS。
HostnameLookups Off

httpd-languages.conf（語言類型設定）

#爲主機設置不一樣語言
# Settings for hosting different languages.
#
# Required modules: mod_mime, mod_negotiation

# DefaultLanguage and AddLanguage allows you to specify the language of
# a document. You can then use content negotiation to give a browser a
# file in a language the user can understand.
#DefaultLanguage 和 AddLanguage運行你指定文檔的語言。你能夠而後使用這些內容來給與瀏覽文件時協商一個合適語言。
# Specify a default language. This means that all data
# going out without a specific language tag (see below) will
# be marked with this one. You probably do NOT want to set
# this unless you are sure it is correct for all cases.
#指定一個默認的語言。這意味着全部沒有指定語言標識的出去的數據將使用此語言。你可能不但願設置這個除非你肯定它在全部狀況下是正確的。
# * It is generally better to not mark a page as
# * being a certain language than marking it with the wrong
# * language!
#一般不對頁面設置語言總比設置一個錯誤的語言要好的多。
# DefaultLanguage nl
#
# Note 1: The suffix does not have to be the same as the language
# keyword --- those with documents in Polish (whose net-standard
# language code is pl) may wish to use "AddLanguage pl .po" to
# avoid the ambiguity with the common suffix for perl scripts.
#後綴與語言標誌不一樣的可能須要使用AddLanguage來避免與perl腳本的普通後綴含糊
# Note 2: The example entries below illustrate that in some cases
# the two character 'Language' abbreviation is not identical to
# the two character 'Country' code for its country,
# E.g. 'Danmark/dk' versus 'Danish/da'.
#下面的例子說明了在某些狀況下雙字符語言縮寫與其對應的國家的雙字符不匹配的狀況。
# Note 3: In the case of 'ltz' we violate the RFC by using a three char
# specifier. There is 'work in progress' to fix this and get
# the reference data for rfc1766 cleaned up.
#在某些狀況下，咱們違背RFC而使用了三個字符。'work in progress'來規定這些而且獲得這些參考數據在rfc1766清理。
# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
# Norwegian (no) - Polish (pl) - Portugese (pt)
# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
# Turkish (tr) - Simplified Chinese (zh-CN) - Spanish (es)
# Traditional Chinese (zh-TW)
#
AddLanguage ca .ca
AddLanguage cs .cz .cs
AddLanguage da .dk
AddLanguage de .de
AddLanguage el .el
AddLanguage en .en
AddLanguage eo .eo
AddLanguage es .es
AddLanguage et .et
AddLanguage fr .fr
AddLanguage he .he
AddLanguage hr .hr
AddLanguage it .it
AddLanguage ja .ja
AddLanguage ko .ko
AddLanguage ltz .ltz
AddLanguage nl .nl
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddLanguage pt .pt
AddLanguage pt-BR .pt-br
AddLanguage ru .ru
AddLanguage sv .sv
AddLanguage tr .tr
AddLanguage zh-CN .zh-cn
AddLanguage zh-TW .zh-tw

# LanguagePriority allows you to give precedence to some languages
# in case of a tie during content negotiation.
#LanguagePriority容許你在試圖內容協商時提供一些優先的語言。列出的語言次序依次遞減。默認的按字母排序，或許能夠根據須要更改。
# Just list the languages in decreasing order of preference. We have
# more or less alphabetized them here. You probably want to change this.
#
LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW

#
# ForceLanguagePriority allows you to serve a result page rather than
# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
# [in case no accepted languages matched the available variants]
#首先取一個可用的語言類型，若找不到，則機器試圖使用最接近的語言
ForceLanguagePriority Prefer Fallback

#
# Commonly used filename extensions to character sets. You probably
# want to avoid clashes with the language extensions, unless you
# are good at carefully testing your setup after each change.
# See http://www.iana.org/assignments/character-sets for the
# official list of charset names and their respective RFCs.
#一般狀況下使用文件擴展名來判斷字符設置。你可能想避免與語言擴展名產生衝突，除非你在每次改變後很仔細的測試了。能夠經過網址http://www.iana.org/assignments/character-sets查看官方的字符名和對應的RFC。
AddCharset us-ascii.ascii .us-ascii
AddCharset ISO-8859-1 .iso8859-1 .latin1
AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
AddCharset ISO-8859-3 .iso8859-3 .latin3
AddCharset ISO-8859-4 .iso8859-4 .latin4
AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru
AddCharset ISO-8859-6 .iso8859-6 .arb .arabic
AddCharset ISO-8859-7 .iso8859-7 .grk .greek
AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew
AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk
AddCharset ISO-8859-10 .iso8859-10 .latin6
AddCharset ISO-8859-13 .iso8859-13
AddCharset ISO-8859-14 .iso8859-14 .latin8
AddCharset ISO-8859-15 .iso8859-15 .latin9
AddCharset ISO-8859-16 .iso8859-16 .latin10
AddCharset ISO-2022-JP .iso2022-jp .jis
AddCharset ISO-2022-KR .iso2022-kr .kis
AddCharset ISO-2022-CN .iso2022-cn .cis
AddCharset Big5.Big5   .big5 .b5
AddCharset cn-Big5 .cn-big5
# For russian, more than one charset is used (depends on client, mostly):
AddCharset WINDOWS-1251 .cp-1251   .win-1251
AddCharset CP866   .cp866
AddCharset KOI8 .koi8
AddCharset KOI8-E .koi8-e
AddCharset KOI8-r .koi8-r .koi8-ru
AddCharset KOI8-U .koi8-u
AddCharset KOI8-ru .koi8-uk .ua
AddCharset ISO-10646-UCS-2 .ucs2
AddCharset ISO-10646-UCS-4 .ucs4
AddCharset UTF-7   .utf7
AddCharset UTF-8   .utf8
AddCharset UTF-16 .utf16
AddCharset UTF-16BE .utf16be
AddCharset UTF-16LE .utf16le
AddCharset UTF-32 .utf32
AddCharset UTF-32BE .utf32be
AddCharset UTF-32LE .utf32le
AddCharset euc-cn .euc-cn
AddCharset euc-gb .euc-gb
AddCharset euc-jp .euc-jp
AddCharset euc-kr .euc-kr
#Not sure how euc-tw got in - IANA doesn't list it???
AddCharset EUC-TW .euc-tw
AddCharset gb2312 .gb2312 .gb
AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2
AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4
AddCharset shift_jis   .shift_jis .sjis

httpd-multilang-errordoc.conf（多語言錯誤文檔設定）

#下面的配置經過內容協商實現了多語言錯誤文檔
# The configuration below implements multi-language error documents through
# content-negotiation.
#
# Required modules: mod_alias, mod_include, mod_negotiation
#
# We use Alias to redirect any /error/HTTP_<error>.html.var response to
# our collection of by-error message multi-language collections. We use
# includes to substitute the appropriate text.
#咱們使用Alias來重定向任何錯誤頁面來反映到咱們經過錯誤信息收集的多語言的結果集。咱們使用包括適當的文本。你能夠經過使用Alias /error/include/ "/your/include/path/"來修改錯誤錯誤信息的外觀而不用修改任何錯誤頁面。
# You can modify the messages' appearance without changing any of the
# default HTTP_<error>.html.var files by adding the line:
#
# Alias /error/include/ "/your/include/path/"
#包括在任何虛擬主機上，你能夠經過以/usr/local/apache/error/include/開始的文件而且拷貝他們到你的/your/include/path/目錄來建立你本身的文件設置。默認包含的文件將顯示你的apache的版本號和你的管理員郵件地址而與ServerSignature無關。
# which allows you to create your own set of files by starting with the
# /usr/local/apache/error/include/ files and copying them to /your/include/path/,
# even on a per-VirtualHost basis. The default include files will display
# your Apache version number and your ServerAdmin email address regardless
# of the setting of ServerSignature.

Alias /error/ "/usr/local/apache/error/"

<Directory "/usr/local/apache/error">
    AllowOverride None
    Options IncludesNoExec
    AddOutputFilter Includes html
    AddHandler type-map var
    Order allow,deny
    Allow from all
    LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr
    ForceLanguagePriority Prefer Fallback
</Directory>

ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
ErrorDocument 410 /error/HTTP_GONE.html.var
ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var

httpd-mpm.conf（mpm管理）

#服務池管理
# Server-Pool Management (MPM specific)
#

#服務進程的pid號所存儲的文件。
# PidFile: The file in which the server should record its process
# identification number when it starts.
#
# Note that this is the default PidFile for most MPMs.
#
<IfModule !mpm_netware_module>
PidFile "logs/httpd.pid"
</IfModule>

#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#設置須要串行訪問的文件鎖。它必須存儲在本地。
<IfModule !mpm_winnt_module>
<IfModule !mpm_netware_module>
LockFile "logs/accept.lock"
</IfModule>
</IfModule>

#
# Only one of the below sections will be relevant on your
# installed httpd. Use "apachectl -l" to find out the
# active mpm.
#在下面的章節中，只有一個跟你安裝apache時是有關的。使用apachectl -l能夠查看活動mpm。
#各種型MPM參數設定。
# prefork MPM
# StartServers: number of server processes to start服務進程啓動數量
# MinSpareServers: minimum number of server processes which are kept spare保持備用的服務進程的最少數量
# MaxSpareServers: maximum number of server processes which are kept spare保持備用的服務進程的最大數量
# MaxClients: maximum number of server processes allowed to start容許啓動的服務進程數量
# MaxRequestsPerChild: maximum number of requests a server process serves一個服務進程服務的最大請求數
<IfModule mpm_prefork_module>
    StartServers          5
    MinSpareServers       5
    MaxSpareServers      10
    MaxClients          150
    MaxRequestsPerChild   0
</IfModule>

# worker MPM
# StartServers: initial number of server processes to start最初服務啓動時建立的服務進程數
# MaxClients: maximum number of simultaneous client connections客戶端併發鏈接的最大數量
# MinSpareThreads: minimum number of worker threads which are kept spare存放備用的線程最小值
# MaxSpareThreads: maximum number of worker threads which are kept spare存放備用的線程最大值
# ThreadsPerChild: constant number of worker threads in each server process每一個服務進程的工做線程的常量值
# MaxRequestsPerChild: maximum number of requests a server process serves一個服務進程服務的最大請求數
<IfModule mpm_worker_module>
    StartServers          2
    MaxClients          150
    MinSpareThreads      25
    MaxSpareThreads      75
    ThreadsPerChild      25
    MaxRequestsPerChild   0
</IfModule>

# BeOS MPM
# StartThreads: how many threads do we initially spawn?最初生成的線程數。
# MaxClients:   max number of threads we can have (1 thread == 1 client)咱們所擁有的最大線程數
# MaxRequestsPerThread: maximum number of requests each thread will process每一個線程所處理的最大請求數
<IfModule mpm_beos_module>
    StartThreads            10
    MaxClients              50
    MaxRequestsPerThread 10000
</IfModule>

# NetWare MPM
# ThreadStackSize: Stack size allocated for each worker thread分配給每一個工做線程的堆棧大小
# StartThreads: Number of worker threads launched at server startup在服務啓動時推出的線程數量
# MinSpareThreads: Minimum number of idle threads, to handle request spikes最小空閒線程數，此項用來處理請求尖峯的
# MaxSpareThreads: Maximum number of idle threads最大線程數
# MaxThreads: Maximum number of worker threads alive at the same time同一時間存活的最大線程數目
# MaxRequestsPerChild: Maximum number of requests a thread serves. It is
#                      recommended that the default value of 0 be set for this
#                      directive on NetWare. This will allow the thread to
#                      continue to service requests indefinitely.
#請求線程服務的最大數量。在NetWare上一般設置爲0。這將容許線程服務請求繼續下去，無限期。
<IfModule mpm_netware_module>
    ThreadStackSize      65536
    StartThreads           250
    MinSpareThreads         25
    MaxSpareThreads        250
    MaxThreads            1000
    MaxRequestsPerChild      0
    MaxMemFree             100
</IfModule>

# OS/2 MPM
# StartServers: Number of server processes to maintain服務進程保持的數量
# MinSpareThreads: Minimum number of idle threads per process,
#                  to handle request spikes最小空閒線程數，此項用來處理請求尖峯的
# MaxSpareThreads: Maximum number of idle threads per process最大空閒線程數
# MaxRequestsPerChild: Maximum number of connections per server process每一個服務處理的最大鏈接數
<IfModule mpm_mpmt_os2_module>
    StartServers           2
    MinSpareThreads        5
    MaxSpareThreads       10
    MaxRequestsPerChild    0
</IfModule>

# WinNT MPM
# ThreadsPerChild: constant number of worker threads in the server process在服務進程中工做線程的常數值
# MaxRequestsPerChild: maximum number of requests a server process serves服務進程所服務的最大請求數目
<IfModule mpm_winnt_module>
ThreadsPerChild 150
MaxRequestsPerChild 0
</IfModule>

httpd-ssl.conf（SSL配置文件）

#SSL配置文件
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about these
# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html>
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#

#
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the SSL library.
# The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
#僞隨機數生成器（PRNG）：配置一個或多個來源來產生SSL庫的PRNG。種子數據應具有良好的隨機質量。警告！在某些平臺/dev/random 塊，若是沒有足夠的熵可用。那麼這意味着你不能使用/dev/random 設備，由於這會致使很長的鏈接時間（持續它須要進行更多熵可用）。但一般這些平臺提供額外/ dev / urandom設備裝置不會阻止塊。因此，若是有的話，使用此代替。閱讀更多細節mod_ssl的用戶手冊。
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512

#SSL監聽端口。注意IPv6須要監聽須要設定下面的兩個指令。
# When we also provide SSL we have to listen to the
# standard HTTP port (see above) and to the HTTPS port
#
# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
#
Listen 443

##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##下面的配置在主服務和虛擬主機中均生效。

#
# Some MIME-types for downloading Certificates and CRLs
#證書和CRLs的MIME類型設定。
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

#   Pass Phrase Dialog:
#   Configure the pass phrase gathering process.
#   The filtering dialog program (`builtin' is a internal
#   terminal dialog) has to provide the pass phrase on stdout.
#密碼對話框：配置密碼對話框的輸入程序。篩選對話框程序必須在標準輸出上提供密碼短語。builtin是內建的終端對話框
SSLPassPhraseDialog builtin

#   Inter-Process Session Cache:
#   Configure the SSL Session Cache: First the mechanism
#   to use and second the expiring timeout (in seconds).
#進程間的會話緩存：一是會話緩存機制，而是超時時間。
#SSLSessionCache         "dbm:/usr/local/apache/logs/ssl_scache"
SSLSessionCache        "shmcb:/usr/local/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300

#   Semaphore:
#   Configure the path to the mutual exclusion semaphore the
#   SSL engine uses internally for inter-process synchronization.
#配置內部進程同步所使用的SSL引擎互斥信號的路徑
SSLMutex "file:/usr/local/apache/logs/ssl_mutex"

##
## SSL Virtual Host Context
##SSL虛擬主機配置內容

# General setup for the virtual host
DocumentRoot "/usr/local/apache/htdocs"
ServerName www.example.com:443
ServerAdmin you@example.com
ErrorLog "/usr/local/apache/logs/error_log"
TransferLog "/usr/local/apache/logs/access_log"

# SSL Engine Switch:SSL是否啓用
# Enable/Disable SSL for this virtual host.
SSLEngine on

#   SSL Cipher Suite:列出運行客戶端協商的密碼。
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

#   Server Certificate:在一個PEM編碼的證書中指出SSL證書文件。若是證書被加密，那麼須要你須要被提示密碼短語。
注意殺掉-HUP後將再次提示。記得若是同時用RSA和DSA證書，你要在並行配置兩個（也容許使用DSA密碼等）
#   Point SSLCertificateFile at a PEM encoded certificate. If
#   the certificate is encrypted, then you will be prompted for a
#   pass phrase. Note that a kill -HUP will prompt again. Keep
#   in mind that if you have both an RSA and a DSA certificate you
#   can configure both in parallel (to also allow the use of DSA
#   ciphers, etc.)
SSLCertificateFile "/usr/local/apache/conf/server.crt"
#SSLCertificateFile "/usr/local/apache/conf/server-dsa.crt"

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file. Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
#服務器私鑰。若是key不能和證書結合，使用下面指令指定一個key文件。記得若是同時用RSA和DSA證書，你要在並行配置兩個（也容許使用DSA密碼等）
SSLCertificateKeyFile "/usr/local/apache/conf/server.key"
#SSLCertificateKeyFile "/usr/local/apache/conf/server-dsa.key"

#   Server Certificate Chain:
#   Point SSLCertificateChainFile at a file containing the
#   concatenation of PEM encoded CA certificates which form the
#   certificate chain for the server certificate. Alternatively
#   the referenced file can be the same as SSLCertificateFile
#   when the CA certificates are directly appended to the server
#   certificate for convinience.
#服務器證書鏈：服務器證書鏈包含並置的來自於證書鏈的PEM編碼的CA證書。或者當CA證書直接追加到服務器證書時引用文件和SSLCertificateFile文件相同。
#SSLCertificateChainFile "/usr/local/apache/conf/server-ca.crt"

#   Certificate Authority (CA):
#   Set the CA certificate verification path where to find CA
#   certificates for client authentication or alternatively one
#   huge file containing all of them (file must be PEM encoded)
#   Note: Inside SSLCACertificatePath you need hash symlinks
#         to point to the certificate files. Use the provided
#         Makefile to update the hash symlinks after changes.
#證書頒發：設置CA證書的驗證路徑，即客戶端身份驗證或一個包含着全部信息的龐大文件（PEM編碼）的路徑。注：在SSLCACertificatePath中你要包含指向證書文件的哈希連接。使用提供的MakeFile文件在更改後更新哈希連接。
#SSLCACertificatePath "/usr/local/apache/conf/ssl.crt"
#SSLCACertificateFile "/usr/local/apache/conf/ssl.crt/ca-bundle.crt"

#   Certificate Revocation Lists (CRL):
#   Set the CA revocation path where to find CA CRLs for client
#   authentication or alternatively one huge file containing all
#   of them (file must be PEM encoded)
#   Note: Inside SSLCARevocationPath you need hash symlinks
#         to point to the certificate files. Use the provided
#         Makefile to update the hash symlinks after changes.
#證書吊銷列表（CRL）：核證機關撤銷設置路徑，找到客戶端身份驗證又或者是一個龐大的其中包含全部信息的文件（文件必須PEM編碼）。注：在SSLCACertificatePath中你要包含指向證書文件的哈希連接。使用提供的MakeFile文件在更改後更新哈希連接。

#SSLCARevocationPath "/usr/local/apache/conf/ssl.crl"
#SSLCARevocationFile "/usr/local/apache/conf/ssl.crl/ca-bundle.crl"

#   Client Authentication (Type):
#   Client certificate verification type and depth. Types are
#   none, optional, require and optional_no_ca. Depth is a
#   number which specifies how deeply to verify the certificate
#   issuer chain before deciding the certificate is not valid.
#客戶端身份驗證（類型）：客戶端證書驗證的類型和深度。
類型有none, optional, require 和 optional_no_ca。深度是一個數字，指明在決定該證書的證書頒發者鏈是否無效前如何深入驗證。
#SSLVerifyClient require
#SSLVerifyDepth 10

#   Access Control:
#   With SSLRequire you can do per-directory access control based
#   on arbitrary complex boolean expressions containing server
#   variable checks and other lookup directives. The syntax is a
#   mixture between C and Perl. See the mod_ssl documentation
#   for more details.
#訪問控制：隨着SSLRequire你能夠在每一個目錄設定任意複雜的包含服務器變量檢查和其餘指示表達式的查找的布爾表達式的訪問控制。語法是與C和Perl的混合物。更多細節見的mod_ssl的文檔。
#<Location />
#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>

#   SSL Engine Options:
#   Set various options for the SSL engine.
#   o FakeBasicAuth:
#     Translate the client X.509 into a Basic Authorisation. This means that
#     the standard Auth/DBMAuth methods can be used for access control. The
#     user name is the `one line' version of the client's X.509 certificate.
#     Note that no password is obtained from the user. Every entry in the user
#     file needs this password: `xxj31ZMTZzkVA'.
#   o ExportCertData:
#     This exports two additional environment variables: SSL_CLIENT_CERT and
#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
#     server (always existing) and the client (only existing when client
#     authentication is used). This can be used to import the certificates
#     into CGI scripts.
#   o StdEnvVars:
#     This exports the standard SSL/TLS related `SSL_*' environment variables.
#     Per default this exportation is switched off for performance reasons,
#     because the extraction step is an expensive operation and is usually
#     useless for serving static content. So one usually enables the
#     exportation for CGI and SSI requests only.
#   o StrictRequire:
#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
#     under a "Satisfy any" situation, i.e. when it applies access is denied
#     and no other module can change it.
#   o OptRenegotiate:
#     This enables optimized SSL connection renegotiation handling when SSL
#     directives are used in per-directory context.
#SSL引擎選項
#StdEnvVars
#若是開啓此選項，那麼與SSL相關的CGI/SSI標準環境變量將會被建立。出於性能考慮，這個選項默認關閉，由於提取這些變量值的過程是很是消耗資源的。通常僅爲CGI/SSI腳本開啓。
#CompatEnvVars
#若是開啓此選項，那麼爲了兼容其餘SSL解決方案而添加的額外CGI/SSI環境變量將會被建立。請參考兼容性一節獲取究竟將建立哪些變量的細節。
#ExportCertData
#若是開啓此選項，額外的CGI/SSI環境變量：SSL_SERVER_CERT, SSL_CLIENT_CERT, SSL_CLIENT_CERT_CHAIN_n(n=0,1,2,..)將被建立。這些變量包含了做用於當前HTTPS鏈接的PEM編碼的服務器/客戶端X.509證書的相關信息，以及客戶端證書鏈中全部證書的相關信息，它們能夠被CGI腳本用來進行更深層次的證書檢查。
#FakeBasicAuth
#若是開啓此選項，那麼客戶端X509證書中的特徵名稱(DN)字段的"Subject"值(可使用"openssl x509 -noout -subject -in certificate.crt"命令查看)將被轉化爲HTTP基本認證的用戶名。這就意味着能夠將標準Apache認證方法用於訪問控制，同時須要主意的是由於並無從用戶獲取密碼，因此每一個用戶名對應的密碼都是"xxj31ZMTZzkVA"，也便是"password"通過3DES加密後的結果。對於那些基於MD5加密的系統(BSD系統)，則須要使用"$1$OXLyS...$Owx8s2/m9/gfkcRVXzgoE/"做爲密碼。
#StrictRequire
#若是開啓此選項，那麼當SSLRequireSSL或SSLRequire要求禁止訪問時，將強制禁止訪問。默認狀況下，當設置了"Satisfy any"時，若是經過了SSLRequireSSL或SSLRequire以外的其餘訪問控制檢查，那麼訪問將被容許，這符合Satisfy指令的原意。可是在"SSLOptions +StrictRequire"的狀況下，你可使用SSLRequireSSL和/或SSLRequire在SSL鏈接上強制達到"Satisfy All"的效果。
#OptRenegotiate
#默認狀況下，當某個特定目錄的SSL配置發生變化時，將會執行一個完整的SSL從新握手和協商過程。若是開啓此選項，那麼將容許優化SSL鏈接的從新協商操做，也就是省略沒必要要的握手過程，而只是進行細粒度的參數檢查(仍然是安全的)。不過，在某些時候，只進行參數檢查每每不是用戶指望的結果，因此若是你想啓用這個選項，請只對某些特定的目錄啓用。
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/apache/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

#   SSL Protocol Adjustments:
#   The safe and default but still SSL/TLS standard compliant shutdown
#   approach is that mod_ssl sends the close notify alert but doesn't wait for
#   the close notify alert from client. When you need a different shutdown
#   approach you can use one of the following variables:
#   o ssl-unclean-shutdown:
#     This forces an unclean shutdown when the connection is closed, i.e. no
#     SSL close notify alert is send or allowed to received. This violates
#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
#     this when you receive I/O errors because of the standard approach where
#     mod_ssl sends the close notify alert.
#   o ssl-accurate-shutdown:
#     This forces an accurate shutdown when the connection is closed, i.e. a
#     SSL close notify alert is send and mod_ssl waits for the close notify
#     alert of the client. This is 100% SSL/TLS standard compliant, but in
#     practice often causes hanging connections with brain-dead browsers. Use
#     this only for browsers where you know that their SSL implementation
#     works correctly.
#   Notice: Most problems of broken clients are also related to the HTTP
#   keep-alive facility, so you usually additionally want to disable
#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
#   "force-response-1.0" for this.
#SSL協議調整：安全和默認，但仍符合SSL/TLS標準的關閉方法是，mod_ssl的發送關閉警報通知，但並不等待來自客戶的通知。當你須要一個不一樣的關閉的方法您可使用如下變量之一：ssl-unclean-shutdown（瀏覽器會發生死機的狀況用）和ssl-accurate-shutdown（確認瀏覽器不會死掉時使用）。
#
BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

#   Per-Server Logging:SSL訪問日誌。
#   The home of a custom SSL log file. Use this when you want a
#   compact non-error SSL logfile on a virtual host basis.
#SSL訪問日誌。
CustomLog "/usr/local/apache/logs/ssl_request_log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>