Install Apache on CentOS7

Official reference

Official website Product Documentation HTTPS Gzip

Perform installation

            yum -y install libmcrypt libmcrypt-devel mcrypt mhash
yum -y install httpd
        

Modify the configuration file

After the installation is complete, we need to make some modifications to the configuration file. The specific modification content usually includes: bound IP and port, gzip compression transmission, number of concurrent connections, and SSL. Let's explain them one by one below.

Modify the bound IP and port

The default IP and port that Apache listens to is 0.0.0.0:80. If we need to modify the monitored IP and port, we can modify it directly. If we need to bind multiple ports, we can also add them. In the following example, we bind ports 80 and 443. Port 443 is the default port number for HTTPS.

            Listen 80
Listen 443 https
        

Open gzip transmission

Because our computer's CPU performance is relatively high, usually the bottleneck will appear in the network bandwidth, so we can choose to turn on gzip compression transmission. There are 9 levels of compression. We can choose according to the performance of our server and find the most suitable level. In the example below, we set it to level 1. The compressed file types are: html, xml, php, css, js, we can also add compressed file types as needed.

            <IfModule mod_deflate.c>
    DeflateCompressionLevel 1
    AddOutputFilterByType DEFLATE text/html text/plain text/xml application/x-javascript application/x-httpd-php
    AddOutputFilter DEFLATE js css
</IfModule>
        

Set up KeepAlive

The function of KeepAlive is to keep the client and server connected for a period of time. When we open a webpage, we usually need to load the main content, js, css, and pictures. Since each resource needs to initiate a separate HTTP request, we enable KeepAlive to reduce the time required for each request to establish a TCP/IP link. But KeepAlive also has drawbacks. It will cause the server's IO resources to be occupied, so we need to choose whether to enable KeepAlive according to the actual situation. If KeepAlive is enabled, we also need to set a reasonable timeout for it to avoid server IO being occupied for a long time. The following example contains several main settings of KeepAlive.

            KeepAlive On
MaxKeepAliveRequests 400
KeepAliveTimeout 5
        

Configure the number of concurrent

A reasonable configuration of the number of concurrent can greatly improve the throughput of the server. Usually our Apache works in mpm_prefork mode. We need to reasonably configure several key parameters. What we need to pay attention to is that the maximum number of connections should not be too small, too small will cause a large number of user requests to be rejected when the concurrency is high. The reasonable value we set should refer to the server's CPU and memory. As long as the resources are sufficient, we should set it as large as possible, but if we set it too large, the server resources will be exhausted and Apache will also crash.

            <IfModule mpm_prefork_module>
    StartServers         10
    MinSpareServers      25
    MaxSpareServers      50
    ServerLimit          1500
    MaxClients           1000
    MaxRequestsPerChild  3000
</IfModule>
        

Configure SSL

Most websites now have SSL enabled to support HTTPS secure connections. The advantage of HTTPS is that the content during transmission is encrypted, so there is no need to worry about information leakage due to interception by others. Before enabling SSL, we must first apply for a certificate. After we get the certificate, refer to the following configuration to complete the SSL settings.

            <VirtualHost *:443>
    ServerAdmin www.test.com
    ServerName www.testl.com
    DocumentRoot  /var/www/test
    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
    SSLHonorCipherOrder on
    SSLCertificateFile /etc/httpd/conf/cert/public.crt
    SSLCertificateKeyFile /etc/httpd/conf/cert/1533528967430.key
    SSLCertificateChainFile /etc/httpd/conf/cert/chain.crt
    AllowEncodedSlashes on
    <Directory "/var/www/test.com">
         Options FollowSymLinks
         AllowOverride All
         Order allow,deny
         Allow from all
    </Directory>
</VirtualHost>