Apache Web page and security optimization in Linux system

Apache Web page optimization

Apache Web page optimization overview

  • In an enterprise, only the default configuration parameters are used after Apache deployment, which will cause many problems in the website. In other words, the default configuration is for the previous lower server configuration. The previous configuration is no longer applicable in the Internet age
  • In order to meet the needs of enterprises, we need to consider how to improve the performance and stability of Apache, which is the content of Apache optimization

Optimize content

  • Configure web page compression
  • Selection of working mode and optimization of parameters
  • Configure anti-theft chain
  • Configure hidden version number
  • .......

Web page compression

gzip introduction

  • To configure Apache's web page compression function, gzip compression algorithm is used to compress the web page content and then transfer it to the client browser
  • Effect
    • Reduce the number of bytes transmitted by the network and speed up the loading of web pages
    • Save traffic and improve users' browsing experience
    • gzip has a better relationship with the grabbing tool of search engine

Apache's compression module

  • The function modules of Apache to realize web page compression include

    • Mod? Gzip module
    • Mod? Deflate module
  • Apache 1.x

    • There is no built-in web page compression technology, but compression can be performed using a third-party mod ﹣ gzip module
  • Apache 2.x

    • During the development, the module of mod ﹣ deflate was built in to replace mod ﹣ gzip
  • Mod gzip module and mod deflate module
    • Both of them use gzip compression algorithm, with similar operation principle
    • Mod ABCD deflate compression speed is slightly faster, while mod ABCD gzip compression ratio is slightly higher
    • Mod ﹣ gzip takes up a little more CPU of the server
    • For high traffic servers, using mod ﹣ deflate may load faster than mod ﹣ gzip

Configure web page compression

[root@localhost ~]# mount.cifs //192.168.100.10/lamp-c7 /mnt / / mount the source package storage directory in the host computer to the mnt directory
Password for root@//192.168.100.10/lamp-c7:  
[root@localhost ~]# cd /mnt / / / enter the mount directory
[root@localhost mnt]# ls / / see you
apr-1.6.2.tar.gz       cronolog-1.6.2-14.el7.x86_64.rpm  httpd-2.4.29.tar.bz2  mysql-5.6.26.tar.gz
apr-util-1.6.0.tar.gz  Discuz_X2.5_SC_UTF8.zip           LAMP-php5.6.txt       nginx-1.12.0.tar.gz
awstats-7.6.tar.gz     error.png                         miao.jpg              php-5.6.11.tar.bz2
[root@localhost mnt]# tar jxvf httpd-2.4.29.tar.bz2 -C /opt / / extract the source package
[root@localhost mnt]# tar zxvf apr-1.6.2.tar.gz -C /opt
[root@localhost mnt]# tar zxvf apr-util-1.6.0.tar.gz -C /opt/
[root@localhost mnt]# cd /opt
[root@localhost opt]# ls
apr-1.6.2  apr-util-1.6.0  httpd-2.4.29  rh
[root@localhost opt]# mv apr-1.6.2/ httpd-2.4.29/srclib/apr / / put the extracted environment package into the httpd-2.4.29 directory
[root@localhost opt]# mv apr-util-1.6.0/ httpd-2.4.29/srclib/apr-util
[root@localhost opt]# cd httpd-2.4.29 / / enter httpd-2.4.29 directory
[root@localhost httpd-2.4.29]# yum install gcc gcc-c++ pcre-devel pcre zlib-devel expat-devel 
perl -y
//Install environment package
[root@localhost httpd-2.4.29]# . / configure -- prefix = / usr / local / httpd -- enable deflate -- enable so -- enable expires -- enable rewrite -- enable charset Lite -- enable CGI / / configure the setup file
[root@localhost httpd-2.4.29]# Make & & make install / / install the service
  • Enter http service profile to check whether compression module service is enabled
[root@localhost httpd-2.4.29]# cd /usr/local/httpd/conf/
[root@localhost conf]# ls
extra  httpd.conf  magic  mime.types  original
[root@localhost conf]# ln -s /usr/local/httpd/conf/httpd.conf /etc/httpd.conf
[root@localhost conf]# vim /etc/httpd.conf
...//Omit parts
#LoadModule charset_lite_module modules/mod_charset_lite.so
LoadModule deflate_module modules/mod_deflate.so         //Find this entry and turn it on
LoadModule mime_module modules/mod_mime.so
...//Omit parts
#LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so          //Check whether the request header module is turned on
#LoadModule unique_id_module modules/mod_unique_id.so
...//Omit parts
#LoadModule include_module modules/mod_include.so
LoadModule filter_module modules/mod_filter.so             //Check whether the filter module is on
#LoadModule substitute_module modules/mod_substitute.so
...//Omit parts
<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml text/javascript text/jpg text/png                           //Write the compression module support file at the end of the file
  DeflateCompressionLevel 9        //Create entry with compression level 9 high compression ratio
  SetOutputFilter DEFLATE          //Set compression module as default module load
</IfModule>            
:wq                        //Save exit
[root@localhost conf]# /usr/local/httpd/bin/apachectl -t / / use the command to test whether the syntax of the configuration file is normal
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
//Prompt: domain name is not set
Syntax OK   //Normal grammar
[root@localhost conf]# vim /etc/httpd.conf / / edit the main configuration file
...//Omit parts
# prevent Apache from glomming onto all bound IP addresses.
#
Listen 192.168.144.133:80             //Open and change the listening interface
#Listen 80
...//Omit parts
# If your host doesn't have a registered DNS name, enter its IP address here.
#
ServerName www.kgc.com:80        //Open and change domain name
...//Omit parts
:wq
[root@localhost conf]# /usr/local/httpd/bin/apachectl -t / / check the syntax again
Syntax OK        //Normal grammar
[root@localhost conf]# cp /usr/local/httpd/bin/apachectl /etc/init.d/httpd 
//Copy the startup script to the init.d directory and name it httpd 
[root@localhost conf]# vim /etc/init.d/httpd 
#!/bin/sh
# chkconfig: 35 85 21 
# description: Apache is a World Wide Web server / / add declaration information under the first line
...//Omit parts
[root@localhost conf]# chkconfig --add httpd / / add httpd to the SERVICE manager
[root@localhost conf]# ln -s /usr/local/httpd/bin/* /usr/local/bin/ 
//Link the http command to the directory / usr/local/bin /
[root@localhost conf]# service httpd start / / use the service command to start the HTTP service
[root@localhost conf]# netstat -ntap | grep 80 / / check whether the port is enabled
tcp        0      0 192.168.144.133:80      0.0.0.0:*               LISTEN      42332/httpd
[root@localhost conf]# systemctl stop firewalld.service / / turn off firewall protection
[root@localhost conf]# setenforce 0 / / turn off enhanced security
[root@localhost conf]# cd /usr/local/httpd/bin / / enter the directory
[root@localhost bin]# . / apachectl - t - D dump_modules| grep "deflate" / / check whether the compression module is on
 deflate_module (shared)           //Successfully opened
  • This starts a win 10 virtual machine and installs the package grabbing tool in the virtual machine Grab tool download

  • Visit the webpage provided by http service in the client browser and view the package grabbing tool

  • Insert a picture into the web page to check whether the page compression function can work normally
[root@localhost bin]# cd /mnt / / enter mount point
[root@localhost mnt]# ls / / view
apr-1.6.2.tar.gz       cronolog-1.6.2-14.el7.x86_64.rpm  httpd-2.4.29.tar.bz2  mysql-5.6.26.tar.gz
apr-util-1.6.0.tar.gz  Discuz_X2.5_SC_UTF8.zip           LAMP-php5.6.txt       nginx-1.12.0.tar.gz
awstats-7.6.tar.gz     error.png                         miao.jpg              php-5.6.11.tar.bz2
[root@localhost mnt]# cp miao.jpg /usr/local/httpd/htdocs / / copy the picture to the http site directory
[root@localhost mnt]# cd /usr/local/httpd/htdocs/
[root@localhost htdocs]# ls
index.html  miao.jpg
[root@localhost htdocs]# vim index.html 
<html><body><h1>It works!</h1>
<img src="miao.jpg"/>
</body></html>
:wq
  • Visit the web page again in the client

Tags: Linux Apache vim RPM MySQL

Posted on Wed, 06 Nov 2019 18:19:21 -0500 by Taro