Apache modulemanagement
Apache module化design is 其最 important features之一, 它允许through加载不同 module来scaleserver functions. 本文将详细介绍Apachemodule basicconcepts, module 加载 and managementmethod, 以及常用module configuration and using.
module basicconcepts
Apachemodule is implementationspecificfunctions codecomponent, 它们可以被加载 to Apacheserverin以scale其functions. Apache corefunctions由basicmoduleproviding, 而otherfunctions则through可选moduleimplementation.
- coremodule: Apacheserver必需 module, providingbasicfunctions, such asHTTPprotocolprocessing, configurationfile解析etc..
- 可选module: 根据需要加载 module, providing额 out functions, such asSSL/TLSsupport, URL重写, proxyserviceetc..
module 命名规则
Apachemodule通常以mod_ before 缀命名, 例such asmod_ssl, mod_rewriteetc.. in configurationfilein, module名称通常不带mod_ before 缀, 例such asssl_module, rewrite_moduleetc..
module 加载 and management
in Linuxsystem on managementmodule
in Ubuntu/Debiansystem on , Apachemodule managementthrougha2enmod and a2dismodcommandsimplementation:
# 启用module
sudo a2enmod module_name
# 禁用module
sudo a2dismod module_name
# 查看已启用 module
sudo a2query -m
# 查看所 has 可用 module
sudo ls /etc/apache2/mods-available/
in CentOS/RHELsystem on , Apachemodule managementthrough编辑configurationfileimplementation:
# 编辑主configurationfile
sudo nano /etc/httpd/conf/httpd.conf
# 编辑moduleconfigurationTable of Contentsin file
sudo nano /etc/httpd/conf.modules.d/00-base.conf
in Windowssystem on managementmodule
in Windowssystem on , Apachemodule managementthrough编辑httpd.confconfigurationfileimplementation, usingLoadModule指令加载module:
# 加载module
LoadModule module_name modules/mod_module_name.so
usingLoadModule指令
LoadModule指令用于加载Apachemodule, 其语法such as under :
LoadModule module_name modules/mod_module_name.so
其in:
module_name: module in Apachein in 部名称, 通常不带mod_before 缀.modules/mod_module_name.so: modulefile path, 相 for 于ServerRootTable of Contents.
常用module configuration and using
mod_ssl - SSL/TLSsupport
mod_sslmoduleproviding for SSL/TLSprotocol support, 允许ApacheserverusingHTTPSprotocolprovidingencryption通信.
启用module
# Ubuntu/Debian
sudo a2enmod ssl
sudo systemctl restart apache2
# CentOS/RHEL
# 确保mod_sslmodule已加载, 然 after 重启Apache
sudo systemctl restart httpd
basicconfiguration
<VirtualHost *:443>
ServerName example.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /path/to/certificate.crt
SSLCertificateKeyFile /path/to/private.key
SSLCertificateChainFile /path/to/chain.crt
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
mod_rewrite - URL重写
mod_rewritemoduleprovidingURL重写functions, 允许through规则将一个URL重写 for 另一个URL.
启用module
# Ubuntu/Debian
sudo a2enmod rewrite
sudo systemctl restart apache2
# CentOS/RHEL
# 确保mod_rewritemodule已加载, 然 after 重启Apache
sudo systemctl restart httpd
basicconfiguration
<Directory /var/www/html>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
# or in .htaccessfilein
RewriteEngine on
# 重写规则example
RewriteRule ^old-url$ new-url [R=301,L]
RewriteRule ^products/([0-9]+)$ product.php?id=$1 [L]
mod_proxy - proxyservice
mod_proxymoduleprovidingproxyservicefunctions, 允许Apacheserving asproxyserver转发request to otherserver.
启用module
# Ubuntu/Debian
sudo a2enmod proxy proxy_http
sudo systemctl restart apache2
# CentOS/RHEL
# 确保mod_proxy and mod_proxy_httpmodule已加载, 然 after 重启Apache
sudo systemctl restart httpd
basicconfiguration
<VirtualHost *:80>
ServerName example.com
ProxyPass /app http://localhost:8080/app
ProxyPassReverse /app http://localhost:8080/app
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
mod_deflate - in 容压缩
mod_deflatemoduleproviding in 容压缩functions, 允许Apache压缩输出 in 容以reducing传输 big small .
启用module
# Ubuntu/Debian
sudo a2enmod deflate
sudo systemctl restart apache2
# CentOS/RHEL
# 确保mod_deflatemodule已加载, 然 after 重启Apache
sudo systemctl restart httpd
basicconfiguration
# 启用压缩
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json
# 设置压缩级别
DeflateCompressionLevel 9
# 排除某些浏览器
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
mod_headers - HTTP头部management
mod_headersmoduleprovidingHTTP头部managementfunctions, 允许Apache添加, modify or deleteHTTPresponse头部.
启用module
# Ubuntu/Debian
sudo a2enmod headers
sudo systemctl restart apache2
# CentOS/RHEL
# 确保mod_headersmodule已加载, 然 after 重启Apache
sudo systemctl restart httpd
basicconfiguration
# 添加response头部
Header set X-Content-Type-Options "nosniff"
Header set X-Frame-Options "SAMEORIGIN"
Header set X-XSS-Protection "1; mode=block"
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
# modifyresponse头部
Header edit X-Powered-By "Apache" "Your Server"
# deleteresponse头部
Header unset Server
mod_status - serverstatus
mod_statusmoduleprovidingserverstatusinformation, 允许throughspecificURL访问Apacheserver status.
启用module
# Ubuntu/Debian
sudo a2enmod status
sudo systemctl restart apache2
# CentOS/RHEL
# 确保mod_statusmodule已加载, 然 after 重启Apache
sudo systemctl restart httpd
basicconfiguration
<Location /server-status>
Setprocessingr server-status
Require local
# 允许specificIP访问
# Require ip 192.168.1.0/24
</Location>
configurationcompletion after , 可以throughhttp://your-server/server-status访问serverstatusinformation.
module configuration指令
每个module都 has 自己 configuration指令, 这些指令通常 in 加载module after 才能using. 以 under is 一些常用module 主要configuration指令:
| module | 主要configuration指令 | describes |
|---|---|---|
| mod_ssl | SSLEngine, SSLCertificateFile, SSLCertificateKeyFile | 启用SSL/TLS, configurationcertificate and keyfile |
| mod_rewrite | RewriteEngine, RewriteRule, RewriteCond | 启用URL重写, 定义重写规则 and 条件 |
| mod_proxy | ProxyPass, ProxyPassReverse, ProxyPreserveHost | configurationproxypath, 反向proxy and 主机头保留 |
| mod_deflate | AddOutputFilterByType, DeflateCompressionLevel | configuration压缩class型 and 压缩级别 |
| mod_headers | Header | 添加, modify or deleteHTTPresponse头部 |
| mod_status | Setprocessingr server-status | 设置serverstatusprocessing程序 |
Notes
in configurationApachemodule时, 应注意以 under 几点:
- 只加载必要 module, 过 many module会增加server memoryusing and 启动时间.
- 确保module configuration指令正确, error configuration可能导致server无法启动.
- in modifymoduleconfiguration after , 始终testconfigurationfile 语法并重启Apacheservice.
- for 于produceenvironment, 应定期checkmodule update, 以确保security性.
实践case: configuration常用module
步骤1: 启用必要 module
in Ubuntu/Debiansystem on , 启用以 under 常用module:
sudo a2enmod ssl rewrite proxy proxy_http deflate headers status
sudo systemctl restart apache2
步骤2: configurationmod_rewriteimplementationURL重写
creation一个.htaccessfile, implementation以 under functions:
- 将HTTPrequest重定向 to HTTPS
- 移除URLin index.php
- 将带www 域名重定向 to 不带www 域名
# 启用重写引擎
RewriteEngine On
# 重定向HTTP to HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# 移除index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
# 重定向www to 非www
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
步骤3: configurationmod_deflateimplementation in 容压缩
in Apacheconfigurationfilein添加以 under in 容, implementation in 容压缩:
# 启用 in 容压缩
# 压缩HTML, CSS, JavaScript, Text, XML
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/javascript application/json
# 设置压缩级别
DeflateCompressionLevel 9
# 排除某些浏览器
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# 确保压缩file ETag正确
Header append Vary Accept-Encoding
步骤4: configurationmod_headers添加security头部
in Apacheconfigurationfilein添加以 under in 容, 添加security相关 HTTP头部:
# 添加security头部
# 防止MIMEclass型嗅探
Header set X-Content-Type-Options "nosniff"
# 防止点击劫持
Header set X-Frame-Options "SAMEORIGIN"
# 启用XSS保护
Header set X-XSS-Protection "1; mode=block"
# 启用严格传输security
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
# in 容security策略
Header set Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:"
步骤5: testconfiguration
testApacheconfigurationfile 语法:
sudo apache2ctl configtest
such as果configuration正确, 重启Apacheservice:
sudo systemctl restart apache2
步骤6: verificationconfiguration
using浏览器 or curlcommandsverificationconfiguration is 否生效:
# check重定向
curl -I http://example.com
# checksecurity头部
curl -I https://example.com
# check压缩
curl -H "Accept-Encoding: gzip" -I https://example.com
互动练习
练习1: 启用 and configurationmod_ssl
in 您 Apacheserver on 启用mod_sslmodule, 并configurationSSL/TLScertificate, 使网站可以throughHTTPS访问.
练习2: configurationmod_rewrite
usingmod_rewritemoduleimplementation以 under functions:
- 将所 has HTTPrequest重定向 to HTTPS
- 将带www 域名重定向 to 不带www 域名
- implementation友 good URLstructure, 例such as将
product.php?id=123重写 forproduct/123
练习3: configurationmod_proxyserving as反向proxy
usingmod_proxymoduleconfigurationApacheserving as反向proxy, 将request转发 to after 端 applicationserver (例such asrun in 8080端口 Tomcatserver) .
练习4: optimizationmoduleconfiguration
check您 Apacheserver on 已启用 module, 禁用不需要 module, 然 after configuration剩余 module以获得最佳performance and security性.