优化启用网站压缩deflate
1.查看并启用mod_deflate ,压缩传输
查看mod_deflate:
apachectl -M |grep deflate
如果有显示,则表示已启用压缩;如果没有显示,则需要手动启动deflate模块:
vim /usr/local/httpd/conf/httpd.conf
定位并去除“#”号:LoadModule deflate_module modules/mod_deflate.so
2.在httpd.conf配置文件末尾,添加deflate参数配置
vim /usr/local/httpd/conf/httpd.conf
添加:
<IfModule mod_deflate.c> DeflateCompressionLevel 6 SetOutputFilter DEFLATE #AddOutputFilterByType DEFLATE text/html text/plain text/xml application/x-javascript application/x-httpd-php #AddOutputFilterByType DEFLATE image/* AddOutputFilterByType DEFLATE text/* AddOutputFilterByType DEFLATE application/ms* application/vnd* application/postscript application/javascript application/x-javascript AddOutputFilterByType DEFLATE application/x-httpd-php application/x-httpd-fastphp SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ no-gzip dont-vary SetEnvIfNoCase Request_URI .(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary SetEnvIfNoCase Request_URI .(?:pdf|mov|avi|mp3|mp4|rm)$ no-gzip dont-vary </IfModule>
3.保存退出,重启服务
systemctl restart httpd
优化启用网站缓存expires
1.修改网站配置文件,启动expires模块
vim /usr/local/httpd/conf/httpd.conf
定位并去除“#”号:LoadModule expires_module modules/mod_expires.so
2.在配置文件末尾添加,expires配置参数
<IfModule mod_expires.c> ExpiresActive On ExpiresByType text/css "now plus 1 month" ExpiresByType application/x-javascript "now plus 5 day" ExpiresByType image/jpeg "access plus 1 month" ExpiresByType image/gif "access plus 1 month" ExpiresByType image/bmp "access plus 1 month" ExpiresByType image/x-icon "access plus 1 month" ExpiresByType image/png "access plus 1 minute" ExpiresByType application/x-shockwave-flash "access plus 1 month" ExpiresDefault "now plus 0 minute" </IfModule>
3.保存退出,重启服务
systemctl restart httpd
禁止网站目录遍历
打开httpd.conf
vim /usr/local/httpd/conf/httpd.conf
定位:
Options Indexes FollowSymLinks
去除Indexes
保存退出,重启服务
apache隐藏版本号
1.主配置文件启用httpd-default.conf
vim /usr/local/httpd/conf/httpd.conf
定位并去除“#”号:Include conf/extra/httpd-default.conf
保存退出
2.修改httpd-default.conf配置
vim /usr/local/httpd/conf/extra/httpd-default.conf
修改:
1. ServerTokens Prod 2. ServerSignature Off
保存退出
3.重启httpd服务
systemctl restart httpd
配置httpd日志轮替切割
1.禁止默认日志保存配置
vim /usr/local/httpd/conf/httpd.conf
定位并禁用:
#ErrorLog "logs/error_log"
#CustomLog "logs/access_log" common
添加的轮替策略:
ErrorLog "|/usr/local/httpd/bin/rotatelogs -l logs/error_%Y%m%d.log 86400" CustomLog "|/usr/local/httpd/bin/rotatelogs -l logs/access_%Y%m%d.log 86400" combined
保存退出
2.重启httpd服务
systemctl restart httpd
号外提醒:系统日志及系统服务日志,由专门日志轮替配置服务管理
配置文件为:/etc/logrotate.conf
配置防盗链
1.配置文件启用rewrite模块
vim /usr/local/httpd/conf/httpd.conf
定位并去除“#”号:LoadModule rewrite_module modules/mod_rewrite.so
保存退出
2.打开虚拟主机配置文件
vim /usr/local/httpd/conf/extra/httpd-vhosts.conf
在<VirtualHost>内部添加:
RewriteEngine On RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://benet.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://benet.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.benet.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.benet.com$ [NC] RewriteRule . *\.(gif|jpg|swf)$http://www.benet.com/about/nolink.png[R,NC,L]
保存退出
3.重启httpd服务
systemctl restart httpd
号外:可以使用另一方式实现防盗链 referer
在php服务器上安装xcache缓存,提高网站访问速度
1.上传或下载xcache安装包
上传xcache安装包到虚拟机
2.安装xcache
tar xf xcache-3.2.0.tar.gz cd xcache-3.2.0/ yum -y install autoconf /usr/local/php5.6/bin/phpize ./configure --enable-xcache --enable-xcache-coverager --enable-xcache-optimizer --with-php-config=/usr/local/php5.6/bin/php-config make && make install
3.创建缓存文件并赋权
1. touch /tmp/xcache 2. chmod 777 /tmp/xcache
4.复制xcache网站目录到php和httpd网站根目录下
cp -r htdocs/ /var/www/benet/xcache
5.修改php配置文件,添加xcache参数,重启php-fpm
vim /etc/php.ini
添加到文件末尾:
[xcache-common]
extension = /usr/local/php5.6/lib/php/extensions/no-debug-zts-20131226/xcache.so #把xcache.so前的路径换成自己make install的最后一行路径
[xcache.admin] xcache.admin.enable_auth = Off [xcache] xcache.shm_scheme ="mmap" xcache.size=60M xcache.count =1 xcache.slots =8K xcache.ttl=0 xcache.gc_interval =0 xcache.var_size=64M xcache.var_count =1 xcache.var_slots =8K xcache.var_ttl=0 xcache.var_maxttl=0 xcache.var_gc_interval =300 xcache.test =Off xcache.readonly_protection = Off xcache.mmap_path ="/tmp/xcache" xcache.coredump_directory ="" xcache.cacher =On xcache.stat=On xcache.optimizer =Off [xcache.coverager] xcache.coverager =On xcache.coveragedump_directory =""
保存退出
重启服务:
systemctl restart php-fpm
6.访问httpd的xcache虚拟目录,验证(ab压力测试后)
http://192.168.8.10/xcache
