HTTPD

77902543

AllowOverride参数就是指明Apache服务器是否去找.htacess文件作为配置文件，如果设置为none,那么服务器将忽略. htacess文件，如果设置为All,那么所有在.htaccess文件里有的指令都将被重写。对于AllowOverride，还可以对它指定如下一些能被重写的指令类型.
1 AuthConfig 允许使用所有的权限指令，他们包括AuthDBMGroupFile AuthDBMUserFile AuthGroupFile AuthName AuthTypeAuthUserFile和Require
2 FileInfo 允许使用文件控制类型的指令。它们包括AddEncoding AddLanguage AddType DEfaultType ErrorDocument LanguagePriority
3 Indexes 允许使用目录控制类型的指令。它们包括 AddDescription AddIcon AddIconByEncoding AddIconByType DefaultIcon DirectoryIndex FancyIndexing HeaderName IndexIgnore IndexOptions ReadmeName
4 Limit 允许使用权限控制指令。它们包括Allow Deny和Order
5 Options 允许使用控制目录特征的指令.他们包括Options 和XBitHack
Options
1 All 准许以下除MultiViews以外所有功能
2 MultiViews 允许多重内容被浏览，如果你的目录下有一个叫做foo.txt的文件，那么你可以通过/foo来访问到它，这对于一个多语言内容的站点比较有用
3 Indexes 若该目录下无index文件，则准许显示该目录下的文件以供选择
4 IncludesNOEXEC 准许SSI，但不可使用#exec和#include功能
5 Includes 准许SSI
6 FollowSymLinks 在该目录中，服务器将跟踪符号链接。注意，即使服务器跟踪符号链接，它也不会改变用来匹配不同区域的路径名，如果在标记内设置，该选项会被忽略
7 SymLinksIfOwnerMatch 在该目录中仅仅跟踪本站点内的链接
8 ExecCGI 在该目录下准许使用CGI
------------------------------------------------------------------
JSP:
LoadModule jk_module modules/mod_jk.so
  JkWorkersFile /usr/httpd/conf/workers.properties
# Where to put jk logs
# Update this path to match your logs directory location (put mod_jk.log next to access_log)
  JkLogFile     /usr/httpd/logs/mod_jk.log
# Set the jk log level [debug/error/info]
  JkLogLevel    info
# Select the log format
  JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
# JkOptions indicate to send SSL KEY SIZE,
  JkOptions     +ForwardKeySize +ForwardURICompat -ForwardDirectories
# JkRequestLogFormat set the request format
  JkRequestLogFormat     "%w %V %T"
# Send everything for context /examples to worker named worker1 (ajp13)
  JkMount  /*.jsp worker1

[root@localhost conf]# cat workers.properties
# Define 1 real worker using ajp13
  worker.list=worker1
  # Set properties for worker1 (ajp13)
  worker.worker1.type=ajp13
  worker.worker1.host=localhost
  worker.worker1.port=8009
  worker.worker1.lbfactor=50
  worker.worker1.cachesize=10
  worker.worker1.cache_timeout=600
  worker.worker1.socket_keepalive=1
  worker.worker1.reclycle_timeout=300
------------------------------------------------------------------
(1)复制文件#cp /usr/openssl/ssl/misc/CA.sh ./
(2)创建根服务器#./CA.sh -newca
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:anhui
Locality Name (eg, city) [Newbury]:hefei
Organization Name (eg, company) [My Company Ltd]:test.com
Organizational Unit Name (eg, section) []:www.test.com
Common Name (eg, your name or your server's hostname) []:ca.test.com
Email Address []:root@test.com
(3)创建服务器私钥#openssl genrsa -des3 -out server.key 1024
(4)创建服务器证书#openssl req -new -key server.key -out server.csr
(5)改名#mv server.csr newreq.pem
(6)签证#./CA.sh -sign
(7)改名#mv newcert.pem server.crt
(8)创建客户端私钥#openssl genrsa -des3 -out client.key 1024
(9)创建客户端证书#openssl req -new -key client.key -out client.csr
(10)签证#openssl ca -in client.csr -out client.crt
(11)转换为pkcs12格式#openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.pfx
()指定服务器证书位置
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
指定服务器证书key位置
SSLCertificateKeyFile /usr/local/apache/conf/ssl.crt/server.key
证书目录
SSLCACertificatePath /usr/local/apache/conf/ssl.crt
根证书位置
SSLCACertificateFile /usr/local/apache/conf/ssl.crt/cacert.pem
开启客户端SSL请求
SSLVerifyClient require
SSLVerifyDepth  1
------------------------------------------------------------------
ServerRoot "/usr/httpd"

#
#ScoreBoardFile logs/apache_runtime_status
#
PidFile logs/httpd.pid
#
Timeout 30
#
#KeepAlive On
#MaxKeepAliveRequests 100
#
KeepAliveTimeout 15
##
StartServers         5
MinSpareServers      5
MaxSpareServers     10
MaxClients         150
MaxRequestsPerChild  0
#
StartServers         2
MaxClients         150
MinSpareThreads     25
MaxSpareThreads     75
ThreadsPerChild     25
MaxRequestsPerChild  0

NumServers           5
StartThreads         5
MinSpareThreads      5
MaxSpareThreads     10
MaxThreadsPerChild  20
MaxRequestsPerChild  0
# WinNT MPM
ThreadsPerChild 250
MaxRequestsPerChild  0
# BeOS MPM
StartThreads               10
MaxClients                 50
MaxRequestsPerThread       10000
   
# NetWare MPM
indefinitely.                          
ThreadStackSize      65536
StartThreads           250
MinSpareThreads         25
MaxSpareThreads        250
MaxThreads            1000
MaxRequestsPerChild      0
MaxMemFree             100
# OS/2 MPM
StartServers           2
MinSpareThreads        5
MaxSpareThreads       10
MaxRequestsPerChild    0
Listen 80
#
# LoadModule foo_module modules/mod_foo.so
#
LoadModule ssl_module modules/mod_ssl.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
#
#ExtendedStatus On
#
User nobody
Group #-1
ServerAdmin
admin@test.com
#
ServerName
www.test.com:80
#
UseCanonicalName Off
#
#
    Options FollowSymLinks
    AllowOverride None
#
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
#
UserDir disabled
UserDir enabled abc
UserDir public_html
#
#
#    AllowOverride FileInfo AuthConfig Limit Indexes
#    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
#   
#        Order allow,deny
#        Allow from all
#   
#   
#        Order deny,allow
#        Deny from all
#   
#
#
DirectoryIndex index.html index.html.var
#
AccessFileName .htaccess
#
    Order allow,deny
    Deny from all
#
TypesConfig conf/mime.types
#
DefaultType text/plain
#
    MIMEMagicFile conf/magic
#
# nameserver.
#
HostnameLookups Off
#
#EnableMMAP off
#
#EnableSendfile off
#
ErrorLog logs/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
# You need to enable mod_logio.c to use %I and %O
#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
CustomLog logs/access_log common
#CustomLog logs/referer_log referer
#CustomLog logs/agent_log agent
#CustomLog logs/access_log combined
ServerTokens Full
# Set to one of:  On | Off | EMail
ServerSignature EMail

Alias /icons/ "/usr/httpd/icons/"
    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
Alias /abc/ "/home/abc/"
    Options Indexes MultiViews FollowSymLinks SymLinksIfOwnerMatch
    AllowOverride None
#authtype basic
#authname "Power"
#AuthUserFile /usr/httpd/passwd
#require user admin

AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "/usr/httpd/manual$1"
    Options Indexes
    AllowOverride None
    Order allow,deny
    Allow from all
   
        SetHandler type-map
   
    SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|ru)/ prefer-language=$1
    RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|ru)){2,}(/.*)?$ /manual/$1$2
#
ScriptAlias /cgi-bin/ "/usr/httpd/cgi-bin/"

#Scriptsock            logs/cgisock
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
#
IndexOptions FancyIndexing VersionSort
#
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^

DefaultIcon /icons/unknown.gif
#AddDescription "GZIP compressed document" .gz
#AddDescription "tar archive" .tar
#AddDescription "GZIP compressed tar archive" .tgz

ReadmeName README.html
HeaderName HEADER.html

IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t

DefaultLanguage zh-CN
AddLanguage ca .ca
AddLanguage cs .cz .cs
AddLanguage da .dk
AddLanguage de .de
AddLanguage el .el
AddLanguage en .en
AddLanguage eo .eo
AddLanguage es .es
AddLanguage et .et
AddLanguage fr .fr
AddLanguage he .he
AddLanguage hr .hr
AddLanguage it .it
AddLanguage ja .ja
AddLanguage ko .ko
AddLanguage ltz .ltz
AddLanguage nl .nl
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddLanguage pt .pt
AddLanguage pt-BR .pt-br
AddLanguage ru .ru
AddLanguage sv .sv
AddLanguage zh-CN .zh-cn
AddLanguage zh-TW .zh-tw
LanguagePriority zh-CN en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv

AddDefaultCharset GB2312
AddCharset ISO-8859-1  .iso8859-1  .latin1
AddCharset ISO-8859-2  .iso8859-2  .latin2 .cen
AddCharset ISO-8859-3  .iso8859-3  .latin3
AddCharset ISO-8859-4  .iso8859-4  .latin4
AddCharset ISO-8859-5  .iso8859-5  .latin5 .cyr .iso-ru
AddCharset ISO-8859-6  .iso8859-6  .latin6 .arb
AddCharset ISO-8859-7  .iso8859-7  .latin7 .grk
AddCharset ISO-8859-8  .iso8859-8  .latin8 .heb
AddCharset ISO-8859-9  .iso8859-9  .latin9 .trk
AddCharset ISO-2022-JP .iso2022-jp .jis
AddCharset ISO-2022-KR .iso2022-kr .kis
AddCharset ISO-2022-CN .iso2022-cn .cis
AddCharset Big5        .Big5       .big5
AddCharset WINDOWS-1251 .cp-1251   .win-1251
AddCharset CP866       .cp866
AddCharset KOI8-r      .koi8-r .koi8-ru
AddCharset KOI8-ru     .koi8-uk .ua
AddCharset ISO-10646-UCS-2 .ucs2
AddCharset ISO-10646-UCS-4 .ucs4
AddCharset UTF-8       .utf8
AddCharset GB2312      .gb2312 .gb
AddCharset utf-7       .utf7
AddCharset utf-8       .utf8
AddCharset big5        .big5 .b5
AddCharset EUC-TW      .euc-tw
AddCharset EUC-JP      .euc-jp
AddCharset EUC-KR      .euc-kr
AddCharset shift_jis   .sjis
AddType application/x-tar .tgz
AddEncoding x-compress .Z
AddEncoding x-gzip .gz .tgz
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
#AddHandler cgi-script .cgi
#AddHandler send-as-is asis
#AddHandler imap-file map
AddHandler type-map var
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
# pathnames for oft-used CGI file processors.
# Format: Action media/type /cgi-script/location
# Format: Action handler-name /cgi-script/location
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402
http://www.example.com/subscription_info.html
#   Alias /error/include/ "/your/include/path/"
    Alias /error/ "/usr/httpd/error/"
   
        AllowOverride None
        Options IncludesNoExec
        AddOutputFilter Includes html
        AddHandler type-map var
        Order allow,deny
        Allow from all
        LanguagePriority zh-CN en cs de es fr it nl sv pt-br ro
        ForceLanguagePriority Prefer Fallback
   
#
#    ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
#    ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
#    ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
     ErrorDocument 404 /error/404.html
#    ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
#    ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
#    ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
#    ErrorDocument 410 /error/HTTP_GONE.html.var
#    ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
#    ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
#    ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
#    ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
#    ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
#    ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
#    ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
#    ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
#    ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
#    ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
#
#    SetHandler server-status
#    Order deny,allow
#    Deny from all
#    Allow from .example.com
#
#
#    SetHandler server-info
#    Order deny,allow
#    Deny from all
#    Allow from .example.com
#
    Include conf/ssl.conf
NameVirtualHost *:80
#
#    ServerAdmin
webmaster@dummy-host.example.com
#    DocumentRoot /www/docs/dummy-host.example.com
#    ServerName dummy-host.example.com
#    ErrorLog logs/dummy-host.example.com-error_log
#    CustomLog logs/dummy-host.example.com-access_log common
#
ServerName load.test.com
DocumentRoot /usr/httpd/load
ServerAdmin
load@test.com
ServerName save.test.com
DocumentRoot /usr/httpd/save
ServerAdmin
save@test.com


本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u/12605/showart_113455.html