1. Apache process mode description
In Linux, we can use httpd-l to check whether the installed module is prefork mode or worker mode
[root@LAMP ~]# /usl/local/apache/bin/apachectl -l |egrep "worker|prefoker"
worker.c
[root@LAMP ~]#
or
[root@LAMP ~]# /usr/local/apache/bin/apachectl -l |sed -n ' /worker|prefork/p'
worker.c
[root@LAMP ~]#
prefork mode (default)
Prefork uses multiple child processes, and each child process has only one thread. Each process Only one connection can be maintained at a certain time.
Working principle:
The control process initially establishes several sub-processes. In order not to regenerate sub-processes when requests come, new sub-processes must be continuously created according to demand. The maximum can reach 32 per second until the demand is met.
Worker mode (default)
Worker mode is a newly introduced mode in Apache2.x. It is a combination of threads and processes. In worker mode, there will be multiple child processes, and each child process will have multiple threads. Each thread can only maintain one connection at a certain time.
Working principle:
Several sub-processes are generated by the main control process, and each sub-process contains a fixed number of threads. Each thread processes the request independently. In order not to generate another thread when the request comes, it is set in the configuration file. The minimum and maximum number of idle threads and the total number of threads in all child processes. If the total number of threads in the existing child processes cannot meet the concurrent load, the control process will spawn a new child process.
Installation method:
During the configuration and compilation process, add the parameter --with-mpm=worker. If not added, the system will adopt the default prefork mode.
Advantages: The memory usage is lower than the prefork mode, suitable for high concurrency. Traffic HTTPD service
Disadvantages: If a thread crashes, the entire process will "die" along with any of its threads. Since threads share memory space, a program must be recognized by the system as "per-thread safe" when it is running. Service stability is not as good as prefork mode.
Event mode: Under a very busy server, the above two servers are a bit overwhelmed. Based on the worker, it separates the service process from the connection. When the server processing speed is very fast and the click rate is very high, the number of available threads is the key resource limit. At this time, the Event MPM method is the most effective
1.prefork:
StartServers 5 questsPerChild 0 #process The maximum number of requests processed, 0 is unlimited, you can set it larger without recycling
2.worker:
StartServers 2 #Number of starting processes
MaxClients 150 # Maximum processing requests sMINSPAREADS 25 #minimum free thread number
Maxsparethreads 75 #maximum free thread number
ThreadsperChild 25 #How many threads can be generated for each process, the maximum of 20,000, the performance is closely related to
MaxrequestSperchild 0 # Thread processing The maximum number of requests, 0 unlimited
The total number of requests that can be processed simultaneously in worker mode is determined by the total number of child processes multiplied by the Threadsperchild value, which should be greater than or equal to maxclients. If the load is very large and the number of existing child processes cannot be satisfied, the control process will spawn new child processes.
Tip: The default maximum total number of child processes is 16. If you need to increase it, you need to clearly declare the value of serverlimit (the maximum value is 20000)
Check the number of concurrent connections under Apache's worker:
[root@LAMP ~ ]# pstree -a|grep httpd|wc -l
84
[root@LAMP ~]#
3.event will not be studied
2. Test analysis
Key points:
1, apachectl - M Check whether libphp5.so is loaded
2. Whether AddType Application/x-httpd-php .php is written correctly in httpd.conf
3. PHP code format must be written correctly
4. selinux must be turned off
5. deny was not changed to allow 2.4 denied granted
6. No host was added
2. Configure the first virtual host
Delete the warning sign in front of this line in httpd.conf
#Include conf/extra/httpd-vhosts. conf
vim /usr/local/apache2/con5. Configure user authentication for a virtual host
http://www.lishiming.net/thread-554-1-1.htmlf/extra/httpd-vhosts.conf
2. Web anti-hotlink technology
To put it simply, some illegal websites illegally call the resources of other websites without permission in their own website programs, and then display these called resources on their own websites to achieve the effect of filling the display of their own websites. However, the network traffic of calling resource websites is wasted, causing the bandwidth and service pressure of other websites to be tight, or even downtime.
Solutions for website hotlinking:
1. Implement hotlink prevention based on http referer
In the HTTP protocol, there is a header field called referer, which uses URL format to indicate where the resource linked to the current web page comes from. , through the referer, the source web page visited by the target can be detected. If it is a resource file, the web page address that displays it can be traced. Once it is detected that the source is not this site, it will be blocked or returned to the specified page. Currently, Apache, nginx, and lighttpd all support anti-hotlinking based on http referer
2. Processing based on cookies
3. Anti-hotlinking through encryption and transformation of access paths. lighttpd has a similar plug-in mod_secdownload
Apache web service to implement anti-hotlinking practice
ServerAdmin ucode@gmail.com
DocumentRoot "/var/html/bbs"
ServerName ucode.blog.51cto.com
ServerAlias www.dummy-host.example.com
ErrorLog "logs/bbs-error_log"
CustomLog "|/usr/local/sbin/cronolog /app/logs/access_bbs_%Y%m%d.log" combined
RewriteEngine On #Turn on anti-hotlinking
RewriteCond %{HTTP_REFERER}!^http://ucode.blog.51cto.com/.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://ucode.blog.51cto.com/$ [NC]
RewriteCond %{HTTP_REFERER}!^http://ucode.blog.51cto.com/.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://ucode.blog.51cto.com$ [NC]
RewriteCond .*.(gif|jpg|swf)$ http://ucode.blog.51cto.com/img/nolink.jpg [ R,NC]
Satisfy the above bold part will return: http://ucode.blog.51cto.com/img/nolink.jpg picture
Listen 80##The default listening port is 80
PidFile /export/servers/apache2/logs/httpd.pid
LoadModule authn_file_module modules/mod_authn_file.so##Loaded module
User admin ##The general default setting is admin
Group admin ##The general default setting is admin
DocumentRoot "/export/servers/apache2/htdocs"# #Set your project file path
ServerAdmin you@example.com #When the server reports an error, return to the client and contact the administrator
ServerName localhost:80 ##Server name: port
AddType application/x-httpd -php .php allows the .php text file format to also run php programs.
1
Options FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
#Options: Configure which features are used in a specific directory, commonly used The value and basic meaning are as follows:
#ExecCGI: CGI scripts are allowed to be executed in this directory.
#FollowSymLinks: Allow file systems to use symbolic links in this directory.
#Indexes: When the user accesses the directory, if the user cannot find the homepage file specified by DirectoryIndex (such as #index.html), the file list in the directory will be returned to the user.
#SymLinksIfOwnerMatch: When using symbolic links, the symbolic link can only be accessed if its file owner is the same as the actual file owner.
Includes allows server-side includes.
IncludesNOEXEC allows server-side includes, but disables #exec commands and #exec CGI. It is still possible to #include virtual CGI scripts from the ScriptAliase directory.
For example, without any + and - symbols:
Options Indexes FollowSymLinks
Options Includes
Only Includes is set to the /web/docs/spec directory.
However, if the second Options directive uses + and - symbols:
Options Indexes FollowSymLinks
Options +Includes -Indexes
Then there will be FollowSymLinks and Includes set to the /web/docs/spec directory.
#AllowOverride: The types of directives allowed to exist in .htaccess files (the .htaccess file name can be changed, and its file name is determined by the AccessFileName directive):
#None: When AllowOverride is set to None. Do not search for .htaccess files in this directory (can reduce server overhead).
#All: All directives can be used in .htaccess files.
Order: Control which of the two access rules Allow and Deny takes precedence during access:
Allow: List of hosts allowed to access (available domain names or subnets, for example: Allow from 192.168.0.0/16).
Deny: List of hosts that are denied access.
The Apache server can perform document access control for directories. However, access control can be achieved in two ways. One is to set each directory in the setting file httpd.conf (or access.conf)
Timeout 300 ## Timeout interval for client and server connections
KeepAlive On ### Pass multiple HTTP requests in one connection
MaxKeepAliveRequests 100 ###The maximum number of HTTP requests that can be made for one connection
KeepAliveTimeout 15 ### Test the time between multiple request transmissions in a connection. If the server has completed a request but has not received the next request from the client program, the server will disconnect after the interval exceeds the value set by this parameter. .
ErrorLog logs/error_log #The storage location of the log
LogLevel warn ##Log level debug log category, there are more logs
The default format of the log is as follows:
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
LogFormat "%h %l %u %t "%r" %>s %b" common #common is the log format name
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog logs/access_log common
format The various parameters are as follows:
%h – the client’s IP address or host name
%l – The This is the RFC 1413 identity judged by the client’s identd. The symbol "-" in the output indicates that the information here is invalid.
%u – The name of the client who accessed the webpage obtained by the HTTP authentication system. It is only valid if there is authentication. The "-" symbol in the output indicates that the information here is invalid.
%t – The time when the server completed processing the request.
"%r" – The quotation marks are the request content sent by the customer which contains a lot of useful information.
%>s – This is the status code returned by the server to the client.
%b – The last item is the number of bytes returned to the client excluding response headers.
"%{Referer}i" – This item specifies which web page the request was submitted from.
"%{User-Agent}i" – This item is the browser identification information provided by the customer’s browser
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
