Install Apache on CentOS7
Official reference
Official website Product Documentation HTTPS GzipPerform installation
yum -y install libmcrypt libmcrypt-devel mcrypt mhash
yum -y install httpd
Modify the configuration file
After the installation is complete, we need to make some modifications to the configuration file. The specific modification content usually includes: bound IP and port, gzip compression transmission, number of concurrent connections, and SSL. Let's explain them one by one below.
Modify the bound IP and port
The default IP and port that Apache listens to is 0.0.0.0:80. If we need to modify the monitored IP and port, we can modify it directly. If we need to bind multiple ports, we can also add them. In the following example, we bind ports 80 and 443. Port 443 is the default port number for HTTPS.
Listen 80
Listen 443 https
Open gzip transmission
Because our computer's CPU performance is relatively high, usually the bottleneck will appear in the network bandwidth, so we can choose to turn on gzip compression transmission. There are 9 levels of compression. We can choose according to the performance of our server and find the most suitable level. In the example below, we set it to level 1. The compressed file types are: html, xml, php, css, js, we can also add compressed file types as needed.
<IfModule mod_deflate.c>
DeflateCompressionLevel 1
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/x-javascript application/x-httpd-php
AddOutputFilter DEFLATE js css
</IfModule>
Set up KeepAlive
The function of KeepAlive is to keep the client and server connected for a period of time. When we open a webpage, we usually need to load the main content, js, css, and pictures. Since each resource needs to initiate a separate HTTP request, we enable KeepAlive to reduce the time required for each request to establish a TCP/IP link. But KeepAlive also has drawbacks. It will cause the server's IO resources to be occupied, so we need to choose whether to enable KeepAlive according to the actual situation. If KeepAlive is enabled, we also need to set a reasonable timeout for it to avoid server IO being occupied for a long time. The following example contains several main settings of KeepAlive.
KeepAlive On
MaxKeepAliveRequests 400
KeepAliveTimeout 5
Configure the number of concurrent
A reasonable configuration of the number of concurrent can greatly improve the throughput of the server. Usually our Apache works in mpm_prefork mode. We need to reasonably configure several key parameters. What we need to pay attention to is that the maximum number of connections should not be too small, too small will cause a large number of user requests to be rejected when the concurrency is high. The reasonable value we set should refer to the server's CPU and memory. As long as the resources are sufficient, we should set it as large as possible, but if we set it too large, the server resources will be exhausted and Apache will also crash.
<IfModule mpm_prefork_module>
StartServers 10
MinSpareServers 25
MaxSpareServers 50
ServerLimit 1500
MaxClients 1000
MaxRequestsPerChild 3000
</IfModule>
Configure SSL
Most websites now have SSL enabled to support HTTPS secure connections. The advantage of HTTPS is that the content during transmission is encrypted, so there is no need to worry about information leakage due to interception by others. Before enabling SSL, we must first apply for a certificate. After we get the certificate, refer to the following configuration to complete the SSL settings.
<VirtualHost *:443>
ServerAdmin www.test.com
ServerName www.testl.com
DocumentRoot /var/www/test
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLHonorCipherOrder on
SSLCertificateFile /etc/httpd/conf/cert/public.crt
SSLCertificateKeyFile /etc/httpd/conf/cert/1533528967430.key
SSLCertificateChainFile /etc/httpd/conf/cert/chain.crt
AllowEncodedSlashes on
<Directory "/var/www/test.com">
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>