http://mirrors.cnnic.cn/apache/httpd/docs/ 英文pdf文檔下載
Apache HTTP Project’s goal
It is the Apache HTTP Project’s first goal to create a robust and correct implementation of the HTTP server RFC. Additional goals include security, scalability and optimization.
預分支(Pre-Forking)模型 Unix上的Apache是應用了預分支模型的服務器。父進程的責任僅在於繁衍子進程,它從不響應來自socket的任何請求。
ServerRoot 指的是配置文件根
DocumentRoot 指的是網頁文件根
兩種消息類型都由,4部分組成
1.開始行,說明是請求或是應答
GET /geo/geo.js HTTP/1.1\r\n
HTTP/1.1 200 OK\r\n
2.零個或多個字段頭也叫headers
Host: api.g-fox.cn\r\n
Accept: */*\r\n
Server: nginx\r\n
Date: Sun, 06 Dec 2015 02:26:31 GMT\r\n
3.空行CRLF,指示headers結束
\r\n
4.可能有消息體
清除firefox 單站點緩存
其實在“管理所有歷史記錄”里面可以,在某一個記錄上右鍵——清除此站點信息
測試配置文件的語法
14:12:03 97 /etc/httpd/conf:#apachectl -t -f /etc/httpd/conf/new.conf
httpd: Syntax error on line 2 of /etc/httpd/conf/new.conf: Include takes one argument, Name of the config file to be included
14:12:17 98 /etc/httpd/conf:#apachectl -t -f /etc/httpd/conf/httpd.conf
Syntax OK
webspace path
filesystem path
所以最后總結出要更改配置文件,不要在/etc/httpd/conf/httpd.conf上變動,而是在/etc/httpd/conf.d/下面新建*.conf文件來操作
編碼問題
今天從這篇文章中學習了apache關於defaultcharset的設置和優先級的問題。 1.頁面沒有指定charset , Apache配置defaultcharset gbk , 頁面文件編碼是utf-8。 執行結果是頁面亂碼。這個幾乎是肯定的,在頁面沒有meta指明charset,而服務器的defaultcharset又沒有被注釋掉,可以肯定頁面是會亂碼的,這個時候服務器的設置生效; 2.頁面指定charset為utf-8, Apache配置defaultcharset gbk. 頁面文件是utf-8。 執行結果是頁面亂碼。這個就驗證了當服務器的defaultcharset打開時,會忽略掉頁面的編碼設置; 3.PHP header申明charset為utf8, Apache配置defaultcharst gbk,頁面文件編碼是utf8。 執行結果是頁面正常。這個說明header中指定的信息的優先級要高於服務器及瀏覽器的設置; 4.Apache設置DefaultCharset off。 頁面顯示正常。 當且僅當應答內容是text/plain或text/html時,此指令將會在HTTP應答頭中加入的默認字符集。理論上這將覆蓋在文檔體中通過<meta>標 簽指定的字符集,但是實際的行為通常取決於用戶瀏覽器的設置。AddDefaultCharset Off 將會禁用此功能。 AddDefaultCharset On 將啟用Apache內部的默認字符集iso-8859-1 。您也可以指定使用在IANA注冊過的字符集名字 中的另外一個charset 。比如說: AddDefaultCharset utf-8 如果服務器和頁面都沒有指定編碼,我想這時編碼是由瀏覽器的默認編碼來確定的,這時Firefox和IE就會發生區別,當然是指安裝在中文系統里的瀏覽器,如果系統不同我想結果還會有差異。
[root@localhost ~]# httpd -l Compiled in modules: core.c prefork.c http_core.c mod_so.c C:\Apache22\bin>httpd.exe -l Compiled in modules: core.c mod_win32.c mpm_winnt.c http_core.c mod_so.c
偽靜態
針對此版本的Discuz_X3.2_SC_UTF8.zip
URL 靜態化是一個利於搜索引擎的設置,通過 URL 靜態化,達到原來是動態的 PHP 頁面轉換為靜態化的 HTML 頁面,當然,這里的靜態化是一種假靜態,目的只是提高搜索引擎的搜索量,Comsenz 旗下的產品 Discuz!、SupeSite/X-Space、ECShop、SupeV、UCHome 等都支持此功能。當然這個功能還需要服務器環境的支持,下面介紹一下如何在 Apache 服務器下配置 URL 靜態化的 Rewrite 規則。
步驟:
用管理員登錄后台,全局》SEO優化》URL靜態化》勾選-提交-查看當前的 Rewrite 規則
會出現一個頁面,有6部分,復制對應的內容,粘貼到/etc/httpd/conf/httpd.conf中,然后重啟httpd,就可生效。
也就是說如果是Apache Web Server(獨立主機用戶),就復制它下面的內容。如果是其它,就復制其它的內容。
目錄瀏覽
開啟目錄瀏覽
目錄瀏覽功能就是可以讓在沒有索引文件的狀態下實現瀏覽當前目錄下的所有文件及目錄,下面我們一起來看看apache開啟目錄瀏覽功能的方法,希望例子能夠幫助到各位。
不管哪個目錄,如果沒有directoryindex 指令后面的文件名,就是開啟了瀏覽功能,不需要加options indexes指令
根目錄瀏覽
開啟根目錄瀏覽,只需要關閉#Include conf.d/*.conf這行即可,或者注釋掉welcome.conf中的內容(一般選這個),如果根下無index.html或其它索引文件,會默認列出目錄,要禁止的話
加上options -indexes指令,其它的目錄都可以加以保護,參看訪問控制與認證授權
別名目錄瀏覽
定義一個別名,並且在lib64有問題時,可以重定向到別處
LoadModule autoindex_module modules/mod_autoindex.so LoadModule dir_module modules/mod_dir.so
alias /dist "/lib64"
<Directory "/lib64/">
Options indexes FollowSymLinks
# Options -indexes FollowSymLinks
IndexOptions NameWidth=10 Charset=UTF-8
Redirect permanent /dist/ http://172.16.1.47/tt/
</Directory>
LoadModule autoindex_module modules/mod_autoindex.so
DirectoryIndex index.php default.php index.html index.html.var
per-user web
[Thu Nov 12 09:04:29 2015] [error] [client 192.168.1.88] File does not exist: /var/www/html/~a1
useradd a1
passwd a1
登錄一次
mkdir public_html
echo "a1111111" > public_html/index.html
chmod 711 public_html
在httpd.conf中添加
<IfModule mod_userdir.c>
UserDir public_html
</IfModule>
userdir指令的context是server config和virtual host,不能用在dirctory中,參看文檔的該指令描述
即可,如果還要細化控制,再添加如下
#<Directory /home/*/public_html>
# AllowOverride FileInfo AuthConfig Limit
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
# <Limit GET POST OPTIONS>
# Order allow,deny
# Allow from all
# </Limit>
# <LimitExcept GET POST OPTIONS>
# Order deny,allow
# Deny from all
# </LimitExcept>
#</Directory>
apache -k restart
瀏覽器訪問http://192.168.1.47/~a1測試效果
webdav
[Thu Nov 12 09:10:50 2015] [error] [client 192.168.1.88] (13)Permission denied: access to /webdav denied
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
webdav與per user web一樣,只能在server config 或virtual host中配置,即只能在httpd.conf中配置,否則不生效
在httpd.conf中添加如下
<IfModule mod_dav_fs.c>
# Location of the WebDAV lock database.
DAVLockDB /var/lib/dav/lockdb
</IfModule>
Alias /webdav "/home/a1/"
<Directory "/home/a1/">
Dav On
</Directory>
lockdb路徑可以任意,成功連接之后,會自動創建如下文件
[root@localhost conf.d]# ll /var/lib/dav/
total 4
-rw-r--r-- 1 apache apache 0 Nov 12 10:36 lockdb.dir
-rw-r--r-- 1 apache apache 1024 Nov 12 10:38 lockdb.pag
apache -k restart
在win7計算機中映射網絡驅動器 \\172.16.1.47\webdav 添加成功,然后就可以上傳網站文件,修改測試非常方便
Authentication is any process by which you verify that someone is who they claim they are. Authorization is any process by which someone is allowed to be where they want to go, or to have information that they want to have.
(For general access control, see the Access Control How-To (p. 208) )
Access control refers to any means of controlling access to any resource.
訪問控制
訪問控制 access control by host
先搞清楚是拒絕優先,還是允許優先,確定以后,就可以設置順序了
只拒絕這個ip,其它允許
order deny,allow
deny from 192.168.1.65
只允許這個網段,其它全部禁止
order allow,deny
allow from 172.16.1.0/25
LoadModule authz_host_module modules/mod_authz_host.so
三個指令
allow
deny
order
訪問控制 access control by environment variable
LoadModule setenvif_module modules/mod_setenvif.so
認證授權 file,dbm,.htaccess
個別目錄需要認證的話,在要保護的目錄下使用.htaccess文件較靈活,但如果多個目錄的話,一次寫入<directory>較方便
先創建密碼文件 [root@localhost conf.d]# htpasswd -c us fgy New password: Re-type new password: Adding password for user fgy 添加新用戶 [root@localhost conf.d]# htpasswd us ken New password: Re-type new password: Adding password for user ken [root@localhost conf.d]# cat us fgy:wOFUYK2pU5Cm6 ken:RjZTIeFiLO6mU 沒有刪除用戶的操作,直接將us里的相應行刪除即可 基本認證授權的兩種方法 一是在directory中設置 二是在.htaccess文件中設置,將其放入想要保護的目錄中即可
authtype basic/digest 但是並非所有的瀏覽器都支持摘要認證 require user ken 單用戶或多用戶
require valid-user 所有用戶
在相應的directory中添加如下即可,authname名稱無所謂 authname oo authtype basic authuserfile /etc/httpd/conf.d/us require valid-user
1.將上面的4行放入.htaccess文件中, 2.並在相應的<directory>中只添加allowoverride all這一行 3.重啟apache .htaccess文件又稱為“分布式配置文件”,該文件可以覆蓋httpd.conf文件中的配置,但是它只能設置對目錄的訪問控制和用戶認證。.htaccess文件可以有多個,每個.htaccess文件的作用范圍僅限於該文件所存放的目錄以及該目錄下的所有子目錄。雖然.htaccess能實現的功能在<Directory>段中都能夠實現,但是因為在.htaccess修改配置后並不需要重啟Apache服務就能生效,所以在一些對停機時間要求較高的系統中可以使用。
創建密碼文件
[root@localhost conf.d]# htdbm -c dbm1 fgy1
Enter password :
Re-type password :
Database dbm1 created.
修改用戶密碼
[root@localhost conf.d]# htdbm dbm1 fgy1
Enter password :
Re-type password :
Database dbm1 modified.
添加用戶
[root@localhost conf.d]# htdbm dbm1 fgy2
Enter password :
Re-type password :
Database dbm1 updated.
刪除用戶
[root@localhost conf.d]# htdbm -x dbm1 fgy4
Database dbm1 modified.
列出用戶
[root@localhost conf.d]# htdbm -l dbm1
Dumping records from database -- dbm1
Username Comment
fgy1
Total #records : 1
[root@localhost conf.d]# ll
total 20
-rw-r--r--. 1 root root 0 Nov 11 16:12 dbm1.dir
-rw-r--r--. 1 root root 1024 Nov 11 16:13 dbm1.pag
-rw-r--r--. 1 root root 392 Aug 25 01:53 README
-rw-r--r--. 1 root root 496 Nov 11 16:12 test.conf
-rw-r--r--. 1 root root 36 Nov 11 13:59 us
-rw-r--r--. 1 root root 303 Nov 11 10:34 welcome.conf
[root@localhost conf.d]# apachectl -k restart
[root@localhost conf.d]# vi test.conf
alias /dir "/etc"
<directory "/etc/">
authname "dbmmange"
authtype basic
authbasicprovider dbm
authdbmuserfile /etc/httpd/conf.d/dbm1
require valid-user
</directory>
ldap
LoadModule ldap_module modules/mod_ldap.so LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
性能測試
14:23:55 20 ~:#ab -n 50 localhost/etc
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking localhost (be patient).....done
Server Software: Apache/2.2.15
Server Hostname: localhost
Server Port: 80
Document Path: /etc
Document Length: 201 bytes
Concurrency Level: 1
Time taken for tests: 0.015 seconds
Complete requests: 50
Failed requests: 0
Write errors: 0
Non-2xx responses: 50
Total transferred: 19050 bytes
HTML transferred: 10050 bytes
Requests per second: 3328.67 [#/sec] (mean)
Time per request: 0.300 [ms] (mean)
Time per request: 0.300 [ms] (mean, across all concurrent requests)
Transfer rate: 1238.50 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.0 0 0
Processing: 0 0 0.3 0 2
Waiting: 0 0 0.1 0 1
Total: 0 0 0.3 0 2
Percentage of the requests served within a certain time (ms)
50% 0
66% 0
75% 0
80% 0
90% 0
95% 0
98% 2
99% 2
100% 2 (longest request)
14:26:05 23 ~:#ab -n 500 http://172.16.1.42/
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 172.16.1.42 (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Finished 500 requests
Server Software: nginx/1.4.7
Server Hostname: 172.16.1.42
Server Port: 80
Document Path: /
Document Length: 168 bytes
Concurrency Level: 1
Time taken for tests: 0.153 seconds
Complete requests: 500
Failed requests: 0
Write errors: 0
Non-2xx responses: 500
Total transferred: 158500 bytes
HTML transferred: 84000 bytes
Requests per second: 3259.18 [#/sec] (mean)
Time per request: 0.307 [ms] (mean)
Time per request: 0.307 [ms] (mean, across all concurrent requests)
Transfer rate: 1008.94 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.0 0 1
Processing: 0 0 0.0 0 1
Waiting: 0 0 0.0 0 1
Total: 0 0 0.1 0 1
Percentage of the requests served within a certain time (ms)
50% 0
66% 0
75% 0
80% 0
90% 0
95% 0
98% 1
99% 1
100% 1 (longest request)
日志記錄
定義了4個昵稱
combined
common
referer
agent
combinedio
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
192.168.2.80 - - [07/Apr/2015:14:34:50 +0800] "GET /docs/ HTTP/1.1" 200 1664 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36"
192.168.2.80 - - [07/Apr/2015:14:34:53 +0800] "GET /docs/html/ HTTP/1.1" 200 17621 "http://192.168.2.84/docs/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36"
192.168.2.80 - - [07/Apr/2015:14:34:55 +0800] "GET /docs/html/manual.css HTTP/1.1" 404 296 "http://192.168.2.84/docs/html/basics.html" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36"
192.168.2.80 - - [07/Apr/2015:14:34:58 +0800] "GET /docs/html/graph_overview.html HTTP/1.1" 200 3693 "http://192.168.2.84/docs/html/basics.html" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36"
192.168.2.80 - - [07/Apr/2015:14:34:58 +0800] "GET /docs/html/manual.css HTTP/1.1" 404 296 "http://192.168.2.84/docs/html/graph_overview.html" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36"
192.168.2.80 - - [07/Apr/2015:14:35:41 +0800] "GET / HTTP/1.1" 200 1468 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36"
1.85.49.230 - - [07/Apr/2015:15:01:14 +0800] "GET / HTTP/1.1" 200 1468 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0"
1.85.49.230 - - [07/Apr/2015:15:01:14 +0800] "GET /cacti/images/auth_login.gif HTTP/1.1" 200 21265 "http://125.76.228.16:2002/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0
192.168.1.88 - fgy1 [26/Nov/2015:08:42:35 +0800] "PROPFIND /webdav/Thumbs.db HTTP/1.1" 404 291 "-" "Microsoft-WebDAV-MiniRedir/6.1.7601" 192.168.1.88 - fgy1 [26/Nov/2015:08:42:37 +0800] "GET /webdav/er.txt HTTP/1.1" 200 5 "-" "Microsoft-WebDAV-MiniRedir/6.1.7601" 192.168.1.88 - fgy1 [26/Nov/2015:08:43:14 +0800] "PROPFIND /webdav HTTP/1.1" 301 311 "-" "Microsoft-WebDAV-MiniRedir/6.1.7601" 192.168.1.88 - - [26/Nov/2015:08:43:14 +0800] "PROPFIND /webdav/ HTTP/1.1" 401 478 "-" "Microsoft-WebDAV-MiniRedir/6.1.7601" 192.168.1.88 - fgy1 [26/Nov/2015:08:43:14 +0800] "PROPFIND /webdav/ HTTP/1.1" 207 842 "-" "Microsoft-WebDAV-MiniRedir/6.1.7601" 該問題得到解決了,一定得分清楚Apache的幾種標簽:<Directory>,<Files>,<Location>,分別是目錄,文件,網絡空間。如果用了代理就得用<Location>。 我的Apache+Tomcat 集群,用到了代理模式,最近一直有PROPFIND的大量請求,而且IP不固定,所以想禁掉該類請求方式,故我的配置如下: <Location /> <Limit PROPFIND> Order allow,deny Deny from all </Limit> </Location>
含義精解(服務的停止與重啟)
####發送TERM或者stop信號
Sending theTERMorstopsignal to the parent causes it to immediately attempt to kill off all of its children. It may take it several seconds to complete killing off its children. Then the parent itself exits. Any requests in progress are terminated, and no further requests are served.
kill -TERM `cat /var/run/httpd/httpd.pid`或者apachectl -k stop
####發送HUP或者restart信號
Sending the HUP or restart signal to the parent causes it to kill off its children like in TERM, but the parent doesn't exit. It re-reads its configuration files, and re-opens any log files. Then it spawns a new set of children and continues serving hits.
發送hup或者restart信號給父進程會引起它殺死所有的子進程(就像term信號一樣),但父進程不退出。它重讀配置文件,並且重新打開日志文件。然后派生一組新的子進程並繼續服務。
09:58:58 49 /var/run/httpd:#cat httpd.pid 14688 09:59:02 50 /var/run/httpd:#ps -ef|grep http root 14688 1 0 09:54 ? 00:00:00 /usr/sbin/httpd -k start apache 14689 14688 0 09:54 ? 00:00:00 /usr/sbin/httpd -k start apache 14690 14688 0 09:54 ? 00:00:00 /usr/sbin/httpd -k start apache 14691 14688 0 09:54 ? 00:00:00 /usr/sbin/httpd -k start apache 14692 14688 0 09:54 ? 00:00:00 /usr/sbin/httpd -k start root 14777 13050 0 09:59 pts/0 00:00:00 grep http 09:59:07 51 /var/run/httpd:#kill -HUP `cat httpd.pid`或者apachectl -k restart
####父進程pid號未變驗證了父進程不退出 09:59:35 52 /var/run/httpd:#ps -ef|grep http root 14688 1 0 09:54 ? 00:00:00 /usr/sbin/httpd -k start apache 14795 14688 0 09:59 ? 00:00:00 /usr/sbin/httpd -k start apache 14796 14688 0 09:59 ? 00:00:00 /usr/sbin/httpd -k start apache 14797 14688 0 09:59 ? 00:00:00 /usr/sbin/httpd -k start apache 14798 14688 0 09:59 ? 00:00:00 /usr/sbin/httpd -k start root 14800 13050 0 09:59 pts/0 00:00:00 grep http 09:59:57 54 /var/run/httpd:#cat httpd.pid 14688
####發送USR1或者graceful信號
The USR1 or graceful signal causes the parent process to advise the children to exit after their current request (or to exit immediately if they're not serving anything).
10:21:43 64 /var/run/httpd:#kill -USR1 `cat httpd.pid`或者apachectl -k graceful
####從日志中可以看出是發出什么信號的
10:22:01 66 /var/run/httpd:#tail -f /var/log/httpd/error_log
[Sun Sep 06 10:12:04 2015] [notice] SIGHUP received. Attempting to restart
[Sun Sep 06 10:12:04 2015] [notice] Digest: generating secret for digest authentication ...
[Sun Sep 06 10:12:04 2015] [notice] Digest: done
[Sun Sep 06 10:12:04 2015] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 configured -- resuming normal operations
[Sun Sep 06 10:21:59 2015] [notice] Graceful restart requested, doing restart
[Sun Sep 06 10:21:59 2015] [notice] Digest: generating secret for digest authentication ...
[Sun Sep 06 10:21:59 2015] [notice] Digest: done
[Sun Sep 06 10:21:59 2015] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 configured -- resuming normal operations
錯誤排障
11:57:05 111 /var/www/html/doc/mrtg2:#service httpd reload
Reloading httpd: [FAILED]
11:57:07 112 /var/www/html/doc/mrtg2:#service httpd status
httpd dead but pid file exists
11:57:15 113 /var/www/html/doc/mrtg2:#rm -rf /var/run/httpd/httpd.pid
11:57:29 114 /var/www/html/doc/mrtg2:#service httpd start
Starting httpd: [FAILED]
11:57:34 115 /var/www/html/doc/mrtg2:#service httpd status
httpd dead but subsys locked
12:00:16 121 /var/www/html/doc/mrtg2:#rm -rf /var/lock/subsys/httpd
12:00:44 122 /var/www/html/doc/mrtg2:#service httpd start
Starting httpd: [ OK ]
查看錯誤日志解決以上問題
12:08:57 130 /var/www/html/doc/mrtg2:#less /var/log/httpd/error_log
[Fri Apr 24 11:55:24 2015] [notice] SIGHUP received. Attempting to restart
unable to start piped log program '/usr/local/apache/bin/rotatelogs /var/log/access_log 86400': No such file or directory
Unable to open logs
unable to start piped log program '/usr/local/apache/bin/rotatelogs /var/log/access_log 86400': No such file or directory
Unable to open logs
semaphore是一個內部用於與其子進程進行交流的工具," No space left on device: Couldn't create accept lock "的意思是說apache不能再創建新的semaphore進程。 用如下命令查看有多少 semaphore在運行。 #ipcs -s 你將會看到 ------ Semaphore Arrays -------- key semid owner perms nsems 0x00000000 68681743 apache 600 1 0x00000000 68714515 apache 600 1 0x00000000 68747291 apache 600 1 你可運行如下命令來安全的殺死每個 Semaphore(信號量) #ipcrm -s <semid> <semid>是上面ipcs -s輸出的第二列值。 想要一次性將所有的Semaphore全部殺死,請運行如下命令: for semid in `ipcs -s |awk '{print $2}'`; do ipcrm -s $semid; done 如果不能再創建更多的Semaphores: 有些時候你可能想改變系統允許創建 semaphores的數量。這就需要改變內核參數。 運行以下命令來查看當前參數: #ipcs -l 修改 /etc/sysctl.conf文件,增加如下兩行: kernel.msgmni = 1024 kernel.sem = 250 256000 32 1024 運行命令# sysctl -p 使剛改的參數生效。 (kernel.msgmni 該文件指定消息隊列標識的最大數目,即系統范圍內最大多少個消息隊列。缺省設置 :16) 關於/var/lock/subsys目錄 總的來說,系統關閉的過程(發出關閉信號,調用服務自身的進程)中會檢查/var/lock/subsys下的文件,逐一關閉每個服務,如果某一運行的服務在/var/lock/subsys下沒有相應的選項。在 系統關閉的時候,會像殺死普通進程一樣殺死這個服務。通過察看/etc/rc.d/init.d下的腳本,可以發現每個服務自己操縱時都會去查看/var/lock/subsys下相應的服務。
This is the status code that the server sends back to the client. This information is very valuable, because it reveals whether the request resulted in a successful response (codes beginning in 2), a redirection (codes beginning in 3), an error caused by the client (codes beginning in 4), or an error in the server (codes beginning in 5). The full list of possible status codes can be found in the HTTP specification (RFC2616 section 10).
這是服務器返回給客戶端的狀態代碼。這個信息非常有價值,因為它顯示請求是否以一個成功應答(代碼以2開頭),一個重定向(代碼以3開頭),一個由客戶端引起的錯誤(代碼以4開頭),或者一個服務端的錯誤(代碼以5開頭)為結果。一份可能的狀態代碼的完全列表能在HTTP規范中被發現。
Status-Code =
"100" ; Section 10.1.1: Continue
| "101" ; Section 10.1.2: Switching Protocols
| "200" ; Section 10.2.1: OK
| "201" ; Section 10.2.2: Created
| "202" ; Section 10.2.3: Accepted
| "203" ; Section 10.2.4: Non-Authoritative Information
| "204" ; Section 10.2.5: No Content
| "205" ; Section 10.2.6: Reset Content
| "206" ; Section 10.2.7: Partial Content
| "300" ; Section 10.3.1: Multiple Choices
| "301" ; Section 10.3.2: Moved Permanently
| "302" ; Section 10.3.3: Found
| "303" ; Section 10.3.4: See Other
| "304" ; Section 10.3.5: Not Modified
| "305" ; Section 10.3.6: Use Proxy
| "307" ; Section 10.3.8: Temporary Redirect
| "400" ; Section 10.4.1: Bad Request
| "401" ; Section 10.4.2: Unauthorized
| "402" ; Section 10.4.3: Payment Required
| "403" ; Section 10.4.4: Forbidden
| "404" ; Section 10.4.5: Not Found
| "405" ; Section 10.4.6: Method Not Allowed
| "406" ; Section 10.4.7: Not Acceptable
| "407" ; Section 10.4.8: Proxy Authentication Required
| "408" ; Section 10.4.9: Request Time-out
| "409" ; Section 10.4.10: Conflict
| "410" ; Section 10.4.11: Gone
| "411" ; Section 10.4.12: Length Required
| "412" ; Section 10.4.13: Precondition Failed
| "413" ; Section 10.4.14: Request Entity Too Large
| "414" ; Section 10.4.15: Request-URI Too Large
| "415" ; Section 10.4.16: Unsupported Media Type
| "416" ; Section 10.4.17: Requested range not satisfiable
| "417" ; Section 10.4.18: Expectation Failed
| "500" ; Section 10.5.1: Internal Server Error
| "501" ; Section 10.5.2: Not Implemented
| "502" ; Section 10.5.3: Bad Gateway
| "503" ; Section 10.5.4: Service Unavailable
| "504" ; Section 10.5.5: Gateway Time-out
| "505" ; Section 10.5.6: HTTP Version not supported
| extension-code
extension-code = 3DIGIT
Reason-Phrase = *<TEXT, excluding CR, LF>
需求:指定的ip訪問status與info,非法ip在日志中留有記錄
三步走就可以用這個地址訪問了server-info與server-status的配置是一樣的 http://172.16.1.44/server-status http://172.16.1.44/server-info 改配置 1.開模塊, 2.去注釋,並允許要允許的主機。順序為先拒絕后允許,拒絕所有,再允許個別。ExtendedStatus On只是為了在server-status中顯示更多信息罷了 3.重啟服務器生效 vi httpd.conf 修改三個地方 1.LoadModule status_module modules/mod_status.so 2.ExtendedStatus On 3. <Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from 172.16.1.254 </Location> 4.service httpd reload 看日志 access_log 192.168.1.90 - - [24/Apr/2015:09:58:12 +0800] "GET /server-info HTTP/1.1" 403 290 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0" error_log [Fri Apr 24 09:58:12 2015] [error] [client 192.168.1.90] client denied by server configuration: /var/www/html/server-info
需求:查看文件列表形式
注釋掉這一行,就可以看到文件的列表形式 #Include conf.d/*.conf <Directory "/var/www/html"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory>
需求:輪替日志
CustomLog "|/usr/sbin/rotatelogs /var/log/httpd/access_log 86400" common 上面這個可能不能正常使用,所以用下面的那一條,在httpd.conf中加入下面的一條指令,然后訪問頁面,日志就會在定義的時間內替換。 CustomLog "||/usr/sbin/rotatelogs /var/log/httpd/access_log 86400" common [root@84-monitor httpd]# vi /etc/httpd/conf/httpd.conf [root@84-monitor httpd]# service httpd reload Starting httpd: [ OK ] 定義時間內沒有訪問,不會輪替。有訪問,86400這個時間一到就輪替。 [root@84-monitor httpd]# ll total 104 -rw-r--r--. 1 root root 1001 Apr 3 17:46 access_log -rw-r--r--. 1 root root 950 Apr 3 18:00 access_log.1428055200 -rw-r--r--. 1 root root 950 Apr 3 18:01 access_log.1428055260 -rw-r--r--. 1 root root 2850 Apr 3 18:02 access_log.1428055320 -rw-r--r--. 1 root root 475 Apr 3 18:03 access_log.1428055380
cgi腳本 bash,perl,python,php,等
cgi腳本時,兩種類型的報錯
[Wed May 06 15:23:29 2015] [error] [client 192.168.1.88] (8)Exec format error: exec of '/var/www/cgi-bin/a' failed
[Wed May 06 15:23:29 2015] [error] [client 192.168.1.88] Premature end of script headers: a
[Wed May 06 15:41:08 2015] [error] [client 192.168.1.88] malformed header from script. Bad header=a.sh: a.sh
LoadModule cgi_module modules/mod_cgi.so
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
確保以上兩條指令開啟
bash腳本
1.修改cgi-bin目錄的權限,然后在此目錄下新建腳本文件 2.內容如下 vi b #! /bin/bash echo Content-type: text/html echo "" ifconfig 注意到上面的輸出的第一行必須是輸出“Content-type: text/html“否則Apache識別不了這個文本頁面的輸出。 3.瀏覽器訪問 http://172.16.1.44/cgi-bin/b
python腳本
16:33:45 141 /var/www/cgi-bin:#vi a
#! /usr/bin/python
print("Content-type: text/html\n")
print(5*5)
#! /usr/bin/python
print("Content-type: text/html\n")
a=['spam','eggs',30,50]
print(a[2])
php腳本
http://www.ietf.org/rfc/rfc3875 cgi/1.1
CGI是一種接口的標准,並不區分編程語言,也就是說,CGI可以用任何一種語言編寫,只要這種語言具有標准輸入、輸出和環境變量。CGI會將標准輸出重定向到給http的response,返回給瀏覽器。
CGI嚴格的介紹,公共網關接口CGI(Common GatewayInterface) 是WWW技術中最重要的技術之一,有着不可替代的重要地位。CGI是外部應用程序(CGI程序)與Web服務器之間的接口標准,是在CGI程序和Web服務器之間傳遞信息的規程。CGI規范允許Web服務器執行外部程序,並將它們的輸出發送給Web瀏覽器,CGI將Web的一組簡單的靜態超媒體文檔變成一個完整的新的交互式媒體。
CGI的輸出結果需要是HTML形式或瀏覽器能顯示的形式,否則其結果不會在瀏覽器中顯示。 另外在CGI程序的所有輸出前面必須有一個MIME類型的頭,即HTTP頭,對瀏覽器指明所接收內容的類型,大多數情況下,形如: Content-type: text/html 網絡訪問CGI程序,瀏覽器中可能會發生四種情況: CGI程序的輸出 太好了!這說明一切正常。 CGI程序的源代碼或者一個"POST Method Not Allowed"消息 這說明Apache沒有被正確配置以執行CGI程序,重新閱讀配置Apache看看遺漏了什么。 一個以"Forbidden"開頭的消息 這說明有權限問題。參考Apache error log和下面的文件的權限。 一個"Internal Server Error"消息 查閱Apache error log,可以找到CGI程序產生的出錯消息"Premature end of script headers"。對此,需要檢查下列各項,以找出不能產生正確HTTP頭的原因。 文件的權限 記住,服務器不是以你的用戶身份運行的,就是說,在服務器啟動后,擁有的是一個非特權用戶的權限-通常是``nobody''或者``www'' -而需要更大的權限以允許文件的執行。通常,給予``nobody''足夠的權限以執行文件的方法是,對文件賦予everyone execute權限: chmod a+x first.pl 另外,如果需要對其他文件進行讀取或寫入,也必須對這些文件賦予正確的權限。 如果服務器被配置為使用su exec則是一個例外。這個程序允許CGI程序根據其所在虛擬主機或用戶宿主目錄的不同而以不同的用戶權限運行。Su exec有極其嚴格的權限校驗,任何校驗失敗都會使CGI程序運行失敗而產生"Internal Server Error"。對此,需要檢查su exec的日志文件以發現哪個安全校驗出問題了。 路徑信息 當你在命令行執行一個程序,某些信息會自動傳給shell而無須你操心,比如一個路徑,告訴shell你所引用的文件可以在哪兒找到。 但是,在CGI程序通過網站服務器執行時,則沒有此路徑,所以,你在CGI程序中引用的任何程序(如sendmail)都必須指定其完整的路徑,使shell能找到它們以執行你的CGI程序。 一種普通的用法是,在CGI程序的第一行中指明解釋器(通常是perl),形如: #!/usr/bin/perl 必須保證它的確指向解釋器。 語法錯誤 多數CGI程序失敗的原因在於程序本身有問題,尤其是在已經消除上述兩種錯誤而CGI掛起的情況下。在用瀏覽器測試以前,先在命令行中執行你的程序,能夠發現大多數的問題。 出錯記錄 出錯記錄是你的朋友。任何錯誤都會在出錯記錄中有記載,所以你應該首先查看它。如果你的網站空間提供者不允許訪問出錯記錄,那么你應該考慮換一個空間提供者。學會閱讀出錯記錄,可以快速找出問題並快速解決。