communication
27-04-2010, 01:14
وبعد بحث كثير عن عمل con figuration للملف وجدت هذا عجبني جدا وان كان شرحه مش تفصيلي ياريت أحد يتكرم يشرحه بأمثله حيث أني مبتدأ وفيما يلي هحاول تعريب الكلام عشا قوانين المنتدى
29.9. Configure the /etc/httpd/conf/httpd.conf file
The httpd.conf file is the main configuration file for the Apache web server. A lot options exist, and it's important to read the documentation that comes with Apache for more information on different settings and parameters. The following configuration example is a minimal working configuration file for Apache, with SSL support. Also, it's important to note that we only comment the parameters that relate to security and optimization, and leave all the others to your own research.
ملف httpd.conf هو ملف الconfiguration الرئيسي وبه كثير من الخيارات من المهم قرا ءة الملف الكتابي الملحق لمعرفة اكثر عن اعدادته وفي هذه الاعدادت سيكون التركيز على apache مع ssl والاهتمام بكل ما يخص secuirty وسنترك لك البححث في باقي الخيارات
Edit the httpd.conf file, vi /etc/httpd/conf/httpd.conf and add/change:
تحرير الملف
### الجزء الاول (لا أعرف ترجمته)Section 1: Global Environment
#
ServerType standalone
ServerRoot "/etc/httpd"
PidFile /var/run/httpd.pid
ResourceConfig /dev/null
AccessConfig /dev/null
Timeout 300
KeepAlive On
MaxKeepAliveRequests 0
KeepAliveTimeout 15
MinSpareServers 16
MaxSpareServers 64
StartServers 16
MaxClients 512
MaxRequestsPerChild 100000
### Section 2: 'Main' server configuration
#
Port 80
<IfDefine SSL>
Listen 80
Listen 443
</IfDefine>
User www
Group www
ServerAdmin admin@openna.com
ServerName www.openna.com (https://www.openna.com/)
DocumentRoot "/home/httpd/ona"
<Directory />
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Directory "/home/httpd/ona">
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Files .pl>
Options None
AllowOverride None
Order deny,allow
Deny from all
</Files>
<IfModule mod_dir.c>
DirectoryIndex index.htm index.html index.php index.php3 default.html index.cgi
</IfModule>
#<IfModule mod_include.c>
#Include conf/mmap.conf
#</IfModule>
UseCanonicalName On
<IfModule mod_mime.c>
TypesConfig /etc/httpd/conf/mime.types
</IfModule>
DefaultType text/plain
HostnameLookups Off
ErrorLog /var/log/httpd/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
SetEnvIf Request_URI \.gif$ gif-image
CustomLog /var/log/httpd/access_log combined env=!gif-image
ServerSignature Off
<IfModule mod_alias.c>
ScriptAlias /cgi-bin/ "/home/httpd/cgi-bin/"
<Directory "/home/httpd/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
</IfModuleGT;
<IfModule mod_mime.c>
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz
AddType application/x-tar .tgz
</IfModule>
ErrorDocument 500 "The server made a boo boo.
ErrorDocument 404 https://192.168.1.1/error.htm
ErrorDocument 403 "Access Forbidden -- Go away.
<IfModule mod_setenvif.c>
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
</IfModule>
الجزء الثالث ### Section 3: Virtual Hosts
#
<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfDefine>
<IfModule mod_ssl.c>
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/run/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog /var/log/httpd/ssl_engine_log
SSLLogLevel warn
</IfModule>
<IfDefine SSL>
<VirtualHost _default_:443>
DocumentRoot "/home/httpd/ona"
ServerName www.openna.com (https://www.openna.com/)
ServerAdmin admin@openna.com
ErrorLog /var/log/httpd/error_log
SSLEngine on
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+e NULL
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
SSLCACertificatePath /etc/ssl/certs
SSLCACertificateFile /etc/ssl/certs/ca.crt
SSLCARevocationPath /etc/ssl/crl
SSLVerifyClient none
SSLVerifyDepth 10
SSLOptions +ExportCertData +StrictRequire
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
SetEnvIf Request_URI \.gif$ gif-image
CustomLog /var/log/httpd/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" env=!gif-image
</VirtualHost>
</IfDefine>
This tells httpd.conf file to set itself up for this particular configuration setup with:
ServerType standalone
The option ServerType specifies how Apache should run on the system. You can run it from the super-server inetd, or as standalone daemon. It's highly recommended to run Apache in standalone type for better performance and speed.
ServerRoot "/etc/httpd"
خيار ال ServerType standaloneيحدد كيف الاباتشي يعمل على النظام تسطيع تشغيله من ال super-server inetdاو ,
standalone daemon
من المطلوب تشغيل الاباتشي في نوع او مود ستاندالون ﻷداء أفضل وسرعه(السؤال كيف يكون ذلك؟كيف تشغيله في الستاندالون مود؟؟)
The option ServerRoot specifies the directory in which the configuration files of
the Apache server lives. It allows Apache to know where it can find its configuration files when it starts.
خيار ServerRoot يحدد المجلد الذي يحوي ملفات الconfigللاباتشي سيرفر مما يسمح للأباتشي ان يعرف أين يجد ملفات الconfig عند البدء
PidFile /var/run/httpd.pid
The option PidFile specifies the location where the server will record the process id of the daemon when it starts. This option is only required when you configure Apache in standalone mode.
خيار PidFileيحدد الموقع الذي فيه سيسجل السيرفر ارقام العملياتprocess idللديمون لما يبدأهذا الخيار مطلوب للأباتشي لما يعمل في الستاندالون مود
ResourceConfig /dev/null
The option ResourceConfig specifies the location of the old srm.conf file that Apache read after it finished reading the httpd.conf file. When you set the location to /dev/null, Apache allows you to include the content of this file in httpd.conf file, and in this manner, you have just one file that handles all your configuration parameters for simplicity.
خيار ResourceConfigيحدد مكان الold srm.conf fileوالذي يقرأه الباتشي بعد الانتهاء من قراءة httpd.conf وعند اعداد مكان /dev/nullاباتشي يسمح لك بضم محتويات هذا الملف على الhttpd.confوبهذه الطريقة عندك ملف واحد هو الhandleكل الاعدادت
AccessConfig /dev/null
The option AccessConfig specifies the location of the old access.conf file that Apache read after it finished reading the srm.conf file. When you set the location to /dev/null, Apache allows you to include the content of this file in httpd.conf file, and in this manner, you have just one file that handles all your configuration parameters for simplicity.
هذا الخيار يحدد موقع ملف access.confالذي يقرأه الاباتشي بعدالانتهاء من قراءةsrm.conf اباتشي يسمح لك بضم محتويات الملف في ملف httpd.confوبهذه الطريقة عندك ملف واحد هو الhandleكل الاعدادت
Timeout 300
The option Timeout specifies the amount of time Apache will wait for a GET, POST, PUT request and ACKs on transmissions. You can safely leave this option on its default values.
هذا الخيار يحدد كمية الوقت اللاباتشي هينتظره عشان يعمل get ,post ,put ,request ,ACKs وتستطيع ترك هذا الخيار بدون تغير
KeepAlive On
The option KeepAlive, if set to On, specifies enabling persistent connections on this web server. For better performance, it's recommended to set this option to On, and allow more than one request per connection.
هذا الخيار يحدد الاتصالات المستمرة على هذا خادم الويب ﻷداء أفضل يتم اعداده على الوضع On والسماح ﻷكثر من more than one request per connection
MaxKeepAliveRequests 0
The option MaxKeepAliveRequests specifies the number of requests allowed per connection when the KeepAlive option above is set to On. When the value of this option is set to 0 then unlimited requests are allowed on the server. For server performance, it's recommended to allow unlimited
requests.
اذا الخيار KeepAlive OnوMaxKeepAliveRequests معد على صفر set to 0)-----> عدد لانهائي من request بها على هذا السيرفر ويتم هذا لعمل أداء أفضل
KeepAliveTimeout 15
The option KeepAliveTimeout specifies how much time, in seconds, Apache will wait for a subsequent request before closing the connection. The value of 15 seconds is a good average for server performance.
هذا الخيار يحدد كم من الوقت بالثواني اباتشي سينتظر لإتصال متتابع قبل قفل الاتصال القيمة 15 ثانية جيده
MinSpareServers 16
The option MinSpareServers specifies the minimum number of idle child server processes for Apache, which is not handling a request. This is an important tuning parameter regarding the performance of the Apache web server. For high load operation, a value of 16 is recommended by various benchmarks on the Internet.
(للأسف الشديد مش عارف اترجم) ياريت حد يشرح ويترجم هذه الجزئيه
MaxSpareServers 64
The option MaxSpareServers specifies the maximum number of idle child server processes for Apache, which is not handling a request. This is also an important tuning parameter regarding the performance of the Apache web server. For high load operation, a value of 64 is recommended by various benchmarks on the Internet.
StartServers 16
The option StartServers specifies the number of child server processes that will be created by Apache on start-up. This is, again, an important tuning parameter regarding the performance of the Apache web server. For high load operation, a value of 16 is recommended by various benchmarks on the Internet.
MaxClients 512
The option MaxClients specifies the number of simultaneous requests that can be supported by Apache. This too is an important tuning parameter regarding the performance of the Apache web server. For high load operation, a value of 512 is recommended by various benchmarks on the Internet.
MaxRequestsPerChild 100000
The option MaxRequestsPerChild specifies the number of requests that an individual child server process will handle. This too is an important tuning parameter regarding the performance of the Apache web server.
User www
The option User specifies the UID that Apache server will run as. It's important to create a new user that has minimal access to the system, and functions just for the purpose of running the web server daemon.
Group www
The option Group specifies the GID the Apache server will run as. It's important to create a new group that has minimal access to the system and functions just for the purpose of running the web server daemon.
DirectoryIndex index.htm index.html index.php index.php3 default.html index.cgi
The option DirectoryIndex specifies the files to use by Apache as a pre-written HTML directory index. In other words, if Apache can't find the default index page to display, it'll try the next entry in this parameter, if available. To improve performance of your web server it's recommended to list the most used default index pages of your web site first.
Include conf/mmap.conf
The option Include specifies the location of other files that you can include from within the server configuration files httpd.conf. In our case, we include the mmap.conf file located under /etc/httpd/conf directory. This file mmap.conf maps files into memory for faster serving. See the section on Optimizing Apache for more information.
HostnameLookups Off
The option HostnameLookups, if set to Off, specifies the disabling of DNS lookups. It's recommended to set this option to Off in order to save the network traffic time, and to improve the performance of your Apache web server.
أرجو المتابعة
يارب حد يرد
29.9. Configure the /etc/httpd/conf/httpd.conf file
The httpd.conf file is the main configuration file for the Apache web server. A lot options exist, and it's important to read the documentation that comes with Apache for more information on different settings and parameters. The following configuration example is a minimal working configuration file for Apache, with SSL support. Also, it's important to note that we only comment the parameters that relate to security and optimization, and leave all the others to your own research.
ملف httpd.conf هو ملف الconfiguration الرئيسي وبه كثير من الخيارات من المهم قرا ءة الملف الكتابي الملحق لمعرفة اكثر عن اعدادته وفي هذه الاعدادت سيكون التركيز على apache مع ssl والاهتمام بكل ما يخص secuirty وسنترك لك البححث في باقي الخيارات
Edit the httpd.conf file, vi /etc/httpd/conf/httpd.conf and add/change:
تحرير الملف
### الجزء الاول (لا أعرف ترجمته)Section 1: Global Environment
#
ServerType standalone
ServerRoot "/etc/httpd"
PidFile /var/run/httpd.pid
ResourceConfig /dev/null
AccessConfig /dev/null
Timeout 300
KeepAlive On
MaxKeepAliveRequests 0
KeepAliveTimeout 15
MinSpareServers 16
MaxSpareServers 64
StartServers 16
MaxClients 512
MaxRequestsPerChild 100000
### Section 2: 'Main' server configuration
#
Port 80
<IfDefine SSL>
Listen 80
Listen 443
</IfDefine>
User www
Group www
ServerAdmin admin@openna.com
ServerName www.openna.com (https://www.openna.com/)
DocumentRoot "/home/httpd/ona"
<Directory />
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Directory "/home/httpd/ona">
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Files .pl>
Options None
AllowOverride None
Order deny,allow
Deny from all
</Files>
<IfModule mod_dir.c>
DirectoryIndex index.htm index.html index.php index.php3 default.html index.cgi
</IfModule>
#<IfModule mod_include.c>
#Include conf/mmap.conf
#</IfModule>
UseCanonicalName On
<IfModule mod_mime.c>
TypesConfig /etc/httpd/conf/mime.types
</IfModule>
DefaultType text/plain
HostnameLookups Off
ErrorLog /var/log/httpd/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
SetEnvIf Request_URI \.gif$ gif-image
CustomLog /var/log/httpd/access_log combined env=!gif-image
ServerSignature Off
<IfModule mod_alias.c>
ScriptAlias /cgi-bin/ "/home/httpd/cgi-bin/"
<Directory "/home/httpd/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
</IfModuleGT;
<IfModule mod_mime.c>
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz
AddType application/x-tar .tgz
</IfModule>
ErrorDocument 500 "The server made a boo boo.
ErrorDocument 404 https://192.168.1.1/error.htm
ErrorDocument 403 "Access Forbidden -- Go away.
<IfModule mod_setenvif.c>
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
</IfModule>
الجزء الثالث ### Section 3: Virtual Hosts
#
<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfDefine>
<IfModule mod_ssl.c>
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/run/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog /var/log/httpd/ssl_engine_log
SSLLogLevel warn
</IfModule>
<IfDefine SSL>
<VirtualHost _default_:443>
DocumentRoot "/home/httpd/ona"
ServerName www.openna.com (https://www.openna.com/)
ServerAdmin admin@openna.com
ErrorLog /var/log/httpd/error_log
SSLEngine on
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+e NULL
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
SSLCACertificatePath /etc/ssl/certs
SSLCACertificateFile /etc/ssl/certs/ca.crt
SSLCARevocationPath /etc/ssl/crl
SSLVerifyClient none
SSLVerifyDepth 10
SSLOptions +ExportCertData +StrictRequire
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
SetEnvIf Request_URI \.gif$ gif-image
CustomLog /var/log/httpd/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" env=!gif-image
</VirtualHost>
</IfDefine>
This tells httpd.conf file to set itself up for this particular configuration setup with:
ServerType standalone
The option ServerType specifies how Apache should run on the system. You can run it from the super-server inetd, or as standalone daemon. It's highly recommended to run Apache in standalone type for better performance and speed.
ServerRoot "/etc/httpd"
خيار ال ServerType standaloneيحدد كيف الاباتشي يعمل على النظام تسطيع تشغيله من ال super-server inetdاو ,
standalone daemon
من المطلوب تشغيل الاباتشي في نوع او مود ستاندالون ﻷداء أفضل وسرعه(السؤال كيف يكون ذلك؟كيف تشغيله في الستاندالون مود؟؟)
The option ServerRoot specifies the directory in which the configuration files of
the Apache server lives. It allows Apache to know where it can find its configuration files when it starts.
خيار ServerRoot يحدد المجلد الذي يحوي ملفات الconfigللاباتشي سيرفر مما يسمح للأباتشي ان يعرف أين يجد ملفات الconfig عند البدء
PidFile /var/run/httpd.pid
The option PidFile specifies the location where the server will record the process id of the daemon when it starts. This option is only required when you configure Apache in standalone mode.
خيار PidFileيحدد الموقع الذي فيه سيسجل السيرفر ارقام العملياتprocess idللديمون لما يبدأهذا الخيار مطلوب للأباتشي لما يعمل في الستاندالون مود
ResourceConfig /dev/null
The option ResourceConfig specifies the location of the old srm.conf file that Apache read after it finished reading the httpd.conf file. When you set the location to /dev/null, Apache allows you to include the content of this file in httpd.conf file, and in this manner, you have just one file that handles all your configuration parameters for simplicity.
خيار ResourceConfigيحدد مكان الold srm.conf fileوالذي يقرأه الباتشي بعد الانتهاء من قراءة httpd.conf وعند اعداد مكان /dev/nullاباتشي يسمح لك بضم محتويات هذا الملف على الhttpd.confوبهذه الطريقة عندك ملف واحد هو الhandleكل الاعدادت
AccessConfig /dev/null
The option AccessConfig specifies the location of the old access.conf file that Apache read after it finished reading the srm.conf file. When you set the location to /dev/null, Apache allows you to include the content of this file in httpd.conf file, and in this manner, you have just one file that handles all your configuration parameters for simplicity.
هذا الخيار يحدد موقع ملف access.confالذي يقرأه الاباتشي بعدالانتهاء من قراءةsrm.conf اباتشي يسمح لك بضم محتويات الملف في ملف httpd.confوبهذه الطريقة عندك ملف واحد هو الhandleكل الاعدادت
Timeout 300
The option Timeout specifies the amount of time Apache will wait for a GET, POST, PUT request and ACKs on transmissions. You can safely leave this option on its default values.
هذا الخيار يحدد كمية الوقت اللاباتشي هينتظره عشان يعمل get ,post ,put ,request ,ACKs وتستطيع ترك هذا الخيار بدون تغير
KeepAlive On
The option KeepAlive, if set to On, specifies enabling persistent connections on this web server. For better performance, it's recommended to set this option to On, and allow more than one request per connection.
هذا الخيار يحدد الاتصالات المستمرة على هذا خادم الويب ﻷداء أفضل يتم اعداده على الوضع On والسماح ﻷكثر من more than one request per connection
MaxKeepAliveRequests 0
The option MaxKeepAliveRequests specifies the number of requests allowed per connection when the KeepAlive option above is set to On. When the value of this option is set to 0 then unlimited requests are allowed on the server. For server performance, it's recommended to allow unlimited
requests.
اذا الخيار KeepAlive OnوMaxKeepAliveRequests معد على صفر set to 0)-----> عدد لانهائي من request بها على هذا السيرفر ويتم هذا لعمل أداء أفضل
KeepAliveTimeout 15
The option KeepAliveTimeout specifies how much time, in seconds, Apache will wait for a subsequent request before closing the connection. The value of 15 seconds is a good average for server performance.
هذا الخيار يحدد كم من الوقت بالثواني اباتشي سينتظر لإتصال متتابع قبل قفل الاتصال القيمة 15 ثانية جيده
MinSpareServers 16
The option MinSpareServers specifies the minimum number of idle child server processes for Apache, which is not handling a request. This is an important tuning parameter regarding the performance of the Apache web server. For high load operation, a value of 16 is recommended by various benchmarks on the Internet.
(للأسف الشديد مش عارف اترجم) ياريت حد يشرح ويترجم هذه الجزئيه
MaxSpareServers 64
The option MaxSpareServers specifies the maximum number of idle child server processes for Apache, which is not handling a request. This is also an important tuning parameter regarding the performance of the Apache web server. For high load operation, a value of 64 is recommended by various benchmarks on the Internet.
StartServers 16
The option StartServers specifies the number of child server processes that will be created by Apache on start-up. This is, again, an important tuning parameter regarding the performance of the Apache web server. For high load operation, a value of 16 is recommended by various benchmarks on the Internet.
MaxClients 512
The option MaxClients specifies the number of simultaneous requests that can be supported by Apache. This too is an important tuning parameter regarding the performance of the Apache web server. For high load operation, a value of 512 is recommended by various benchmarks on the Internet.
MaxRequestsPerChild 100000
The option MaxRequestsPerChild specifies the number of requests that an individual child server process will handle. This too is an important tuning parameter regarding the performance of the Apache web server.
User www
The option User specifies the UID that Apache server will run as. It's important to create a new user that has minimal access to the system, and functions just for the purpose of running the web server daemon.
Group www
The option Group specifies the GID the Apache server will run as. It's important to create a new group that has minimal access to the system and functions just for the purpose of running the web server daemon.
DirectoryIndex index.htm index.html index.php index.php3 default.html index.cgi
The option DirectoryIndex specifies the files to use by Apache as a pre-written HTML directory index. In other words, if Apache can't find the default index page to display, it'll try the next entry in this parameter, if available. To improve performance of your web server it's recommended to list the most used default index pages of your web site first.
Include conf/mmap.conf
The option Include specifies the location of other files that you can include from within the server configuration files httpd.conf. In our case, we include the mmap.conf file located under /etc/httpd/conf directory. This file mmap.conf maps files into memory for faster serving. See the section on Optimizing Apache for more information.
HostnameLookups Off
The option HostnameLookups, if set to Off, specifies the disabling of DNS lookups. It's recommended to set this option to Off in order to save the network traffic time, and to improve the performance of your Apache web server.
أرجو المتابعة
يارب حد يرد