The httpd.conf file is the main configuration file for the Apache web server. A lot options exist, and it's important to read the documentation that comes with Apache for more information on different settings
and parameters. The following configuration example is a minimal working configuration file for Apache, with SSL support. Also, it's important to note that we only comment the parameters that relate to security
and optimization, and leave all the others to your own research.
Edit the httpd.conf file, vi /etc/httpd/conf/httpd.conf and add/change:
### Section 1: Global Environment
#
ServerType standalone
ServerRoot "/etc/httpd"
PidFile /var/run/httpd.pid
ResourceConfig /dev/null
AccessConfig /dev/null
Timeout 300
KeepAlive On
MaxKeepAliveRequests 0
KeepAliveTimeout 15
MinSpareServers 16
MaxSpareServers 64
StartServers 16
MaxClients 512
MaxRequestsPerChild 100000
### Section 2: 'Main' server configuration
#
Port 80
<IfDefine SSL>
Listen 80
Listen 443
</IfDefine>
User www
Group www
ServerAdmin admin@openna.com
ServerName www.openna.com
DocumentRoot "/home/httpd/ona"
<Directory />
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Directory "/home/httpd/ona">
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Files .pl>
Options None
AllowOverride None
Order deny,allow
Deny from all
</Files>
<IfModule mod_dir.c>
DirectoryIndex index.htm index.html index.php index.php3 default.html index.cgi
</IfModule>
#<IfModule mod_include.c>
#Include conf/mmap.conf
#</IfModule>
UseCanonicalName On
<IfModule mod_mime.c>
TypesConfig /etc/httpd/conf/mime.types
</IfModule>
DefaultType text/plain
HostnameLookups Off
ErrorLog /var/log/httpd/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
SetEnvIf Request_URI \.gif$ gif-image
CustomLog /var/log/httpd/access_log combined env=!gif-image
ServerSignature Off
<IfModule mod_alias.c>
ScriptAlias /cgi-bin/ "/home/httpd/cgi-bin/"
<Directory "/home/httpd/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
</IfModuleGT;
<IfModule mod_mime.c>
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz
AddType application/x-tar .tgz
</IfModule>
ErrorDocument 500 "The server made a boo boo.
ErrorDocument 404 http://192.168.1.1/error.htm
ErrorDocument 403 "Access Forbidden -- Go away.
<IfModule mod_setenvif.c>
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
</IfModule>
### Section 3: Virtual Hosts
#
<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfDefine>
<IfModule mod_ssl.c>
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/run/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog /var/log/httpd/ssl_engine_log
SSLLogLevel warn
</IfModule>
<IfDefine SSL>
<VirtualHost _default_:443>
DocumentRoot "/home/httpd/ona"
ServerName www.openna.com
ServerAdmin admin@openna.com
ErrorLog /var/log/httpd/error_log
SSLEngine on
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
SSLCACertificatePath /etc/ssl/certs
SSLCACertificateFile /etc/ssl/certs/ca.crt
SSLCARevocationPath /etc/ssl/crl
SSLVerifyClient none
SSLVerifyDepth 10
SSLOptions +ExportCertData +StrictRequire
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
SetEnvIf Request_URI \.gif$ gif-image
CustomLog /var/log/httpd/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" env=!gif-image
</VirtualHost>
</IfDefine>
This tells httpd.conf file to set itself up for this particular configuration setup with:
ServerType standalone
The option ServerType specifies how Apache should run on the system. You can run it from the super-server inetd, or as standalone daemon. It's highly recommended to run Apache in standalone type for
better performance and speed.
ServerRoot "/etc/httpd"
The option ServerRoot specifies the directory in which the configuration files of the Apache server lives. It allows Apache to know where it can find its configuration files when it starts.
PidFile /var/run/httpd.pid
The option PidFile specifies the location where the server will record the process id of the daemon when it starts. This option is only required when you configure Apache in standalone mode.
ResourceConfig /dev/null
The option ResourceConfig specifies the location of the old srm.conf file that Apache read after it finished reading the httpd.conf file. When you set the location
to /dev/null, Apache allows you to include the content of this file in httpd.conf file, and in this manner, you have just one file that handles all your configuration
parameters for simplicity.
AccessConfig /dev/null
The option AccessConfig specifies the location of the old access.conf file that Apache read after it finished reading the srm.conf file. When you set the location to /dev/null,
Apache allows you to include the content of this file in httpd.conf file, and in this manner, you have just one file that handles all your configuration parameters for simplicity.
Timeout 300
The option Timeout specifies the amount of time Apache will wait for a GET, POST, PUT request and ACKs on transmissions. You can safely leave this option on its default values.
KeepAlive On
The option KeepAlive, if set to On, specifies enabling persistent connections on this web server. For better performance, it's recommended to set this option to On, and allow more than one request per connection.
MaxKeepAliveRequests 0
The option MaxKeepAliveRequests specifies the number of requests allowed per connection when the KeepAlive option above is set to On. When the value of this option is set to 0 then unlimited
requests are allowed on the server. For server performance, it's recommended to allow unlimited requests.
KeepAliveTimeout 15
The option KeepAliveTimeout specifies how much time, in seconds, Apache will wait for a subsequent request before closing the connection. The value of 15 seconds is a good average for server performance.
MinSpareServers 16
The option MinSpareServers specifies the minimum number of idle child server processes for Apache, which is not handling a request. This is an important tuning parameter regarding the performance of the Apache web server. For
high load operation, a value of 16 is recommended by various benchmarks on the Internet.
MaxSpareServers 64
The option MaxSpareServers specifies the maximum number of idle child server processes for Apache, which is not handling a request. This is also an important tuning parameter regarding the performance of the Apache web
server. For high load operation, a value of 64 is recommended by various benchmarks on the Internet.
StartServers 16
The option StartServers specifies the number of child server processes that will be created by Apache on start-up. This is, again, an important tuning parameter regarding the performance of the Apache web server. For high
load operation, a value of 16 is recommended by various benchmarks on the Internet.
MaxClients 512
The option MaxClients specifies the number of simultaneous requests that can be supported by Apache. This too is an important tuning parameter regarding the performance of the Apache web server. For high load
operation, a value of 512 is recommended by various benchmarks on the Internet.
MaxRequestsPerChild 100000
The option MaxRequestsPerChild specifies the number of requests that an individual child server process will handle. This too is an important tuning parameter regarding the performance of the Apache web server.
User www
The option User specifies the UID that Apache server will run as. It's important to create a new user that has minimal access to the system, and functions just for the purpose of running the
web server daemon.
Group www
The option Group specifies the GID the Apache server will run as. It's important to create a new group that has minimal access to the system and functions just for the purpose of running the web server daemon.
DirectoryIndex index.htm index.html index.php index.php3 default.html index.cgi
The option DirectoryIndex specifies the files to use by Apache as a pre-written HTML directory index. In other words, if Apache can't find the default index page to display, it'll try the next entry in this parameter, if
available. To improve performance of your web server it's recommended to list the most used default index pages of your web site first.
Include conf/mmap.conf
The option Include specifies the location of other files that you can include from within the server configuration files httpd.conf. In our case, we include the mmap.conf file located
under /etc/httpd/conf directory. This file mmap.conf maps files into memory for faster serving. See the section on Optimizing Apache for more information.
HostnameLookups Off
The option HostnameLookups, if set to Off, specifies the disabling of DNS lookups. It's recommended to set this option to Off in order to save the network traffic time, and to improve
the performance of your Apache web server.