posted by 은이종 2016. 4. 21. 14:16

참고용 Apache conf 표준 설정 내역입니다.

======================================

1. httpd.conf

 


ServerRoot "/app/apache"

Listen 80
<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>

User daemon
Group daemon

</IfModule>
</IfModule>

ServerAdmin 메일주소@메일

ServerName localhost
CoreDumpDirectory /app/log/apache/coredump

DocumentRoot "/app/docroot/apache"

#
<Directory />
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>

# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/app/docroot/apache">
Options None
AllowOverride None
Order allow,deny
Allow from all

<LimitExcept GET POST>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>

<Directory "/app/apache/cgi-bin">
AllowOverride None
Options None
Order deny,allow
Deny from all
</Directory>

<LocationMatch "/WEB-INF">
Deny from all
</LocationMatch>

<LocationMatch "/META-INF">
Deny from all
</LocationMatch>

<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>

<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>

LogLevel warn

<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common

<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D %I %O" combinedio
</IfModule>
</IfModule>

SetEnvIfNoCase User-Agent "Zabbix" do_not_log
SetEnvIfNoCase Request_URI "/wscript.jsp" do_not_log
SetEnvIfNoCase Request_URI "/wscript.php" do_not_log
SetEnvIf Remote_Addr "@@ZABBIX_SERVER@@" do_not_log
#SetEnvIf Remote_Addr "127.0.0.1" do_not_log

ErrorLog "|/app/apache/bin/rotatelogs -l /app/log/apache/error_%Y%m%d.log 86400"
CustomLog "|/app/apache/bin/rotatelogs -l /app/log/apache/access_%Y%m%d.log 86400" combined env=!do_not_log

Alias /errors/ "/app/docroot/apache/errors/"

ErrorDocument 400 "Error"
ErrorDocument 401 "Error"
ErrorDocument 402 "Error"
ErrorDocument 403 "Error"
ErrorDocument 404 "Error"
ErrorDocument 405 "Error"
ErrorDocument 406 "Error"
ErrorDocument 407 "Error"
ErrorDocument 408 "Error"
ErrorDocument 409 "Error"
ErrorDocument 410 "Error"
ErrorDocument 411 "Error"
ErrorDocument 412 "Error"
ErrorDocument 413 "Error"
ErrorDocument 414 "Error"
ErrorDocument 415 "Error"
ErrorDocument 416 "Error"
ErrorDocument 417 "Error"
ErrorDocument 422 "Error"
ErrorDocument 423 "Error"
ErrorDocument 424 "Error"
ErrorDocument 426 "Error"
ErrorDocument 500 "Error"
ErrorDocument 501 "Error"
ErrorDocument 502 "Error"
ErrorDocument 503 "Error"
ErrorDocument 504 "Error"
ErrorDocument 505 "Error"
ErrorDocument 506 "Error"
ErrorDocument 507 "Error"
ErrorDocument 508 "Error"
ErrorDocument 510 "Error"

<IfModule cgid_module>
</IfModule>

DefaultType text/plain

<IfModule mime_module>
TypesConfig conf/mime.types

AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz

AddType application/x-httpd-php .php .php3 .inc .ph .htm
AddType application/x-httpd-php-source .phps
</IfModule>

FileETag None

<ifmodule mod_expires.c>
<Filesmatch "\.(jpg|jpeg|png|gif|swf)$">
ExpiresActive on
ExpiresDefault "access plus 4 years"
</Filesmatch>

<Filesmatch "\.(vss|js)$">
ExpiresActive on
ExpiresDefault "access plus 1 month"
</Filesmatch>
</ifmodule>

<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

DeflateCompressionLevel 9

<Location />
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip

BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html

SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|jpg|swf)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:xml)$ no-gzip dont-vary

</Location>

# TRACE-TRACK 제거

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

# all request ssl rewrite
#RewriteCond %{HTTPS} off
#RewriteCond %{REQUEST_URI} !^/jkmanager/*
#RewriteCond %{REQUEST_URI} !^/server-status*
#RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

#RewriteEngine on
#RewriteCond %{HTTP_HOST} ^skplanetoneid\.com
#RewriteRule (.*)
https://www.%{HTTP_HOST}%{REQUEST_URI} [R]

UserDir disabled

Include conf/extra/httpd-default.conf
Include conf/extra/httpd-mpm.conf

Include conf/extra/httpd-vhosts.conf

#Include conf/extra/httpd-languages.conf
#Include conf/extra/httpd-ssl.conf

##### Tomcat 연동시 아래설정 주석해재 #####

#LoadModule jk_module modules/mod_jk.so

#<IfModule jk_module>
# JkWorkersFile conf/workers.properties
# JkLogFile "|/app/apache/bin/rotatelogs -l /app/log/apache/mod_jk.%Y%m%d.log 86400"
# JkLogLevel info
# JkShmFile logs/mod_jk.shm
# JkWatchdogInterval 60
# JkOptions +FlushPackets +FlushHeader
#</IfModule>

======================================================

extra/httpd-default.conf

#
Timeout 15
KeepAlive Off
MaxKeepAliveRequests 1000
KeepAliveTimeout 5
UseCanonicalName Off
AccessFileName .htaccess
ServerTokens Prod
ServerSignature Off
HostnameLookups Off
TraceEnable Off

LimitRequestFieldsize 10000
LimitRequestBody 10000000

Include conf/extra/httpd-mpm.conf (활성화)

# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_prefork_module>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxClients 150
MaxRequestsPerChild 0
</IfModule>

# worker MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_worker_module>

ServerLimit 8
StartServers 8
MinSpareThreads 124
MaxSpareThreads 372
ThreadsPerChild 62
MaxClients 496
MaxRequestsPerChild 10000

</IfModule>

=================================================================

extra/httpd-vhosts.conf

#NameVirtualHost _default_:80
<VirtualHost _default_:80>
ServerName _default_:80
DocumentRoot /app/docroot/apache/
CustomLog "|/app/apache/bin/rotatelogs -l /app/log/apache/
www.domain.com-access_log-%Y%m%d.log 86400" combined env=!do_not_log
ErrorLog "|/app/apache/bin/rotatelogs -l /app/log/apache/
www.domain.com-error_log-%Y%m%d.log 86400"
JkMount /*.jsp Tomcat
JkMount /*.do Tomcat
</VirtualHost>

==================================================================

extra/httpd-languages.conf (필요시)

#
# Settings for hosting different languages.
#
# Required modules: mod_mime, mod_negotiation

# DefaultLanguage and AddLanguage allows you to specify the language of
# a document. You can then use content negotiation to give a browser a
# file in a language the user can understand.
#
# Specify a default language. This means that all data
# going out without a specific language tag (see below) will
# be marked with this one. You probably do NOT want to set
# this unless you are sure it is correct for all cases.
#
# * It is generally better to not mark a page as
# * being a certain language than marking it with the wrong
# * language!
#
# DefaultLanguage nl
#
# Note 1: The suffix does not have to be the same as the language
# keyword --- those with documents in Polish (whose net-standard
# language code is pl) may wish to use "AddLanguage pl .po" to
# avoid the ambiguity with the common suffix for perl scripts.
#
# Note 2: The example entries below illustrate that in some cases
# the two character 'Language' abbreviation is not identical to
# the two character 'Country' code for its country,
# E.g. 'Danmark/dk' versus 'Danish/da'.
#
# Note 3: In the case of 'ltz' we violate the RFC by using a three char
# specifier. There is 'work in progress' to fix this and get
# the reference data for rfc1766 cleaned up.
#
# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
# Norwegian (no) - Polish (pl) - Portugese (pt)
# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
# Turkish (tr) - Simplified Chinese (zh-CN) - Spanish (es)
# Traditional Chinese (zh-TW)
#
AddLanguage ca .ca
AddLanguage cs .cz .cs
AddLanguage da .dk
AddLanguage de .de
AddLanguage el .el
AddLanguage en .en
AddLanguage eo .eo
AddLanguage es .es
AddLanguage et .et
AddLanguage fr .fr
AddLanguage he .he
AddLanguage hr .hr
AddLanguage it .it
AddLanguage ja .ja
AddLanguage ko .ko
AddLanguage ltz .ltz
AddLanguage nl .nl
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddLanguage pt .pt
AddLanguage pt-BR .pt-br
AddLanguage ru .ru
AddLanguage sv .sv
AddLanguage tr .tr
AddLanguage zh-CN .zh-cn
AddLanguage zh-TW .zh-tw

# LanguagePriority allows you to give precedence to some languages
# in case of a tie during content negotiation.
#
# Just list the languages in decreasing order of preference. We have
# more or less alphabetized them here. You probably want to change this.
#
LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW

#
# ForceLanguagePriority allows you to serve a result page rather than
# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
# [in case no accepted languages matched the available variants]
#
ForceLanguagePriority Prefer Fallback

#
# Commonly used filename extensions to character sets. You probably
# want to avoid clashes with the language extensions, unless you
# are good at carefully testing your setup after each change.
# See
http://www.iana.org/assignments/character-sets for the
# official list of charset names and their respective RFCs.
#
AddCharset us-ascii.ascii .us-ascii
AddCharset ISO-8859-1 .iso8859-1 .latin1
AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
AddCharset ISO-8859-3 .iso8859-3 .latin3
AddCharset ISO-8859-4 .iso8859-4 .latin4
AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru
AddCharset ISO-8859-6 .iso8859-6 .arb .arabic
AddCharset ISO-8859-7 .iso8859-7 .grk .greek
AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew
AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk
AddCharset ISO-8859-10 .iso8859-10 .latin6
AddCharset ISO-8859-13 .iso8859-13
AddCharset ISO-8859-14 .iso8859-14 .latin8
AddCharset ISO-8859-15 .iso8859-15 .latin9
AddCharset ISO-8859-16 .iso8859-16 .latin10
AddCharset ISO-2022-JP .iso2022-jp .jis
AddCharset ISO-2022-KR .iso2022-kr .kis
AddCharset ISO-2022-CN .iso2022-cn .cis
AddCharset Big5.Big5 .big5 .b5
AddCharset cn-Big5 .cn-big5
# For russian, more than one charset is used (depends on client, mostly):
AddCharset WINDOWS-1251 .cp-1251 .win-1251
AddCharset CP866 .cp866
AddCharset KOI8 .koi8
AddCharset KOI8-E .koi8-e
AddCharset KOI8-r .koi8-r .koi8-ru
AddCharset KOI8-U .koi8-u
AddCharset KOI8-ru .koi8-uk .ua
AddCharset ISO-10646-UCS-2 .ucs2
AddCharset ISO-10646-UCS-4 .ucs4
AddCharset UTF-7 .utf7
AddCharset UTF-8 .utf8
AddCharset UTF-16 .utf16
AddCharset UTF-16BE .utf16be
AddCharset UTF-16LE .utf16le
AddCharset UTF-32 .utf32
AddCharset UTF-32BE .utf32be
AddCharset UTF-32LE .utf32le
AddCharset euc-cn .euc-cn
AddCharset euc-gb .euc-gb
AddCharset euc-jp .euc-jp
AddCharset euc-kr .euc-kr
#Not sure how euc-tw got in - IANA doesn't list it???
AddCharset EUC-TW .euc-tw
AddCharset gb2312 .gb2312 .gb
AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2
AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4
AddCharset shift_jis .shift_jis .sjis

===============================================

extra/httpd-ssl.conf

#
Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

SSLPassPhraseDialog builtin
#SSLPassPhraseDialog
exec:/app/apache/conf/sslkey/pass.sh
SSLSessionCache "shmcb:/app/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLMutex "
file:/app/apache/logs/ssl_mutex"

################################################
#Redirect 404 /favicon.ico
#<Location /favicon.ico>
# ErrorDocument 404 "No favicon"
#</Location>
#
#SetEnvIf Request_URI "favicon.ico" do_not_log

#NameVirtualhost *:443

<VirtualHost _default_:443>

# General setup for the virtual host
DocumentRoot "/app/docroot/apache"
ServerName _default_:443
ServerAdmin 메일주소@메일

# default single domain
CustomLog "|/app/apache/bin/rotatelogs -l /app/log/apache/ssl_access_log-%Y%m%d.log 86400" combined env=!do_not_log
ErrorLog "|/app/apache/bin/rotatelogs -l /app/log/apache/ssl_error_log-%Y%m%d.log 86400"
CustomLog "|/app/apache/bin/rotatelogs -l /app/log/apache/ssl_request_log.%Y%m%d 86400" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" env=!do_not_log

# for multi domain
#CustomLog "|/app/apache/bin/rotatelogs -l /app/log/apache/
www.domain.com-ssl_access_log-%Y%m%d.log 86400" combined env=!do_not_log
#ErrorLog "|/app/apache/bin/rotatelogs -l /app/log/apache/
www.domain.com-ssl_error_log-%Y%m%d.log 86400"
#CustomLog "|/app/apache/bin/rotatelogs -l /app/log/apache/
www.domain.com-ssl_request_log.%Y%m%d 86400" \
# "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" env=!do_not_log

JkMount /*.jsp Tomcat
JkMount /*.do Tomcat

SSLEngine on
SSLProtocol ALL -SSLv2
SSLHonorCipherOrder on
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:RC4-SHA:RC4-MD5:AES256-SHA256:AES128-SHA256:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!SSLv2

SSLCertificateFile        "인증서"
SSLCertificateKeyFile    "인증서
"
SSLCertificateChainFile "인증서
"
SSLCACertificateFile    "인증서
"

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/app/apache/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>

'Web/WAS > Apache' 카테고리의 다른 글

Apache Log 2개로 분리하기  (0) 2017.08.11
mod_define  (0) 2016.05.17
Apache socket_timeout , reply_timeout 설정  (0) 2015.12.30
Apache pagespeed 설치  (0) 2015.03.18
Apache method 설정  (0) 2014.11.25