#Apache HTTP服务器 实战教程
#什么是Apache HTTP服务器?
Apache HTTP服务器(简称Apache)是世界领先的开源Web服务器软件。自1995年以来,它一直是互联网上最受欢迎的Web服务器之一,以其稳定性、安全性和灵活性而闻名。
#Apache的主要特点:
- 开源免费:完全开源,无许可费用
- 跨平台支持:支持Linux、Windows、macOS等多种操作系统
- 模块化架构:丰富的模块生态系统
- 高度可配置:灵活的配置选项
- 稳定性强:经过长期验证的稳定性
- 社区支持:活跃的开发者社区
#1. Apache安装与配置
#1.1 Ubuntu/Debian系统安装
# 更新包列表
sudo apt update
# 安装Apache
sudo apt install apache2
# 检查Apache状态
sudo systemctl status apache2
# 启动Apache
sudo systemctl start apache2
# 设置开机自启
sudo systemctl enable apache2
# 检查Apache版本
apache2 -v#1.2 CentOS/RHEL系统安装
# 安装Apache (httpd)
sudo yum install httpd
# 或使用dnf (CentOS 8+)
sudo dnf install httpd
# 启动和设置开机自启
sudo systemctl start httpd
sudo systemctl enable httpd
# 检查状态
sudo systemctl status httpd#1.3 Docker方式安装
# 拉取Apache镜像
docker pull httpd:latest
# 运行Apache容器
docker run -d \
--name my-apache \
-p 80:80 \
-p 443:443 \
-v $(pwd)/htdocs:/usr/local/apache2/htdocs \
-v $(pwd)/httpd.conf:/usr/local/apache2/conf/httpd.conf \
httpd:latest
# 查看容器日志
docker logs my-apache#1.4 Docker Compose方式安装
# docker-compose.yml
version: '3.8'
services:
apache:
image: httpd:latest
container_name: apache-server
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./htdocs:/usr/local/apache2/htdocs:ro
- ./conf/httpd.conf:/usr/local/apache2/conf/httpd.conf:ro
- ./conf/extra:/usr/local/apache2/conf/extra:ro
- ./logs:/usr/local/apache2/logs
- ./ssl:/usr/local/apache2/ssl
networks:
- web-network
networks:
web-network:
driver: bridge#2. Apache基础配置
#2.1 主配置文件结构
# /etc/apache2/apache2.conf 或 /etc/httpd/conf/httpd.conf
#
# 基本服务器配置
#
# 服务器根目录
ServerRoot "/etc/apache2"
# 服务器名称
ServerName localhost:80
# 监听端口
Listen 80
# 模块加载
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
# 用户和组
User www-data
Group www-data
# 主文档目录
DocumentRoot "/var/www/html"
# 目录权限设置
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
# 默认首页
DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
# 日志配置
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined#2.2 虚拟主机配置
# /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com
# 访问日志和错误日志
LogLevel info
ErrorLog ${APACHE_LOG_DIR}/example_error.log
CustomLog ${APACHE_LOG_DIR}/example_access.log combined
# 目录配置
<Directory "/var/www/example.com">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
DirectoryIndex index.html index.php
</Directory>
# 静态资源缓存
<LocationMatch "\.(jpg|jpeg|png|gif|ico|css|js)$">
ExpiresActive On
ExpiresDefault "access plus 1 month"
Header append Cache-Control "public, immutable"
</LocationMatch>
</VirtualHost>#3. 模块化配置
#3.1 常用模块配置
# 启用常用模块
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so#3.2 URL重写配置
# .htaccess 文件示例
RewriteEngine On
# 重定向www到非www
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
# 强制HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# 隐藏PHP扩展名
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.php [NC,L]
# SEO友好的URL重写
RewriteRule ^article/([0-9]+)/([a-zA-Z0-9-]+)/?$ article.php?id=$1&slug=$2 [L]
RewriteRule ^user/([a-zA-Z0-9-]+)/?$ profile.php?username=$1 [L]#3.3 Gzip压缩配置
# 启用压缩
<IfModule mod_deflate.c>
# 压缩HTML、CSS、JavaScript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/json
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE font/truetype
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE image/svg+xml
# 压缩级别
DeflateCompressionLevel 6
DeflateMemLevel 9
DeflateWindowSize 15
</IfModule>#4. SSL/TLS配置
#4.1 SSL模块配置
# 启用SSL模块
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
# SSL配置
Listen 443 ssl
# SSL全局配置
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLProxyProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
SSLSessionTickets Off
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
SSLProxyCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384#4.2 HTTPS虚拟主机配置
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com
# SSL证书配置
SSLEngine on
SSLCertificateFile /path/to/certificate.crt
SSLCertificateKeyFile /path/to/private.key
SSLCertificateChainFile /path/to/chain.crt
# SSL安全配置
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder on
SSLSessionTickets off
# OCSP装订
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
SSLStaplingForceURL "http://ocsp.example.com"
# 安全头部
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Content-Type-Options "nosniff"
Header always set X-XSS-Protection "1; mode=block"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
# 日志配置
ErrorLog ${APACHE_LOG_DIR}/ssl_error.log
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
</VirtualHost>#4.3 Let's Encrypt配置
# 安装Certbot
sudo apt install certbot python3-certbot-apache
# 获取SSL证书
sudo certbot --apache -d example.com -d www.example.com
# 自动续期
sudo crontab -e
# 添加以下行
0 12 * * * /usr/bin/certbot renew --quiet --apache#5. 反向代理配置
#5.1 基本反向代理
# 启用代理模块
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_html_module modules/mod_proxy_html.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
# 基本反向代理配置
<VirtualHost *:80>
ServerName api.example.com
ProxyPreserveHost On
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
# 代理头部设置
RequestHeader unset Accept-Encoding
ProxyPassReverse /api/ http://localhost:3000/api/
# 错误处理
ProxyErrorOverride On
</VirtualHost>#5.2 负载均衡配置
# 启用负载均衡模块
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
LoadModule status_module modules/mod_status.so
# 负载均衡配置
<Proxy "balancer://mycluster">
BalancerMember "http://192.168.1.10:3000" loadfactor=3 route=node1
BalancerMember "http://192.168.1.11:3000" loadfactor=2 route=node2
BalancerMember "http://192.168.1.12:3000" loadfactor=1 route=node3
ProxySet lbmethod=byrequests
ProxySet hcmethod=GET
ProxySet hcuri=/health
</Proxy>
<VirtualHost *:80>
ServerName app.example.com
ProxyPreserveHost On
ProxyPass / balancer://mycluster/
ProxyPassReverse / balancer://mycluster/
# 会话持久化
ProxyHTMLEnable On
ProxyHTMLURLMap http://192.168.1.10:3000 /
ProxyHTMLURLMap http://192.168.1.11:3000 /
ProxyHTMLURLMap http://192.168.1.12:3000 /
# 健康检查页面
<Location "/balancer-manager">
SetHandler balancer-manager
Require ip 127.0.0.1
Require ip 192.168.1.0/24
</Location>
</VirtualHost>#5.3 WebSocket支持
# 启用WebSocket代理模块
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
<VirtualHost *:80>
ServerName ws.example.com
# WebSocket代理
RewriteEngine On
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://localhost:8080/$1" [P,L]
# HTTP代理
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
# 保持连接
ProxyPreserveHost On
ProxyAddHeaders On
ProxyPassReverse /ws ws://localhost:8080/ws
</VirtualHost>#6. 安全配置
#6.1 基本安全配置
# 安全相关的配置
ServerTokens Prod
ServerSignature Off
# 隐藏Apache版本
TraceEnable Off
# 安全头部
<IfModule mod_headers.c>
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Content-Type-Options "nosniff"
Header always set X-XSS-Protection "1; mode=block"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'"
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
</IfModule>
# 防止敏感文件访问
<FilesMatch "^\.">
Require all denied
</FilesMatch>
<FilesMatch "\.(env|ini|log|sh|sql|bak|backup|swp|swo)$">
Require all denied
</FilesMatch>#6.2 访问控制
# IP访问控制
<Directory "/var/www/admin">
Require ip 192.168.1.0/24
Require ip 10.0.0.0/8
Require all denied
</Directory>
# 基本身份认证
<Directory "/var/www/protected">
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
# 基于用户的认证
<Location "/admin">
AuthType Basic
AuthName "Admin Area"
AuthUserFile /etc/apache2/.htpasswd
Require user admin
Require ip 192.168.1.100
</Location>#6.3 请求限制
# 启用请求限制模块
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule evasive20_module modules/mod_evasive20.so
# 请求超时设置
RequestReadTimeout header=20-40,minrate=500
RequestReadTimeout body=10,minrate=500
# 请求大小限制
LimitRequestBody 10485760 # 10MB
LimitRequestFields 100
LimitRequestFieldSize 8190
LimitRequestLine 8190
# DDoS防护
<IfModule mod_evasive20.c>
DOSHashTableSize 2048
DOSPageCount 2
DOSPageInterval 1
DOSSiteCount 50
DOSSiteInterval 1
DOSBlockingPeriod 600
</IfModule>#7. 性能优化
#7.1 MPM配置优化
# prefork MPM配置(适用于PHP等非线程安全模块)
<IfModule mpm_prefork_module>
StartServers 2
MinSpareServers 5
MaxSpareServers 10
MaxRequestWorkers 150
MaxConnectionsPerChild 0
</IfModule>
# worker MPM配置(适用于线程安全模块)
<IfModule mpm_worker_module>
StartServers 3
MinSpareThreads 75
MaxSpareThreads 250
ThreadsPerChild 25
MaxRequestWorkers 400
MaxConnectionsPerChild 0
</IfModule>
# event MPM配置(推荐用于现代系统)
<IfModule mpm_event_module>
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxRequestWorkers 400
MaxConnectionsPerChild 0
</IfModule>#7.2 缓存配置
# 启用缓存模块
LoadModule cache_module modules/mod_cache.so
LoadModule cache_disk_module modules/mod_cache_disk.so
LoadModule cache_socache_module modules/mod_cache_socache.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
# 磁盘缓存配置
<IfModule mod_cache_disk.c>
CacheRoot /var/cache/apache2/mod_cache_disk
CacheEnable disk /
CacheDirLevels 2
CacheDirLength 1
CacheDefaultExpire 3600
CacheMaxExpire 86400
CacheLastModifiedFactor 0.1
CacheIgnoreHeaders Set-Cookie
</IfModule>
# 缓存静态资源
<FilesMatch "\.(jpg|jpeg|png|gif|ico|css|js|pdf|txt|zip|rar)$">
ExpiresActive On
ExpiresDefault "access plus 1 month"
Header append Cache-Control "public, immutable"
</FilesMatch>#7.3 HTTP/2配置
# 启用HTTP/2模块
LoadModule http2_module modules/mod_http2.so
# HTTP/2全局配置
Protocols h2 http/1.1
H2Direct on
H2ModernTLSOnly on
# 虚拟主机HTTP/2配置
<VirtualHost *:443>
ServerName example.com
# 启用HTTP/2
Protocols h2 http/1.1
# HTTP/2特定配置
H2Push on
H2PushPriority "text/css" "after"
H2PushPriority "application/javascript" "after"
H2PushResource "/css/style.css" critical
H2PushResource "/js/app.js" critical
# SSL配置
SSLEngine on
SSLCertificateFile /path/to/certificate.crt
SSLCertificateKeyFile /path/to/private.key
SSLCertificateChainFile /path/to/chain.crt
</VirtualHost>#8. 监控与日志
#8.1 详细日志配置
# 自定义日志格式
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" %D" combined_with_time
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{User-agent}i" agent
# 虚拟主机日志配置
<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/example.com
# 访问日志
CustomLog logs/example_access.log combined_with_time
# 或使用syslog
# CustomLog "|/usr/bin/logger -t httpd -p local6.info" combined
# 错误日志
ErrorLog logs/example_error.log
LogLevel warn
</VirtualHost>
# 条件日志记录
SetEnvIf Request_URI "^/api/" api_request
CustomLog logs/api_access.log combined env=api_request#8.2 服务器状态监控
# 服务器状态模块
LoadModule status_module modules/mod_status.so
<Location "/server-status">
SetHandler server-status
Require ip 127.0.0.1
Require ip 192.168.1.0/24
# 显示详细信息
# ExtendedStatus On
</Location>
# 服务器信息页面
<Location "/server-info">
SetHandler server-info
Require ip 127.0.0.1
Require ip 192.168.1.0/24
</Location>#8.3 性能监控脚本
#!/bin/bash
# apache_monitor.sh - Apache性能监控脚本
APACHE_STATUS_URL="http://localhost/server-status?auto"
# 检查Apache进程
if pgrep apache2 > /dev/null || pgrep httpd > /dev/null; then
echo "Apache is running"
else
echo "Apache is not running"
exit 1
fi
# 检查配置
if apache2ctl configtest > /dev/null 2>&1 || httpd -t > /dev/null 2>&1; then
echo "Apache configuration is valid"
else
echo "Apache configuration has errors"
exit 1
fi
# 获取服务器状态信息
if curl -s $APACHE_STATUS_URL > /dev/null; then
TOTAL_ACCESS=$(curl -s $APACHE_STATUS_URL | grep "Total Accesses:" | awk '{print $3}')
TOTAL_KBYTES=$(curl -s $APACHE_STATUS_URL | grep "Total kBytes:" | awk '{print $3}')
UPTIME=$(curl -s $APACHE_STATUS_URL | grep "Uptime:" | awk '{print $2}')
REQ_PER_SEC=$(curl -s $APACHE_STATUS_URL | grep "ReqPerSec:" | awk '{print $2}')
echo "Total Requests: $TOTAL_ACCESS"
echo "Total KB Transferred: $TOTAL_KBYTES"
echo "Uptime: $UPTIME seconds"
echo "Requests per Second: $REQ_PER_SEC"
fi
# 检查错误日志
ERROR_COUNT=$(grep -c "$(date '+%d/%b/%Y')" /var/log/apache2/error.log 2>/dev/null || grep -c "$(date '+%d/%b/%Y')" /var/log/httpd/error_log 2>/dev/null)
echo "Errors today: $ERROR_COUNT"
# 检查进程数
PROCESS_COUNT=$(pgrep apache2 | wc -l 2>/dev/null || pgrep httpd | wc -l 2>/dev/null)
echo "Apache processes: $PROCESS_COUNT"#9. 最佳实践
#9.1 安全加固配置
# 全面的安全加固配置
ServerTokens Prod
ServerSignature Off
TraceEnable Off
# 安全头部
<IfModule mod_headers.c>
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Content-Type-Options "nosniff"
Header always set X-XSS-Protection "1; mode=block"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';"
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()"
</IfModule>
# 防止敏感文件访问
<FilesMatch "^.">
Require all denied
</FilesMatch>
<FilesMatch "\.(env|ini|log|sh|sql|bak|backup|conf|yml|yaml)$">
Require all denied
</FilesMatch>
# 限制请求方法
<LimitExcept GET POST HEAD>
Require all denied
</LimitExcept>#9.2 性能优化配置
# 性能优化配置
<IfModule mpm_event_module>
StartServers 3
MinSpareThreads 75
MaxSpareThreads 250
ThreadLimit 64
ThreadsPerChild 25
MaxRequestWorkers 400
MaxConnectionsPerChild 10000
</IfModule>
# 启用压缩
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/json
</IfModule>
# 启用缓存
ExpiresActive On
ExpiresByType text/css "access plus 1 year"
ExpiresByType application/javascript "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType application/font-woff "access plus 1 year"
ExpiresByType application/font-woff2 "access plus 1 year"
ExpiresByType application/vnd.ms-fontobject "access plus 1 year"
ExpiresByType font/opentype "access plus 1 year"
ExpiresByType font/ttf "access plus 1 year"
ExpiresByType image/svg+xml "access plus 1 year"
# 保持连接
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5#9.3 部署最佳实践
#!/bin/bash
# apache_deployment.sh - Apache部署脚本
CONFIG_DIR="/etc/apache2"
BACKUP_DIR="/etc/apache2/backups"
DATE=$(date +%Y%m%d_%H%M%S)
mkdir -p $BACKUP_DIR
echo "Backing up current configuration..."
cp -r $CONFIG_DIR/sites-available $BACKUP_DIR/sites-available_$DATE
cp -r $CONFIG_DIR/conf-available $BACKUP_DIR/conf-available_$DATE
cp $CONFIG_DIR/apache2.conf $BACKUP_DIR/apache2.conf_$DATE
# 验证配置
echo "Testing configuration..."
if apache2ctl configtest; then
echo "Configuration test passed"
# 优雅重启
echo "Restarting Apache..."
systemctl reload apache2
# 验证服务状态
sleep 2
if systemctl is-active --quiet apache2; then
echo "Apache restarted successfully"
# 清理旧备份(保留最近5个)
ls -t $BACKUP_DIR | tail -n +6 | xargs -I {} rm -rf $BACKUP_DIR/{}
else
echo "Apache restart failed, attempting recovery..."
systemctl start apache2
if ! systemctl is-active --quiet apache2; then
echo "Recovery failed, restoring backup..."
cp $BACKUP_DIR/apache2.conf_$DATE $CONFIG_DIR/apache2.conf
systemctl restart apache2
exit 1
fi
fi
else
echo "Configuration test failed, restoring backup..."
cp $BACKUP_DIR/apache2.conf_$DATE $CONFIG_DIR/apache2.conf
exit 1
fi
echo "Deployment completed successfully"#9.4 应用场景配置示例
# API网关配置示例
<VirtualHost *:443>
ServerName api.example.com
# SSL配置
SSLEngine on
SSLCertificateFile /etc/ssl/certs/api.example.com.crt
SSLCertificateKeyFile /etc/ssl/private/api.example.com.key
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
# 反向代理配置
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
# 请求限制
<Location "/">
# 限流配置(需要mod_evasive或其他限流模块)
# 每个IP每秒最多100个请求
</Location>
# API特定头部
Header always set X-API-Version "1.0"
Header always set X-RateLimit-Limit "1000"
Header always set X-RateLimit-Remaining "999"
# 日志配置
ErrorLog ${APACHE_LOG_DIR}/api_error.log
CustomLog ${APACHE_LOG_DIR}/api_access.log combined
</VirtualHost>
# 静态文件服务器配置示例
<VirtualHost *:80>
ServerName static.example.com
DocumentRoot /var/www/static
# 静态资源优化
<Directory "/var/www/static">
Options -Indexes +FollowSymLinks
AllowOverride None
Require all granted
# 启用缓存
ExpiresActive On
ExpiresDefault "access plus 1 year"
Header append Cache-Control "public, immutable"
</Directory>
# 压缩配置
<LocationMatch "\.(html|htm|css|js|xml|json)$">
SetOutputFilter DEFLATE
</LocationMatch>
# 安全配置
<FilesMatch "\.(env|ini|log|sh|sql|bak|backup|conf)$">
Require all denied
</FilesMatch>
# 日志配置
ErrorLog ${APACHE_LOG_DIR}/static_error.log
CustomLog ${APACHE_LOG_DIR}/static_access.log combined
</VirtualHost>#总结
Apache HTTP服务器是一个功能强大、稳定可靠的Web服务器软件。通过合理的配置,可以实现高性能的Web服务、反向代理、负载均衡等功能。掌握Apache的核心概念和配置技巧,能够帮助开发者构建安全、高效、可扩展的Web应用架构。在实际部署中,需要注意安全配置、性能优化和监控维护,确保系统的稳定运行。