在CentOS上配置和优化Apache服务器是一个涉及多个方面的过程,旨在提高服务器的性能、安全性和稳定性。以下是一些关键的优化技巧和步骤:
sudo yum update -y
sudo yum install httpd -y
sudo systemctl start httpd
sudo systemctl enable httpd
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
httpd.conf
中添加以下行来启用KeepAlive:KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
prefork
模块:<IfModule mpm_prefork_module>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxRequestWorkers 150
MaxConnectionsPerChild 0
</IfModule>
mod_expires
模块启用静态文件缓存:<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType text/css "access plus 30 days"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType application/javascript "access plus 30 days"
</IfModule>
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/javascript
</IfModule>
/etc/sysctl.conf
文件,调整TCP连接数、文件句柄数等参数:net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
sudo yum install epel-release -y
sudo yum install certbot python2-certbot-apache -y
sudo certbot --apache -d yourdomain.com -d www.yourdomain.com
httpd.conf
中修改ServerTokens
和ServerSignature
指令以隐藏版本信息。通过上述优化技巧,可以显著提高CentOS上Apache服务器的性能和安全性。在进行任何配置更改后,请确保重新启动Apache服务以使更改生效。