Apache User Guide

Apache 简明用户指引

安装

macOS

$ brew install httpd
==> Installing httpd 
==> Downloading https://homebrew.bintray.com/bottles/httpd-2.4.33.high_sierra.bottle.tar.gz
Already downloaded: /Users/ma3310/Library/Caches/Homebrew/httpd-2.4.33.high_sierra.bottle.tar.gz
==> Pouring httpd-2.4.33.high_sierra.bottle.tar.gz
==> Caveats
DocumentRoot is /usr/local/var/www.

The default ports have been set in /usr/local/etc/httpd/httpd.conf to 8080 and in
/usr/local/etc/httpd/extra/httpd-ssl.conf to 8443 so that httpd can run without sudo.

To have launchd start httpd now and restart at login:
  brew services start httpd
Or, if you don't want/need a background service you can just run:
  apachectl start
==> Summary
🍺  /usr/local/Cellar/httpd/2.4.33: 1,633 files, 26.4MB

Windows

常用配置

开机启动

# CentOS 7.x
systemctl enable httpd.service

# CentOS 6.x
chkconfig httpd on

FastCGI 集成 PHP

# Ubuntu 16.04 打开预制 PHP FPM 配置即可。

sudo a2enconf php7.0-fpm
sudo a2enmod proxy proxy_fcgi

详细说明参考 AskUbuntu

# 保存以下配置为指定文件后,手动 Include:

# macOS brew 安装的 apache 2.4+:/usr/local/etc/httpd/extra/httpd-php-fpm.conf
<IfModule !mod_php7.c>
    # Enable http authorization headers
    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1

    <FilesMatch ".+\.ph(p[3457]?|t|tml)$">
#       SetHandler "proxy:unix:/run/php/php7.0-fpm.sock|fcgi://localhost"
        SetHandler "proxy:fcgi://127.0.0.1:9000"
    </FilesMatch>
    <FilesMatch ".+\.phps$">
        # Deny access to raw php sources by default
        # To re-enable it's recommended to enable access to the files
        # only in specific virtual host or directory
        Require all denied
    </FilesMatch>
    # Deny access to files without filename (e.g. '.php')
    <FilesMatch "^\.ph(p[3457]?|t|tml|ps)$">
        Require all denied
    </FilesMatch>
</IfModule>

反向代理

  ServerName www.ng.moha.online
  SSLEngine on
  #   Server Certificate:
  # Point SSLCertificateFile at a PEM encoded certificate.  If
  # the certificate is encrypted, then you will be prompted for a
  # pass phrase.  Note that a kill -HUP will prompt again.  A new
  # certificate can be generated using the genkey(1) command.
  # SSLCertificateFile /etc/pki/tls/certs/localhost.crt
  SSLCertificateFile conf.d/cert/ng.moha.crt

  #   Server Private Key:
  #   If the key is not combined with the certificate, use this
  #   directive to point at the key file.  Keep in mind that if
  #   you've both a RSA and a DSA private key you can configure
  #   both in parallel (to also allow the use of DSA ciphers, etc.)
  # SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
  SSLCertificateKeyFile conf.d/cert/ng.moha.key

  ProxyPreserveHost on

  # Pass variables to target applications.
  # Variable name will be change to HTTP_GE_XXXX format. %{VARNAME}e stands for environment variable.
  RequestHeader   set   "ge-mail"     "%{HTTP_ge_mail}e"
  RequestHeader   set   "ge-fullname" "%{HTTP_ge_cn}e"
  RequestHeader   set   "ge-sso"      "%{HTTP_ge_sub}e"
  RequestHeader   set   "ge-bu"       "%{HTTP_ge_gessobusinessunit}e"
  RequestHeader   set   "ge-location" "%{HTTP_ge_location}e"

  RequestHeader   set   "OIDC-access-token"         "%{OIDC_access_token}e"
  RequestHeader   set   "OIDC-access-token-expires" "%{OIDC_access_token_expires}e"
  RequestHeader   set   "OIDC-refresh-token"        "%{OIDC_refresh_token}e"

  ProxyPass / http://host.docker.internal:8088
  ProxyPassReverse / http://host.docker.internal:8088

开启 status 模块

# macOS brew: Include /usr/local/etc/httpd/extra/httpd-status.conf
<IfModule mod_status.c>
    <Location "/server-status">
        SetHandler server-status
        Require host localhost
    </Location>
</IfModule>

应用开启 Shibboleth 认证

<VirtualHost *:[Apache 侦听端口号]>
    ServerName   [域名,例如:www.moha.online]
    ServerAdmin  [电子邮箱地址]
    DocumentRoot [应用根目录]

    <Directory [应用根目录]/>
        Options FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    <Location />
        AuthType shibboleth
        ShibRequestSetting requireSession false
        ShibRequestSetting applicationId [应用 ID]
        Require shibboleth
    </Location>

    <Location [需要保护的 URL]>
        AuthType shibboleth
        ShibRequestSetting requireSession true
        Require shibboleth
    </Location>

    CustomLog /[日志文件目录]/access.log combined
    ErrorLog  /[日志文件目录]/error.log

</VirtualHost>

调试配置文件

打开 mod_log_debug 模块,调整 LogLevel 到 info 级别后,即可使用 LogMessage 输出内容到 ErrorLog 配置的文件来帮助调试 Apache 配置文件。

<IfModule mod_log_debug.c>
    LogLevel info
</IfModule>

<IfModule mod_log_debug.c>
    LogMessage "===== [] ===== %{REQUEST_URI}"
</IfModule>
Author: njun
njun's picture
Updated: 2020/08/04