Linux系统Apache服务器配置文件详解

### Section 1: Global Environment

//当服务器响应主机头（header）信息时显示Apache的版本和操作系统名称
ServerTokens OS
//设置服务器的根目录
ServerRoot "/etc/httpd"
#ScoreBoardFile run/httpd.scoreboard
//设置运行Apache时使用的PidFile的路径
PidFile run/httpd.pid
//若300秒后没有收到或送出任何数据就切断该连接
Timeout 300
//不使用保持连接的功能，即客户一次请求连接只能响应一个文件
/建议用户将此参数的值设置为On，即允许使用保持连接的功能
KeepAlive Off
//在使用保持连接功能时，设置客户一次请求连接能响应文件的最大上限
MaxKeepAliveRequests 100
//在使用保持连接功能时，两个相邻的连接的时间间隔超过15秒，就切断连接
KeepAliveTimeout 15
##
## Server-Pool Size Regulation (MPM specific)
##
# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
//设置使用Prefork MPM运行方式的参数，此运行方式是Red hat默认的方式
//设置服务器启动时运行的进程数
StartServers 8
//Apache在运行时会根据负载的轻重自动调整空闲子进程的数目
//若存在低于5个空闲子进程，就创建一个新的子进程准备为客户提供服务
MinSpareServers 5
//若存在高于20个空闲子进程，就创建逐一删除子进程来提高系统性能
MaxSpareServers 20
//限制同一时间的连接数不能超过150
MaxClients 150
//限制每个子进程在结束处理请求之前能处理的连接请求为1000
MaxRequestsPerChild 1000
# worker MPM
# StartServers: initial number of server processes to start
//设置使用Worker MPM运行方式的参数
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
# perchild MPM
# NumServers: constant number of server processes
//设置使用perchild MPM运行方式的参数
NumServers 5
StartThreads 5
MinSpareThreads 5
MaxSpareThreads 10
MaxThreadsPerChild 20
MaxRequestsPerChild 0
//设置服务器的监听端口
#Listen 12.34.56.78:80
Listen 202.112.85.101:80
#
# Load config files from the config directory "/etc/httpd/conf.d".
//将/etc/httpd/conf.d目录下所有以conf结尾的配置文件包含进来
Include conf.d/*.conf
#
# Dynamic Shared Object (DSO) Support
//动态加载模块(DSO)
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule access_module modules/mod_access.so
LoadModule auth_module modules/mod_auth.so
LoadModule auth_anon_module modules/mod_auth_anon.so
LoadModule auth_dbm_module modules/mod_auth_dbm.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule asis_module modules/mod_asis.so
LoadModule info_module modules/mod_info.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule imap_module modules/mod_imap.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
//当使用内置模块perfork.c时动态加载cgi_module
LoadModule cgi_module modules/mod_cgi.so
#ExtendedStatus On
### Section 2: \"Main\" server configuration
//设置运行Apache服务器的用户和组
User apache
Group apache
//设置Apache服务器管理员的E_mail地址
ServerAdmin admin at astro dot bnu.edu.cn
ServerName mail.astro.bnu.edu.cn
//关闭此选项，当Apache服务器需要指向本身的连接时使用
//serverName:port作为主机名，例如
www.jamond.net:80
//若打开此选项将使用
www.jamond.net
port 80作为主机名
UseCanonicalName Off
//设置根文档路径
#DocumentRoot "/var/www/html"
DocumentRoot "/home/httpd"
//设置apache服务器根的访问权限
//允许符号链接跟随，访问不在本目录下的文件
Options FollowSymLinks
//禁止读取.htaccess配置文件的内容
AllowOverride None
//设置根文档目录的访问权限
//Indexes:当在目录中找不到DirectoryIndex列表中指定的文件
//就生成当前目录的文件列表
//FollowSymLinks允许符号链接跟随，访问不在本目录下的文件
Options Indexes FollowSymLinks
//禁止读取.htaccess配置文件的内容
AllowOverride None
//指定先执行Allow（允许）访问规则，在执行Deny访问规则
Order allow,deny
# Allow from 202.112.85.0/16
//设置Allow（允许）访问规则，允许所有连接
Allow from all
# Deny from all
//对Apache服务器的根的访问不生成目录列表，同时指定错误输出页面
Options -Indexes
ErrorDocument 403 /error/noindex.html
//不允许每用户的服务器配置
//不允许每用户的服务器配置
UserDir disable
#//基于安全考虑，禁止root用户使用自己的个人站点
#UserDir disable root
#//配置对每个用户web站点目录的设置
#UserDir public_html
//设置对每个用户web站点目录的访问权限
#
# AllowOverride FileInfo AuthConfig Limit
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
#
# Order allow,deny
# Allow from all
#
#
# Order deny,allow
# Deny from all
#
#
//当访问服务器时，依次查找页面Index.html index.htm.var
DirectoryIndex index.html index.html.var
//指定保护目录配置文件的名称
AccessFileName .htaccess
//拒绝访问以.ht开头的文件,即保证.htaccess不被访问
Order allow,deny
Deny from all
//指定负责处理MIME对应格式的配置文件的存放位置
TypesConfig /etc/mime.types
//指定默认的MIME文件类型为纯文本或HTML文件
DefaultType text/plain
//当mod_mime_magic.c模块被加载时，指定magic信息码配置文件的存放位置
# MIMEMagicFile /usr/share/magic.mime
MIMEMagicFile conf/magic
//只记录连接Apache服务器的Ip地址，而不纪录主机名
HostnameLookups Off
//指定错误日志存放位置
ErrorLog logs/error_log
//指定记录的错误信息的详细等级为warn等级
LogLevel warn
//定义四中记录日志的格式
LogFormat "%h %l %u %t "%r" %>s %b "%{ Referer }i" "%{ User-Agent }i"" combined
LogFormat "%h %l %u %t "%r" %>s %b" common
LogFormat "%{ Referer }i -> %U" referer
LogFormat "%{ User-agent }i" agent
//指定访问日志的纪录格式为combined（混合型），并指定访问日志存放位置
# CustomLog logs/access_log common
CustomLog logs/access_log combined
#CustomLog logs/referer_log referer
#CustomLog logs/agent_log agent
#CustomLog logs/access_log combined
//设置apache自己产生的页面中使用apache服务器版本的签名
ServerSignature On
//设置内容协商目录的访问别名
Alias /icons/ "/var/www/icons/"
//设置/var/www/icons/的访问权限
//MultiViews 使用内容协商功决定被发送的网页的性质
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
//设置网页邮件服务
Alias /webmail "/usr/share/squirrelmail"
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
//设置apache手册的访问别名
Alias /manual "/var/www/manual"
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
//设置浏览器匹配
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4.0" force-response-1.0
BrowserMatch "Java/1.0" force-response-1.0
BrowserMatch "JDK/1.0" force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
#
# Allow server status reports, with the URL of
http://servername/server-s...
# Change the ".your-domain.com" to match your domain to enable.
#
#
# SetHandler server-status
# Order deny,allow
# Deny from all
# Allow from .your-domain.com
#
#
# Allow remote server configuration reports, with the URL of
#
http://servername/server-i...
(requires that mod_info.c be loaded).
# Change the ".your-domain.com" to match your domain to enable.
#
#
# SetHandler server-info
# Order deny,allow
# Deny from all
# Allow from .your-domain.com
#
//设置APache为代理服务器
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#
#
#ProxyRequests On
#
#
# Order deny,allow
# Deny from all
# Allow from .your-domain.com
#
#
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#
#ProxyVia On
#
# To enable the cache as well, edit and uncomment the following lines:
# (no cacheing without CacheRoot)
#
#CacheRoot "/etc/httpd/proxy"
#CacheSize 5
#CacheGcInterval 4
#CacheMaxExpire 24
#CacheLastModifiedFactor 0.1
#CacheDefaultExpire 1
#NoCache a-domain.com another-domain.edu joes.garage-sale.com
#
# End of proxy directives.
//设置虚拟主机
### Section 3: Virtual Hosts
#
# VirtualHost: If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn\"t need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
#
//定义虚拟主机的设置，此设置将覆盖前面有的的相同指令
# ServerAdmin webmaster at dummy-host dot example.com
# DocumentRoot /www/docs/dummy-host.example.com
# ServerName dummy-host.example.com
# ErrorLog logs/dummy-host.example.com-error_log
# CustomLog logs/dummy-host.example.com-access_log common
#
//指定DAV加锁数据库文件的存放位置
# Location of the WebDAV lock database.
DAVLockDB /var/lib/dav/lockdb
Alias /docs "/home/EMU/webmail/docs/"
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
# Location of the WebDAV lock database.
DAVLockDB /var/lib/dav/lockdb
//设置CGI目录的访问别名
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
//由于red hat中不使用worker MPM运行方式，所以不加载mod_cgid.c模块
#
# Additional to mod_cgid.c settings, mod_cgid has Scriptsock
# for setting UNIX socket for communicating with cgid.
#
#Scriptsock logs/cgisock
//设置CGI目录的访问权限
AllowOverride None
Options None
Order allow,deny
Allow from all
//重定向连接
# Redirect permanent /foo
http://www.example.com/bar
//设置自动生成目录列表的显示方式
//FancyIndexing 对每种类型的文件前加上一个小图标以示区别
//VersionSort 对同一个软件的多个版本进行排序
//NameWidth=* 文件名字段自动适应当前目录下的最长文件名
IndexOptions FancyIndexing VersionSort NameWidth=*
//当使用IndexOptions FancyIndexing之后，配置下面的参数
//用于告知服务器在遇到不同的文件类型或扩展名时采用MIME编码格式
//辨别文件类型并显示相应的图标
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
//当使用IndexOptions FancyIndexing之后，配置下面的参数
//用于告知服务器在遇到不同的文件类型或扩展名时采用所指定的格式
//并显示相应的图标
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
//当使用IndexOptions FancyIndexing之后，且无法识别文件类型时
//显示此处定义的图标
DefaultIcon /icons/unknown.gif
#
# AddDescription allows you to place a short description after a file in
# server-generated indexes. These are only displayed for FancyIndexed
# directories.
# Format: AddDescription "description" filename
#
#AddDescription "GZIP compressed document" .gz
#AddDescription "tar archive" .tar
#AddDescription "GZIP compressed tar archive" .tgz
//当服务器自动列出目录列表时，在所生成的页面之后显示readme.html的内容
ReadmeName README.html
//当服务器自动列出目录列表时，在所生成的页面之前显示header.html的内容
HeaderName HEADER.html
#
# IndexIgnore is a set of filenames which directory indexing should ignore
# and not include in the listing. Shell-style wildcarding is permitted.
#
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
//设置在线浏览用户可以实时解压缩.z .gz .tgz类型的文件
//并非所有浏览器都支持
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz
#
# DefaultLanguage nl
# Danish (da) - Dutch (nl) - English (en) - Estonian (et)
# French (fr) - German (de) - Greek-Modern (el)
# Italian (it) - Norwegian (no) - Norwegian Nynorsk (nn) - Korean (kr)
# Portugese (pt) - Luxembourgeois* (ltz)
# Spanish (es) - Swedish (sv) - Catalan (ca) - Czech(cz)
# Polish (pl) - Brazilian Portuguese (pt-br) - Japanese (ja)
# Russian (ru) - Croatian (hr)
#
//设置网页内容的语言种类（浏览器要启用内容协商）
//对中文网页，此项无实际意义
AddLanguage da .dk
AddLanguage nl .nl
AddLanguage en .en
AddLanguage et .et
AddLanguage fr .fr
AddLanguage de .de
AddLanguage he .he
AddLanguage el .el
AddLanguage it .it
AddLanguage ja .ja
AddLanguage pl .po
AddLanguage kr .kr
AddLanguage pt .pt
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pt-br .pt-br
AddLanguage ltz .ltz
AddLanguage ca .ca
AddLanguage es .es
AddLanguage sv .se
AddLanguage cz .cz
AddLanguage ru .ru
AddLanguage tw .tw
AddLanguage zh-tw .tw
AddLanguage hr .hr
//当启用内容协商时，设置语言的先后顺序
LanguagePriority en da nl et fr de el it ja kr no pl pt pt-br ltz ca es sv tw
//Prefer 当有多种语言可以匹配时，使用LanguagePriority 列表的第一项
//Fallback 当没有语言可以匹配时，使用LanguagePriority 列表的第一项
ForceLanguagePriority Prefer Fallback
//设置默认字符集
AddDefaultCharset ISO-8859-1
//设置各种字符集
AddCharset ISO-8859-1 .iso8859-1 .latin1
AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
AddCharset ISO-8859-3 .iso8859-3 .latin3
AddCharset ISO-8859-4 .iso8859-4 .latin4
AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru
AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb
AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk
AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb
AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk
AddCharset ISO-2022-JP .iso2022-jp .jis
AddCharset ISO-2022-KR .iso2022-kr .kis
AddCharset ISO-2022-CN .iso2022-cn .cis
AddCharset Big5 .Big5 .big5
# For russian, more than one charset is used (depends on client, mostly):
AddCharset WINDOWS-1251 .cp-1251 .win-1251
AddCharset CP866 .cp866
AddCharset KOI8-r .koi8-r .koi8-ru
AddCharset KOI8-ru .koi8-uk .ua
AddCharset ISO-10646-UCS-2 .ucs2
AddCharset ISO-10646-UCS-4 .ucs4
AddCharset UTF-8 .utf8
# The set below does not map to a specific (iso) standard
# but works on a fairly wide range of browsers. Note that
# capitalization actually matters (it should not, but it
# does for some browsers).
#
# See
ftp://ftp.isi.edu/in-notes...
# for a list of sorts. But browsers support few.
#
AddCharset GB2312 .gb2312 .gb
AddCharset utf-7 .utf7
AddCharset utf-8 .utf8
AddCharset big5 .big5 .b5
AddCharset EUC-TW .euc-tw
AddCharset EUC-JP .euc-jp
AddCharset EUC-KR .euc-kr
AddCharset shift_jis .sjis
//添加新的MIME类型（避免用户编辑/etc/mime.types)
AddType application/x-tar .tgz
#
# AddHandler allows you to map certain file extensions to "handlers":